CFP'94 - Personal Notes

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 27 March 1994

© Xamax Consultancy Pty Ltd, 1994

This paper is at

General Impressions

The same strengths as in previous CFPs: considerable diversity among attendees; a considerable degree of openness and frankness, even from those under implied or direct attack; and a highly stimulating intellectual environment.

Once again I spent a considerable amount of time at the keyboard. The environment, even more so than the specific content of particular sessions, helped me to make considerable progress on existing drafts and semi-formed ideas, in particular in relation to public policy regarding the information infrastructure.

The Programme

There was a single Keynote Address, two lunch and one dinner speaker, and 3-hour Soapbox Square and Birds of a Feather sessions. The major content was a single stream of 14 90-100 minute sessions comprising 3-5 short addresses followed by very active, audience-driven panels. This year, all were more or less focussed on particular aspects of the National Information Infrastructure initiative, which is setting the agenda throughout the nation, and very important in other advanced networked nations, especially Australia.

The display tables carried an extraordinary range and volume of leaflets and books, including valuable materials for teaching and research and pointers to more. The topic areas included Internet services, Mac software to use Internet services, encryption, interpretations of changes occurring in the concept of work and work-space, and many aspects of privacy.

* Wednesday

6 pre-conference Tutorials

a meeting of Privacy International

Video on and demonstration of John Marshall Law School's

student computing laboratory and Internet access and use


Soapbox Square

This was very lively. Attached are two outcomes:

* Thursday

1. Keynote Address by a senior officer of President Clinton's staff, outlining the Administration's policy regarding the National Information Infrastructure. He spoke blessedly briefly, supported by clear overhead slides. He took questions, and did what he could with them. He was, as he expected to be, pummelled on the topic of the Clipper chip, and the inadequate justification for it. It appears that the (current, nominal) policy is for the chip to be mandatory only as a capability of equipment tendered to government agencies, i.e. agencies are not bound to use it, and there is no policy w.r.t. use by the private sector or individuals. Companies and individuals are not to be precluded from using their own encryption schemes. My interpretation was that the event was used by the Administration as a good opportunity to practice defence against attacks on the Clipper and several other issues.

2. The Information Superhighway: Politics and the Public Internet

The presenters were rather flat and obvious (but then again, this is an area in which I've done a lot of work: the audience generally seemed more impressed than I was). The question-time was much more interesting. In particular, it is quite apparent that NII is not a 'real' initiative, because the market is not failing. It's a regulatory manoeuvre, intended to define the playing field (despite the American myth, telecommunications is actually a heavily regulated industry), and ensure that social aims are achieved. But it's dressed up as an initiative, to extract maximum political benefit. To be fair, there are some substantive elements, such as $26 million this year and more next year for community development projects. The risk is, though, that the mythology of an initiative might distort the regulatory planning and, for example, lead to more government involvement and intervention than is healthy.

3. Lunch Address

David Flaherty, hitherto a privacy activist (and Professor of History at the Uni. of Western Ontario) was appointed 9 months ago to the post of Privacy and Information Commissioner for British Columbia. He described the nature of such jobs (which are unknown in the United States, although there are at least four in Canada). He also outlined some of the early issues he is confronted by, including the tendency towards centrist solutions in the health sector, at both provincial and federal levels.

4. Is It Time for a U.S. Data Protection Agency?

The topic is passé for Europeans, and even for Australians. The simple fact is that the American model has been to look after yourself via the courts rather than have a government agency do it for you, or even exist to help you. It's entirely discredited, but it takes a long time to move Capitol Hill. There is a private member's bill before the Senate, and there is hope, but not great expectation, that a breakthrough may be achieved.

One piece of relevant news was that Rob Veeder is taking up the post of Privacy Advocate for the IRS in June. Rob is in the category of 'good enemy': with me and I gather others as well, he's been helpful, open and affable. But he has been in charge of information policy at OMB for years, and has totally succeeded in the aim of successive Administrations to ensure that computer matching continues free of any meaningful fetters. If the IRS Privacy Advocate is to continue its work with any credibility, he will need a philosophy transplant.

