Welcome
to Montreal, and to the 17th Annual Computers, Freedom and Privacy
Conference
May 1-4 2007 Hotel Hilton Bonaventure
This year the Chair and
Program Committee of CFP2007 chose as the theme Autonomy. Rarely has there been, in the history of this
annual gathering of experts and activists, a more sobering confluence of forces
that threaten freedom and liberty on the Internet and throughout the
Information Society. From travel
restrictions and profiling, to censorship and surveillance, whether caused by
political pressure and anxieties or the failure to develop technology in a way
that serves people first, the individual is facing a loss of autonomy.
If this is your first time
at CFP, you may wonder what it is. Not
just a conference, but not an organization either, it is a place where people
who are concerned about the present and future of our information society
gather to debate the issues. Read the history at www.cfp.org. Participate.
If you care about the way we are building our computers and
communications infrastructure, and you think you have a better idea, this is
your conference.
On Thursday night we will
be initiating our first "Salon", a discussion among distinguished experts about
where we are heading, with audience participation. We will also be recognizing two of the
foremost leaders in cryptography and computing, Whitfield Diffie and Ron
Rivest. Here are two individuals who
thought they had a better idea, ran with it and created a whole new world for
security and computing. They are the
first winners of the CFP Innovators' Award, and I urge you to be sure to attend
that evening.
As usual, the agenda for
this year is jammed with plenary sessions, breakout sessions, tutorials and
birds of a feather session, yet we still did not cover a number of the pressing
issues of the day. We hope that you will
use this conference as a networking opportunity, that you will meet people who
will stimulate you to get involved in the issues that affect us all in the
field of Computers, Freedom, and Privacy.
Chair CFP2007
Stephanie Perrin
Thanks to all of our Sponsors!
The Computers Freedom and
Privacy Conference is a non-profit adventure, run by volunteers. We try to keep the cost very low, to permit
students and non-profits to participate.
We also try to bring in guest speakers from around the globe to bring us
their perspectives on the Information Society, and we would not be able to do
any of these things without the generous support of our sponsors. This year we would like to thank the
following organizations who supported us. We would also like to thank several Canadian
federal departments: Industry Canada, recognizing it as a conference partner;
and the Office of the Privacy Commissioner and Service Canada for their support
of the work of the Chair and Program Committee.
AOL
ACM
Canadian
Internet Registration Authority (CIRA)
Center
for Democracy and Technology (CDT)
Electronic
Privacy Information Center (EPIC)
Google
Microsoft
Nymity
.ORG
Ponemon
Institute
Privacy
Journal
Privacy
International
Privacy
Times
Public
Interest Registry .ORG
Sun
International
Centre For Human Rights and Democratic Development
Tuesday May 1: Workshop and
Tutorials
Workshop 1: 9am-12pm and 1-4pm: "A Reasonable Expectation of
Privacy? You be the Judge!"
Presenters: Ian Kerr and colleagues
from the Anonymity Project: Carlisle
Adams, Jane Bailey, Jacquelyn Burkell, Jennifer Chandler, Carole Lucock, Dave
Matheson, Valerie Steeves
This workshop challenges the
limitations that the ‘reasonable expectation of privacy' standard adopted by
courts imposes on the privacy that we can expect in public places. In an interactive presentation of twin
decisions from the Supreme Courts of Canada and the United States, members of
the multi-disciplinary research team, On the Identity Trail
(http://idtrail.org), interrogate the use of various technologies to detect
evidence of abnormal or illegal activity.
Tutorial 1: 9am-12pm: Computer Forensics
Presenter: Simson L. Garfinkel
Computer forensics is the study of
information stored in computer systems for the purpose of learning what
happened to that computer at some point in the past, and for making a
convincing argument about what was learned in a court of law. Today computer
forensics covers five broad categories: hard drive forensics, memory forensics,
network forensics, document forensics, and software forensics. This tutorial will give the attendee an
in-depth understanding of computer forensics, including: the history of
computer forensics (celebrated cases); enough information about operating
systems to understand why forensic tools are possible, what they can do, and
their limits; modern forensic tools, including both open source and commercial;
and the legal environment that governs forensics in the US.
