Computer underground Digest Mon Mar 25, 1996 Volume 8 : Issue 24 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #8.24 (Mon, Mar 25, 1996) File 1--CDA hearing--day 2 File 2-- An Off the Record Interview with FTC'S Christine Varney File 3--Cu Digest Header Info (unchanged since 24 Mar, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- From: jblumen@INTERRAMP.COM Date: Sun, 24 Mar 96 10:52:02 PST Subject: File 1--CDA hearing--day 2 ((MODERATORS' NOTE: Donna Hoffman adds this to Day 2's commentary: In Jonathan Wallace's account of "CDA hearing--day 2" there is an error: The number of unique URLs indexed on altavista as of Thursday, March 21 was 22 million, not 12 million and the number of words is now 11 billion. Great accounting of the day's events! ================== *ACLU V. RENO REPORT* Day Two Ceremonial Courtroom, U.S. Courthouse, Philadelphia, March 22, 1996-- The day began with Professor Donna Hoffman of Vanderbilt being sworn in as an expert witness for the ACLU. DOJ lawyer Jay Baron objected and asked for "voir dire"--the right to question the witness about her credentials. Baron wasn't really trying to prevent Hoffman from testifying; he just wanted the judges to know she is not a pornography expert. Hoffman doesn't pretend to be; she is the leading authority on commercialization of the Net, and is well-known for her lead role in debunking the Marty Rimm study last summer. Hoffman proved to be a fascinating witness, educating the judges on the way people use the World Wide Web, and on what the CDA will do to those usage patterns. The judges acknowledged that Hoffman was present as an expert on the Web, not on porn, and the cross-examination, also conducted by Baron, began. Q: "You've invented a few terms, haven't you?" A: "Yes." "Not acronyms, I hope," said Judge Dalzell. Whereupon Hoffman began describing "CME"--computer mediated environments. Key to Hoffman's testimony was the concept of "flow"--the pleasurable experience of wandering around the Web, jumping from link to link in a nonlinear fashion. Hoffman compared this to the high experienced by a runner or a rock climber immersed in the details and pleasures of the sport. Responding to a question from Judge Dalzell as to whether "user navigation" and "surfing" were synonymous, Hoffman defined a second type of navigation: goal directed, where the user is searching in an organized way for particular information and is much less likely to experience the pleasures of "flow." The judges seemed quite infatuated by "flow", joking with the witness and the attorneys about the idea of people getting high on the Web. The significance of "flow" to the case against the CDA: the point was hammered home that any scheme requiring Web page providers to register users before they can view pages would irrevocably destroy the experience of the Web. Much of the day's testimony was intended to establish to the judges that schemes allowing information providers to pre-screen users are completely impractical and destructive of the fragile beauty of the Web. Baron asked whether children under 18 surf. A: "Yes." Q: "But you know next to nothing about the behavior of children on the Net?" A: "Correct." Baron asked about the CMU "Homenet" study, a five year study of household Net use, which has shown that "teens lead the family". Professor Hoffman acknowledged that she uses the study as background to her work, but that you cannot generalize its conclusions, which are based on a sample of only 48 families in an urban area. This was an example of Donna Hoffman's strengths. In an arena--the CDA debate--that has been characterized by so much hype and rhetoric, she was a cool, collected scientist, presenting and critiquing data, always able to cite her sources. She really knew what she was talking about, and I think the judges saw that. Baron now honed in for the first attempted Perry Mason trick of the trial. Q: "The Net is unique, different than other media? Its a 24 hour, 7 day medium, right?" A: "Yes." Q: "Do children under 18 surf?" A: "Yes." Q: "Is Altavista a popular search engine?" A: "Yes." Q: [Reading from Hoffman's deposition transcript] "Individuals must seek out the information they wish. Information doesn't suddenly appear, surprising them." Baron then described a hypothetical situation: Your child has been assigned a report on the book "Little Women" and wants to surf the Web for a copy or for information on the book. Hoffman, refusing to take the bait, said that a child who was competent in using the Web would search on "Alcott" and "Little Women" as keywords. Baron handed her a government exhibit--the results of an Infoseek search--and asked her to read the fifth item. "You want me to read this?" Hoffman asked. Her professionalism and sarcasm were both evident at that moment. "See hot pictures of naked women," she read. (DOJ attorneys, like state prosecutors in speech related cases, delight in making the other side's witnesses read controversial material. A notorious example was the Amateur Action