Computer underground Digest Mon Mar 25, 1996 Volume 8 : Issue 24

Computer underground Digest Mon Mar 25, 1996 Volume 8 : Issue 24
ISSN 1004-042X

Editor: Jim Thomas ([email protected])
News Editor: Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Field Agent Extraordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #8.24 (Mon, Mar 25, 1996)

File 1--CDA hearing--day 2
File 2-- An Off the Record Interview with FTC'S Christine Varney
File 3--Cu Digest Header Info (unchanged since 24 Mar, 1996)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

From: [email protected]
Date: Sun, 24 Mar 96 10:52:02 PST
Subject: File 1--CDA hearing--day 2

((MODERATORS' NOTE: Donna Hoffman adds this to Day 2's commentary:

In Jonathan Wallace's account of "CDA hearing--day 2" there
is an error:

The number of unique URLs indexed on altavista as of
Thursday, March 21 was 22 million, not 12 million and the
number of words is now 11 billion.

Great accounting of the day's events!

==================

*ACLU V. RENO REPORT*

Day Two

Ceremonial Courtroom, U.S. Courthouse, Philadelphia, March 22,
1996--
The day began with Professor Donna Hoffman of Vanderbilt being
sworn in as an expert witness for the ACLU. DOJ lawyer Jay Baron
objected and asked for "voir dire"--the right to question
the witness about her credentials.

Baron wasn't really trying to prevent Hoffman from testifying;
he just wanted the judges to know she is not a pornography
expert. Hoffman doesn't pretend to be; she is the leading
authority on commercialization of the Net, and is well-known
for her lead role in debunking the Marty Rimm study last
summer. Hoffman proved to be a fascinating witness, educating
the judges on the way people use the World Wide Web, and
on what the CDA will do to those usage patterns.

The judges acknowledged that Hoffman was present as an expert
on the Web, not on porn, and the cross-examination, also
conducted by Baron, began.

Q: "You've invented a few terms, haven't you?"

A: "Yes."

"Not acronyms, I hope," said Judge Dalzell. Whereupon Hoffman
began describing "CME"--computer mediated environments.

Key to Hoffman's testimony was the concept of "flow"--the
pleasurable experience of wandering around the Web, jumping
from link to link in a nonlinear fashion. Hoffman
compared this to the high experienced by a runner or a rock
climber immersed in the details and pleasures of the
sport. Responding to a question from Judge Dalzell as
to whether "user navigation" and "surfing" were synonymous,
Hoffman defined a second type of navigation: goal directed,
where the user is searching in an organized way for
particular information and is much less likely to
experience the pleasures of "flow."

The judges seemed quite infatuated by "flow", joking with
the witness and the attorneys about the idea of people
getting high on the Web. The significance of "flow"
to the case against the CDA: the point was hammered home
that any scheme requiring Web page providers to register
users before they can view pages would irrevocably
destroy the experience of the Web. Much of the day's
testimony was intended to establish to the judges that
schemes allowing information providers to pre-screen
users are completely impractical and destructive
of the fragile beauty of the Web.

Baron asked whether children under 18 surf.

A: "Yes."

Q: "But you know next to nothing about the behavior
of children on the Net?"

A: "Correct."

Baron asked about the CMU "Homenet" study, a five
year study of household Net use, which has shown that
"teens lead the family". Professor Hoffman acknowledged
that she uses the study as background to her work, but
that you cannot generalize its conclusions, which
are based on a sample of only 48 families in
an urban area.

This was an example of Donna Hoffman's strengths.
In an arena--the CDA debate--that has been characterized
by so much hype and rhetoric, she was a cool, collected
scientist, presenting and critiquing data, always able
to cite her sources. She really knew what she was
talking about, and I think the judges saw that.

Baron now honed in for the first attempted Perry Mason
trick of the trial.

Q: "The Net is unique, different than other media?
Its a 24 hour, 7 day medium, right?"

A: "Yes."

Q: "Do children under 18 surf?"

A: "Yes."

Q: "Is Altavista a popular search engine?"

A: "Yes."

Q: [Reading from Hoffman's deposition transcript] "Individuals
must seek out the information they wish. Information
doesn't suddenly appear, surprising them."

Baron then described a hypothetical situation: Your child
has been assigned a report on the book "Little Women" and
wants to surf the Web for a copy or for information on
the book.

