I spent the weekend at DEF CON X in Las Vegas. It was fantastic!
After that, I spent the week at USENIX Security in San Francisco. That was fantastic too!
Thanks to both DEF CON and USENIX for donating conference admissions to EFF.
I'm sorry this entry is so late! It was a long time in the making, and it kept getting longer over the course of the week as things continued to happen.
Our crew at DEF CON was full of Praveen's friends, and more and more of them arrived all the time, by various methods. We drove to Las Vegas through the desert in a large van. We stayed at the Alexis Park, which is the DEF CON conference hotel. We were joined intermittently by lots of other people, many of them from New Mexico. Jennifer 8. Lee, a very friendly reporter for the New York Times Circuits section, hung around with us a lot, too.
I met Jenny at DEF CON last year, and she got involved in covering DMCA issues, so I had occasion to speak with her a few times after that. She covered one of the Free Dmitry marches in San Francisco. But lately she's been writing about technology for Circuits and not covering politics. My father (not knowing that I know her, as far as I know) sometimes sends me her articles in the mail.
The story of Jenny's name is interesting, and we talked about it a lot last year. But this year, it was old news (so to speak).
DEF CON generously donated a booth to EFF, and we had a bunch of volunteers staffing it throughout the weekend. Our booth was amazingly popular: we gave away 50 EFF secret decoder rings in the first hour of the con, and we ran out of essentially everything (t-shirts, stickers, hats, etc.) by the end of the first day. We got dozens of new members and hundreds of donations.
People at DEF CON really seem to like EFF a lot. I also got to talk about a lot of people about current and potential EFF cases, and hot topics in computer security.
I saw a dozen people I knew, or more.
We ate out a lot, generally at buffets and at a really cool restaurant downstairs at the Rio. I don't remember the name of the restaurant, but it was run by The Cheesecake Factory. Also Subway. I miss the Subway in Easthampton.
In one case, we watched the pirate battle at Treasure Island. This is performed several times each evening, using a tremendous aquatic set right out in front of the hotel. (I've never been to a Disney theme park; I bet they have very similar things.) The actors were talented, the stunts impressive, the special effects exciting. Pirate battles!
Q. How does a pirate Unix developer list the contents of a static library?
A. With ar ... -l!
Q. OK, so what does a pirate FCC Chairman call the state of broadcast television in 1961?
A. Avast! wasteland.
Q. OK, so what's a cryptographer's favorite kind of ice cream?
A. Heavenly Hash.
I played Scrabble with Robyn and Meghan. This game had been planned for weeks, and actually happened. I won one game, and lost another. At one point, I managed to play "PRIONS" on a triple word score. I was so pleased with this that I immediately wrote NO MORE PRIONS on my DEF CON badge.
Everybody, now!
NO! MORE! PRIONS!
NO! MORE! PRIONS!
NO! MORE! PRIONS!
We need to get Robyn to come up here for a rematch.
I also played Scrabble with Riana in the van on the way back, but that match was plagued by darkness, lost tiles, and motion sickness, and it was never completed, even though we moved the game off the printed board and into a text editor running on a laptop with a well-lit screen.
On a walk with Dave Weekly and friends, I was strolling down the Strip toward the New York New York, when suddenly we all caught sight of a helicopter, engine running, blades spinning, etc., just about 200 feet back from the Strip, in the middle of what looked like a helicopter. A sign said "HELICOPTER TOURS".
"Let's ride the helicopter!" said David. (If he didn't say so, that's what he thought, anyway.) Most of us, except for Riana (who had just recently flown on a helicopter) and I (who am a fraidy cat) immediately jumped at the opportunity and purchased their first-ever helicopter tickets. It took a lot of cajoling to get me to come along. "Will you regret it tomorrow?" David asked. Well, no, I didn't think so.
The helicopter ride turned out to be absolutely fantastic. It was much smoother and gentler than an airplane, and, unlike an airplane, it could hover. I hardly noticed when we took off, and we got a beautiful, memorable night-time tour of the Strip from above. (More than the Strip, actually; we saw Fremont Street, too.) We passed within about 150 feet of the Stratosphere and saw the people standing on top of it. We flew over famous hotels, and banked sharply so that the helicopter's great rounded glass window was the only thing between us and the Strip 1,000 feet below. (That was the only point at which I felt a twinge of fear. Helicopters can bank through very steep angles.)
All of a sudden, the ride was over; the pilot (who said he'd been flying helicopters for 29 years, and didn't learn in the military) set us down without even a bump. The whole ride had been about 15 minutes.
