CIVILIZING CYBERSPACE:
Priority Policy Issues in a
National Information Infrastructure

Lance J. Hoffman
School of Engineering and Applied Science
Institute for Computer and Telecommunications Systems Policy
The George Washington University
Washington, D.C. 20052

Work Supported in part by Grant NCR 91-13216
from the National Science Foundation
Division of Networking and Communications Research
to The George Washington University

TABLE OF CONTENTS

PREFACE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .iv

EXECUTIVE SUMMARY. . . . . . . . . . . . . . . . . . . . . . . . . . . .vi

1 INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

2 TECHNOLOGICAL CONTEXT. . . . . . . . . . . . . . . . . . . . . . . . . 6
I. TODAY'S NETWORKS . . . . . . . . . . . . . . . . . . . . . . . 7
II. TOMORROW'S NETWORKS. . . . . . . . . . . . . . . . . . . . . . 8

3 KEY POLICY ISSUES. . . . . . . . . . . . . . . . . . . . . . . . . . . 10
I. GOVERNANCE . . . . . . . . . . . . . . . . . . . . . . . . . . 10
II. REDEFINING COMMON CARRIAGE . . . . . . . . . . . . . . . . . . 13
A. Possible levels of regulation . . . . . . . . . . . . . . 14
B. Risks to the public good under each scenario. . . . . . . 15
III. PRIVACY. . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
A. Universal computer networks will greatly reduce the costs and
technical obstacles to efficient, large-scale privacy invasion. 16
B. Strict privacy policies are needed to encourage use of these
networks. . . . . . . . . . . . . . . . . . . . . . . . 17
C. Aspects of privacy encroachment are intrusion, appropriation, and
surveillance. . . . . . . . . . . . . . . . . . . . . . 17
D. Legal and statutory protection of privacy is weak.. . . . 21
E. Regulatory authority is unclear.. . . . . . . . . . . . . 23
F. Privacy practices need to be harmonized internationally.. 24
IV. SECURITY . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
A. Aspects of security are anonymity, accountability, liability, and
integrity. . . . . . . . . . . . . . . . . . . . . . . 26
B. Encryption policy.. . . . . . . . . . . . . . . . . . . . 27
V. INTELLECTUAL PROPERTY. . . . . . . . . . . . . . . . . . . . . 32
A. Cultural norms on networks do not now favor intellectual property
protection. . . . . . . . . . . . . . . . . . . . . . . 32
B. Technological measures to protect intellectual property usually
fail. . . . . . . . . . . . . . . . . . . . . . . . . . 32
C. Payment for initial distribution of intellectual property can be
assured with existing mechanisms; technical methods to control re-
use are by no means guaranteed. . . . . . . . . . . . . 33
D. New paradigms of intellectual ownership or management need to
be devised to fit the electronic marketplace. . . . . . 34
E. Intellectual property rights currently available for traditional media
must be ensured for electronic media as well; doing this is not
trivial.. . . . . . . . . . . . . . . . . . . . . . . . 36

4 PROPOSALS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
I. GOVERNANCE . . . . . . . . . . . . . . . . . . . . . . . . . . 37
A. Development of the national information infrastructure should be
market-driven, with support from limited, appropriate government
policies. . . . . . . . . . . . . . . . . . . . . . . . 37
B. Government funding should be deployed efficiently to stimulate
private-sector development. . . . . . . . . . . . . . . 38
C. Government and industry should construct a credible planning
group now.. . . . . . . . . . . . . . . . . . . . . . . 38
D. Government should immediately initiate coordination between
PSNs and the computer networking community. . . . . . . 39
II. REDEFINING COMMON CARRIAGE . . . . . . . . . . . . . . . . . . 40
A. Federal policies should ensure universal access and non-
discrimination of content.. . . . . . . . . . . . . . . 40
B. Federal policies should restrict carriers' liability. . . 40
C. Federal policies should restrict re-use of personal information. 40
D. Tariff regulations should be minimized or eliminated for network
service providers.. . . . . . . . . . . . . . . . . . . 40
III. PRIVACY. . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
A. Service providers should voluntarily adopt a fair information
practices code. . . . . . . . . . . . . . . . . . . . . 42
B. The government should set up an information practices
commission. . . . . . . . . . . . . . . . . . . . . . . 42
C. The government could legislate minimum national standards for
privacy.. . . . . . . . . . . . . . . . . . . . . . . . 43
D. The government could establish user royalties and a National
Information Market (NIM). . . . . . . . . . . . . . . . 44
IV. SECURITY . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
A. The ECPA should be extended to electronic networks. . . . 46
B. Tradeoffs to cope with cryptographic advances must be openly
discussed.. . . . . . . . . . . . . . . . . . . . . . . 46
C. Development of security policies that are uniform throughout the
network should be discouraged.. . . . . . . . . . . . . 48
D. Accountability must be balanced with anonymity. . . . . . 48
E. International coordination is needed. . . . . . . . . . . 49
V. INTELLECTUAL PROPERTY. . . . . . . . . . . . . . . . . . . . . 50
A. Network cultural norms should more fully recognize the public
benefits of protecting intellectual property. . . . . . 50
B. Intellectual property rights should be enforced in the national
information infrastructure by suitable legislation and use of
supporting technical mechanisms.. . . . . . . . . . . . 50

GLOSSARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

BIBLIOGRAPHY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

APPENDICES
A: D. Linda Garcia, "A National Communications and Information Policy: Reconciling the
Issues
B: Willis Ware, "Security Considerations for Data Networks"
C: Marvin Sirbu, "Technology Trends"
D: Kenneth C. Laudon, "Privacy Beyond 2000"
E: Mark Rotenberg, letter to Kenneth C. Laudon
F: FBI Digital Telephony proposed legislation
G: Information Infrastructure Task Force, "The National Information Infrastructure: Agenda
for Action"
H: Steve Kent, "Intellectual Property: Future Work"
CIVILIZING CYBERSPACE
Preface

There is a window of time available now in which to act to develop policy guidelines consistent
among various national and international networks before delays result in inadequate privacy and
security, cancellation or rejection of some otherwise fine networks, or costly retrofits.

To move ahead in developing appropriate policy guidelines, the National Science Foundation
funded The George Washington University to conduct an invitational workshop to address the
policy questions, to consider the adequacy of existing policy mechanisms, and to identify a
number of legal issues which keep cropping up as networks expand.

A small select group of leaders gathered for four days in January 1993 at Amelia Island
Plantation near Jacksonville, Florida to discuss these issues. The heterogenous group of invitees
included computer network developers and managers, computer security experts, civil
libertarians, hardware and software developers, legal experts, policy analysts, and others. All
discussions were off-the-record. Because the development in the field is so quick, especially
with the Administration's National Information Infrastructure Initiative, much has changed in the
brief time since the workshop. Therefore, some of the issues discussed here have already been
resolved. However, most of the work remains an important contribution. The boxed quotes that
are scattered throughout the text are taken either from what was said at the workshop, or from
conversations between the speaker and the author.

Four invited focus presentations drove the identification and prioritization of hard problems;
these presentations, or later revisions, are included as appendices to this report, as are some other
documents which I thought appropriate. The participants were split into smaller working groups
for some of their time together, but worked together as a large group for much of the time,
emerging with a short list of the most important and pressing short-term and long-term problems.

This project could not have been possible without the help provided by the National Science
Foundation Division of Networking and Communications Research, and Dan Van Belleghem in
particular. The advisory committee was also of great help. It consisted of L. Dain Gary,
Computer Emergency Response Team, Software Engineering Institute; Rich Pethia, Computer
Emergency Response Team, Software Engineering Institute; Steve Walker, Trusted Information
Systems, Inc.; Willis Ware, The Rand Corporation; Fred Weingarten, Computing Research
Association; and Alan Westin, Columbia University.

Thanks are in order to a number of others, as well. Joyce Cavatoni helped with logistics of
getting the attendees to the workshop. The bulk of turning a transcript of the last day's
deliberations into a readable report was done by Kristin Knauth. Hae Chan Park also assisted in
this process. A special thank you is due to Marianne Berkovich, who took disparate notes, early
drafts, and other material and wove them all into a coherent final product.

Lance J. Hoffman

Washington, D. C.
September 1994
CIVILIZING CYBERSPACE:
Executive Summary

In the next 15 years, rapid technology development will drive the merging of voice and data
communications and, to some extent, of common carriers and enhanced service providers. A
new technological environment will emerge that combines public and private elements in a
highly competitive marketplace. Although technological development is moving rapidly, the
United States is just starting to address hard policy questions about governance, accountability,
privacy, security, and intellectual property in a national information infrastructure. Because U.S.
policies will have international ramifications, they also need to be coordinated globally. This
report offers tentative directions, and suggests further steps to address these issues.

GOVERNANCE: Currently, fragmentation of authority for communications policy is a major
impediment to speedy and inclusive resolution of the issues and jeopardizes the public interest.
Agencies charged with communications regulations have interpreted their mandates narrowly
and frequently have failed to coordinate policies. Although the Clinton administration has taken
steps towards funding the "information superhighways," governance for the NII has not been
adequately addressed. Proceeding without clear policy-making and regulatory structures could
lead to waste of public funds and unnecessary conflicts with industry. The workshop
participants agreed that the government should move quickly to facilitate cooperation between
the two major players driving network development, public-switched networks and the computer
networking community. They felt that the technological and structural evolution of the
information superhighway system should be primarily market-driven, but Federal policies should
be developed to balance public and private interests, foster competition, and help ensure
universal and affordable access to the network. An information practices commission, with a
specified lifespan of two years or less, should be set up to study the full range of national
information infrastructure issues and make recommendations to the government. A privacy
commission could be set up separately or incorporated into the broader information practices
commission.

REDEFINING COMMON CARRIAGE: As technological advances blur the distinction
between the common carriers and enhanced service providers (ESPs), no analogous integration
is occurring in terms of regulation. Either of two opposing scenarios could emerge: common
carriers could assume the functions provided by ESPs, leading to near-universal regulation of
networks; or competition could burgeon, inducing deregulation. Since both pure scenarios
present threats to the public good, policymakers need to create a new legal definition of common
carriage to ensure equitable and affordable access to networks while protecting users' privacy
and minimizing carriers' liability and regulation.

PRIVACY: Universal networks will greatly reduce the costs and technical obstacles to efficient,
large-scale privacy encroachment, whether by commercial interests, law enforcement, or
criminals. Legal and statutory protection of privacy currently is very weak; there is little clear
regulatory authority for enforcing privacy rights. Federal policies are needed to give individuals
greater control over the personal information that flows through national data networks. These
laws then need to be harmonized among states and countries. The workshop participants
considered a new "fair information practices" code to be adopted by both transport providers and
enhanced service providers. It would protect individuals' transaction data from misuse and might
give individual consumers options ranging from partial to complete restriction of use to royalty-
based use.