Tutorial 2: 9am-12pm: Cryptography, Security and Privacy on the
Internet
Presenter: Ian Goldberg
Users of personal computers are
exposed to many threats from Internet-based sources. Viruses, worms, and spam are a constant annoyance;
less well known are the threats of unknowingly becoming part of the botnets
which send them. In addition, all of
your online communication is potentially accessible to third parties, and their
use of the information they learn about you is beyond your control. In this tutorial, we will look at the
cryptographic techniques, the security tools, and the privacy-enhancing
technologies you can use to protect yourself online. We will discuss the principles of useful
security and privacy technologies and where these technologies may be headed in
the future.
Tutorial 3: 9am-12pm: Fundamental Freedoms: The Global Net and the
Canadian Charter of Rights, the US Constitution and European and international
human rights law
Presenters: Stanley Cohen, Peter Leuprecht
and Robert Ellis Smith
The Canadian analysis will examine
whether we live in countries that risk becoming ‘surveillance societies'. There will be a short description of Canada's
rights- protective constitutional arrangements.
This analysis will be refracted through the lens of what has been called
the "war on terror", to see
how well we are weathering repeated assaults on our personal privacy as our
nations are buffeted by threats from dangerous zealots emanating from the far
corners of the globe. Developments to be
surveyed include the evolution and expansion of surveillance techniques,
including: primitive techniques (such as dogs & roadblocks); video cameras;
RFID & GPS technology; biometrics & identity cards; and dataveillance
(including information acquisition, sharing, data matching & data mining).
The US analysis will explore which US
Constitutional principles protect individuals' activities on the Internet and
organizations' collection of personal information. This discussion will explore privacy, free
speech, searches and seizures, intellectual property, due process, and equal
protection as addressed in the Constitution of the US drafted in 1787 and the
first ten amendments enacted in 1791.
The discussion will show how courts have applied these principles to new
digital technology. It will then examine
the relevance of Constitutional rights to the new technologies of identity,
including biometrics, ID cards, and personal identification numbers.
The European analysis will explore the
fundamental principles of the Council of Europe and the European Union, i.e.
pluralistic democracy, rule of law and human rights. What are, from that point of view, the
opportunities and threats posed by Information and Communication Technologies
(ICTs)? As far as human rights are
concerned, this thread will deal in particular with the right to freedom of
expression, information and communication, the right to respect for private
life and correspondence and the right to education as well as with the issue of
ICT assisted forms of human rights violations.
The need for balance between competing rights will be emphasized. There should be a human rights
"proofing" of all key actions, decisions and technologies influencing
the information society. This discussion
will also broach the issue of access to ICTs and the question of whether they
are used to promote or to curtail cultural diversity.
Tutorial 4: 9am-12pm: Surveillance, the War on Drugs, the War on
Terror
Presenter: Eugene Oscapella
The privacy intrusions flowing from
the "war on drugs" have served as a template for the intrusions associated with
the "war on terrorism". In addition, the
symbiotic relationship that has developed between the war on drugs and the war
on terror ("If you use illegal drugs, you are financing terrorist groups.") is
being used as a justification for even greater levels of surveillance. In both cases, the legal and policy
approaches chosen to deal with the issue-illegal drugs or terrorism-has
resulted in ever-increasing levels of surveillance. This tutorial looks at the parallel privacy
consequences of adopting a law enforcement/security approach to these issues
Tutorial 5: 1pm-4pm: Wiretapping in the US and the UK
Presenters: Laura Donahue and Mark
Eckenwiler
This tutorial will examine the legal
aspects of wiretapping in the United States and the United
Kingdom. In the US, the Electronic Communications Privacy Act of
1986 (ECPA) governs
the acquisition and disclosure of information--e.g., electronic mail,
logs, and
subscriber identity--at the core of computer network privacy.
