Blogging CFP2003

The hotel also has an interesting policy — they not only want an imprint of your credit card when you check in, and not only do they want to see a photo ID, but they also copy your photo ID (in my case, my drivers license). I’ve never seen this done at a hotel before — I would have objected, but I realized that negotiating that particular issue with the check-in clerk was not going to be successful, and I really wanted to have a place to stay.

I don’t necessarily agree or disagree with the speakers’ statements which I’m blogging, by the way — consider these notes an aide-memoire rather than an editorial.

Bruce Schneier’s Opening Keynote

Right now, Bruce Schneier is giving the opening keynote speech (“Security, Liberty, and Trade-Offs: With Diverse Terrorism Examples”); he is discussing his five-point scheme for evaluating security trade-offs:

Step 1: What assets are you trying to protect?

Step 2: What are the risks to those assets?

Step 3: How well does the security solution mitigate those risks?

Step 4: What other risks does the security solution cause?

Step 5: What costs and trade-offs does the security solution impose?

Finally, is the trade-off worth it?

Far too often, we focus on step 3 and ignore many of the other steps — so we solve the wrong problem or introduce new problems.

In the end, all security decisions come from a negotiation between players (including the “bad guys”, though they don’t negotiate directly). Understanding how to be more secure involves understanding these negotiations. And getting a bigger say in the negotiations requires having more power.

“History teaches us one thing about mercenaries: pay them! It’s the only way to keep their interests aligned with yours.”

Peter Swire says there’s a missing step: “Can the risks and costs be mitigated?” (in other words, can we find a cheaper/less risky answer than the one being proposed?) Bruce agrees.

Bruce’s final remark: Agenda is important. You need to know your agenda, and you need to know about the other parties’ agendas.

Plenary 1: A Moment in Time

Dan Gillmor is now moderating a panel: “A Moment in Time, Putting Computers, Freedom, and Privacy in Context” with Ed Tenner and Ira Glasser. Dan also commented about the incongruity of the hotel’s ID policy, especially for this conference, and said he will be taking the issue up with the management (he, too, decided getting a room was more important than making a point at check-in).

Ira Glasser: During Bruce’s talk, the questions started raising the “non-security” issues in the security debate; I believe that this is the dominant factor, especially in the civil liberties realm. These are the central paradigms behind the “security issues” which are being used to drive the “security measures” such as “no bottles or cans at Yankee games” (great for beer sales!).

People don’t pay attention to the details, so they can easily fall for willful lies or manipulation from the top. But even the people at the top can believe their own stories — hence the surprise that there has been resistance in Iraq.

All governments (everywhere, at every time) use war and the fear of war to expand their powers and advance their own policies. “You don’t have to provide safety; you only have to provide the appearance of safety.” The fear may, indeed, be real — that’s not the question. The question is, “what are you doing about it?” And the interests of government is to claim a tradeoff between liberty and security, and as Hamilton said, people will always choose security — but what they get is the appearance of security. You cannot argue that privacy is important when people are afraid. You cannot argue that the government shouldn’t be watching everyone when they’ll claim that no one knows where the enemy is. The only successful argument is that the measures aren’t providing any actual safety — that they are illusionary. And in the past, when liberty has been reduced, safety has never been increased.

“When you’re looking for a needle in a haystack, the last thing you want to do is grow the haystack.”

Ed Tenner: In his experience in Germany and in doing research on German history, what appeared important was not actual security issues but giving the appearance of security and knowing about the problem (including all of the participants). Technology has not been necessary to monitor people — even in the middle ages, the King of France was able to round up all of the Jews in France on one day (see http://www.jewishvirtuallibrary.org/jsource/vjw/France.html or http://www.fordham.edu/halsall/jewish/1182-jewsfrance1.html) because they knew where they were. Computer technology was not necessary; nor was it necessary in Nazi Germany — society had already made it possible.

Plenary 2: Computers, Freedom, and Privacy after 9/11

Now it’s the third panel (moderated by Peter Swire): “Computers, Freedom, and Privacy after 9/11”. Peter points out that the changes in the laws after 9/11 are basically in two areas: technology and immigration. Governments have historically had broader power in the area of immigration than in other areas — but is the government “trying out” measures on immigrants to see what protests might happen if they were applied more broadly?