Hoffman, refusing to take the bait, said that a
child who was competent in using the Web would search
on "Alcott" and "Little Women" as keywords. Baron
handed her a government exhibit--the results of an
Infoseek search--and asked her to read the fifth
item. "You want me to read this?" Hoffman asked.
Her professionalism and sarcasm were both evident
at that moment.

"See hot pictures of naked women," she read.

(DOJ attorneys, like state prosecutors in
speech related cases, delight in making the other
side's witnesses read controversial material.
A notorious example was the Amateur Action BBS
case where Memphis federal prosecutor Dan Newsom
made defendant Carleen Thomas read scores of descriptions
her husband had written of pornographic GIF files.
She had nothing to do with them, had never read
seen some of them before, but the jury, which
later convicted her, got to hear her using
foul language.)

Hoffman bounced right back, pointing out that it
was evident from the print-out that the search
criteria were Little *or* Women and that the search
had produced all files with either word
in the title. The implication was that
an experienced user would not conduct a search
for Louisa May Alcott this way.

Baron now asked her to define "hits" and Hoffman
explained that hits--HTML file accesses--are
almost useless as a way of measuring the use of
the World Wide Web, as there is no way to
correlate hits to the number of people
accessing a page. For example, ten hits
result from the user loading one page with
nine graphics inserted into it. She described
"unique domains" as a better measure, but
pointed out the "AOL problem"--thousands
of AOL vistors to your page result in
your Web server counting one unique domain.
She concluded that unique domains are the
"lower bound" of people measurement on the
Web (there cannot be fewer users than domains)
and hits are the upper bound (there cannot be
more users than there are HTML file accesses).

The judges wanted to come back to Louisa May
Alcott. Chief Judge Sloviter asked, "You would
have searched on Alcott?"

A: "I would have known that 'Little Women' would
produce more URL's than I was interested in."

Q: "A child might not know."

A: "I would have been there guiding her."

Prompted by Baron, Hoffman now described bots
and spiders, and the ways in which search
engines automatically scan Web pages and
index them. An interesting statistic:
Altavista's database contains twelve
million unique URL's--"our best guess
as to the universe of information on the
Web." Altavista's catalog of URL's has
grown by one million in one month.

Judge Sloviter: "Its been cold out, and people
didn't have anything else to do..."

Hoffman next testified as to the difference
between search engines, which tend to compile
their information indiscriminately via spiders
and bots, and directories such as Yahoo where
a human being evaluates each site before adding
it. After a detour to explain to the judges
what HTML forms are, Hoffman examined a government
exhibit pertaining to a Web site called Open Market,
an online directory where businesses fill out
a form to register their own commercial Web sites.
Open Market has 22,000 sites listed--and a search
of its database found 23 items keyworded "porn".

Q: "Do you agree its in the interest of the marketplace to
adopt parental controls?"

A: "Yes, I do."

Baron showed her a screen shot from an adult Web site,
Cybersex City, which requires credit card registration
before indecent pictures can be viewed. The site contained
a notice that the CDA had caused it to remove certain materials
from the public part of its pages, but that the
"inner sanctum" remained unchanged.

Q: "Any idea what was there before?"

A: "No."

Q: "Could it have been porn?"

ACLU attorney Chris Hansen called out, "Objection!" and
the judges sustained him--the question was improper
because Hoffman had already said she didn't know.
In a trial remarkably free of the usual Perry
Mason posturing and byplay, this was only the
second or third objection, and the first one
sustained.

Baron next showed the professor a screen shot from
Bianca's Smut Shack. Last summer, while writing
Sex, Laws and Cyberspace, I went looking for
the kind of material in cyberspace which would
fall afoul of the CDA, and I found Bianca's pages.
At the time, I thought that the Smut Shack was
a prime example of the kind of controversial
language that the First Amendment was intended to
protect. Obviously, the Bill of Rights means nothing
if it only protects the speech of which we approve.
Bianca's pages are a volatile combination of
politics, defiance and sexually explicit speech--
clearly immune from government interference if printed
on paper rather than in cyberspace.

It was interesting to see Bianca turn up as a
subject of inquiry in the courtroom. Baron was
mainly interested in Bianca because of a
warning she has posted on her top page.
She lists a series of solutions that parents
can use if they do not wish minors to access her site:
use a program like Surfwatch to block her; email her
your domain name, and she will block your account
from her site.

