############ ########## Volume 2 Number 7 ############ ########## April 10, 1992 #### ### ### ########## ########## ########## ### ### #### #### ########## ########## ########## ### ### ##### #### ########## #### #### ### ### ###### #### #### ######## ######## ### ### ############ #### ######## ######## ### ### #### ####### ############# #### #### ########## #### ###### ############# #### #### ########## #### ##### ############# #### #### ########## #### #### ## ## ## |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| EFFector | | ONline | THE CISLER REPORT: | | Steve Cisler writes about | eff@eff.org | Computers, Freedom and Privacy II | | | 155 Second Street | WHAT A DEAL! | Cambridge, MA 02141 | EFF offers spiffy t-shirts | (617) 864-0665 | | | | 666 Pennsylvania Ave.SE | | Washington, DC 20003 | | (202) 544-9237 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ COMPUTERS, FREEDOM, AND PRIVACY-2: A REPORT by Steve Cisler (sac@apple.com) [The opinions and views expressed are those of the author, Steve Cisler, and not necessarily those of Apple Computer, Inc. Misquotes of people's statements are my responsibility. Permission is granted for re-posting in electronic form or printing in whole or in part by non-profit organizations or individuals. Transformations or mutations into musicals, docudramas, morality plays, or wacky sitcoms remain the right of the author. This file may be found on the Internet in ftp.apple.com in the alug directory. -Steve Cisler, Apple Computer Library. Internet address: sac@apple.com ] The Second Conference on Computers, Freedom, and Privacy, (March 18-20, 1992. Washington,D.C.).was sponsored by the Association for Computing Machinery and thirteen co-sponsors including the American Library Association and a wide variety of advocacy groups. The diversity of the attendees, the scope of the topics covered, and the dynamism of the organized and informal sessions gave me a perspective I had lost in endless conferences devoted only to library, information, and network issues. I can now view the narrower topics of concern to me as a librarian in new ways. Because of that it was one of the best conferences I have attended. But there's a danger of these issues being re-hashed each year with "the usual suspects" invited each time to be panelists, so I urge you, the readers, to become involved and bring your own experiences to the next conference in 1993 in the San Francisco Bay Area. ++====================================================================++ Wednesday, March 18 The day began with concurrent tutorials on the following topics: Getting on the Net (Mitchell Kapor, Electronic Frontier Foundation); Making Information Law and Policy (Jane Bortnick, Congressional Research Service); Communications and Network Evolution (Sergio Heker, JVNCNet), Private Sector Privacy (Jeff Smith, Georgetown University); Constitutional Law for Non-lawyers (Mike Godwin, EFF); Computer Crime (Don Ingraham, Alameda County (CA) District Attorney); Modern Telecommunications: Life After Humpty- Dumpty (Richard Wolff, Bellcore); International Privacy Developments (David Flaherty, Univ. of Western Ontario); and the one I attended... Information Law and Policy: Jane Bortnick, Congressional Research Service (CRS) In Bortnick's tutorial, she covered the following points: 1)Setting information policy is not a linear process, and it's not clear how or when it is made because of many inputs to the process. 2) Many policies sit on the shelf until a crisis, and the right technology is either in place, or certain people grab it. 3)Events create renewed interest in information policy. 4)Industry, academic, or non-governmental groups play an important role by testifying before committees studying policy and by lobbying. 5)CRS is the institutional memory for Congress because of the rapid turnover in the staff on the Hill. 6) The challenge is to develop policy that does not hinder or hold things up, but there is a high degree of uncertainty, change, and lack of data. The idea is to keep things as open as possible throughout the process. Bortnick said that the majority of laws governing information policy were written in an era of paper; now electronic access is being added, and Congress is trying to identify fundamental principles, not specific changes. Because of the economic factors impinging on the delivery of information, members of Congress don't want to anger local cable, phone, or newspaper firms. To get sensible legislation in a rapidly changing environment you have to, paradoxically, slow down the legislative processes to avoid making bad laws. Nevertheless, in a crisis, Congress can sometimes work very quickly. We have to realize that Congress can't be long term because of annual budget cycles and because of the hard lobbying by local interests. In making good policy and laws, building consensus is the key. The current scope of information policy: -spans broad range of topics dealing with information collection, use, access, and dissemination -global warming has a component because new satellites will dump a terabyte a day: who is responsible for storage, access, adding value to all of this data? -many bills have the phrase: "and they will establish a clearinghouse of information on this topic" -information policy has increasingly become an element within agency programs -impact of information technologies further complicates debate -result=more interested