BBS case where Memphis federal prosecutor Dan Newsom made defendant Carleen Thomas read scores of descriptions her husband had written of pornographic GIF files. She had nothing to do with them, had never read seen some of them before, but the jury, which later convicted her, got to hear her using foul language.) Hoffman bounced right back, pointing out that it was evident from the print-out that the search criteria were Little *or* Women and that the search had produced all files with either word in the title. The implication was that an experienced user would not conduct a search for Louisa May Alcott this way. Baron now asked her to define "hits" and Hoffman explained that hits--HTML file accesses--are almost useless as a way of measuring the use of the World Wide Web, as there is no way to correlate hits to the number of people accessing a page. For example, ten hits result from the user loading one page with nine graphics inserted into it. She described "unique domains" as a better measure, but pointed out the "AOL problem"--thousands of AOL vistors to your page result in your Web server counting one unique domain. She concluded that unique domains are the "lower bound" of people measurement on the Web (there cannot be fewer users than domains) and hits are the upper bound (there cannot be more users than there are HTML file accesses). The judges wanted to come back to Louisa May Alcott. Chief Judge Sloviter asked, "You would have searched on Alcott?" A: "I would have known that 'Little Women' would produce more URL's than I was interested in." Q: "A child might not know." A: "I would have been there guiding her." Prompted by Baron, Hoffman now described bots and spiders, and the ways in which search engines automatically scan Web pages and index them. An interesting statistic: Altavista's database contains twelve million unique URL's--"our best guess as to the universe of information on the Web." Altavista's catalog of URL's has grown by one million in one month. Judge Sloviter: "Its been cold out, and people didn't have anything else to do..." Hoffman next testified as to the difference between search engines, which tend to compile their information indiscriminately via spiders and bots, and directories such as Yahoo where a human being evaluates each site before adding it. After a detour to explain to the judges what HTML forms are, Hoffman examined a government exhibit pertaining to a Web site called Open Market, an online directory where businesses fill out a form to register their own commercial Web sites. Open Market has 22,000 sites listed--and a search of its database found 23 items keyworded "porn". Q: "Do you agree its in the interest of the marketplace to adopt parental controls?" A: "Yes, I do." Baron showed her a screen shot from an adult Web site, Cybersex City, which requires credit card registration before indecent pictures can be viewed. The site contained a notice that the CDA had caused it to remove certain materials from the public part of its pages, but that the "inner sanctum" remained unchanged. Q: "Any idea what was there before?" A: "No." Q: "Could it have been porn?" ACLU attorney Chris Hansen called out, "Objection!" and the judges sustained him--the question was improper because Hoffman had already said she didn't know. In a trial remarkably free of the usual Perry Mason posturing and byplay, this was only the second or third objection, and the first one sustained. Baron next showed the professor a screen shot from Bianca's Smut Shack. Last summer, while writing Sex, Laws and Cyberspace, I went looking for the kind of material in cyberspace which would fall afoul of the CDA, and I found Bianca's pages. At the time, I thought that the Smut Shack was a prime example of the kind of controversial language that the First Amendment was intended to protect. Obviously, the Bill of Rights means nothing if it only protects the speech of which we approve. Bianca's pages are a volatile combination of politics, defiance and sexually explicit speech-- clearly immune from government interference if printed on paper rather than in cyberspace. It was interesting to see Bianca turn up as a subject of inquiry in the courtroom. Baron was mainly interested in Bianca because of a warning she has posted on her top page. She lists a series of solutions that parents can use if they do not wish minors to access her site: use a program like Surfwatch to block her; email her your domain name, and she will block your account from her site. Q. "Do you concede that removal of photos from the 'Cybersex City' site mentioned above doesn't have a profound adverse effect on the future growth of the Net?" A: "On that particular site, that's correct." Q. "And the posting of the warning on Bianca's Smut Shack, you concede that doesn't have a profound adverse effect on the future growth of the Net?" A: "Not on that particular site." ACLU attorneys privately commented at lunch that day that the government hasn't really been forced to commit to a particular