Anthony Romero of the ACLU is the first speaker. He is talking about the ACLU’s “Safe and Free” campaign — safety without freedom is dictatorship, while freedom without safety is impossible. And one of the areas of concern is profiling and discrimination. President Bush’s initial statements (and later ones) called for non-discrimination, but the actions of the government use race and religion as a proxy for suspicion, and they have been moving more in that direction over time, as well as adding additional restrictions (for example, giving the government access to library records). He blames Ashcroft.

Nawar Shora of the American-Arab Anti-Discrimination Committee is the second speaker. He says that using race and religion as a factor in determining suspicions is legitimate — using race and religion as the only factor is not. ADC’s website and e-mail systems are under constant attack (as are other civil rights organizations).

Jim Dempsey of the Center for Democracy and Technology is the third speaker. He points out that people seem to gravitate to creating dichotomies (for example, freedom versus safety) even when the two are not incompatible. And people who care about civil liberties should never cede the effectiveness issue — the first question should always be “does this actually work? How will it be effective?” At times, the police don’t want some of the technology and powers that they’re being given because they know that they won’t actually affect crime.
Jim also says that current case law says you don’t have privacy interests in data collected about you which is not actually under your control…so that third-party data collection can be freely mined without violating your privacy interests (though it does violate your privacy). He also calls for corporations to take higher ground than their current view that immunization is sufficient — we need to rebuild the view that trust is required. In earlier battles, corporate and civil liberties interests were aligned; can this happen again?

Box Lunch with Robert O’Harrow

Lunch time at CFP is not time off — instead, they put out box lunches and run parallel sessions. I have mixed feelings about this, because it crowds out time for unstructured discussions (and because I am sure I could find better things to eat in New York City than a box lunch from the hotel), but it also offers the chance for small-group structured discussions. Today, I went to lunch with Robert O’Harrow of the Washington Post. His particular beat has been privacy, and so it was unsurprising that most of the discussion centered around data mining, which has both good and evil applications, even in the hands of the press.

George Radwanski – second keynote

George Radwanski, the Privacy Commissioner of Canada, is now giving the second keynote. He, unsurprisingly, considers privacy to be very important, and considers many of the measures taken in the US since 9/11 to be terrible. “When it comes to sacrificing a fundamental right such as privacy, you don’t have to take my word for it. Osama bin Laden said, a month after 9/11, ‘freedom and human rights in the US are doomed.'”

Plenary 3: Total Information Awareness – A Debate

Now we’re in the Total Information Awareness debate; apparently the
conference was unable to get anyone from the TIA office to
participate.

Herb Lin from the National Academy is presiding, and he’s opened the
discussion by asking the panellists to concentrate on the program, not
the personality of the
director. And he is bringing up reasonable questions for the panel to consider (technical as well as policy); it’ll be interesting to see if the panel pays any attention.

Heather McDonald of the Manhattan Institute is first up; she’s an advocate for TIA. She says she is puzzled by the reactions from both the civil rights left and the libertarian right to the government’s measures since 9/11, and that the opponents to TIA are “defending the status quo which led up to 9/11”. She’s written an article which seems to sum up her position, and I suggest you read that (since I can’t type fast enough to do her justice).

Katie Corrigan from the ACLU is the second speaker; she’s against TIA. She asks whether the goal of the TIA is to “connect the dots” or to find the dots to connect. She suggests that, unless TIA can be shown to be effective, there is no reason to deploy it, and no need to consider whether it is more invasive to privacy than necessary. But if it is effective, then the questions about trade-offs on privacy need to be asked.

Michael Scardavilleof the Heritage Foundation is another proponent. He recommends that the audience read his paper on the TIA, because he’s sure that five minutes won’t be long enough to make his case. And he was right.

Finally, Barbara Simons of USACM is making her case against TIA (which is covered by the USACM’s letter to the Senate Armed Services Committee).

