Conference ScheduleParticipantsHow to AttendFor ReportersLocationHot LinksE-summit Home Page
Conference ScheduleParticipantsHow to AttendInformation for ReportersLocationHot LinksE-summit Home

Privacy, Security, and Society
Friday, November 12, 1999
2-3:15 p.m.

Anita K. Jones: We welcome all our audience here in Minor Hall and also our audience out on the Internet. I'd like to first introduce our panelists. To my far left and your right is Rusty Szurek, Community Director for Raging Bull. To his right is Jim Sheward, President and CEO of Fiberlink Communications. Next to me on my left is Larry Poneman, Partner, PricewaterhouseCoopers, and on my right, our fourth panelist is Tim Koogle, Chairman and CEO of Yahoo!. My name is Anita Jones. I'm a professor in the Engineering School and I'm your moderator for today.

Today we're going to talk about two specific topics--privacy and security on the Internet and how they're affecting society. Our format is going to be, I'm going to first on each topic ask our panelists to speak for about five minutes and then we'll open discussion to the panel as a whole and then I'll turn to you, the live audience, and give you the opportunity to ask any questions of our panel. When you do that, please come to the microphones that are in the two aisles because if you do that, the folks watching on the web will be able to hear you.

Our first topic is security and we thought it would be kind of fun to open that topic by taking you out into the future. The year is 2005 and there are some events of concerns and so we go to that font of all information, the very famous newscast organization ZNN. Take a look at what's happening in Chicago. "Chicago Power and Light announced today that the downtown Chicago electrical power was intermittently failing. Two power stations were involved. However, no one lost power for more than five minutes at a time. Officials are confident that reliable power will be restored shortly." Let's now go to New York City. "The mayor of New York City announced today that the Emergency 911 system experienced eight malfunctions eight times in two hours from 6:00 a.m. to 8:00 a.m. this morning. During that time not all 911 calls could be answered." And now we'll go to the Federal Reserve, one of the three branches through which massive ATM transactions go through. "The Richmond Federal Reserve scheduled a news brief for the press, and then cancelled it one hour before the briefing was scheduled to commence. None of the Richmond Federal Reserve Commissioners that we contacted would comment on this unusual occurrence."

It's now day two and we go back to ZNN and take a look at Chicago again. "Chicago Power and Light announced today that electric power delivery in downtown Chicago had completely failed. The company is able to reinstate power delivery, but power immediately fails within 30 seconds of restart." And back to New York City and 911. "The mayor of New York City went on television last night to plead with the people not to panic. The emergency 911 system is accepting only 1 call out of 100." And back to the Federal Reserve. "The Federal Reserve refuses to discuss whether their electronic funds transfer processing sites are fully functional."

It's now day three and we go to a White House announcement. "The President, Attorney General and the Secretary of the Department of Defense made an unprecedented emergency joint appearance. The President said that persons unknown were destroying or debilitating all manner of electronically controlled systems across America."

And now back to our panel. This is just a scenario. It's not happening, but it could happen. There are two reasons why such things could happen. First of all, software as we build it today, is still a very fragile object and second, the Internet is a highway and it transports geographically remote individuals right into the heart of systems quite distant from them. Security is an issue that we must address today, so we have brought together this distinguished panel and we're going to ask them first to talk about some aspects of the issue of security of the Internet and the information systems that now are interwoven into the entire infrastructure that supports the conduct of society and the conduct of commerce, and we'll start to my left, your right, and ask Rusty to begin.

Russell S. Szurek: Sure. I think with the video we saw something very important. Larry Ellis likes to champion that the network is a computer and being if that is true then, we're very vulnerable in a lot of different levels and if we take that one step further and we say that the Internet's going to be seamless in our lifestyles as the panelists spoke about this morning, we're even more vulnerable and a situation like that could happen where we are at risk on a variety of different levels and, in fact, one of the greatest terrorist attacks I think that we would see if is someone decides to blow up the 24 server hubs around the U.S. and around the world. Imagine if we had no more network. We had no more Internet. What would happen to the financial markets? What would happen to business? What would happen to communication and personal relationships? A lot of ifs there.

I want to talk now about something more at home and with something I deal with as a content website and let's look at privacy policies and the security of your information. Right now, there're really two schools of thought. There's the European school of thought where as a consumer, when you're surfing a web site or when you're on the Internet, you control that information. The companies that are out there, they really can't touch it. It's your's and you can decide what to do with it. Here in America, it's been more of a laissez-faire capitalism where there's always information. Let's see how we can use it, and we seen with the real networks case that Halsey Minor talked about this morning where sites and companies are taking advantage of this and they're doing things behind our back that we might not know about and privacy and security in this sense go hand in hand. And really how can we control and help our own information, make sure that what we want private stays private.

To date, there's been a couple of organizations like trusty.org. They go out and they'll verify, say. ragingbull.com, you have a good privacy policy. You're not using that information incorrectly. We'll give you our stamp of approval. Unfortunately, Real Networks also have this stamp of approval and we saw what happened with that and so I think what we're going to see to resolve some of this-- I don't want the government to get involved, at least not at this stage because what we have is this have and have nots, people who have the Internet, people who don't have the Internet, and there's that segregation. There's also the segregation of those who embrace it and those who don't, and unfortunately at this time, I don't think the government really understands the Internet, really understands what's driving the Internet and really understands how they can affect it with what they do, so I think what it comes down to for security of our data is really down to the consumer and down to having consumers take action and they're going to choose. We have to be the ones who tell these companies like Amazon.com, like Real Networks, or anyone else, I don't want you using this information for purposes x, y and z. You can use it for other purposes, but not that, or at the very least, have an opt-in policy. I think that's very important and I think we just really need to realize that we have a lot of power in shaping because we are the people putting in the dollars that build these great market caps.

These companies have grown from nothing and these market caps have substantiated the Internet as the medium, as a means, and so now we can take a step and we can decide really what's going to happen and how we're going to react and I know as a web site owner, I want to make sure that I'm pleasing my audience, my consumers, because if I'm not, let me tell you something. They're going to go somewhere else. The barriers to entry in this field are very small. I need to make sure that I'm advocating for what people want, so we really need to have the grassroots work as we've talked about. All throughout the session I think that's been a theme because, let me tell you, I think everyone on this panel would agree that what you say we're going to listen to and try to incorporate into our businesses. That's it.

