CFP'93 - Summary

by Roger Clarke

Reader in Information Systems
Department of Commerce
Australian National University

G'day CPSR'ers, especially those associated with CFP. Australasian Computerworld was pleased to be offered the following short report that I wrote on the plane home (it's a long way across the Pacific, but Powerbook batteries are awfully short-lived, so it HAD to be short). Once again, my congrats to Bruce Koball and the team on an exhilarating occasion.

(From Australasian Computerworld, April 2, 1993)

Balancing snoopers and privacy

The Third Computers, Freedom and Privacy Conference was held last week in San Francisco, attracting 500 delegates from all walks of life and generating some very wide-ranging and dynamic discussions. The conference's title reflects the essential tension that exists between information openness and data protection, and most sessions involved panels of people with distinctly different perspectives.

The conference started by considering applications of IT to the electoral process (a matter very timely for Australian delegates). This was followed by a discussion of electronic voting, and especially of the scope for subversion of the democratic process.

One session dealt with arts and the Internet; and another with free speech and censorship on the net. Hackers met in a public forum with public prosecutors and the FBI, to explain how the proliferating laws to criminalise hacking miss the point.

One burning issue examined was whether the FBI should be permitted to restrict the use of highly secure encryption techniques. The FBI's proposal that trapdoors be compulsorily built into cryptographic methods (so that law enforcement agencies can continue to monitor communications) stimulated vigorous debate.

A topic of considerable relevance to Australia, in the light of our government's proposed Health Communications Network, was the discussion of health records and confidentiality. It was pointed out that attempts in the US to provide legal protection for highly sensitive medical data foundered as long ago as 1980, and that as a result data about what videos people hire enjoys much greater protection than does medical data. The situation in Australia is even worse. The Australian Parliament needs to create laws far more detailed than the Privacy Act, and to firmly encourage our State Parliaments to at last pass the privacy protection legislation that was due in the early 1970s.

Unfortunately there is no chance of the gladiatorial arena that poses as our Federal Parliament taking a pro-active stance on such an important matter. In the present climate, people who expect their medical data to be protected against snoops and potential political opponents, and its use by government agencies to be restricted to justified access, would do well to lobby hard against the use of IT in the health care and health insurance fields.

Another recurring topic at the CFP conference which mirrored Australian concerns was the discussion of motor vehicle records. The NSW ICAC report recently disclosed wholesale abuse of the personal data of Australian drivers and car owners.

Some US States sell data to support themselves financially, despite the data having been acquired under force of law, and for quite specific purposes. One State administrator drew attention to the ridiculous anomaly of his being required to preclude on-line access to individual records, but also being required to sell the complete file to all comers.

My own contribution related to the "digital persona". I devised the notion to convey how dangerous it was to make decisions about people based on surveillance of their data shadows. The audience response was quite remarkable. Far from being just a theoretical notion of limited applicability, a group of us are now using passive and active variants of the idea to explain a variety of Internet constructs, and to examine the potential of personal agents which, among many other things, can be devised to filter our mail, and monitor the news for items of interest.

A most interesting variant on the usual debating panel was a "hypothetical" in which the audience acted as a jury. The scenario was that a virus had migrated from a bulletin board operated at a university, over the Internet, to a hospital. The hospital machines were down for 24 hours as a result, and a patient died for want of access to data.

The audience heard arguments by lawyers for the parties involved, and were asked to decide whether a prima facie case of criminal negligence existed against any of them. Much debate took place over the lawyers' decision to arraign the hospital's CEO, but not the hospital's systems manager!

Another valuable session concerned the coming US National Information Infrastructure. Some people want to apply ISDN now, while others argue for cable television-like solutions (taking the power out of the hands of the telecommunications providers), and still others would like to wait a few years until ATM is available.

Given the highly political manner in which telecommunications policy is decided in Australia (remember the forced merger of OTC with Telecom, and the recent amateurish attempt by the Government to sink the proposed MDS pay-TV service), it seems futile to expect a similarly coherent discussion to take place in Australia.

If anyone thinks that we could attract all sides of such important arguments to an Australian version of CFP, e-mail to me at Roger.Clarke@anu.edu.au. Or, if you're one of the information-poor and have no access to the Internet, fax me on (06) 249 5005.

Roger Clarke is Reader in Information Systems at the Australian National University, and a 1992 Computerworld Fellow

Return to CPSR conferences page.

Return to the CPSR home page.

Send mail to webmaster.