| These notes are raw and not post-processed. They were all taken while the workshop was going on, and hence are not polished and not guaranteed complete or necessarily even balanced -- many scribes took extensive notes on only parts of the entire discussion. |
These notes cover all but the last (cash) session.)
Rebecca Wright:
Who should decide the properties of new systems?
Open src well suited to low resource grass roots devl -
disadv - can be modified to remove liberty prot.
- diff version compat probs
Alma Whitten:
Human factors. "Reality Check"
Don't assume users will know what they need, read mans, keep trying
after initial failure, or recognize success
Suspect: user managed key dist; users chk sigs; or u's comprehend
policies
Tools - general, robust, needs skill. App: specific, fragile,
needs less skill (till it breaks)
Automation: either must always work -or- users can compensate -or
not crucial
Goals: Deploy for those who want it -and/or- sell it to those who
don't know yet.
Replacing DNS - discussion
Ian Brown - DNS has been "subverted" from a tech thing to a public use
in Super Bowl. 2 pieces smoosh names: (1) distributed searching -
ask yr friends.
Anne Adams - email and web very diff.
John Weinberg - system must grow alongside DNS. for people who want
to route around DNS.
John Gilmore - DNS world's largest dist db. better dist db's can
guarantee to resolve. build better and bigger than DNS (web >
ftp) and they will come. global names preserve end-to-end.
Tad Hogg - distrib search good. want global names on a biz card.
David Kristol - deployment if comm'l interests oppose it is very hard.
Alma Whitten - bookmarks -> P aliases. as consumer issue.
Ian Brown -storing all your neighborhood location info a privacy
issue, if queired or seized.
Deirdre Mulligan - polit choke, anonymity. govts coordinating. fraud
prot for consumers. how could this design address the land-grab
concern?
Lenny Foner - little guys should be able to make easy-to-find names -
hard now. goals v. means. "most powerful entity wins" view - how
to fix? duplicate names - how to find the fred smith you want?
Rebecca Wright - disambig. if usually right, will think it's always
right (oops). duplicated names much more complex and buggy. users
w/common names must invent unusual pseudoes to be distinguished.
"diameter dichotomy" - N leaps gets friends, N+M the world - true?
Anne Adams - hierarchy gives users a handle. else all looks the same.
Alma Whitten - attacks e.g., Bush floods system so can't find Gore.
John Gilmore - price disincentive
Deirdre - price may not help unless huge
Roger Clarke - take easy problems first. he's still looking for the
heuristics to fix the URL (IBM -> www.ibm.com) disambig how
Phil Z - whats to know barnesandnoble.com gets the one.
Lenny - Minneapolis Amazone bookstore -> obliterated by big one.
John G - focus on replacement, not over prob politics. netscape ibm
->www.ibm.com --> built their own "realnames" to get $
Jonathan Weinberg - chairs ICANN WG on new TLD's. think of Smoosh as
a DNS overlay rather than replacement. adding hundreds of TLD's ia
a real solution to the land-grab. trademark problem. Amazon
Feminist Books sued by Amazon & got big $.
Alma - findable vs good names.
David Kristol - Yahoo categories w/dots between?
Patrick Feng - IF assume most important to find -the- B&N or
Amazon, posists that megacorps are what matter. when looking for a
friend, want diff heuristics.
Tomas Sander - phonebooks solve local lookup. what's killer app for
this? find it - start a company and do it.
(aud) Simson Garfinkle - DNS designed for individuals. host tables
too. IP addrs, no. Phone numbers avoided this w/-no content- in
phone numbers. Context-based addressing system fundamentally
flawed. Top-down DNS searching is the real prob? search your way
up. Any of these schemes can be deployed as altered DNS servers.
Those who say 100 or 1000- TLD's solve tm problem are folling self.
can't use ibm.vineyard.net in commerce
(aud) Stanton McCandlish - 2 kinds of goals.
privacy/anon/decentralize - sociopolitical vs IP, big vs little
players - not inet problems, legal sys probmems - w/open root -.
can solve some probs in Dns w/diff admin.