Jones: Thank you, Rusty. Jim--

James K. Sheward: I think this is a very interesting example of the tension that exists between security and privacy. We talk a lot about the right to privacy and one of the things that we sometimes fail to mention in evaluating the right to privacy is at which point does privacy get in the way to our right to security, and I'll point out an example that might make it clear to those of you who aren't that familiar with how real that scenario could be, and that is if you think back the early days of the airline industry where it was not uncommon and certainly because you have the right to bear arms, it was very common for people to take guns onto airplanes and it wasn't until it became apparent through repeated disasters where planes were taken hostage that it became necessary to restrict that right to bear arms on an airplane and assure the better security of everybody by forcing us to not take advantage of that right, the better right being our right to security when we all get on airplanes and fly around the country.

I think what's going to take place for the Internet is that this tension is going to exist and likewise, it's going to take problems for us to react appropriately and start to determine whether or not the right to privacy is more important than the right to security and in the Internet era, that's going to have to do with anonymity. We all love the fact that we can go around the Internet and if we choose to, and even as Rusty suggests, if we look for content providers to enable us to determine whether or not we want that anonymity, what's going to take place in the infrastructure is that there's going to be a lack of audit trails and in a situation like this, it's going to become very difficult for anyone, companies like our own or companies like Pricewaterhouse, to determine who, in fact, is responsible. Is this a foreign country? Is this a digital terrorist? Or is this a hack? Certainly, on day one, you may have thought it's probably just a hack. By day three, when the President comes on, perhaps we think it might be something much more sinister and certainly much more serious and I believe that society, preferably through the open market rather than through government regulation, is going to have to deal with that issue and are going to insist that we be willing to give up our anonymity when we go into certain communities.

If you think about it, when you go to a retail store, you give up your anonymity. If you go into Barnes & Noble's brick-based store, they know who you are and they probably have a camera on you as you go in and work your way through the aisles to choose your books. I believe that where we're going to be in terms of the Internet is in a similar model for you to have access to networks, to the infrastructure, to communities, and certainly to retail. There's going to have to be some level of knowledge that you provide as proof of who you are and enable that audit trail to take place.

I think the second issue that's kind of interesting as you start to address this issue is that the only way even when we've given up that certain amount of privacy for the system to effectively monitor the masses of data that are generated by, what is it, Tim? 500 million users that we're going to have--

Timothy C. Koogle: 2003

Sheward: 2003, is that it's not going to be some individual sitting at a computer screen trying to determine who's doing what and what kinds of trends are taking place in order to stop a situation like that. It's going to be the computers and the next issue that I think we're going to be debating after we debate the privacy issue is how much control do we provide and how much input, how much empowerment, do the systems take in monitoring these audit trails and then trying to make decisions about not only who do they enable to move back and forth, but who do they provide data about people who may or may not have sinister intentions, so I think those are the two issues that are going to come at us pretty rapidly going forward.

Jones: Thank you, Jim. Larry--

Larry Ponemon: Let me just start off by giving you some caveats here. I'm here to talk about privacy. My knowledge of security is minuscule, although they do go hand in glove and my background is business ethics. If you can make that connection, I'll give you $100.00, but really, I view ethics, privacy and security as an integrated whole, and what I'd like to do on the security issue is actually talk about it from a real life story and it concerns my father-in-law. My father-in-law is a product of the depression or actually the depression that existed in pre-Nazi Germany and what happened in his lifetime is he saw all of his family killed in the Holocaust--his parents, his brothers, his sisters, everyone--just totally killed, and one day I was asking him--this is now about 1977, 1978, and I always wondered why he paid in cash. He never had a credit card, and he said, "well, I just don't trust the idea of having a credit card. Somehow someone knows who I am and what I do," and I would joke around with him. I said, "wow, it's just because you're so cheap. That's why you don't want a credit card," but actually he grew up at a time and in his lifetime, where with information, people could be profiled and people could be put into a group whether you were Jewish, homosexual, gypsy, whatever it is, you were put into a group and based on that group, you were killed, and even though he was living in the United States, a country that he loved, the bottom line is he never had that level of trust again.

Okay. I have a lot of credit cards, like probably everyone else in this room and, in fact, believe it or not, finally in his 80s, he had to break down and he had to get a credit card because he couldn't live without the credit card. In other words, he couldn't go out to a supermarket and buy groceries without a credit card. Cash just doesn't cut it any more. Well, the analogy here to the Internet space is the Internet right now is optional, and you might talk to someone about security and someone might respond, "well, you don't have to use it. You don't have to use the Internet. There's no gun to your head," but I predict that in five or six or eight or 10 years, it's the only way to operate. And so let's face it--if you don't have security and you don't have privacy and you don't have ethical issues at the front of the envelope, then we're looking at some very serious problems whether it's the power grid going down or whether it's Hitler part two. It could happen and it could happen in our lifetime, so we have to be very sensitive to that issue. Thank you.

Jones: I would point out that it is no longer optional to use information systems to underpin the electric grid, many logistics operations, certainly the whole telecommunications industry, and maybe it's optional today for the individual, but it's no longer optional for business. The financial community, for example, has bought in and cannot go back, but we should turn to our fourth panelist. Tim--

Koogle: This first half is about security. It's kind of interesting. They do go a little hand in glove. I'm going to do a couple of comments on the-- I'm going to try and focus on security. I think Anita was actually trying to get us a little bit on a tract on the reliability of our systems or the vulnerability of our systems on which we're increasingly reliant to external hacking essentially. Can essential infrastructure be brought down by someone who has a different goal in mind, right? Physically, and I think there are a number of-- There's a commercial solution to this. I think that there are a lot of companies who are doing a lot of great work that they are selling in the form of hardware and software and services to make systems secure from hacking, basically, sabotage from the outside, and I would posit that most of the solution in terms of physical stability of systems, right. How hard they are against external efforts of sabotage ultimately come down to a technology solution.