SECURITY: Network monitoring for security purposes may compromise personal privacy, so
the Electronic Communications Privacy Act should be extended to allow administrative
monitoring of data networks. Due to cryptographic advances, existing technological
mechanisms that enable law enforcement and intelligence agencies to gather intelligence
electronically could lose their effectiveness in an increasing number of situations. Technical
solutions to achieve a satisfactory tradeoff between personal/corporate privacy and law
enforcement/national security needs should (and probably will) be developed in a competitive
market. Uniform security policies throughout an information superhighway system, however,
will be inappropriate. Therefore, new law enforcement methods and tradeoffs between personal
privacy and law enforcement should be analyzed now in public discussions in a spirit of mutual
good faith among competing interests. Accountability must be balanced against legitimate needs
for anonymity. Technical means must be put in place to restrict the amount of damage that a
user with a legitimate need for anonymity might inflict on a network. Liability for security
breaches is especially problematic in two cases: when personal privacy is compromised, and
across international boundaries.

INTELLECTUAL PROPERTY: Intellectual property rights should be respected in networks to
make networks attractive to commercial providers and users. Only distribution of the first copy
of copyrighted material can be controlled technologically; there are to date no well-developed
technical means available to control re-use of intellectual property. Current models of licensing
are inadequate for electronic environments. Intellectual property protection in the national
information infrastructure should be encouraged as a cultural norm through education.
1 INTRODUCTION:
A Window of Opportunity

Policy decisions governing communication and information
technologies ... determine not only the availability and distribution of
products and services, but also ... the nature of society itself.

At the threshold of the 21st century, the global marketplace of ideas and commerce is evolving
swiftly into a digital one. By 2010, ubiquitous digital networks transmitting a fusion of voice,
data, and video will serve as the nation's primary channels for commerce, education, politics,
entertainment, and personal communications.

In the United States, a national information infrastructure is rapidly emerging. The Clinton
Administration has made development of an "information superhighway system" -- a web of
high-speed telecommunications networks that are accessible and affordable to all Americans -- a
top priority of its High-Performance Computing and Communications Program.

As America moves into this new era of technological interconnection, meaningful discussion
about the emerging infrastructure cannot be framed in solely technological terms. Societal
policies devised for an age of physical media and voice communications will not always
translate easily to an electronic future. Maintaining freedom of expression and association and
other democratic values will depend on initiating appropriate policies today to shape and govern
the nation's communications infrastructure.

At a workshop convened at Amelia Island, Florida, on January 26-28, 1993, an interdisciplinary
group of 24 experts gathered to discuss these issues. Their mission was to examine important
policy issues related to computer networks today and, whenever possible, to produce directions
for possible policy and/or technological solutions.

The participants chosen were knowledgeable leaders from the science and technology research
communities, the legal community, scholarly institutions, public interest groups, and the federal
government (see Table 1). The National Science Foundation Division of Networking and
Communications Research funded the symposium.

Table 1:
The George Washington University/National Science Foundation
Workshop on Priority Policy Issues in a National Information Infrastructure
PARTICIPANTS

Jerry Berman
Electronic Frontier Foundation

Scott Charney
Department of Justice

Paul Clark
Trusted Information Systems

Stephen Crocker
Trusted Information Systems

Dorothy Denning
Georgetown University
Computer Science Department

David Flaherty
Woodrow Wilson Center

D. Linda Garcia
Office of Technology Assessment

Dain Gary
Carnegie-Mellon University
Software Engineering Institute

Mike Godwin
Electronic Frontier Foundation

Janlori Goldman
American Civil Liberties Union

Lance J. Hoffman
The George Washington University

Brian Kahin
Harvard University
Kennedy School of Government

Stephen Kent
BBN Communications

Robert Kraut
Bell Communications Research

Kenneth Laudon
New York University
Stern School of Business

Arthur Oldehoeft
Iowa State University
Computer Science Department

Ronald Plesser
Piper and Marbury

Charla M. Rath
Federal Communications Commission

Ed Roback
National Institute of Standards and Technology

Michael Roberts
EDUCOM

Marc Rotenberg
Computer Professionals for Social Responsibility

Marvin Sirbu
Carnegie-Mellon University
Engineering & Public Policy Department

Willis Ware
Rand Corporation

Alan Westin
Columbia University
Political Science Department

The workshop adopted no "official" positions. Indeed, much work remains to be done to
formulate appropriate solutions to the issues. But the suggestions that follow promote informed
discussion. Some of these suggestions correlate almost exactly with those of the Clinton
Administration in its September 1993 proposal for a national information infrastructure.
Workshop participants and the administration agree, for example, that the government's role in
shaping the network is critical at this juncture, that government's role should be limited to
supporting and protecting a market-driven information infrastructure, and that a high-level
inquiry should be convened without delay to address the issues.

In many respects the symposium went beyond the Administration's plan to provide a more
detailed analysis of the issues. Participants soon identified five major problems engendered by
the emergence of national and international information networks:

1 Governance: Delineating the roles of the players (federal government,
private companies, users, other organizations) in creating, regulating, and
using the network

2 Defining the network: Creating a legal definition for universal networks
that codifies their regulatory structure, accessibility, and accountability

3 Privacy: Balancing personal privacy against the legitimate needs of
business, government, and organizations

4 Security: Protecting universal networks from disruption of service and
from unauthorized disclosure, destruction, or modification of the programs
and data available on the networks

5 Intellectual property: Defining and protecting intellectual property
rights in an electronic milieu

Although all of these concerns pertain to the voice and data networks that exist today, the arrival
of much higher-speed, universally accessible, national networks will amplify tremendously their
importance and complexity. The vast scale of the emerging information infrastructure will swell
commensurately the risks to privacy, security, and intellectual property.

Finding solutions to these problems will require a detailed, thoughtful balancing of conflicting
interests. For example, security standards that allow a system to meet the needs of business and
government could limit the extent to which the same system can be used for research and other
collaborative efforts. Security features may add costs, slow transmission speeds, increase
network traffic, and generally dispirit the cooperative and uncircumscribed spirit which promotes
scientific advances. Users may disagree significantly on the levels of security required and the
sacrifices that should be made to achieve it.

Resolving the tradeoffs will not be easy. The stakes are rising, especially as the strategic value
of information increases in all aspects of American life. Constituencies with vested interests in
the NII are numerous and sundry: academic institutions, from kindergarten to post-graduate; the
telecommunications industry; state enterprises dedicated to economic development, research,
and education; industrial research and development laboratories; corporations, large and small;
and federal research agencies. Advanced networks extend into the majority of American homes
now and ultimately will reach them all. These decisions will thus affect virtually every citizen.

Furthermore, setting communications policy in the United States is particularly difficult. Since
responsibility for telecommunications policy is highly fragmented within the federal
government, no single agency is responsible for the big picture. Hence, there has been little
communication, let alone coordination, among these players. Most agencies have based their
decisions on narrow definitions of the issues, largely failing to recognize the wide-ranging
implications of network communications policies.

Jurisdiction between state and federal governments with respect to communications policy is
similarly ambiguous. The Federal Communications Commission (FCC) regulates the interstate
aspects of telecommunications, and intrastate aspects to the extent that they significantly affect
interstate policy. States hold responsibility for everything else. But trying to apportion a
national (or international) network theoretically into interstate and intrastate pieces is something
like trying to cut spaghetti on a plate into distinct sections.

In the future all these issues of jurisdiction, security, interoperability, intellectual property rights,
and privacy will extend to the international arena. We live in a global economy, and there is no
doubt that the information superhighway system soon will reach around the globe. Over 70
countries have full TCP/IP Internet connectivity, and about 150 have at least email services.
Current United States policies concerning privacy, security, and intellectual property rights are
not well matched to the corresponding policies of the European Community or Asian nations.
Already, disputes within the United States about policy jurisdiction have hindered the American
case in international standards debates. Also, international law enforcement cooperation (for
example, in drug enforcement operations) is impeded by disparate standards of electronic
protection of personal information.

Responsibility for telecommunications policymaking has shifted from the political arena to the
marketplace in the last decade, compounding the difficulty of trying to impose unified policies.
Divestiture of the Bell Telephone System, the emergence of large users, and regulatory
liberalization have all been factors in this shift to a market-driven, heterogeneous
telecommunications environment.

No clear policymaking structure existed at the time of the workshop to resolve these issues, and
the mechanisms for involving industry in decision making and for coordinating policies
internationally were insufficient. The Administration is attempting to address these problems via
its U.S. Advisory Council on the NII and intragovernmental task forces.

The technology will not wait. There is a window of opportunity available now in which to
act rapidly to develop policy guidelines consistent among the various national and
international networks. Delay in considering these issues could result in dangerous
breaches of security and privacy, large-scale violations of intellectual property rights,
cancellation of some networks, or costly retrofits.

If, as a society, we fail to grasp the moment, ... the opportunity to make deliberate
choices about new communication technologies -- and about the nature of
American society itself -- will be overtaken by rapid technological advances,
hardening of stakeholder positions ... and the force of international
developments.

2 TECHNOLOGICAL CONTEXT

The national information infrastructure will be a communications environment of unprecedented
technological complexity. Although its ultimate structure and management remain speculative,
prevailing opinion in the scientific community is that it will encompass a broad range of
information services transported by hundreds and perhaps thousands of competing commercial
enterprises over diverse, autonomous user networks.

Voice and computer communications will merge -- a trend that is well underway today. The
"interstate highway system of the information age" and will become the most powerful tool for
disseminating and manipulating information that has ever existed.

Rapid technological development of the
NREN and other advanced networks is
outpacing regulations and policies that were
devised for yesterday's voice and data
networks. Setting appropriate policies for the
forthcoming era of universal interconnection
requires a basic understanding of the
technological and regulatory directions in
which today's networks are evolving.

I. TODAY'S NETWORKS

For policy makers, the key technological trend to understand is the rapid converging and
interconnection of public and private networks. This trend is exemplified in the closest existing
prototype for the emerging information infrastructure, the Internet, a worldwide super-network
that connects thousands of academic and scientific research networks. The Internet encompasses
both publicly regulated telephone networks ("common carriers") and unregulated information
service providers.

Yet this super-network -- which is the world's largest computer network -- has no central
governance. Its tremendous growth in the last two decades has taken place in a context of near-
anarchy, controlled only by a combination of standards-setting committees and a spirit of
collegial collaboration in the pursuit of science. Its abiding success strikes even some of its most
dedicated users as a happy aberration.

The anarchy cannot continue, however, as the Internet continues to expand into the commercial
and education sectors. Less technically sophisticated users demand more user-friendly tools and
less chaotic governance, and since the user community is now less homogeneous, more
disagreement over what is appropriate behavior on the net is inevitable. Increasingly, a need is
becoming apparent for clear guidelines and accountability, and for someone to be in charge.