Q. "Do you concede that removal of photos from the
'Cybersex City' site mentioned above doesn't have
a profound adverse effect on the future growth of
the Net?"

A: "On that particular site, that's correct."

Q. "And the posting of the warning on Bianca's
Smut Shack, you concede that doesn't have a
profound adverse effect on the future growth of
the Net?"

A: "Not on that particular site."

ACLU attorneys privately commented at lunch that day that
the government hasn't really been forced to commit to
a particular argument or defense yet. Baron clearly
seemed to be trying to show that the CDA is harmless
because there are so many easy ways to comply
with it. Of course, since the law doesn't contain any
specific "safe harbor" (unlike the cable, broadcast
and phone indecency laws which carefully describe
measures like taking credit cards or
broadcasting indecency after ten p.m.), this
ought not to be a persuasive argument.

Q: "Is it correct that the alt.binaries newsgroup contains
pornographic images?"

Hansen correctly objected that the word "pornographhic"
has no legal meaning (the laws deal with "obscenity" and
"indecency", not "pornography") but Hoffman resolved the
problem by responding that alt.binaries contains "explicit
sexual images."

Q: "Do porno BBS's advertise on Usenet?"

Hoffman conceded that some images on Usenet carry the phone
numbers of pornographic BBS's like Amateur Action and
are possibly placed there by the BBS sysops as advertisements.

Baron asked Hoffman about a statement in her affidavit that
pornography as a percentage of total information on the
net is decreasing. She replied that she thinks the amount of
porn on the Net is a constant, while the total universe
of information there is increasing exponentially.

Adopting the Altavista numbers, Baron did a quick calculation
suggesting that if 1% of cyberspace is smut, there are 120,000
smutty URL's on the Web. Hoffman replied that the number of
web servers is doubling every month and a half, the
total number of servers of all types on the Internet is
doubling annually, and the amount of porn is staying the same.

After a break, the ACLU's Hansen conducted some "redirect"
examination, trying to relate the problem of monitoring Web
users by age to the statistics--hits and unique domains--
monitored by Web servers. Hoffman agreed that existing server
software is almost useless for this purpose, as neither
hits nor unique domains "map" to actual individual people
whose age can be determined. The judges struggled to
understand what some of the attorneys in the courtroom
themselves did not: on a Web site like mine with 390 files,
there is no set path through the material, nor any
single "back door"--every file is a separate URL that can
be accessed from anywhere else on the Web.

Q: "The number of times you would have to check that
someone is 18 or over would be roughly determined by
the number of hits?"

A: "Yes."

Hansen brought Professor Hoffman back to the Bianca
screen shot and asked her to read the third item
in Bianca's warning. Baron had skipped over
Bianca's statement that she "heartily supports"
rating systems such as PICS.

Q: "Does this imply any way a content provider can
determine who is 18?"

A: "No, there is no way to do that."

Judge Buckwalter was intrigued by Hoffman's reference to
the Net as a "democratic" form of communication.

A: "the Internet....is truly a revolution in the sense
that users can provide content to the medium. My site is
just as likely to be visited as Time Warner...there are
no barriers, no gateways."

Q: "There is a Big Brother....if not the government,
than the people who create the directories."

A: "I don't agree."

Q: "Don't discussion forums have someone who steers?"

A: "Not in unmoderated lists such as Usenet."

Q: "I was surfing magazines...."

Judge Dalzell interjected: "Printed on something called
'paper'...."

Q: "...and I saw the James Fallows article in the Atlantic
magazine which says most popular lists are mediated...
gatekeepers are becoming more important."

The comment at lunch was that the fallows article, which
I have not read, was a typical journalistic "fantasy".

A: "Gatekeepers are important, but are not Big Brother...
the Net is very organic."

Chief Judge Sloviter: "What does organic mean?"

A: "The Net evolves naturally....it is open and democratic,
with access for all."

Dalzell: "Do you really believe that the Net is the most
important communications innovation since the printing press?
Isn't that an extravagant statement?"

A: "The many to many nature of the Internet allows users to
contribute information in a way never before possible."

Q: "You said in your affidavit that there will be a
negative effect on commercialization of the Net because many
businesses will exit or may never enter. How do you
know?"

A: "Becuase they've told me....I've had conversations
with providers who are exiting, who have removed materials,
women who were considering online businesses from home
who were very concerned by the legal issues which are
now too complicatd."