What's interesting, and this is probably maybe one of the more fascinating panels of the day, is that immediately as we get into a discussion about security, you have to talk about privacy and to what extent privacy needs to be compromised, right, in the name of enforcement which is really what we're talking about here, right. To what extent are you, as an individual, fearful that some of your data will be hacked somehow and therefore willing to give up some of your privacy to someone who'll keep a database on you so that they can enforce the law against somehow who wants to do something bad to you to put it in simple terms. And that's how it's all woven together, and I can tell you we are, in what we do, we actually experience this compromise all the time and we don't compromise.

One of the tangible problems that we face running the franchise that we run, we're very democratic in our approach to what we put up on the web and how we help users find any information that they're interested in. We only have a couple of things that we don't put into the directory as an example and those are typically sites that get submitted to us that have anything to do literally directly inciting physical harm against other people. We have an editorial rule that we don't put those things in and there's a couple of other categories--illegal sites, things that are inciting folks to commit illegal acts of all kinds. Beyond that, we're very democratic in terms of, and very open from a standpoint of, aggregating as much information and freely giving access to as many people as possible and, in fact, helping them find it.

We also put up communication features and what are called community features, bulletin boards, message boards, that people can post up messages on. They're typically in context, so a tangible example of that would be Yahoo! Finance which is all about personal finance, stock investing, and buying various financial products and things, and you'll find message boards in there that are heavily populated and trafficked and people putting up messages in there that many people read. I'll come back to that in second.

So, an open aggregator of information, putting up message boards people can post up messages and get those messages read by a whole ton of people. You don't have to do like little post-its on boards and stuff like that. Millions and millions, in fact hundreds of millions of people, are coming through these things. A hundred million people come through Yahoo! on a monthly basis now, and a lot of those folks come through Personal Finance and a healthy portion of those come through and read the message board and stock quotes, so here's how it can bite you and here's the issue we face all the time. What if somebody puts up a message on the message boards and uses an identity that is not their true name and tries to manipulate the stock of a company that's public through posting up messages? Kind of illegal [laughter]. Some grey region. Take it from me. There's some SEC regulations that they're very black and white on this and a lot of things that aren't so black and white, where are you really trying to manipulate and where are you just misinformed and putting up stuff, well-meaning stuff, that's just incorrect. It's really hard to say, but people do try to manipulate stocks by posting up messages, not just on service, and so we get a phone call from somebody who's typically a law enforcement official or some kind, and that's one example and it's says tell us everything about this individual who is posting up messages, so what do you do?

We're very respectful of people's privacy and so we strike this balance and today the balance is there's has to be a valid subpoena; a valid subpoena needs to be issued in an existing and ratified legal process that's issued to us. It has to be legitimate in terms of its requirements and only then, then and only then, will we hand over any information about the people who are registered with us and therefore have the ability to put up messages. It's one example, but every day those of us that run enterprises that are growing and have growing footprint and face this every day in terms of making sure we walk this line that we don't give up people's right to privacy and that we come back and actually make sure that we're relying on existing set of laws.

The laws vary around the world which makes it even more interesting and the last thing I kind of want to throw out here. So I'll always come back to it. This compromise issue about privacy versus security, I think comes back centrally to law enforcement and we as society and so it's a societal question actually to some extent.

I was in Europe in February. Actually, I go there pretty regularly because we've got a pretty good expanding business there and I was invited this year to the World Economic Council in Davos, and the main topic that ran through every discussion at the WEF this year was having to do with privacy interestingly, because the European Commission was busy drafting a set of requirements that every web site that operated in Europe would have to keep more extensive records on individuals so that the government, on request, could come and look at those records as a means of enforcing law which sounded on the surface kind of great because it's protecting consumers because you don't want those bad consumer products companies abusing consumers and that's how they got there and I asked the question in a public setting which was interesting in the response. I said, "pause for just a second and ask yourself the following question: is it ironic that you're asking web-based companies to actually collect more data on our users than we had in the past and put it in a form in which we should divulge it to the governments, especially here on the continent where everybody's memory of the last horrific event on the continent is so strong," and there was a huge pause that happened [laughter]. I think they generally didn't understand because they didn't understand the technology so much, so they got themselves down into a hole a little bit by saying we ought to get the data files and dah ... They got there with the technology kind of an argument to protect the consumers and stuff and they hadn't stepped back away and thought that, in fact, what they were doing was setting up a Gestapo-like function that they were asking all web companies to kind of execute. Since then I don't think the requirements for that have gone anywhere [laughter] on the continent, but big balances.

Jones: Very good. Thank you. I'd like to open with a couple of questions. We should probably stay focused a little on security and ask especially the entrepreneurs here whether they're more worried about hackers or organized crime or terrorists of nation states that might try to use an attack on the Internet as an asymmetric way to attack this country. Are you generally not concerned with security and the real issue is privacy? That the infrastructure will stay up and we ought to be more worried about privacy than the security of the basic structures.

Szurek: I will start off. Privacy is a big deal but security is also a big deal and I think to Jim's point, it's not necessarily a big deal until something happens. Our web site could have been hacked. We had some problems. It happened every morning at some time for about seven days, seven trading days straight and we were on a financial web site and it was during the market hours and you can imagine if our web site is down. We also have message boards like Yahoo! and we also have real time quotes so people come and they want to come to Raging Bull to get information and our site was compromised and we were down for 30 minutes to an hour and being down for 30 minutes to an hour might not seem like a lot, but our users got very upset and it's hard for us to say, "look, sorry, we've been hacked" or whatever you may have and we never thought of that. We never thought of security really until that happened. It was really just kind of this big, oh security, there's hackers, there's other things.

Until it really happens to your site, you don't understand and I think that's what's going to happen on a more realistic basis is until there's this big problem where either the national market's compromised or something else gets compromise like Jim was talking about, really there's going to be no action and there's kind of two sides to that coin. Do we want the government or some other body to step in right now and kind of set these rules so that hopefully some of that doesn't happen, and probably restrict and cut off and suffocate the capitalism, the innovation and what's going on, or do we wait for something bad to happen, so there's kind of two sides to the coin here and it's difficult.

For me personally, I really don't know. I think a compromise of some sort might be necessary, but I don't want to see anything to suffocate this tremendous growth because we can't foresee what's going to happen five years, let alone two years down the line in this industry.

Jones: Any other comments?

