From privacy to vulnerability, web issues dominate sessions

AUSTIN, Texas -- "Conflict and controversy" was the unofficial theme of the eighth annual Conference on Computers, Freedom and Privacy, according to Mark Lemley of the University of Texas School of Law, who served as chair of the CFP98 Program Committee.

An estimated 400 people attended the conference Feb. 18-20 at the Hyatt Regency here, and the unofficial theme carried through the program. Participants heard about conflict between freedom and privacy, and they heard some controversial ideas, including modifications of copyright law ranging from minor adjustments to complete abolition.

There were topics of interest to anyone who uses the Internet to any degree.

How to choke the 'Net
Moderator Daniel Weitzner opened the session by questioning "the assumptions we all have about how robust the Internet really is."

Weitzner, who works for the Center for Democracy and Technology, a nonprofit public interest organization based in Washington, D.C., said, "We've all heard the story that the 'Net was developed to withstand nuclear blasts, and I think it's important for those of us who rely on the 'Net ... that we understand whether this whole thing is really as good as we have been led to believe."

So Weitzner asked his panelists, Matt Blaze of AT&T Bell Laboratories of Holmdel, N.J., and Steven Bellovin of AT&T Labs Research in Florham Park, N.J., "If you had malicious intent, how many bombs would it take to bring the 'Net down, and where would you put them?"

Forget the nukes, Blaze said.

"I think the answer to your question is zero. ... In fact, nuclear blasts don't represent the threat. The threat against the 'Net arises from really two characteristics.

"First of all, access to the 'Net is a trivial matter. The 'Net is designed on the all-you-can-eat-for-$19.95-a-month model." With that access, "you can send packets that other machines on the 'Net will happily route everywhere else on the 'Net, including the routers. And if you can send convincing data that convinces other machines on the 'Net to misbehave, you can do something much more powerful than blowing them up."

Comparing the current situation to the recent past, Bellovin highlighted significant changes in a short time.

"Three years ago, the answer (to the bomb question) would've been about three. ... There were a few routers that were pretty central." But the increasing decentralization of the Internet has largely eliminated that danger.

The biggest threat now comes not from taking down a critical machine, but from overloading the 'Net with data.

"My favorite way to bring down the 'Net is to introduce a new killer application," Bellovin said. "The Web almost took down the 'Net."

Blaze recalled the days when the term "killer app" referred to an application that would impress everyone. In this context, it has evolved to mean an application that will "bring the 'Net to its knees."

"Real-time multimedia data streaming ... has the potential to be the next killer app in that regard," Bellovin said. "The 'Net is not optimized for real-time transmission of high bandwidth data. What we're starting to discover is that it works reasonably well on a small scale ... and we have no idea how it will behave on a large scale."

Archiving the Web
After explaining how discussion forums on the 'Net were being archived, the audience grilled Steve Madere, chief technical officer of Austin-based Deja News Inc.

Deja News (http://www.dejanews.com/) archives the Usenet discussion forums and makes them searchable by keywords, including topics and authors. For example, typing Madere's name into the search form at Deja News will yield a list of Usenet articles written by Madere or naming him.

That search capability worried some in the audience. They said they feared that insurance companies, or potential employers, might find that they had posted articles to medical support group forums, or that the government might find that they had written articles critical of government policies -- and use it against them.

"There really is no privacy issue with Usenet," Madere said -- there is no privacy. "It's a public address medium, where you are pushing your message to the rest of the world."

"Usenet is the ultimate push medium. Any person on the planet can push a message to everywhere," he said. "With over 20 million users today ... it is the world's largest information system."

Julie Cohen of the University of Pittsburgh School of Law questioned the propriety of archiving Usenet and web materials. She asked: "Is the Internet archive a fair use of copyright material? The question is whether the act of collecting these things is privileged."

Many web sites, such as those operated by newspapers, would prefer not to have their material archived by someone else because they would like to have people pay for access to their own archives.

Raising another privacy issue, Cohen cited a company that archives Usenet articles for corporate intelligence services. Corporate executives can see what people have been saying about the company -- and they can see who said it.

Do you need a license to link?
Hyperlinks are what made the World-Wide Web explode with growth. With that growth came a general feeling that links are good things, and that anything on the Web is there for the linking.

But some web sites would like to control who links to them and how those links are used.

The use of frames has intensified the problem, said Walter Effross of the Washington College of Law at American University in Washington, D.C. With frames, it is possible for a web designer to link to a remote site and have its contents look like part of his or her own. The designer also can link to a remote site and surround it with his or her own advertising materials.

That's where the trouble begins.