players from diverse areas. Congress has many committees that deals with these issues. CRS gets 500,000 requests for information a year: 1700 in one day. After "60 minutes" is broadcast CRS gets many requests for information. from Congress. Jim Warren asked several questions about access to government information. There was a general discussion about how the Library of Congress would be digitized (size, cost, copyright barriers). It was noted that state level experiments affected federal activity, especially the states that are copyrighting their information (unlike the federal government). The discussion about Congressional reluctance to communicate via electronic mail with constituents: a new directory does not even list some fax numbers that had been quasi-public before some offices felt inundated with fax communications. ++====================================================================++ Keynote Address: Al Neuharth, The Freedom Forum and founder of USA Today "Freedom in cyberspace: new wine in old flasks" Lunch, following the tutorials, was followed by an address by Al Neuharth. The high points were: 1. First amendment freedoms are for everyone. Newspaper publishers should not relegate anyone to 2nd class citizenship or the back of the bus. 2. The passion for privacy may make our democracy falter. 3. Publishing of disinformation is the biggest danger, not information-glut. Commenting on American Newspaper Publishers Assn. to keep RBOCs out of information business, Neuharth noted that the free press clause in the Bill of Rights does not only apply to newspapers. Telcos have first amendment rights too. "ANPA is spitting into the winds of change", he said, and some newspaper publishers are not happy with this stance, so there is a lot of turmoil. People should get their news when, how and where they want it: on screen or tossed on the front porch. Telcos have yet to demonstrate expertise in information gathering and dissemination; they have an outmoded allegiance to regulation . He strongly criticized the use of anonymous sources by newspapers. Anonymous sources, he said, provide misinformation that does irreparable harm. The Washington Post is the biggest user of confidential sources. Withholding of names encourages fabricating and misinformation. Opinions and style should not be hidden in news pages but kept on the editorial page. ++====================================================================++ Wednesday Afternoon Session: Who Logs On? Given by Robert Lucky of Bell Labs: Speaking personally, Lucky covered the following points: 1. Fiber to the home: who pays for it? The consumers will pay and the consumer will benefit. How much they will pay and how much they will benefit is what matters. We must to install wideband switching and we will.The drama is mainly economic and political, not technical. It will happen in 40 years. Asked what fiber will bring that copper will not, Lucky took the Field of Dreams approach: supply of bandwidth will create demand. 2. Access and privacy. This is a personal quandary for Lucky. Intimate communications will be coming-- individual cells on each pole and an individual number for each person. "I like to call anybody from my wrist, but I hate having people calling me." If you have access, you can't have privacy. The right to be left alone takes away from the 'right' from other people. Lucky was the first of many to raise the problems of the FBI recommend legislation, the Digital Telephony Amendment, that would require re-design of present network so that surveillance could take place, and that the cost of doing this would be 20 cents a month per subscriber. It will be hard to find conversations, but you will pay for this. He viewed this with grave concern; it's a bad idea. He is all for getting drug kings but he wants his privacy. 3. Lucky's observations on the Internet/NREN: One of the wonderful things is the sense of freedom on the Internet. Anonymous ftp. There are programs and bulletin boards. Sense of freedom of information and freedom of communication, but nobody seems to pay for it. It just comes. As a member of AT&T, this needs to be transitioned to a commercial enterprise. Government is not good at this; intellectual property lawyers will build walls, and hackers may screw it up too. "I still want all the freedom in the commercial enterprise." Linda Garcia of the OTA (Office of Technology Assessment) spoke about access issues and said it was a cost/benefit problem. Rural areas should be able construct a rural area network (RAN). Take small businesses, educators, hospitals and pool their demand for a broadband network. Government could act as a broker or community organizer and transfer the technology. Rural communities should not be treated the same way as urban areas. The regulatory structure should be different for rural Maine than for lower Manhattan. See her OTA reports "Critical Connections and Rural America at the Crossroads" for in-depth treatments of these issues. Al Koppe of New Jersey Bell outlined the many new services being rolled out in NJ at the same time they are maintaining low basic rates. --In 1992 there will be narrowband digital service for low quality video conferencing; in 1994 wideband digital service. --Video on demand, entertainment libraries and distance learning applications will be coming along soon after. --Koppe predicted a 99% penetration by 1999 with complete fiber by 