(A Javascript-enabled browser is required to email me.)


Charles Platt:
Notes from Anguilla
from TBTF for 1997-03-21



March 21, 1997

This material is Copyright © 1997 by Charles Platt <cp@panix.com>.
Approximately 75 security experts, cypherpunks, academics, libertarians, and anarchists, plus three or four attorneys and a couple of bankers congregated in Anguilla for the First Conference on Financial Cryptography (FC'97). I've written a full-length article about it for Wired magazine. The following quick notes are for TBTF.

The conference lasted five days (not including a previous week of instructional seminars, which I did not attend). The program began at 8:30 AM each day and lasted till 12:30 PM, when a cafeteria-style lunch was served. Afternoons were reserved for tourism, sunbathing, and swimming, while most evenings were spent hanging out in funky little bars in wooden shacks on beaches of white sand. Most of the locals were cheerfully tolerant of swarms of nerds wearing funny T-shirts and clutching laptop computers while enjoying excited arguments couched predominantly in acronyms.

"Even if you didn't have a good time, it's only fair to mention in your report that most of us had a great time." -- FC'97 attendee
The formal program was appropriately technical and was well balanced between theory and practice, including a couple of concepts that have already emerged from the design phase. One of these is Janus, a kind of specialized proxy server developed in response to the proliferation of web sites that require each user to log in with a unique ID and password. Obviously, if you use the same ID and password for many different sites you incur a security risk and allow your browsing patterns to be correlated; but maintaining a different ID and password for each site is a hassle. Janus does this for you, creating its own pseudorandom login and password for each place you visit, keeping track of them for you, and anonymizing the message traffic. You point your browser to the Janus site; it does the rest. The system is currently being tested. Check it out.

Another item at fc97 that caught my attention was a prototype telephone encryption device packaged in a modem-sized box designed to be interposed between your phone and the phone jack. Developed by Eric Blossom, the system samples voice signals, digitizes them, and encrypts them using triple DES. Naturally, you need a second unit to decrypt the signal. Blossom claims his device offers vastly superior quality compared with other options such as PGPfone, and he says that unique keys are generated for each session in such a way that they cannot be determined by monitoring the traffic. I was unable to test his hardware myself because export regulations prohibited him from bringing more than one demo unit out of the United States. Munitions, you know.

Blossom is looking for someone to mass-produce his voice encryption hardware. He can be reached at <eb at comsec dot com>.

One of the more challenging presentations was from David Birch, a British consultant who has participated actively in the development of Mondex smart cards. Birch predicted that smart cards bearing monetary value are the real future of online commerce, partly because consumers trust a card more than they trust money-data on a hard drive, and cards are already well established in Europe. According to Birch, within a few years we will all have card readers plugged into our PCs. The Mondex system allows users to make payments directly from card to card, and Birch outlined a near future in which similar systems would grow out of current forms of pseudocash such as frequent flier miles. If miles were stored on individual users' cards instead of at some distant mainframe, in effect this would be a form of currency that would be largely invisible and uncontrolled.

Ted Goldstein, from the commerce division of the Java division of Sun Microsystems, offered an impressive presentation of the "Java wallet," to be freely downloadable from the Java web site by the end of June if the project stays on schedule. This is like a financial operating system that will unify data types and the look and feel of financial software from multiple vendors. Goldstein's team has also succeeded in cramming a subset of the Java interpreter entirely onto smart-card ROM, using 512 bytes (not kilobytes!) as workspace for Java programs which are stored in ROM in tokenized form.

The Anguillan environment was ideal for the conference in that it has an undeveloped, informal, friendly, noncommercial flavor, like the old-style Internet translated into realspace. You can hang out and do whatever you want while looking as weird as you want, and no one will hassle you if you don't hassle them first. Anguilla is also free of all personal and corporate taxes, which gladdened the hearts of the many libertarians present.

On the other hand, Anguilla is constantly humid and hot, and the accommodations were either disconcertingly primitive or prohibitively expensive. An attendee from Microsoft ended up paying $200 a night just to get air conditioning and a phone in her room. Many cypherpunks opted for the less salubrious environment of Willy's Inn for $45 a night, where erratic water pressure often deprived them of an opportunity to shower in the morning, though no one regarded this as a great hardship.

Conference host Vincent Cate (who lives in Anguilla) was serene throughout various crises (e.g. a hotel claimed it had lost the reservations of 7 attendees when they arrived at midnight). Bob Hettinga, who had done organizational work from the USA, was unfailingly good humored. The program, orchestrated by Ray Hirschfield, received unanimous admiration.

Complaints mainly centered on the cruel and unusual punishment of a schedule commencing at 8:30 AM every day in an "island paradise," and some rather sketchy planning before the conference.

There will be a repeat performance next year, though I don't think I'll attend -- the British-style food roused horrible memories of my school days, and the charm of the cheerfully incompetent island folk wore thin after a while, especially when my hotel ran out of bottled water. Still, as someone said to me on the last day, "Even if you didn't have a good time, it's only fair for you to mention in your report that most of us had a great time."

Oh, well, all right then. And I must admit I liked everyone I met and had some memorable evenings where we reached critical nerdmass, conversationally speaking.

If only it had been in New York....

--Charles Platt


[ TBTF for 1997-03-21 ]