Koogle: Only one more. I think that you could put stuff in. You're really talking about hardening the interface actually so that someone that you don't want to come in, can't or at least they can't come in and do something that you don't want them to do. You thwart that and there are layers of software you can install with existing hardware and everything else to make that very difficult. However, we just saw a bubble virus this past week. Some of you may have read about that which is a non-attachment virus that is distributed by e-mail. It was making use of a short-term security breach, security flaw actually in Windows '98. That's fundamentally it. And those things happen every now and then. There're flaws in code and there are hackers that are really clever that look around just like when you have laws--there're loopholes, right. And there're whole organizations that kind of grow up to make use of a loophole until a loophole gets closed and I think the whole thing of physical security, or thwarting hackers and everything, is a continued process. You put in security hardware and software. You can do that. It makes it extremely hard and there continues to be on a on-going basis, if you will, holes and breaches and everything else. And it's an ongoing technology development that I think gets done best at a grassroots level. It's isn't a government thing because the government typically doesn't have a clue really about how to manage kind of software from a security standpoint.

Sheward: The one thing that I would add that I think is interesting is that our company provides security services to enterprises. We deal with high tech companies and more traditional companies and there's a very interesting dynamic that we see again and again and that the traditional companies are more concerned from a competitive perspective having data get to their competitors and therefore make some decisions at times that made the infrastructure much more open in terms of the general systems, whereas the high tech companies typically are much more concerned about these kinds of digital pirates, digital hackers, and are less concerned about in the Internet age somebody finding out what it is that they're doing and more concerned about somebody coming in and blowing up what they're doing, and those dynamics actually make some differences in terms of the principles and the processes that companies choose to follow in setting up security policies and it's, I believe, much more important to protect the entire infrastructure and stay less focused on the competitive aspects because the world's moving so fast that to get in and try to gather the data on your competitors is going to take you so long and cost you so much money that it's virtually a huge negative return on that investment regardless of what you end up learning.

Ponemon: The only thing that I could add to this distinguished panel and conversation is that security-- We do a lot of work with a lot of major corporations around the world and it's a bigger problem than you think. The level of security that's required to have, say, a 99% degree or level of reliability in a systemic sense just doesn't exist. It just does not exist and if someone tells you or if a company tells you they're at that level, they're lying to you. It just doesn't exist. And the reason why it doesn't exist is there's a random or non-random event that's called smart people. There's always someone smarter [laughter]. There's always someone in the world who is inventing a better virus or is a better hacker, so that's the source of the problem. You can't model it. You can't program it away. You can't do any of those good things that you can do in a kind of a steady state situation. It's certainly not steady state or stochastic.

So I think the second best solution is one of disclosure. Now, this is tough to swallow. It's sounds like the government again, right, but it might be that if you disclose the fact that you are at level three versus level eight, and no one's at level 10, and that's being kind of at the God level of security so you're approaching level 10, but some piece of information out there that lets you know who you're dealing with, that could be a second-best strategy because we just don't know. And if it's not our security that's breached, it's certainly going to be the security of the other players that we're interacting with, so that's something that we might want to consider as a next generation of improvement.

Jones: Thank you. Let me hold off on this and you'll have to come down to the microphone when it comes to question time. I think what I'd like to do since this panel, I think, really is more focused on privacy. I'd like to actually give them the opportunity to talk about that and after we do that, then we'll open it to questions from the audience. Let me emphasize something that arose in several of the speakers' remarks already. In the area of privacy, there is a fundamental tension between the individual's privacy and public safety or public good, and it's been alluded to several times.

Let me give you one example, and that is anonymity and if you pay with cash, you're anonymous. There is no history of what you bought year after year, transaction after transaction, but if you use the credit card, the thing that Larry's father feared, there is that transaction history. If you buy on the net, it is very easy to collect that transaction history. If you fill out forms on the net, opinion forms, and an opinion you stated when you were a sophomore in high school may come back to haunt you when you run for office as a school supervisor and you're 40 years old, so there's this fundamental tension. In cyber cash, if you now believe that the financial transactions are international-- We used to rely on the government to assure that money had a value, but now you're trading value and you're trading it internationally. If you want some policing of that, there has to be an ability to do audit and if there's ability to do audit, then you need the kind of histories that Tim said the Europeans were considering, and so there's this fundamental tension and the Internet changes the equation and we have a lot of choices to make and you may want to lose some privacy and decide that's better in terms of the services the Internet gives you and maybe better in terms of public good. You may be willing to trade preference information to have web sites tell you about things that they think you're interested in. You're willing to give that away because it's better for you.

Let me turn to the panelists and ask if there's anything they want to add to their remarks and we'll start in the other order, so Tim, or do you want to stand pat?

Koogle: No. I'll say one thing which is I think. I kind of described how we're handling the issue of privacy. First off, and this is more than just mom and apple pie--we take privacy extremely extremely seriously maintaining individual's privacy, and our approach has been, I think, the only approach that I believe kind of scales and works, and it is very much self-regulation. You disclose when you ask someone to give you information about themselves. Hopefully it's aimed at getting some information so you can serve them better and if you ask them for information, you tell them that you're collecting information so you notify them. You give them the ability to choose to not give you the information after you say that you're collecting it and you say what you're going to do with it and what you're not going to do with it. Then you give them the ability to opt out of collecting it, and you never go against that from the standpoint of doing something that you told them you aren't going to go do with the data like sell a list or whatever if you've chosen to not go down that path. You never betray that customer trust, but it's a pact that's made between, in our case, our company and all of the users of Yahoo! services worldwide where we tell them you're giving us information now. You remind them of that. You say what's going to be done with it, and what will never be done with it. You give them the ability to choose to not give you the information or opt out, and then you never break the trust, and in the end, I think that there really isn't any way in this thing called the Internet where you're got now tens and tens and tens of millions of sites built around the world and changing all the time and growing exponentially and all that sort of stuff, to in a blanket way regulate this. It has to be self-regulatory and that's been our approach.

You make some major assumptions because there are businesses that will abuse it, but in the end, consumers will find that out and they won't go there, and what you hope, and my big fear, actually a big nightmare actually, is that there will companies that will abuse it and consumers will go elsewhere but the damage will have been done, and there you have to come back and fall back on your laws for remedy in those sorts of cases, so we're big fans of self-regulation and disclosure and striking a pact between the consumer directly with your company and never betraying it.