In a typical "cell" of the Internet today, a university campus, with its thicket of local area
networks and hosts, is connected to a router, a computer which serves as a gateway from the
campus to the rest of the networking universe. Usually the router is connected by a leased line,
provided by an "interexchange carrier," (a long distance company) to larger networks, such as
the NSFNet, those owned by enhanced service providers (ESPs), and others.

Some typical ESPs are Compuserve (owned by H&R Block), Prodigy (owned by IBM and
Sears), and GEnie (owned by General Electric). They can be used to pay bills, shop from home,
deliver electronic mail, and participate in electronic special interest groups, among other
functions.

Some elements of this basic cell are strictly regulated while others are completely unregulated.
In 1980, in a decision known as Computer Inquiry II, the Federal Communications Commission
(FCC) drew a distinction between "basic service elements" (information transport services) and
"enhanced services" (value-added information services such as voice messaging or financial
services). This was the first time the FCC distinguished between the transport mechanism and
the information that is transported over it.

Under the ruling, traditional common-carrier regulations apply to providers of basic services on
the grounds that, following the breakup of AT&T, these operate in a quasi-monopolistic fashion
at the local level. Common carriers are obligated to:

Provide universal service;
Carry any kind of information without discrimination; and
File their tariffs with the FCC.

An important concomitant benefit conferred on common carriers is release from liability for the
content of the information they transmit.

At the same time, the FCC chose to stop regulating ESPs, deeming that their markets had
become sufficiently competitive. Today ESPs remain completely unregulated, except to the
extent that they transmit personal information which is covered by sector regulations (such as
financial audits, credit reports, or, in some states, health care records). Most information carried
over networks now is carried by ESPs and hence is unregulated.

Complications ensued virtually from the inception of Computer Inquiry II, due to the fact that
more and more companies began to provide both regulated transmission between third parties
and unregulated value-added information services. Initially, the FCC required that such
companies isolate their provision of enhanced services in a subsidiary firm. But in 1988, in
Computer Inquiry III, the FCC initiated a concept called "Open Network Architecture" (ONA).
Under ONA, transport providers may effectively split their networks into theoretical pieces that
provide either basic or enhanced services. Only the accounting functions of the two types of
service are segregated. Otherwise, the services may be provided by the same company over the
same network.

ONA provisions specify the conditions the regional Bell operating companies must meet before
they can begin providing enhanced services, and is intended to prevent the Bells from using their
local telephone services to gain unfair competitive advantages in these new markets.

II. TOMORROW'S NETWORKS

By 2010, a broad national information network will be an established reality. Computing and
communications will merge, yielding new kinds of information appliances ranging from hand-
held (or "wristwatch") cordless personal "compu-phones" to wall-sized high-definition displays.
Data and program sharing will occur on an exponentially greater scale than today. An
individual's personal telephone/computer will be linked to nearly all others in the world.

The key development in network technology during this period will be the replacement of
today's packet-switched networks by a new call-routing architecture called ATM (Asynchronous
Transfer Mode). ATM uses a novel method to provide very high-speed switching services
among networks -- more than 45,000 times the speed available on typical telephone lines today.
Like today's Synchronous Transfer Mode (STM) formats, ATM disassembles information into
"packets" that are loaded onto telephone lines and reassembles them electronically at the
receiving end. But unlike STM, ATM parcels information into packets of uniform size, enabling
it to pass smoothly from a desktop computer to a local telephone wire to a long-distance fiber-
optic line without slowing down for "protocol conversion," or technical translation for different
systems, along the way.

ATM is being developed by today's common carriers (the regional Bell operating companies and
other basic transport providers like Sprint and MCI). And Sprint has announced a nationwide
long-distance voice, data and video transmission service for corporation using ATM. Fifteen to
twenty years from now, it will supplant today's network architecture.

How will the arrival of ATM affect the relationship between common carriers and ESPs?
Today's cell-switching services are provided by both public carriers and private ESPs. But
ATM-based services probably will be provided primarily by public local exchange carriers and
interexchange carriers, whose parent companies are developing them. Eventually, these ATM-
based services could replace the ESP-controlled portions of the network.
3 KEY POLICY ISSUES:

Governance, Redefining Common Carriage, Privacy,
Security, Intellectual Property

The Amelia Island symposium identified the most pressing policy issues as:

Governance of the national information infrastructure,
Creating a new regulatory model for advanced universal networks, based on a
definition of common carriage suitable for the electronic age,
Protecting privacy in the coming era of interconnection,
Protecting security (of network transmission), and
Protecting intellectual property in an electronic marketplace.

This section delineates the problems to be solved with respect to each issue.

I. GOVERNANCE

Participants noted repeatedly that the lack of appropriate administrative structures in both the
government and private sectors slows the deployment of new technology and prevents the
public's interest from being represented in decisions about a national information infrastructure.

Some of this has changed since the workshop. The Clinton administration has established an
interagency Information Infrastructure Task Force to work with Congress and the private sector
to propose the policies and initiatives needed to accelerate the deployment of National
Information Infrastructure. It has also established a private sector Advisory Council on the
National information Infrastructure in order to facilitate meaningful private sector participation
in the IITF's deliberation. In order to implement National Information Infrastructure, the
administration plans to properly structure and adequately staff the federal agencies most directly
responsible for the evolution of the NII in order that they can effectively address many new and
difficult policy issues.

Only time will tell whether the scattered and ill-coordinated regulatory authority of the past will
be remedied by these efforts. In the private sector, the providers of public switched telephone
services are moving forward on networking technologies and developing niche markets
independently of the computer communications industry. Coordination between the two
industries needs to be initiated now, probably by the private sector Advisory Council, since these
policies and technologies will be forced to coalesce in the national information infrastructure.
Finally, industry pressure to minimize regulation of the new infrastructure will be strong -
witness the great battle over encryption technology (See "Encryption Policy", page 27), and
mechanisms other than regulation need to be devised to protect the public interest.

1. Agencies charged with setting communications policy have interpreted their
mandates narrowly. Although the jurisdiction of the FCC is very broad, in recent years
the agency has taken a hands-off approach to many important aspects of networking
policy. In the telecommunications arena, the FCC has concerned itself with competition
and deregulation rather than with issues related to information content, such as privacy.
The FCC left it to states, for instance, to regulate Caller ID.

Several agencies in addition to the FCC have a mandate to regulate or develop policies
for information and communications. Most, like the National Institute of Standards and
Technology (NIST), have interpreted their mandates narrowly. The National
Telecommunications and Information Administration (NTIA) -- part of the Commerce
Department -- has in the past limited its concerns to questions of commerce and
economic efficiency. However, since the Clinton administration took office, it has
become a catalyst for the development of the NII, supporting $26 million in research and
development in FY 1994.

2. The computer and communications communities are moving forward
independently on technologies and policies that, in the future, will coalesce in the
national high-speed network. The government should act quickly to bring these players
together and resolve economic and technical questions so that the maximum public good
will be obtained.

3. As telecommunications service providers merge with the public switched
networks, overregulation of the new infrastructure should be avoided. At the same time,
creative mechanisms need to be devised to maintain a public interest perspective in a
very heterogeneous environment.

II. REDEFINING COMMON CARRIAGE

Telecommunications networks today fall into two categories: common carriers, which transport
information, and enhanced service providers (ESPs), which sell information services. Common
carriers are regulated as public utilities, while ESPs are almost completely unregulated.

But the distinction between these two types of service providers is blurring. Many common
carriers offer both regulated and unregulated services. Sprint, for example, is a regulated
common carrier but it also provides enhanced services through Telenet and other unregulated
subsidiaries. And the Internet is unregulated, even though it uses lines owned by regulated
carriers.

Like the Internet, the planned information
superhighway will be a complex mosaic of basic
and enhanced services. To the extent that it acts as
a transport provider, the national network will
closely resemble today's public switched telephone
networks (PSNs). PSNs are common carriers,
regulated by the FCC, state Public Utility
Commissions, and federal and/or state laws.

In exchange for meeting certain FCC obligations
(see "Today's Networks", page 7), common carriers
are released from liability for the content of the
information they transmit. This is in contrast to other forms of public media, such as newspapers
or broadcast media, which are liable for slanderous or obscene content.

Common carriage is generally held to be a positive regulatory model for communications
services because it promotes other forms of commercial activity, guarantees user privacy, and
assures that markets with limited competition will charge fair rates. The concept was legislated
in the Communications Act of 1934, to prevent telephone monopolies or near-monopolies from
restricting access or imposing excessive rates. Today, however, it also applies to competitive
industries such as the airline and rail transport industries.

In the next 10-15 years, the information superhighway could evolve towards near-universal
common carriage. The current administration hopes to make the NII a "public" network,
accessible to all through schools and businesses (although this goal is not necessarily shared by
all stakeholders). Technology also could drive this trend: as common carriers gradually replace
today's cell-switched networks with high-speed ATM networks, they might assume management
of the portions of the Internet that now are controlled by ESPs (see "Setting the Scene," page 6).

Finally, legal trends also may be pointing towards universal regulation under the common
carriage model. But competition, if strong enough, could offset these trends and prompt the
FCC and other agencies to deregulate network service providers. Under this scenario, universal
deregulation could result.

A. Possible levels of regulation. The situation could evolve to one of two contrary
scenarios -- near-universal regulation or near-universal deregulation, or to some sort of mix.

1. Universal regulation. Since local exchange carriers and interexchange carriers
are regulated as common carriers, all information carried over their ATM lines would be
subject to common carrier protection and rules. ESPs could vanish from most or all of
the transmission path.

This would be very different from today's reality, where enhanced services, and hence
most information carried over a network, are provided by unregulated ESPs which may
discriminate on the basis of content and access and whose fees are not regulated.

2. Universal deregulation. Competition could, however, mitigate or negate these
trends toward near-universal regulation. In the next five to fifteen years, competitive
alternatives will emerge for local communications networks, just as they now exist
among long-distance services. Since the FCC tends to respond to competition by
reducing regulation, common carrier regulations could, in this time frame, be withdrawn
from carriers at all levels of a national network infrastructure. In this scenario, the
common-carrier structure would fall by the wayside. The question is whether there will
be sufficient competition in the local access area to warrant deregulation.

3. Mixed situation. A mixed situation might develop. In that case, the regulation
might also be mixed. If so, the resultant network must be guided to support liberty,
innovation, universal access, and competitive pricing.