2010. This will be a public network and not a private one. It will still be a common carrier. This is a very aggressive and optimistic plan, an important one for all of us to watch. Lucky said he had never seen a study that shows video on demand services can be competitive with video store prices. The big question remains: how does a business based on low-bandwidth voice services charge for broadband services? It remains a paradox. Brian Kahin, Kennedy School of Government, discussed the growth of the Internet and policy issues: --points of access for different users --network structure and current NSFNet controversy He said the NREN debate is one between capacity (enabling high end applications) and connectivity (number of resources and users online). ++====================================================================++ Afternoon Session: Ethics, Morality, and Criminality Mike Gibbons of the FBI chaired this session which was one of the central themes for all present. In the same room we had law enforcement (LE) representatives from state, local, and federal governments, civil libertarians, and convicted computer criminals, as well as some victims. The FBI views the computer as a tool, and Gibbons told a story about the huge raid on Lyndon LaRouche's data center in Virginia where 400 LE types took part. I had the feeling that Gibbons was telling his own hacker story because the audience would appreciate the challenges that faced him more than LE supervisors without a technical knowledge of computers would appreciate it. He was also involved in the Robert Morris case. Mike Godwin of EFF agrees that it is not ethical to access other people's computer without permission, but Mike represents those who may have acted unethically but still have rights. Case involving Craig Neidorf of _phrack_ who felt that his publication of a Bell South document was within the 1st amendment . Bell South pegged the Document cost was $70K because it included the Vax workstation and the software in the cost! There was a question whether that document was property at all. LE folks can make good faith mistakes, but Craig had to spend $100,000 and that the prosecutor and Secret Service never admitted they were wrong. Jim Settle from FBI sets policy on computer crime and supervisor of computer crime squad. Background in Univacs in 1979. There is not a lot of case law on computer crimes. LE was computer stupid and is not out there to run over people's rights. They discuss moral issues even when an action was legal. Don Delaney of the New York State Police: He has been dealing with PBX and calling card fraud; he talks to students about perils of computer crime, and works with companies who have been hit. Every day at least one corporation has called him. $40,000 to $400K loss in a short time. He has found glitches in the PBX software; he complained that few PBX salespeople tell the customers about remote access units through which criminals gain access. Once this happens the number is sold on the street in New York at about $10 for 20 minutes. Even Westchester County Library was hit. People used binoculars to read the PIN numbers on caller's cards as they dialed in Grand Central Station. Delaney called this 'shoulder surfing' and noted that cameras, camcorders, and binoculars are being used regularly. Mitch Kapor raised the issue of the Digital Telephony Amendment. It is proposed legislation to amend 18 USC 2510 (government can intercept communications on showing probable cause as they did with John Gotti) Settle of the FBI asked: "What happens if the technology says you can't do it? You change the tech. to allow it or you repeal the law that allows wire tap. Don Parker of SRI said it is essential to have wiretap ability as a tool for LE. The FBI under the Department of Justice has authority to use wiretaps in its operations. This has been one of the most effective tools that law enforcement has, but with the advent of digital telephony such as ISDN, the LE community is worried that no capability exists to intercept these digital signals, and this will preclude the FBI and other LE officials from intercepting electronic communications. The FBI proposes an amendment to the Communications Act of 1934 to require electronic services providers to ensure that the government will e able to intercept digital communications. There are a number of parts to the bill: 1. the FCC shall determine the interception needs of the DOJ and issue regulations 120 days after enactment. 2. Service providers and pbx operators to modify existing telecom systems within 180 days and prohibit use of non-conforming equipment thereafter, with penalties of $10,000 per day for willful offenders. 