A major segment of the symposium was UniForum's four panel sessions on electronic security: Security and Privacy Issues;
Electronic Commerce; Cryptography and the Law; and Cryptographic Infrastructure. More than 200 attendees signed up for the panels, also significantly surpassing the attendance at last year's event.
Gio Wederhold focused his presentation on the issue of the security of medical records, which is an area of growing concern. The major insurance companies have virtually total access to medical records, while the subjects of those records--patients and other medical consumers--have limited control of their own information, and that includes the results of medical research. From this scenario, Wederhold transitioned to the concept of the "virtual company" and how its development is being seriously hindered by the fact that current practices make it difficult for people to trust each other.
Mary Connors rounded out the session with a history of the development of major privacy legislation in both the federal government and the California state government, citing the Freedom of Information Act, the Privacy Act and the California constitution, with its right-to-privacy provision.
At the panel on electronic commerce, session chair Rik Farrow started with a question: "How many of you are currently doing some kind of e-commerce?" About half of the people in the room raised their hands, showing the pervasiveness of this activity. Farrow pointed out that even now many companies want to get into electronic commerce but confess to fears about how to do it securely. He went on to say that e-commerce has taken business to a level of abstraction never before seen. The object of the transaction is not directly experienced by the buyer before sale; the Web site being used may or may not belong to the entity the buyer thinks he or she is dealing with; and to top it off, the funds used to pay for the transaction are electronic.
The panelists--Fred Avolio of Trusted Information Systems (TIS), Daniel Geer of Open Market and Bruce Schneier of Counterpane Systems--discussed a variety of topics within electronic commerce, including concerns about authorization, accountability, integrity and confidentiality; and what the world might look like when electronic commerce is the norm rather than the exception, including a prediction of "disintermediation," the declining role of intermediaries in commerce.
Sides were taken immediately, with only Charney defending the use of key escrow policies and limitations on encryption technology. His point of view (which he defended valiantly in the face of strong opposition from the others) was that "robust" encryption can and should be available, but that legitimate national security and public safety concerns warrant restrictions on encryption. Those on the panel in favor of unrestricted cryptography pointed out that, because of the truly international nature of the Internet, laws passed by any given country limiting electronic security technology are largely "irrelevant" and cited the lack of effect that France's key-escrow policy (the only one in the industrialized world) has had beyond its own borders.
The final panel session, Cryptographic Infrastructure, was chaired by Fred Avolio of TIS. The panelists were Peter Dinsmore, also of TIS; Carl Ellison of Cybercash; Constantin Tanno of Morgan Stanley & Co.; and Walter Tuvell of the Open Software Foundation. This session covered such topics as architectures for public-key infrastructures; key recovery and backup; and public-key identification, authentication and authorization.
Usenix will be hosting a variety of conferences across the U.S. over the next several months, including LISA '96 in Chicago in late September and a workshop on electronic commerce in Oakland, CA, in November. For more information on Usenix events and activities, visit their Web page at http://www.usenix.org.