Morning dawned awfully early today, and my alarm clock followed it all too soon. I’d set it to give me enough time to go down to the fitness center and work out, but I couldn’t bring myself to spend time in front of a TV watching endless repetitions of the same few facts, so I went outside and jogged instead. Up 8th to Central Park, through the park to 7th, to Broadway at the first red light, back to 7th at Times Square, down to 34th, and back to the hotel (with a short detour via Capstone Cafe to pick up lox and bagel for breakfast). I didn’t realize how cold it was till I was well on my way — when I got back to the room, I turned on the TV and found out that it was 42 degrees out. No wonder I was chilly when I stopped!

The conference also began early today, with the first session at 8:15. And today, we’re not going to be all-war, all-the-time; instead, we start with:

Plenary 6: Internet Architecture and Free Speech

The panelists are Jeff Chester of the Center for Digital Democracy, Paula Boyd of Microsoft, and Mike Schooler of the National Cable & Telecommuniations Association.

Jeff’s up first; he is talking about the need for ISPs to be able to use broadband pipes to reach customers, in the same way that ISPs can offer service on dial-up. And he is decrying the recent FCC decisions allowing cable and DSL companies to deny ISPs such access, and to provide differential access to preferred sites and vendors. He pointed out Ellacoya Networks and their “Total Service Control” offering as an example of the dangers ahead.

Paula Boyd says that Microsoft believes that the broadband networks should remain a level playing field, as narrowband is. Consumers should have unrestricted access to services, sites, and devices within the limits of their bandwidth and without allowing theft of service or harm to the network. Their reasons are not entirely altruistic — they worry about a provider blocking or reducing their access to the consumer, both on the MSN side and on the sales side (they expect people to buy less shrink-wrapped software in the future and more online; given the size of Office, they really need broadband!). They also had to do significant negotiation with cable and broadband companies to launch Xbox Live, and they don’t want to have to do that again (they also say that they want to ensure that smaller developers without Microsoft’s clout can get to the network). And they believe that consumers need access to lots of content to make them want broadband in the first place.

Here’s an interesting quote to hear from a Microsoft spokesperson: “We worry that there is not enough competition in the marketplace to discipline the network folks.”

Microsoft is part of a coalition (the “Coalition of Broadband Users and Innovators”, website to come) on this issue but doesn’t agree with the coalition in all respects; they focus on edge-of-network access for consumers, not for ISPs. They want network managers to address issues in terms of network management, not shaping the kinds of bits which flow through the network.

Mike Schooler of NCTA began his talk by pointing out that Microsoft, of all people, should be able to create a gloom-and-doom scenario about monopolization. He didn’t get many laughs from the audience, and I’m pretty sure he thought he was making a joke.

After that, he talked about the cable companies’ huge investments in improving their facilities; he asked the audience who has cable or DSL broadband service (most hands went up) — throughout this part of his talk, he continued to conflate cable and DSL services. His basic message is that there’s no problem now, so there’s no reason to regulate us to keep it from happening in the future. And anyway, any issues in the past (such as restrictions against VPN use) have been intended to keep a user from using more than his or her share of bandwidth so that’s OK. Of course, VPNs don’t necessarily use more bandwidth…but they are used for business services, and the cable companies would rather be able to charge more in such a case.

The Q&A was not particularly enlightening (and as usual at CFP, there weren’t many questions…mostly rants).

Plenary 7: Human Rights and the Internet

The panelists are Patrick Ball of the AAAS‘ Science and Human Rights Program, Dinah PoKempner of Human Rights Watch, Bobson Wong of Digital Freedom Network, and Elisa Munoz of the Crimes of War Project.

I am expecting this to be an advocacy panel. In fact, they distributed a handout from Human Rights Watch entitled “Internet Dissidents: A Plan For Action”, asking attendees to write letters on behalf of the prisoners profiled in the handout. They even provided the audience members with paper and envelopes and asked us to write letters NOW.

Patrick Ball’s talk was slightly different; he talked about the need to make encryption and data backup transparent — because users don’t take the extra steps to use them, even when it is literally a matter of life and death. He also talked about work to make encryption and protection easier, including the Martus project.

Plenary 8: The Great Firewall of China – Internet Filtering and Free Expression

Kimberley Heitman of Electronic Frontiers Australia started, discussing Internet Filtering in Australia, as required by the Broadcasting Services Act. The default position is that ISPs are supposed to block R and X rated content, but adhering to a code of conduct allows the ISP to not filter — the ISP must make approved filters available to users. But less than 1% of the users use a filter, so the government is considering stronger methods. Becuase there is no constitutional right of free speech in Australia, filtering is not neutral as it is in the US.