Ponemon: Again, I'm somewhat biased being the only auditor at this table and I have to tell you the only solution is to hire PricewaterhouseCoopers [laughter]. Now, that I've earned my salary for the day-- But seriously, let me just explain where I think we're at right now. The privacy issue is actually an interesting issue. It's an ethical issue and the issue is how much information is too much information, so for example, if you're talking to a credit card company, clearly the credit card number could be risky. Someone could use it. They could abuse it. They could buy off the credit card, so we all see that as pretty bad.

An unlisted telephone number is bad, or some other personally identifiable information is bad, but where do we draw the line, and how much is too much. That's one issue that I think is an ethical debate and the decisions on where to draw that line probably depend on industry. It would not be an answer for banking versus the travel industry versus health care. It does vary, but the other side of the coin, and it goes probably back to security, is the issue of even if a company says, okay, we know where the line is. We know what we have to do and we're going to create the privacy policy that's states in clear and concise language what it is we do. We still have organizations that are big and they can't control what is done on a daily basis within that organization. It's a big risk.

The biggest privacy vulnerabilities that we see, and again we have a business that specializes in privacy audits, and in that business we see the same issue over and over again. It's not the evil person. It's the person that just didn't know, so, for example, the opt-out or opt-in condition, we had one company selling software, people providing personal registration information and they would check the box opt-in. About half of those cases were people said they did not want to have their personal information disclosed. It was appended to a database and that information was gone. The other problem with privacy is that once it's gone, it's gone forever. It's like if you lose an arm or a leg, you don't grow another one back, right. Once you lose that information, it's out there, and then there's a final issue with privacy which is something that probably isn't going to be too significant today but wait five years.

We'll see another movie on the screen and that's inaccuracy that's in the information in these massive database. For example, one of our clients, a company in the credit bureau industry, asked us to look at the information that they had and whether or not they were at the line of over the line or below the line in terms of reasonably accepted standards, and so I actually went into one of their databases and I wanted to find out what it is they had on me and I got that information and the information was pretty accurate. It knew that I liked brown shoes, that the probability of my buying black shoes was like zero, and they're right. I never bought black shoes. It's kind of scary. How did that happen.

But they had other pieces of information like that I was a graduate of the University of Kansas--great school, very nice place. I lectured there once, but I'm certainly not a professor of that school or graduate of that school, and then I figured out why I was getting that credit card. You know, if you're an alumni of Kansas, so finally I figured out what it is that they were looking at to get me on that junk mail list for that credit card, but the level of inaccuracy is a big problem and companies, my company, companies here, will start to use that information more and more to make judgments--business judgments, judgments about individuals, so understand that that's another problem that is starting to emerge as these huge data collection organizations start to use that information for direct marketing and profiling purposes.

Koogle: It's probably not too bad though because you just get some junk mail that you throw away, right? Until your credit gets ruined incorrectly or something.

Sheward: Or you get fired.

Koogle: Or get fired.

Sheward: Or you start an e-business.

Jones: Thank you, Larry. Jim--

Poneman: I think one of the ways for us to look at this issue is to actually take some of the models from the more traditional non-Internet world and look at them for analogies as to areas that we might be able to better improve the system and one thing that's kind of interesting to me right now is that if you tried to go any Fortune 1000 company or any major government agency and tried to get into their computer room, you would have to go through a series of checkpoints where it would become absolutely abundantly clear exactly who you were before you could get into that computer room physically, and what we're debating now, of course, is whether or not those same privacy issues that exist in you getting into the computer room by telling them absolutely everything about you if you want to get into the Federal Reserve's computer room, exist when you want to get into the Federal Reserve's computer room electronically, and the debate comes back to do we have this right to privacy that in the physical sense we're so willing to give up but in the electronic sense for some reason, we're not, and so I think you're going to see the private markets come out with economic incentives that'll make it in one way easier and easier and in another way more and more difficult for us to choose to pursue the idea of having a right to privacy.

I was talking with Tom Power from the FCC who gave me a statistic last night that was kind of shocking which was that some number of, let's call it 3% of Americans, don't have telephones. Now, we immediately think that that must be people who can't afford them, but Tom pointed out to me that 20% of that number had incomes in excess of $75,000. These are clearly people who are choosing that they don't want to participate in our phone system because they perceive it to be an invasion of some sort. What I think you're going to find is just like how difficult it is to not have a phone and those of you maybe who don't have phones could stand up and point yourselves out. I doubt we'll see anybody in here, but you're going to find these same economic incentives taking place in the market on the Internet where we all have the ability to by signing up for a service take advantage of all kinds of capabilities that you won't have if you haven't given up your privacy. You'll be able to go into a store without a credit card some day and simply buy providing some physical capability, whether it be an eye scan, whether it be DNA, whether it be fingerprints, you'll be able to purchase goods, but only if prior to that, you've given up a certain level of privacy. You'll be able to go to your car and simply by touching the door handle, open it and unlock, but again, only by giving up some level of your privacy in order to enable these capabilities, and I think the private market is going to find ways in order to not only protect itself but also create value in the consumer's minds in order to get this data and see it kind of now with Tim's company. If you give me this data, I'll give you access to very personalized information that's important to you. If you choose not to, you keep your privacy but you don't get the personal my Yahoo! page, so I think you're going to see more and more of that as this issue continues to move ahead.

Jones: Thank you, Jim. Rusty, would you like to comment?

Szurek: Yes. I wonder if those 3% of the people wanted you to share the stat that they were earning in excess of $75,000.

Sheward: Tom may be in trouble actually.

Szurek: That's interesting how all this information goes about and being a web site and having a community and having members, I'd agree with Tim and say that it's vitally important for our business to be up front with people and let them know why we're taking data and what we're going to use it for, and there is great incentive for some people to do that. There definitely is a reward for that.