B. Risks to the public good under each scenario. Any of these scenarios could, in some
circumstances, jeopardize the public good. Universal regulation, with its accompanying
mandatory tariff registration, could impede growth and innovation in a communications
environment as dynamic, heterogeneous and universal as the national information infrastructure.
The result could be stymied technological advancement and a paucity of commercial offerings.
Under universal deregulation, consumers would not be assured of universal access and
uncensored transmission, while carriers would not necessarily be assured of freedom from
liability -- principles that have characterized the American telephone system since the 1930s. A
mixed system could have advantages, as well as disadvantages, of each.

A new regulatory definition is needed to fuse the
advantages of common carriage with the
advantages of competition. The government
should act quickly to create a new regulatory
model that will protect the public interest now
and in the future. Today's bipolar model, in
which each carrier is either wholly regulated or
wholly unregulated, is outmoded.

For policy makers, the question is how to ensure
that the national information infrastructure
incorporates the common-carrier benefits of
universal access and uncensored transmission,
while preserving the freedom and innovation of a
competitive marketplace and minimizing the
tariff and other regulations imposed on public utilities. This issue is addressed in the "Proposals"
section below.

III. PRIVACY

The "privacy problem" is not merely about individual rights but also
about collective well-being, quality of life, and the nature of society.

A. Universal computer networks will greatly reduce the costs and technical obstacles to
efficient, large-scale privacy invasion.

On universal computer networks such as those
envisioned in the national information
infrastructure, threats to content confidentiality,
privacy of transaction information, and directory
privacy all multiply.

1. Billing and accountability on large
networks require detailed record-keeping of usage trails. Expansion of network coverage
of an individual may encourage the government to seek access to transaction data for law
enforcement, regulation, and other uses (e.g., traffic analysis can be performed to monitor
who is communicating with whom).

2. Computer networks increase the possibilities for commercial appropriation of
personal information, such as transaction data, for targeted marketing and other intrusive
practices. While the content of network transmissions is today sometimes protected by
common carriage rules, communications privacy laws, or sector-specific rules, there are
limited regulations that control use of transaction and billing data by either common
carriers or enhanced service providers. Personal information about users -- including
transaction data about the destination and timing of individuals' messages, billing
information, or usage preferences -- is often shared and sold among government agencies
and within the private sector, often without individuals' permission and usually without
their knowledge. Thus, as a general rule consumers participate in the information
marketplace whether or not they wish to. Individuals who attempt to "opt out" may find
that they have little legal recourse.

3. Computer networks offer greater capabilities and opportunities for use of
encryption techniques than traditional files do. This has both positive ramifications
(better privacy protection) and negative ramifications (shielding illegal activities from
law enforcement).

B. Strict privacy policies are needed to encourage use of these networks. Questionable
uses of information exist independently of networks -- for example, when a credit card database
is used for direct mail purposes or medical records are used for employment decisions. The
problems become greater, however, as a larger proportion of transactions occur in electronic
form, in which records can be more easily aggregated.

The regulations laid out in the first generation of privacy legislation -- segregation of files by
function, prohibition of secondary uses of information without "informed consent",
establishment of individual rights, management accountability, and due process rules -- were
important first steps along the road to management of information in a digital age. But some
have argued that technology and organizational behavior have now overtaken these ground rules,
and that with a PC on almost every desktop, the temptation and ease of privacy invasion require
additional legal, procedural, and technical safeguards.

C. Aspects of privacy encroachment are intrusion, appropriation, and surveillance.

1. Intrusion: the deluge of unwanted
solicitations and information.

The public considers intrusion to be a
major privacy problem. With the advent
of a national information infrastructure,
the level of intrusion could explode, given
the large number of users and the relative
ease of sending broadcast messages on
networks.

Advances in both data storage techniques
and data "mining" techniques could spur
rapid reductions in the cost of compiling
ever-larger data bases on individuals. Meanwhile, advances in the telecommunications
infrastructure open the possibility of end users being able to mine large data sets remotely
using desktop machines. By the year 2000, it is conceivable that each home will have
access to a T1-equivalent (1.54 megabytes/second.) network, radically reducing the cost
of mining terabyte-sized databases.

In 1991, federal legislation was passed to address public concerns about intrusion by
unsolicited "junk" faxes and the use of autodialers for telemarketing. The Telephone
Consumer Protection Act imposed certain fairly stringent restrictions on companies that
use automatic dialers or fax machines for commercial advertising. The Act did not
extend to digital communications, but could be used as a model for such legislation.
Some of the restrictions were stated explicitly in the law (for example, that consumers
who receive an unwanted message from the same autodialer more than twice may ask the
FCC to fine the company $500 per call). Other restrictions were left to the FCC to
determine through rule-making. In particular, Congress ordered the FCC to establish a
means by which consumers can register their desire not to be telephoned by autodialers
(or by human solicitors), for example, through a national "do-not-call list" database or a
requirement that companies establish their own such databases.

The FCC decided that the establishment of such a national database would be too costly.
Instead, it promulgated rules placing the onus on consumers to notify the FCC of
individual infractions of the law. Therefore, FCC required the telemarketing industry to
keep company-specific do-not-call lists. Any person or entities who institute any
telephone solicitation should maintain a list of persons who do not wish to receive
telephone solicitations. In addition, they should keep a written policy on the
maintaining the do-not-call list. They also have to train personnel engaged in telephone
solicitation.

Many consumer and privacy advocates feel that, in doing so, the FCC significantly
watered down Congress' intentions in the Telephone Consumer Protection Act and
inappropriately bowed to the telemarketing industry. They question the FCC's suitability
to assume a broader role in setting communications policy for the national information
infrastructure.

2. Appropriation: unauthorized re-use of personal information generated from
government records or from network use, billing, and information transactions.

The federal government is among the worst "personal information hijackers" -- often in
direct violation of the 1974 Privacy Act, according to Rep. Edward Markey.

But network providers also are culpable: re-sale of subscriber information to direct
marketers, for example, is widespread. Often, key user identification information on data
networks is controlled by enhanced service providers which are not subject to any
regulation in their use of transaction data for further commercial transactions. From the
viewpoint of public advocacy groups, appropriation is the major privacy problem.

An early experiment with mass dissemination of personal information produced dramatic
results in 1991, when Lotus Development Corporation, Apple, and Equifax announced
development of a CD-ROM based system that was to contain personal information of 120
million American consumers. Lotus MarketPlace: Households would have allowed users
to compile mailing lists based on such narrow criteria as where consumers lived, how
much they earned, and their spending habits. Although such information is already
available in various sources, the program would have allowed anyone with a desktop
MacIntosh personal computer, CD-ROM reader, and $695 to efficiently compile detailed
composite "likely demographic pictures" of individuals and households.

Privacy advocates protested that consumers would not be able to check the accuracy of
information about them, or control its use. The companies abandoned the two-year,
multimillion-dollar project, however, only after a maelstrom of complaints -- including
30,000 requests from consumers demanding that their names be deleted from the
database. (Many objected electronically, flooding the electronic mailbox of Lotus CEO
Jim Manzi).

3. Surveillance: monitoring of network content and usage by "empowered users"
(network administrators, law enforcement officials, or employers).

In public switched telephone networks, a "reasonable expectation of privacy" rule has
been established in which the content of calls is protected. Listening to the calls
themselves requires a warrant. This precedent has not really been carried over to the
world of electronic mail.

In addition, there is a conflict between user privacy and the legitimate needs of network
administration to know enough about what their users are doing (e.g., message routing
information) to run the network efficiently. Beyond this, there is another conflict
between user privacy and the legitimate needs of law enforcement to audit electronic
networks as part of the investigation, prosecution, and deterrence of crimes. This issue is
spotlighted by the FBI's proposed "Digital Telephony" legislation, discussed on page 29.

The FCC has for years adopted a hands-off approach to privacy issues. For example, in
Computer Inquiry III, the FCC compelled the disclosure of Customer Proprietary Network
Information (CPNI) by the regional Bell operating companies to their competitors unless the
customer specifically requested in writing that the information not be disclosed, assessing the
potential threat to privacy of disclosing identifiable information about customers' network use as
having less importance than a non-level playing field for the several providers. (Although the
RBOCs do not have a uniform definition of what constitutes CPNI, CPNI could include sensitive
information kept by the telephone companies in their customer databases about a person's or
organization's calling patterns, billing information, network design, or use of network services.)

The ruling was intended to encourage the growth of competition in telecommunications markets
by disclosing proprietary information about Bell customers' use of the networks. If no customer
request is filed, the baby Bells are required to provide CPNI to competing vendors of enhanced
services or equipment if those competitors requested it.

Additionally, no federal data protection authority exists to enforce the Privacy Act of 1974.
Although the Act recommended instituting a permanent Privacy Commission to regulate
government systems and produce studies and recommendations on behalf of the private sector,
this recommendation was never actualized.

The public has started to look to the legislative and regulatory arenas for privacy protection. The
Office of Science and Technology Policy during the Bush administration identified privacy
protection as one of the critical issues for NREN development, the Clinton administration has
called for the protection of privacy in the NII. In reviewing privacy concerns of the NII, the
IITF has developed a work plan to investigate what policies are necessary to ensure individual
privacy, while recognizing the legitimate societal needs for information, including those of law
enforcement.

D. Legal and statutory protection of privacy is weak. Federal policies need to be
developed because the courts have failed to lay down consistent principles for privacy
protection. The application of Constitutional law to privacy protection has been rejected at the
federal level in the United States.

1. Current United States policies are limited (see Table 2). In the United States,
telecommunications privacy discussions typically begin with a discussion about the scope
of the 1986 Electronic Communications Privacy Act (ECPA). The ECPA extends
protection against wire surveillance to electronic mail, both stored and in transit. The
content of electronic communications may be intercepted by court order or by the service
provider to maintain the network, but otherwise may not be monitored. This rule applies
to both common carriers and enhanced service providers. Table 2: Existing U.S. Government Policies and Regulations Relating to Computer
Security

The ECPA is a fairly strong barrier against government surveillance. But the Act does
not address two important areas of privacy concerns: privacy within an organization or
the collection, or sale of transaction data for commercial purposes. As a result, service
providers are free to make use of, and even to sell, records of electronic transactions.
Dissemination of personal information is pervasive throughout the public and private
sectors.

Some privacy protection exists in regulated
sectors, such as with financial records or credit
reporting.

But the boundaries separating these traditional
sectors are dissolving. Information about an
individual's health, for example, could flow into
the insurance sector, the employment sector, or
the government services sector.

To the extent that the national information
infrastructure moves away from the traditional
common carriage model (where the content of
transmissions generally is held to be private), service providers will have few or no
legally defined responsibilities to protect user privacy. Rules are needed to monitor the
flow of information around and between the larger private information pools, as well as
to control transaction data and protect content.

2. Contract and tort law offer little protection to consumers. On the contract front, it
is possible to argue both that there is no consent for the secondary use of personal data
and that companies' resale of such data is a form of unjust enrichment. From a tort
viewpoint, there is a strong claim that the sale of personal information is an appropriation
of commercial value. But none of these arguments, however compelling, have
conclusively succeeded in bolstering personal privacy rights in the legal arena.

