My trip to attend a conference on security and civil liberties began by being barred from an Amtrak train due to anti-terrorist regulations.
Little-known fact about Amtrak: since 9/11, you need to show photo ID to buy a ticket from the ticket agent, and you need to use the agent if you pay with cash. I don't drive, and I neglected to bring my passport; apparently, because my non-driver's identification is expired, I'm no longer "me" in the eyes of the state. (Question: why should non-driver's identification expire? I don't think my "being me" skills deteriorate over time.) Solution: jog five blocks to 7-11, buy a Visa debit card, jog five blocks back, and buy a ticket at the automated kiosk. The kiosk will tell you that ID is required on the train. It is lying.
Doesn't that make you feel much more secure? No? In that case, you'll probably love the discussions at Computers, Freedom, and Privacy 2009. CFP is an annual gathering of top technologists, academics, activists, and government representatives who focus closely on the social costs and benefits of security and privacy initiatives - most frequently, pointing out their utter absence in places where they're sorely needed, or their abundance where they are useless. My annual disclaimer: I'm very much a member of the pro-privacy activist community, so while I promise to summarize these presentations objectively, I can't provide unbiased commentary. You might want to compare my point of view to Adam's coverage of CFP 2000 (see "Threat Models and Domination Systems," 2000-05-22).
So, thanks to 9/11 policies, I - somewhat ironically - missed the "Computers, Freedom, Privacy and the Obama Administration" session. In after-hours casual conversation, Obama administration official Susan Crawford (Special Assistant to the President for Science, Technology, and Innovation Policy) received high marks from a random sampling of the audience for "getting it" on security and privacy issues - although there's a standing undercurrent of skepticism that the privacy community may be so thrilled at the transition from the Bush to the Obama administration that we are still wearing rose-colored glasses regarding Obama's policies.
For what it's worth, I subscribe to both the skepticism and the rose-colored glasses. Obama has set high standards in government technology initiatives, creating open transparency, and protecting individual rights. He has then generally failed to live up to them... so far. I'd like to believe that this is because he has too much on his plate to pursue several large initiatives simultaneously, and that once he's no longer preoccupied with preventing the Second Great Depression, other issues will capture more of his attention. That, however, is obviously giving him the benefit of many doubts, and it's fair to ask me if there's a time limit on this generosity - to which I answer, "I don't know."
The Future of Security vs. Privacy -- The next panel displayed the range of viewpoints invited to speak here. From left to right: Bruce Schneier, security expert and author of a highly influential blog; Stewart Baker, who as a Bush administration official won the Big Brother 2007 award for "worst government official" (beating Alberto Gonzales); Jim Harper from CATO, the libertarian think tank; and Valerie Caproni, general counsel of the FBI. Baker kicked off his talk by complaining, with tongue firmly in cheek, that he never received the Big Brother physical trophy, depicting a hobnailed boot stepping on a man's head - he "has a place on his mantel cleared for it." (Privacy International, organizers of the award, tweeted later that he would receive his trophy, but when he least expected it.)
Baker asked, "Who is the biggest threat to privacy: the U.S., China, or criminals?" By focusing on U.S. government intrusions on privacy, he feels activists were fighting an obsolete battle; in his opinion, the real threat to privacy comes from criminal networks, citing the "Tracking Ghostnet" report for a list of government and corporate computers that were assimilated into a criminal botnet.
Harper approached the question of security more generally, addressing terrorism and national security. Terrorists, he said, become terrorists in order to be terrorists, rather than necessarily to commit acts of terror. That is, they join for the same reason gang members sign up with the Bloods and the Crips; membership advertises you as dangerous and someone to contend with, regardless of whether you are. This implies a more measured response from government; the issue is not that a member of a terrorist organization is de facto dangerous, but rather points out the need to identify the individuals who are taking action. "Meticulous good behavior" by their potential targets, reacting according to the rule of law, should be done not because it is altruistic, but because it is strategic counterterrorism policy to avoid exalting enemy groups.
Caproni defended the use of "national security letters," which gave secretive powers of investigation to the FBI under the Patriot Act. An internal review showed that the error rate of issued letters was only 3 percent, demonstrating that it was not the massive tool of abuse that it has been accused of being. The goal of all modifications to investigative power was to align the powers that can be applied to criminal organizations with those that can be applied to terrorist organizations. As an example, she asked, why should a U.S. court have jurisdiction over whether an intelligence agency can wiretap two non-citizens and non-residents of the United States?
Schneier wrapped up with a contrarian view, arguing against a false dichotomy between security and privacy. The most important changes to airline security have been hardening the cockpit door, and alerting passengers to fight back if hijacked. Neither one of these has anything to do with privacy. At a panel discussion he attended, a Department of Homeland Security official said, "You want to know who is sitting next to you." Schneier replied, "No, I don't. If he's not going to blow up the plane, I don't care who he is. And if he is going to blow up the plane, I care even less; my most important concern is stopping him from blowing up the plane."
The correct dichotomy is liberty versus control; security results from an amalgam of liberty and privacy, but security itself can conflict with liberty. This is why we need oversight mechanisms, such as a warrant system that dictates when the police can enter your home.
I had a question, which I didn't get to ask the panel. Two panelists spoke against glorifying terrorists and terrorism by raising them to the level of "enemies of the United States"; meanwhile, a debate broke out during the Q&A time as to whether the assassin of a Kansas City OB-GYN was a "terrorist" or a "criminal." Why do we jump through so many rhetorical hoops in order to classify Abu Zubaydah differently from Timothy McVeigh? If you are an American, there is no rhetorical question: commit a terrorist act, and you are not a terrorist; you are a criminal, whether you release anthrax on the East Coast or gun down Washington, D.C. residents with a sniper rifle.
If the problem the FBI is having is to align terrorist and criminal investigation, why not treat foreign criminals as criminals? We have two centuries of jurisprudence documenting how we extend American criminal legal protection to non-citizens; arguably, our meticulousness in doing so is part of the "good behavior" to which Harper referred. We have engaged in a rhetorical reframing to classify some criminals as "our enemies in a war on terror," requiring military action and a separate, unequal system of justice. If we are now acknowledging that this was an ineffective strategy, shouldn't we also revisit that framing of the bad guys?
A Conversation with Craig Newmark -- Craig Newmark, founder of Craigslist, was the speaker for a lunchtime Q&A session with a reporter from the New York Times. Newmark portrayed himself as a late arrival to political activism, but who's being drawn into politics because the democratic system is being energized by new online tools enabling grassroots democracy. Government is the quintessential large organization, with many stakeholders whose support and interest you need in order to make change; the goal is to patiently bring them over to your way of thinking. It takes a long time to make changes, he said, and in that context, he thinks the Obama administration is moving quickly.
Discussing Craigslist, I think Newmark made an extraordinarily profound statement about the simplicity of improving society: "If you want to give a guy a break, give him a job or a place to live." In 10 years, he said, Craigslist will be more of the same, as it's run by people with a "passion for the mundane"; the most likely changes you'll see are more cities and more supported languages. To several questions about recent changes in response to the "Craigslist killer" and various legal issues, he had the same answer: Craigslist is going to act as decided by its self-organized community.
This article is running long, so I'll break here and continue coverage in my next entry.