Unfortunately,
ECPA's intricacies have bedeviled commentators, leading one appeals
court to
call ECPA "famous (if not infamous) for its lack of clarity." The
US analysis of this tutorial for laypeople
will examine ECPA's rules, focusing especially on the rules governing
law
enforcement eavesdropping. Similarly,
the UK analysis will look at the legal authorities governing
surveillance in
the UK. Until recently, very few laws
governed police and intelligence service information-gathering
authorities in
the United Kingdom. Extraordinary stop
and search powers for terrorist-related offences, and warrants for
police
interference with property provided exceptions.
But physical searches of property conducted by the intelligence
services, the interception of communications, the use of electronic
bugs, and
the running of covert human intelligence sources operated under the
legislative
and judicial radars. Beginning in the
mid-1980s, the European Court began to raise objections to the lack of
safeguards and absence of any statutory framework. Yet each time
the Court has handed down a
significant finding against the United Kingdom, the state has responded
by, on
the surface, meeting the demands of the European Convention of Human
Rights,
and simultaneously expanding executive surveillance authorities.
Tutorial 6: 1pm-4pm: Data Matters: Technical Aspects of Privacy in
Communications and Privacy Preserving Data Analysis
Presenter: George Danezis
This tutorial will present traffic
analysis, data mining, and privacy controls. Access to traffic data, such as
who is talking to whom, for how long, and how often, is not protected by
conventional encryption and can in itself leak privacy sensitive information.
Furthermore access to such traffic data is often easier than content: it
requires less technical effort, is subject to lower level of legal protection
and with data retention regimes such traffic data can also be accessed
retrospectively. In the traffic analysis part of this tutorial we will present
the technical issues involved in collecting and analyzing traffic data to
extract sensitive information, as well as secure communication systems designed
to evade such surveillance. The privacy-preserving data analysis aspects of
this tutorial will explore approaches to protect data yet retain analytical
capabilities. Given a large collection of potentially sensitive information,
how can we accurately answer general questions about the data while preserving
the privacy of individual data items. We begin with a discussion of how privacy
or its loss can be defined and measured, and touch on some theoretical
limitations of privacy-preserving data analysis. Having established a framework and some
boundaries, we then evaluate several traditional and emerging approaches.
Tutorial 7: 1pm-4pm: Security and Privacy Concerns with Electronic
Health Information
Presenters: Patricia Kosseim and Brian
O'Higgins
This tutorial will present the
technology and policy issues of electronic health record (EHR) and other
e-health information systems, with the policy issues focusing on the Canadian
EHR landscape. Electronic health information systems are currently undergoing
rapid deployment, and as they incorporate advances in IT for new features and
benefits, risk to patient privacy increases.
The technology discussion of this tutorial will consider these new IT
risks and how they impact the security and privacy of medical records. Security technologies that are relevant to
mitigating these risks will be reviewed.
The eHealth Vulnerability Reporting Program, an industry initiative to
evaluate some of the new threats and risks to eHealth systems, will also be
reviewed and learning results summarized.
The policy component of this tutorial will explore in more depth how
Pan-Canadian, interoperable electronic health record (EHR) systems present
exciting promise and opportunity for payers, managers, providers, researchers
and users of the health system. In
exploring the associated privacy issues, the following legal and policy
challenges will be discussed:
jurisdictional issues arising from
trans-border data-flows;
accountability among various players
in the system; secondary use of EHR data for multiple purposes; and practical
implementation and compliance measures.
