CFP 2002 In Review

CFP 2002 Day One

I’m not sure that “jet lag” is really properly named. I’m spending the next few days at the Conference on Computers, Freedom, and Privacy at the Cathedral Hill Hotel in San Francisco, about an hour from home. The conference goes till midnight tonight and tomorrow, so I think I’m spending IBM’s money wisely by taking a hotel room instead of driving home at night — but I sure wish that I actually had gained some sleep by staying here.

Instead, I’m suffering from a severe case of hotel lag — it was very difficult to get to sleep last night. I’m sure it was partially due to having a big, late dinner at Stars (tasty, and good conversation…but big and late nonetheless), but it didn’t help that my room is noisy (looking over Van Ness Avenue) and it was difficult to get the temperature at all close to what I wanted.

It’s pretty obvious that this is an older hotel — the phone is hardwired to the wall by the bed, nowhere near the desk, and there aren’t many power outlets (and most of the ones are two-prong, something I thought was obsolete everywhere but my house!). But the location is pretty good, and it wasn’t too hard to make my way through afternoon traffic to get here.

CFP itself seems more predictable than in past years; the topics have changed slightly (there’s a lot of discussion of post-9/11 issues), but when someone goes up to the mike, I can bet what he or she is going to say. Maybe I’ll find it more interesting tomorrow if I’m more awake…I managed to escape the hotel for a few minutes during the last break, and that seems to have helped, already.

One last CFP note for now: tonight, Dan Gillmor will be receiving a well-deserved EFF Pioneer Award (as will Beth Givens and the DeCSS authors, but I don’t think they have weblogs). The Pioneer Award ceremony is open to the public, so if you happen to read this before 8pm Pacific today, come on by!

The last plenary session of the day, “Biometrics Face-Off: Can Biometrics Promise Better Security without Destroying Privacy and Civil Rights?”, didn’t answer the question in its title. The speakers mostly gave their prepared presentations and the audience gave their prepared questions (some of which were off the topic). But there were two presenters I found especially interesting: Captain Ron Davis of the Oakland Police, who would be a user of biometric technology (as a cop) and might well be a victim of it (as a black man), and Roger Clarke from Xamax Consultancy in Australia (a long-time CFP participant), who pointed out that if you don’t design your system to answer specific questions (for example, “should this person be allowed into an area?”), you will wind up with a system which probably is ineffective but probably is privacy-hostile.

At dinner, California Attorney General Bill Lockyer gave an interesting and funny talk; he didn’t go into depth on anything, but touched on spam, states’ rights, the Federal system, computers in the criminal justice system, and pecan pie, which he likened to George W. Bush: a sweet presentation hiding a low-value Texas nut. The latter point helped me a bit at the EFF Pioneer Awards dessert reception, by encouraging me to avoid the pecan pie…but I made up for hit by eating the chocolate cheesecake.

A few other sites blogging CFP:

CFP 2002 Day Two

I blew off the BoF sessions last night in favor of attempting to get some sleep — I appear to have been successful at it, too.

We started this morning with a presentation by Patrick Bell of the AAAS presenting some of the statistical analysis he did preparing for the trial of Slobodan Milosevic at the International Criminal Tribunal for Former Yugoslavia last year at the Hague. His analysis showed that the pattern of deaths and migrations did not match the pattern of NATO air strikes or Albanian insurgent activity, but that it did match, quite accurately, the activity of the Yugoslav forces. Unlike most of the discussions at this conference, Bell’s presentation showed how computers can actually be used to strike a blow for freedom.

Currently, the second plenary session is in progress: How to Hack an Election. We’ve had presentations from officials and from computer folks; after hearing all of this, I’m amazed that elections work at all!

Proxim has very kindly provided 802.11b (and 802.11a) connectivity here at the conference; unfortunately, whatever router they’re using is not particularly IPSec-friendly. I’ve been able to connect in to work a few times, but the connectivity is dubious and drops randomly. Connectivity to the rest of the world has been pretty solid, but I can’t get to my real e-mail. Hmmm…perhaps that’s actually a good thing!

Now I’m in the third plenary session, “Who Goes There? Privacy in Identity and Location Services”. Brian Arbogast, the VP at Microsoft responsible for Passport, just made an interesting observation:
“One of the nice things about working at Microsoft is we never have to make decisions on the basis of short-term profit.” He went on to say that they do, of course, worry about long-term profit.

Jason Catlett of Junkbusters just observed that, when he was young, he worried about IBM becoming the Evil Empire, but that’s no longer the case, and he looks forward to the day when he no longer has to worry about Microsoft as the Evil Empire. He also apologized to Roger Cochetti of Verisign for not believing that he has to worry about them, despite Network Solutions’ best efforts.

Appropriately enough for this session, I just noticed this:
Seattle Times: “The federal government might use Microsoft’s Passport technology to verify the online identity of America’s citizens, federal employees and businesses, according to the White House technology czar.” [via Scripting News]

Choosing a parallel session was a difficult task, but I finally settled on the Open Source session, which was held, appropriately enough, in the Cathedral Room (the hotel does not have a Bazaar Room as far as I can tell). There wasn’t a lot of new ground covered by the panelists (and again, there wasn’t much time left for audience comment), but Tim O’Reilly made one interesting observation: he worries that the continuing deluge of software patents may break the “plausibility of open development and innovation” which has characterized the Internet to date.

