Does it bother you that someone at the National Security Agency might be listening in on your phone call to your great aunt in Manchester? Does it matter if that's Manchester, New Hampshire as well as Manchester, England? Ever wonder about what U.S. government support you might receive the next time a category five hurricane visits your hometown? Feel the need to throw away your iPod because it just won't let you listen to Windows Media files?
These questions and many others were addressed last week at the 16th Computers, Freedom, and Privacy (CFP) conference in Washington, DC. CFP is one of the longest-running conferences addressing the impact of computer and network technologies on society, especially (as one might guess from the title) on the ways your information can be used against you. Since the terrorist attacks in the U.S. on September 11th, 2001, the expanding powers of the federal government and the debate over the government's desire for greater access to your data has been a large part of the agenda. While Macs and iPods received only cursory attention (albeit interestingly inaccurate attention) at the conference, CFP touches on topics of interest to anyone who uses the Internet, or who gives thought to the meaning of living in a free country.
TidBITS last covered CFP in 2000 when Adam attended the conference in Toronto. My coverage differs significantly from his; although we're both Mac gurus as part of our day jobs, I'm also a security and privacy activist, and so I came to the conference with a marked sympathy to many (but not all) of the positions of groups in attendance, such as the Electronic Frontier Foundation and the Electronic Privacy Information Center. You'll see some of this perspective in this article, and also in what I chose to include; if anyone wants more information, or wishes to debate my thoughts, I'll be glad to join you in TidBITS Talk. The full agenda for the conference is posted at the CFP2006 site linked above, and it's the nature of this meeting that similar writings by every speaker are easily found online.
That being said, it's important to note that CFP makes a point of generating healthy discussion of the issues. During the Cold War, the Pugwash Conferences on Science and World Affairs acted as a sort of demilitarized zone to allow the only real dialogue between opposing sides; CFP has historically served the same role for the intersection between the law enforcement, security, privacy activist, and hacker communities. This flavor is perhaps demonstrated by the three consecutive chairs for the 2005-2007 conferences:
- 2005: Deborah Pierce, Executive Director of Privacy Activism
- 2006: Frank Torres, Director of Consumer Affairs, Microsoft
- 2007: Stephanie Perrin, Director of Strategic Policy and Research, Office of the Privacy Commissioner of Canada
While it is safe to generalize the attendees of the conference as strongly libertarian and technical, the presentations covered a wide range of topics and viewpoints and as frequently enraged the audience as engaged in preaching to the choir. Participants frequently came down on opposite sides of nuances or implementation of an issue, and it was uncommon for a session to conclude without seeing several debates break out in the hallways.
Excuse Me, My Brain Is Full -- Lorrie Cranor, in an essay commemorating the 10th CFP conference, called the 1994 experience "another drink from a fire hose," and that tradition remained unbroken.
The conference lasted for four days; on two of those days, sessions ran from 8:30 AM to midnight with few breaks. Even attendees with the stamina to last sixteen hours didn't catch it all, as several breakout sessions with simultaneous meetings were held. Topics ranged from the introductory to the highly technical (sometimes in the same session), and there was rarely enough time in a session to cover all of the desired Q&A, or even to allow every panelist to cover their topic. In short, if you want a master's degree in privacy and social issues related to technology, and you only have four days, CFP is an excellent bet.
The conference was opened by a welcoming speech by Senator Patrick Leahy (D-VT), which was warmly received by the audience - largely because it touched upon quite a few of the "inside baseball" issues that indicated that Leahy (or his staff) actually knew and cared about what he was saying. As such, the full text provides an interesting and brief overview of the issues before the conference.
Who Owns Your Avatar? Any illusions of simplicity from Leahy's summary were rapidly dispelled by a panel discussion on federal privacy law comparing the United States, Canada, and European Union. The panel batted about several systems for protecting individual privacy, ranging from the US, which has no comprehensive federal model and a patchwork of laws at the national and local level, to the European Union, which was presented as having strong protection on paper, but in reality faces difficulty with enforcement and maintenance.
One of the recurring themes of the conference was the issue of individual, versus corporate and government, control of information. Or, put another way, the conflict between providing services to the public, and the impact of utilizing the information that those services both require and generate.
Much of today's economy relies on the free flow of (your) information from entity to entity, without your control and in many cases over your objections. This can provide many benefits to you, ranging from targeted information to greater convenience to lower costs; everyone is happy to receive a free airline ticket or discount groceries. But no one wants to be on the government's secretive no-fly list, or to be denied a mortgage, or to have their health insurance cancelled.
