Dear Readers,

We are pleased to bring you another issue of Cipher. A few months have passed since our last issue: Melissa has come and gone, leaving behind the usual mess plus technical and moral debates about GUIDs. Fighting continues in Kosovo as of this writing, and there have been interesting associated developments on the Internet. Radio B92, the only independent broadcaster in Yugoslavia was finally shut down completely. They had been broadcasting via RealAudio on the Internet for the last few years after their transmitter was shut off by Yugoslavian officials. Meanwhile, set up a gateway to assist people in Yugoslavia to hide the destination and content of their email. NATO was struck by a denial-of-service by saturation attack on their Web site. A few weeks later, Newsweek reported that president Clinton authorized the use of computer hackers to destabilize Slobodan Milosevic by attacking his foreign bank accounts, amongst other things.

In other security and privacy news, Adi Shamir announced a new machine at EUROCRYPT that makes the factoring of 512 bit keys feasible. TWINKLE (The Weizmann INstitute Key Locating Engine) increases by a few orders of magnitude the speed at which factoring can be done. Shamir's paper on this can be found at

Finally, in legal/political news: the US Ninth Circuit Court of Appeals found current export controls on cryptography to be unconstitutional on free speech grounds, because source code can sometimes be expressive and therefore considered speech. This ruling is expected to be appealed. More recently the White House has said that recent congressional reports on Chinese spying will make unlikely any changes to US rules on crypto export. At the same time, citing espionage concerns, Germany has encouraged the use of strong crypto by German businesses and individual citizens. (The above stories were culled from,, and various personal communications.)

I have provided you this very brief summary of some recent news because, in lieu of her usual insightful ListWatch column, Mary Ellen Zurko has provided us with a insightful summary of the 1999 IEEE Security and Privacy Symposium. This year's gathering was a special 20th anniversary Symposium. In addition to the presentation of research papers, there were three panels looking at well-known and less well known accomplishments of the last twenty years, and predictions for the next twenty years. Mez has given a thorough description of all the presentations and panels. This symposium was also special because it was expected to be the last one held at the Claremont---where the "Oakland Conference" has been since its inception. However, recent developments have made it at least unclear whether we will be back at the Claremont next year or not. On the Cipher Web page, besides Mez's summary, you will find URLs for almost all of the papers presented at Oakland, and a couple of other relevant pointers as well: Where did that new proceedings cover come from? And, be sure to check out the proceedings for sale. Now available is a CD with all the papers from all of the Symposia to date.

We also have contributions from our regular writers and reviewers plus a lively summary of Computers, Freedom, and Privacy by Danielle Gallo, who is regular in that she wrote this conference up for us last year as well.

Hilarie Orman, who manages our calendar, has noticed a drop off of calendar items received. If you have a call for papers or other calendar item relevant to the Cipher audience, please send it to us at Likewise if you have any conference writeups, news items, address changes, new reports available on line, etc. please send them in.

Thanks as always to everyone who contributed.

Paul Syverson
Editor, Cipher