By Joe Barr Originally published in February, 1998 CFP 1. Computers, Freedom, and Privacy, an annual conference on civil liberties in the information age. 2. An illuminating celebration of the struggle to define individual rights in the global village. The 8th annual Computers, Freedom and Privacy conference was hosted by the University of Texas Law School this year at the Hyatt Regency in Austin, Texas. Although when I first heard about it last fall I didn't plan on attending (it's pricey, over $400.00 for admission, materials, and events), scholarships for starving journalists were available which let me spend only what I wanted to for materials and meals. That brought the price tag down to about $130.00 (I chose the conference materials and dinner two nights) and I decided to give it a go. Now that I've been, I'll say that in my opinion it would have been a bargain at full price. The conference proper started Wednesday morning, February 18th. But an email from Jon Lebkowsky gave me a running start. Wendy Grossman, an American journalist in London and a conference panelist, was doing a book reading Tuesday evening for her recently published "net.wars." In spite of some scheduling confusion at the bookstore, Wendy prevailed and entertained a dozen or so of us with snippets from the book and lively banter. I scored three schmooze points (Wendy, Jon, and Jep Hill) and the conference hadn't even begun. Wednesday I bow to Mike Godwin. He is a pioneer and a tireless, effective advocate of all that that netizens hold dear. But I've heard him speak at various functions, and he and I share a common malady: we tend to go on too long. Opening morning I had to choose between Mike's three hour session on "Free Speech, the Constitution, and Privacy in Cyberspace" or "Net Hacks and Defenses." They say water seeks its own level. The "Net Hacks" panel consisted of Peter Shipley, recovering hacker; Hugh Daniels of the Linux Free SWAN organization; Dave Del Torto of PGP, Inc. (now Network Associates); Charisse Castagnoli of Internet Security Systems; and Lucky Green of the Independent Smartcard Developer Association. Dave Del Torto picked the panel and moderated the session. Peter Shipley was the star. He took the stage first and held it the longest. His long hair looked uncomfortable in the (tie-free) suit he was wearing. Besides, in Austin clean jeans brings you right to the edge of over-dressed. He looked like a rock n roll star trying to impersonate an MBA. But Peter not only knows his stuff, he is dweeb-literate. His talk was fast-paced, passionate, informative, and entertaining. He makes a living these days by helping companies uncover their security holes. You can see the scam-man in Peter. I imagine his social-engineering skills, money in the bank for hackers, are considerable. This guy could sell kool-aid at a micro-brewers convention. He's also written a few programs that are well known in certain circles around the internet. Peter likes the interaction of an audience. He can dumb down for the suits or effortlessly shift to the appropriate level when a geek throws him a question. You want this guy to be on your team, not against you. Shipley had some advice on how to make an NT machine secure. His opinion, and in fact the unanimous feeling of the panel as a whole, is that it simply is not defensible, but they offered these suggestions for anyone wanting to try: * Do not use NT as a platform for a firewall. * Do not use NT as a platform for a server. * Don't put just one firewall between it and the net, put two. * Format the hard drive and install a flavor of Unix. * Don't connect it to a network. * Don't plug it in. Hugh Daniel looks more like a dweeb than Peter. He looks like he spends a lot more time looking at code, and with the Linux FreeSWAN project going on, I can understand why. The Linux Free SWAN effort is all about creating secure internet links between like-minded machines. No matter what you're doing on the internet, communication is accomplished by stuffing data in self-addressed envelopes (packets) and feeding them to the routers. Each packet contains the appropriate routing information to get it to the far end, and an address (yours, unless you are spoofing someone) so the other end knows how to address the reply. Free SWAN encrypts the data in each packet, not the routing information. Because the routing information remains clear-text, Free SWAN can be set up between any two cooperating points on the net. Encryption is accomplished using (like PGP) the Diffie-Hellman algorithm. Although still vulnerable to traffic-analysis (who is talking to whom, how often, when, where, etc.) the data communicated is secure. Charisse Castagnoli brought the session back from the fringes of cyberspace with her pitch aimed at pointy-haired managers looking for security tools. Charisse says she has a love-hate relationship with NT, but that it makes a lot of money for her. She had to rush through her slides due to a late start and a misunderstanding about the session length. The panel prepared for four hours, but only got three. I'm not sure if Lucky Green got a chance to speak or not, I was willing to be late for lunch but not to miss it completely. My one major disappointment of CFP98 is that I didn't attend the "Net Vengeance: The Law And Ethics Of Selp-Help Remedies For On-Line Harms." Unfortunately, it was scheduled at 5:15 PM. That would have put me in rush-hour traffic to get back to the hotel. Like I told my friend Edie a few years ago, "I love you, girl, but don't ever ask me to take you to the airport at rush hour again." Dinner the first night was at the Austin Music Hall. Tony Price provided the entertainment. I schmoozed as much as I could, getting a word in with Bruce