A View from Simson Garfinkel
The ACM Conference on Computers, Freedom, and Privacy
What’s on the minds of privacy experts?
I’m in Montreal attending the annual Association Computer Machinery (ACM) conference on Computers, Freedom, and Privacy (CFP). Now in its 17th year, this conference was once the only venue where topics like cyber-rights, wiretaps, and cryptography policy were actually discussed. That’s before Wired magazine and the birth of the commercial Internet as we know it, of course. But CFP is still one of the few places where technologists, policy wonks, government officials, and the cyber-libertarian fringe can get together and have open and honest, if not entirely friendly, conversations.
I gave a tutorial about computer forensics, then sat in on a talk about U.S. wiretap regulation. In the evening there was a 90-minute session called “Postings from the Edge,” at which some of the wise old heads of the Internet gave their opinions about the leading technology and policy problems of our day.
Peter Neumann, from SRI International, opened the discussion. He has been following computer security and computer-related risks for years. After years of trying to build secure systems, he now spends most of his public life documenting how systems fail.
The conference opened on May 1–May Day. Neumann, who loves puns, pined that “mayday” is also an expression used by pilots who are sinking, and he said that we have a related problem today. We believe that computers can be trustworthy, he said–but they are not trustworthy. We have a belief that we can build simple systems–but secure systems are not simple. So we just can’t build systems that are simple and trustworthy. This is a conflict.
What’s more, Neumann said, a lot of problems we are trying to solve with computer security–things like privacy–are extrinsic to the computer system. We try to use secure computers to protect privacy, but privacy isn’t being violated by the computer systems; it’s being violated by the people who have legitimate access to the computer systems that are holding the private data. “Privacy cannot be protected with technology alone, and yet we have enormous belief in our computer systems and all of the people who have access to them,” Neumann said.
We need to be aware of the risks that we are dealing with, addressing those that can be addressed with technology and restructuring our society and civilization to address the others.
Anita Allen, from the University of Pennsylvania Law School, stated that it only took 10 years to sequence the human genome, thanks to computers. Allen said that this week the House of Representatives passed the Genetic Nondiscrimination Act, which will help protect Americans from the “mischief that can be done” with our genetic information. “This is good news for American workers. Without this law, there is a lot of vulnerability that American workers face in the U.S.”
Allen noted that a few years ago a railroad in the United States was surreptitiously testing its workers for the “carpel-tunnel gene,” and that this information was disclosed and the company was sued by the Equal Opportunity Commission under the Americans with Disabilities Act. Allen pointed out that the new law will prohibit discrimination against people based on their DNA.
Bruce Schneier, from Counterpane Systems, spoke about the generation gap. This gap is bigger than rock and roll. He says that privacy is approached differently by the younger, hip generation that’s using the social-networking websites. Schneier held up an article about how young employees can’t be trusted because they put all the corporate secrets online. Your reputation might be ruined by blogging on the Net. “When you look at what’s happening in the younger generation, there is a notion that these sites form communities,” Schneier said. “People form friends all over the world. This is going to completely change the way that our society deals with privacy.”
Schneier noted that some people have been fired for blogging and that college-admissions and HR people have Googled others to see what they did at last night’s party. He mentioned a New York magazine article called “Say Everything.” He said that the younger generation now believes that it has an audience and that everybody thinks they are watching and are onstage. They have archived their adolescence; their entire life is online, and they don’t care. They are used to being dumped publicly on a social-networking site; they have thicker skin than we do.
If it is about control–building these sites to give people control–one way to do that is by limiting access. But kids just abandon sites when they want a new past; they just move on. Perhaps having data automatically delete itself after a while might be the right thing to do. Schneier pointed out that the older generation in the 1960s said that the social revolution–sex, drugs, and rock and roll–would be the end of marriage. They were right, Schneier said, and it’s okay. “Talk to a teenager,” he said. “We have a responsibility to build systems so that they can take maximum advantage of what the society has to answer.”
Ed Vitz, from the Public Interest Registry, which manages the dot-org top-level domain, is now forming the Internet Consulting Coalition, which will be dedicated to helping organizations maximize their presence at the first and second domain level.