3. Gives FCC the authority to compensate the system operators by rate structure adjustment for required modifications. That is, the user will pay for this decreased security desired by the government. Godwin said he believes that wiretap is okay when procedures are followed, but you have to decide what kind of society you want to live in. The FBI asked, "Are you going to say that crime is okay over the phones and that it should not be controlled?" He implied that not making changes to the law would leave cyberspace open to sophisticated criminals, many of whom have more resources for technology that does the LE community. For more information on this there is a 10 page legislative summary. ++====================================================================++ The Evening of Day One: There were Birds of a Feather (BOF) sessions that were less formal and with less attendance. Nevertheless, they were some of the high points of the conference. Where else would one find the law enforcement types switching roles with computer intruders who had to defend a system against an attack? Kudos to Mike Gibbons for setting this up. There was also a panel of hackers (I use the term in the broadest and non-pejorative sense) including "Emmanuel Goldstein"--the nom de plume for the editor of 2600: The Hacker's Weekly; Craig Neidorf, founder of phrack; Phiber Optik, a young man who recently plea bargained to a couple of charges; and Dorothy Denning, chair of the CS department at Georgetown University. Goldstein (this was a character in Orwell's 1984 who was a front for the establishment!) sees hackers as intellectuals on a quest for bugs which, when corrected, help the system owner.He is extremely frustrated over media treatment of hackers, yet he was open to a Japanese camera crew filming the casual meetings of 2600 readers that took place in the hotel lobby throughout the conference. He said that hackers and system administrators work together with each other in Holland. As an example of lax system management there was a military computer during the middle east war had a password of Kuwait'. Don Parker of SRI believes that Goldstein should not continually blame the victim. Many of the hackers and publishers strongly believed that "knowing how things work is not illegal." The current publisher of Phrack said, "I believe in Freedom of Speech and want to tell people about new technology." Most librarians would agree, but much of the problem was what some people did with that knowledge. An interesting discussion followed about who was responsible for security: vendors, system administrators, or public law enforcement personnel. Phiber Optik is now maintaining a Next machine on the Net and complained that answers to technical questions cost $100 per hour on the Next hotline. ++====================================================================++ Electronic Money: Principles and Progress Eric Hughes, DigiCash Electronic money uses public key encryption. People can recognize your digital signature, but cannot read it. The goal is to create a bank on the Internet that only uses software and affords the user complete anonymity. There is the bank, the buyer, and the seller. Money flows from the bank in a money loop. Bank does not know what is signs but it knows that it did sign it and will honor the electronic check. This would allow financial transactions and privacy for the buyer. In a library setting this would mean I could buy an item electronically (a document, image, code) and nobody could link it with my name. My buying habits would be private, and a person roaming through the transactions might see that someone purchased the computer simulation "Small furry animals in pain" but would not know the name of the purchaser. Doing private database queries will become more and more important as the network is used for more business activities. The DigiCash scheme has multi-party security and is a safe way of exchanging files and selling them in complete privacy. It's also very cheap and the unlinkability is very important. In the discussion session the issue of drug lords using the system was raised. DigiCash has limited its transactions to less than $10,000, and most would be far less. A British attendee said that stores had to keep extensive records for VAT tax audits, so EEC and US regulations would conflict with the goals of DigiCash. ++====================================================================++ Thursday Morning Sessions For Sale: Government Information This was staged as a role playing advisory panel where a grad student made a broad and complicated request for information in a particular format. The panelist made short statements about their interests and then tried to answer the pointed questions from George Trubow of John Marshall Law School. Dwight Morris (LA Times): His job is to get government data and turn it into news stories. He noted that the FOIA is a joke; it's a last resort. Vendors are foia-ing the agencies and then trying to sell those foia requesters software to read the data tapes! Ken Allen of the Information Agency Association: The government should not elude the appropriations process by selling information, nor should the agency control content. The IIA is against exclusive contracts. Mitch Freedman,Westchester Co. Library ALA Coordinator for Access to Information: Are many people asking for access for this information, or will the coding benefit many users in the long run? He mentioned of WINDO program, freedom of access, and its link to informed democracy. Franklin Reeder, Office of management and Budget: He observed that unusable databases in raw form mean that choice of format is irrelevant. There may be broader demand for this information, and the database should be provided with interfaces for many users. Government agencies should not turn to information provision for revenues; it becomes an impediment to access. "I don't think the public sector should be entrepreneurial. " Costin Toregas, Public Technology, Inc.