Conference monitors privacy concerns

But with mom and pop going online to shop, bank, and personalize Web pages, the conversation at CFP '99 is going mainstream. Now, more than ever, regular people--not just security experts and programmers--are concerned about computer privacy.

At the ninth annual conference's kickoff, panelists feverishly pointed to evidence about international governments building widespread surveillance systems for email, phone, and wireless communication, while noting that many regimes, including the United States, refuse to lift controls on the data-security technologies based on encryption.

Although the discussions have so far been fairly tame, government officials, online industry leaders, and consumer advocates already are squaring off over what role each has in protecting Net users' privacy. Meanwhile, participants have been diligent in monitoring world developments.

On closely watched session yesterday, the "Creation of a Global Surveillance Network" focused on what many would call a privacy nightmare. Examining policies in the United Kingdom, France, Russia, and Austria, as well as the European Union, panelists discussed the trend toward unethical cooperation among governments.

The panel also focused on the EU and FBI's so-called Enfopol network, which could allegedly force telephone and Internet service providers to build "tappable" networks, according to a January report delivered to the Scientific and Technical Options Assessment Panel of the European Parliament.

Privacy advocates also harped on the Echelon network, which relies on satellites to "intercept and record" information and was created by the United States, United Kingdom, Australia, and New Zealand, according to the same report.

"We worried that this system was being tied to other systems," said Steve Wright, of the nonprofit Omega Foundation, who wrote the report.

A U.S. official on the panel said that technology can be used to increase both surveillance and privacy.

"If every phone call on the planet is being listened to, that is wrong," said Scott Charney, head of the Justice Department's Computer Crime Unit. "You have to establish the practices that govern the surveillance and have internal and external reviews."

Fears about increased surveillance come at a time when a conflict is simmering between the European Union and United States over the EU's strict privacy directive.

The directive could cut off data flows between the territories. Unlike the EU plan, the White House, for example, doesn't support the creation of a privacy authority to regulate data collection practices and to arbitrate consumer complaints.

Overall, pressure is building to more adequately balance corporate and individual interests when it comes to collecting and storing personal data, which many at CFP say is prime currency in the digital age.

"I would like to see the same efforts to protect privacy that we've seen to protect intellectual property," Barbara Simons, president of the Association for Computing Machinery, quipped during the opening plenary.

Naturally, attendees also are debating the merits of industry self-regulation plans vs. privacy laws. The White House favors voluntary policies.

"We will monitor the spread of effective self-regulation," said Paula Bruening, of the National Telecommunications and Information Administration. "We want to believe that we have mutual goals [with the EU] to avoid the interruption of data flow."

Still, some lawmakers would like to see at least one of the many data privacy bills in Congress passed.

"It is indeed not natural resources, geography, or capital that is the most precious commodity--it's information," said Rep. Bob Barr (R-Georgia).

"It will require more than legislation--it will require oversight," added Barr, who sits on the House Judiciary Committee, which has called for Net privacy hearings.

Some countries are rejecting self-regulatory models in favor of government supervision. Stephen Lau, the privacy commissioner for personal data in Hong Kong, says China is "one country with two systems" and leads an independent agency that is implementing policies based on OECD principles.

Last year his staff conducted a sample study based on the country's approximately 7,000 Web sites and found that only 6 percent were in compliance with OECD-based guidelines, such as disclosing what is done with data that is collected from consumers.

"[In Hong Kong] privacy is regarded as a basic fundamental right," he said. "[With] self-regulation, where do you go for effective sanctions unless there is an authority or law?"

Other panels this week will focus on free speech, fair use of copyrighted material, government disclosure, encryption, and human rights.