Contact cfp2007@gmail.com for information on CFP2007 sponsorship opportunities.
Important Dates
  • early bird rates for registration until April 10.
  • Special hotel rate of $185 Canadian, taxes not included, expires on April 1
  • US citizens arriving by air require a passport, and passport application processing times are now up to three weeks due to high volume.
  • Contact Us

    Info about conference:

    To sponsor:

    Welcome to Montreal, and to the 17th Annual Computers, Freedom and Privacy Conference

    May 1-4 2007 Hotel Hilton Bonaventure


    This year the Chair and Program Committee of CFP2007 chose as the theme Autonomy.  Rarely has there been, in the history of this annual gathering of experts and activists, a more sobering confluence of forces that threaten freedom and liberty on the Internet and throughout the Information Society.  From travel restrictions and profiling, to censorship and surveillance, whether caused by political pressure and anxieties or the failure to develop technology in a way that serves people first, the individual is facing a loss of autonomy. 


    If this is your first time at CFP, you may wonder what it is.  Not just a conference, but not an organization either, it is a place where people who are concerned about the present and future of our information society gather to debate the issues. Read the history at www.cfp.org.  Participate.  If you care about the way we are building our computers and communications infrastructure, and you think you have a better idea, this is your conference. 


    On Thursday night we will be initiating our first "Salon", a discussion among distinguished experts about where we are heading, with audience participation.  We will also be recognizing two of the foremost leaders in cryptography and computing, Whitfield Diffie and Ron Rivest.  Here are two individuals who thought they had a better idea, ran with it and created a whole new world for security and computing.  They are the first winners of the CFP Innovators' Award, and I urge you to be sure to attend that evening.


    As usual, the agenda for this year is jammed with plenary sessions, breakout sessions, tutorials and birds of a feather session, yet we still did not cover a number of the pressing issues of the day.  We hope that you will use this conference as a networking opportunity, that you will meet people who will stimulate you to get involved in the issues that affect us all in the field of Computers, Freedom, and Privacy. 


    Chair CFP2007


    Stephanie Perrin

    Thanks to all of our Sponsors!


    The Computers Freedom and Privacy Conference is a non-profit adventure, run by volunteers.  We try to keep the cost very low, to permit students and non-profits to participate.  We also try to bring in guest speakers from around the globe to bring us their perspectives on the Information Society, and we would not be able to do any of these things without the generous support of our sponsors.  This year we would like to thank the following organizations who supported us. We would also like to thank several Canadian federal departments: Industry Canada, recognizing it as a conference partner; and the Office of the Privacy Commissioner and Service Canada for their support of the work of the Chair and Program Committee.




    Canadian Internet Registration Authority (CIRA)

    Center for Democracy and Technology (CDT)

    Electronic Privacy Information Center (EPIC)





    Ponemon Institute

    Privacy Journal

    Privacy International

    Privacy Times

    Public Interest Registry  .ORG


    International Centre For Human Rights and Democratic Development


    Tuesday May 1:  Workshop and Tutorials

    Workshop 1: 9am-12pm and 1-4pm: "A Reasonable Expectation of Privacy?  You be the Judge!"


    Presenters: Ian Kerr and colleagues from the Anonymity Project:  Carlisle Adams, Jane Bailey, Jacquelyn Burkell, Jennifer Chandler, Carole Lucock, Dave Matheson, Valerie Steeves


    This workshop challenges the limitations that the ‘reasonable expectation of privacy' standard adopted by courts imposes on the privacy that we can expect in public places.  In an interactive presentation of twin decisions from the Supreme Courts of Canada and the United States, members of the multi-disciplinary research team, On the Identity Trail (http://idtrail.org), interrogate the use of various technologies to detect evidence of abnormal or illegal activity.