Tutorial 8: 1pm-5pm ID
Management techniques
Christian Paquin, Alice Sturgeon, Guy Herriges, moderator
Stanley Trepetin
his tutorial will give an overview of
current industry initiatives and trends in digital identity management,
including policy implications in the government sector. We will discuss the
pros and cons with regard to security and privacy of three main trends:
centralized identity management, federated identity management, and
user-centric identity management. We will also present on the implications of
all three approaches at the application level, focusing on e-government,
e-health, trusted computing, and consumer identity management. Topics that will
be discussed in detail include Windows CardSpace, SAML, the Liberty Alliance
efforts, "lightweight" identity management efforts for social
networking, and government efforts for government online. For the government
context in particular, policy implications of errors, anonymity, and other
issues connected to digital identity will be explored.
The emphasis of this tutorial is to
provide an objective review of pros and cons, focusing on implications of the
different approaches in different contexts, especially government. As with most
technologies, no identity technology is good or bad per se; it is the context
in which they are used that determines any negative side effects.
This tutorial will be moderated and be
presented in English and French.
Wednesday May 2:
Outremont Room
8:30 Conference Opening:
Stephanie Perrin, 2007 Chair
Opening Remarks: Jennifer Stoddart, Privacy Commissioner of Canada
9:00 Panel:
Where People and the Surveillance Society Collide
-
Lillie Coney, Associate
Director Electronic Privacy Information Center, moderator
-
Dave Jamieson, free lance
reporter
-
Mara Keisling, Executive
Director, National Center for Transgender Equity
-
Russell Roundpoint, Chief
Administrative Officer, Mohawk Council of Akwasasne
10:30 Break
11:00
Panel: The Digital Divide (La
fracture numerique)
-
Monique Chartrand, Directrice
Generale du Communautique
-
Pierrot Peladeau, Centre
Bioethique de Montreal, Institut de Recherches Clinique de Montreal
- Denis Boudreau, Director WebConforme
- Cherkaoui
Ferdous, Solidarité rurale du Québec
- Christian
Vaillant, CLÉ-Montréal
- Michel
Dumais, CIBL
12:30 Lunch with breakout
sessions
pick up a boxed lunch and take it to
the session of your choice
1. Privacy, Autonomy and Social Welfare
-
Guilherme Roschke, Electronic
Privacy Information Center, moderator
-
Cynthia Fraser, National Coalition
to end Domestic Violence
-
Shoshana Magnet, University of
Ottawa
-
Jim Harper, Cato Institute
-
Deborah Peel, Patient Privacy
Rights
2. Hot Spots are Chilly for Free Speech
-
Nicole Ozer, ACLU, moderator
-
Travis Brandon, Stanford Law
School
-
Andrew Clement, University of
Toronto Faculty of Information Studies
3. Training Programs in Human Rights and IT Security
-
Robert Guerra, Privaterra,
moderator
-
Ginger Paque, Diplo Foundation
-
Dmitri Viatliev, Frontline,
International Foundation for the Protection of Human Rights Defenders, Dublin
4. Digital
Rights Management Technologies and Consumer
Privacy: A
Canadian Market Survey and Privacy
Impact Assessment
- David Fewer,
Staff Counsel, Canadian Internet Policy & Public Interest Clinic (CIPPIC)
- Phil Gauvin,
CIPPIC
- Kris
Constable, CIPPIC
- Kiernan
Murphy, CIPPIC
2:30 Panel:
Online Speech and the Digital Millennium Copyright Act
-
Jason Schultz, Staff Attorney
Electronic Frontier Foundation, moderator
-
Corynne McSherry, Staff
Attorney Electronic Frontier Foundation
-
David Fewer, Canadian Internet
Policy & Public Interest Clinic
-
Casey McKinnon, Producer,
Galacticast
-
Glenn Otis Brown, Products
Counsel, Google Inc.
-
Mark Perry, Associate
Professor, Faculty of Science, Computer Science and the Faculty of Law at The
University of Western Ontario
3:30 Break
3:45 Keynote
Speaker: Kim Cameron, Microsoft:
Reinventing Identity on the
Internet
4:45 Panel: 10
Years of Internet Content Regulation in Europe: Empowering or Infantilizing
Citizens?