At lunch, Larry Irving gave an impassioned speech on the digital divide (his take: it still exists, and it’s government’s job to encourage the rest of society to take steps to close it — but the market isn’t going to do it by itself) and on media consolidation and its effect on the reduction in the number of views available to the public (AOL was the sponsor of lunch and he was travelling with an AOL VP, but he didn’t spare them in his remarks).

I skipped the first after-lunch plenary session on “Activism Online” in favor of a short walk in the open air (it’s good to know that there’s a real world).

And now I’m in the plenary session on the DMCA — it’s a play in one act and several scenes. The DMCA is a truly scary law — but it pales compared to the potential for utter stupidity which the CBDTPA would unleash.

Interesting comment from Barbara Simons (who is teaching a course, along with Ed Felten, at Stanford on Legal and Policy Perspectives on Information Technology: she pointed out that the anti-circumvention provisions of the DMCA weren’t activated until 2000, because they might have interfered with Y2K remediation work (and has written more about this in her Viewpoint).

All of this discussion about the DMCA is encouraging me to stop at an electronics store on the way home and buy a DVD recorder now, before they’re made illegal. I don’t have a good track record on these predictions, though — in 1981, we rushed out and bought a VCR the weekend after the 9th Circuit Court of Appeals ruled against Sony in the Betamax decision, which was, of course, later reversed by the U. S. Supreme Court. It was a good VCR and held us for many years, but boy, was it expensive ($1000!), and video tapes were awfully pricey, too (I remember scrimping to be able to buy a box of ten tapes to take advantage of the quantity discount — $170 was big money in 1981! It’s still not a trivial amount of cash, but it’s not quite as significant to me as it was then.).

I’m also planning to join EFF. I’ll have to wait until I get home, though; EFF would be happy to take my money over the Web, but they also want a hardcopy (I don’t know why) and I can’t print anything here. And I’m not sure I want to submit my credit card number on a non-encrypted wireless network, either!

I am not alone at blogging CFP as it’s happening — hi, Thomas! (PS: I’m on the left side of the room as you face the stage, three rows behind the last row of tables.) Michael is also blogging CFP, but not in real time, at least not yet.

Ahh, it’s beginning to look like a real CFP — the panel is debating one another’s positions instead of just giving their prepared talks, and, even though it’s still several minutes before the audience will get their turn, the lines at the microphones are already several people deep…probably deep enough that not everyone already standing will get to rant…err, ask questions.

And the last question of the session was, in best CFP form, a loud and impassioned rant. But it was on-topic, which hasn’t always been the case in the past!

The final plenary session of the day is underway, a formal debate on future of intellectual property. So far, there haven’t been any surprises; John Perry Barlow of the EFF is against the DMCA and its ilk, while Steve Metalitz of the International Intellectual Property Alliance is for it (and said that the DMCA was necessary to comply with [unnamed] international agreements, which is somewhat surprising to me. He also said that the extension of copyright term and increased enforcement of copyright is good because it significantly improves the US balance of payment — these two statements seem to be somewhat at odds to me).

Karen Coyle just made an important point, which John Perry Barlow is reinforcing — putting the history of our times at the risk of technological and legal obsolescence is nothing short of criminal. We risk creating an electronic Dark Ages in pursuit of short-term gain for IP owners (media monopolies).

After the final plenary session of the day, Privacy International presented the Twentieth Big Brother Awards, as well as the Brandeis Awards for those who work for privacy. I had to leave before the Brandeis Awards were presented, but the Big Brother Award ceremony was witty and thought-provoking, as always.

I had to leave because I had a dinner appointment
at Zare Restaurant in the financial district; the food was excellent (though the room was a bit on the noisy side at times). I am glad I didn’t have to pay for dinner out of my own pocket this time, but if I wanted to splurge on a fine meal, I’d give Zare serious consideration.

By the time we were finished with dinner and back at the hotel, it was quite late; I suspect that the BoFs were still going, but I decided to declare victory and go to bed.

Have they no shame?

Trading cards created that portray 9/11 victims [USA Today]

CFP Day Three (and last)

The morning started out well — I managed to spend a few minutes in the exercise room in the hotel. Not as long as I’d like to have spent (I probably shouldn’t have had dessert last night, but it was awfully tasty!), but better than doing nothing, and most of the time I’m at a hotel, I do nothing because I can’t manage a full workout.

When I came back downstairs for breakfast, I ran into our closing speaker, Bruce Sterling and had him sign a couple of the books I’d bought during the conference (and yes, they were books he’d written!). I’m looking forward to his session — if it’s anything like his closing rant in Austin (Real Audio, be warned!) at CFP ’98, it’ll be well worth staying for (even though it means driving home through rush hour getaway day traffic).

