I'm in Montreal attending the annual Association Computer Machinery (ACM) conference on Computers, Freedom, and Privacy (CFP). Now in its 17th year, this conference was once the only venue where topics like cyber-rights, wiretaps, and cryptography policy were actually discussed. That's before Wired magazine and the birth of the commercial Internet as we know it, of course. But CFP is still one of the few places where technologists, policy wonks, government officials, and the cyber-libertarian fringe can get together and have open and honest, if not entirely friendly, conversations.

I gave a tutorial about computer forensics, then sat in on a talk about U.S. wiretap regulation. In the evening there was a 90-minute session called "Postings from the Edge," at which some of the wise old heads of the Internet gave their opinions about the leading technology and policy problems of our day.

Peter Neumann, from SRI International, opened the discussion. He has been following computer security and computer-related risks for years. After years of trying to build secure systems, he now spends most of his public life documenting how systems fail.

The conference opened on May 1--May Day. Neumann, who loves puns, pined that "mayday" is also an expression used by pilots who are sinking, and he said that we have a related problem today. We believe that computers can be trustworthy, he said--but they are not trustworthy. We have a belief that we can build simple systems--but secure systems are not simple. So we just can't build systems that are simple and trustworthy. This is a conflict.

What's more, Neumann said, a lot of problems we are trying to solve with computer security--things like privacy--are extrinsic to the computer system. We try to use secure computers to protect privacy, but privacy isn't being violated by the computer systems; it's being violated by the people who have legitimate access to the computer systems that are holding the private data. "Privacy cannot be protected with technology alone, and yet we have enormous belief in our computer systems and all of the people who have access to them," Neumann said.

We need to be aware of the risks that we are dealing with, addressing those that can be addressed with technology and restructuring our society and civilization to address the others.

Anita Allen, from the University of Pennsylvania Law School, stated that it only took 10 years to sequence the human genome, thanks to computers. Allen said that this week the House of Representatives passed the Genetic Nondiscrimination Act, which will help protect Americans from the "mischief that can be done" with our genetic information. "This is good news for American workers. Without this law, there is a lot of vulnerability that American workers face in the U.S."

Allen noted that a few years ago a railroad in the United States was surreptitiously testing its workers for the "carpel-tunnel gene," and that this information was disclosed and the company was sued by the Equal Opportunity Commission under the Americans with Disabilities Act. Allen pointed out that the new law will prohibit discrimination against people based on their DNA.

Bruce Schneier, from Counterpane Systems, spoke about the generation gap. This gap is bigger than rock and roll. He says that privacy is approached differently by the younger, hip generation that's using the social-networking websites. Schneier held up an article about how young employees can't be trusted because they put all the corporate secrets online. Your reputation might be ruined by blogging on the Net. "When you look at what's happening in the younger generation, there is a notion that these sites form communities," Schneier said. "People form friends all over the world. This is going to completely change the way that our society deals with privacy."

Schneier noted that some people have been fired for blogging and that college-admissions and HR people have Googled others to see what they did at last night's party. He mentioned a New York magazine article called "Say Everything." He said that the younger generation now believes that it has an audience and that everybody thinks they are watching and are onstage. They have archived their adolescence; their entire life is online, and they don't care. They are used to being dumped publicly on a social-networking site; they have thicker skin than we do.

If it is about control--building these sites to give people control--one way to do that is by limiting access. But kids just abandon sites when they want a new past; they just move on. Perhaps having data automatically delete itself after a while might be the right thing to do. Schneier pointed out that the older generation in the 1960s said that the social revolution--sex, drugs, and rock and roll--would be the end of marriage. They were right, Schneier said, and it's okay. "Talk to a teenager," he said. "We have a responsibility to build systems so that they can take maximum advantage of what the society has to answer."

Ed Vitz, from the Public Interest Registry, which manages the dot-org top-level domain, is now forming the Internet Consulting Coalition, which will be dedicated to helping organizations maximize their presence at the first and second domain level.