Dalzell brought Hoffman back to the issue of "flow" and
elicited that "you can't move seamlessly through
cyberspace if you have to register at every site."

Judge Sloviter: "Its a high when you jump from link to
link as we judges might get a high from going into the
library?"

Baron popped up and wanted to know if any of the
women who were deterred from doing business on the
Net were smut peddlers. No, said Hoffman, they
were considering Tshirt or poster businesses,
among others.

Hansen pursued the library analogy one step further
and Hoffman said, " We would have to register
every book on every shelf of every library."

And that was it. Professor Donna Hoffman watched
the rest of the day's proceedings from the first
row ("can I go back to my regular life now?"
she asked the ACLU attorneys). Her testimony
was professional, incisive, clear and always
supported by scientific sources she could
readily cite when asked. I think the judges
found her impressive.

Next up was a Mr. Croneberger from the Carnegie
Library in Pittsburgh, called by plaintiff American
Library Association. Carnegie has an online
card catalog with 2 million entries, many containing
references to sex or the seven dirty words.
Croneberger had said in his affidavit that he
would need 180 extra employees to cleanse the card
catalog to comply with the CDA.

Pat Rosado of DOJ asked if it would be possible to
do a keyword search of the catalog for the dirty
words, rather than reviewing all entries manually.
Rosado seems to be reserved by DOJ for the "pit bull"
role, as she had shown during her cross of sex education
expert Staton on day 1.

Q: "A keyword search on sex wouldn't turn up books on
Abe Lincoln?"

A: "It might. I have seen entries on works speculating
about lincoln's sex life or lack thereof."

Q: "What about books on geology?"

A: "Only if you couple 'rock' with 'roll'."

Q: "A search on sex or the seven dirty words would turn up
less than all 2 million titles in your catalog?"

A: "Yes."

Rosado elicited that the library carries electronic text of
Playboy articles but no images. Croneberger said he would
carry the images if the provider included them--but acknowledged
he does not carry the paper magazine itself in the library.

Q: "You exercise some discretion as to what becomes part of
the collection?"

A: "Yes."

Q: "The criteria include community standards....?"

A: "Yes, but that isn't and cannot be the only criterion--
I have an image of a public library as a place that has
material that offends everyone--that's our job."

Dalzell: "You said in your affidavit that one
third of card holders are minors. Do you have
any restrictions based on age?"

A: "No. Some libraries have different
cards for minors; we and many others do not. "

Croneberger observed that segregating material on the
shelves stigmatizes adults who may want simple material.
He said it is the parent's role, not the library's,
to determine what children may read.

Q: "Do you have to worry about the standards of any
communities other than Pittsburgh?"

A: "Our electronic material is now available
around the world."

Buckwalter asked whether a system could be devised
to shield minors from indecent material IF money
were no object and IF the requirements of the
CDA were specific enough to be comprehensible.

A: "It could be done, but would contradict the mission..."

Q: "I agree with you, but..."

Judge Sloviter: "Well, you don't necessarily mean you
agree with him."

Judge Sloviter then asked Croneberger to contrast
two movies on alcoholism, The Lost Weekend and
Leaving Las Vegas--would a CDA-type regulation of content
pertaining to alcoholism make him remove both
from the library? Could he leave the first
movie and remove only the second, because it "crosses
the line"?

A: "The librarian in me doesn't want that line to exist.
If librarians must make those decisions for other people's
children, we will fail miserably."

Q: "If you had to use Surfwatch, would that exclude Shakespeare?"

A: "And the Bible, and on and on."

Q: "Do you approve of net blockers [like Surfwatch]?"

A: "Yes--I would like the library be able to give them
away to parents."

After lunch, Mr. Bradner, the Harvard systems guy and
Internet Engineering Task Force member who had testified
in the morning of Day 1, resumed the stand. During a
break, a reporter for a national paper commented that
she found Bradner a bit arrogant and feared the judges
might too. I liked him a lot and didn't find his
self-confidence or occasional sarcasm a negative--but
he definitely had that air of "I am a professional; do
not try this at home."

His role today, following in Professor Hoffman's footsteps,
was to explain to the court the impossibility of making
information providers responsible for knowing the age of
users, especially on the Web. "As an IP, I have no
ability to go and examine what browsers my users are using."
Nor can he ensure that users enter his site by way of a
particular page, as the tens of thousand of pages there
each has its own URL. "I would have to screen once for every
hit."