argument or defense yet. Baron clearly seemed to be trying to show that the CDA is harmless because there are so many easy ways to comply with it. Of course, since the law doesn't contain any specific "safe harbor" (unlike the cable, broadcast and phone indecency laws which carefully describe measures like taking credit cards or broadcasting indecency after ten p.m.), this ought not to be a persuasive argument. Q: "Is it correct that the alt.binaries newsgroup contains pornographic images?" Hansen correctly objected that the word "pornographhic" has no legal meaning (the laws deal with "obscenity" and "indecency", not "pornography") but Hoffman resolved the problem by responding that alt.binaries contains "explicit sexual images." Q: "Do porno BBS's advertise on Usenet?" Hoffman conceded that some images on Usenet carry the phone numbers of pornographic BBS's like Amateur Action and are possibly placed there by the BBS sysops as advertisements. Baron asked Hoffman about a statement in her affidavit that pornography as a percentage of total information on the net is decreasing. She replied that she thinks the amount of porn on the Net is a constant, while the total universe of information there is increasing exponentially. Adopting the Altavista numbers, Baron did a quick calculation suggesting that if 1% of cyberspace is smut, there are 120,000 smutty URL's on the Web. Hoffman replied that the number of web servers is doubling every month and a half, the total number of servers of all types on the Internet is doubling annually, and the amount of porn is staying the same. After a break, the ACLU's Hansen conducted some "redirect" examination, trying to relate the problem of monitoring Web users by age to the statistics--hits and unique domains-- monitored by Web servers. Hoffman agreed that existing server software is almost useless for this purpose, as neither hits nor unique domains "map" to actual individual people whose age can be determined. The judges struggled to understand what some of the attorneys in the courtroom themselves did not: on a Web site like mine with 390 files, there is no set path through the material, nor any single "back door"--every file is a separate URL that can be accessed from anywhere else on the Web. Q: "The number of times you would have to check that someone is 18 or over would be roughly determined by the number of hits?" A: "Yes." Hansen brought Professor Hoffman back to the Bianca screen shot and asked her to read the third item in Bianca's warning. Baron had skipped over Bianca's statement that she "heartily supports" rating systems such as PICS. Q: "Does this imply any way a content provider can determine who is 18?" A: "No, there is no way to do that." Judge Buckwalter was intrigued by Hoffman's reference to the Net as a "democratic" form of communication. A: "the Internet....is truly a revolution in the sense that users can provide content to the medium. My site is just as likely to be visited as Time Warner...there are no barriers, no gateways." Q: "There is a Big Brother....if not the government, than the people who create the directories." A: "I don't agree." Q: "Don't discussion forums have someone who steers?" A: "Not in unmoderated lists such as Usenet." Q: "I was surfing magazines...." Judge Dalzell interjected: "Printed on something called 'paper'...." Q: "...and I saw the James Fallows article in the Atlantic magazine which says most popular lists are mediated... gatekeepers are becoming more important." The comment at lunch was that the fallows article, which I have not read, was a typical journalistic "fantasy". A: "Gatekeepers are important, but are not Big Brother... the Net is very organic." Chief Judge Sloviter: "What does organic mean?" A: "The Net evolves naturally....it is open and democratic, with access for all." Dalzell: "Do you really believe that the Net is the most important communications innovation since the printing press? Isn't that an extravagant statement?" A: "The many to many nature of the Internet allows users to contribute information in a way never before possible." Q: "You said in your affidavit that there will be a negative effect on commercialization of the Net because many businesses will exit or may never enter. How do you know?" A: "Becuase they've told me....I've had conversations with providers who are exiting, who have removed materials, women who were considering online businesses from home who were very concerned by the legal issues which are now too complicatd." Dalzell brought Hoffman back to the issue of "flow" and elicited that "you can't move seamlessly through cyberspace if you have to register at every site." Judge Sloviter: "Its a high when you jump from link to link as we judges might get a high from going into the library?" Baron popped up and wanted to know if any of the women who were deterred from doing business on the Net were smut peddlers. No, said Hoffman, they were considering Tshirt or poster businesses, among others. Hansen pursued the library analogy