     Tutorial 1: 9am-12pm: Computer Forensics


    Presenter: Simson L. Garfinkel


    Computer forensics is the study of information stored in computer systems for the purpose of learning what happened to that computer at some point in the past, and for making a convincing argument about what was learned in a court of law. Today computer forensics covers five broad categories: hard drive forensics, memory forensics, network forensics, document forensics, and software forensics.  This tutorial will give the attendee an in-depth understanding of computer forensics, including: the history of computer forensics (celebrated cases); enough information about operating systems to understand why forensic tools are possible, what they can do, and their limits; modern forensic tools, including both open source and commercial; and the legal environment that governs forensics in the US.



    Tutorial 2: 9am-12pm: Cryptography, Security and Privacy on the Internet


    Presenter: Ian Goldberg


    Users of personal computers are exposed to many threats from Internet-based sources.  Viruses, worms, and spam are a constant annoyance; less well known are the threats of unknowingly becoming part of the botnets which send them.  In addition, all of your online communication is potentially accessible to third parties, and their use of the information they learn about you is beyond your control.  In this tutorial, we will look at the cryptographic techniques, the security tools, and the privacy-enhancing technologies you can use to protect yourself online.  We will discuss the principles of useful security and privacy technologies and where these technologies may be headed in the future.


    Tutorial 3: 9am-12pm: Fundamental Freedoms: The Global Net and the Canadian Charter of Rights, the US Constitution and European and international human rights law


    Presenters: Stanley Cohen, Peter Leuprecht and Robert Ellis Smith


    The Canadian analysis will examine whether we live in countries that risk becoming ‘surveillance societies'.  There will be a short description of Canada's rights- protective constitutional arrangements.  This analysis will be refracted through the lens of what has been called the "war on terror",  to see how well we are weathering repeated assaults on our personal privacy as our nations are buffeted by threats from dangerous zealots emanating from the far corners of the globe.  Developments to be surveyed include the evolution and expansion of surveillance techniques, including: primitive techniques (such as dogs & roadblocks); video cameras; RFID & GPS technology; biometrics & identity cards; and dataveillance (including information acquisition, sharing, data matching & data mining).


    The US analysis will explore which US Constitutional principles protect individuals' activities on the Internet and organizations' collection of personal information.  This discussion will explore privacy, free speech, searches and seizures, intellectual property, due process, and equal protection as addressed in the Constitution of the US drafted in 1787 and the first ten amendments enacted in 1791.  The discussion will show how courts have applied these principles to new digital technology.  It will then examine the relevance of Constitutional rights to the new technologies of identity, including biometrics, ID cards, and personal identification numbers.

    The European analysis will explore the fundamental principles of the Council of Europe and the European Union, i.e. pluralistic democracy, rule of law and human rights.  What are, from that point of view, the opportunities and threats posed by Information and Communication Technologies (ICTs)?  As far as human rights are concerned, this thread will deal in particular with the right to freedom of expression, information and communication, the right to respect for private life and correspondence and the right to education as well as with the issue of ICT assisted forms of human rights violations.  The need for balance between competing rights will be emphasized.  There should be a human rights "proofing" of all key actions, decisions and technologies influencing the information society.  This discussion will also broach the issue of access to ICTs and the question of whether they are used to promote or to curtail cultural diversity.


    Tutorial 4: 9am-12pm: Surveillance, the War on Drugs, the War on Terror


    Presenter: Eugene Oscapella


    The privacy intrusions flowing from the "war on drugs" have served as a template for the intrusions associated with the "war on terrorism".  In addition, the symbiotic relationship that has developed between the war on drugs and the war on terror ("If you use illegal drugs, you are financing terrorist groups.") is being used as a justification for even greater levels of surveillance.  In both cases, the legal and policy approaches chosen to deal with the issue-illegal drugs or terrorism-has resulted in ever-increasing levels of surveillance.  This tutorial looks at the parallel privacy consequences of adopting a law enforcement/security approach to these issues