-
Maryem Marzouki, European
Digital Rights and
-
Rikke Frank Jørgensen, Danish
Institute for Human Rights
-
Arnaud Amouroux, Office of the
Representative on Freedom of the Medias, OSCE
6:00 Reception
Westmount room, cash bar
6:30 Privacy
International's North American Big Brother Awards
Outremont room
-
Simon Davies, Director Privacy
International
-
This year's winners of the Big
Brother awards, and the Winston awards
7:30 Dine
around at a selection of Montreal restaurants with Birds of a
Feather sessions (BOF)
Join the group discussion you are most
interested in, and continue presentations back at the hotel. Partial list of BOFs:
-
The digital divide with
Communautique, La ligue des Droits et Libertes, and partners
-
Online security and TOR
-
Id management with Stefan
Brands, Caspar Bowden, and others
-
Telecommunications policy with
Leslie Regan Shade and Marita Moll
-
Hactivism with Ruffin Oxblood,
Dhondup Namgyal, Dimitri Vitaliev
-
Data Retention in Europe, and
the struggle in the Courts, with Ralf Bendrath, Rikke Jorgensen, Meryem
Marzouki, and Ville Oksanen
Thursday May 3
8:30 Panel: No
Fly Lists in the United States and Canada
-
Colin Bennett, University of Victoria, moderator
-
Lyn Rahilly, Privacy Officer
for the Terrorist Screening Center, Department of Homeland Security
-
Jim Bronskill, Canadian Press
-
Maureen Webb, International
Civil Liberties Monitoring Group
-
Tim Edgar, Deputy Civil
Liberties Protection Officer, US Office of the Director of National
Intelligence
-
Stephen McCammon, Ontario
Information and Privacy Commissoner's Office
10:15 Break
10:45
Panel: Wiretapping the Greek
Government - Who Tapped Whom, When, and How?
-
Diomidis Spinellis, Athens
University
-
Matt Blaze, University of
Pennsylvania
12:00 Lunch and Breakout
Sessions
1. Your Reputation Precedes You: The Transfer of EU Passenger Name
Records to U.S. and Canada
-
Allison Knight, Electronic
Privacy Information Center, moderator,
-
Kenneth Mortensen, Acting Chief
of Staff, US Department of Homeland Security Privacy Office
-
Ed Hasbrouck
-
Bob Davidson, International Air
Transport Association
2. Behavioural Targeting in Online Advertising
-
Chris Hoofnagle, Boalt Law
School
-
Kim Howell, Microsoft
-
Jeff Chester, Center for
Digital Democracy
-
Mike Zaneis, Interactive
Advertising Bureau
3. Spyware and Stalking
-
Ari Schwartz, Center for
Democracy and Technology
-
Michael Kaiser, Director of
Programs at the National Center for Victims of Crime
-
Cindy Southworth, Founder and
Director of Safety Net: the National Safe & Strategic Technology Project at
the National Network to End Domestic Violence
-
Jules Polonetsky, Chief Privacy
Officer and Senior Vice President Consumer Affairs, AOL
- Neil Schwartzman, The Canadian
Coalition Against Unsolicited Commercial Email
4. Who Are You? Principles,
Policies, and Practicalities of ID Management
-
Andrew Clement, University of
Toronto
-
Krista Boa, University of
Toronto
-
Simon Davies, Privacy
International, London
-
Gus Hosein, London School of
Economics
-
Barry Steinhardt, American
Civil Liberties Union
1:30 Panel: US Government's
Suspicionless Surveillance Program
-
Lee Tien, Electronic Frontier
Foundation
-
Randy Gainer, co-counsel for
