CFP'93 - Personal Notes

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of March 1993

© Xamax Consultancy Pty Ltd, 1993

This document was prepared for Computerworld Australasia

This paper is at

Computerworld Fellow Roger Clarke has just returned, full of enthusiasm, from a San Francisco conference on Computers, Freedom and Privacy. He filed this report.

Suppose, just suppose, employees of A.S.I.O., the Australian Federal Police, the Australian Taxation Office and the Credit Reference Association got together at a conference with privacy advocates and hackers. Well the U.S. equivalent of that is precisely what has just occurred.

The Third Computers, Freedom and Privacy Conference was held last week in San Francisco. It attracted 500 delegates from all walks of life, and discussions were as wide-ranging as they were dynamic.

The conference's title reflects the essential tension that exists between information openness and data protection, and provides a forum for examining burning issues in the area. Most sessions involve panels of people with distinctly different perspectives on a topic, who briefly present their views, respond to one another's presentations, and field questions, arguments and attacks from the delegates.

The second event in Washington a year ago covered many topics, but most of the excitement was generated by one area of particular concern at the time - the identification of telephone callers to the recipient of the call. Locally this has also generated some amount of steam. Austel proposed in 1991 that individual subscribers' lines should default to not disclose their telephone number to the person called, unless the subscriber 'opted-in', either for all calls from that device, or for each particular call. Marketing interests have since caused Austel to soften its stance on the issue.

This, the third CFP, started by considering applications of IT to the electoral process (a matter very timely for Australian delegates). This was followed by a discussion of electronic voting, and especially of the scope for subversion of the democratic process.

A session dealt with arts and the Internet; and another with free speech and censorship on the net. Hackers met in a public forum with public prosecutors and the FBI, to explain how the proliferating laws to criminalise hacking were completely beside the point.

A currently burning issue which was subjected to examination was whether the FBI should be permitted to restrict the use of highly secure encryption techniques. The FBI's proposal that trap-doors be compulsorily built into cryptographic methods (so that law enforcement agencies can continue to monitor communications) stimulated vigorous debate.

A topic of considerable relevance to Australia, in the light of the government's proposed Health Communications Network, was the discussion of health records and confidentiality. It was pointed out that attempts in the U.S. to provide legal protection for highly sensitive medical data foundered as long ago as 1980, and that as a result data about what videos people hire enjoys much greater protection than does medical data.

The situation in Australia is even worse. The Commonwealth Parliament needs to create laws far more detailed than the Privacy Act, and to firmly encourage State Parliaments to at last pass the privacy protection legislation that was due in the early 1970s.

Unfortunately there is no chance of the gladiatorial arena that poses as our Federal Parliament taking a proactive stance on such an important matter. In the present climate, people who expect their medical data to be protected against snoops and potential political opponents, and its use by government agencies to be restricted to justified access, would do well to lobby hard against the use of IT in the health care and health insurance fields.

Another recurring topic which mirrored Australian concerns was the discussion of motor vehicle records. The N.S.W. I.C.A.C. report recently disclosed wholesale abuse of the personal data of Australian drivers and car owners. Some U.S. States actively sell data to financially support themselves, despite the data having been acquired under force of law, and for quite specific purposes. One State administrator drew attention to the ridiculous anomaly of his being required to preclude on-line access to individual records, but also to sell the complete file to all comers.

My own contribution related to the 'digital persona'. I devised the notion to convey how dangerous it was to make decisions about people based on surveillance of their data shadows. The audience response was quite remarkable. Far from being just a theoretical notion of limited applicability, a group of us are now using passive and active variants of the idea to explain a variety of Internet constructs, and to examine the potential of 'personal agents' which, among many other things, can be devised to filter our mail, and monitor the news for items of interest.

A most interesting variant on the usual debating panel was a hypothetical in which the audience acted as a jury. The scenario was that a virus had migrated from a bulletin board operated at a University, over the Internet, to a hospital. The hospital machines were down for 24 hours as a result, and a patient died for want of access to data.

The audience heard arguments by lawyers for the parties involved, and were asked to decide whether a prima facie case of criminal negligence existed against any of them. Much debate took place about the lawyers' decision to arraign the hospital's CEO, but not the hospital's systems manager!

Another valuable session concerned the coming U.S. National Information Infrastucture. Some people want to apply ISDN now (because it exists, and deserves to finally find a use for itself), while others are arguing for cable television-like solutions (taking the power out of the hands of the telecommunications providers), and some would like to wait a few more years until ATM is available.

Given the highly political manner in which telecommunications policy is decided in Australia (remember the forced merger of OTC with Telecom, and the recent, utterly amateurish attempt by the Government to sink the proposed MDS pay-TV service), it seems futile to expect a similarly coherent discussion to take place in Australia.

The lunch and dinner speakers were generally good fun, especially Cliff Stoll (the astronomer who has made a career out of stalking German hackers and recording it in 'The Cuckoo's Egg'). Altogether, an exhilarating experience.

Papers can be ordered from the Conference Chair, Bruce Koball, at 2210 Sixth Street, Berkeley CA 94710, email, fax +1 510 845 3946.

CFP'94 is in Chicago, 22-25 March 1994, and the Call For Papers should be available shortly from George Trubow, at the John Marshall Law School.

If anyone thinks that we could attract all sides of such important arguments to an Australian version of CFP, email to me at, or if you're one of the information-poor and have no access to the Internet, fax me on (06) 249 5005.


Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Last Amended: 15 October 1995

These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916