--owned by cities and counties in U.S. and Canada: We should re-examine our language when discussing information and access. How do you recover the costs of providing the new technological access mechanisms. The provision of this should be high priority. Robert Belair, Kirkpatrick and Lockhart, deals in FOIA and privacy issues: Choice of format is an issue, and in general we are doing a bad job. Belair notes that FOIA requests are not cheap. There are $2-4,000 fees from government agencies--even more than the lawyer fees! Questions: Denning: no view of where technology is taking us. Why not put the FOIA information online? Freedman says the Owens bill handles this. Weingarten says that one agency is planning for a db that has no equipment to handle it yet. Belair: we will get change in FOIA and the Owens bill is good. Toregas: A well-connected community is crucial. Harry Goodman asked Ken Allen if he still believed that "libraries be taken off the dole." Allen denied he said this but Goodman had it on tape! Allen said privatization is a red herring. Government agencies might not be the best way to provide the access to information. Allen says it should be by diverse methods. Glenn Tenney, running for Congress in San Mateo County (CA), said he had trouble getting information on voting pattern of the members of Congress and to buy it would have cost thousands of dollars.( Ken Allen replied that a private company had developed the information from raw material, but others thought this was basic information that should be available to all citizens. Other people wanted the Congressional Records online (and cheap); others wanted the private sector to do it all and to get the government to partner in such projects. ++====================================================================++ Free Speech and the Public Telephone Network Jerry Berman of the EFF: --Do telcos have the right to publish over their own networks? --What are the implications of telcos as newspapers vs. telcos as common carrier? Aren't safeguards needed to compel free access for all players? --There is already discrimination on the 900 services (provision or billing for porno businesses). --When the public finds out what is on the network, there will be a big fight. --Will we follow the print model or the broadcasting model? --How can a new infrastructure secure a diversity of speech and more participants, and how we can break the deadlock between cable, papers, and telcos. Henry Geller, Markle Foundation (FCC/NTIA) : -- The key is the common carrier nature of the telephone networks and that they should carry all traffic without determining what is appropriate. --Congress can't chose between warring industries, so it won't act on some of these telecomm issues. --Broadband area: if the bits flowing are TV programming, the telco is forbidden to provide. Print model is a good one to follow, not the cable or broadcast model. He mentioned CNN's squelching of NBC cable channel. John Podesta (Podesta Associates): --There are forces that are trying to push messengers off the road and keep the network from being diverse. --We need a network with more voices, not just those of the owners. --We will be faced with censorship by the government and network owners (MCI, US West); --There will be more invasion of privacy Six things have to happen: 1. More competition via open platform. Personal ISDN at low tariffs. 2. Structural safeguards 3. Common carriers should be content neutral when providing access 4. Originators should bear responsibility for obscene or salacious postings. 5. Protect net against invasion of privacy. Debate is whether it will be easier or harder to wiretap in the future. 6. Don't adopt broadcast or cable model for network; both are more restrictive with regards to First Amendment issues. Bob Peck (ACLU): --Government ban on RBOCs providing information is a first amendment issue, but there is also an issue of access. How do we make sure that everyone gets charged the same rates? --The Rust vs. Sullivan decision could affect network use; abortion clinics could not answer any questions about the topic. US Govt. claimed: "We paid for the microphone; we just want to be able to control what is said." This is being argued in other cases by DOJ and should be resisted. Eli Noam (NYU): --Coming from state government he tried to be an oxymoron, a "forward-looking state utility commissioner". --Telcos say: If anyone can use the common carrier, why not themselves. --Free speech is rooted in the idea of scarcity and restraints to access. --When you have 9000 channels, who cares? --There will be no scarcity. He predicts people will be video literate. Video will have new obscene phone calls. --We are over-optimistic about the short term and too cautious about long term effects. --Telecommuting is already happening on a significant scale. --We will have telecommunities, subcultures of special interest groups. --Our political future is based on jurisdiction. Is there a new form of political entity emerging that transcends time zones? --Information glut: The key issue will be how you filter and screen it. --Handling the information will be a big issue.The user's brain is the ultimate bottleneck. --Internet news is about 18 MB a day. --Screening will be by the network itself or by user groups and telecommunities. --Rights of individuals vs. the governments. Is the first amendment a local ordinance? --We need power over international interconnection. Fly the flag of teledemocracy. ++====================================================================++ Lunch with Bruce Sterling Bruce Sterling, author of The Difference Engine (with William Gibson) and a new title, The Hacker Crackdown, gave an outstanding performance/speech entitled "Speaking the Unspeakable" in which he represented three elements of the so- called computer community who were not at CFP-2. --The Truly Malicious Hacker: "Your average so-called malicious user -- he's a dweeb! He can't keep his mouth shut! ....Crashing mainframes-- you call that malice? Machines can't feel any pain! You want to crash a machine, try derailing a passenger train. Any idiot can do that in thirty minutes, it's pig-easy, and there's *nothing* in the way of security. Personally I can't understand why trains aren't de-railed every day." --A narco-general who has discovered the usefulness of his contacts with the North American law enforcement communities--and their databases: "These databases that you American police are maintaining. Wonderful things....The limited access you are granting us only whets our appetite for more. You are learning everything about our criminals....However, we feel that it is only just that you tell us about your criminals.....Let us get our hands on your Legions of Doom. I know it would look bad if you did this sort of thing yourselves. But you needn't." --A data pirate from Asia: "The digital black market will win, even if it means the collapse of your most cherished institutions....Call it illegal, call it dishonest, call it treason against the state; your abuse does not matter; those are only words and words are not as real as bread. The only question is how much suffering you are willing to inflict on yourselves, and on others, in the pursuit of your utopian dream." Sterling's speech was a hilarious, yet half-serious departure from the usual fare of conferences and is well worth obtaining the audio or video cassette. I also recommend you attend the American Library Association conference in late June 1992 when Sterling will address the LITA attendees. ++====================================================================++ Who's in Your Genes Who's in Your Genes was an overview of genetic data banking, and a discussion of the tension between an individual's right to privacy and the interests of third parties. DNA forensic data banks and use of genetic records by insurers were explored. Madison Powers was chair. Panelists included John Hicks, FBI Lab; Paul Mendelsohn, Neurofibromatosis, Inc.; Peter Neufeld, Esq.; Madison Powers, Kennedy Center for Ethics, Georgetown University. ++====================================================================++ Private Collection of Personal Information This was another role-playing session where the participants took positions close to those they would hold in real life. Ron Plessor of Piper and Marbury acted as the 'scene setter and facilitator'. It was he who posed the broad question "Should the government have a role in the privacy debate?" and asked the panelists to debate about the establishment of a data protection board (as proposed by Congressman Wise in H.R. 685d). Janlori Goldman of the ACLU enthusiastically embraced the role of general counsel to the Data Board. She questioned the representatives from the fictitious private enterprises who were planning a supermarket discount shoppers' program where all items are matched with the purchaser and mailing lists would be generated with this fine-grained information. "It would be good to come to the board before you start the service." Her tone was very ominous, that of a friendly but all powerful bureaucrat. "Bring your papers and come on in to discuss your project. Let's keep it informal and friendly this time to prevent the more formal meeting." She even alluded to making subpoenas and getting phone records of the direct marketeers. She would not offer the marketeers assurances of confidentiality in their discussion, and even though this was role playing, several people around me who had thought the idea of a board would be useful, changed their mind by the end, partly because of her fervor. At the Q&A session about 25 people dashed for the microphones, making this session the most provocative of all. At least it touched a chord with everyone. ++====================================================================++ On the evening of March 19, the Electronic Frontier Foundation presented the EFF Pioneer awards to those individuals who have done the most to advance liberty, responsibility, and access to computer-based communications. I was honored to serve as a judge and read the large number of nominations. Each person or institution made a strong impression on me, and it was difficult to narrow it down to five people. The recipients each made a very moving statement after they were called to the podium by Mitchell Kapor of the EFF. ++====================================================================++ March 20 Privacy and Intellectual Freedom in the Digital Library Bob Walton of CLSI, Inc. Walton discussed the transformation of libraries as collections of books into digital libraries with falling technological costs and volatile questions of intellectual property and reimbursement. Gordon Conable, Monroe (MI) County Library system, spoke of libraries as First Amendment institutions, ones where Carnegie saw the provision of free information as a public good. However, the economics of digital information are quite different, and this