one step further and Hoffman said, " We would have to register every book on every shelf of every library." And that was it. Professor Donna Hoffman watched the rest of the day's proceedings from the first row ("can I go back to my regular life now?" she asked the ACLU attorneys). Her testimony was professional, incisive, clear and always supported by scientific sources she could readily cite when asked. I think the judges found her impressive. Next up was a Mr. Croneberger from the Carnegie Library in Pittsburgh, called by plaintiff American Library Association. Carnegie has an online card catalog with 2 million entries, many containing references to sex or the seven dirty words. Croneberger had said in his affidavit that he would need 180 extra employees to cleanse the card catalog to comply with the CDA. Pat Rosado of DOJ asked if it would be possible to do a keyword search of the catalog for the dirty words, rather than reviewing all entries manually. Rosado seems to be reserved by DOJ for the "pit bull" role, as she had shown during her cross of sex education expert Staton on day 1. Q: "A keyword search on sex wouldn't turn up books on Abe Lincoln?" A: "It might. I have seen entries on works speculating about lincoln's sex life or lack thereof." Q: "What about books on geology?" A: "Only if you couple 'rock' with 'roll'." Q: "A search on sex or the seven dirty words would turn up less than all 2 million titles in your catalog?" A: "Yes." Rosado elicited that the library carries electronic text of Playboy articles but no images. Croneberger said he would carry the images if the provider included them--but acknowledged he does not carry the paper magazine itself in the library. Q: "You exercise some discretion as to what becomes part of the collection?" A: "Yes." Q: "The criteria include community standards....?" A: "Yes, but that isn't and cannot be the only criterion-- I have an image of a public library as a place that has material that offends everyone--that's our job." Dalzell: "You said in your affidavit that one third of card holders are minors. Do you have any restrictions based on age?" A: "No. Some libraries have different cards for minors; we and many others do not. " Croneberger observed that segregating material on the shelves stigmatizes adults who may want simple material. He said it is the parent's role, not the library's, to determine what children may read. Q: "Do you have to worry about the standards of any communities other than Pittsburgh?" A: "Our electronic material is now available around the world." Buckwalter asked whether a system could be devised to shield minors from indecent material IF money were no object and IF the requirements of the CDA were specific enough to be comprehensible. A: "It could be done, but would contradict the mission..." Q: "I agree with you, but..." Judge Sloviter: "Well, you don't necessarily mean you agree with him." Judge Sloviter then asked Croneberger to contrast two movies on alcoholism, The Lost Weekend and Leaving Las Vegas--would a CDA-type regulation of content pertaining to alcoholism make him remove both from the library? Could he leave the first movie and remove only the second, because it "crosses the line"? A: "The librarian in me doesn't want that line to exist. If librarians must make those decisions for other people's children, we will fail miserably." Q: "If you had to use Surfwatch, would that exclude Shakespeare?" A: "And the Bible, and on and on." Q: "Do you approve of net blockers [like Surfwatch]?" A: "Yes--I would like the library be able to give them away to parents." After lunch, Mr. Bradner, the Harvard systems guy and Internet Engineering Task Force member who had testified in the morning of Day 1, resumed the stand. During a break, a reporter for a national paper commented that she found Bradner a bit arrogant and feared the judges might too. I liked him a lot and didn't find his self-confidence or occasional sarcasm a negative--but he definitely had that air of "I am a professional; do not try this at home." His role today, following in Professor Hoffman's footsteps, was to explain to the court the impossibility of making information providers responsible for knowing the age of users, especially on the Web. "As an IP, I have no ability to go and examine what browsers my users are using." Nor can he ensure that users enter his site by way of a particular page, as the tens of thousand of pages there each has its own URL. "I would have to screen once for every hit." He was asked Judge Buckwalter's question about whether screening all users is technically possible. A: "Probably....but we'd have to have a method whereby all [users] would have to provide some form of identification [which couldn't be] easily forged.... I would have fun with it if it were a cost-plus contract." Baron elicited from him that each page on his site could have its own rating embedded as an HTML tag. Judge Dalzell became interested in caching. Bradner testified that because European companies pay