    Tutorial 5: 1pm-4pm: Wiretapping in the US and the UK


    Presenters: Laura Donahue and Mark Eckenwiler


    This tutorial will examine the legal aspects of wiretapping in the United States and the United Kingdom.  In the US, the Electronic Communications Privacy Act of 1986 (ECPA) governs the acquisition and disclosure of information--e.g., electronic mail, logs, and subscriber identity--at the core of computer network privacy. Unfortunately, ECPA's intricacies have bedeviled commentators, leading one appeals court to call ECPA "famous (if not infamous) for its lack of clarity."  The US analysis of this tutorial for laypeople will examine ECPA's rules, focusing especially on the rules governing law enforcement eavesdropping.  Similarly, the UK analysis will look at the legal authorities governing surveillance in the UK.  Until recently, very few laws governed police and intelligence service information-gathering authorities in the United Kingdom.  Extraordinary stop and search powers for terrorist-related offences, and warrants for police interference with property provided exceptions.  But physical searches of property conducted by the intelligence services, the interception of communications, the use of electronic bugs, and the running of covert human intelligence sources operated under the legislative and judicial radars.  Beginning in the mid-1980s, the European Court began to raise objections to the lack of safeguards and absence of any statutory framework.  Yet each time the Court has handed down a significant finding against the United Kingdom, the state has responded by, on the surface, meeting the demands of the European Convention of Human Rights, and simultaneously expanding executive surveillance authorities.


    Tutorial 6: 1pm-4pm: Data Matters: Technical Aspects of Privacy in Communications and Privacy Preserving Data Analysis


    Presenter: George Danezis


    This tutorial will present traffic analysis, data mining, and privacy controls. Access to traffic data, such as who is talking to whom, for how long, and how often, is not protected by conventional encryption and can in itself leak privacy sensitive information. Furthermore access to such traffic data is often easier than content: it requires less technical effort, is subject to lower level of legal protection and with data retention regimes such traffic data can also be accessed retrospectively. In the traffic analysis part of this tutorial we will present the technical issues involved in collecting and analyzing traffic data to extract sensitive information, as well as secure communication systems designed to evade such surveillance. The privacy-preserving data analysis aspects of this tutorial will explore approaches to protect data yet retain analytical capabilities. Given a large collection of potentially sensitive information, how can we accurately answer general questions about the data while preserving the privacy of individual data items. We begin with a discussion of how privacy or its loss can be defined and measured, and touch on some theoretical limitations of privacy-preserving data analysis.  Having established a framework and some boundaries, we then evaluate several traditional and emerging approaches.


    Tutorial 7: 1pm-4pm: Security and Privacy Concerns with Electronic Health Information


    Presenters: Patricia Kosseim and Brian O'Higgins


    This tutorial will present the technology and policy issues of electronic health record (EHR) and other e-health information systems, with the policy issues focusing on the Canadian EHR landscape. Electronic health information systems are currently undergoing rapid deployment, and as they incorporate advances in IT for new features and benefits, risk to patient privacy increases.  The technology discussion of this tutorial will consider these new IT risks and how they impact the security and privacy of medical records.  Security technologies that are relevant to mitigating these risks will be reviewed.  The eHealth Vulnerability Reporting Program, an industry initiative to evaluate some of the new threats and risks to eHealth systems, will also be reviewed and learning results summarized.  The policy component of this tutorial will explore in more depth how Pan-Canadian, interoperable electronic health record (EHR) systems present exciting promise and opportunity for payers, managers, providers, researchers and users of the health system.  In exploring the associated privacy issues, the following legal and policy challenges will be discussed:

    jurisdictional issues arising from trans-border data-flows;

    accountability among various players in the system; secondary use of EHR data for multiple purposes; and practical implementation and compliance measures. 