I went to only a few talks, and didn't feel deeply inspired by most of them. The most interesting was probably Lucky Green's on TCPA (partly because I was going to be on a panel with Lucky on that very subject the following week). I had a couple of gripes with it -- for example, S. 2048 (or "2^11" for short) doesn't mention TCPA or Palladium anywhere. Microsoft has also said that they don't want Palladium to be mandated by law; I'd still like to hear more about what they are doing to prevent that outcome.
There's a pretty interesting debate going on right now on the cryptography@wasabisystems.com list about Palladium. One of the interesting phenomena there is that Lucky will predict some very harsh and likely harmful-to-the-public use of Palladium, and other people will reply "You're just being paranoid! That's not in the spec!". And that answer is correct, in the sense that none of these things are in the spec. For example, the Document Revocation List (DRL) is not in the spec. (There is a side-discussion about the fact that there is no spec for Palladium, and in fact Peter Biddle said he's been referring people who ask for a spec here to Vitanuova!)
Now, a conflict results because Lucky predicts with some confidence that Palladium will be used to do things like the DRL. But it's also the case that the DRL is not "part of Palladium". As far as I can tell, it's something which application vendors would be able to implement under Palladium. (I'm sure the relevant blinding, hashing, and public-key encryption algorithms aren't beyond the reach of protocol designers; when you sent a document to some other party, it could be encrypted with a key which could only be had by authenticating with a server out on the Internet, which demands a Pd certificate and then demands from the Pd-aware application a hash of the document before providing a decryption key.
Of course, you can do something like
{E(SHA1(SHA1(d)+secret), d), SHA1(d)}
Say you're implementing Microsoft Word with a DRL server. So when you want to "Save For Publication" (to the outside world; ordinary Save could still be cleartext), you simply tell a particular DRL server SHA1(d), where d is your document. The DRL server responds by concatenating SHA1(d) with its private secret, taking SHA1 of that, and returning the result to you (over a secure channel). You use this value as your symmetric encryption key, and you encrypt the document and publish it along with SHA1(d).
When you want to decrypt, you need to begin by authenticating yourself to the remote server, in order that the remote server may know that -- if it decides to give you a decryption key -- you will only process the document according to policy, and not, for example, export a cleartext copy. Then, having authenticated your application, and having had the integrity of your environment attested, you tell the appropriate DRL server that you want to decrypt a certain document which has has the hash SHA1(d) -- which you know, because that value was included with the plaintext. The remote server knows that you are an unmodified Microsoft Word running on a machine in trusted mode, because of your authentication steps. The remote server also knows its own private secret. Now it looks into its revocation list and determines whether or not SHA1(d) appears in the list. If so, it returns "Sorry, that document has been revoked because <reason>"; otherwise, it concatenates SHA1(d) with its private secret, calculates SHA1 of the result, and returns that. This is the decryption key needed to decrypt and display the document, and the application is guaranteed to process the document only according to its policy because it has already proved that it is the original, unmodified version of Microsoft Word, running in a trusted environment.
What interests Lucky about this is that it is possible to implement this within Palladium. "Check with a revocation server before displaying this document" is a possible policy, and Palladium allows you to implement and enforce any policy which you can specify in hardware. (The particular protocol above is very crude; I'm just giving it off the top of my head, and it can be improved a lot.) Lucky hypothesizes that such revocation policies will be implemented in Palladium, because application vendors' customers will desire them, and so the application vendors will have an incentive to use Palladium this way.
After all, somebody pointed out during the Dmitry Sklyarov case that Adobe's customers for most of its products, and especially Adobe eBook products, are not the end-users of the documents, but rather the publishers of the documents. In the eBook case, Adobe's customers are not eBook readers (they get the Adobe eBook Reader software for free) but rather eBook publishers (they pay lots of money for eBook publishing software). This is very clear if you read Adobe's statements about the case -- in response to questions about why Adobe eBook Reader restricts you from doing many things (which more useful software like AEBPR does not), Adobe answers, in effect, that such were the requirements of Adobe's real customers, the publishers.
So Lucky thinks that publishers' design requirements will drive implementations of application software implemented under Palladium. And that would mean that, if publishers think document revocability is a good thing, major document-processing application vendors will want to implement document revocability, in order to keep their customers happy.
Lucky's critics point out that such revocation is no part of Palladium, is not in the Palladium spec, has not been predicted or advertised or advocated by Microsoft, etc. And Lucky thinks this criticism is irrelevant, because he's confident that this capability will be used in this way once it exists.