Vitz said that one of his primary concerns is the loss of an organization's domain name when the domain name expires. Many organizations will lose their dot-org and discover that it's been taken over by a porn site. This seems to hit nonprofits especially hard, perhaps because of their internal problems. "Domain-name monetization has interested Wall Street," said Vitz. "There are seminars on secondary domain markets."

The value of a domain name is based on the amount of traffic to the website and what it can command on the secondary market. "The unintended loss is not a new problem, but the situation is exacerbated because of the growing use of computer programs" that find expired domains and determine how valuable they are, according to Vitz. This is called "domain tasting," he said.

The poster-child example came up last year: a rape crisis center in Syracuse, NY, failed to reregister its domain name, Vitz said. It was picked up by an adult website. "You can imagine the results."

Whit Diffie, from Sun Microsystems--yes, that Whit Diffie: the one who invented public key cryptography--spoke about governmental surveillance. Government needs to do surveillance, Diffie said, so that it can know the needs of the citizenry.

This doesn't mean that surveillance is good or that it doesn't need to be regulated. "We find government surveillance threatening the whole structure of a free society," Diffie said.

Diffie stated that he has been fighting this battle for more than 14 years. It started out as a battle regarding the use of cryptography. All of a sudden, in the 1990s cryptography was good enough and computers were good enough to be used by small organizations, and all of a sudden, the government realized this and tried to reestablish control over cryptography. "After three rounds between 1980 and 2000, they lost," said Diffie. "And we now, in the U.S., have government-endorsed, very high-level cryptography."

"But part of the reason that the government retreated on that flank is that it was advancing on a flank that we didn't notice or didn't have time for," Diffie continued. "And we lost that battle in 1994, but we didn't notice. The government had noticed what some of us had also noticed: that all of the fine research in cryptography wasn't protecting traffic, and the cryptographic market wasn't succeeding hand over fist. Yes, SSL is one of the most widely used cryptographic markets in the world. But the penetration of secure phones is practically nil."

But while people in the cyber-rights movement were focusing on encryption, the government was focusing on having communications systems designed to be wiretap-friendly. The result was the 1994 Communications Assistance for Law Enforcement Act (CALEA). "And now," said Diffie, "all telephone switches have to have wiretapping built into them, and they have to guarantee that very rapidly they can adjust the system to deliver all the communications of the subscriber to the government. And if they don't, they get fined $10,000 per day and per violation."

Originally, CALEA had a carve-out so that it didn't cover the Internet. But the law had a provision that if the Internet substantially replaced the conventional telephone system, it would be covered. "Beginning two to three years ago, the FBI began pushing the FCC to adopt regulations saying that CALEA applies to the Internet," Diffie said.

The problem is that the Internet does not lend itself to interceptions. Diffie explained that if two businesspeople are traveling in Europe and want to have a VoIP conversation, it's much more efficient to send the packets directly from point to point, rather than sending them through an intermediary so that the intermediary can do a wiretap. One solution around this problem is to equip every ISP with advanced remote-controllable wiretap equipment. Of course, another alternative is just to force all phone calls to go through monitoring points. My guess is that the latter is what's going to happen.

Following the speakers' introductions, they were asked what kind of information, hypothetically, they would give to various politicians. I don't remember anything that was said.

Then we had questions and comments. The one notable comment came from Chris Kelly, the chief privacy officer of Facebook. He explained last year's snafu involving Facebook and privacy issues: Facebook had created a news feed to tell people what their friends were doing, and many people didn't like missives going out to their friends--you know, missives like "Anna's relationship status has changed from 'going steady' to 'single.'" It felt like stalking. Kelly said that 750,000 Facebook users joined a protest group about the news feed. Facebook got the message.

Kelly also said that the lesson that Facebook learned from this experience was precisely the opposite of what is written in the media. "You get this when you have 22-year-olds running the company." He said that a lot of people think that information posted in Facebook is available to anybody. In fact, there is no way to post a message in Facebook that everybody can read. And Kelly said that a lot of people think that 22-year-olds have no sense of privacy. He noted that the experience taught him that 22-year-olds care a great deal about privacy. They just have ways of conceptualizing it that are different from the way most 40- and 50-year-olds do.

Another brief will appear tomorrow.

