Saturday, August 20, 2005


In our last few days in China, we decided to avoid the Ming and the Qing and "tourist modern China". This mainly involved shopping and going out to dinner and drinks with friends. Photos are forthcoming, but meanwhile, as I recover from jet lag, I'll do some shorter posts about what we learned while there:

There are several levels of fakes in China. For example, in DVDs, the fakes are rated from 1 to 9. DVD 9 is a copy of the real DVD. DVD 1 would be something filmed with a camcorder off a movie screen, for example. But even the fakes are faked. Something will say DVD 9, but actually be of lesser quality. Same with Rolex watches. A high quality fake will have a Swiss mechanism and be a good quality watch, but not a Rolex. A low quality fake will lose an hour and half the first day you have it, and 12 hours over the rest of your trip. The band will pop off one day, and the watch will end up in the hotel waste basket.

If you are at Ya Xiu (Ya Show) Clothing Market, and the sales girl quotes you a price of 340 RMB (US$42) for a skirt and you walk away in disgust, she will rapidly drop the price and yell after you that she'll give it to you for 100 RMB (US$12.50), and when you go back and you get the skirt for 80 RMB (US$10), you will still have paid quite a bit too much.

Jennifer | 5:14 PM

Wednesday, August 17, 2005


The central figure of the Summer Palace is Empress Dowager Cixi. She lived at the palace, imprisoned the Emperor there, used China's national defense money on making the Palace nicer, dressed up as Buddha, and generally rolled in power like a pig in mud. Here's what I've gleaned about her from the signs at the palace, the audio tour and the filtered Google (the Firewall of China definitely gets in the way. I'm getting my email in fits and starts, too.)

Cixi started out as a royal concubine. The life of a concubine was not well-described, but it seems to have been a pretty desirable job for daughters of families that were close to the Emperor, or whom the Emperor wanted to keep close. From photos, I can tell you the concubines appear to have been very well fed. The Internet says that, "when the emperor would choose to sleep with her, she would be escorted to his room by eunuchs and left naked at the foot of the bed. This was done in order to insure no weapons were brought into his room." At least in Cixi's case, this seemed to be a wise precaution.

Cixi became Empress Dowager when the Emperor died and her six year old son, the only male heir, ascended to the throne. Since the son was a minor, Cixi ruled in his stead, along with the former Emperor's wife, the Empress. Then the son died and Cixi appointed her three year old nephew, Guangxu, to be Emperor. Then the Empress died. Cixi was said to have poisoned her. Cixi ruled in the nephew's stead, well past when he was of majority age. People complained, so she agreed to move to the Summer Palace and let him rule, but only if they gave her money to fix it up even nicer than it already was. The money came from China's national defense fund, and Cixi's Palace extravagancy is partially at fault for China's loss in the Sino-Japanese War.

Cixi continued to be the power behind the throne. She had spies in the Palace, including Guangxu's wife. He didn't like the wife "so they didn't have a very good relationship", but Cixi chose her because Cixi and the wife had blood ties so the wife could be trusted to spy. Cixi also forced Guangxu to come to the S.P. every couple of days to consult with her.

Eventually, Guangxu met with some reformists and decided to implement some changes, called the 100 Days of Reform, but Cixi didn't like reform. It probably threatened her way of life, which was floating around Kumming Lake on her various pleasure boats (gifts from the French), dressing up like the Buddha, and having disfavored concubines drowned in wells. So, Cixi and her loyal band of palace eunuchs organized a coup against Guangxu and imprisoned him at the Summer Palace.

Cixi bargained with her countrymen to save the dynasty in exchange for her support during the Boxer Rebellion, but later abandoned them to negotiate with Western forces.

As her dying act, she poisoned Guangxu, who died a few hours before Cixi, to ensure that she would be able to appoint 3 year old Pi Yu as emperor. Pi Yu was the Last Emperor, his father too weak to resist reformists, and was ousted in the 1911 Revolution. Later, Japan would try to reappoint PiYu as a figurehead, but to no avail. The dynasty was over.

To put this in a historical context, all of this intrigue and excess was taking place 100 years after the American Revolution. It seems like a story for a much more Bysantine age.

Jennifer | 9:59 AM


We touristed the Summer Palaces today, and took a lot of photos. I will have a lot to say in my next long blog post about the main character of the Summer Palace, Empress Dowager Cixi. An evil Catherine the Great-type, she is one of those historical figures that you either hate, or love to hate. In the meantime, here are some other pictures and a map of the Summer Palace, definitely one of the more pleasant places we've been in China so far. Those Qing rulers really had it made.