Sterling about the German TV documentary on Computer Crime that we were taped for last fall. I also saw other Austin kingpins of civil liberty in cyberspace Gene Crick, David Smith, and Jon Lebkowsky. Another three point effort. I can't count Jon again as I got that point Tuesday night. The buffet offered some nice tasting fajita fixings which I enjoyed in silence with two suits who looked like they were from SW Bell and a professional looking couple. It's possible my black t-shirt with NARC WINTEL on the back had a chilling effect on conversation. Thursday The second day began with a session on "Pragmatism and Principle in Online Advocacy." I had no idea what to expect but was intrigued by the title. The session was a debate between Jerry Berman of the Center for Democracy and Technology and Donald Haines of the ACLU. This is the issue debated. Suppose that on principle, you must face due north at noon. Legislation is introduced which calls for everyone to face south at noon. After all the committees and compromises, the final choice is between facing north-northeast at noon or south at noon. As advocate for the cause, do you support the north-northeast proposal or do you remain silent and offer no opinion at all. Pragmatism demands you work towards the best deal you can get. Principle won't accept anything but north. Do you play or not? There are only two choices left on the field. During the debate I sided with Jerry. His insistence that not to support the lesser of two evils in the battle against the CDA would be the same as abandoning his post was convincing, and his bald head made him look more radical than Jerry. I think that most of the crowd was with Jerry. But later in the day, the more I thought about it, the more I began to agree with Donald. Donald took the position that supporting either evil was abandoning the principles they were fighting for in the first place. I was on the horns of a real dilemma and didn't even know it. "How to Do A Wiretap" was easily the most entertaining session of the entire conference. Shabbir J. Safdar and guests demonstrated the legal restraints on doing wiretaps by acting out the roles of judge, FBI agents, and attorneys. For a plot, they created bad guys out of a pair of Olympic snowboarders who were conspiring to smuggle drugs into Japan for the Olympics. The FBI agent was made strikingly dumb about the law so that through his errors in procedure the law could be made clear as the judge corrected him. One item of interest is the fact that wiretaps require human intercept operators and are therefore expensive. Title III requires that the operators stop listening when, after a minute or two into a call, there is nothing being discussed that was spelled out in the request for the wiretap. They can check back in on the call periodically to see if the subject as changed, but the point is they do not have carte blanche to listen to every word of every call. That means they can't just turn on a tape recorder and walk away. The economics may be a greater bar to their use than the requirements for approval of this special type of search warrant. Another is that the restrictions are lower on intercepting data than voice. And a request to get a log of all calls made from a number, including the date/time/duration and any additional touch-tone key presses is absolutely automatic. Judges might narrow the scope of wiretap requests occasionally, or perhaps once in a blue moon even deny one, but the PIN log request is automatic. In the halls outside the meeting rooms that day I ran into Pete Kennedy, the Civil Libertarian of The Year in Texas last year. He is also the man who stepped forward to protect me from a threatened suit by two Microsoft employees. It's always good to see Mister Kennedy. A few minutes later a young guy tapped me on the shoulder to say hello. I said howdy and asked who he was. He said "I'm not sure I should tell you who I'm with." My first thought was that he was a Microsoft employee, but the business card he handed me read Robert Lemos, Senior Writer ZDNN. It's such a small world, this global village we live in.. Just a week before I had chastised Lemos for equating Digital's Alpha CPU with Intel's Pentium II. That's like comparing the performance of a Yugo with a Ferrari. The Alpha is 64 bits, runs at 600mhz, and has plans to go over 1,000mhz in the next year or so. The Pentium II is a 32-bit exercise in engineering cowardice. If it's fast, it's because it's trying to run away from AMD's K-6. Intel is busting its ass to get Merced to market in the next two years. When it arrives, it will only a few years behind the Alpha. Lemos' false comparison is an insult to the Alpha and much more of a compliment to the Pentium II than it deserves. I wanted to have coffee with Lemos to discuss it, but it turns out he was too busy. Pity. In any case, those two encounters added two more points to my schmooze total. Dinner the second night was at the Hyatt. A fancier buffet with nicer table settings, but the fare was just the same: fajita fixings. No band played, but former FCC commissioner Nicholas Johnson gave a speech afterwards. I had the very good fortune to share a table with two gentleman from Japan, a professor of law and a lawyer, and a retired professor from Kansas State by the name of Martin van Swaay. Professor van Swaay comes to every CFP he can. This was the eighth and he has missed only one. I found him fascinating. A chemist who became a computer scientist, he created a course on computer ethics that is now required for a CS degree at Kansas State. We chatted about this and that and I mentioned that I was still undecided which side of the question from the morning session I came down on. He said that's because it