The Second Millennium
Mac-Crypto Conference on Macintosh Cryptography
and Internet Commerce

Was held on January 29-31, 2001

at DeAnza 3 Auditorium
Apple R&D Campus
10500 N DeAnza Blvd, Cupertino, CA, USA



Day 1: The Environment for Macintosh Cryptography
10:00 Monday, January 29, 2001
Morning Session: Welcome and Keynotes
Martin Minow - A Remberance.

A few words about a member of mac-crypto who has left us...
The Effect of Anti-Circumvention Provisions on Security
Jonathan D. Callas
Counterpane Internet Security

One of the properties of digital Intellectual Property (IP) is that it can be easily reproduced, modified, and transferred. In response, IP owners have created creating new security technologies, and laws, for controlling the digital works. Inevitably, this creates an opportunity for those who can circumvent those technologies and laws.

Slides are Available

Crypto Anarchy
“Timothy C. May”

Why crypto is about a lot more than conventional privacy and authentication. The importance of "uncoerced transactions" and regulatory arbitrage. Discussion of how strong crypto, digital mixes, and untraceable payment systems change the nature of government regulation and control of citizen-units.

Lunch
Afternoon Session: Crypto Law and Policy
Crypto Law and the Mac Developer
Greg Broiles

Slides are Available
UETA Summary
UETA Text

Privacy Legislation and the Internet Mac
Robert Guerra
Director, CryptoRights Foundation

Many software developers in the US are not aware of the specific requirements mandated by recently passed privacy laws. To address this issue this talk will overview privacy and e-commerce legislation passed in Canada, Australia, Europe and the US to introduce developers to the specific nuances which they need to be made aware of.

Slides are Available
Talk References

"It's the people, stupid."
Doug Barnes

Guarding your privacy is like using seat belts or wearing a condom: a small amount of effort can avoid a large potential (but infrequent) harm. Furthermore, the effectiveness of most privacy-guarding systems depend in large part on widespread use, making them look a lot like public goods. At first we blamed lousy software, then we blamed the patents, and now, what's left to blame? What can we learn from similar problems of societal behavior modification and the non-coercive creation of public goods?

Slides are Available

Day 2: Problems and Opportunities in Macintosh Cryptography
9:30 Tuesday, January 30, 2001
Morning Session:
Introduction to Smartcards
Jean-Luc Giraud
Security Architect, Gemplus

This tutorial gives a general overview of the smartcard technology and its added value for cryptography and security. Classical smartcard concepts (card life cycle, smartcard structure, required infrastructure,...) are covered along with recent ones like open cards (Javacard,...). New applications and potentail security enhancements to MacOS X are given. Finally, the current state of the art in smartcard security is described.

Slides are Available

Smart Cards on the Macintosh
Chris Goeltner, ONE-O-ONE

A practical overview of how developers can add smart card capabilities to their application. Showing how different smart card types offer different levels of security and how they interact through the smart card reader with the application residing on the host. In the demo we will show samples for Mac OS X and Classic.

Slides are Available

Mac OS X Security: Developer Feedback Session
John Hurley, Apple Data Security

Lunch
Afternoon Session:
IPSec for Macintosh: Tapping Experience
Michael Swan, Tom Weyer, Will Price, Rodney Thayer, Jon Callas.
Moderated by Eric Gundrum

When people discuss ways to secure communications between networked computers, IPSec invariably enters the conversation. But how can Macintosh users take advantage of this modern VPN technology? Our panelists will answer this and other questions about deploying and implementing IPSec for the benefit of Macintosh users.

Slides are Available

Internet Security and Authentication Issues for a Machine with Fruit on the Front
Rodney Thayer

Slides are Available

Security Analysis of the WEP algorithm
Nikita Borisov, Berkeley

The Wired Equivalent Privacy (WEP) algorithm is used for protecting wireless transmissions in the 802.11 protocol, used by the Apple AirPort cards. The algorithm is used to provide confidentiality of network traffic, as well as for network access control in some cases. We have identified several flaws in the algorithm which give rise to attacks compromising both of these security properties, with minimal effort invested. This work was done jointly with Ian Goldberg and David Wagner.

More Info.
Slides are Available

Barriers to Entry: Why Does Crypto Go Unused
Eric Gundrum

Over the past few years we've seen dramatic improvements in the experience users have with security software on Macintosh. Nonetheless, very few people secure their electronic communications and personal data. In this moderated discussion we will explore the issues preventing more wide use of security software and consider ways we might drive greater adoption.

Day 3: Internet Payments, Finance and Ownership
9:30 Wednesday, January 31, 2001
Morning Session:
Intro to Internet Payments for Mac Developers
Paul Harrison
The Internet Bearer Underwriting Corporation

A quick-and-dirty bestiary of what's out there, right now, in the internet payments world, and whether or not it exists on the Mac -- or if it's necessary for it to be on the Mac, for that matter.

Internet Bearer Payments
Robert Hettinga, Internet Bearer Underwriting Corporation

How to underwrite (intermediate and assume the financial risk for) any financial instrument, from sub-millidollar to super-megadollar, cash, debt, equity, or any derivative thereof, in bearer form, on the internet, at a cost, probably, of three orders of magnitude or less than an equivalent book-entry instrument. What financial cryptography protocols to use for what financial instrument, how to move the money around, how to get it on and off the net, legally, and why going in and out the front door isn't as scary as it looks.

Lunch
Afternoon Session
Secure, Real-Time Financial Transactions using WebFunds on the Mac.
Charles Evans
Partner, BEK Ventures

The talk will center on real-world transfer of value in the form of either exchange among commodity-back electronic currencies or trading of shares in micro-enterprises.

Slides are Available

Mojonation and the Mac
Zooko Journeyman, Jim McCoy. Evil Geniuses for a Better Tomorrow

What is Mojo Nation? Mojo Nation is a revolutionary new peer-driven content distribution technology. While simple data distribution architectures like Napster or Gnutella may be sufficient to allow users to trade mp3 files they are unable to scale up to deliver rich-media content while still taking advantages of the cost savings of peer-to-peer systems. Mojo Nation combines the flexibility of the marketplace with a secure "swarm distribution" mechanism to go far beyond any current filesharing system -- providing high-speed downloads that run from multiple peers in parallel. The Mojo Nation technology is an efficient, massively scalable and secure toolkit for distributors and consumers of digital content.

Find out more!

The Impact of Digital Watermarking and
Digital Rights Management on Mac Developers.

Mike Berry, CTO, Bluespike, Inc.

Mac developers face the likelihood of needing to support several industry standards in watermarking (SDMI, CPTWG) and multiple DRM packages in order to allow their customers access to legal digital content. Do these systems work, are they necessary, will I need to support them anyway, what is the impact to my software? These are all questions that media software developers will be asking themselves over the next several years, and for which I will try to give some answers.

Slides are Available

So, What's IBUC going to do, anyway?
Robert Hettinga

Oddly enough, IBUC, the Internet Bearer Underwriting Corporation, has revenue these days, and is funding, or has arranged funding for, a couple of projects, including one with the central securities depository for the UK and Ireland, and even a proof-of-concept for a streaming cash mint to be built by a well-known crypto hardware maker. This talk will be a status report on all that, including IBUC's discussions with various financial regulators and very large financial intermediaries, and what IBUC wants to do going forward, if everything works...