    Tutorial 8:  1pm-5pm ID Management techniques


    Christian Paquin,  Alice Sturgeon, Guy Herriges, moderator Stanley Trepetin


    his tutorial will give an overview of current industry initiatives and trends in digital identity management, including policy implications in the government sector. We will discuss the pros and cons with regard to security and privacy of three main trends: centralized identity management, federated identity management, and user-centric identity management. We will also present on the implications of all three approaches at the application level, focusing on e-government, e-health, trusted computing, and consumer identity management. Topics that will be discussed in detail include Windows CardSpace, SAML, the Liberty Alliance efforts, "lightweight" identity management efforts for social networking, and government efforts for government online. For the government context in particular, policy implications of errors, anonymity, and other issues connected to digital identity will be explored.


    The emphasis of this tutorial is to provide an objective review of pros and cons, focusing on implications of the different approaches in different contexts, especially government. As with most technologies, no identity technology is good or bad per se; it is the context in which they are used that determines any negative side effects.


    This tutorial will be moderated and be presented in English and French.


    Wednesday May 2:

    Outremont Room

    8:30 Conference Opening:  Stephanie Perrin, 2007 Chair


    Opening Remarks: Jennifer Stoddart, Privacy Commissioner of Canada


    9:00  Panel: Where People and the Surveillance Society Collide

    • Lillie Coney, Associate Director Electronic Privacy Information Center, moderator
    • Dave Jamieson, free lance reporter
    • Mara Keisling, Executive Director, National Center for Transgender Equity
    • Russell Roundpoint, Chief Administrative Officer, Mohawk Council of Akwasasne


    10:30  Break


    11:00  Panel:  The Digital Divide (La fracture numerique)

    • Monique Chartrand, Directrice Generale du Communautique
    • Pierrot Peladeau, Centre Bioethique de Montreal, Institut de Recherches Clinique de Montreal
    • Denis Boudreau, Director WebConforme
    • Cherkaoui Ferdous, Solidarité rurale du Québec
    • Christian Vaillant, CLÉ-Montréal
    • Michel Dumais, CIBL


    12:30  Lunch with breakout sessions

    pick up a boxed lunch and take it to the session of your choice


       1. Privacy, Autonomy and Social Welfare

    • Guilherme Roschke, Electronic Privacy Information Center, moderator
    • Cynthia Fraser, National Coalition to end Domestic Violence
    • Shoshana Magnet, University of Ottawa
    • Jim Harper, Cato Institute
    • Deborah Peel, Patient Privacy Rights


       2. Hot Spots are Chilly for Free Speech

    • Nicole Ozer, ACLU, moderator
    • Travis Brandon, Stanford Law School
    • Andrew Clement, University of Toronto Faculty of Information Studies


       3. Training Programs in Human Rights and IT Security

    • Robert Guerra, Privaterra, moderator
    • Ginger Paque, Diplo Foundation
    • Dmitri Viatliev, Frontline, International Foundation for the Protection of Human Rights Defenders, Dublin


       4. Digital Rights Management Technologies and Consumer Privacy:  A           Canadian Market Survey and Privacy Impact Assessment

    • David Fewer, Staff Counsel, Canadian Internet Policy & Public Interest Clinic (CIPPIC)
    • Phil Gauvin, CIPPIC
    • Kris Constable, CIPPIC
    • Kiernan Murphy, CIPPIC


     2:30  Panel:  Online Speech and the Digital Millennium Copyright Act

    • Jason Schultz, Staff Attorney Electronic Frontier Foundation, moderator
    • Corynne McSherry, Staff Attorney Electronic Frontier Foundation
    • David Fewer, Canadian Internet Policy & Public Interest Clinic
    • Casey McKinnon, Producer, Galacticast
    • Glenn Otis Brown, Products Counsel, Google Inc.
    • Mark Perry, Associate Professor, Faculty of Science, Computer Science and the Faculty of Law at The University of Western Ontario


    3:30  Break


    3:45  Keynote Speaker:  Kim Cameron, Microsoft: Reinventing Identity on the  Internet 


    4:45  Panel: 10 Years of Internet Content Regulation in Europe: Empowering or Infantilizing Citizens?