Vitz said that one of his primary concerns is the loss of an organization’s domain name when the domain name expires. Many organizations will lose their dot-org and discover that it’s been taken over by a porn site. This seems to hit nonprofits especially hard, perhaps because of their internal problems. “Domain-name monetization has interested Wall Street,” said Vitz. “There are seminars on secondary domain markets.”
The value of a domain name is based on the amount of traffic to the website and what it can command on the secondary market. “The unintended loss is not a new problem, but the situation is exacerbated because of the growing use of computer programs” that find expired domains and determine how valuable they are, according to Vitz. This is called “domain tasting,” he said.
The poster-child example came up last year: a rape crisis center in Syracuse, NY, failed to reregister its domain name, Vitz said. It was picked up by an adult website. “You can imagine the results.”
Whit Diffie, from Sun Microsystems–yes, that Whit Diffie: the one who invented public key cryptography–spoke about governmental surveillance. Government needs to do surveillance, Diffie said, so that it can know the needs of the citizenry.
This doesn’t mean that surveillance is good or that it doesn’t need to be regulated. “We find government surveillance threatening the whole structure of a free society,” Diffie said.
Diffie stated that he has been fighting this battle for more than 14 years. It started out as a battle regarding the use of cryptography. All of a sudden, in the 1990s cryptography was good enough and computers were good enough to be used by small organizations, and all of a sudden, the government realized this and tried to reestablish control over cryptography. “After three rounds between 1980 and 2000, they lost,” said Diffie. “And we now, in the U.S., have government-endorsed, very high-level cryptography.”
“But part of the reason that the government retreated on that flank is that it was advancing on a flank that we didn’t notice or didn’t have time for,” Diffie continued. “And we lost that battle in 1994, but we didn’t notice. The government had noticed what some of us had also noticed: that all of the fine research in cryptography wasn’t protecting traffic, and the cryptographic market wasn’t succeeding hand over fist. Yes, SSL is one of the most widely used cryptographic markets in the world. But the penetration of secure phones is practically nil.”
But while people in the cyber-rights movement were focusing on encryption, the government was focusing on having communications systems designed to be wiretap-friendly. The result was the 1994 Communications Assistance for Law Enforcement Act (CALEA). “And now,” said Diffie, “all telephone switches have to have wiretapping built into them, and they have to guarantee that very rapidly they can adjust the system to deliver all the communications of the subscriber to the government. And if they don’t, they get fined $10,000 per day and per violation.”
Originally, CALEA had a carve-out so that it didn’t cover the Internet. But the law had a provision that if the Internet substantially replaced the conventional telephone system, it would be covered. “Beginning two to three years ago, the FBI began pushing the FCC to adopt regulations saying that CALEA applies to the Internet,” Diffie said.
The problem is that the Internet does not lend itself to interceptions. Diffie explained that if two businesspeople are traveling in Europe and want to have a VoIP conversation, it’s much more efficient to send the packets directly from point to point, rather than sending them through an intermediary so that the intermediary can do a wiretap. One solution around this problem is to equip every ISP with advanced remote-controllable wiretap equipment. Of course, another alternative is just to force all phone calls to go through monitoring points. My guess is that the latter is what’s going to happen.
Following the speakers’ introductions, they were asked what kind of information, hypothetically, they would give to various politicians. I don’t remember anything that was said.
Then we had questions and comments. The one notable comment came from Chris Kelly, the chief privacy officer of Facebook. He explained last year’s snafu involving Facebook and privacy issues: Facebook had created a news feed to tell people what their friends were doing, and many people didn’t like missives going out to their friends–you know, missives like “Anna’s relationship status has changed from ‘going steady’ to ‘single.’” It felt like stalking. Kelly said that 750,000 Facebook users joined a protest group about the news feed. Facebook got the message.
Kelly also said that the lesson that Facebook learned from this experience was precisely the opposite of what is written in the media. “You get this when you have 22-year-olds running the company.” He said that a lot of people think that information posted in Facebook is available to anybody. In fact, there is no way to post a message in Facebook that everybody can read. And Kelly said that a lot of people think that 22-year-olds have no sense of privacy. He noted that the experience taught him that 22-year-olds care a great deal about privacy. They just have ways of conceptualizing it that are different from the way most 40- and 50-year-olds do.
Another brief will appear tomorrow.