Jennifer | 2:55 AM

Tuesday, August 16, 2005


It rained today for our trip to the Great Wall (at Mutianyu) and the Ming Tombs, so we didn't take many pictures, but we look great in the ones we did take. The Great Wall is a little like the Grand Canyon. You hear a lot of talk about it, and you see pictures, but then when you actually get there, you happily find it has still retained some of its awe-inducing power. The biggest regret of the trip was that the tobaggan ride down the hill was closed due to the rain.

Jennifer | 7:54 AM

Monday, August 15, 2005


We touristed the Forbidden City today, and so there are new photos up on Flickr, heavily documenting our journey back to the 1400's. Emperors lived there until 1911. So, while democracy was flourishing in the U.S., the Chinese rulers were living in a walled city like they were living gods, schtupping concubines two at a time.

We failed to photo-document our dinner, at the swank Green T House restaurant, which is unfortunate because the food was the coolest looking of all we have eaten so far. Its been raining, thankfully, so the "air" is somewhat breathable, and its cooler, which will be good for our trip to the Great Wall tomorrow. Expect more pictures by the end of our day.

Jennifer | 8:48 AM

Sunday, August 14, 2005


Dateline: Sunday, 7PM, Beijing, China

Dear Fellow Cadres and Esteemed Ancestors:

Perhaps you are wondering why we haven't blogged since our arrival in Beijing. The explanation is multi-faceted. First, there is a foot massage place less than 100 m from the entrance to our hotel, and they have no Wi-Fi access there. Backward! Second, we are too busy eating. Third, we are too busy shopping. Lest you worried that we aren't touristing enough, we have left the sightseeing for the weekdays, under the theory that it will be "less crowded", and the shopping for the weekend, under the philosophy of "the sooner, the better."

On the topic of shopping, I have this to say: Every purchase is a new humiliation. Just when you think you've bargained the salesperson down to a nub, and you are swaggering away with your new "cashmere" sweaters, or singing Mao lighter, or painted scroll, or whatever, you see exactly the same thing at a different stall. Like a moth to a flame, or a driver rubbernecking at an accident, you can't stop yourself from asking, "How much?" And the answer comes like a hammer. "X yuan", which is always less than the price you just spent a proud 20 minutes haggling to get. Even I, schooled on the mean streets of the New Jersey malls, hardly have the stomach for shopping here. It is a full contact sport.

Despite the humiliation, the shopping has been really fun. Brad and I had some clothes made in Shanghai:

Here is the process for a qipao:

Brad goes Mao:

Off to dinner soon. For more about our trip, check out the continually updating Beijing photos on Flickr. Zaijian for now.

Jennifer | 4:02 AM

Saturday, August 13, 2005


Dateline: August 13th, 5PM Beijing, China

We've been here less than a day and already we've been heckled by people selling bugs on a stick, eating other things on a stick anyhow, visited a wax museum of Chinese historical figures, without English translation, visited Tianamen Square, taken a ride in a bicycle cab through the slums of Beijing, ordered roast duck, paid 10Y for a doo dad that the next lady on line paid 5Y for, ordered "shway" (water) and gotten a burning hot glass of boiling shway on which I burnt my hand, found it impossible to get a cab near the tourist attractions, and received a luxurious 45 minute foot massage. In short, Beijing is great. Except for the "air". More soon.

Jennifer | 2:20 AM


Dateline: China Eastern flight between Shanghai and Beijing, August 12, 2005:

First, readers should note that I am posting this from YOUR FUTURE! We are 15 hours ahead, and have already lived through your era. So to you, we offer this tip: You won�t be able to eat two orders of the xiao long bao. Just get one.

On the topic of xiao long bao (little dragon buns, aka the steamed pork dumplings they serve with vinegar instead of soy), in this installment I discuss Shanghainese food, particularly what we ate, where, and whether or not it was good. This meditation will also dovetail with the theme that the guidebook is not as wise as one would wish.

Jump ahead to review of:
Lao Tan
M on the Bund
Strange Place near Peace Hotel
Dumpling House on Maoming
1221 Shanghainese restaurant

Monday night, we had dinner with Michael and Zoe. Michael is a friend of a guy who plays on Brad�s journalist softball team, The Muckrakers. We met at a restaurant called Lao Tan which serves Guizhou food. Lu Tan is located at 42 Xing Fu Lu, 2F, a part of Shanghai far from where we were staying, at the Westin. Guizhou is a province of China even further from the Westin.

