at DeAnza 3 Auditorium
The Second Millennium
Mac-Crypto Conference on Macintosh Cryptography
and Internet Commerce
Was held on January 29-31, 2001
Apple R&D Campus
10500 N DeAnza Blvd, Cupertino, CA, USA
at DeAnza 3 Auditorium
|Day 1: The Environment for Macintosh Cryptography|
10:00 Monday, January 29, 2001
|Morning Session: Welcome and Keynotes|
|Martin Minow - A Remberance.
A few words about a member of mac-crypto who has left us...
|The Effect of Anti-Circumvention
Provisions on Security
Jonathan D. Callas
Counterpane Internet Security
One of the properties of digital Intellectual Property (IP) is that it can be easily reproduced, modified, and transferred. In response, IP owners have created creating new security technologies, and laws, for controlling the digital works. Inevitably, this creates an opportunity for those who can circumvent those technologies and laws.
Timothy C. May
Why crypto is about a lot more than conventional privacy and authentication. The importance of "uncoerced transactions" and regulatory arbitrage. Discussion of how strong crypto, digital mixes, and untraceable payment systems change the nature of government regulation and control of citizen-units.
|Afternoon Session: Crypto Law and Policy|
|Crypto Law and the Mac
|Privacy Legislation and the Internet
Director, CryptoRights Foundation
Many software developers in the US are not aware of the specific requirements mandated by recently passed privacy laws. To address this issue this talk will overview privacy and e-commerce legislation passed in Canada, Australia, Europe and the US to introduce developers to the specific nuances which they need to be made aware of.
|"It's the people, stupid."
Guarding your privacy is like using seat belts or wearing a condom: a small amount of effort can avoid a large potential (but infrequent) harm. Furthermore, the effectiveness of most privacy-guarding systems depend in large part on widespread use, making them look a lot like public goods. At first we blamed lousy software, then we blamed the patents, and now, what's left to blame? What can we learn from similar problems of societal behavior modification and the non-coercive creation of public goods?
|Day 2: Problems and Opportunities in Macintosh
9:30 Tuesday, January 30, 2001
Security Architect, Gemplus
This tutorial gives a general overview of the smartcard technology and its added value for cryptography and security. Classical smartcard concepts (card life cycle, smartcard structure, required infrastructure,...) are covered along with recent ones like open cards (Javacard,...). New applications and potentail security enhancements to MacOS X are given. Finally, the current state of the art in smartcard security is described.
|Smart Cards on the
Chris Goeltner, ONE-O-ONE
A practical overview of how developers can add smart card capabilities to their application. Showing how different smart card types offer different levels of security and how they interact through the smart card reader with the application residing on the host. In the demo we will show samples for Mac OS X and Classic.
|Mac OS X Security: Developer Feedback Session
John Hurley, Apple Data Security
|IPSec for Macintosh: Tapping Experience
Michael Swan, Tom Weyer, Will Price, Rodney Thayer, Jon Callas.
Moderated by Eric Gundrum
When people discuss ways to secure communications between networked computers, IPSec invariably enters the conversation. But how can Macintosh users take advantage of this modern VPN technology? Our panelists will answer this and other questions about deploying and implementing IPSec for the benefit of Macintosh users.
|Internet Security and Authentication
Issues for a Machine with Fruit on the Front
|Security Analysis of the WEP
Nikita Borisov, Berkeley
The Wired Equivalent Privacy (WEP) algorithm is used for protecting wireless transmissions in the 802.11 protocol, used by the Apple AirPort cards. The algorithm is used to provide confidentiality of network traffic, as well as for network access control in some cases. We have identified several flaws in the algorithm which give rise to attacks compromising both of these security properties, with minimal effort invested. This work was done jointly with Ian Goldberg and David Wagner.
|Barriers to Entry: Why Does Crypto Go Unused
Over the past few years we've seen dramatic improvements in the experience users have with security software on Macintosh. Nonetheless, very few people secure their electronic communications and personal data. In this moderated discussion we will explore the issues preventing more wide use of security software and consider ways we might drive greater adoption.
|Day 3: Internet Payments,
Finance and Ownership|
9:30 Wednesday, January 31, 2001
|Intro to Internet Payments for Mac
The Internet Bearer Underwriting Corporation
A quick-and-dirty bestiary of what's out there, right now, in the internet payments world, and whether or not it exists on the Mac -- or if it's necessary for it to be on the Mac, for that matter.
Robert Hettinga, Internet Bearer Underwriting Corporation
How to underwrite (intermediate and assume the financial risk for) any financial instrument, from sub-millidollar to super-megadollar, cash, debt, equity, or any derivative thereof, in bearer form, on the internet, at a cost, probably, of three orders of magnitude or less than an equivalent book-entry instrument. What financial cryptography protocols to use for what financial instrument, how to move the money around, how to get it on and off the net, legally, and why going in and out the front door isn't as scary as it looks.
|Secure, Real-Time Financial Transactions
using WebFunds on the Mac.
Partner, BEK Ventures
The talk will center on real-world transfer of value in the form of either exchange among commodity-back electronic currencies or trading of shares in micro-enterprises.
|Mojonation and the Mac
Zooko Journeyman, Jim McCoy. Evil Geniuses for a Better Tomorrow
What is Mojo Nation? Mojo Nation is a revolutionary new peer-driven content distribution technology. While simple data distribution architectures like Napster or Gnutella may be sufficient to allow users to trade mp3 files they are unable to scale up to deliver rich-media content while still taking advantages of the cost savings of peer-to-peer systems. Mojo Nation combines the flexibility of the marketplace with a secure "swarm distribution" mechanism to go far beyond any current filesharing system -- providing high-speed downloads that run from multiple peers in parallel. The Mojo Nation technology is an efficient, massively scalable and secure toolkit for distributors and consumers of digital content.
|The Impact of Digital Watermarking and
Digital Rights Management on Mac Developers.
Mike Berry, CTO, Bluespike, Inc.
Mac developers face the likelihood of needing to support several industry standards in watermarking (SDMI, CPTWG) and multiple DRM packages in order to allow their customers access to legal digital content. Do these systems work, are they necessary, will I need to support them anyway, what is the impact to my software? These are all questions that media software developers will be asking themselves over the next several years, and for which I will try to give some answers.
|So, What's IBUC going to do,
Oddly enough, IBUC, the Internet Bearer Underwriting Corporation, has revenue these days, and is funding, or has arranged funding for, a couple of projects, including one with the central securities depository for the UK and Ireland, and even a proof-of-concept for a streaming cash mint to be built by a well-known crypto hardware maker. This talk will be a status report on all that, including IBUC's discussions with various financial regulators and very large financial intermediaries, and what IBUC wants to do going forward, if everything works...