from the transatlantic Net link to the US (it is free to us) powerful servers cache US Web pages accessed from Europe so that other users do not have to go back across the ocean to get them. Bradner said that, though the link is free in our direction, some ISP's here cache frequently accessed pages for their users as well. Dalzell imagined a "Sexy European Girls" page based in Luxemburg. "This is why this is important to our consideration....whoever created the page in Luxemburg may not be thinking about complying with the CDA. But that caching server in the US domesticates the material...Could Mr. Coppolino [the senior DOJ attorney] and his troops find that caching server to prosecute it?" A: "There's no way to tell if an HTML file was cached on its way to you." Dalzell: "You can't require a Luxemburg IP to tag files according to US law." Judge Buckwalter offered the analogy of a bar, not allowed to serve people under 21. Bradner said that the problem as he understands it is that the CDA requires the liquor distiller to see that people under 21 don't buy liquor in the bar. Baron asked whether the browser marketplace couldn't easily adapt to a rating system adopted as a Net standard. Bradner said it could even accomodate several. The remarkable Judge Dalzell interjected, "But the Web came out of CERN, not a standards body...doesn't a governing standards body exclude new technology like the Web?" Bradner readily agreed. "There are other holes in the Net we don't know about. There are other needs we don't know we have." Standards, he agreed, can strangle innovation. Dalzell: "Exponential growth of the Net occurred because government kept their hands out of it." And there's the moral of the story. Day two ended on this incredible high note. Day three, April 1, begins with Net wizard-scribe Howard Rheingold testifying for ACLU--hopefully not wearing his starry costume. ----------------------------- Jonathan Wallace The Ethical Spectacle http://www.spectacle.org ACLU v. Reno plaintiff http://www.spectacle.org/cda/cdamn.html Co-author, Sex, Laws and Cyberspace (Henry Holt, 1996) http://www.spectacle.org/freespch/ ------------------------------ Date: Wed, 6 Mar 1996 16:22:12 -0600 From: cudigest@SUN.SOCI.NIU.EDU(Computer underground Digest) Subject: File 2-- An Off the Record Interview with FTC'S Christine Varney ((MODERATORS' NOTE: Brian McWilliams, editor of "Off the Record," placed the following interview on the OTR homepage at: http://www.mediapool.com/offtherecord/varn_tra.html We thought it would be of interest to CuD readers, so here it is). REGULATING CYBERSPACE Is it government's job to protect Netizens from fraud and privacy violations? AN OFF THE RECORD INTERVIEW WITH FTC COMMISSIONER CHRISTINE VARNEY, FEB. 22, 1996. ________________________________________ Christine, how safe is the Internet today for consumers? How prevalent is Internet-based fraud or deceptive advertising? Well, I think there are a couple of different issues. There is out-and-out fraud, there's unsubstantiated advertising, misleading advertising, misappropriation of personal data including credit cards and those kinds of data that could cause you some serious harm. Fraud is out there. The Internet community or the Netizens don't tolerate fraud well and when they find it they tend to spam it themselves which makes our job somewhat easier. But, it's out there, when we find it we prosecute it. We've had a couple of successful prosecutions for fraud on the Net: for fraudulent credit repairs schemes, fraudulent dietary supplements, fraudulent health products, and we've gone after them. We have not yet brought a case on any kind of bulk advertising. One of the concerns that we have is when you go into a chat room or into various places on a web site, you don't always know whether or not you're talking to an advertiser or whether or not you're talking to an individual who has a good experience with a product. That is something we are concerned about. But, the advertisements that companies at verifiable businesses put up are for the most part meeting our current guidelines in substantiation and truth in advertising. We haven't had a lot of problem there. We've had more of a problem with deception as I said earlier. When you enter a chat room and somebody is telling you that this wonderful tree bark in Mexico will cure any kind of fatal cancer, and the person that is making these claims is in fact the owner of the tree bark, and the owner of airplane that takes you there, and the owner of the place you have to stay while you are there, and you don't know that. That's out-and-out deception. That's something we're interested in. The Net is still in many regards the wild, wild west. But, the culture of the Net is something that is very supportive of the work that we're trying to do. And, that is, to get consumers accurate information upon which to make decisions. Do you think users of the Net can take care of problems like fraud and deceptive advertising without help from the government? Well, there's