Microsoft's Sidewalk site in Seattle linked directly to an interior page in Ticketmaster's site so Sidewalk users could purchase tickets to Seattle-area events. Ticketmaster wanted people to go directly to the site's front page, where they would be exposed to the site's advertisers. The battle landed in court.

Likewise, the court was the battleground when CNN and the Los Angeles Times found their sites in frames surrounded by advertising sold by Totalnews. The news organizations won that battle, with Totalnews agreeing to link without frames.

Owning virtual communities
Gail Ann Williams has plenty of experience with virtual communities. At The Well (http://www.thewell.com/) of Sausalito, Calif., she lists among her duties "finding talented conference hosts and helping them set up interesting conferences."

How can she tell when an on-line group has really become a community? "If they start gossiping about each other," she said. Another sign that a real community has formed appears when someone who has been a regular part of the group is missing for a day or two and others become concerned.

"The relationship, in essence, is the product" for The Well and other on-line communities, she said. "A virtual community is a real community that is taking place in virtual space."

As with any community, a virtual community can have gates -- barriers to the uninvited or unwelcome. In cyberspace, those gates usually take the form of memberships. Gating, Williams said, cuts "drive-by posts." On the other hand, it keeps out some people who might make a worthwhile contribution to the community.

One person in the audience suggested that a low entry barrier went hand-in-hand with a low exit barrier -- if it was easy to get in, it would be easy to get out. This, he theorized, leaves users "no incentive to act responsibly."

Business reputation on the 'Net
A few years ago, many Internet observers predicted that the big issue in the future of the 'Net would be copyright law. Those predictions have proved wrong, said Dan Burk of the Seton Hall University School of Law in Newark, N.J.

Trademark issues have become a much stickier situation, he said. The relative anonymity of the Internet and the lack of clues about physical location make it easy for a 'Net user to pretend to be someone else, even for an individual to pretend to represent a corporation with which he or she has no real connection.

Also, because the 'Net lowers the cost of doing business, a business that appears legitimate on its web site may be undercapitalized and ready to fail at any time, Burk said.

The 'Net also causes jurisdictional problems in the event of a consumer complaint, because the consumer may not know where the business is physically located.

In the course of electronic commerce, a term Burk eschews as overused, trademarks are becoming more important to consumers because trademarks help consumers gauge the reputation of the seller. Digital certificates, which are akin to on-line identification cards, could be used to certify that Internet-based merchants really are who they claim to be.

Is PICS the devil?
The Platform for Internet Content Selection has been condemned by Harvard University Professor Lawrence Lessig: "Pics is the devil."

Paul Resnick of the University of Michigan School of Information in Ann Arbor moderated a discussion of Pics. He opened by stating that the platform does not include a rating system and does not include code for blocking content based on a rating system.

"What Pics does," Resnick explained, "is set down a language for describing rating systems so that any Pics-compliant set of ratings can be implemented by any Pics-compliant block software."

Andrew Shapiro of the Center for the Internet & Society at Harvard Law School took the position that technology such as Pics is not really neutral, but carries with it a political agenda.

Shapiro held up a pen and asked his audience to imagine it was a hammer.

"With this hammer, I can build a house, I can hang a work of art, I can fix a broken child's toy. But I can also do some other things. I could smash that toy; I could smash that work of art, I could even use it to kill someone.

"Now, this is the kind of rhetorical exercise that people often present to say, 'Technology is neutral. There's nothing about the tool itself that does anything, it's just the way people use it.'

"But I want to say that that's not true. ... Although technology does not determine political outcomes, they have political proclivities which we should strive to understand and then judge to see whether they're consistent with our values and with our aspirations."

Technology critics could help people make those determinations, Shapiro suggested: "We need technology critics for the same reason we need literary critics."

Jonathan Weinberg of Wayne State University in Detroit disagreed, seeing Pics in much simpler terms: "We always had filtering rules. Now it's easier to install them. I would argue that that's a good thing."

-- David Galloway

"I owe my personal freedom to the press. ... During my criminal defense, my legal defense team didn't want me to talk to the press for a while. My instinct told me it would be better to do that. ... I can't really tell why the Justice Department dropped the case ... but my feeling is that the press had a big part in that."
-- Philip Zimmermann, author of the popular Pretty Good Privacy encryption program, who was investigated from 1993 to 1996 by the U.S. Department of Justice because his encryption program allegedly violated the government's International Traffic in Arms Regulations. Zimmerman spoke from the floor of the Conference on Computers, Freedom and Privacy.

From THE COLE PAPERS, March 1998, Copyright © 1998, All Rights Reserved.