CFP Day Three (and last)


CFP Day Three (and last)

The morning started out well — I managed to spend a few minutes in the exercise room in the hotel. Not as long as I’d like to have spent (I probably shouldn’t have had dessert last night, but it was awfully tasty!), but better than doing nothing, and most of the time I’m at a hotel, I do nothing because I can’t manage a full workout.

When I came back downstairs for breakfast, I ran into our closing speaker, Bruce Sterling and had him sign a couple of the books I’d bought during the conference (and yes, they were books he’d written!). I’m looking forward to his session — if it’s anything like his closing rant in Austin (Real Audio, be warned!) at CFP ’98, it’ll be well worth staying for (even though it means driving home through rush hour getaway day traffic).

State Senator Jackie Speier was this morning’s leadoff speaker, talking about her efforts to get a financial privacy bill (SB 773) through the California Legislature, and why it’s necessary (her assertion, which I agree with, is that consumers will be happy to allow their data to be used if there’s a benefit to them (and not just to the financial institutions), so that an opt-in policy should not affect the industry’s bottom line and would be in keeping with the California State Constitution‘s explicit right to privacy).

Now I’m at the second plenary session, this one on public records and the Internet. I’m afraid my brain overflowed during this session and I didn’t take good notes; I hope one of the other bloggers here will fill the gap for me when I write my trip report.

Speaking of other bloggers, I’m now maintaining a list of CFP 2002 Resources and Blogs for my convenience, and possibly yours.

I had to check out of the hotel before the deadline, and then I got into a discussion with the chair of next year’s CFP, Barry Steinhardt of the ACLU, and so I missed most of the “Are the Tools the Rules?: The Future of the Digital Commons” session. When I got into the room, DeWayne Hendricks, WA8DZP, was at the podium talking about the effect of wireless technologies at making the Net available in developing countries and depressed areas (such as Indian reservations in the US, where there are some interesting legal avenues towards bypassing FCC regulations; of course, FCC regs don’t apply outside the US). This was almost certainly the most technical talk at this CFP, and I’d been looking forward to it (I used to experiment in TCP/IP on Amateur Radio, and DeWayne was one of the leading lights in the area). Oh, well….

Now I’m at the lunchtime “Privacy Enhancing Technologies” session.

Ian Goldberg of ZeroKnowledge talked about the state of the world 5 years ago, and the state of the world now, pointing out that we don’t have much more in the way of privacy enhancing technologies now than we did then…and that some of the promising technologies then have fallen into disuse, such as DigiCash.

He divided the field into four classes, in increasing order of difficulty of real-world implementation:

  1. Single-party (such as the JunkBusters proxy)
  2. Centralized-intermediary (one intermediary, or multiple independent intermediaries – an anoymous remailer is an example)
  3. Multiple-intermediary (where there are multiple cooperating intermediaries required, such as their [failed] Freedom Network)
  4. Server-based (where the entire ecosystem needs to agree to use the technology, such as digital cash).

He also pointed out that hackers like to write code — but there’s a long distance between the code and a useful instantiation of the technology, and that distance is longer in as you move down the list.

I think he’s missing one point — a successful technology needs to benefit all the players, not just the customer (or not just the retailer). Credit cards, to take an example, took a long time to spread, but when they hit the tipping point, they quickly became ubiquitous. Debit cards took a longer time to make that leap because the advantages to consumers were more dubious (especially at places that have the nerve to charge a transaction fee!). Secure Electronic Transactions never took off, because the advantages were too dubious to too many people in the value net. (Did I just really write “value net?”!)

Lorrie Cranor talked about P3P and the AT&T Privacy Bird.

Paul Syverson talked about the Privacy-Enhancing Technology workshop and talked about the role of reputation in privacy-enhancing systems, and said that security relies on privacy (most people believe that the converse is true).

Marc Levine talked about the Martus (Greek for “witness”) project — providing privacy and security to human rights organizations around the world, for example with encryption and off-site (and out-of-country, in most cases!) storage of sensitive (dangerous!) information.

A spirited discussion followed the presentations, to which I added my observation above, expressed somewhat differently, as a statement that people won’t use a technology if they don’t know that they need it – the people using Martus know that the consequences of exposure may literally be fatal, but that’s not the case for, say, most Americans. And someone came back with the need for privacy preserving technologies for victims of domestic violence, for whom it may also be a life-or-death matter, even in America (or maybe especially in America).

The lunchtime discussion ran a bit long, so I missed the first part of the final plenary session, “Should We Meet John Doe? Civil Litigation and Anonymity in Cyberspace”. When I went into the ballroom, whoever had the mike was talking in deep legal terms, so I walked out again and took a final lap around the block containing the hotel, returning in time for a final coffee break (the hotel did a very good job with cookies!), and Bruce Sterling’s closing keynote.

Trying to summarize a Bruce Sterling talk is a foolish endeavour. I hope not to be a fool, at least not blatantly, so I won’t give a summary; instead, I hope that Bruce either publishes his talk [he did] or that the conference puts the audio file on the Web, and I’ll quote one line to give you a little bit of the flavor of his talk:

“Linux isn’t a competitive free market product — it’s a slave revolt!”

And then the conference was over. And it was only 4:45, so I decided that I had a chance of beating the worst of rush-hour traffic if I left right away, and that’s exactly what I did. Traffic was slow until I got onto the 280 extension heading South — then the only problem was staying within reasonable hailing distance of the speed limit, though traffic did slow again a couple of miles from my house. And I got home in time to join my family in welcoming Shabbat and for a wonderful dinner.

Now it’s off to Temple to help set up the Oneg; Diane reads Torah tomorrow at services, and we plan to go see the Flying Karamazov Brothers in Berkeley on Sunday.

Shabbat Shalom!