The Q&A has begun. Heather McDonald is first up, asking whether the TIA opponents would object to the government being able to query databases about a known individual (to which Katie’s answer is “no”, but that she would object to searching for patterns with no probable cause in hopes of finding individuals to treat as suspects).

My verdict: Neither side carried the day; all of the speakers except Heather McDonald made good points (she expressed lots of emotion but backed it up with very few if any facts — she dismissed anyone opposed to TIA as a Luddite, to which Barbara Simons took good-natured and accurate objection). Michael Scardaville put it better: “reasonable people can — and do — disagree.”

It would have been good to have had more light than heat, though.

Plenary 4: The Moral Maze

After a too-short break (they keep us busy here, boss!), we’re back for a role-playing exercise (“Role Play the Moral Maze– Security and Freedom in A Dangerous World”), chaired by Simon Davies of Privacy International. The exercise is set in Podunk, Texas, in a very unhappy 2005 (during W’s third term)…a town which wants to maintain its stability, despite the unpleasant environment. Simon is directing the discussion by providing bits of information to the characters and asking them what they think or do — it’s interesting, but it doesn’t lend itself to writing down as it happens, so I’ll take a bit of a break from blogging the conference.

Plenary 5: Patriot II and Electronic Survelliance

The final panel for today (before the EFF awards ceremony, which will be held on the 80th floor of the Empire State Building) is devoted to a discussion of electronic survelliance and Patriot II. I suspect that most, if not all, of the panel will be against it.

David Sobel is the first speaker; he is general counsel at EPIC, and his talk is entitled “From ‘Root Canal’ to PATRIOT II: Government Acccess to Electronic Communications”. It was a straightforward description of the laws, regulations, and attempts for laws and regulations over the past twelve years or so, and it included some documents received under FOIA (all of which, interestingly, were completely blacked out when provided to EPIC).

The second speaker is Kate Martin of the Center for National Security Studies, talking about FISA, its effect on civil liberties, and possible broadenings of its reach in the near future.

And the third speaker, Ann Beeson of ACLU is talking about the activities around the filing of the brief with the secret FISA court. The decision of the FISA court is not appealable to the Supreme Court (because the government is the only party to the case), but ACLU filed a petition with the Supreme Court asking them to intervene anyway, which the court denied. So the only way to litigate the expansion of surveillance under FISA is if there is a criminal case where the evidence was obtained under FISA (and this rarely happens; most of the time, there is no case).

So, to sum up the first day:

Not much controversy. Only one issue. Even though there is no question that CFP really does need to focus on the big issue of the day, I miss the old CFP, where there were many topics and people from all sides of the issues.

Life after the last session

I had a nice Glatt Kosher dinner at Abigaels on Broadway, a few blocks from the hotel, along with a fellow IBMer; we chatted about the conference and a bit about work. I picked Abigaels because they’re a participant in AAdvantage Dining and I wanted more miles and for the novelty of eating in a Glatt Kosher restaurant outside of Israel, but I’d happily go back even without collecting miles (and since they had to manually process my credit card, I may not have collected the miles this time anyway!).

Following dinner, we hiked to the Empire State Building for the EFF Pioneer Awards reception and ceremony; since it turned out to be a dessert reception, I was glad I’d had dinner first. All of the honorees were deserving of the honor, but I have to admit to getting a bit impatient during their speeches.

I then walked back to the hotel, planning to skip the BOFs and call it an evening, but ran into yet another attendee who wanted to get a bite to eat and convinced me to walk down to Penn Station with him (a block away). As long as I was there, I had a very small Sedutto ice cream cone — it wasn’t nearly as good as I remember it to have been back when I spent ten weeks in Manhattan at IBM’s Systems Research Institute. And then we walked some more — up Eighth Avenue to 42nd Street, then over to Broadway, then up to 50th, then over to Sixth Avenue (Avenue of the Americas, if you want to be picky about it!), down to 42nd, over to 7th, down to 34th, and back to the hotel — just under two miles. That was a good way to finish the evening and work off the chocolate — now it’s time to call it a night, because tomorrow, the conference starts early again!