What is the DRL idea? The idea is that an application opening a document first needs to check in with a server on the Internet which will tell the application whether that document has been revoked or not. If the document has been revoked, the application will refuse to open it. So Lucky imagines a particular document suddenly unusable all over the world because somebody has decided to unpublish it.
I also talked to a couple of people about the "responsible disclosure" movement. It seems that a number of people are working on legislation based on the "responsible disclosure" idea. That's exactly what I was worried about when I first heard of responsible disclosure. I thought that codifying responsible disclosure as a particular procedure, and fixing a particular number of days, would give strength to a proposal to create criminal liability for doing vulnerability disclosure any other way. And it looks like that's just what's happening now.
I haven't seen any legislation yet, but I understand lobbyists are already talking with members of Congress about it, and the response from the members of Congress has been quite positive. It's being painted as a "homeland security" or "infrastructure protection" issue (if people publish exploits, then the terrorists ... well, anyway).
Speaking of disclosure, I was pleased to get a chance to chat briefly with a representative of Snosoft, which had recently received a pretty well-known legal threat over disclosure.
It wouldn't be DEF CON without the cool t-shirts, and I bought several. For example, from Halibut Stuff, I got a shirt with a Shell Oil logo, with the caption "/bin/sh". They also have a great RegEx shirt, in the style of FedEx.
I didn't realize that Hacker Jeopardy was a drinking game, so I actually signed up for it, in a team with Lucky and Robyn. We called our team LFSR, because it was made up of Lucky, a Fictitious person, Seth, and Robyn. But once I found out that you had to drink alcohol to compete in Hacker Jeopardy, I dropped out, and that was the end of LFSR -- which is too bad, because I think we were a strong team and might have won.
I had a chance to go swimming a couple of times at the Alexis Park. The weather was always hot enough for it, even in the middle of the night, and even after midnight. It felt really good. That's one use of intense heat, like the heat out in the desert.
We tried to find a health food store -- since Las Vegas supposedly had finally acquired a Wild Oats store -- but when we got to the location we'd been given, there was no health food store in sight. We eventually found a little tiny health food store, which was pretty nice, but not quite a supermarket. The proprietor agreed with our guess that there weren't so many people looking for organic or vegetarian food in Las Vegas.
We left Las Vegas on Sunday, and had a long ride back. I tried playing Scrabble with Riana, as I mentioned above, until I started to feel motion-sick. After that, our conversation turned to lipography, and I ended up having a long conversation with Riana (at least 45 minutes, I think) during which I didn't use the letter "e" at all. (In the days which followed, I wrote a great deal of lipography in "e", which is an art I hadn't practiced since sometime last year, when I wrote some in this diary. It turns out to be lots of fun, and even a bit addictive.)
We also stopped briefly in Boron, CA, where I got a milkshake. Since it was Sunday evening, very little was open in Boron, and we couldn't, for example, buy any ulexite.
"The DMCA was a very flawed law," CEA President Gary Shapiro said. "We signed off on it, and it was a huge mistake."
During our stay in Las Vegas, I talked to the people in our room about a puzzle I found on that interview riddles page. In this puzzle, there are three men; one always tells the truth, one always lies, and one answers at random. (You can imagine that the latter flips a coin to decide what answer to give, but of course you can't see the coin-flip taking place. You could also say, equivalently, that the coin-flipper always chooses the answer which is least helpful or most confusing to you.)
Now, you have to ask three yes-or-no questions and figure out which man is which. Each man knows who is who. You are not allowed to ask a question whose answer is unknown to the person you're asking.
One of the people in our group gave a proof that the puzzle can't be solved, but it turns out that his proof was incorrect. So I look around on the web and found a correct solution. You should ask person #1 "Is person #2 the truth-teller or person #3 the liar?".
If person #1 answers "yes", then you know that person #3 is not the coin-flipper.
If person #1 answers "no", then you know that person #2 is not the coin-flipper.
Ask the person who is known not to be the coin-flipper "Do you exist?" [or "Am I asking you a question?" or "Are you not the coin-flipper?"]; if he answers "no", he is the liar, and if he answers "yes", he is the truth-teller.
Now you can ask the person who is known not to be the coin-flipper about either of the other people (e.g., "Is the person to your left the coin-flipper?"), and you'll get an unambiguous answer which is either true or false (and you know which, since you know whether the person you're asking is the liar or the truth-teller).