E. Regulatory authority is unclear. In fact, Laudon has concluded that leading figures in
the marketing research and advertising industry in New York do not believe 'privacy' as a legal
or social movement has worked. Because they invade privacy so effectively, they are deeply
concerned about the absence of social policy and consensus; they wonder, "Who is it that thinks
'privacy' works?"

F. Privacy practices need to be harmonized internationally. Presently, different laws
apply in different states and countries and these privacy laws need to be harmonized among
them. In 1989, the Japanese Ministry of Post and Telecommunications developed a set of
privacy principles for network service modeled on the 1980 Guidelines of the OECD on the
Protection of Privacy and Transborder Flows of Personal Data. The Canadian government
recently issued policies on communications privacy, including strong enforcement mechanism
and criminalization of cellular wire interception.

The critical document for European privacy protection during the past decade has been the 1980
Guidelines, the basis for the national privacy laws in most European countries. The European
Commission has prepared an elaborate proposal for the public switched networks on network
privacy and ISDN (Integrated Services Digital Network, a network platform standard that could
be used to inexpensively upgrade existing telephone lines to accept data and video). Today, a
critical document is the EC draft directive on privacy and data protection. It is also the current
battleground for European privacy policy.

IV. SECURITY

Security is of critical concern in national networks, where researchers' needs for openness and
accessibility must be balanced with the needs of business and government for data security.
Currently, each user or organization may or may not have its own security policy. There is no
generally accepted or template security policy in the United States. While the National Research
Council recommended in 1991 the development
of a set of Generally Accepted System Security
Principles, little movement toward this has
taken place.

Security policies should be addressed now if the
national information infrastructure is to be
trustworthy. Security is here defined as the
totality of safeguards placed in a network to
assure that there is no unauthorized disclosure,
destruction, or modification of users'
information, and no unauthorized denial of
service.

In general, the more open a network, the more
subject to security threats it is. In a
heterogeneous national information
infrastructure, coordination to maintain network
security will be a major problem. The Internet has no central authority or enforcement
mechanism to maintain "law and order." As one participant commented, "Internet institutions
are both few and fragile." The source code for rogue programs is relatively easy to obtain. (See,
for example, The Little Black Book of Computer Viruses). There is even now what some have
characterized as The Little Black Book for networks, "Improving the Security of Your Site by
Breaking into It."

Another security issue raises other concerns about individuals' right to privacy versus national
security and the government's need for efficient information-gathering. There are conflicts
between the competing interests of user privacy, corporate privacy, domestic law enforcement,
and international intelligence gathering.

If these important security issues are not now addressed, resolved, and incorporated into the up-
front design of the national information infrastructure, the integrity of large new networks will
be suspect. Adding security measures later never works as well and is always more costly.

Workshop participants decided to focus only
on aspects of security that raise policy
questions or where there are conflicting
policy interests. Thus, many aspects of
computer and network security were not
discussed. The areas of security policy that
emerged as important for policy were
anonymity, accountability, liability, and
integrity.

A. Aspects of security are anonymity,
accountability, liability, and integrity. One issue of both security and privacy is how to allow
legitimate anonymity, while at the same holding people responsible for communications they
initiate.

Anonymity and accountability. Legal mechanisms are needed to enforce accountability,
that is, to trace the perpetrator if an individual damages the system or illicitly accesses protected
information, or slanders someone.

On the other hand, there may be circumstances where the need for personal anonymity is
overriding: whistle blowing and communication with AIDS information services are two
examples. Technology to protect anonymous communications is available.

Thus, in cases where end-users are granted anonymity, it may be appropriate to limit their ability
to do certain things which could damage the system or other users. We have a rough analogy,
perhaps, with police cars. On the highway network, emergency vehicles are given additional
legal capabilities (e.g., running red lights) in return for clear identification as emergency
vehicles.

Liability. Who should be liable for security breaches in a network? Local, regional,
national, or international carriers may all be considered culpable, depending on the nature of the
breach. On the other hand, software supplied at a local node might be responsible and all the
carriers should be immune. Who has the responsibility? To test what? No standards exist! If a
network provider allows a privacy breach due to inadequate security precautions, and individuals
suffer as a result of the exposure of their personal records, is the network liable? There was
general agreement in the workshop that ESPs should be treated differently than transport
providers in this regard.

Certain basic security features will have to exist in all networks. Indeed, the Japan Information
Processing Development Center has contended that social stability cannot be maintained in an
age of global information unless all countries adopt uniform minimum security measures.

Numerous security standards currently compete across borders: the Trusted Computer System
Evaluation Criteria, published by the U.S. Department of Defense in 1985; the Information
Technology Security Evaluation Criteria (ITSEC) from France, the Netherlands, Germany, and
the United Kingdom; the MITI Computer Systems Security Standards from Japan; and OECD
computer security guidelines. The most recent efforts are from NIST, "Federal Criteria for
Information Technology Security (FC)," volume 1.0, December 1992, by NIST and NSA, and
work continues, especially at NIST, on international "common criteria" for computer security.

B. Encryption policy. The business community has recently started to view government
interference in what has formerly been private turf. As the information superhighway develops,
the US government is increasingly concerned with communication, privacy, and security. This
is not a new area for government concern; indeed, it has been around since before the French
Revolution when governments were, even then, worried about accountability of authors and
publication of seditious materials. In recent months, three interwoven initiatives have been
prominent: the so called "digital telephony improvement initiative," the Clipper chip key escrow
encryption initiative, and modifications to the Export Administration Act. All of these followed
the workshop and thus while the topics they deal with were of concern there, the specifics
proposals were not visited at length there. However, they are all relevant to the topic, so that it
would be remiss not to mention them here.

The digital telephony initiative is an effort by the government to maintain some capability to
wiretap in cases where advances in telecommunications technology could (or have already)
outrun law enforcement's ability to intercept communications in order to enforce the laws and
protect the national security. The current proposal before Congress -- S.2375 and HR.4922
(identical bills introduced by Sen. Leahy and Rep. Edwards respectively) would require
telecommunications carriers to ensure that they possess the capability and capacity to enable the
government to isolate and intercept, pursuant to authorization by a court, call identifying
information the contents of a communication. The Leahy/Edwards bill is significantly more
narrow than the original Bush and Clinton Administration proposals. Most importantly, the
requirements apply only to carriers who engage in "the transmission of switching of wire or
electronic communications as a common carrier for hire". They do not apply to Information
Service Providers (the Internet, AOL, Prodigy, etc.), to private networks, or to PBX's. A court
can only impose a fine for a violation under the bill if it finds that 1) there are no other
alternatives (another carrier, other technologies, etc.) reasonably available to law enforcement,
and 2) compliance with the bill is not reasonably achievable through the application of available
technology.

In addition, the bill has some important new privacy protections, including the prohibition of
remote monitoring. Law enforcement cannot require a carrier to install a port which can be
activated by a law enforcement officer. All taps must be conducted with the intervention of the
carrier (as is the case under current law). The warrant requirements under current law have not
been changed.

Industry and some public interest organizations such as the Electronic Frontier Foundation are
currently arguing that the government should pay for all compliance costs. The current bill only
authorizes $500 million to be paid by the government for upgrades of existing features and
services within the first 4 years.

The Clipper chip, on the other hand, is part of the overall government strategy to solve the knotty
problem of protecting American communications against industrial espionage and other
compromises while at the same time maintaining the existing capability of law enforcement and
national security agencies to eavesdrop, with a court order, on suspect communications. When
law enforcement or national security agencies are interested in a person's communication, they
obtain a warrant from the appropriate issuing authority. They then fax a notification that they
have this to two independent government agencies (currently the National Bureau of Standards
and the Automated Systems Division of the Department of the Treasury) who then each give up
half of the digital key necessary to decrypt the conversation. When the two half-keys are joined
to form the entire key, law enforcement officials can then obtain the unit key for the given chip
used in the communicating telephone, and use it to decrypt the conversation (assuming that
telephone has used the Clipper chip in the first place).

This so-called "escrowed encryption standard" is urged but voluntary in the federal government
and is voluntary in the private sector. Perhaps because of the experience with prohibition and
after looking into potential violations of the First, Fourth, and Fifth Amendments of the Bill of
Rights, the Administration has decided not to make it mandatory. It had hoped that almost
everybody would use this system.

No one has seriously suggested that the algorithm is insecure (although a method of using it
which negates any value to law enforcement because of a minor design flaw has made the front
page of The New York Times), but many do not completely trust the key escrow agents. Many
suggestions have been made such as adding a third escrow agent from the private sector, adding
one from the Judiciary, letting users pick whichever escrow agents they want, etc. Only recently
have some of these been looked upon with favor by the Administration.

Clipper's encryption algorithm, "Skipjack", fits into Capstone, the U. S. government's long-term
project to develop a set of standards for publicly available cryptography for use in voice and data
communications. In one scenario, the government itself and all private companies doing
business with the government would be required to use Capstone, which could all be contained
on a single computer chip. This would provide economies of scale but would also force users
who wanted "government-proof" communications to superencrypt using other commercially
available algorithms. Because of great concern about Clipper, the Clinton administration is now
actively exploring other alternatives. Indeed, some have pronounced Clipper dead.

There is a large and growing collection of encryption software and hardware available. The latest
Software Publishers Association study show well over 800 products, of which roughly half are
manufactured overseas. There is an increasing fear that more and more American sales are
being lost because American software cannot provide the same sort of good encryption that is
provided in other countries (since it is illegal to export really good encryption from the United
States). Indeed, one vendor (Trusted Information Systems, Inc.) has actually set up a completely
independent cryptographic development lab overseas from which crypto products are imported
into the United States (but cannot be re-sent out again). Only recently have export controls been
loosened a bit so that traveling business executives can at least take their laptops overseas and
encrypt information using the Data Encryption Standard (the standard used for banking and
financial transactions) without violating the export laws. Nevertheless, there is a movement
afoot, led by Representative Maria Cantwell and Senator Patty Murray, to abandon all export
controls as encryption, arguing that the economic needs outweigh the national security needs.
At this writing, Congress and the Administration have not loosened the reins but are studying the
problem.

Several scenarios might develop:

1. Complete decontrol of cryptography. The use of strong encryption by the United
States public, as well as its export by United States manufacturers, could be completely
decontrolled by the government at the direct expense of law enforcement and national
security. This will please some members of the public, for they would have maintained
control over their privacy. Also, United States manufacturers of encryption products
would benefit. Multinationals would have a free hand in choosing the cryptography
strength for offices in various countries.