causes problems, as does the government using the power of the purse to control speech (Rust vs. Sullivan). I spoke about the case of Santa Clara County (CA) Library defending its open access policy when a citizen complained about children checking out videos he thought should be restricted. It was a good example of how the whole profession from the branch librarian on up to the California State Librarian presented a unified front in the face of opposition from some parts of the community and the San Jose Mercury News, the local paper that waffled somewhat on its own stance. Jean Polly of Liverpool Public Library spoke about the problems running a library BBS where religious fundamentalists dominated the system, but outlined her library's many activities (smallest public library as an Internet node) and her plans for the future. ++====================================================================++ Who Holds the Keys? In a sense the cryptography discussion was one of the most difficult to follow, yet the outlines of a very large battlefield came into view by the end of the session. The two sides are personal privacy and national security. Should the government be allowed to restrict the use of cryptography? (Only weakened schemes are allowed to be legally exported.) What legal protections should exist for enciphered communications? David Bellin of the Pratt Institute stood up and spoke in code. He thought encrypted speech was protected and that he should have the right to associate with his peers through encryption (to prevent snooping). He did not believe the technology is controllable, nor that there is safety and one end and freedom at the other. Jim Bidzos of RSA Data Security said we need a review of cryptographic policy. The long term effects of the current confrontational relationship will be bad. John Gilmore of Cygnus Support felt that the public should discuss cryptographic issues and not behind closed doors. This is a good time for network people, manufacturers, and the government to work together. John Perry Barlow sees encryption as an answer to the problem of having lots of privacy. Using the drug war rationale to prohibit export is a bad idea. Whitfield Diffie, of Sun Microsystems gave an excellent overview of the philosophy of encryption and why it's important as we move from face-to-face communications to electronic. There are a number of policy problems: --a bad person might be able to protect information against all assaults. In a free society a person is answerable for your actions, but a totalitarian society uses prior restraint. What will ours become? --Can a so-called 'free society' tolerate unrestricted use of cryptography? Because cryptography can be done on standard processors with small programs, and because covert channels are hard to detect, enforcement of a strong anti-crypto law would require drastic measures. I asked Jim Bidzos about the government agencies beating their swords into plowshares by looking for new roles in a world without a Soviet threat. He thought NSA could use budget hearings to say that with a lean/mean military budget, a modest increase in crypto capability might give the government more lead time in an emergency. One member of the audience challenged Bidzos to go ahead and export RSA outside of the US. Barlow responded "Come on, Jim. The Russians are already using RSA in theirlaunch codes." To which Bidzos replied, "My revenue forecasts are being revised downward!" Barlow answered, "You would not have gotten any royalties from them anyway." Bidzos: "Maybe..." With only a partial understanding of some of the technology involved (cryptography is a special field peopled mainly by mathematicians and intelligence officials), I think that this will be the issue of the 90s for libraries. It may be a way to protect both privacy and intellectual property in the digital libraries of the future. ++====================================================================++ Final Panel: Public Policy for the 21st Century, moderated by Mara Liasson, National Public Radio "How will information technologies alter work, wealth, value, political boundaries?... What will the world be like in a decade or two?... What public policies now exist that may pull the opposite direction from the economic momentum and will lead to social tension and breakage if not addressed properly?" Peter Denning, George Mason University: People used to have faith that strong governments would bring salvation through large programs (he named failures). The poor track record of government and changes in comms technology have accelerated the decline of the faith. Mitchell Kapor: He sees digital media as the printing press of the 21st century. The WELL and others make us realize we are not prisoners of geography, so our religious, hobby, or academic interests can b shared by the enabling technologies of computers. "Individuals flourish from mass society with this technology" Openness, freedom, inclusiveness will help us make a society that will please our children and grandchildren. Simon Davies, Privacy International: "There is possibly a good future, but it's in the hands of greedy men. I see a world with 15 billion beings scrambling for life, with new frontiers stopping good things. For 14 billion they are very pissed off, and that our wonderful informational community (the other billion) becomes the beast. It will be something most of the world will