USENIX
I went to the USENIX Security conference for a couple of days, and met some very famous cryptographers and security researchers, as well as some people I've known from Berkeley or from Linux or EFF connections.
Prof. Felten gave his freedom to tinker talk, which I found interesting (although I've heard large parts of it before). I referred to it as his "tinkertalk".
That talk made me think about the "substantial non-infringing use" rule; elsewhere I've written that we often act as though this represented a very general moral principle, even though the Supreme Court only intended it to describe one situation in which secondary copyright liability would not be found. I asked people at the talk whether they could think of an example of something which lacks a substantial non-infringing use (in the context of copyright infringement), and it didn't seem that anybody could come up with anything!
So I still think this is a pretty deep question. I also asked Felten and attendees a few other things and got interesting replies.
Felten's economic analysis of tinkering is a good start, but I think it needs a little work. It assumes that tinkering produces only positive externalities, whereas it seems that (for example) reverse engineering a DRM system will produce both positive and negative externalities, assuming copyright infringement is counted as a negative externality.
On Wednesday evening, I was on a panel of my own, with Lucky Green (the organizer and moderator) and Peter Biddle from Microsoft. (Peter showed up in the company of Brian A. LaMacchia.) Our panel was very lively, and very well-attended, even though we ran about an hour over our allotted time. Peter talked about how Palladium works, and Lucky talked about why Palladium is terrible, and I talked about why we think Palladium may be harmful in some ways. That made me the moderate on the panel! Can you imagine?
I had a nice time, and I got to give Peter the little Nub pin which Henry had tracked down. I think we had a fairly sophisticated discussion, although the alloted time was very short. I was honored that some very distinguished people chose to attend the panel.
I started off my presentation by saying
I'm going to use the letter 'e' in this discussion. I'm sorry.
About three people in the audience got it. Later on, when the presentations were over and we were about to take questions from the audience, I was sorely tempted to joke
So, before you begin with your questions, you should know that one of us on this panel always tells the truth, one of us always lies, and the other one gives answers at random. You, the audience, have to figure out who's who by asking us only three questions.
But I didn't actually make that joke.
I know some readers will want to know what was actually said during the panel, but I think this entry is already long enough, so I want to omit some of that material at this point. Peter gave a pretty concise and very technical overview of what Palladium's infrastructure is doing, and he said again that my blog entry was a good source of technical detail on the system. Lucky largely reprised his TCPA talk from DEF CON. (Above, I've made it sound as though Lucky gave a talk about Palladium at DEF CON. In fact, I'm just extrapolating his point; his talk at DEF CON was really about TCPA, not Palladium.) In the panel at USENIX, he made an effort to take out TCPA-specific things from his presentation and include points which should be applicable to both systems. That's difficult, at this point; I still want to know more about what the differences are, although I've got a handle on some of them.
There was also a mean joke which somebody else made about Palladium in the hallway. It had to do with the chemical element Palladium, and I think that will be a rich source of humor for the near future.
I had dinner with Biella, D. J. Bernstein, Stig Hackvan, and Dave Del Torto. That was the first time I'd met Bernstein. As you might expect, I talked to him about the Bernstein case a bit.
In economic analysis ... the goal is not to maximize the wealth of any individual ... [but] we can call that [belief] Valenti's fallacy.(Felten)
On Thursday, I saw Ben Pfaff and Ben Laurie, and a few more talks. I didn't make it through the entire Formal Methods talk, but I got some useful discussion of protocol analysis there, including some of the risks of a naive analysis which doesn't consider all the ways an attacker could attack a protocol. It seems that formal protocol validation is making a lot of progress, and has reached the stage where it can sometimes find new protocol attacks which appear novel, clever, and surprising to human observers.