Benjamin Edelman from the Berkman Center for Internet and Society at Harvard Law School then discussed “Internet Filtering Worldwide: The Technologies of Filtering and their Unanticipated Consequences”. He’s written a paper on the issue.

Saudi Arabia blocks porn, discussion of religions (all religions, even Islam), and sensitive political content (human rights and Israel). China blocks Western news (sometimes), politics, and porn (half-heartedly (Playboy and Penthouse get blocked, but not Hustler or whitehouse.com)).

Today, blocking is generally fairly granular. Proxy-based filters allow specific URLs to be blocked, while router-based filters block entire servers, causing overblocking. In Saudi Arabia, they use proxies; in China, they use routers and see overblocking (and underblocking) as a result.

So China, for example, blocks all of blogspot.com (over a million blogs) as a result of wanting to block a smaller number of blogs on that site.

Kijoong Kim of JinboNet in South Korea then discussed the Internet Content Regulation System in South Korea. The Korean Ministry of Information and Communication proposed requiring a PICS rating system for all web content in 2000, but the proposal was defeated after activists unleashed DoS attacks on the MIC website. The 2001 version of the law includes a provision prohibiting online protests, which the activist community does not like.

Arturo Quirantes of the Universidad de Granada discussed Spain’s 2002 law requiring web publishers to register sites with the government or pay large fines. 415 Spanish webmasters responded by replacing their websites with a protest page.

[Ahh…I’ve just discovered that Henry Farrell is also blogging CFP2003, in far more detail than I am. Thanks to Cory Doctorow for the link!]

Lunchtime Activites

The conference offered many lunchtime activities again today. The most technically-interesting choice was a session on ENUM and privacy; I went there just long enough to grab a copy of the paper that CDT is preparing and to eat the box lunch provided by the conference (today’s was better than yesterday’s, but I’m sure I could have done better on the free market). The most interesting alternative was a Video Surveillance Tour of Manhattan by the Surveillance Camera Players; from what I heard, it was a very eye-opening experience.

But I hadn’t been in Manhattan since July, 2001. We’d most of that day in the Financial District, largely atop the World Trade Center, and I felt the need to go back. So I took the E train to the end of the line (Chambers Street) and went up to the street. And of course, there was something missing. I walked down the street to the Ground Zero viewing ground itself. I passed places we’d seen 21 months ago (like the Century 21 Department Store); I passed markings on buildings which said things like “9-17-01 — ash and glass”; I passed people taking pictures; and, of course, I passed T-shirt vendors. I didn’t find it necessary to buy a T-shirt to remember my visit.

Then I walked over to Broadway and walked back to the hotel. It was a long walk (about 3.5 miles), and I was glad to get back and rest; I can’t imagine what it must have been like to have done such a trip on 9/11.

Plenary 9: Data Retention in Europe and America

Even though I was in the room in time for the beginning of the panel, I had a hard time following the speakers, so I’m hoping that Henry Farrell took good notes despite being on the panel.

The one point I did take from the panel is that, in the US, there is no government requirement that ISPs (and similar businesses) retain traffic data about their subscribers unless there is an order concerning a specific active investigation; such an order can be issued for 90 days (with a possible 90-day renewal) to give the government time to request a court order to examine such records, but it applies only to traffic data created after the order is issued. Absent such an order, ISPs are free to save or discard data as their business needs require. In contrast, there is a “data retention” regime in the EU. Providers can be forced to preserve all traffic data in case the government might be interested in it at a later date.

Plenary 10: Moot Court — Beyond LICRA v. Yahoo: Free Speech in a World Without Borders

Interesting session, but nothing I can summarize and blog. In the after-court discussion, I found it interesting that several non-US participants didn’t see why the US courts might consider maintaining the ability of US-based persons or companies to be able to speak freely

Plenary 11: Terrorizing Rights: International Cooperation and
International Anti-Terrorism Policies

The panel:
David Banisar,
Tracy Cohen,
<a
href=”http://is.lse.ac.uk/staff/hosein/”>Gus Hosein, Toshi
Ogura and
John Wadham.

Gus started, and here’s the big problem he pointed out: Definitions of
terrorism vary.
And it’s not always clear what the facts are (journalists, for example,
have been known to fabricate quotes).

Tracey discussed the Algiers convention on anti-terrorism (which does not appear to be available online). There are major problems when dictators (such as Zimbabwe’s Robert Mugabe use anti-terrorism laws against their opposition, even when that opposition is not using what would generally be considered terrorist tactics). Interestingly, the Bank of England considers his family and colleagues to be subject to anti-terrorist financial sanctions.

