[MPUNKS] Cypherpunks 011013 at Stanford: Anti-Terrorism & Security Policy

Fri Oct 12 01:35:46 PDT 2001

IF YOU GET THIS TWICE: Sorry, it's because we're transitioning MLMs.

See <http://cryptorights.org/meetingpunks> for subscription help and 
 Cypherpunks meeting announcements from around the world.

..........................................................................

SF Bay Area Cypherpunks

October 2001 Physical Meeting Announcement

GENERAL INFO:

  DATE:  Saturday 13 October 2001
  TIME:  1:00-6:00 PM (Pacific Time)
 PLACE:  Tressider Student Union Courtyard
         Stanford University Campus
         Palo Alto, California, USA

This Cypherpunks meeting will begin forming around 12:00 PM, and the 
structured Agenda will begin at approximately 1:00 PM.

AGENDA:

 "Our agenda is a widely-held secret."

 As usual, this is an Open Meeting on US Soil, and everyone's invited
 ...yes, even the Director of Homeland Defense.

......................................................
 1. Recent Cypherpunk News

Various Cypherpunks have been on the road recently, and will share 
important news updates and colorful stories with us about their 
journeys.

CryptoRights Foundation representatives will also have some very 
good news about CRF's recent progress.

......................................................
 2. Anti-Terrorism

This meeting will feature a discussion on the implications for our 
open society of two major legislative proposals resulting from the 
recent crimes against humanity in NY, DC and PA. The Mobilization 
Against Terrorism Act (MATA) and it's follow-on, the Uniting and 
Strengthening America (USA) Act, are dramatic new proposals creating 
major arguments in Congress. They include provisions that:

 * Define "computer intrusions" as a (federal) Terrorism offense.
 * Add convicted krackers to a central federal DNA database.
 * Remove wiretap restrictions on email scanning, web surveillance and
    voicemail inspections by law enforcement.
 * Remove controls on roving (person-specific) wiretaps, implying 
    wiretap capability in all communications infrastructures.
 * Allow LEAs to share wiretap data with any Executive Branch employee.
 * Make domestic surveillance easier under FISA (Foreign Intel Surv Act)
 * Provide US intelligence agencies with access to Grand Jury documents.
 * Let the President designate US Citizens as FISA surveillance targets.
 * Create free speech restrictions on "expert advice" to USG-defined 
    "terrorists".
 * Authorize the CIA to "hire terrorists".

In addition to MATA and USAA, the Administration has established a 
new (soon to be Cabinet) position heading the Office of Homeland 
Defense (OHD) for coordination of law enforcement and intelligence 
efforts, including centralization of databases storing information 
about US Citizens.

These new initiatives have all been positioned and marketed to voters 
as making Americans safer from the scourge of global Terrorism, but 
we'll be asking the tough, skeptical questions:

 Q: Will these initiatives really make our lives more secure or simply
     make the US a Police State?
 Q: Assuming these proposals work, are they worth sacrificing our civil
     liberties?

We'll also discuss the amendments proposed by Russell Feingold (D-WI) 
to the USAA which:

 * Bar police from performing court-ordered "secret searches".
 * Narrow the ability the bill gives employers, schools and public 
    libraries to spy on users, rather than allowing spying on 
    all "computer trespassers".
 * Protect medical/academic records by requiring a judge's permission
    instead of giving police access to all "tangible" data.
 * Modify "roving wiretaps" to permit eavesdropping only when the 
    target is on specific hardware but not when others use it.

In addition, our resident legal eagles will help us evaluate the 
Constitutionality of these measures, and we'll also include a 
discussion the Snake-Oil Protection Act (aka the DMCA), and the 
wisdom of letting people who do not design security systems write 
legislation affecting everyone's security.

Background info:
 USAA <http://leahy.senate.gov/press/200110/100401a.html>
 MATA <http://www.justice.gov/opa/pr/2001/September/492ag.htm>
 OHD <http://www.whitehouse.gov/news/releases/2001/10/20011008.html>
 DMCA <http://www.loc.gov/copyright/legislation/dmca.pdf>
 EFF Analysis by Lee Tien and Shari Steele:
  <http://www.eff.org/Privacy/Surveillance/20010926_eff_wiretap_pr.html>

......................................................
 3. CRF Human Rights Security Policy Design Session #1

A good security policy is essential to good security in any 
organization and many organizations don't know where to start. 
CryptoRights is designing a comprehensive security policy template 
for our human rights NGO clients, and we need the active 
participation of the Cypherpunk Community. Please send and/or bring 
non-proprietary policy documents/doc fragments, FAQs, URLs, papers 
you've written or read, books you use and any other resources you can 
think of regarding security policy design. We'll spread it all out on 
the floor and begin brainstorming and creating the ultimate security 
policy document in the first session of many.