This puzzle was hard (I didn't solve it myself), and the proof that it was unsolvable turned out to be wrong, which shows that you have to be very careful with proofs.
I went to the USENIX Security conference for a couple of days, and met some very famous cryptographers and security researchers, as well as some people I've known from Berkeley or from Linux or EFF connections.
Prof. Felten gave his freedom to tinker talk, which I found interesting (although I've heard large parts of it before). I referred to it as his "tinkertalk".
That talk made me think about the "substantial non-infringing use" rule; elsewhere I've written that we often act as though this represented a very general moral principle, even though the Supreme Court only intended it to describe one situation in which secondary copyright liability would not be found. I asked people at the talk whether they could think of an example of something which lacks a substantial non-infringing use (in the context of copyright infringement), and it didn't seem that anybody could come up with anything!
So I still think this is a pretty deep question. I also asked Felten and attendees a few other things and got interesting replies.
Felten's economic analysis of tinkering is a good start, but I think it needs a little work. It assumes that tinkering produces only positive externalities, whereas it seems that (for example) reverse engineering a DRM system will produce both positive and negative externalities, assuming copyright infringement is counted as a negative externality.
On Wednesday evening, I was on a panel of my own, with Lucky Green (the organizer and moderator) and Peter Biddle from Microsoft. (Peter showed up in the company of Brian A. LaMacchia.) Our panel was very lively, and very well-attended, even though we ran about an hour over our allotted time. Peter talked about how Palladium works, and Lucky talked about why Palladium is terrible, and I talked about why we think Palladium may be harmful in some ways. That made me the moderate on the panel! Can you imagine?
I had a nice time, and I got to give Peter the little Nub pin which Henry had tracked down. I think we had a fairly sophisticated discussion, although the alloted time was very short. I was honored that some very distinguished people chose to attend the panel.
I started off my presentation by saying
I'm going to use the letter 'e' in this discussion. I'm sorry.
About three people in the audience got it. Later on, when the presentations were over and we were about to take questions from the audience, I was sorely tempted to joke
So, before you begin with your questions, you should know that one of us on this panel always tells the truth, one of us always lies, and the other one gives answers at random. You, the audience, have to figure out who's who by asking us only three questions.
But I didn't actually make that joke.
I know some readers will want to know what was actually said during the panel, but I think this entry is already long enough, so I want to omit some of that material at this point. Peter gave a pretty concise and very technical overview of what Palladium's infrastructure is doing, and he said again that my blog entry was a good source of technical detail on the system. Lucky largely reprised his TCPA talk from DEF CON. (Above, I've made it sound as though Lucky gave a talk about Palladium at DEF CON. In fact, I'm just extrapolating his point; his talk at DEF CON was really about TCPA, not Palladium.) In the panel at USENIX, he made an effort to take out TCPA-specific things from his presentation and include points which should be applicable to both systems. That's difficult, at this point; I still want to know more about what the differences are, although I've got a handle on some of them.
There was also a mean joke which somebody else made about Palladium in the hallway. It had to do with the chemical element Palladium, and I think that will be a rich source of humor for the near future.
I had dinner with Biella, D. J. Bernstein, Stig Hackvan, and Dave Del Torto. That was the first time I'd met Bernstein. As you might expect, I talked to him about the Bernstein case a bit.
In economic analysis ... the goal is not to maximize the wealth of any individual ... [but] we can call that [belief] Valenti's fallacy.(Felten)
On Thursday, I saw Ben Pfaff and Ben Laurie, and a few more talks. I didn't make it through the entire Formal Methods talk, but I got some useful discussion of protocol analysis there, including some of the risks of a naive analysis which doesn't consider all the ways an attacker could attack a protocol. It seems that formal protocol validation is making a lot of progress, and has reached the stage where it can sometimes find new protocol attacks which appear novel, clever, and surprising to human observers.
The other convention going on in parallel to USENIX Security at the San Francisco Marriott was an international convention of Forever Living. From just a few features of the convention and its attendees, I guessed that Forever Living might be a multi-level marketing company. It's true!
What surprises me is that Forever Living is extremely open about being an MLM enterprise. I'm used to seeing (and sometimes receiving) business prospects which insist that This is not multilevel marketing! And they say so because they realize that MLM is the subject of tremendously negative perceptions -- at least within certain communities.
What's wrong with MLM? The only specific objection I've heard is that most MLM enterprises (sometimes "MLM schemes", like "DRM schemes", you know?) aren't very good deals at all for most of their participants. This creates associations in people's minds between MLM and pyramid schemes. In fact, if you search for mlm pyramid, you can see that many people have made this association explicit.
