IF YOU GET THIS TWICE: Sorry, it's because we're transitioning MLMs. See <http://cryptorights.org/meetingpunks> for subscription help and Cypherpunks meeting announcements from around the world. .......................................................................... SF Bay Area Cypherpunks October 2001 Physical Meeting Announcement GENERAL INFO: DATE: Saturday 13 October 2001 TIME: 1:00-6:00 PM (Pacific Time) PLACE: Tressider Student Union Courtyard Stanford University Campus Palo Alto, California, USA This Cypherpunks meeting will begin forming around 12:00 PM, and the structured Agenda will begin at approximately 1:00 PM. AGENDA: "Our agenda is a widely-held secret." As usual, this is an Open Meeting on US Soil, and everyone's invited ...yes, even the Director of Homeland Defense. ...................................................... 1. Recent Cypherpunk News Various Cypherpunks have been on the road recently, and will share important news updates and colorful stories with us about their journeys. CryptoRights Foundation representatives will also have some very good news about CRF's recent progress. ...................................................... 2. Anti-Terrorism This meeting will feature a discussion on the implications for our open society of two major legislative proposals resulting from the recent crimes against humanity in NY, DC and PA. The Mobilization Against Terrorism Act (MATA) and it's follow-on, the Uniting and Strengthening America (USA) Act, are dramatic new proposals creating major arguments in Congress. They include provisions that: * Define "computer intrusions" as a (federal) Terrorism offense. * Add convicted krackers to a central federal DNA database. * Remove wiretap restrictions on email scanning, web surveillance and voicemail inspections by law enforcement. * Remove controls on roving (person-specific) wiretaps, implying wiretap capability in all communications infrastructures. * Allow LEAs to share wiretap data with any Executive Branch employee. * Make domestic surveillance easier under FISA (Foreign Intel Surv Act) * Provide US intelligence agencies with access to Grand Jury documents. * Let the President designate US Citizens as FISA surveillance targets. * Create free speech restrictions on "expert advice" to USG-defined "terrorists". * Authorize the CIA to "hire terrorists". In addition to MATA and USAA, the Administration has established a new (soon to be Cabinet) position heading the Office of Homeland Defense (OHD) for coordination of law enforcement and intelligence efforts, including centralization of databases storing information about US Citizens. These new initiatives have all been positioned and marketed to voters as making Americans safer from the scourge of global Terrorism, but we'll be asking the tough, skeptical questions: Q: Will these initiatives really make our lives more secure or simply make the US a Police State? Q: Assuming these proposals work, are they worth sacrificing our civil liberties? We'll also discuss the amendments proposed by Russell Feingold (D-WI) to the USAA which: * Bar police from performing court-ordered "secret searches". * Narrow the ability the bill gives employers, schools and public libraries to spy on users, rather than allowing spying on all "computer trespassers". * Protect medical/academic records by requiring a judge's permission instead of giving police access to all "tangible" data. * Modify "roving wiretaps" to permit eavesdropping only when the target is on specific hardware but not when others use it. In addition, our resident legal eagles will help us evaluate the Constitutionality of these measures, and we'll also include a discussion the Snake-Oil Protection Act (aka the DMCA), and the wisdom of letting people who do not design security systems write legislation affecting everyone's security. Background info: USAA <http://leahy.senate.gov/press/200110/100401a.html> MATA <http://www.justice.gov/opa/pr/2001/September/492ag.htm> OHD <http://www.whitehouse.gov/news/releases/2001/10/20011008.html> DMCA <http://www.loc.gov/copyright/legislation/dmca.pdf> EFF Analysis by Lee Tien and Shari Steele: <http://www.eff.org/Privacy/Surveillance/20010926_eff_wiretap_pr.html> ...................................................... 3. CRF Human Rights Security Policy Design Session #1 A good security policy is essential to good security in any organization and many organizations don't know where to start. CryptoRights is designing a comprehensive security policy template for our human rights NGO clients, and we need the active participation of the Cypherpunk Community. Please send and/or bring non-proprietary policy documents/doc fragments, FAQs, URLs, papers you've written or read, books you use and any other resources you can think of regarding security policy design. We'll spread it all out on the floor and begin brainstorming and creating the ultimate security policy document in the first session of many. This document will be a showplace for Cypherpunk core competency. CRF and its client NGOs and partners will be able to use it or portions of it to bootstrap the wide adoption of a variety of communications security tools, in order to establish their utility for the global society. To add to the overall complexity of such a project, we also have to contend with the new politics in the post-9/11 world. It's going to have to be an amazingly flexible and comprehensive document built from many different security professionals' experiences and contributions. Our many design challenges include: * Flexible threat model definitions * Encryption tool interfaces and training requirements * Fieldworker security and travel considerations * NGO security team qualifications and administrator credentials * Law enforcement issues * Integration with small/wearable platforms * Revocation issues * Authentication guidelines and procedures for online documents * Physical security considerations * Interfacing with other NGO security infrastructures * Surveillance and counter-surveillance * Protections from terrorists * Field intelligence and urban counter-intelligence * Human rights trustgroup trust models * Evidence authentication and encryption frameworks * E-commerce and digital cash for human rights NGOs * Voice encryption and radio/telephony tradecraft * Human rights public key infrastructure management * Secret sharing requirements and guidelines * Keyservers * Hardware security tokens * Biometrics * Privacy policy * Remailers and identity management guidelines and technology * IPsec and DNSsec capabilities * ...and more Bring, laptops, pads of paper, whiteboard markers and your thinking caps! Submissions are welcome anytime, even after the meeting (we'll have more): Email to: <mailto:sec-policy@cryptorights.org> or Anonymous FTP uploads to: <ftp://cryptorights.org>. Please support and participate in this important community initiative! .......................................................................... LOCATION: The Stanford meeting location will be familiar to those who've been to our outdoor summer meetings before, but for those who haven't been, it's on the Stanford University campus (in Palo Alto, California), at the end of Santa Theresa, at the tables outside Tressider Union, just west of Dinkelspiel Auditorium. We meet at the tables on the West side of the building, inside the horseshoe "U" formed by the Tressider building. Ask anyone on campus where "Tressider" or the "Student Union" is and they'll help you find it. If the weather is bad, we'll meet inside. Food/beverages are available at the cafe and mini-market inside. Location Maps: Tressider Union (overview): http://www.stanford.edu/home/map/search_map.html?keyword=&ACADEMIC=Tresidder+Union Tressider Union (zoomed detail view): http://www.stanford.edu/home/map/stanford_zoom_map.html?234,312 Printable Stanford Map (407k). http://www.stanford.edu/home/visitors/campus_map.pdf GPS Coordinates: 37d23:40 N 122d04:49 W .......................................................................... HELP? If you get lost, or have questions, comments or last-minute agenda requests, please contact your friendly meeting organizers: Dave Del Torto <ddt@cryptorights.org> Cell: +1.415.730.3583 Bill Stewart <bill@cryptorights.org> Cell: +1.415.307.7119 .......................................................................... Heads-Up for November! The November meeting will be indoors, somewhere in San Francisco (location TBD). Two very special events are being planned: (1) We hope to have the much-awaited Second Part of Black Unicorn's presentation at the June meeting of his Analysis of Cocaine Smuggling. In light of recent events, the national security implications of his conclusions are more significant than ever. (2) Eric Blossom may present some very important CRF research and development work on a Software Defined Radio for evaluating the security of wireless devices. If you didn't see Eric's talk at HAL2001, you shouldn't miss this. Early running code will be demonstrated. END