Toshi discussed the use of anti-terrorism regulations and laws in Japan.

David Banisar tried to summarize the situation in Europe in 10 minutes. He pointed out that many countries in Western Europe have had terrorism laws for decades, because they’ve had terrorist groups for decades (think IRA or Red Brigades); this is unlike the situation in the US, where terrorism is recent. But there have been new laws since 9/11 — for example, introducing an EU-wide arrest warrant and coming up with a common definition of terrorism.

Finally, John described the situation in the UK. Liberty was set up in 1934 and they produced their first report on terrorism two years later (relating to Northern Ireland). There was already significant new legislation before 9/11, but after 9/11, stronger regulations were introduced. For example, it is a criminal offence not to tell the police about any information you have about possible terrorist activities. Membership in some political groups is a criminal offence — in fact, even claiming membership in some groups is a crime (even if it’s not true).

Dinner at Macy’s

Somehow, that doesn’t have the same ring to it as “Breakfast at Tiffany’s”, does it? And it wasn’t where I wanted to have dinner, but time was short and no one had a better idea (well, I did, but I wasn’t quite sure where I was really trying to take the group), so that’s where we wound up. And it wasn’t a bad idea, really — I wanted to have a New York pizza in the worst way, and that’s pretty much what I accomplished (memo to self: don’t order BBQ Chicken pizza in New York again). But the company was good and so were the shared desserts.

After dinner, we returned to the hotel for the Brandeis/Big Brother Award ceremony. Details will be available sometime; the winners were well-chosen (Osama bin Laden won the Lifetime Menace award; his “acceptance” speech was rather chilling, even though it was intended to be funny).

And now I’m going to call it an evening; we start a bit later tomorrow morning, which will be quite welcome.

The hotel also has an interesting policy — they not only want an imprint of your credit card when you check in, and not only do they want to see a photo ID, but they also copy your photo ID (in my case, my drivers license). I’ve never seen this done at a hotel before — I would have objected, but I realized that negotiating that particular issue with the check-in clerk was not going to be successful, and I really wanted to have a place to stay.

I don’t necessarily agree or disagree with the speakers’ statements which I’m blogging, by the way — consider these notes an aide-memoire rather than an editorial.

Bruce Schneier’s Opening Keynote

Right now, Bruce Schneier is giving the opening keynote speech (“Security, Liberty, and Trade-Offs: With Diverse Terrorism Examples”); he is discussing his five-point scheme for evaluating security trade-offs:

Step 1: What assets are you trying to protect?

Step 2: What are the risks to those assets?

Step 3: How well does the security solution mitigate those risks?

Step 4: What other risks does the security solution cause?

Step 5: What costs and trade-offs does the security solution impose?

Finally, is the trade-off worth it?

Far too often, we focus on step 3 and ignore many of the other steps — so we solve the wrong problem or introduce new problems.

In the end, all security decisions come from a negotiation between players (including the “bad guys”, though they don’t negotiate directly). Understanding how to be more secure involves understanding these negotiations. And getting a bigger say in the negotiations requires having more power.

“History teaches us one thing about mercenaries: pay them! It’s the only way to keep their interests aligned with yours.”

Peter Swire says there’s a missing step: “Can the risks and costs be mitigated?” (in other words, can we find a cheaper/less risky answer than the one being proposed?) Bruce agrees.

Bruce’s final remark: Agenda is important. You need to know your agenda, and you need to know about the other parties’ agendas.

Plenary 1: A Moment in Time

Dan Gillmor is now moderating a panel: “A Moment in Time, Putting Computers, Freedom, and Privacy in Context” with Ed Tenner and Ira Glasser. Dan also commented about the incongruity of the hotel’s ID policy, especially for this conference, and said he will be taking the issue up with the management (he, too, decided getting a room was more important than making a point at check-in).

Ira Glasser: During Bruce’s talk, the questions started raising the “non-security” issues in the security debate; I believe that this is the dominant factor, especially in the civil liberties realm. These are the central paradigms behind the “security issues” which are being used to drive the “security measures” such as “no bottles or cans at Yankee games” (great for beer sales!).

People don’t pay attention to the details, so they can easily fall for willful lies or manipulation from the top. But even the people at the top can believe their own stories — hence the surprise that there has been resistance in Iraq.

All governments (everywhere, at every time) use war and the fear of war to expand their powers and advance their own policies. “You don’t have to provide safety; you only have to provide the appearance of safety.” The fear may, indeed, be real — that’s not the question. The question is, “what are you doing about it?” And the interests of government is to claim a tradeoff between liberty and security, and as Hamilton said, people will always choose security — but what they get is the appearance of security. You cannot argue that privacy is important when people are afraid. You cannot argue that the government shouldn’t be watching everyone when they’ll claim that no one knows where the enemy is. The only successful argument is that the measures aren’t providing any actual safety — that they are illusionary. And in the past, when liberty has been reduced, safety has never been increased.