5. Owning and Operating the NII: Who, How, When?

This also fell rather short of its billing, but once again there was some lively and useful discussion. Panellists are well aware that there are plenty of other well-informed people in the room, and most play it safe with generalities.

6. Data Encryption: Who Holds the Keys?

This addressed the question as to how any organisation can be found which can be entrusted with the keys to the encryption regime. The law enforcement agencies which want to see the schemes implemented are among the least trusted of all agencies, and any organisation they would be prepared to accept as an escrow agent would fall under immediate suspicion by the civil libertarians. Roll on two-way auditable key management automatons.

Reception and Electronic Frontier Foundation (EFF) Awards Presentation


Speaker Simon Davies, in papal reglia, and fine form, on the new directions needed by privacy activists

Birds of a Feather Sessions

About 60 people were still active in 3 remaining groups at 10:30pm, after 1-1/2 hours

* Friday

1. Health Information Policy

2. Can Market Mechanisms Protect Consumer Privacy?

Two Manhattan academics have re-launched this old defence on the American way. The contention is that providing individuals with something like property rights to data about themselves will enable an orderly market to come into existence, with paranoid people able to deny data, and everyone else selling for the going rate. That way data would no longer be available gratis, and the externality problem would have been overcome. There may be some prospects of the notion leading somewhere in the private sector (although even there, there are some serious weaknesses, such as market power in the finance industry). In the government sector, it's an unworkable proposal, because almost all data is gathered compulsorily, and agencies aren't about to relinquish their powers.

3. Lunch Speaker

I skipped this, in order to visit the Chicago Board of Trade.

4. Creating an Ethical Community in Cyberspace

I skipped this, in order to visit the Chicago Board of Trade.

5. Standards for Certifying Computer Professionals

This recorded the lowest attendance for any session, not only because it is an unattractive topic, but also because there appeared to be little freshness or even much quality in the material.

6. Hackers and Crackers: Using and Abusing the Networks

This focussed, once again, on the severe over-reaction by Parliaments and law enforcement agencies to harmful and fringe uses of computers and networks. It highlighted the inadequacy of security understanding and professionalism among systems managers and users generally. The atmosphere was sharpened by an FBI arrest that day of a delegate to the conference, in the mistaken belief that he was a hacker sought by police on electronic break-and-enter charges. After he was fingerprinted and they discovered their error, he was brought back to the hotel with apologies. The matter was reported in at least the New York Times the following morning.

Reception at the Museum of Science and Industry. This included a tour of the very new and impressive section in computers and communications. Unfortunately it was marred by an appallingly naive series of presentations of image enhancement.

* Saturday

1. The Role of Libraries on the Information Superhighway

This was somewhat disappointing, but once again I guess I knew a lot more about the topic than many of the audience, so perhaps the level of the content was right.

2. International Governance of Cyberspace

There were varied views firstly on whether cyberspace should be subject to controls at all - some Americans see no role whatsoever, especially for governments, in interfering with individuals' quiet enjoyment. Others argued that self-regulation was already effective, and should be the basis for control. Some argued that, like any other aspect of human endeavour, external controls would shortly be necessary. The usual justifications for control were pornography, incitement of racial hatred and the need not to deny law enforcement and national security agencies of the opportunity to intercept information flows. NSA was most unconvincing as to the last - they can hardly point to any major crime-busts which actually depended on wire-tapping.

3. Lunch: Presentation to Student Paper Winners

The winning paper on 'Freedom and Censorship' was far superior to the panel on the same topic, comparing three models of regulation. The second prize-winner also presented well, on the tension between the needs of epidemiology and privacy.