is a dilemma, not a problem that can be solved. I asked him if he was familiar with the "Prisoner's Dilemma," since I have seen references to that online for years but never understood the basis for them. The good professor not only explained it to me, he gave me a pointer to Matt Ridley's book The Origins of Virtue, which discusses the larger issue behind the "Prisoner's Dilemma," the conflict between self-interest and altruism. I'll probably be remembering this dinner for years to come. I claim two points for the rare "Discovered Schmooze," bringing my total to ten. The last thing on my agenda for Thursday was the BOF ("Birds of a feather") session which continued the "Net Hacks" session from day one with hands-on activity on the net. In fact I missed my Austin Linux Group meeting just hanging out waiting for the thing to start. Unfortunately, the room was too small and there was an overflow crowd which prevented watching, let alone participating. The price of popularity. Friday I took a short detour from the conference proper Friday morning. The Center for Democracy and Technology hosted a breakfast/brunch for the press to outline and discuss the issues looming on the civil libertarian event horizon. When I returned to CFP later in the day, it seemed the crowd had changed. Or maybe I was just running into name tags I had missed the first two days. First I ran into an FBI agent who was attending the conference. I plopped myself down next to her on a bench in the lobby to find out what she was doing there. She was there "to learn," or at least that's all I could get out of her. Not wanting to squander an opportunity, I told her I was unhappy with the FBI and asked if I could whine to her about it. Her eyes got a little larger, but she said OK. "These special agents in Redmond are not doing anything for me," I told her. Microsoft has tried to hack into my web site a couple of times and the agent there seems afraid to ask them why. "He probably is," she said. I told her that I wanted the same protection by the federales that Gates would get if the tables were turned. She nodded, indicating that seemed fair. Showing what I had learned by rubbing elbows with brilliant legal minds for two days, I offered this stone-cold brilliant conclusion: "I know Scully would do it for me." "Yes, and she's on my team" the agent replied with a smile. I think I can safely claim a point for this encounter. A little later I ran into a spook, a gentleman from the NSA. My interrogation techniques sharpened from my first three-letter micro-interview earlier, I learned even less from my questions to him. He said he was not attending to learn how to spy on the internet, but how to keep others from spying on them. "Ah, COMSEC" I said. His eyes got bigger, too. Finally, frustrated that I couldn't get an answer out of him about anything, I said "You guys have heard about the Pueblo, haven't you?" I'm pretty sure I have to give up a point here for an ill will penalty. Following a good session entitled "Is Technology Really Neutral? Is PICS the Devil?" the final session began. One I had been waiting for all week. "Covering the Net: Or, What Has The Press Been Smoking." On the panel were Todd Lappin, Wired Magazine; Peter Lewis, The New York Times; Elizabeth Weise, USA Today; and Wendy Grossman, freelancer in London. Most of the heat from this journalists-on-journalists event was Wired picking on Time for its cyberporn cover story. There were also a few anecdotes and chuckles about how misinformed a lot of their colleagues were. The topic drifted slowly as the Q&A approached. It became more of a commentary on how the internet has changed journalism: Drudge, the rush to get the story on the net first, the furious pace and the mistakes that result. Finally they threw it open for questions. First in line, ahead even of Mike Godwin's "One quick comment and then a question" was Phil Zimmermann, the creator of PGP, Pretty Good Privacy. "I heard there might be a lot of attacks on the press today and I wanted to get my remarks in first," Phil said. He went on to recount how, during his prosecution by the federales for the alleged export of munitions, the press had come forward and, in his words, "saved my bacon." Not only did they make him a cause celebre, they helped publicize his plight. And his legal defense fund. His remarks were so sincere, so from the heart, that it made me proud that The Dweebspeak Primer was one of those publications who ran ads for his defense fund. I think his comments took whatever sting there may have been in store for the panel from those that followed him to the microphone. Bruce Sterling closed the conference with a visionary's speech, "Thoughts on the future." As I read a synopsis the next day, Bruce briefly outlined the history of civil libertarians on the net and concluded that now it was time for everyone to "chill out and drink some beer." The conference was then adjourned and at Bruce's invitation followed him back to his home to do exactly that. Epilog The day after the conference I lay down for an hour nap and woke up five hours later. I take it as a sign of the brain-scrubbing and stimulation I got at CFP98. It was as if I had been lifted from a remedial class in slacker and dropped into a post-graduate seminar with lots of people who were not only smarter but better informed. The sessions I attended reflect only a fraction of those available. It was like a trip to Dweeb World, there were simply too many rides and games and shows to see them all in the time allowed. I scanned an article in Wired Online a day or two afterwards and it seems that some of the folks think it's leaning towards tired. Not for me. I'm looking forward to seeing the good professor at the next one.