He was asked Judge Buckwalter's question about whether
screening all users is technically possible.

A: "Probably....but we'd have to have a method
whereby all [users] would have to provide some form of
identification [which couldn't be] easily forged....
I would have fun with it if it were a cost-plus contract."

Baron elicited from him that each page on his site could
have its own rating embedded as an HTML tag.

Judge Dalzell became interested in caching. Bradner
testified that because European companies pay from the
transatlantic Net link to the US (it is free to us)
powerful servers cache US Web pages accessed from Europe
so that other users do not have to go back across the
ocean to get them. Bradner said that, though the
link is free in our direction, some ISP's here cache
frequently accessed pages for their users
as well. Dalzell imagined a "Sexy European
Girls" page based in Luxemburg. "This is why this is important
to our consideration....whoever created the page in
Luxemburg may not be thinking about complying with the
CDA. But that caching server in the US domesticates the
material...Could Mr. Coppolino [the senior DOJ attorney]
and his troops find that caching server to prosecute it?"

A: "There's no way to tell if an HTML file was cached on
its way to you."

Dalzell: "You can't require a Luxemburg IP to tag files
according to US law."

Judge Buckwalter offered the analogy of a bar, not allowed
to serve people under 21. Bradner said that the problem as
he understands it is that the CDA requires the liquor distiller
to see that people under 21 don't buy liquor in the bar.

Baron asked whether the browser marketplace couldn't easily
adapt to a rating system adopted as a Net standard. Bradner
said it could even accomodate several.

The remarkable Judge Dalzell interjected, "But the Web came
out of CERN, not a standards body...doesn't a governing standards
body exclude new technology like the Web?"

Bradner readily agreed. "There are other holes in the
Net we don't know about. There are other needs we don't
know we have." Standards, he agreed, can strangle innovation.

Dalzell: "Exponential growth of the Net occurred because
government kept their hands out of it."

And there's the moral of the story. Day two ended on this
incredible high note. Day three, April 1, begins with
Net wizard-scribe Howard Rheingold testifying for
ACLU--hopefully not wearing his starry costume.

-----------------------------
Jonathan Wallace
The Ethical Spectacle
http://www.spectacle.org
ACLU v. Reno plaintiff
http://www.spectacle.org/cda/cdamn.html
Co-author, Sex, Laws and Cyberspace
(Henry Holt, 1996)
http://www.spectacle.org/freespch/

------------------------------

Date: Wed, 6 Mar 1996 16:22:12 -0600
From: [email protected](Computer underground Digest)
Subject: File 2-- An Off the Record Interview with FTC'S Christine Varney

((MODERATORS' NOTE: Brian McWilliams, editor of "Off the Record,"
placed the following interview on the OTR homepage at:
http://www.mediapool.com/offtherecord/varn_tra.html
We thought it would be of interest to CuD readers, so here it is).

REGULATING CYBERSPACE

Is it government's job to protect Netizens
from fraud and privacy violations?

AN OFF THE RECORD INTERVIEW WITH FTC COMMISSIONER CHRISTINE VARNEY, FEB. 22,
1996.

________________________________________

Christine, how safe is the Internet today for
consumers? How prevalent is Internet-based
fraud or deceptive advertising?

Well, I think there are a couple of different
issues. There is out-and-out fraud, there's
unsubstantiated advertising, misleading
advertising, misappropriation of personal
data including credit cards and those kinds
of data that could cause you some serious
harm. Fraud is out there. The Internet
community or the Netizens don't tolerate
fraud well and when they find it they tend to
spam it themselves which makes our job
somewhat easier. But, it's out there, when we
find it we prosecute it.

We've had a couple of successful prosecutions
for fraud on the Net: for fraudulent credit
repairs schemes, fraudulent dietary
supplements, fraudulent health products, and
we've gone after them. We have not yet
brought a case on any kind of bulk
advertising. One of the concerns that we have
is when you go into a chat room or into
various places on a web site, you don't
always know whether or not you're talking to
an advertiser or whether or not you're
talking to an individual who has a good
experience with a product. That is something
we are concerned about. But, the
advertisements that companies at verifiable
businesses put up are for the most part
meeting our current guidelines in
substantiation and truth in advertising. We
haven't had a lot of problem there. We've had
more of a problem with deception as I said
earlier. When you enter a chat room and
somebody is telling you that this wonderful
tree bark in Mexico will cure any kind of
fatal cancer, and the person that is making
these claims is in fact the owner of the tree
bark, and the owner of airplane that takes
you there, and the owner of the place you
have to stay while you are there, and you
don't know that. That's out-and-out
deception. That's something we're interested
in.