The question comes down to how each of us defines the parameters for important yet vague notions like "freedom" and "privacy." Most of us feel that we have little to hide; how, then, do we feel about our right to have that choice? You may never need to exercise your right to a trial by jury; does that therefore mean you don't care if you have one?
Just Speak Slowly and Clearly Into Your Table Numbers -- These issues were discussed in the Wiretap Victims session, with a panel including James Bamford, best known for writing "The Puzzle Palace" and other books about the National Security Agency; Mort Halperin, who includes in his expertise on wiretapping the dubious experience of having been tapped by the Nixon White House; and Eric Lichtblau, who received a Pulitzer prize for his New York Times articles that broke the story about current NSA wiretapping without warrants.
Bamford covered the history of NSA wiretapping from the end of World War II through the mid-1970s, a common practice that bypassed the step of securing warrants, until the Senate's Church Committee investigated and put and end to it. (Among their reforms was the passing of the Foreign Intelligence Surveillance Act, which established the FISA Court that was circumvented by recent NSA activity that Lichtblau revealed.) Halperin reviewed the cooperation of government with telecommunications companies at the time of the FISA implementation and pointed out that AT&T requested a bright line to follow (a clear-cut way of making decisions); therefore, FISA makes it a crime to implement a wiretap outside of a FISA warrant for both the government officials and people in the companies who implement it. Lichtblau reviewed the background of recent revelations, including the use of broad data-mining techniques on fiber-optic telecommunications traffic, including tens of millions of phone calls.
The discussion during the Q&A period was quite lively. Bamford and Lichtblau replied to one question with a discussion of Mark Klein, a whistle-blower who observed the NSA installing equipment at AT&T; most of Klein's information is under court seal (which the Electronic Frontier Foundation is trying to have lifted), but it has been revealed that Klein observed wiretapping equipment that made no distinction between domestic and international calls. Bamford went on to ask why the FBI has not taken action to prosecute laws broken under FISA. Halperin added that all of the administration's statements concerning which information is targeted were specifically about this particular initiative; he reported that most expert observers believe that there is at least one more program, and possibly more, whose scope has not yet been revealed.
The discussion then went on to include some scathing commentary about the New York Times' handling of the story (it had been held back for more than a year), and the public and media response to its publication. The final question concerned why this wiretapping capability wasn't legislated in 2001 during the passage of the first PATRIOT Act; Bamford opined that no one asked for it in law because the people involved knew it was unconstitutional.
A spirited discussion centered on whether computer activity without humans involved had any bearing on the term "unreasonable," based on the beginning text of the Fourth Amendment: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated." Depending on your point of view, this is either a meaningless philosophical debate or crucial to the concept of freedom and Constitutional rights.
If nothing else, one might be inclined to wonder about the double standards that we are asked to accept. Individuals have nothing to fear if they have nothing to hide, while the government creates secrets and classifies documents at a greater rate than ever before in American history.
Department of Homeland Self-Reliance -- The bombshell for Thursday was provided by dinner keynote speaker Stewart Baker, Assistant Secretary for Policy at the Department of Homeland Security (DHS). Baker is a regular at CFP and was on a first-name basis with much of the crowd.
He opened his speech by asking how many audience members considered themselves to be libertarians; he then asked how many people had personally stored 72 hours' worth of food, water, and battery power to maintain themselves in case of emergency. He continued, "Who are you counting on to save you? We all don't like the government until we need them." Later, he said he should have amended this list to include a personal firearm.
He stated that it's not usually the government who saves you in a catastrophe, and spoke highly of residents of Houston, Texas who self-evacuated after having seen what happened to the people who stayed behind in New Orleans. The role of the government was to rescue the people who couldn't do so themselves, and Baker personally advocated the use of individual solutions and non-governmental organizations.
Coming as this was from someone with a major leadership role in homeland security, his message was poorly received by much of the crowd. Post-speech discussion debated whether Baker had seen the news reports of Houston evacuees stranded on the roads leaving town, and if he expected individuals and nonprofits to build their own infrastructure. The overall impression his speech gave is that in the event of a disaster, we should expect to be on our own for a while; I don't think that this is the general impression that DHS attempts to convey.
A Rotten Apple? Friday's discussion of digital rights management included the longest discussion of Apple corporate practices at the conference (although Baker did say it was only a matter of time before Macs and Linux were besieged with viruses the way Windows is). Bill Rosenblatt from DRM Watch asked how many Mac users were in the audience, and stated that Apple was the worst actor in the DRM industry; the iPod, he predicted, would burn out in 18-24 months due to its lack of interoperability. Susan Landau of Sun concurred with this assessment and promoted Sun's "Dream" system of DRM, because Sun was the only company that embedded an implementation of fair use under copyright in their software. Landau also shared an anecdote about her teenage son losing all of his music because he didn't back up his iPod, and attributing that to Apple's design flaws and restrictions imposed by FairPlay.
