Privacy Law and Policy Reporter
More than 500 people from 20 countries participated in the ninth annual conference on Computers, Freedom and Privacy ‘CFP 99: The Global Internet’ — see <http://www.cfp99.org/> — held on 6-8 April 1999 in Washington, DC and hosted by the Electronic Privacy Information Center (EPIC). Roger Clarke was there for PLPR, and we report his extempore notes of two of the most interesting sessions. The full version of his ‘CFP’99 Personal Notes’ is at <http://www.anu.edu.au/people/Roger.Clarke/DV/NotesCFP99.html> and is well worth the read. It also contains links to the web sites of the companies and individuals mentioned. (General Editor).
This panel comprised mainly technologists, plus a law enforcement officer and a business lobbyist. It was chaired by AT&T Research’s Lorrie Faith Cranor.
Lance Cottrell of Anonymizer Inc addressed the needs that his company perceives its customers to have. Anoymizer’s normal orientation is towards commercial products, but the Kosovo crisis has affected that during the last 10 days. The reason is that people within Yugoslavia have been using the net to transmit information in clear (that is, unencrypted). In some cases, that information may be prejudicial to their safety because it may be, or be perceived to be, harmful to the interests of the Yugoslav government or people. Anonymizer, encouraged by EFF, have quickly flung together an anonymization service for the Kosovo crisis. This mechanism needed to be low-tech and could afford to be of relatively low-level security (because the Yugoslav Government does not have significant decryption capability). Above all, it needed to be usable. (No information appeared to be available at this stage on the degree of usage.)
Lucent’s LPWA and AT&T Research’s Crowds products were briefly overviewed by Mike Reiter. LPWA has similarities with Anonymizer, in that it provides a proxy which ensures that the sender is not visible to the receiver. LPWA goes further, however, in that it provides a consistent set of capabilities across multiple protocols (email and web). Reiter drew attention to the risk of simple designs having a ‘choke point’. It has a single point-of-failure that will destroy the service and it is a pseudonymity service. The central site contains an index, which may be hackable, and is accessible by court order. Crowds overcomes this by enabling multiple multi-point paths.
Paul Syverson of the Naval Research Laboratory presented the Onion Routing project. It does not have a commercial business model, and costs very little to maintain. Onion routing utilises nested addressing to use a succession of participating nodes across the net, in order to establish an untraceable path. Some or all internet protocols may be run through the scheme.
Austin Hill of Zero Knowledge Systems outlined his Freedom product. This is another privacy-enhancing technology that enables the origin of a message to be hidden but persistence to be sustained, not only across a session but also over a long succession of episodes. Multiple pseudonyms may be acquired by a single person, which they can use to sustain independent personae — for instance, for different roles that they play. The design effectively precludes the personae from being related with one another, or with a person. Being Montreal-based, the cryptography used is strong. Freedom provides consistent, untraceable pseudonyms, and supports profiles for each pseudonym, and a warrant doesn’t help. Hence it is fully anonymous, not pseudonymous. The technology is transparent to the user.
Austin’s position is that accountability is not a function that the infrastructure should address. Each nym needs to establish its own credibility. One way is to establish a track record of reliability (performance-based reputation). Another approach is to use identity-escrow. This is a declaration deposited with, say, a law firm, which associates the nym with the underlying person.
Philip Reitinger, Legal Counsel for the Computer Crimes Unit of the Department of Justice, argued that it’s hard to put pseudonyms in gaol. He acknowledged the value of anonymity in some circumstances, and the degree of [US] constitutional protection that exists for anonymity. A problem is, however, that ‘crimes from a distance’ can be significant (for example, extortion or fraud). Two key techniques for law enforcement agencies are to establish the physical source or destination of a message (‘traffic analysis’), and to analyse content of a message. These are readily defeated on the internet, especially if the nature of the investigation requires that it be done in real time. (There are, of course, some celebrated instances where it has been successfully performed, such as the arrest of Kevin Mitnick and, a few days before the conference, the arrest of the alleged perpetrator of the Melissa worm.)
Kaye Caldwell, Policy Director for CommerceNet, discussed the often overlooked interest of local government being able to identify purchasers in order to collect local and State taxes. The issue is the basis on which the tax is levied: the location of the buyer, the seller, or the sale. There are considerable privacy implications of any of these options, particularly if the location of the buyer should be selected.
Chair Lorrie Faith Cranor asked how these new forms of electronic anonymity compare with existing scope for anonymity in real world transactions. By and large, they were argued by the services providers to deliver much the same capabilities as we already enjoy. Phil Reitinger felt that real world anonymity was qualified because of the existence of additional cues (such as people’s memories of what a purchaser looked like) which are absent in the electronic environment. The danger is that the primary use of untraceable electronic anonymity will be used by people with criminal intent. Austin Hill argued that the electronic world creates new threats (such as databases of everything ever said on newsgroups and e-lists, like Deja News), and hence the level of anonymity available in the electronic world actually needs to be higher than that which has applied in the real world.
Paul Syverson was asked why his employer supported the work. One reason was that the military needs to be able to work covertly too — as do all law enforcement and national security agencies, added someone.
Mike Reiter provided examples of organisational interests in anonymous communications, such as avoiding their accesses to a patents database being detected; avoidance of traffic analysis making an organisation’s intentions apparent; enablement of whistleblowing within an organisation; Microsoft’s email being subject to sub poena; headhunters who communicate with employees of other organisations; and overseas employees who need protection against local incursions into privacy.