---BREAK---
Wendy Grossman - same probl as ICANN. lots of solutions. since we
haven't defined the prob. prob: defeat proprietariness of names.
microsoft won't own them all. or a govt.
(aud) Stanton McC - why are we here? design -privacy- in.
Lenny - DNS thing not on privacy? get around centralized control of
naming.
John G - let's focus on centralized control of naming. -consensus-
naming is own freehold.
(aud) Ellen Ullman - eng tradeoffs. reliable, fast, v flexibility.
Lance - main complaint re decentralized model - bad actors. punt that
to the courts?
Kar - If not a naming system, how to name them?
Adam - Agrees w/Lance re courts. but if free speech depends on flying
under radar?
(aud) Gail Williams - confusion re nav or naming?
Jonathan W - we here don't have ctl of law. tech solutions to
underlying legal regime.
John G - we need much more than...
Wendy - we imposed this geographic thing: uk, .fr -- UK guys don't
care. DN reflect the language of communication?
Kar - all pwr not in legis - I've made mistakes in RFC's and we're
living w/it!
Carl Page - metadata like XML "evil" - people can't see it
Patrick Feng - put coders in touch w/the community?
Tad Hogg -
(aud) Jean Camp - speak for human ambiguity. beliefe in binding =
validity is a DNS -problem-.
Karl - second. don't formalize wkg together. - we have the world's
largest db. add new fields.
John -
Bruce Umbaugh -
Karl - big co's will put good ideas into products.
(aud) Stanton - communities not so geopgrahic online. how many my-city
maliing lists are you on?
Carl Page - make it work in Chinese
John G - all at UI level. how to type Chinese email addrs?
Lisa Kamm - International users disagree.
Adam Shostack - find Barnes & Noble vs find John Gilmroe - 2 diff
ways to relieve stress on DNS
Deirdre - desply create confusion, help anonym etc. on IP side, make
it hard to enforce the rules.
(aud) Nick Derchuck - who overlays on whom? most sites trust NSI for names.
John Gilmore - DNS for naming not finding. if we could solve the
naming probl w/out central control and paying tolls, we'd be
better of even if never solved finding.
- circles of friends communicated
Tomas - too big a problem. autonomous mobile code research - very
flex, but discovered easier to do classically, sigh. eternity
service - can post but can't take it down. medical records? what do
we -want-?
(aud) Karl Auerbach - Cisco - "the DNS"? want a multiplicity of naming,
finding, ...
(aud) Ed Gould - Compaq - must agree on goals. can we agree?
idenfitifiability of the other end of comm? -- predictability.
(aud) Carl Page - egroups.com - Google "lucky" button for B&N.
match.com, etc, for finding people. not for DNS>
(aud) Karl A - do people think of DNS as authoritarian or "prove it to me"
results?
Rohan Sanarajiva - Ohio St - Big players will fight for their
mindshare. focus on solving a problem they don't care about.
(aud) John Larson - Xerox Parc - DNS not for human searches. policy
statements from search engines on how they order results for -you-.
who paid most $? who asked?
Lance Cottrell - most people don't have uniq
(aud) Karl - DNS not just for web browsing.
(aud) Carl Page - rplc DNS - performance sux. non-web-spaces - napster.
naming of "Pink Floyd - the wall"
(aud) DDT - Lots of people sharing one medicine.
Lenny - how to convince people not to expect to find.
(aud) Fen Labalme -
Lisa Kamm - search engines give precedence to domain name.
Alma - do mass of people find things by typing it in?
Lisa - IBM.com, lots get it by typing IBM. no other data for
domains...
(aud) Karl - adding new naming services won't break net. experiment!
Jonathan W - spidering the web is increasingly hard (expensive)
JG - focus on how, if we decided on goals - could we deploy to get
freedom by design?
(aud) John Brockman - Ohio St - lots of browser choices - netscape
good implem helped. autonomy (eng) wkg w/FCHQ (?). bayes theorem
search? tailores fromuse.
(aud) Dan Gillmor - Q: all this seems likely to lead to attempts to
make it proprietary?
(aud) Sandy Harris - Can we solve w/search exten? XML tags in home
page, etc?