2. Domestic decontrol of cryptography with export regulations. Strong encryption could
remain decontrolled for use by the general public, but strict regulations would remain on
its export. It would be more difficult for multinational corporations to communicate
securely among offices in different countries since the export of strong encryption
products would be tightly controlled.

3. Voluntary escrowed encryption the de facto standard. (This is the Clinton
administration's proposed scenario.) The escrowed encryption standard could become a
de facto national standard for voice, fax, and data communications. Multinational
transmissions would be secure, except that United States law enforcement (with a
warrant) and national security agencies would be able to listen to transmissions. The
encryption technology might be exportable to countries that implemented the same or a
similar scheme and agreed to cooperate in international investigations.

4. Mandatory escrowed encryption. The government could choose to keep complete
control over encryption and to enforce use of the escrowed encryption standard. A black
market for foreign encryption products smuggled into the United States would probably
be created by some members of the public, including criminals, who desire more secrecy.
Business could superencrypt with an additional scheme, but at greater cost for greater
security.

At the workshop, participants acknowledged the need for balancing national security and law
enforcement needs with privacy requirements, the majority (although not a consensus) opinion
was that Americans should be able to use the best cryptography feasible to protect their
communications and stored information.

These tradeoffs are not easily resolved. Moreover, much "national security" information is kept
confidential by the FBI and intelligence agencies, in marked contrast to other policy-making
forums, where the public can gain access to information and outside experts can testify at public
hearings. Mutual distrust between these agencies and public interest advocates (and, in the case
of Clipper, much of the business community as well) has created an effective standoff on many
of these issues. In recent months, as the various players gain more understanding of the
positions of the other players, more constructive discussions have begun to take place among
them.
V. INTELLECTUAL PROPERTY

A. Cultural norms on networks do not now favor intellectual property protection.
Ideally, measures to protect copyright should be underpinned by cultural norms that recognize
the public benefits that accrue from intellectual property protection. Such norms are weak now -
- where they exist. Although most of the current disregard for intellectual property rights on
networks does not have criminal intent, the permissive culture that characterizes the Internet and
other large networks encourages illicit activities among otherwise law-abiding citizens. There
are diverse cultures on the Internet: two significant ones are the conventional one, operating
mainly in corporations and other organizations and trying to make what sense its members can of
the (implicit, for the most part) "laws of the Internet"; and a subculture of technically proficient
users operating by their own (often unwritten and unannounced to new arrivals on the net) laws
which are inconsistent with the laws of society as a whole.

Some would argue that if this continues, anarchy will reign on the net as it gets more users, and,
after a while, less tolerance and a desire for "law and order" will emerge. This is handled in
various ways in the current commercial systems. The relatively benign indifference to
copyright is a tough issue, since many observers see that numerous good applications have
developed out software with questionable origins. But if we do want the greatest good for the
greatest number, then we have to consider allowing information product purveyors to enforce
copyright more strictly on the net and to give up some of the "Wild West" mentality.

B. Technological measures to protect intellectual property usually fail. The history of
failed efforts to provide copy protection for software argues that technical efforts to protect
copyright on networks are unlikely to succeed. Vendors of shrink-wrapped software have tried
numerous technical means to prevent free duplication by the purchaser. All of these have failed,
typically because users refused to tolerate the restrictions these imposed on use and switched to
competitive vendors who did not impose such "user-hostile" schemes.

On a network, intellectual property is even more difficult to protect from duplication and
dissemination in violation of copyright. Once data is delivered to the user it leaves the copyright
owner's technical sphere of control. The situation is analogous to the hard-media world where
preventing copyright violation is not a technical requirement of copy machines, and the U.S.
Post Office and overnight mail services are not liable for dissemination of illegally reproduced
material through their services, as long as they are merely providing transport for the documents.
By contrast, in 1992 Kinko's Copies was successfully sued for "willingly and knowingly"
participating in a large-scale copyright violation. Thus, circumstances exist in which an entity
that knowingly facilitates egregious copyright violation, in either hard media or electronic
formats, could be held liable.

Software vendors attempt to control illegal redistribution through site licensing to organizational
purchasers, backed up with a combination of incentives and threat. Manuals, troubleshooting,
and other types of support are available only to registered owners of their products, while legal
actions increasingly are pursued against high-profile violators. The Software Publishers
Association took action against 577 organizations in 1993.

Such mechanisms do not translate easily to a network, where some of its users may be willing to
eschew vendor-supplied documentation and support in order to pay a cheaper (or no) price.
Also, redistribution over a network is faster and can be much more prolific, and harder to detect.

Electronic licensing technology now being developed can help control access in local, well-
managed environments. Auditing can be employed to detect some violations. But no
technology exists to fully protect against mass duplication/redistribution in environments that are
not centrally controlled.

C. Payment for initial distribution of
intellectual property can be assured with existing
mechanisms; technical methods to control re-use
are by no means guaranteed. There are adequate
technical means available to permit intellectual
property owners or their agents to charge for initial
distribution of data within a network environment.
Technical methods may be developed to control re-use
of intellectual properties, but are by no means
guaranteed. Although no technical "silver bullet" now
exists to prevent copyright violations, participants suggested at least two technical mechanisms
that might be developed:

1. Electronic copyright markings. A technical means could be devised to maintain
copyright markings on electronic information as it is distributed and redistributed.
Today, this problem often is addressed via simple textual labeling of the intellectual
property. More sophisticated methods could be developed, for example, by attaching
digital signatures to the property. It is not clear yet how to "engrave" the digital signature
onto a document or software so that it cannot be stripped by users, removing any
indication that the data is copyrighted.

2. Dedicated read-only devices. Rather than delivering copyrighted material to
users in a form which is processed and displayed on users' computers, the material might
be encoded so that it is viewable and searchable only on a user's dedicated reading
device, separate from the computer. This approach has obvious drawbacks that would
need to be rectified, including the problem of making such a system economically
feasible for end users and the possibility that it might be circumvented by technically
proficient users.

D. New paradigms of intellectual ownership
or management need to be devised to fit the
electronic marketplace. The notion of
"copyright" and the distinction between an initial
sale and subsequent sales of an intellectual
property probably should be re-examined for the
electronic marketplace.

Under the current system, intellectual property providers will price the original copy of their
products high enough to account for perceived lost revenue due to subsequent copying and
dissemination or low enough to remove the incentive for doing that. Two methods are typically
used:

1. Site licensing. A form of this practice is used in the software industry, where
pricing for large sites or user groups anticipates re-use of the product within the
organization without additional purchase. However, re-use is restricted to a certain
number of users and the licensee is liable for any violations incurred within the
organization. End users have both positive and negative incentives to comply, from
retaining the right to technical support and
software updates to avoiding litigation.

On networks, where re-use is difficult or
impossible to monitor, as well as potentially
unlimited, such attempts at restriction are
probably useful only in cases where the
intellectual property is time-sensitive -- that
is, it will lose most or all of its value after a
given period. In these cases, a method
could be devised to calculate probable
distribution throughout the network during
the limited time period and the fee
determined accordingly. Such pricing
could be tested on large organizational
customers, who may be presumed to
provide candid accounting for
dissemination within the organization.

Very elaborate technical schemes have been proposed to provide
very high assurance against unauthorized execution of software or
even against unauthorized duplication of data. However, these
schemes impose stringent security hardware requirements on
workstations and personal computers, and do not appear to be
economically feasible. There is insufficient motivation for the
developers of these computers to implement the requisite security
features, which would increase the cost of the computers.

2. Royalties. For intellectual property of lasting value, more traditional methods
may be in order. Without trying to control each transaction, a form of copyright
clearance could be devised in which users pay a royalty to a central enforcement agent.
This arrangement currently is employed by database providers such as Dialog and Nexis.

Participants noted that in the traditional publishing world, royalties for books usually
diminish to a low level a few years after publication. The same phenomenon is likely to
occur even more commonly, and more quickly, in electronic formats.

E. Intellectual property rights currently available for traditional media must be
ensured for electronic media as well; doing this is not trivial. Most information providers
will not make their products available on networks unless they can be assured of fair
compensation. This will require a paradigm shift among many current network users. On the
Internet, intellectual property rights traditionally have been governed by the same "fair use"
practices that infuse academic discourse. In this collegial atmosphere, disseminating intellectual
property broadly and without expense is considered
acceptable as long as the information is used only for
personal or academic purposes. When the information
is used for commercial purposes, however, users are
supposed to be bound by the same copyright
obligations that prevail for intellectual property on
physical media.

With most systems on the Internet, copying and
redistributing software is very easy. This multiform
arrangement has helped create "virtual communities"
conducting scientific collaboration across great
distances. But unauthorized software copying has
proliferated on the network, just as it has among
computer users in non-networked environments. The
software industry claims to lose $7.45 billion internationally and more than $1 billion
domestically of revenue each year from illegal copying on both networked and non-networked
systems.

Although it is easy to ensure that copyrighted material is legitimately acquired and paid for
initially, it is quite difficult to prevent subsequent redistribution that avoids royalty payments. 4 PROPOSALS

I. GOVERNANCE

Some of the governance recommendations produced by the NSF/GWU workshop correlate
closely with the Clinton administration's NII proposal. In many instances, however, workshop
discussions produced more detailed suggestions; in some cases, just the reverse was true.

A. Development of the national information
infrastructure should be market-driven, with
support from limited, appropriate government
policies. The national information infrastructure
should be constructed and managed by the private
sector. Government commitment is critical, but
federal policies should be limited to fostering
competition, helping balance public and private
interests, and ensuring universal and affordable
access to the network. Workshop participants
favored a market-driven approach to development,
with the government providing demand-side
subsidies to help drive development of the
information super highway system. These subsidies would give transport and service providers
indirect incentives to develop publicly accessible, advanced communication networks. The
Clinton administration's plan is in concert with these conclusions and offers detailed proposals
for the allocation of subsidies.

B. Government funding should be deployed efficiently to stimulate private-sector
development. Government subsidy is one mechanism for speeding the deployment of the
national information infrastructure. The workshop discussed the possibilities of both supply-side
subsidies (e.g., subsidizing the Internet or the NREN itself) and demand-side subsidies (e.g.,
subsidizing network users or application developers rather than network developers). Federal
and state governments currently provide some supply-side subsidies, while the telephone
companies favor demand-side subsidies.

The Clinton administration advocates both forms of federal funding. In a relatively limited
demand-side subsidy, the government would provide matching grants to schools and other non-
profit organizations to help them access universal networks. Recipients of this funding would
serve as models, demonstrating the benefits of networking to the educational and library
communities. The Administration also proposes supply-side funding in the form of research,
experimentation tax credits, and defense conversion.

C. Government and industry should construct a credible planning group now.
Workshop participants concluded that a joint government/private credible interdisciplinary
planning group was needed now to evaluate comprehensively the goals and harms that could
arise from the continual growth of network technology. It would wrestle with market
mechanisms, regulatory mechanisms, enforcement mechanisms, and education; propose
legislation, regulation, and private policy; and have the credibility to have its recommendations
implemented.