    • Maryem Marzouki, European Digital Rights and
    • Rikke Frank Jørgensen, Danish Institute for Human Rights
    • Arnaud Amouroux, Office of the Representative on Freedom of the Medias, OSCE


    6:00  Reception

    Westmount room, cash bar


    6:30  Privacy International's North American Big Brother Awards

    Outremont room

    • Simon Davies, Director Privacy International
    • This year's winners of the Big Brother awards, and the Winston awards


    7:30  Dine around at a selection of Montreal restaurants with Birds of a Feather sessions (BOF)


    Join the group discussion you are most interested in, and continue presentations back at the hotel.  Partial list of BOFs:

    • The digital divide with Communautique, La ligue des Droits et Libertes, and partners
    • Online security and TOR
    • Id management with Stefan Brands, Caspar Bowden, and others
    • Telecommunications policy with Leslie Regan Shade and Marita Moll
    • Hactivism with Ruffin Oxblood, Dhondup Namgyal, Dimitri Vitaliev
    • Data Retention in Europe, and the struggle in the Courts, with Ralf Bendrath, Rikke Jorgensen, Meryem Marzouki, and Ville Oksanen


    Thursday May 3


    8:30  Panel: No Fly Lists in the United States and Canada

    • Colin Bennett, University of Victoria, moderator
    • Lyn Rahilly, Privacy Officer for the Terrorist Screening Center, Department of Homeland Security
    • Jim Bronskill, Canadian Press
    • Maureen Webb, International Civil Liberties Monitoring Group
    • Tim Edgar, Deputy Civil Liberties Protection Officer, US Office of the Director of National Intelligence
    • Stephen McCammon, Ontario Information and Privacy Commissoner's Office


    10:15  Break


    10:45  Panel:  Wiretapping the Greek Government - Who Tapped Whom, When, and How?

    • Diomidis Spinellis, Athens University
    • Matt Blaze, University of Pennsylvania


    12:00  Lunch and Breakout Sessions


       1. Your Reputation Precedes You: The Transfer of EU Passenger Name Records to U.S. and Canada

    • Allison Knight, Electronic Privacy Information Center, moderator,
    • Kenneth Mortensen, Acting Chief of Staff, US Department of Homeland Security Privacy Office
    • Ed Hasbrouck
    • Bob Davidson, International Air Transport Association


       2. Behavioural Targeting in Online Advertising

    • Chris Hoofnagle, Boalt Law School
    • Kim Howell, Microsoft
    • Jeff Chester, Center for Digital Democracy
    • Mike Zaneis, Interactive Advertising Bureau


       3. Spyware and Stalking

    • Ari Schwartz, Center for Democracy and Technology
    • Michael Kaiser, Director of Programs at the National Center for Victims of Crime
    • Cindy Southworth, Founder and Director of Safety Net: the National Safe & Strategic Technology Project at the National Network to End Domestic Violence
    • Jules Polonetsky, Chief Privacy Officer and Senior Vice President Consumer Affairs, AOL
    • Neil Schwartzman, The Canadian Coalition Against Unsolicited Commercial Email


       4. Who Are You?  Principles, Policies, and Practicalities of ID Management

    • Andrew Clement, University of Toronto
    • Krista Boa, University of Toronto
    • Simon Davies, Privacy International, London
    • Gus Hosein, London School of Economics
    • Barry Steinhardt, American Civil Liberties Union



    1:30 Panel:  US Government's Suspicionless Surveillance Program

    • Lee Tien, Electronic Frontier Foundation
    • Randy Gainer, co-counsel for the plaintiffs in ACLU v. National Security Agency
    • Peggy Whipple, Chief Litigation Attorney for the Missouri Public Service Commission