One of the things we haven't talked about here is we've talked about me giving away my information. Now, there's another end to the privacy debate and that is what about companies that go out and just take information. The great thing about the Internet is that it connects the marketer and the consumer directly. I can go on a home marketer. I know where Jim goes and I can say he's going to a golf site, a stock site, wherever, and there's companies out there like Engage Technologies, like Double Click, who are profiling Jim or me or you or whoever is surfing anonymously, albeit, but they're still getting to know who you are and where you go and what they're going to do is they're going to use that information and target advertisements to you, target different things to you, because they know what you like, and so we've talked about me giving away information, but there's another side of the coin and that's what information is inherently mine. Who I am and all my personal information, where I live, that's obviously mine, but if I'm going on a different web site and that web site's for free, can they track where I've been going. There's kind of a gray area there and they only think the profiling and what's going to happen with that is really going to be spelled out in the courts. We're starting to see it now. There's been a little press lately about challenges to whether this is an invasion of privacy or not, and it really does open up a whole new ball game because free content sites like Yahoo! and Raging Bull, we can conceivably make more money by sending you a targeted ad and as sites evolve and these business models evolve and these market caps keep getting higher and higher, we're going to need to innovate and I think this something that we're going to have to think about and it's really going to be played out in the near future.

Jones: I'd like to invite any members of the live audience to come up to either microphone if you'd like to ask a question of the panel. I certainly invite you to do so. We have time to do that.

Audience question/Jason Watson: My name is Jason Watson. I'm a 4th year student in the College and my question falls mainly with the security side of the discussion. Given the real threat to American corporations and government entities and the infrastructure, what are businesses doing today, and the government, to not only identify but prevent attacks on our critical systems?

Sheward: I think there's two things that are being done and it, again, comes back to this issue of privacy. What the major security companies and firewall companies and VBN companies are doing is starting to create systems that enable audit trails to be a part of the solution because by creating those, two things happen. First, you start to see trends and when something's out of trend, you can start to create deeper barriers for that particular user in terms of trying to get in. Of course, the problem with audit trails is it derives back to the issue of privacy and Rusty's issue of do I want somebody creating an audit trail about the way that I go in and connect.

The second issue that it brings up is, again, in order for it to be an effective model, it's really the silicon that has to be analyzing the data and you start getting into the artificial intelligence question about how much artificial intelligence do we want in our gatekeepers. How much control do we want these systems to have on who gets in and who doesn't get in, based on trends that the firewall's deciding are important and so there's a lot of work being done on it, but sometimes this work gets it done behind the scenes and only when an issue comes up and somebody sues somebody, does it get out into the public market with the kinds of questions that we're talking about today.

Jones: Anybody else?

Audience question/Harry Brauns: My name is Harry Brauns and I live out in the country in Buckingham County. You've seen the Waltons. When I finally get there, it's big time, lots of people [laughter]. It is pretty far out in the boondocks. I haven't given my social security card number away for many years I've managed to forget it. I'll give you my Marine Corps enlisted or officer number or whatever. I gave a computer to a friend of mine because the people wanted to get his autobiography. He's a done a lot for the country about 10 years ago. I still have bookkeepers in Houston in an office there. I'm thinking about coming out and I'm told I need to get in the 20th century or else [Father Pippin] won't let me into the next one, you see, so I've got a friend looking at a computer and I've got one but it isn't plugged in out at the farm. I don't use credit cards, and I hear that I'll get profiled and it's sort of frightening. This goes back, well, almost 50 years ago. Mack Wade, you've heard of the Wade __________ and we were called back in for my second war.

I came back from North Korea with the First Marine Division and ran my mouth off about not liking McCarthy and we had rules that we did have laws in this land been rescinded that were equivalent to concentration camps, so I've been misidentified a number of times as you can make Burns out of Brauns and I could go on and on an on. Now, if I want to come out of the boondocks and I'm think my cover is already blown as this gentlemen said once it is, how in the world can I imagine, and I've talked to a man in my office in Houston today. He's in his 70s also. We're talking about getting computerized and he said, "well, you pull the plug on the thing." Well, the plug's pulled on my computer at the farm, but if I want to get modern, is there any way just for my particular peace of mind I could get hooked into the Internet, in other words, and at least imagine that I'm not being tracked down?

Just succinctly, when I came back-- We had the House UnAmerican Activities Committee which I hope you all don't remember too well, but I was accused of being a communist. They said I forget a couple of references they'd put in my file. Well, they didn't send us any comic books when we were at the division, but I got back here and I had to say I'd been accused of being a communist and those things and on and on and on, I don't really need it, but I'd like to get into it for fun. A cousin of mine, Cabell, is her name actually, said had been talking to another friend, said I ought to get on the Internet for fun. I don't need that much fun if it's going just have me __________ but I'm getting naked just for the hell of it [laughter].

Jones: So do our panelists have any advice for this gentleman?

Poneman: Well, may we have your social security number so we can [laughter].

Brauns: Years ago they said you could have it on your license plate, I went out the farm as I understood __________ said long time ago 000 [laughter].

Jones: Can you get connected but not have this haunting trail get collected on you?

Szurek: You can definitely go on the net and have fun and have a 95%, maybe even 99%, peace of mind right now that you're not going to be profiled.

Brauns: I think one this man said, I think I've already been profiled a number of times, but I just--

Szruek: ______________: But they're not going to-- If they're profiling you on the Internet, it would be with a cookie which is something--

Brauns: With a what?

Szurek: A cookie. Anyhow, I probably shouldn't have mentioned that. I think that you don't have to worry yet because this is in its infancy right now and if you don't give up any information, it's going to be very difficult for someone to go back and track you, so if you're going and just poking around different sites like Yahoo!, like InfoSeek, like go.com., different sites like that, and you're not registering, your information is pretty much safe. They might be able to make an anonymous profile about you, but, again, that's also based on the sites you visit and that's also in its infancy and it'd be difficult to really know who exactly you are.

Jones: Very good.

Audience question/Chenxi Wang: My name is Chenxi Wang. I'm a Ph.D. student in the Computer Science Department and my research area is computer security. My question is that a lot of discussions here, a lot of issues here, are not near to the Internet domains. We have the same trade-offs, same decisions, to make in traditional domains--security versus privacy, and we have come long ways in those domains and the trade-offs there still apply. Now, in my opinion, what makes Internet fundamentally different and what makes the issue of security versus privacy difficult to handle in the Internet domain is that we don't have a clear definition of administrative domains. There is no country boundary and there is so boundary of government regulatory territory, and do you deal with security versus privacy is hence made really difficult in that aspect, and I'd like to hear your comments on that.