The Net is still in many regards the wild,
wild west. But, the culture of the Net is
something that is very supportive of the work
that we're trying to do. And, that is, to get
consumers accurate information upon which to
make decisions.

Do you think users of the Net can take care
of problems like fraud and deceptive
advertising without help from the
government?

Well, there's a difference between
legislation, regulation, and self-regulation.
And, I think what we sense is that much of
the Net -- both the people that are selling
products on-line, selling services on-line,
selling the on-line services themselves --
what that group of people seems to be
interested in is self-regulating and
developing their own standards.

Our long-term experience here are the Federal
Trade Commission (FTC) over the fifty years
we've been in existence, is that industry
self-regulation works very well so long as it
is backed up by pretty good government
enforcement. So, if industries set standards
on what is deceptive on the Net and they know
that occasionally when there's a serious
deception the government will come in and
prosecute it, they're generally fairly happy
with that so long as they're setting the
standard in the first place in a dialogue
with consumers and government and industry.
That's what I hope we're going to do here.

I think it's far too early to think about
regulating the Net. Its an emerging
technology in many ways. We don't know where
it's going to go, and I'm afraid that a
regulatory overlay will impede the innovation
and growth that've we seen there. And, until
we got a better sense of where the problems
are and what's appropriate, government
intervention ... the government ought to sit
real tight and see ... industry best
practices.

Do you worry at all that consumer fears that
companies are snooping on them might hurt
on-line commerce, in the same way that
consumer fears of hackers are holding back
on-line transactions to some extent?

Well, I kind of view it differently. I think
that consumers are not aware enough of the
potential to aggregate, disseminate data
about their preferences and their interests.
What they need to become more aware, and I
think that is part of the government's job,
is to educate citizens and consumers. That
when you go on-line, you're in an entirely
different realm concerning data aggregation
and data collection. And, I think that the
government has a big job in front of it, in
terms of educating consumers about what kinds
of information can be collected about them by
corporations.

You know, in the United States I think you're
going to see somewhat of a culture shift. In
our country, historically, we've always been
worried about the government collecting data
on us. The privacy issues have always run
sort of protecting the individual from
government intrusion, and people I don't
think have thought a lot about the ability of
corporations or businesses to now collect
data about them. And that ability is just
going to be exponentially expanded beyond
anybody's current imagination. And, I don't
think that American consumers are quite ready
for that, and haven't really figured out
where they want to go with that and where
they think the companies ought to be allowed
to go with that kind of information.

I can give an example. Suppose you're a
person that uses one credit card quite a bit,
and you use your credit card to send flowers
to your spouse on their birthday, and you use
your credit card to buy your airplane
tickets. One day you're sitting on a plane,
which now has all these GTE phones, and the
phone in front of you rings ... and, you're
sitting on a plane and the phone in front of
you rings. It's your local florist, who says,
"You know every year on this day you send
flowers to so and so and you use this card.
Would you like me to do it again?" Now, there
are two completely different reactions a
consumer can have. One, consumer can say,
"Oh, wonderful! My spouse would have killed
me if I'd forgotten today was our
anniversary." Another could be totally
outraged that somebody had that ability to
not only know what their preferences were but
then to track them down and find them.

So, the answer for me is consumer education
and consent. I think it's a marvelous
technology and it enhances the consumers
ability. It enhances consumer choice, it just
so enhances our ability to complete
transactions and to make the kinds of choices
like we all want to make. But, it involves a
certain level of consumer obligation to
educate themself to make affirmative choices.

What kinds of information is being gathered
on-line now? Do you have a sense of that and
what industry is doing with it?

Well, I think it's an interesting question.
For the most part, now, if you're not going
through an on-line service, if you're going
through a PSI or a UUNET ... certainly, the
technology exists for when you visit
somewhere, the web site that you visit can
capture whatever information you have about
you have up there. If you're using your real
name then get your real name. If you're using
a code name they've got the code name ...
they can capture that. What kind of uses are
they putting with it? I'm not, you know,
there have been some things we've looked at.
There have been some potential abuses where
we have talked to companies and they've
stopped a practice. But, its very, very
nominal. We're right on the cuff but it's not
there.