    2:45   Break


    3:15  Panel:  Ubiquitous Computing in the Retail Store of the Future

    • Sarah Spiekermann, Humboldt University Berlin
    • Trevor Pierce, former standards director of EPCGlobal
    • Kevin Fu, University of Massachusetts Amherst
    • Ian Kerr, University of Ottawa Law School
    • Elliott Maxwell, EPCGlobal



    4:30  Panel:  Health Information

    • Alex Fowler, Price Waterhouse Coopers, moderator
    • Latanya Sweeney, Carnegie Mellon (invited)
    • Bobbi Bonnet, Security and Compliance Officer, HealthConnect, Kaiser Permanente
    • Pierrot Peladeau, Centre Bioethique de Montreal, Institut de Recherches Clinique de Montreal
    • Marcel Nouvet, Health Canada



    5:30  Hactivism  Using Technology To Improve Human Rights

    • Oxblood Ruffin, Executive Director Hactivismo, Cult of the Dead Cow
    • Dhondup "Dhonam" Namgyal, Tibetan Technology Centre
    • Eric Grim, attorney
    • Dmitri Vitaliev, Tactical Tech and Front Line Defenders


    7:00 Dinner


    7:45  Dinner Speaker:  Michael Geist, University of Ottawa:  the Future of the Internet


    8:30  Salon: Armchair Discussion with Leaders in Computing and the Internet

    • Whitfield Diffie, Sun Microsystems
    • Ron Rivest, MIT
    • Marc Rotenberg, Electronic Privacy Information Center


     Friday May 4


    8:30  Keynote Speaker:  Bruce Schneier Fear and Security


    9:15  Panel:  Digital Identity on the Internet:  Boon or Nightmare?

    • Paul Madsen, Liberty Alliance
    • Caspar Bowden, Microsoft
    • Ralf Bendrath, University of Bremen
    • Stefan Brands, Credentica and McGill University
    • Simon Davies, Privacy International


    10:45 Break


    11:00  Panel:  Electronic Voting Integrity

    • Peter Neumann, SRI International, moderator
    • David Chaum, Surevote
    • Lillie Coney, Electronic Privacy Information Center
    • Doug Jones
    • Barbara Simons, former Chair, ACM
    • Ron Rivest, MIT


    12:30 Lunch and Breakout Sessions


       1. What do you get through Access to Information (FOI)?

    • Harry Hammitt, Access Reports
    • Jim Bronskill, Canadian Press
    • Marcia Hofmann, Electronic Frontier Foundation
    • Ken Rubin, Researcher
    • Ross Hodgins, ATIP Coordinator Health Canada


       2. Identity on Web 2.0

    • Ralf Bendrath, University of Bremen
    • Udo Neitzel


       3. Software Download Basics

    • Nathan Good
    • Others to be confirmed


       4.  WHO IS, and other ICANN Issues

    • Robert Guerra, Privaterra, moderator
    • David Maher, Public Interest Registry
    • Bernard Turcotte, CIRA
    • Other TBA


    2:30 Panel:  Data Mining, Data Integrity, Data Fusion, Data Management


    A series of discussions on responsible information management

    • Larry Ponemon, Ponemon Institute
    • Yim Chan, IBM
    • Charles Giordano, Bell Canada
    • Janet Chapman, Charles Schwab
    • Rena Mears, Deloitte
    • Stewart Shapiro, Mitre
    • Robert Ellis Smith, Privacy Journal


    4:00   Panel:  Engaging Privacy and Information Technology in a Digital Age: Discussion on the findings of the report of the National Research Council (US)

    • James Waldo, Distinguished Engineer, Sun Microsystems
    • Janey Place, CEO of DigitalThinking
    • Herb Lin, Senior Scientist at the Computer Science and Telecommunications Board, Study Director
    • Susan Landau, Sun Microsystems
    • Lee Tien, Electronic Frontier Foundation


    5:15  Conference Closing Remarks

    • Stephanie Perrin 2007 Chair


    Thanks to ACM