Koogle: Yes, it is. There's a couple of fundamental levels. One of them, said differently, is that once you put data out, if your privacy is breached, your data will flow on the Internet and the Internet is this global network. Right? So, it used to be in the physical world, when there were problems with giving up your privacy to be secure, like being able to carry guns on airplanes and stuff like that, you get that, it pretty much pertains to that flight, but now your data flows out to the world and so the fact that it is a global network makes it such that your data flows into this big pool and it's without country boundaries, so you're exactly right.

And the rate at which data can flow around the network is so much higher than the rate at which data could flow around physically before. People had to transfer different pieces of paper to each other, request it, and all that sort of thing, so the rate and the scope, the size, are the two things.

Wang: I think the law enforcement option might work in traditional domain is not going to work here.

Koogle: The laws are different everywhere, but the data flows everywhere.

Ponemon: May I respond to this? It's kind of an interesting issue. In economics there's a concept or framework. It's called the prisoner's dilemma and actually I think this is a nice way of viewing the differences between the conventional versus the Internet space and the prisoner's dilemma is you have like 100 prisoners and you have one guard that has one rifle and one bullet and the idea is you get the smart prisoner to say, gee, I don't want to stay here anymore. I want to get out of this prison, so you have a riot of prisoners and you get all those prisoners to charge the one guard with the one bullet and one person's going to get killed or may get killed, but everyone else is free and you walk away. That's good, but the really smart but evil prisoner says, but by the way, when I say charge, I hit the ground so I'm guaranteed not to get killed. Someone else gets killed and he wins and he's safe. You can't get away with that twice in economics unless you're really dumb because the second time you do it and you hit the ground, people notice that, you're dead. No one's going to believe you and in the Internet space, you can get away with a lot just because it's global, it's invisible. You start to have folks in India or in Australia or in New York doing things that they could get away for a long periods of time, so the accountability side of the equation isn't quite there yet, and I'm not even sure if a law enforcement fix is doable, so I think that's really the fundamental difference. In the olden days, you transact business with people that you see, you shake hands. That's an easier way of control than this larger community.

Szurek: I'd like to add one thing, too. I think that the conventional world is also changing and it's not just the Internet. Technology is so much better now than it was 10 years ago and these huge computers. You have these huge databases and there's all this information, so take your credit cards, for example. Old school--people, maybe they knew what you were doing, they knew where you were shopping, but there really wasn't a way to market you necessarily, a way to formulate and aggregate and just make all this data mining, to have it make sense, but now think of it.

Let's say, VISA or whatever, they want to go out and they want to take your credit card, see where you've shopped for the past 10 years, and now they're going to market to you. They knew you're going to buy flowers around October 15th because it's your mom's birthday. They just know you're going to buy flowers around there, so now they're going to send you e-mails. They're going to send you direct mail. They're going to send you slips with your statements the month before. That's changing and so it's kind of like commerce. e-commerce is just commerce. The world of privacy off-line and line are merging into one and so we're going to have to think about it and how they can combat it in a lot of different ways.

Jones: Thanks. Next question.

Audience question/Jim Tsai: My name is Jim Tsai. I'm a third computer science major here and they say that the next set of wars aren't going to be fought on land, air or sea. Instead, they'll be fought over on-line cyber wars. We recently saw the war between Microsoft and AOL over messenger. We saw recently in the China the sequel to [Sun Xiu's] ancient art of war. It's now cyber war. I'm just curious to know, just as a kind of follow-up to her question--should there be some form of regulation about this warfare? I know Larry just said that there shouldn't be, but when it comes to war, it is required? Should there be something done about that? I just wanted to hear your comments.

Koogle: Yeah [laughter]. The only problem-- It's kind of a dilemma and I don't know whether it's a prisoner's dilemma or what, is to legislate, you have to go through law makers and legislators who are typically those who decide to wage war explicitly. It's a dilemma we've always faced actually in terms of trying to eliminate war, which is something that I've always favored [laughter] in general. Nobody wants to go through it. You just have to get close enough to it, let alone be in it to know that you better try your damndest all your life to eliminate war long term, whether it's cyber war or physical war. I actually don't personally believe that it'll only be cyber war if there is warfare in the future because ultimately countries want to take each other's land and it means physical domination and you typically have an invasion and physical war waged as well, and I don't think there's a way-- Are you asking if there's a way to legislate the removal of cyber war as a possibility?

Tsai: What if Yahoo! wanted to start a fight against Raging Bull tomorrow?

Koogle: Well, you know, companies do fight [laughter]. They compete. We don't, but I have competitors. I have direct competitors and in the world of business, you do stuff to beat, to win, over your competitor and stuff like that. It turns out that we do have laws and there're things we can do legally and there are things that you shouldn't do because they're illegal even in the commercial space and we all try our best to adhere to all that kind of stuff, but, at the same time, within legal bounds you do compete with each other. In the commercial thing, you're not killing anybody. You're just trying to do take customers and make a better business. Warfare between countries, though, I wish you could eliminate it and I wish it were only cyber war because if you could eliminate at least one form of warfare, you'd have a better shot at precluding it, but I'm not hopeful.

Poneman: It sounds like Mortal Kombat and you could actually create the situation where one country or one part of the Internet is lost or won based on the outcome of a game, but unfortunately it's just not that simple and usually it does involve real property, real lives, and if you could invent it, you should get two Ph.D.s for it [laughter].

Brauns: Thank God these young people don't remember.

Jones: Next question.

Audience question/Ted Martin: Hi, I'm Ted Martin. I'm a first year at the College and I notice that two of you mentioned when you were talking about security that you don't want to have government intervention in the private sector currently, which I agree with, but you somewhat ignored the issue of export keys and key strength which, for me, at least illustrates the entire dilemma that we're having here and the question is I have is how can you have both--give up privacy security for the government yet still maintain security. If you look at the current system, a 40-bit key can be broken in 56 seconds by the Electric Freedom Foundation using a quarter million dollar piece of equipment that they built specifically to do that, or using standard computers, in a matter of a few days.