Workshop participants felt that a task force, while necessary, would not fill all necessary
functions. Complementary or alternative mechanisms that were proposed included:

1. A White House conference with representatives from all affected groups. This
could provide the advantages of high visibility and prestige, and would set in motion an
ongoing public/private collaboration aimed at helping the Administration make unified
decisions on information policy as it develops its technology agenda.

2. A private blue-ribbon commission. Again, this could provide visibility, prestige,
and quick results.

3. A temporary public study or policy commission with a limited mandate. The
Administration has created an interagency "Information Infrastructure Task Force" (IITF)
to work with Congress and the private sector. The mandate of this task force includes
creating consensus and implementing policies needed to speed deployment of the
national information infrastructure. The Clinton administration has formed the United
States Advisory Council on the National Information Infrastructure to facilitate private
sector input on the IITF. It represents the key constituencies impacted by the NII,
including business, labor, academia, public interest groups, and state and local
governments. The Council will advise the IITF on matters related to the development of
the NII, such as the appropriate roles of the private and public sectors in NII
development; a vision for the evolution of the NII and its public and commercial
applications; the impact of current and proposed regulatory regimes on the evolution of
the NII; privacy, security, and copyright issues; national strategies for maximizing
interconnection and itneroperability of communications networks; and universal access.

4. A
per
man
ent,
inte
r-
agen
cy
com
miss
ion or agency, with a broad mandate to study, regulate, and enforce policies related to
information and communications. Investigative and regulatory functions that are now
fragmented among numerous federal agencies could be centralized in this new body.

A permanent commission would carry several disadvantages, however. To succeed,
permanent government bodies must be driven by a perception of concrete harms that already
affect a significant portion of the electorate. This
situation does not exist today in the
communications sphere. Also, permanent
commissions require substantial capital
investments in time and money.

D. Government should immediately initiate
coordination between PSNs and the computer
networking community. One of the government's
first steps should be to bring together the two major
players -- the public switched networks and the
computer communications community (currently
represented by users and operators of the Internet) -
- to coordinate their activities in the public interest.
Currently, the two sides are moving forward
independently, in fits and starts, on technologies
and policies that sometimes clash in the short run
but which will have to be harmonized in the long run.
II. REDEFINING COMMON CARRIAGE

A new regulatory definition is needed to create an environment that promotes competition, limits
carriers' liability, and allows users to feel safe that their transmissions and transaction data will
not be used inappropriately for commercial or other purposes. Federal law and policies should
define a new, common carrier-like category of network service providers. It should include a
provision restricting dissemination of customers' transaction data to third parties. A new term
should be coined to distinguish the new definition from today's regulatory models, and should
apply equally to carriers that charge for their services and carriers that do not. (Today, many
commercial service providers offer free transmission or electronic mail in order to promote use
of their services or encourage participation in a special interest group.)

A. Federal policies should ensure universal access and non-discrimination of content.
At the workshop, participants agreed that when computer networks act as independent
transporters, moving data between other parties, they should adopt the common-carrier
obligations of universal access and non-discrimination of content. Despite the fact that the
national network will serve as the circulatory system of a highly competitive communications
marketplace -- and, as such, will be anything but monopolistic -- some participants felt that its
constituent nets should be subject to some regulation. In particular, they felt that computer
networks should be held to defined standards of access and service.

B. Federal policies should restrict carriers' liability. Transport providers should not be
held liable for the content of information they transmit between independent parties. (This
freedom from liability would not extend to enhanced service providers, who should be subject to
the same obscenity and libel restrictions as other originators of publicly disseminated
information.)

C. Federal policies should restrict re-use of personal information. All service providers
should be restricted from disseminating customers' transaction data to third parties without prior
authorization by the customer or by law.

D. Tariff regulations should be minimized or eliminated for network service providers.
The new regulatory definition should codify the obligations of service providers to file tariffs
with the FCC. These obligations should be minimal or non-existent, on the grounds that such
regulations could deter growth of a competitive market and curtail the number of services
offered in the national information infrastructure.
III. PRIVACY

Workshop participants generally felt that information that is collected about individuals in the
course of business should not be re-used or sold without the individual's explicit permission.
Indeed, many organizations already give their members or users this "opt-out" choice (although
most still "set the default" to "opt-in").

A. Service providers
should voluntarily adopt
a fair information
practices code. Some
participants felt that
telecommunications
providers and enhanced
service providers should
voluntarily develop and
publish a national code of
fair information practices
regarding use, access, and
control of transaction data.
The code would be
consistent with fair
information practices
principles (see Table 3) but
institutions could tailor
their implementations of
the code to their own
activities. Individuals
would have the leverage of being able to take their business to a competitive provider if a carrier
did not adhere to the code.

Participants suggested that service providers should disclose to their customers how transaction
data will be used and should restrict secondary use of transaction data, giving their customers
various options ranging from partial or complete restriction to royalty-based use.

Some participants wanted service providers to build control mechanisms into network
architecture to minimize the risk that personally identifiable information could be collected from
transaction data and employed for secondary uses.

B. The government should set up an information practices commission. The
government should take the lead in setting privacy policies. Many participants felt that the
federal government should set up an Information Practices Commission -- an oversight
commission or umbrella agency charged with monitoring and regulating information and
technology practices (including privacy), possibly modeled on European privacy commissions.

Participants were unwilling to specify exactly what form the commission should take -- in
particular, they were unwilling to recommend a permanent body. But they agreed that the
commission should be an interagency entity with a broad mandate to consolidate the
investigative and regulatory functions that now are spread piecemeal through the FCC and other
agencies. They strongly concurred that the commission should take a more active stance than
that of the current FCC, which many workshop participants felt has been overly passive in regard
to network policy issues and consequently has harmed both American business interests and
individual privacy. The new commission would initiate the discussions with affected groups and
review carriers' fair information practice policies.

C. The government could legislate minimum national standards for privacy. Some
minimum national standards might be legislated if a combination of voluntary codes and sector
regulations is not adequate to protect individuals' control over their identifying information.

1. Individuals' ownership of personal information should be strengthened, perhaps
by a rule of "habeas data" allowing an individual to subpoena all the data held on him or
her by an organization and to challenge the
accuracy of that data.

2. Regulations similar to the ban on
autodialers should be considered to control
the dissemination of intrusive information
over networks.

D. The government could establish user
royalties and a National Information Market (NIM). One participant suggested that previous
mechanisms to protect privacy in the United States have failed, and proposed development of
national electronic markets in personal information (See Appendix D: Kenneth Laudon, "Privacy
Beyond 2000").

In the NIMs:

1. Individuals would sell information about themselves at a market clearing price.
NIMs would be the only legal avenue for the transfer of information about individuals for
secondary purposes.

2. The markets would be self-supporting. A transfer tax would be charged and the
revenue used to support the marketplace infrastructure, enforcement of rules, and
monitoring activities. Some percent of the purchase price would also be returned to
individuals as revenue to compensate them for the use of "their" information and for their
cost of dealing with privacy invasion.

3. Participation would be voluntary. Participants might be able to trace the flow of
information about themselves, perhaps via a toll free 800 phone number.

4. A Federal Information Clearinghouse would create and monitor the NIMs,
develop data quality standards, develop privacy metrics, and advise Congress and the
White House about privacy matters.

Other participants argued that the market approach embodied in the NIM proposal would fail for
several reasons. In instances where individuals or companies have clear ownership rights -- for
example, in medical records, tax forms, or corporate employee records -- they contended that
market negotiations do not generally occur. Thus, an information market probably would not
produce freer or more efficient transactions than regulatory solutions would.

The transaction costs of direct marketing are high relative to the value they produce, while
inducements are low. Equifax experimented with a voluntary participation system similar to the
proposed National Information Market in 1990-92, called "Buyers Up." Consumers were invited
to state what kinds of direct mailings they would
and would not want to receive. They were offered
inducements to participate, in the form of discounts
and coupons. Equifax considered eventually
charging a small subscription fee. But the
experiment showed that consumers were unwilling
to pay to reduce their mailbox clutter, and
companies generally felt the cost/benefit ratio was
too high. Although Equifax's investment in the experiment was substantial, the bureau
abandoned Buyers Up after about 18 months.

John Baker, director of marketing at Equifax, scoffs at the idea of making royalty payments to
consumers. He believes that "Companies are not willing to spend much for [consumer data]
because there are so many other ways to get personal information, including the telephone book,
census data, and information about individuals which rightfully belongs to the companies they
do business with.... You can't centralize ownership completely with the individual." IV. SECURITY

A. The ECPA should be extended to electronic networks. Workshop participants
generally agreed that the Electronic Communications Privacy Act, which allows network
operators to monitor wire (i.e., voice) communication to guard against damage and fraud, should
be extended to wireless and electronic (i.e., data) communication.

B. Tradeoffs to cope with cryptographic advances must be openly discussed. Although
legal mechanisms exist that could allow the FBI and intelligence agencies to gain access to
cryptographic keys, such mechanisms are not foolproof and may be overridden by advances in
cryptography in some cases.

Many privacy advocates believe that cryptography should be completely unregulated, despite the
fact that it can pose a substantial obstacle to law enforcement and intelligence gathering. Several
participants at the workshop, however, argued that several schemes could be used to regulate
cryptography and protect legitimate law enforcement needs without unnecessarily compromising
the privacy and proprietary interests of citizens.

The workshop could not reach agreement about how to make appropriate tradeoffs between
personal privacy and law enforcement. Some participants supported the FBI's Digital Telephony
proposal (see Appendix F), which seeks to build surveillance capabilities into all existing and
future computers and networks at industry's expense. Others, however, felt strongly that the
intelligence and law enforcement communities should bear the full burden of gathering data.
Further, they argued that requiring a built-in tapping capability could dangerously limit
Americans' freedom and make American technology products non-competitive in foreign
markets. The workshop took place before the announcement of the federal government's
"Clipper" key-escrow encryption initiative.

The workshop participants felt that market forces, not legislative efforts, ultimately will drive the
development of crypto-security solutions. Some options discussed included:

1. Escrowed secret keys. Users would be required to register their secret keys with
an independent trustee, while cryptographic products would be designed to operate only
with keys that are certified as being escrowed.

2. Using relatively weak cryptographic codes that could be broken when necessary
by sophisticated intelligence equipment. Obviously, this solution would be unacceptable
in many contexts, such as corporate communications where industrial espionage is a
threat.

3. Regulating and licensing various levels of cryptographic systems. The chief
difficulty here might be in determining which levels of information warrant which levels
of security. Different types of information are collected for different purposes. An
overriding authority is needed, perhaps in a privacy commission, that can gauge
appropriate levels of security for each category of information.

