CFP97 Conference Report

Lorrie Faith Cranor's CFP97 Conference Report

Copyright 1997 by Lorrie Faith Cranor. Permission to distribute this report electronically is granted.

Computers, Freedom and Privacy '97 was held March 11-14 at the San Francisco Hyatt Regency Hotel. The 5th CFP I've attended (there have been seven CFPs all together), I found this year's conference to be the least interesting one. That's not to say that CFP97 was not interesting or worthwhile; just less interesting and worthwhile than previous CFPs (see my previous reviews at  Admittedly, the conference was probably much more interesting to people for whom this was a first or second CFP experience.  And as usual, CFP was an excellent opportunity to exchange ideas and network with others who share similar interests.

In past years I've missed all or most of the tutorials, but this year I arrived the night before and attended two full tutorials. Both were somewhat informative, but not spectacular. 'Regulation of Internet Service Providers', presented by Alfred Mamlet and Clint Smith gave a good overview of the various regulations that apply to ISPs, touching on access charges, content regulation, privacy, and international issues, but not going into much depth.  'Personal Information & Advertising on the Net', introduced and moderated by Donna Hoffman, included an overview of Internet advertising followed by presentations by Saul Klein of Firefly Networks  ( and Tara Lemmey of Narrowline (  Klein and Lemmey both emphasized the importance of developing trusted relationships online and in protecting personal privacy.  Both of their companies have recently undergone privacy audits and have been active in the development of eTRUST (, a system for labeling Websites according to their information practices.  

The main conference program was kicked off Wednesday morning with an address by Ira Magaziner, Senior Advisor to the President for Policy Development. Magaziner discussed the recommendations made by the Information Infrastructure Task Force (IITF) in 'A Framework for Global Electronic Commerce' (available online at I won't list the recommendations here because you can read them yourself in the report or its executive summary. In general the recommendations favor approaches that promote electronic commerce through self regulation and standards adopted with little or no government involvement. Some audience members questioned the apparent conflicts between these recommendations and recent Clinton administration actions. Magaziner didn't really explain the conflicts, but when pressed said he personally would recommend vetoing future CDA-like legislation.

A panel on 'Comparative International Perspectives on Politically Controversial Speech' cataloged the policies of various governments with regards to Internet content regulations.  Most of it was stuff I've heard before (see Declan McCullagh's archive at for more information on this topic).  One interesting point: Ignatius Ding--a Chinese Democracy Activist--and Todd Lappin of Wired presented differing perspectives on the prospects for the free flow of information in Hong Kong.  Ding was optimistic that ideas would flow into China through Hong Kong, while Lappin suggested that the great firewall of China would extend around Hong Kong.

The 'Social Issues Raised by the Commercial Development of the Net' panel was actually more narrowly focussed than its title suggests.  The panelists concentrated mostly on Internet related privacy issues, especially questions of whether opt-in or opt-out policies should be used and whether regulatory or market-driven protections are needed.  Ariel Poler of I/Pro ( suggested that we should discuss consumer privacy in general rather than consumer privacy online. Jason Olim of CDNow ( explained his company's information practices as a sort of case study. I think most people were generally convinced that CDNow's practices are fair, although some attendees wanted to know why they used opt-out practices rather than opt-in practices. This in turn raised questions about whether it is fair for companies to send visitors to their Website a single email message informing them about the existence of mailing lists and inviting them to subscribe or unsubscribe. Christine Varney of the Federal Trade Commission spoke in favor of market-driven privacy protections but identified medical and financial info and children's info as areas where special protections might be needed. She also mentioned the FTC  privacy workshop scheduled for June 10-13 (see and warned self-regulatory advocates that they "better have deliverables" that show that progress has been made in this area.

The morning sessions were followed by the first of the daily box lunch/parallel-track working sessions.  I like the idea of saving money with box lunches (instead of banquet lunches), and of having some parallel sessions where there are smaller groups than in the single-track sessions. However, I found the box lunch food was pretty bad, and most of the sessions were not conducted in ways that take advantage of the smaller audience. The banquet lunches held at some of the earlier CFPs provided a better opportunity for attendees to meet each other and talk among themselves. The box lunch sessions could also provide such an opportunity if the speakers were encouraged to hold more participatory sessions.  CFP is always a very intense conference with a packed schedule. Having a more interactive -- and possibly more informal -- lunch session would provide a good break from sitting and listening to speakers all day.

I attended David Brin's lunch session on 'The Case Against Privacy'.  Brin described a future in which government-controlled video cameras are mounted everywhere. Then he described an alternate future in which citizen-controlled video cameras are mounted everywhere, and argued that the second scenario would be quite desirable. He explained the notion of reciprocal transparency, in which nobody's personal information is private. In such a system, he suggested, everyone would have dirt on everyone else, thus preventing anyone from using that information to their advantage or someone else's harm. For more information see

The afternoon sessions began with a panel on 'Governmental & Social Implications of Digital Money'.  University of Miami Law Professor Michael Froomkin argued that despite suggestions that anonymous digital money will bring the end of taxes, digital money will actually have little or no impact on taxes.  If it does have an impact, he said, it will be to raise taxes on physical goods.   See for more information. David Chaum talked about anonymous money and advocated payer but not payee anonymity.  Others argued that payee anonymity is also important.  The afternoon concluded with a session on 'International Perspectives on Cryptography'.