In some jurisdictions, there appear to be some forms of right to anonymous political speech, subject to some forms of qualification (for example, donors to political parties or causes).
This is a particular context in which the tensions between interests of freedom of information and protection of information are especially severe. (The Rio is the inexpensive MP3 player. MP3 is a compression technique which, although technically ‘lossy’, delivers CD quality music in a sufficiently condensed form that singles and even LPs can be downloaded from the net, even with current bandwidths. Title 17 is the US Copyright Act).
The Chair Jonathan Zittrain, from the Berkman Center for Internet Law & Society, raised once again the scope for behaviour to be affected by ‘code’ (Larry Lessig’s mistaken term for ‘architecture’) as well as by formal law and regulations. He drew attention to the following elements of the debate:
The speakers were asked to speak briefly about their best dreams and worst nightmares regarding the music industry future in the new context set by MP3 and other technologies.
Michael Robertson of mp3.com argued that digital music distribution is compelling and inevitable, and is, what’s more, a test case for other media forms in the future. His brief points were:
Scott Moskowitz, whose corporate persona is Blue Spike, is the originator of digital watermarking for audio. He was much more subdued in front of several hundred people than he was one on one after a few beers ... The trend for musicians is moving away from being packaged media businesses treated as objects by powerful publishing companies towards being themselves powerful publishing companies. (He’d made far more complicated claims on the bus the previous night).
Henry Cross, an artist/producer working under his own Tribal Pop brandname, said he was appalled by the music industry’s heavy-handed attempts to crush MP3 technology. This technology gives artists direct access to the market. It seriously scares the large corporations that presently control the distribution, and hence the selection of materials, that reaches the public. The internet in general, and MP3 in particular, is a great force for freedom. He also expressed serious concern about the use of legislation to protect the powerful.
Carol Risher of the American Association of Publishers pursued the conventional line with vigour, using the piracy word, and invoking the old myth about invention (as distinct from innovation) being nurtured by tight protection a la the Statute of Anne. She asserted the conventional defence that there was a large amount of value added by specialists in the value chain, especially in marketing, even in the online environment. She signally failed to address the key question about whether the industry value chain could be greatly trimmed, and could provide a larger proportion of the revenue stream to the originator.
Carey Sherman, General Counsel for the Recording Industry Association of America (RIAA), says record companies have no problem with MP3, but it’s become synonymous with ‘MP3 piracy’. He agrees that ‘niche artists’ can use it effectively. He just doesn’t want it done in a way that fails to distinguish the illegal from the legal. So, the technology shouldn’t be permitted to become standard if it undermines the conventional industry. If that occurs, the artists won’t earn an income from their work.
He referred to the SDMI initiative, which is an attempt to produce a standard that will have the (to RIAA) desirable characteristics, and oust MP3. It’s intended to include micro-payments. He asserted that SDMI is a consensual process (although it appears to be an entirely major player club). Michael pointed out the artists are excluded from the process, and are being ‘looked after’ by the major record companies. Moreover, the pre-decision is that SDMI will not support MP3, and hence artist choice is not supported.
Sherman signally failed to consider whether the technology genie was out of the bottle. He was confusing about whether alternative business models were possible under the threat of MP3. The worst nightmare is the internet being taken over by piracy, because ‘it ain’t possible to compete with gratis copies of your own work’. (But then he failed to work out what the implications of that statement were.)
The Chair asked Henry his reaction to the proposition that optional licensing information could be contained in the header of the file. Henry did have a problem with it, because he regards it as intrusive and unnecessary; and he objects to remaining stuck in the old frameworks when there’s a new technology. The old paternalism is no longer tenable.
The Chair asked Carey whether he opposed the survival of fair use. He answered that if technology can support it, they’re all for it (but, by implication, if it can’t, then it will have to be let go). Carol deflected the discussion onto the first sale doctrine, but I couldn’t quite get the point. She argued that copyright protects against distortion as well as providing the scope to earn money.
There were question from the audience as to the impact of downloads, and whether there is any empirical evidence of losses. Carey acknowledged that there is potential for promotion; but the record company, I mean the artist, should be able to choose. Carol said that when enforcement of photocopying payments on printers and libraries was achieved, there was a $40 million increase in revenues. (In the US economy, when compared with, say, tips paid in restaurants, that looked to me like it paled into insignificance).
Another question from the floor was ‘will open source licensing be precluded by an RIAA scheme?’ Carey said that SDMI would be a voluntary compliance scheme. (But of course that’s nonsense, because the stated intention is to oust MP3, and that can only occur if SDMI is exclusive.) Michael disagreed with Carey (again), arguing that the closed nature of SDMI would inevitably preclude open source. Henry still can’t see the relevance of the record company in the chain. Carey sees promotion as the expensive part of the chain, and that’s invested in by the record companies. Scott agreed that the three rules of the music industry are are ‘recognition, recognition, recognition’, but said that any channel to an audience will do. Digital watermarks will benefit both labels and artists in informing them how their materials came to turn up where they did.
Roger Clark, editorial board member.
Computers, Freedom & Privacy, at http://www.cfp.org. is a dynamic community of people interested in and energised by the tensions generated by modern IT. It’s a crossroads meeting place intended to complement the many meeting spaces, and to address the many spaces (in the word’s other sense of ‘gaps’) between different interest groups.