The cab dropped us at a storefront where two men were sitting on a pile of sheetrock and residents were walking home dragging 15 foot long wheelbarges stacked with chairs. I figured we were in the right place because a woman standing at the door was wearing a costume with bells, and I�d managed to glean from the Internet that the restaurant was serving food characteristic of an ethnic minority. As in the U.S., an ethnic restaurant often requires the waitstaff to be attired in some kind of costume. (Later in our trip, at the Shanghai Museum, we saw these costumes on display.)

Zoe grew up in a province near Guizhou, so she is an expert in the food, which is noted for spiciness. M advised that we just get whatever Z ordered, subject to whatever dietary limitations we might have. �Is there anything you don�t eat?� he asked. �No, really, anything?�

Fortunately, we failed to mention either snails or baby octopi, because what followed was without question the best food we had in Shanghai. Unfortunately, we were so happy I failed to photograph any of it. First we had some kind of weird root, which looked like insect legs and tasted like ginger and bamboo. The second cold dish was soba noodles in a spicy sauce. It was a lot like something you can get at the delicious Spices II in the Richmond District of San Francisco. M & Z know the owner of this restaurant, and he ferments his own wine out of a kind of Chinese �plum�. So we ordered a little carafe of that, to drink out of tiny white cups. (Tip: When a place serves an alcoholic beverage in tiny cups, there is a reason. Too bad I�m not writing this from Brad�s future.) We had pieces of fish with scallions and garlic, a dish of soft, fluffy tofu puffs atop a chili hash, smoky pork rice, baby octopus with red and green papers, and sea snail in a brown hot pepper sauce. We also had some smoky pork laden rice and some kinds of vegetables. It was unbelievably fantastic. [The place is also known for its hot pot, and we saw people enjoying a particularly red one. If you are ever in Shanghai, you should definitely go to this place. The menu has no English, but you can point at what other people are having.]

By the time dinner was over, we�d discussed Michael�s interest in Shanghai literature, and his new job as arts editor for a French magazine. Zoe, curator at a modern art museum, told us where the best galleries to see contemporary Shanghai art are located. And Brad, Brad was totally sauced. He�d had a few Qing Tao�s and a couple of shots of that plum wine, plus a couple strong Chinese cigarettes, and was over the edge. Nonetheless, he staggered with us across the street to a local bar that had beds for couches (just like S.F.) and had another drink. There, Zoe told us what Chinese people think of the Iraq war, and assured us that people in China don�t tip. Michael assured me that its okay to pay more than you might otherwise have to just because you don�t feel like bargaining. We left happy and grateful to them both.

La Tan spoiled me for Shanghai food, and I often found myself wishing for Zoe�s advice and guidance during the rest of our trap. Still, there were other culinary highlights, made sweeter by the fact that we were figuring stuff out on our own.

On Tuesday, we went for lunch to this strange place near the Peace Hotel that caters to Chinese tourists. The first thing on the menu was �dog with paste�. I wondered whether they had actual dogs back there that they were going to kill, so we didn�t order it. We did get the dumpling filled with crab roe, which you eat with a straw, and a sweet stew of eel and garlic. Tuesday night, we were supposed to go to the highly recommended 1221, but we got stuck without a cab near the Shanghai Center beautiful view of Pudong New Area from the fifth floor of the building.

The restaurant is entirely populated with Americans and other English speakers, particularly people entertaining as part of business, as you might expect. The prices are San Francisco level, and the book says that the menu is �Mediterranean-influenced� so that screens out a lot of people. But it may also be that locals know the food isn�t worth the price. For an appetizer, Brad and I shared the asparagus, which was probably about US$8. It was five or six thin spears, in anchovy butter, with a poached egg and shaved pecorino on top. It was pretty good, but you can�t go wrong with anchovy butter. The pecorino was mild and the egg added little. Then I what the menu described as �our salt roasted lamb� and Brad had the duck with scallops wrapped in bacon. Both the duck and the lamb were stringy, in the way overdone duck confit often is. The lamb had the virtue of being salty, and the duck of being fatty. That�s all I can say. Mine came with spinach, which was unremarkable, and with home fries. Brad liked his duck, which had a crispy glazed skin. His scallops however, were overdone and the bacon was chewy. About 2/3 through our meal, a party of 8, which included some unknown famous person came, and our waitress totally abandoned us to the ministrations of a nice young man who was perfectly fine, but wore a name tag emblazoned with the word �Trainee�. Not confidence inspiring.