Ian Brown - How to avoid propriatary - distributed sys hard to
subvert.
Lenny - finding hard things is hard.
Karl A - moliere -> tartuffe or his cat? create env in which OOO
finding mech can happen. hard to subvert.
---AFTERNOON--- business issues
Paper call: Berk conf: anonymity & unobservability
icsi.berkeley.edu/~hannes/ws.html
David Philips - U Texas. Politics. Anti-nuclear movement. Phase 1 -
local action re safety. Phase 2 - align w/ecology, peace, socialist
movements. link to strength of existing trends. how can we create
a chernobyl? and prepare the populace to react strongly? [sounds to
me like the GBI ramming ill-thought-out things thru Cong in shock
reaction] to generate and maintain social schisms. [privacy meme
linked to racism - don't record people's racism and make quotas]
My talk - free SW and business
- FS and B completely compatible. same constraints for success.
tactics.
- transaction costs coop.
- user choice - imoderated by reputation, distribution
- no central control pointer - can flow as the community desires.
- cygnus - -profitable- free sw co.
- FreeS/WAN - inexpensive, effective, could become company.
- Making business behave better
Deirdre M - Intel FTC complain - PSNumber. use govt against people -
not libertarian. privacy and consumer gruops.
Colin Bennett - Harvard - Chernobyl? not approp. might come from low
tech disaster. more worried about when surveillance techs work.
John G - Chernobyl [above]
Tad Hogg - tech can help give better policy choices.
Anne Adams - UCL - Chernobyl's don't help. people trust tech. when
violates, people get emotional and reject out of hand.
Ari Schwartz - Engage companies who -wnat- to design in privacy.
Patrick Feng - not encouraging a Chernobyl. if and when it comes, be
ready.
Roger Clarke - do your home homework - understand the tech, industry,
politics, etc. sustained key linkages. uncomf bedfellows and
unholy alliances. dirty hands - get 'em dirty.
David - only want to lower the threshold that spurs people to act.
(aud) Ed Gould - trouble articulating the privacy threat to the
public. concrete ideas?
Deirdre - most important to get people to take actions, rather than to
understand!! individual autonomy - walk around w/out recording.
re-use. confidentiality.
(aud) Ed - what do people -lose- when privacy is gone?
Roger Clarke - has to be visceral - specific measure placed in front
of 'em. Brit key escrow -> public meetings useful.
(aud) Ellen Ullman - people get a lot for surrending their identity.
Rohan - business methodology - not activist methodology! is there a
way to design incentives for biz to do the right thing?
relationships. they yield information. mediated by -trust-. what
models give incentive to build business based on trust?
Jonathan W - Doubleclick ?/ out - chernobyl gently. what chern for?
get legis? instead get biz to adopt privacy enh because it's in
their interest.
Deborah Pierce - 30+ bills in CA legis from Chernob - most badly
thought out.
Lorrie Cranor - how motivate biz to do privacy? sys good for
monitoring that weren't designed for - toll coll sys, etc.
(aud) Craig Hubley - agree w/Rohan. can't limit relationships
w/legis. torts. designed dating svc - 400 ways to hurt people
based on leaks! "secret identity (cred cards" became "billing
identity". years later, feature to crossref and disaster.
ontological.
Karl Auerbach - use UCITA to license your name?
Roger Clarke - Legis != EU. Try NZ.
Adam Shostack - fear pushes thought. greed. #1 reason reap story of
net-prey.
Colin - echo Roger. most countries have laws. US out of step.
John G - infrastructure for privacy or not: moving cash on the net.
Deirdre - wrote to every single OEM> product poses a privacy threat:
you do what? -all- responded and several biz stopped using
doubleclick, etc, w/pressure.
Roger Clarke - don't call it greed, call it profit. consent-based
marketing. network effects. use them.
Ken Olthoff - NSA - Antivirus SW community illustrative. AGreed not to
use bogus market differentiation (# virus scanned for). can we do
this about privacy?
Lenny - "Toxic Waste is Good for You" - book.
Lenny Foner Last modified: Sun Apr 23 16:55:39 EDT 2000