The dinner banquet featured an after dinner speech by Paul Saffo of the Institute for the Future.  He predicted that the big technology of the coming decade will be ubiquitous sensors (see his article at for details).

Another note on food:  the banquet dinner entrees were all somewhat creative vegetarian dishes this year. This was a pleasant change from some of the previous years when the dinners were all meat meals and the vegetarian alternative included plate after plate of steamed squash, but most of my meat-loving dining companions were not at all pleased about the menu. I think the meals at the San Francisco Marriott (where several previous CFPs were held) were overall better-suited to satisfying more people than the meals at the San Francisco Hyatt, although the Hyatt's 24-hour deli was a really nice feature.

The second day of CFP began with a panel on 'Cypherpunks & Cybercops / Rules for Cruising the Information Superhighway'.  This discussion was similar to many at CFPs past.  Phil Zimmerman made some interesting remarks in which he stated that cryptography cannot solve all our problems and that we should focus on strengthening our democracy.  

The next session was a moot court preview of the Communications Decency Act supreme court argument.  The session was interesting and timely.  However, I would rather have seen a discussion about what should be done to prevent an undesirable CDA2.  Members of Congress are already thinking about this, and I don't think the Internet activist community has come to any sort of agreement on the best approach.

An afternoon session on spamming was entertaining, but not all that enlightening. George Washington University Professor Lance Hoffman did an admirable job of playing the role of a malicious junk mailer, but the other panelists were somewhat shortsighted in their proposed responses to Hoffman's schemes. Interesting comments included a remark from Jill Lesser of AOL that at times over 50 percent of the messages on AOL's network were junk mail prior to the implementation of counter measures. EFF co-founder John Gilmore stated that junk email is a social problem, not a technical problem, and that technical solutions won't succeed.  He suggested "We need to invent the online wood stove... something to feed junk email into where it will do some good." Although the anti-spam schemes discussed by the panel did not sound promising in the long term, it may be too early to conclude that technical solutions won't succeed. More work is needed to determine the extent of the problem in the long term and to identify robust solutions that lend themselves to incremental adoption. I would be interested in hearing from people who have ideas about how to solve this problem and/or predict its future magnitude.

The second day of CFP97 concluded with a panel on Infowar, a discussion about CFP98, a banquet dinner, a speech by John Hagel (author of Net Gain), an information-gathering session on Executive Order 13010, and finally a variety of BOFs.... a somewhat overwhelming schedule, but typical for CFP.  Somewhat atypical was the lack of attendees sitting around and talking at the hotel bar until late into the night. At past CFPs the unofficial post-BOF bar sessions have been very well attended every night of the conference.  This year there seemed to be a lot of people going to bed early or leaving the hotel in the evening. I'm not sure what caused this change.

The final day of the conference began with a 'What's Hot' session moderated by Lance Hoffman. Much of this session was taken up with a mock trial in which Hoffman "sued" an ISP for sending him browser software that unexpectedly trashed his Netscape configuration files. The antics of the mock trial participants were amusing, but the trial did little to shed light on the important hot issues of the day. Deirdre Mulligan's presentation on the Platform for Privacy Preferences under development by IPWG was good, as was her discussion of health records privacy issues.  Once again (I had this complaint last year too) I was left wishing that an entire session had been devoted to discussions of health records issues. This is an area where the CFP community might be able to make some important contributions, however, many of the CFP attendees know little about this area right now.

The question about whether PICS and related technologies designed to allow people to filter Internet content -- and thus protect children without the need for government censorship -- are actually tools that promote censorship was raised several times by members of the audience. I heard it discussed in the 'Regulation of ISPs' tutorial, the 'International Perspectives' session, and elsewhere. This topic has become increasingly controversial recently, and would have made an interesting session by itself or as part of the hot topics panel. This is a question on which even Internet activists are somewhat divided, and thus could have led to some thought provoking discussion. See for pointers to articles on both sides of the issue.

Other sessions on the last day of the conference included 'The Creeping Propertization of Information', 'The 1996 Election -- Creating a New Democracy', and 'The Coming Collapse of the Net' -- none of which I attended in their entirety.  

I was quite disappointed in the lack of support for students this year at CFP. There were no student scholarships, student registration fees were not subsidised nearly as much as they had been in years past, and there was no student essay contest, student volunteer program, or student-oriented BOF. Having taken advantage of many of these programs when I was a student, I know how important they can be.  Attending CFP as a student had a major influence on my course of study in graduate school and ultimately in the direction I chose to go in my career. I hope future CFP program committees make a greater effort to involve students in this important conference.

Lorrie Faith Cranor                 
Public Policy Research, AT&T Labs-Research               908-582-7914
600 Mountain Ave., Room 2C-430A                      FAX 908-582-4113
Murray Hill, NJ 07974