State Senator Jackie Speier was this morning’s leadoff speaker, talking about her efforts to get a financial privacy bill (SB 773) through the California Legislature, and why it’s necessary (her assertion, which I agree with, is that consumers will be happy to allow their data to be used if there’s a benefit to them (and not just to the financial institutions), so that an opt-in policy should not affect the industry’s bottom line and would be in keeping with the California State Constitution‘s explicit right to privacy).

Now I’m at the second plenary session, this one on public records and the Internet. I’m afraid my brain overflowed during this session and I didn’t take good notes; I hope one of the other bloggers here will fill the gap for me when I write my trip report.

Speaking of other bloggers, I’m now maintaining a list of CFP 2002 Resources and Blogs for my convenience, and possibly yours.

I had to check out of the hotel before the deadline, and then I got into a discussion with the chair of next year’s CFP, Barry Steinhardt of the ACLU, and so I missed most of the “Are the Tools the Rules?: The Future of the Digital Commons” session. When I got into the room, DeWayne Hendricks, WA8DZP, was at the podium talking about the effect of wireless technologies at making the Net available in developing countries and depressed areas (such as Indian reservations in the US, where there are some interesting legal avenues towards bypassing FCC regulations; of course, FCC regs don’t apply outside the US). This was almost certainly the most technical talk at this CFP, and I’d been looking forward to it (I used to experiment in TCP/IP on Amateur Radio, and DeWayne was one of the leading lights in the area). Oh, well….

Now I’m at the lunchtime “Privacy Enhancing Technologies” session.

Ian Goldberg of ZeroKnowledge talked about the state of the world 5 years ago, and the state of the world now, pointing out that we don’t have much more in the way of privacy enhancing technologies now than we did then…and that some of the promising technologies then have fallen into disuse, such as DigiCash.

He divided the field into four classes, in increasing order of difficulty of real-world implementation:

  1. Single-party (such as the JunkBusters proxy)
  2. Centralized-intermediary (one intermediary, or multiple independent intermediaries – an anoymous remailer is an example)
  3. Multiple-intermediary (where there are multiple cooperating intermediaries required, such as their [failed] Freedom Network)
  4. Server-based (where the entire ecosystem needs to agree to use the technology, such as digital cash).

He also pointed out that hackers like to write code — but there’s a long distance between the code and a useful instantiation of the technology, and that distance is longer in as you move down the list.

I think he’s missing one point — a successful technology needs to benefit all the players, not just the customer (or not just the retailer). Credit cards, to take an example, took a long time to spread, but when they hit the tipping point, they quickly became ubiquitous. Debit cards took a longer time to make that leap because the advantages to consumers were more dubious (especially at places that have the nerve to charge a transaction fee!). Secure Electronic Transactions never took off, because the advantages were too dubious to too many people in the value net. (Did I just really write “value net?”!)

Lorrie Cranor talked about P3P and the AT&T Privacy Bird.

Paul Syverson talked about the Privacy-Enhancing Technology workshop and talked about the role of reputation in privacy-enhancing systems, and said that security relies on privacy (most people believe that the converse is true).

Marc Levine talked about the Martus (Greek for “witness”) project — providing privacy and security to human rights organizations around the world, for example with encryption and off-site (and out-of-country, in most cases!) storage of sensitive (dangerous!) information.

A spirited discussion followed the presentations, to which I added my observation above, expressed somewhat differently, as a statement that people won’t use a technology if they don’t know that they need it – the people using Martus know that the consequences of exposure may literally be fatal, but that’s not the case for, say, most Americans. And someone came back with the need for privacy preserving technologies for victims of domestic violence, for whom it may also be a life-or-death matter, even in America (or maybe especially in America).

The lunchtime discussion ran a bit long, so I missed the first part of the final plenary session, “Should We Meet John Doe? Civil Litigation and Anonymity in Cyberspace”. When I went into the ballroom, whoever had the mike was talking in deep legal terms, so I walked out again and took a final lap around the block containing the hotel, returning in time for a final coffee break (the hotel did a very good job with cookies!), and Bruce Sterling’s closing keynote.

Trying to summarize a Bruce Sterling talk is a foolish endeavour. I hope not to be a fool, at least not blatantly, so I won’t give a summary; instead, I hope that Bruce either publishes his talk [he did] or that the conference puts the audio file on the Web, and I’ll quote one line to give you a little bit of the flavor of his talk:

“Linux isn’t a competitive free market product — it’s a slave revolt!”

And then the conference was over. And it was only 4:45, so I decided that I had a chance of beating the worst of rush-hour traffic if I left right away, and that’s exactly what I did. Traffic was slow until I got onto the 280 extension heading South — then the only problem was staying within reasonable hailing distance of the speed limit, though traffic did slow again a couple of miles from my house. And I got home in time to join my family in welcoming Shabbat and for a wonderful dinner.

Now it’s off to Temple to help set up the Oneg; Diane reads Torah tomorrow at services, and we plan to go see the Flying Karamazov Brothers in Berkeley on Sunday.

Shabbat Shalom!