the plaintiffs in ACLU v. National Security Agency
-
Peggy Whipple, Chief Litigation
Attorney for the Missouri Public Service Commission
2:45
Break
3:15
Panel: Ubiquitous Computing in
the Retail Store of the Future
-
Sarah Spiekermann, Humboldt
University Berlin
-
Trevor Pierce, former standards
director of EPCGlobal
-
Kevin Fu, University of
Massachusetts Amherst
-
Ian Kerr, University of Ottawa
Law School
-
Elliott Maxwell, EPCGlobal
4:30
Panel: Health Information
-
Alex Fowler, Price Waterhouse
Coopers, moderator
-
Latanya Sweeney, Carnegie
Mellon (invited)
-
Bobbi Bonnet, Security and
Compliance Officer, HealthConnect, Kaiser Permanente
-
Pierrot Peladeau, Centre
Bioethique de Montreal, Institut de Recherches Clinique de Montreal
-
Marcel Nouvet, Health Canada
5:30 Hactivism Using Technology To Improve Human Rights
- Oxblood Ruffin,
Executive Director Hactivismo, Cult of the Dead Cow
- Dhondup
"Dhonam" Namgyal, Tibetan Technology Centre
- Eric
Grim, attorney
- Dmitri
Vitaliev, Tactical Tech and Front Line Defenders
7:00 Dinner
7:45 Dinner
Speaker: Michael Geist, University of Ottawa: the Future of the Internet
8:30 Salon:
Armchair Discussion with Leaders in Computing and the Internet
-
Whitfield Diffie, Sun
Microsystems
-
Ron Rivest, MIT
-
Marc Rotenberg, Electronic
Privacy Information Center
Friday May 4
8:30 Keynote
Speaker: Bruce Schneier Fear and
Security
9:15
Panel: Digital Identity on the
Internet: Boon or Nightmare?
-
Paul Madsen, Liberty Alliance
-
Caspar Bowden, Microsoft
-
Ralf Bendrath, University of
Bremen
-
Stefan Brands, Credentica and
McGill University
-
Simon Davies, Privacy
International
10:45 Break
11:00
Panel: Electronic Voting
Integrity
-
Peter Neumann, SRI
International, moderator
-
David Chaum, Surevote
-
Lillie Coney, Electronic
Privacy Information Center
-
Doug Jones
-
Barbara Simons, former Chair,
ACM
-
Ron Rivest, MIT
12:30 Lunch and Breakout Sessions
1. What do you get through Access to Information (FOI)?
-
Harry Hammitt, Access Reports
-
Jim Bronskill, Canadian Press
-
Marcia Hofmann, Electronic
Frontier Foundation
-
Ken Rubin, Researcher
-
Ross Hodgins, ATIP Coordinator
Health Canada
2. Identity on Web 2.0
-
Ralf Bendrath, University of
Bremen
-
Udo Neitzel
3. Software Download Basics
-
Nathan Good
-
Others to be confirmed
4. WHO IS, and other ICANN Issues
-
Robert Guerra, Privaterra,
moderator
-
David Maher, Public Interest
Registry
-
Bernard Turcotte, CIRA
-
Other TBA
2:30 Panel:
Data Mining, Data Integrity, Data Fusion, Data Management
A series of discussions on responsible
information management
-
Larry Ponemon, Ponemon
Institute
-
Yim Chan, IBM
-
Charles Giordano, Bell Canada
-
Janet Chapman, Charles Schwab
-
Rena Mears, Deloitte
-
Stewart Shapiro, Mitre
-
Robert Ellis Smith, Privacy
Journal
4:00 Panel: Engaging Privacy and Information Technology
in a Digital Age: Discussion on the findings of the report of the National
Research Council (US)
-
James Waldo, Distinguished
Engineer, Sun Microsystems
-
Janey Place, CEO of
DigitalThinking
-
Herb Lin, Senior Scientist at
the Computer Science and Telecommunications Board, Study Director
-
Susan Landau, Sun Microsystems
-
Lee Tien, Electronic Frontier
Foundation
5:15 Conference
Closing Remarks
-
Stephanie Perrin 2007 Chair