a difference between legislation, regulation, and self-regulation. And, I think what we sense is that much of the Net -- both the people that are selling products on-line, selling services on-line, selling the on-line services themselves -- what that group of people seems to be interested in is self-regulating and developing their own standards. Our long-term experience here are the Federal Trade Commission (FTC) over the fifty years we've been in existence, is that industry self-regulation works very well so long as it is backed up by pretty good government enforcement. So, if industries set standards on what is deceptive on the Net and they know that occasionally when there's a serious deception the government will come in and prosecute it, they're generally fairly happy with that so long as they're setting the standard in the first place in a dialogue with consumers and government and industry. That's what I hope we're going to do here. I think it's far too early to think about regulating the Net. Its an emerging technology in many ways. We don't know where it's going to go, and I'm afraid that a regulatory overlay will impede the innovation and growth that've we seen there. And, until we got a better sense of where the problems are and what's appropriate, government intervention ... the government ought to sit real tight and see ... industry best practices. Do you worry at all that consumer fears that companies are snooping on them might hurt on-line commerce, in the same way that consumer fears of hackers are holding back on-line transactions to some extent? Well, I kind of view it differently. I think that consumers are not aware enough of the potential to aggregate, disseminate data about their preferences and their interests. What they need to become more aware, and I think that is part of the government's job, is to educate citizens and consumers. That when you go on-line, you're in an entirely different realm concerning data aggregation and data collection. And, I think that the government has a big job in front of it, in terms of educating consumers about what kinds of information can be collected about them by corporations. You know, in the United States I think you're going to see somewhat of a culture shift. In our country, historically, we've always been worried about the government collecting data on us. The privacy issues have always run sort of protecting the individual from government intrusion, and people I don't think have thought a lot about the ability of corporations or businesses to now collect data about them. And that ability is just going to be exponentially expanded beyond anybody's current imagination. And, I don't think that American consumers are quite ready for that, and haven't really figured out where they want to go with that and where they think the companies ought to be allowed to go with that kind of information. I can give an example. Suppose you're a person that uses one credit card quite a bit, and you use your credit card to send flowers to your spouse on their birthday, and you use your credit card to buy your airplane tickets. One day you're sitting on a plane, which now has all these GTE phones, and the phone in front of you rings ... and, you're sitting on a plane and the phone in front of you rings. It's your local florist, who says, "You know every year on this day you send flowers to so and so and you use this card. Would you like me to do it again?" Now, there are two completely different reactions a consumer can have. One, consumer can say, "Oh, wonderful! My spouse would have killed me if I'd forgotten today was our anniversary." Another could be totally outraged that somebody had that ability to not only know what their preferences were but then to track them down and find them. So, the answer for me is consumer education and consent. I think it's a marvelous technology and it enhances the consumers ability. It enhances consumer choice, it just so enhances our ability to complete transactions and to make the kinds of choices like we all want to make. But, it involves a certain level of consumer obligation to educate themself to make affirmative choices. What kinds of information is being gathered on-line now? Do you have a sense of that and what industry is doing with it? Well, I think it's an interesting question. For the most part, now, if you're not going through an on-line service, if you're going through a PSI or a UUNET ... certainly, the technology exists for when you visit somewhere, the web site that you visit can capture whatever information you have about you have up there. If you're using your real name then get your real name. If you're using a code name they've got the code name ... they can capture that. What kind of uses are they putting with it? I'm not, you know, there have been some things we've looked at. There have been some potential abuses where we have talked to companies and they've stopped a practice. But, its very, very nominal. We're right on the cuff but it's