It appears that protecting consumer privacy
is only going to get more difficult given
that companies really haven't tapped some of
the potential technology for observing
consumers' habits such as tracking their
click screens and that sort of thing.

Yes. I think the technology is emerging that
can do that and I think that's incredibly
dangerous. You know, when Judge Bork was
nominated for the Supreme Court, somebody
walked in with a list of videos he had
rented. Well, I think the technology is
emerging that is going to allow you to bring
in the list of not only the videos that
somebody purchased, but the videos that they
looked at and thought about purchasing. When
you go into a bookstore right now, you buy a
book. If you buy it by credit card or use a
frequent shopper card, there's a record of
that transaction. What use they put that
record to is you know different by store,
different by card company, etc. There's is no
record of what you looked at and didn't
decide to buy.

On the web, there's the ability to do that
and should consumers be informed that can be
done. I think so. Should they have to consent
to that information being used and marketed?
Probably. Again, we're emerging, I'm not sure
that there needs to be a government solution.
I'm not sure that there isn't a technological
solution. Perhaps consumers can get software
that builds in the ability to block out
anything other than transactions ... To me
the most exciting thing about the Net is the
problem that confront us, I think are so
solvable on both the technology and the
instantaneous nature of the communication.
That you can spam fraudsters and you can
create technology that allows you to protect
your own privacy.

What do you think about efforts to make it
illegal to send out unsolicited commercial
e-mail? Basically, the idea there is that
spam is like postage due marketing.

The issues that confront law enforcement and
other mediums (telephone, faxing, newspapers,
broadcast), are obviously similar on the Net.
But because of the technological state of the
Net they're not identical. For example, you
mentioned the postage due idea. Well, we
haven't looked particularly at a postage due
analogy, but we've certainly looked at the
fact that consumers are incurring costs when
they get unsolicited e-mail. Whether its
general advertising, target marketing or
whatever it is. Is that unfair? We're
definitely looking at that.

We don't think that we have a rule on the
books that is necessarily directly
applicable, and what we tried to do in the
telemarketing world was say, "well, maybe we
should make telemarketing more applicable to
deceptive practices on the Net." And, we
found that we really couldn't do that because
what the telemarketing world requires is that
telemarketers get written authorization for
debiting accounts. Now, can you do that on
the Net? Do you want to do that on the Net?
Well, when we get to point where you can
safely and securely use your credit card over
the Net to order something, do you want to
have to wait until they send you a bank's
snail mail form that you can sign and mail
back? So, you know there is a lot of issues
working out there.

Sure, and complicating everything is the fact
that the Net is international. You have no
way of stopping spammers overseas, do you?

No, we don't. We spend a lot of time talking
to our European colleagues and listening to
businesses concerned about the European
directive on privacy. And you know, we work
bilaterally if we thought, we have not had
this occasion, that there was a fraud being
perpetrated by a citizen of another country,
domiciled in another country. We would go to
that other country -- assuming we had a
bilateral relationship with that country --
presumably, somewhere over in western Europe,
and see if they would prosecute it under
local law. The jurisdictional issues are just
enormous when you're on the Internet. I think
that they'll be solved in the long run by
harmonization of national laws, if we all
have more or less the same standards. And
then, I think what you'll see is more or less
after you get to a point where you've got a
harmonizational law. You'll get a lot of
positive comity which means that if its
illegal here--its probably illegal in
England. And, if we send the English
authorities evidence that there is an act
occurring on their soil that is being
broadcast here or on our Net here. Under
positive comity principles either they would
prosecute or they might allow us prosecute
there. I mean, there is a whole, you know
series of law that's developing ... it's not
only the Net ... as all commerce becomes
global.

Transcribed by The Printed Page at
http://www.nitco.com/users/schumm/schumm.html
From: Off The Record: http://www.mediapool.com/offtherecord/varn_tra.html

------------------------------

Date: Thu, 21 Mar 1996 22:51:01 CST
From: CuD Moderators <[email protected]>
Subject: File 3--Cu Digest Header Info (unchanged since 24 Mar, 1996)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: [email protected]

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to [email protected]
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown)
Brussels: STRATOMIC BBS +32-2-5383119 2:291/[email protected]
In ITALY: ZERO! BBS: +39-11-6507540
In LUXEMBOURG: ComNet BBS: +352-466893

UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #8.24
************************************