“When you’re looking for a needle in a haystack, the last thing you want to do is grow the haystack.”

Ed Tenner: In his experience in Germany and in doing research on German history, what appeared important was not actual security issues but giving the appearance of security and knowing about the problem (including all of the participants). Technology has not been necessary to monitor people — even in the middle ages, the King of France was able to round up all of the Jews in France on one day (see http://www.jewishvirtuallibrary.org/jsource/vjw/France.html or http://www.fordham.edu/halsall/jewish/1182-jewsfrance1.html) because they knew where they were. Computer technology was not necessary; nor was it necessary in Nazi Germany — society had already made it possible.

Plenary 2: Computers, Freedom, and Privacy after 9/11

Now it’s the third panel (moderated by Peter Swire): “Computers, Freedom, and Privacy after 9/11”. Peter points out that the changes in the laws after 9/11 are basically in two areas: technology and immigration. Governments have historically had broader power in the area of immigration than in other areas — but is the government “trying out” measures on immigrants to see what protests might happen if they were applied more broadly?

Anthony Romero of the ACLU is the first speaker. He is talking about the ACLU’s “Safe and Free” campaign — safety without freedom is dictatorship, while freedom without safety is impossible. And one of the areas of concern is profiling and discrimination. President Bush’s initial statements (and later ones) called for non-discrimination, but the actions of the government use race and religion as a proxy for suspicion, and they have been moving more in that direction over time, as well as adding additional restrictions (for example, giving the government access to library records). He blames Ashcroft.

Nawar Shora of the American-Arab Anti-Discrimination Committee is the second speaker. He says that using race and religion as a factor in determining suspicions is legitimate — using race and religion as the only factor is not. ADC’s website and e-mail systems are under constant attack (as are other civil rights organizations).

Jim Dempsey of the Center for Democracy and Technology is the third speaker. He points out that people seem to gravitate to creating dichotomies (for example, freedom versus safety) even when the two are not incompatible. And people who care about civil liberties should never cede the effectiveness issue — the first question should always be “does this actually work? How will it be effective?” At times, the police don’t want some of the technology and powers that they’re being given because they know that they won’t actually affect crime.
Jim also says that current case law says you don’t have privacy interests in data collected about you which is not actually under your control…so that third-party data collection can be freely mined without violating your privacy interests (though it does violate your privacy). He also calls for corporations to take higher ground than their current view that immunization is sufficient — we need to rebuild the view that trust is required. In earlier battles, corporate and civil liberties interests were aligned; can this happen again?

Box Lunch with Robert O’Harrow

Lunch time at CFP is not time off — instead, they put out box lunches and run parallel sessions. I have mixed feelings about this, because it crowds out time for unstructured discussions (and because I am sure I could find better things to eat in New York City than a box lunch from the hotel), but it also offers the chance for small-group structured discussions. Today, I went to lunch with Robert O’Harrow of the Washington Post. His particular beat has been privacy, and so it was unsurprising that most of the discussion centered around data mining, which has both good and evil applications, even in the hands of the press.

George Radwanski – second keynote

George Radwanski, the Privacy Commissioner of Canada, is now giving the second keynote. He, unsurprisingly, considers privacy to be very important, and considers many of the measures taken in the US since 9/11 to be terrible. “When it comes to sacrificing a fundamental right such as privacy, you don’t have to take my word for it. Osama bin Laden said, a month after 9/11, ‘freedom and human rights in the US are doomed.'”

Plenary 3: Total Information Awareness – A Debate

Now we’re in the Total Information Awareness debate; apparently the
conference was unable to get anyone from the TIA office to
participate.

Herb Lin from the National Academy is presiding, and he’s opened the
discussion by asking the panellists to concentrate on the program, not
the personality of the
director. And he is bringing up reasonable questions for the panel to consider (technical as well as policy); it’ll be interesting to see if the panel pays any attention.

Heather McDonald of the Manhattan Institute is first up; she’s an advocate for TIA. She says she is puzzled by the reactions from both the civil rights left and the libertarian right to the government’s measures since 9/11, and that the opponents to TIA are “defending the status quo which led up to 9/11”. She’s written an article which seems to sum up her position, and I suggest you read that (since I can’t type fast enough to do her justice).