__________:

Martin: At least for a while that used to be it because on one hand, you want to be able to have the government have access to if there's criminal activity going on. On the other hand, you want consumers to be able to protect themselves and in practice, I and other people I know didn't send credit card information unless it had 120-bit or 128-bit or higher security which actually became an issue because a lot of sites didn't have it, and I'm just really not sure--how can you find a technological solution where it's secure to everyone except the government, except the people that need it?

Jones: I think he's referring to the fact that the government has had export controls on encryption and those controls were in terms of the size of the key that you could use, but in fact, as Bill just commented, the export controls were lifted on that particular technology, but it's only one.

Martin: The general issue, I mean-- Again, the next generation of Internet standards considered--should we put digital wiretapping in them and again, it was rejected in this specific case, but especially Mr. Sheward because I agree with you that you need to have security much like on the airlines, but how can you really work to find the mix between security and privacy is a large question.

Sheward: I think the answer is going to be one in which where the private markets fail, the response from the consumer is going to be to turn to the government and say try to impose your will, if you will, and in some cases, that's going to work fine and in some cases, because of the dynamics of the Internet as we've talked about them, it's going to have absolutely zero impact and you can make a pretty good argument that the reason that the encryption standard was released was because everybody else had it already, so it wasn't a big deal. Every one of the free market countries that didn't refuse to export it, started upgrading encryption companies that were selling it globally and, in fact, we were kidding ourselves by saying that it was safe in our hands up at NSA or some place like that, but I think on the global perspective, what you're going to find is for access and for things that are still part of the physical structure, you're going to have the government react to the consumer when the private markets fail to deliver on some of these issues and certainly the privacy versus security issue that we saw illustrated in the first example would be an instance in which pretty quickly after that day, we'd have a whole lot of people in Congress making all sorts of claims on how they're going to legislate security because their phones would be ringing from consumers around the country saying you've got to fix this. If we in the private markets instead can continue to deliver alternatives and prevent that kind of mass dissatisfaction, I think you'll continue to see the private markets be the more appropriate way to handle these issues.

Jones: Thank you. We started with a scenario. I'd like to end with one and I'm going to do that by telling you a story, a hypothesis, that was written by a fellow named David Brin. He's a science fiction writer and he wrote a book, not a story, but a book called The Transparent Society where he basically asked the question of what do we do if privacy is infeasible. You've heard the panelists talk about a number of technologies that if you use them, they drive out privacy. For example, Jim's examples of identification technology, retinal scans, DNA, even implanted devices somewhere out in the future, so let me tell you Brin's hypothesis. It is that privacy is infeasible and let me make that more real, he says, by asking you to answer a question. Assume that cameras are very cheap. They costs cents. They're also the size of a rice grain and they're going to be everywhere and there's nothing you can do about, and so there're two cities and the question is what city do you want to live in.

In the first city, you have absolute privacy. Those cameras are sort of everywhere and you can't predict where they are, but no one gets to see what they film or what they transmit except the police and so you've got to trust the police. This is your government and we're here to help you to watch over everything to make sure that people's rights aren't infringed on, but the police can essentially see everything and that's one city. Do you want to live there?

City two has the same cameras and they're everywhere, but they're all broadcasting to the Internet and there are cameras in the police stations and they're in the cells, people incarcerated, but anybody can tune into them and so in both cases, there's somebody watching. If you don't have your privacy because of the cameras, their ubiquity and their connection to the Internet, they're there, but in fact, now everybody can tap into those cameras in city two. Which city would you like to live in?

And before asking some of you to maybe comment on that, let me point out that there's a variant of this that's been tried and that is in both the United States and in Great Britain in high crime areas. They put cameras on the lamp posts and by gosh, crime went down, and the reasoning that the sociologists tell us that the reason crime went down is because with assurity the perpetrator will be seen and photographed. You double the number of years incarceration, but leave things as they are now, and it has no effect on decreasing crime, but you put the cameras out there so a would-be or criminal thinking about doing something knows they're going to be seen. Crime has gone down. That's city two.

So the question is which of the Brin's hypothesized cities do you want to live in? If privacy really is infeasible out in the future, then how do we want to organize the Internet? How do we want to organize our society? Any comments from the panel?

Koogle: In the second case, the police can't see it? Everybody can see it except for them?

Jones: No. Everybody can [laughter]. The police can see it, too, but the citizens can see the police. So the citizens can watch the government.

______________:

Jones: Oh, absolutely.

______________: Can we know what the police __________

Jones: That's city two.

______________: There is no choice.

Jones: This gentleman wants city two. Any of our panelists want--

______________: __________ jack-booted police [laughter]. __________ necessarily __________ __________ grounds of Monticello, Alcohol Tobacco and Fire Arms man came __________ honest enough to register same. He's a bona fide civil __________ World War I for saving lives __________ after that

Jones: Thank you very much, sir. Are there any closing comments on that scenario or anything else from our panelists?

Sheward: _____________: I would choose scenario two as well. I think that that's what the Internet enables is, in fact, that in which you would have in my mind is such a massive amount of data that pretty rapidly nobody would even care about that lack of privacy because it would dramatically increase so many of the other things we want out of life in terms of security and comfort and well being.

Audience/Braun: __________

Koogle: It's a tough choice, and I think that number two, though, is pretty clear, because ultimately you have to believe or not that overall, if you democratize information, that a society will self-regulate, right, in its own best ends and that's what number two is kind of about, to make it open and available.

Poneman: Number two is not dangerous by the way if there's a transparency in equality. It's only dangerous when there's abuse of that process, so the second model isn't as bad as it might seem.

Jones: But there's no privacy either way.

Poneman: Right. But equality.

Jones: We need to close. I want to thank you all. I want to thank the panelists and lastly, I'd like to point out that there are some open houses that have been described in the program and since we're talking about privacy and security, I would particularly point out the computer science open house which will be in Small Hall and in Olson Hall. All these open houses are from 5:00 to 6:00 and we at the University would invite you to attend one or all of them.

Thank you all very much.

Presented by the Office of the President, John T. Casteen III and Virginia2020.
Sponsored byandmagazine.

Maintained by webmaster@virginia.edu
© Copyright 1999 by the Rector and Visitors of the University of Virginia
Get Realplayer