FileVault is Apple's encrypted file system. I use it on my laptop to prevent me from having one of those "data-loss incidents" in the event that my laptop gets lost or stolen.

FileVault is pretty cool. It keeps all your files in a single big "virtual disk" file. Whenever data is written into the virtual disk, the data is encrypted; when the data is read back, it's decrypted. All this encryption and decryption is done transparently. And the disk is automatically mounted when you log into the Mac, with the encryption key being protected with your log-in password. All in all, it's pretty slick.

But FileVault has also caused me to lose data--and on more than one occasion. Usually the data loss happens when my battery dies on a long flight. My MacBook is pretty good about shutting down before the battery dies, but a battery can go out of calibration. When that happens, sometimes the Mac just loses power. When this has happened to me in the past while I was saving a file, I've lost the entire directory where the file was being saved. Now that's annoying.

The other failure mode that I've seen with FileVault, one that's far more troubling, happened to me on Sunday night. My computer got real slow, the disk kept spinning, and eventually I had to power it off. When I turned it back on, I discovered that every file that had been written over the past 10 to 20 minutes was filled with corrupt data.

I keep excellent backups, so this wasn't the horrible problem that it could have been. Yes, it did take me eight hours to reconstruct all the data on my laptop, but I was sleeping for most of that time. It was the laptop that was doing the work, slowly copying the data from one of my backups back to the laptop.

Periodically wiping out your laptop has another advantage, of course: it lets you pinpoint the problems in your backup system.

Frankly, I always treat my laptop as if it is on borrowed time. Between drops, theft, and buggy software, data that's on a laptop is always living on borrowed time. If you aren't constantly backing up your laptop whenever you have an Internet connection, you're making a mistake.

For the past two years or so I've been subscribing to a daily comics e-mail from uclick.com. The service gives me a choice of comics from more than 100 strips and editorial cartoons, and it's just $11.95 a year. Although it's true that I can get the comics for free on the Web, it's worth $11.95 a year for me to get the comics directly by e-mail.

I got into the comics in college--we had a communal copy of the Boston Globe in our dorm, and every morning I would read through all the comics on the page. When my wife and I got married, the morning comics became an important part of our daily routine.

But in the late 1990s, the Globe's comics page went through a series of redesigns. First the paper shrank all the comics so that more could fit on one page. Then they shrank the page, presumably to save money. Eventually my wife and I realized that we weren't getting a lot of pleasure from the page anymore, and we decided to let our subscription to the Globe lapse--after all, we could get the news online.

There's been a real explosion in Web comics in recent years. Uclick has more than 100 features and editorial cartoons drawn from national syndication. But there are literally thousands of comics that are distributed solely on the Web--the pictorial equivalent of blogging.

Unfortunately, this new comics system is far from perfect. For starters, the comics don't look as good on my computer screen as they did in print--they aren't presented at a very high resolution. The screen just isn't as good a medium for distribution as paper is. Perhaps the new iPhone will fix this, with its 200-dots-per-inch screen, but I'm not holding my breath.

A bigger disappointment is that getting the comics on a Web page has changed reading comics from a communal activity done with my wife and family around the breakfast table to a solitary activity that I do in front of the computer screen. Some days I will actually walk away from breakfast to "check my mail"--and read the comics.

Yet another problem is selection: there's too much, and it's not edited. Back when I was reading the comics page, I got a selection of the comics I liked and some others I didn't care about. But every now and then one of the ones that I didn't care about would catch my eye, and sooner or later I would get hooked. Today, I get the comics that I care about by e-mail, and I ignore the rest. If I ever decide to go looking for something new, I'm quickly overwhelmed by the selection.

Back when I was a graduate student at the MIT Media Lab, we used to theorize about the "newspaper of the future" and the problems that it might have. One of the ideas floated for the comics was that people would have high-resolution color printers in their homes, and the daily comics would be printed every day. Well, I've got the printer, the computer, and the information, but I don't have the software to make this all work. Perhaps more important, I don't have some intelligent agent that's automatically building a selection of comics for me that's both interesting and relevant and that keeps me open to new possibilities.