4. Provider-generated session keys. Many cryptographic systems assign a "session
key" to each encrypted communications stream, which is needed to decrypt any
intercepted communication. The system usually destroys the session key after use.
However, if a service provider participates in setting up the protocol used to create the
key, the provider could then program the system to transmit the key to a remote
government monitoring facility in response to a court-ordered interception. The system
would still destroy the key after use.

5. No regulation. A completely unregulated market.

Many participants were unhappy with all of these technical options -- reflecting the fact that the
computer community has not been regulated and does not want to surrender its relative
autonomy. The dissent also spotlights the feeling of many experts that the time has come to
make value judgments and tradeoffs in order to accommodate the competing interests of law
enforcement and individual autonomy. The Information Practices Commission (see "Privacy,"
page 17) might be tasked with investigating these tradeoffs, since the discussion to date has
generated much passion but little solid data on which to base a societal decision. The 1993
Defense Appropriation Act authorized a study of this issue, to be performed by experts under the
auspices of the National Academy of Sciences, but it has not been started, seven months after
passage of the legislation.

Despite the sensitivity of much information about
cryptography and other network security issues, the
value questions they raise can be resolved only in a
democratic forum. Debates aimed at achieving a
satisfactory tradeoff between public and private
interests should be made public, and dialogue
between the parties needs to be candid and
conducted in good faith.

Each side's unfamiliarity with (and, in some cases, contempt for) the other's culture has slowed
progress. Until this culture gap is diminished, a "religious war" between the "unlimited-crypto"
and "law-and-order" camps is likely to continue.

C. Development of security policies that are uniform throughout the network should be
discouraged. Since the expectation is that hundreds of thousands of smaller networks, with
varying characteristics and subscriber needs, will comprise the national information
infrastructure, it is impractical and inappropriate to try to establish a uniform security policy for
all networks. The Internet exists (and prospers) under security guided by a variety of policies.
The information superhighway system should be modeled after the Internet.

D. Accountability must be balanced with anonymity. On a telephone network, the amount
of damage that can be perpetrated by a single user is limited by the number of calls that a
malefactor can make. On a computer network, no such inherent restriction exists.

Normally, user information on universal networks should be traceable so that perpetrators can be
held accountable for the damage they inflict. However, there also should be a means to assure
users' anonymity in isolated cases where invisibility is justified for extraordinary reasons -- for
example, to protect whistleblowers or persons with AIDS.

Unauthorized access could be controlled through billing systems that prevent users from
accessing the system without paying. The billing system could identify users by name, or could
avoid identification through some sort of electronic debiting system in which paying for access
would be as anonymous as buying a newspaper from a stand or making a call from a pay
telephone.

Most important, whenever anonymity is granted there should be a concomitant mechanism to
limit the functions that anonymous users can perform, in order to restrict any damage they might
perpetrate anonymously.

Accountability also needs to be determined in cases where personal information about an
individual is compromised while it is being used or transmitted by another party, such as a credit
bureau. The workshop did not produce specific recommendations on this issue.

E. International coordination is needed. International coordination is needed between the
security policies of the United States and its strategic partners.
V. INTELLECTUAL PROPERTY

A. Network cultural norms should more fully recognize the public benefits of
protecting intellectual property. The workshop agreed that, ideally, protection of intellectual
property rights in the national information infrastructure will be generally recognized as
beneficial to the community (as to some extent it is now on the Internet). The custom of making
copyrighted materials easy and inexpensive to duplicate, which characterized networks in the
1980s, could hamper the growth and richness of the national information infrastructure if it
deters information providers from making their products available at fair prices.

Education for the ethical use of computers could begin early in life, perhaps in
elementary school.

B. Intellectual property rights should be enforced in the national information
infrastructure by suitable legislation and use of supporting technical mechanisms.
Workshop participants agreed that the intellectual property rights that apply to information
distributed in physical form (paper, floppy disk, or CD-ROM, for example) should be preserved
when this property is distributed over networks.
GLOSSARY

Accountability: The property of being able to trace activities on a system to individuals, who
may then be held responsible for their actions.

ATM: Asynchronous Transfer Mode, a call-routing architecture for packet-switched networks
that is under development by the regional Bell operating companies and other common carriers.
ATM will provide switching services among networks at speeds up to 45,000 times faster than
those available on today's telephone lines. ATM disassembles information into "packets" that
are loaded onto telephone lines and reassembled electronically at the receiving end, much like
the Synchronous Transfer Mode (STM) format that prevails today. But unlike STM, ATM
parcels information into packets of uniform size, enabling the packets to pass smoothly from one
system to another -- for example, from a desktop computer to a local telephone wire to a long-
distance fiber-optic line -- without slowing down for "protocol conversion," or technical
translation, along the way.

Confidentiality: A status accorded to data that for, a defined reason, is deemed to be sensitive
and must be protected as such. "Protection" means not only safeguarding the data against
destruction or unauthorized change, but also limiting access to it only to authorized users.
"Authorized users" may be established by law, by regulation, by professional custom, by
organizational policy, by established historical uses, or by agreement among the members of
some organized community.

Enhanced Service Provider: A vendor of value-added information services on a network.

Integrity: The quality in a body of data, a system, a network, a message in transit through a
network, etc., of having the properties that are a priori expected of it. Note that such a definition
does not require absolute accuracy, freedom from errors, complete specification, etc., of the
entity in question. It only requires that whatever something was thought to be before the fact is
indeed what it proves to be after examination. In some contexts, integrity is taken to mean
assurance against unauthorized change. Since security safeguards control access, there is a clear
interplay between security and integrity. Some safeguards will contribute to both goals.

ISDN: Integrated Services Digital Network, a technology designed to inexpensively upgrade the
public switched telephone networks to accept digitally transmitted data, video, and graphic
media in addition to voice. Basic Rate ISDN offers transmission speeds up to 60 times faster
than those available on existing copper-line telephone networks. Some public interest groups,
particularly the Electronic Frontier Foundation, espouse ISDN as a low-cost way to bring
advanced communications to residential and commercial users in the short term (three to five
years), well before more expensive, fiber-optic digital networks become publicly available. But
ISDN also has numerous critics, who observe that demand for the service has been sporadic
since it became available a decade ago and disparage it as a solution in search of a problem.

Network: Use of the term is quite variable, especially to computer people who invoke it to
indicate local area networks (LANs), wide area networks (WANs), computer networks, or
networks of networks. For this report, "network" is defined in the sense historically used by the
telecommunications industry: a transportation mechanism for the movement of electronic
traffic. Its obligations are to move the traffic from originators of it to recipients chosen by the
originators (i.e., to provide connectivity among subscribers); to do so in a timely fashion; and to
deliver to the recipient the same information that was supplied by the originator, without loss of
integrity.

Privacy: In the data context, restriction of the use of personal information to certain prescribed
activities. Activities may be "proscribed" by law, by regulation, by organizational policy, by
professional custom, by established historical uses, or by the members of an organized
community. The intent is to protect individuals (as opposed to legal personages, such as
corporations in the United States) against harm or unwarranted intrusion. "Privacy is the claim
of individuals, groups, or institutions to determine for themselves when, how, and to what extent
information about them is communicated to others."

Security: The totality of safeguards that are present within and around a computer system or a
network to assure that there is no unauthorized disclosure, destruction, modification, or denial of
service within the system. Safeguards might include some or all of technological (software
and/or hardware), procedural, administrative, management, physical, or personnel mechanisms.
The salient feature of most safeguards is control of access -- to data, to a system, to a network.

Service Developer: An individual, group, or organization that develops hardware/software for
distribution or sale.

Threat: Any circumstance or event with the potential to compromise the security of a system.

Transport Provider: A vendor of basic transport services for operation of a network.
Generally refers to common carriers.

User: A person, organization, or other entity which requests access to and uses the resources of
a computer system or network.

Vendor: A commercial supplier of software or hardware.

Vulnerability: A weakness in system security procedures, system design, implementation,
internal controls, etc. that could be exploited to violate the system policy. BIBLIOGRAPHY

Computer Systems Policy Project. "Perspectives on the National Information Infrastructure:
CSPP's Vision and Recommendations for Action," Washington D.C., 1993.

Denning, Dorothy. "To Tap or Not to Tap," Communications of the ACM, Vol. 36 No. 3 (March
1993), pp. 26-33.

Electronic Frontier Foundation. "Analysis of the FBI Proposal Regarding Digital Telephony,"
paper presented at Third Conference on Computers, Freedom and Privacy, San Francisco
(March 1993), pp. 6.15-6.21.

Garcia, Linda D. "A National Communication and Information Policy: Reconciling the Issues,"
invited paper presented to the George Washington University/NSF Workshop on Policy
Questions Relating to Computer Networks, 1993 (see Appendix A).

Hoffman, Lance J. (ed.), Proceedings of the Second Conference on Computers, Freedom &
Privacy, March 18-20, 1992, Washington D.C., Association for Computing Machinery,
New York (1992).

Hoffman, Lance J. "Will 'Usually Secure' Cryptography Permit Bugging of the Digital
Network?," paper presented at Third Conference on Computers, Freedom and Privacy,
San Francisco (March 1993), pp. 6.22-6.24.

Hoffman, Lance J. "Bugging the Digital Network," Information Systems Security, Vol. 1 No. 4,
Winter 1993.

Hoffman, Lance J. "Reducing Society's Vulnerability as Computers and Networks Proliferate,"
Education and Society ed. R. Aiken. Information Processing 92 vol. II. Elsevier Science
Publishers. B.V. (North Holland): 1992.

Hoffman, Lance J. and Paul C. Clark. "Imminent Policy Considerations in the Design and
Management of National and International Computer Networks," IEEE Communications
Magazine, February 1991, pages 68-74.

Interuniversity Communications Council, Inc. (EDUCOM). Proceedings of the NREN
Workshop, Monterey, California, Sept. 16-18, 1992.

Kahin, Brian (ed.), Building Information Infrastructure: Issues in the Development of the
National Research and Education Network, McGraw-Hill Primis, New York, 1992.

Laudon, Kenneth C. "Privacy Beyond 2000," invited paper presented to the George Washington
University/NSF Workshop on Policy Questions Relating to Computer Networks, 1993
(see Appendix D).

Oldehoeft, Arthur E. "Foundations of a Security Policy for Use of the National Research and
Educational Network," NISTIR 4734, National Institute of Standards and Technology,
Washington, DC, 1992.

White House, Office of the President. "Technology for America's Economic Growth, A New
Direction to Build Economic Strength," February 22, 1993.

Ware, Willis H. "Security Considerations for Data Networks," invited paper presented to the
George Washington University/NSF Workshop on Policy Questions Relating to
Computer Networks, 1993 (see Appendix B).