In a pyramid scheme, participants are told to send their money "up" the pyramid and then to collect money from newly-recruited participants "below". There are many fewer people up on top than in the lower levels. And the people on top receive transfers from participants below. But the pyramid will have to collapse eventually, because no real value is being exchanged, and the money is simply being taken from the people on the lower levels and given to people on higher levels. Eventually, the world will run out of new prospects to be drawn into the base of the pyramid, and then the pyramid will collapse, leaving people on the lowest levels without their money.
The anti-MLM claim is that much of MLM works like a pyramid scheme, because people form "downlines", and constantly purchase in the hope of being able to sell to new resellers. If all buyers were resellers, then an MLM scheme would be essentially the same as a pyramid scheme. The pro-MLM claim is that, unlike a pyramid scheme, MLM actually involves the sale of an intrinsically valuable commodity. So real buyers will actually purchase the underlying item, and they will actually want it and benefit from it, and a useful transaction will have taken place. Since real commerce is going on, there is no reason for the pyramid to collapse -- goods are flowing down the pyramid and money is flowing up, and that situation isn't structurally different from more conventional multi-layer commerce in which there might be, for example, a wholesaler and a retailer, or maybe several wholesalers and several dealers. (In the rare book business, a book could be bought and resold by several dealers before it reaches its ultimate buyer -- and that buyer might actually be a collector who's hoping to make money as a result of building up a nice collection. Or the buyer might die and the buyer's heirs might sell the collection to another dealer.)
One reason to be skeptical of MLM is that some MLM schemes proliferate middlemen -- or "levels" -- for no apparent commercial reason. Each middleman may have to pay the people above, so there's an incentive for the people up above to keep piling them on. But that doesn't mean that the market will be any more efficient or effective at delivering things people want. (And the incentives may lead people to be misleading about the profit opportunities or the quality of the product, although I guess both of those things happen in ordinary business, too.)
Can anybody else think of other specific risks of MLM?
Why do I like to say "the public's rights in copyright" instead of just "fair use"? It's partly because some people forget that the public has rights in copyright, or treat those rights as an afterthought. For example, a Senator writes
I understand your concerns about ensuring that. This issue is very controversial because Congress must protect intellectual property rights while still allowing ordinary Internet users to have access to public domain content.
Yikes!
Fortunately, we are gaining protection for our digital rights every day, now that Don Marti has a blog.
Raymon Lull, who was really into anagrams, wrote a work called the Ars Magna. (I wrote about Lull back in the year 2000.) Remarkably, "Ars Magna" is an anagram of "anagrams"!
Check out what the People's Daily says about Taiwan. Wow.
The FCC went ahead and issued a Notice of Proposed Rulemaking on the broadcast flag today. So I am already working on EFF's comments. If you want to comment, your comments will be due by October 30. This is a big deal; if you don't know why, take a look through Consensus at Lawyerpoint, or ask me.
A fun thing about using mutt to send e-mail about the Federal Communications Commission: you can use the pseudo-header
Fcc: fcc
Our response to this NPRM is going to keep me busy for a long time, and it's going to be pretty interesting. I think it's shaping up to be a pretty interesting fight. The FCC is likely to take some of our concerns a bit more seriously than the BPDG took them the first time around. But we'll have to lay them out clearly and carefully. So here we go.
I've come down with a cold, and I missed the last day of USENIX Security as a result, which is really too bad, since it was such an exciting conference. I'm trying to get better quickly. I missed Pam Samuelson's DMCA talk, and I missed the closing keynote, which was supposed to appear to feature Vice President Cheney.
As I said above, I've been writing a whole bunch of lipograms in "e", mostly to Riana, and even carrying on extended conversations which are lipographic in "e", with various people. If you want to see some of this work, or you want to have a conversation with me in which I will refrain from using the letter "e", just let me know, and I'll be happy to oblige you. I've certainly been getting some good practice, and it gets easier with time. (And I found some nice vi macros to warn me in case I let an "e" slip in somewhere.)
My best-known published lipography to date appears in my diary from last year and comes mostly from a few list posts I made to CTY-L around then. But what I've done since DEF CON is probably an order of magnitude more text, some of it fairly amusing, some of it perhaps even impressive.
I thought of composing this entire diary entry without any "e"s, but then it would have been even later than it was. So I hope you enjoyed it as it was. Be therefore at ease!
Contact: Seth David Schoen