do without. If we recognize the apocalypse now we can work with the forces." Esther Dyson, EDventure Holding, Inc.: She thinks that cryptography is a defensive weapon. The free- flow of cryptic information is dangerous to the powerful. She want more markets and less government. Large concentrations of power makes her suspicious. Global protected networks will help those in the minority(disagreeing with Davies). We don't have one global villages but many. How do we avert tribalism of class? Roland Homet, Executive Inc.: Homet was more conciliatory. America has a penchant for ordered liberty. It uses toleration and restraint to keep forces working together. ++====================================================================++ Lance Hoffman, of the George Washington University and organizer of the conference, deserves a great deal of credit for a smooth running yet exciting three days. There will be a CFP-3 in the San Francisco area next year. If you find these issues to be a major force in your professional life, we hope you will be able to attend next year. Traditionally, there have been scholarships available, but these depend on donations from individuals and firms. End of Report/ Steve Cisler sac@apple.com -==--==--==-<>-==--==--==- ELECTRONIC FRONTIER FOUNDATION OFFERS T-SHIRTS For a $10 donation, EFF will send you a spiffy 100% cotton white T-shirt with the new black and red EFF logo tastefully displayed on front, and the following on the back: ELECTRONIC FRONTIER FOUNDATION eff@eff.org (50's style graphic with large building sitting on world) Serving Cyberspace since 1990 They come in sizes XL and child's S only. Send your $10 check or money order to The Electronic Frontier Foundation ATT: Rita/ T-Shirts 155 Second Street Cambridge MA 02141 "What a DEAL! People will be hard-pressed to find a shirt of the same quality with such fantastic silk-screening for less than $20 in any T-shirt store in the country. (You can quote me on that.)" -- Brendan Kehoe upon receiving his shirt. *** Mention that you are an EFFector Online reader, and we will *** waive all shipping and handling charges! -==--==--==-<>-==--==--==- MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION In order to continue the work already begun and to expand our efforts and activities into other realms of the electronic frontier, we need the financial support of individuals and organizations. If you support our goals and our work, you can show that support by becoming a member now. Members receive our quarterly newsletter, EFFECTOR, our bi-weekly electronic newsletter, EFFector Online (if you have an electronic address that can be reached through the Net), and special releases and other notices on our activities. But because we believe that support should be freely given, you can receive these things even if you do not elect to become a member. Your membership/donation is fully tax deductible. Our memberships are $20.00 per year for students, $40.00 per year for regular members. You may, of course, donate more if you wish. Our privacy policy: The Electronic Frontier Foundation will never, under any circumstances, sell any part of its membership list. We will, from time to time, share this list with other non-profit organizations whose work we determine to be in line with our goals. But with us, member privacy is the default. This means that you must actively grant us permission to share your name with other groups. If you do not grant explicit permission, we assume that you do not wish your membership disclosed to any group for any reason. ---------------- EFF MEMBERSHIP FORM --------------- Mail to: The Electronic Frontier Foundation, Inc. 155 Second St. #27 Cambridge, MA 02141 I wish to become a member of the EFF I enclose:$__________ $20.00 (student or low income membership) $40.00 (regular membership) $100.00(Corporate or company membership. This allows any organization to become a member of EFF. It allows such an organization, if it wishes to designate up to five individuals within the organization as members.) | I enclose an additional donation of $___________ Name:______________________________________________________ Organization:______________________________________________ Address: __________________________________________________ City or Town: _____________________________________________ State:_______ Zip:________ Phone:( )_____________(optional) FAX:( )____________________(optional) Email address: ______________________________ I enclose a check [ ] . Please charge my membership in the amount of $_____________ to my Mastercard [ ] Visa [ ] American Express [ ] Number:____________________________________________________ Expiration date: ____________ Signature: ________________________________________________ Date:______________________ I hereby grant permission to the EFF to share my name with other non-profit groups from time to time as it deems appropriate [ ] . Initials:___________________________ ===================================================================== EFFector Online is published by The Electronic Frontier Foundation 155 Second Street, Cambridge MA 02141 Phone:(617)864-0665 FAX:(617)864-0866 Internet Address: eff@eff.org Reproduction of this publication in electronic media is encouraged To reproduce signed articles individually, please contact the authors for their express permission. =====================================================================