Kevin L Prigge <klp@gold.tc.umn.edu> writes:

Does anyone know exactly how the press contact thing works? My impression is that a reporter/journalist stumbles on to someone who knows something about a particular area, and is willing to be interviewed. Then the next time a story comes along that deals even slightly with that subject, the reporter will tend to contact that person.

From people I've personally seen recently, we could have Doug Humphrey of Digex (nice to have a security-related company President) Bob Stratton of UU.Net (corporate security wiz) Carl Ellison of TIS (usually on c'punks light and at all DCcp meetings)

I think the "exact" process varies with the journalist. But you have it generally correct. The press runs on reputations. When a writer gets a story, they look for "reliable sources" to contact. Reputations are based on a lot of things, including knowledge, speaking ability, looks and the ability to emit a sound-bite that is interesting. it is a strange process. I mean, I even got on CNN during the Morris worm. Tim is right, there is no "we" here. We can't have an official spokesperson, we don't agree on much. But we can work from the ground up. There are a number of serious cryptographers on the list, or at least friendly to the list when the S/N ratio makes sense. With a little work, we should be able to find a fairly long list of media contacts. We can even make it media friendly. probably others at TIS such as Ken Mendelsen or Steve Walker For the political side, the folks at EFF, CDT, EIPC, etc. And there are others that could be good contacts, such as William H Murray of Delloite and Touche, Matt Blaze of [Bellcore|BellLabs] It might take a while to get permission for referal, but I expect that most security consultants would consider being quoted in mainstream press to be good advertizing. If we make it easy, anyone would be willing to take advantage of the resource. We should also inclue a representative sample of folks who disagree with us. Any real list should include Dorothy Denning and other supporters. We can simply stack the deck. We can make sure that the mainline journalists know where to look, and make sure that CDT, EFF, ACLU, and EPIC have references that are ready when they are asked for referals. Assuming my web server recovers from the mention in comp.risks, I'm more than willing to accept suggestions and have a "security spokes-folks" page. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include <standard.disclaimer>