not there. It appears that protecting consumer privacy is only going to get more difficult given that companies really haven't tapped some of the potential technology for observing consumers' habits such as tracking their click screens and that sort of thing. Yes. I think the technology is emerging that can do that and I think that's incredibly dangerous. You know, when Judge Bork was nominated for the Supreme Court, somebody walked in with a list of videos he had rented. Well, I think the technology is emerging that is going to allow you to bring in the list of not only the videos that somebody purchased, but the videos that they looked at and thought about purchasing. When you go into a bookstore right now, you buy a book. If you buy it by credit card or use a frequent shopper card, there's a record of that transaction. What use they put that record to is you know different by store, different by card company, etc. There's is no record of what you looked at and didn't decide to buy. On the web, there's the ability to do that and should consumers be informed that can be done. I think so. Should they have to consent to that information being used and marketed? Probably. Again, we're emerging, I'm not sure that there needs to be a government solution. I'm not sure that there isn't a technological solution. Perhaps consumers can get software that builds in the ability to block out anything other than transactions ... To me the most exciting thing about the Net is the problem that confront us, I think are so solvable on both the technology and the instantaneous nature of the communication. That you can spam fraudsters and you can create technology that allows you to protect your own privacy. What do you think about efforts to make it illegal to send out unsolicited commercial e-mail? Basically, the idea there is that spam is like postage due marketing. The issues that confront law enforcement and other mediums (telephone, faxing, newspapers, broadcast), are obviously similar on the Net. But because of the technological state of the Net they're not identical. For example, you mentioned the postage due idea. Well, we haven't looked particularly at a postage due analogy, but we've certainly looked at the fact that consumers are incurring costs when they get unsolicited e-mail. Whether its general advertising, target marketing or whatever it is. Is that unfair? We're definitely looking at that. We don't think that we have a rule on the books that is necessarily directly applicable, and what we tried to do in the telemarketing world was say, "well, maybe we should make telemarketing more applicable to deceptive practices on the Net." And, we found that we really couldn't do that because what the telemarketing world requires is that telemarketers get written authorization for debiting accounts. Now, can you do that on the Net? Do you want to do that on the Net? Well, when we get to point where you can safely and securely use your credit card over the Net to order something, do you want to have to wait until they send you a bank's snail mail form that you can sign and mail back? So, you know there is a lot of issues working out there. Sure, and complicating everything is the fact that the Net is international. You have no way of stopping spammers overseas, do you? No, we don't. We spend a lot of time talking to our European colleagues and listening to businesses concerned about the European directive on privacy. And you know, we work bilaterally if we thought, we have not had this occasion, that there was a fraud being perpetrated by a citizen of another country, domiciled in another country. We would go to that other country -- assuming we had a bilateral relationship with that country -- presumably, somewhere over in western Europe, and see if they would prosecute it under local law. The jurisdictional issues are just enormous when you're on the Internet. I think that they'll be solved in the long run by harmonization of national laws, if we all have more or less the same standards. And then, I think what you'll see is more or less after you get to a point where you've got a harmonizational law. You'll get a lot of positive comity which means that if its illegal here--its probably illegal in England. And, if we send the English authorities evidence that there is an act occurring on their soil that is being broadcast here or on our Net here. Under positive comity principles either they would prosecute or they might allow us prosecute there. I mean, there is a whole, you know series of law that's developing ... it's not only the Net ... as all commerce becomes global. Transcribed by The Printed Page at http://www.nitco.com/users/schumm/schumm.html From: Off The Record: http://www.mediapool.com/offtherecord/varn_tra.html ------------------------------ Date: Thu, 21 Mar 1996 22:51:01 CST From: CuD Moderators Subject: File 3--Cu Digest Header Info (unchanged since 24 Mar, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #8.24 ************************************