This document will be a showplace for Cypherpunk core competency. CRF 
and its client NGOs and partners will be able to use it or portions 
of it to bootstrap the wide adoption of a variety of communications 
security tools, in order to establish their utility for the global 
society.

To add to the overall complexity of such a project, we also have to 
contend with the new politics in the post-9/11 world. It's going to 
have to be an amazingly flexible and comprehensive document built 
from many different security professionals' experiences and 
contributions.

Our many design challenges include:

 * Flexible threat model definitions 
 * Encryption tool interfaces and training requirements 
 * Fieldworker security and travel considerations 
 * NGO security team qualifications and administrator credentials 
 * Law enforcement issues 
 * Integration with small/wearable platforms 
 * Revocation issues 
 * Authentication guidelines and procedures for online documents 
 * Physical security considerations 
 * Interfacing with other NGO security infrastructures 
 * Surveillance and counter-surveillance 
 * Protections from terrorists 
 * Field intelligence and urban counter-intelligence 
 * Human rights trustgroup trust models 
 * Evidence authentication and encryption frameworks 
 * E-commerce and digital cash for human rights NGOs 
 * Voice encryption and radio/telephony tradecraft 
 * Human rights public key infrastructure management 
 * Secret sharing requirements and guidelines 
 * Keyservers 
 * Hardware security tokens 
 * Biometrics 
 * Privacy policy 
 * Remailers and identity management guidelines and technology 
 * IPsec and DNSsec capabilities 
 * ...and more 

Bring, laptops, pads of paper, whiteboard markers and your thinking caps!
Submissions are welcome anytime, even after the meeting (we'll have more):
   Email to: <mailto:sec-policy at cryptorights.org> or
   Anonymous FTP uploads to: <ftp://cryptorights.org>.
Please support and participate in this important community initiative!

..........................................................................
LOCATION:

   The Stanford meeting location will be familiar to those who've been to our
   outdoor summer meetings before, but for those who haven't been, it's on the
   Stanford University campus (in Palo Alto, California), at the end of 
   Santa Theresa, at the tables outside Tressider Union, just west of 
   Dinkelspiel Auditorium.

   We meet at the tables on the West side of the building, inside the
   horseshoe "U" formed by the Tressider building. Ask anyone on campus 
   where "Tressider" or the "Student Union" is and they'll help you find it.

   If the weather is bad, we'll meet inside.

   Food/beverages are available at the cafe and mini-market inside.

   Location Maps:
   Tressider Union (overview):
     http://www.stanford.edu/home/map/search_map.html?keyword=&ACADEMIC=Tresidder+Union
   Tressider Union (zoomed detail view):
     http://www.stanford.edu/home/map/stanford_zoom_map.html?234,312
   Printable Stanford Map (407k).
     http://www.stanford.edu/home/visitors/campus_map.pdf

   GPS Coordinates: 37d23:40 N 122d04:49 W 

..........................................................................
HELP?

If you get lost, or have questions, comments or last-minute agenda 
requests, please contact your friendly meeting organizers:

 Dave Del Torto <ddt at cryptorights.org>   Cell: +1.415.730.3583
 Bill Stewart   <bill at cryptorights.org>  Cell: +1.415.307.7119

..........................................................................
Heads-Up for November!

The November meeting will be indoors, somewhere in San Francisco 
(location TBD). Two very special events are being planned:

(1) We hope to have the much-awaited Second Part of Black Unicorn's 
presentation at the June meeting of his Analysis of Cocaine 
Smuggling. In light of recent events, the national security 
implications of his conclusions are more significant than ever.

(2) Eric Blossom may present some very important CRF research and 
development work on a Software Defined Radio for evaluating the 
security of wireless devices. If you didn't see Eric's talk at 
HAL2001, you shouldn't miss this. Early running code will be 
demonstrated.

END