Several questioners asked, without much decorum, whether Rosenblatt and Landau had heard of a music format called "MP3" that is rumored to be rather widespread and somewhat common on iPods. The Q&A varied back and forth between a few questions debating the finer points of competing DRM systems, and others questioning whether anyone designing or promoting DRM had any experience with BitTorrent and other technologies that are already providing a user experience that far exceeds those available from copy-restrictive technologies. Unsurprisingly, no consensus was reached.
Orwell versus the Creativity Machine -- The closing keynote was provided by science fiction author Vernor Vinge. He began by noting that there were two historical views of the future of technology and privacy: on the one side, George Orwell's vision of 1984; on the other, the "cyberpunk" mythos of anarchist hackers with near-complete control of information. From our viewpoint in the early 21st century, some of the anarchist vision has come to pass, while at the same time many feel that governments have managed to "out-Orwell Orwell."
Vinge hypothesized what he called "the Great Conspiracy against human freedom," which does not exist as an organized attack on liberties, but rather as a chaotic patchwork of laws and technologies which overall have the same effect. Its participants are governments and law enforcement, owners of intellectual property, and every geek who thinks that a particular technology "would be so cool!" without thinking through its impact. Most importantly, it is created and abetted by well-meaning people who erode liberty by thinking that the world would be a better place, if only people could be prevented from doing bad things. Modern technologies of surveillance, including embedding computers in almost every object, allow the "wildest control-freak scenarios" of these people to be satisfied.
On the opposing side is Vinge's optimistic future of the "coming ubiquitous CFP," in which countries and individuals note that economic power comes from unbridled creativity and communication. Where once a mass of billions of people could only be seen as a mob, today it can self-organize; who, he asks, would have believed five years ago that Wikipedia was possible? But this creativity machine requires, as he put it, at least the illusion of freedom - and since millions of members of that machine are as smart and educated as their leaders, this illusion must be more similar to true freedom than ever before in human history.
Vinge kindly allowed us to republish the link where his slides are temporarily posted.
The Future of CFP? As I mentioned earlier, CFP 2006 was excellent in terms of the breadth of coverage and the depth of knowledge of most of its presenters. Most of the panels were set up to generate informed debate, and presentations by government officials (with the exception of Baker's) were notable precisely because they were so inoffensive and bland by comparison.
Unfortunately, the conference faced difficulties in other ways. Longtime participants observed that turnout was very low this year, which was attested to by the numerous empty chairs in the sessions and banquet halls (the grueling schedule could also share some blame). EFF's Big Brother awards, an annual event, were not given out at all, although space was allotted for them on the printed schedule. I'm not sure if there was an official reason given for this, but the predominant story was that they were skipped because the winner was a foregone conclusion and hence not newsworthy. Hallway scuttlebutt hinted at darker reasons involving political issues; as one participant dryly noted, "Privacy activists are the worst gossips around."
What I found especially striking as a privacy activist, but a first- time participant at CFP, was a strong sense of marginalization at the conference. Bamford said that a major issue in the wiretapping story was how quickly the news media allowed it to vanish from the headlines, and that they had dropped the ball; minutes later, I overheard two journalists debating whether to write about the panel discussion, as no news had broken there.
In short, the overwhelming feeling at the conference was that the worst threat to privacy is apathy in the general public. This is nothing new to me; much of my political work involves issues that are not mainstream. But I usually see the lamentation of apathy accompanied by announcements of campaigns to turn the tide - if there were any such announcements at CFP, I must have missed them.
[The article I wrote after CFP 2000 attempted to explain why the general public remains apathetic, taking its cue from the excellent keynote by novelist Neal Stephenson. In short, most people don't care much about abstract concepts like "freedom" and "privacy" because they are more concerned about the concrete problems that populate our everyday lives. Alas, the challenge I posed then to the privacy community remains largely unanswered. -Adam]
So I'll close with guarded optimism for the upcoming May 2007 meeting in Montreal. If you have any interest in the topics covered, I can't imagine a better place to learn more in a shorter amount of time than at CFP. In the meantime, there are many organizations - including EFF, EPIC, and Computer Professionals for Social Responsibility - where interest, energy, and donations are always welcome. I have more to say about CFP 2006 which would not fit here for reasons of length or political content; you're invited to stop by my site if you want to hear more.
PayBITS: Did Jeff's coverage of CFP 2006 give you a sense of
the importance of privacy? Show your appreciation via PayBITS!
Read more about PayBITS: <http://www.tidbits.com/paybits/>