Katie Corrigan from the ACLU is the second speaker; she’s against TIA. She asks whether the goal of the TIA is to “connect the dots” or to find the dots to connect. She suggests that, unless TIA can be shown to be effective, there is no reason to deploy it, and no need to consider whether it is more invasive to privacy than necessary. But if it is effective, then the questions about trade-offs on privacy need to be asked.

Michael Scardavilleof the Heritage Foundation is another proponent. He recommends that the audience read his paper on the TIA, because he’s sure that five minutes won’t be long enough to make his case. And he was right.

Finally, Barbara Simons of USACM is making her case against TIA (which is covered by the USACM’s letter to the Senate Armed Services Committee).

The Q&A has begun. Heather McDonald is first up, asking whether the TIA opponents would object to the government being able to query databases about a known individual (to which Katie’s answer is “no”, but that she would object to searching for patterns with no probable cause in hopes of finding individuals to treat as suspects).

My verdict: Neither side carried the day; all of the speakers except Heather McDonald made good points (she expressed lots of emotion but backed it up with very few if any facts — she dismissed anyone opposed to TIA as a Luddite, to which Barbara Simons took good-natured and accurate objection). Michael Scardaville put it better: “reasonable people can — and do — disagree.”

It would have been good to have had more light than heat, though.

Plenary 4: The Moral Maze

After a too-short break (they keep us busy here, boss!), we’re back for a role-playing exercise (“Role Play the Moral Maze– Security and Freedom in A Dangerous World”), chaired by Simon Davies of Privacy International. The exercise is set in Podunk, Texas, in a very unhappy 2005 (during W’s third term)…a town which wants to maintain its stability, despite the unpleasant environment. Simon is directing the discussion by providing bits of information to the characters and asking them what they think or do — it’s interesting, but it doesn’t lend itself to writing down as it happens, so I’ll take a bit of a break from blogging the conference.

Plenary 5: Patriot II and Electronic Survelliance

The final panel for today (before the EFF awards ceremony, which will be held on the 80th floor of the Empire State Building) is devoted to a discussion of electronic survelliance and Patriot II. I suspect that most, if not all, of the panel will be against it.

David Sobel is the first speaker; he is general counsel at EPIC, and his talk is entitled “From ‘Root Canal’ to PATRIOT II: Government Acccess to Electronic Communications”. It was a straightforward description of the laws, regulations, and attempts for laws and regulations over the past twelve years or so, and it included some documents received under FOIA (all of which, interestingly, were completely blacked out when provided to EPIC).

The second speaker is Kate Martin of the Center for National Security Studies, talking about FISA, its effect on civil liberties, and possible broadenings of its reach in the near future.

And the third speaker, Ann Beeson of ACLU is talking about the activities around the filing of the brief with the secret FISA court. The decision of the FISA court is not appealable to the Supreme Court (because the government is the only party to the case), but ACLU filed a petition with the Supreme Court asking them to intervene anyway, which the court denied. So the only way to litigate the expansion of surveillance under FISA is if there is a criminal case where the evidence was obtained under FISA (and this rarely happens; most of the time, there is no case).

So, to sum up the first day:

Not much controversy. Only one issue. Even though there is no question that CFP really does need to focus on the big issue of the day, I miss the old CFP, where there were many topics and people from all sides of the issues.

Life after the last session

I had a nice Glatt Kosher dinner at Abigaels on Broadway, a few blocks from the hotel, along with a fellow IBMer; we chatted about the conference and a bit about work. I picked Abigaels because they’re a participant in AAdvantage Dining and I wanted more miles and for the novelty of eating in a Glatt Kosher restaurant outside of Israel, but I’d happily go back even without collecting miles (and since they had to manually process my credit card, I may not have collected the miles this time anyway!).

Following dinner, we hiked to the Empire State Building for the EFF Pioneer Awards reception and ceremony; since it turned out to be a dessert reception, I was glad I’d had dinner first. All of the honorees were deserving of the honor, but I have to admit to getting a bit impatient during their speeches.

I then walked back to the hotel, planning to skip the BOFs and call it an evening, but ran into yet another attendee who wanted to get a bite to eat and convinced me to walk down to Penn Station with him (a block away). As long as I was there, I had a very small Sedutto ice cream cone — it wasn’t nearly as good as I remember it to have been back when I spent ten weeks in Manhattan at IBM’s Systems Research Institute. And then we walked some more — up Eighth Avenue to 42nd Street, then over to Broadway, then up to 50th, then over to Sixth Avenue (Avenue of the Americas, if you want to be picky about it!), down to 42nd, over to 7th, down to 34th, and back to the hotel — just under two miles. That was a good way to finish the evening and work off the chocolate — now it’s time to call it a night, because tomorrow, the conference starts early again!