4. Delivery of Government Services Over the Information Superhighway

This was a bad slip in the programme, because two of the three speakers spoke from a marketing perspective, and all three spoke for far too long. The centre of attention was a set of information booths with touch-screens, offering multi-media displays about government processes. These were delivered by North Communications / DVS Communications of Canada, which may be the company involved in the Canberra project with the Australian Taxation Office and others. It appears to be:

5. Education and NREN, K-12

This focussed on availability of Internet services in Primary and Secondary Schools, and the extent to which students should enjoy open-ended experience versus closely supervision. Some argued for the emergence of a new era of freedom and others that use and access would be guided/dictated by teachers, like any other medium.

6. Guarding the Digital Persona

This investigated several aspects of the concept:

Finally, a leading sci-fi author pretended that the threats to privacy arising from abuse of the digital persona were not all that serious. This was loosely based on the idea that agencies were pretty clumsy, and wouldn't do a very good job with the technology. On the other hand, he regarded with horror the denial of freedom on the Internet which the NSA's clipper proposal represented.

[Caveat: I organised and chaired this session, so don't expect objectivity].


The conference delivered on its promised theme. The presentations were on the whole a little disappointing, and some of the sessions only got off the ground because of excellent questions from the floor. But the questions and the conversations were highly valuable, enabling me to complete the structure of the public policy paper I'm committed to submitting shortly.

One topic which emerged as being critical for CFP'95 were the questions of anonymous and pseudonymous transactions, and authentication of the right to participate in a transaction (cf. authentication of the identity of the individual). Many people appear unable to appreciate the extent to which transactions have been anonymous in the past, but are becoming increasingly identified, increasing the transaction trails available to monitor. Some people assume that anonymity is desired only by cheats. And few people understand that transactions can be both anonymous and secure.

CFP'94, Chicago
Weak Points

1. The Proceedings were very disappointing. There was a dire shortage of introductions to the sessions (a mere 2 of 14!!). There was also a serious shortage of contributed papers (about 12 of 45!). Two papers submitted on time for the session on 'Guarding the Digital Persona' were for some reason not published, and had to be copied and distributed separately. There was no Contents page, and no guidance at all as to which papers belonged to which sessions. Proceedings of that quality are barely worth the paper consumption, an embarrassment to show to colleagues, and a poor advertisement for the conference.

2. As with virtually all big hotels, the presentation environment was mediocre. In particular, the microphones (both on the lectern and on the floor in the hall) forced tall speakers to bend over; there was no pick-up lighting on the speakers' faces; and there appeared to be no walking mike. Many delegates complained about the hall being soporific, and many stood at the back of the room, so as to overcome the lethargy induced by the environment (i.e. they were not bored by the content, but by the physical context).

3. The formula of short (8-10 minute) presentations is a godsend (with occasional exceptions, where more time would be valued by the audience), but the less interesting panellists still need sparking up. There is an old working rule for panels that needs to be applied. The last minute of each speaker's presentation should comprise one, two or three outrageous assertions or propositions, which the speaker is prepared to defend all the way to the bar.

4. The conditions of invitation of speakers onto Panels should be:

In addition, all Panel Chairs should be obliged to submit, by proceedings publication date, at least a one-page introduction to the session.

CFP'94, Chicago
The CFP Ethos

Nowhere was the personality of the CFP community better exemplified than in the 'Soapbox' session organised the night before the Conference commenced. After a reception and meal, some 60 early arrivals gathered to listen and react to 5-minute harangues from people who had something they wanted to get off their chest. The session ran from 9 pm until midnight.

One major impression was the mutual respect shown by the participants. Derision was directed at the ideas, not the person, and time-limits were respected. Another impression was the diversity of perspective, with topics addressed variously from the legal, technocratic, philosophical, business, green, libertarian and political viewpoints.

Idealism was apparent, though not to the level of cloying impracticality. Discussion topics of this kind included:

For the most part, the discussions reflected a balance between idealism and pragmatism, and an orientation towards the discovery of utilitarian means of working towards ideals. Examples of topics addressed were:


Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Last Amended: 15 October 1995

These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916