9 August 2000


Date: Tue, 08 Aug 2000 13:43:08 +0100
To: ukcrypto@maillist.ox.ac.uk
From: gus <i.hosein@lse.ac.uk>
Subject: Re: Observer Front Page: Police to track mobile phone users

The Paris G8 summit was a grave disappointment if we want to consider it as 'public'.  I want to be as thorough as possible, so please excuse the length of this email.

Attendees?  Industry and government.  That was all.  That was the mandate; when I protested to my own delegation (I managed to squeeze myself in to another country's delegation) about the lack of the 'other', I was quickly quietened down by a response:  "This is the first time we have actually invited outside people, and it was decided to be industry."  My colleagues raised this point at every occasion we could, and it was alarmingly ignored.

Each delegation was responsible for the invitations, however, so there was not necessarily centralised control.  Some delegations were active in solliciting the advice of more 'fringe' organisations.  Others were not necessarily so open-minded.

One representative was there within the entire conference from consumer action:  a US consumer protection advocate (who was presumably invited because of her work on fraud).  No other NGOs were present to my knowledge, and I searched quite long and hard.

Companies were there; yes.  Many of the big names, plus some of the smaller names, and industry groups were present (and some did a very good job at trying to represent the 'other').  But the fact remains, the 'other' was missing.  The IETF did have representation, and discussed the wiretapping protocol proposal, amongst many other interesting issues.  The rest were industry and government.

Most alarming was the lack of checks and balances that the 'other' would provide.  The most apalling display was that of Gemplus, invited (and subsidised, I believe) by the French government.  The Gemplus representative was shamelessly selling smartcards as the solution to all problems -- even Viruses! (as were many of the other companies promising privacy and individual protections, even within my delegation, which I did my best to deconstruct behind smaller closed doors, and thus making a few enemies).  An academic (i.e. Ross Anderson) would have been ideal to temper the excitement towards these industry solutions, but again, academics were not invited (at least not as academics).  A similar event occurred on a smaller scale regarding the privacy-enhancing capabilities of PKI, and I then approached the speaker afterwards to warn about the disadvantages to PKI.  Because I was part of a delegation as industry, and because I was not there as an advocate or academic, my silence in refuting these claims in the large room with large doors was not out of fear of reprisal, but rather I didn't want anyone to leave that conference thinking that NGOs or academics were invited.

The UK delegation was a bunch of familiar faces (Thus, LINX, Home Office, DTI), while some, on their badges, had their names and then just the association of "Law Enforcement" -- no expansion on that.  I even began talking with one of these "Law Enforcement" types, and when I mentioned my affiliation with FIPR, the conversation ended quite soon thereafter; probably coincidental and I was boring the "Law Enforcement" representative.  FIPR was not invited, to my knowledge, so even think-tanks were ignored.

The general feel was that we all should have been grateful for being there.  Everyone patting themselves on the back for having the first such 'public' forum.

Even more appalling was the treatment of the press. Gemplus was even included in the press conference afterwards (the only real interaction with the press that occurred at the last session of the conference); and was again shamelessly plugging smartcards as the grand solution to everything.  I even attended small press gatherings after each day where the moderator and some of the speakers would talk with (to?) the press (in a room where the press were confined to because of the large closed doors), and I was interested to see the moderator continuing his role as moderator -- which was far from objective -- and thus representing government interests to the press rather than the results of the conference discourse (which was not always in firm agreement with the ideas presented by others behind the large closed doors).

I met some really nice people from inside government and from industry; but I did not meet, I repeat, any NGOs or any academics.  Despite this, everyone (but a few 'radicals' like me) left quite satisfied.

Perhaps Roland may wish to include parts of the conference that I did not see, but I would posit to say that the public was not well represented.  Yes, it was a start, and industry did _not_ roll over to all of government's requests and interests; but I felt that most delegates/presenters (government and industry) were far too busy trying to protect their own interests, rather than considering 'the other'.  There were exceptions, of course, but not as many dissenters as should be sought out for such initiatives.

gus.


Date: Tue, 08 Aug 2000 18:43:58 +0100
To: ukcrypto@maillist.ox.ac.uk
From: gus <i.hosein@lse.ac.uk>
Subject: Re: Observer Front Page: Police to track mobile phone users

I guess we will have to wait and see what comes out of Berlin (October).

Unless it is opened up, however, I do not have much enthusiasm.

As for journalists... getting in as a journalist (I inquired) required a  pass and authorisation a week and a half in advance (high security at the conference).  They were then kept in the back room after all that effort.  There weren't any UK journalists there to my knowledge, but I was in communication with the BBC while at the conference, and they have an article or two on-line.

Generally the coverage was simplistic, because the journalists could only cover what they were given, and as I explained, they were given very little.

The G8 has something to contribute; but it has to make sure that it does it carefully and well.  For example, their last conference in Okinawa on the digital divide had interesting goals, and may have achieved something... but then I caught one of the outcomes...

"In order to maximise the social and economic benefits of the Information Society, we agree [...] and commend to others: [...]Further development and effective functioning of electronic authentication, electronic signature, cryptography, and other means to ensure security and certainty of transactions."

Which is consoling.  But what does 'effective' mean?  A moment later they state...

"We must ensure that effective measures [...] are put in place to fight cyber-crime. [...] We will continue to engage industry and other stakeholders to protect critical information infrastructures."

I get nervous when governments speak of 'effective' authentication and in the same breath (two lines later) they discuss cybercrime.

But at least they seem bent on opening up...

gus.

At 05:09 PM 08/08/00, Roland Perry wrote:

>The conference was but the first step down a long road, with most
>countries quite astonished at the ability for Government and Industry to
>sit in the same room without coming to blows. Give it a bit more time.
>--
>Roland Perry