Whatever my critique of the food, the dessert was great. We ordered the chocolate cake, which came with the only chocolate ice cream I�ve ever liked. I also got a glass of the cold orange Muscat, which I greatly enjoyed. After, we went out on the balcony to hear businessmen from Alabama flirt with whatever women were available and to watch the boats go by. The bill came to about US$100. (We each had one substantial and powerful cocktail, also, included in that price.)

On our last night we went to 1221, which was promised as a favorite of locals and expats alike. Its located down a little alleyway, behind some other stores, in a modern space that�s cleanly designed and looks really nice. The menu is in perfect English, reasonably priced, and, unlike the snooty M on the Bund, they serve affordable wine and wine by the glass. (Tip: When the nicest restaurant in town refuses to serve Chinese wine, there might be a reason. Too bad I�m not writing this from my own future.)

Though it may be snobby, my problem with 1221 is the same problem I have with Eric�s or Alice�s or Eliza�s or any of those American Chinese places we have in S.F. Its American. Where�s the snails? Where�s the pork tendon or the duck tongue? I might very well want to order something easy and mainstream, but if I�m in China, I want the option to get something out of the ordinary, or to make a mistake. I ordered a glass (and later another) of Dragon Seal white wine. We had hot and sour soup, which initially I poo poo�ed out of snobbishness but later begrudgingly admitted was good. We also ordered shredded pork with bamboo shoot. The shoots and meat were in some kind of black sauce. From the flavor, I could tell it was made with the kind of pork that is a specialty in Zhouzhuang (Wushan pork) but which we didn�t order when we were there because it looked like a red shellacked ham hock and the smell in the heat was gross. I was really glad we got that so that I would know what it was. We also ordered sweet pea with bread stick, which was like a lot of deep fried croutons with a few peas and onions. It was yummy, greasy, not a vegetable. We tried to order the Lion�s Head meatballs, but they were out. So we got the xiao long bao, which came four to an order and were salty and pretty good. Brad particularly liked how they are full of liquid when you bite into them. (The fact that they were four to an order was the precursor to today�s error of getting two orders at the dumpling place on Maoming. There, its 12 to an order.) Finally, we ordered a steamed fish

By the time we were done, I was surprisingly tired. I had wanted to go out to some bars on Maoming, but we both decided to call it a night, as we had plans to wake up early and catch the Jade Buddha Temple on our way out of town. I fell asleep/passed out on the cab ride home, then fell asleep for good 5 minutes later in the hotel room. I think that Dragon�s Seal wine poisoned me! But what doesn�t kill me only makes me stronger, and I plant to have another bout with it tonight.

Again, everyone there was white, except for two tables of Chinese, both sets American. If I were walking by a Chinese restaurant at home and saw this many white people in it, I probably would not go in. Still, I must admit the food was perfectly fine and the restaurant was nice. And they had that powerful wine!

We arrived in Beijing this evening and promptly went to the food stalls near our hotel. More on that tomorrow, and more links to photos in this section, including more hats (!!!) as I organize them.

Jennifer | 12:17 AM

Friday, August 12, 2005


Lobby of the Peninsula Palace Hotel:

The music here in China stinks! Since arriving, I have heard 4 different muzak versions of �My Way� and �All the Girls I�ve Loved Before�. Shanghai�s theme song seems to be the song from the Titanic, for some reason. Zhouzhuang�s theme song, which won second prize in the first annual town theme song competition of 2002, is called �Zhouzhuang is Good.� I think you are getting the idea. The best music we�ve heard was the soundtrack for the acrobatics show, which unfortunately, they weren�t selling. It included Rudolf the Rednosed Reindeer, and a variety of cheesed up opera songs. I think the soundtrack would have been a great souvenir of the show. It was a strange opportunity to make a little money that was missed.

Apparently, Shanghai doesn�t have a monopoly on bad music. I don�t even know what they play in the taxis, but in the hotel lobby today, a trio (piano, electric guitar and flute) played �You Say Potato� and �White Room� by Cream. Actually, maybe that�s kind of cool.

Jennifer | 12:17 PM

Thursday, August 11, 2005


Dateline: August 12, 2005, Shanghai, China

A notice inside the taxicabs here reads, "Psychos or drunkards without guardians are prohibited to take taxis." Perhaps that explains why every other vehicle on the road is trying to kill us. Shanghai streets are filled with people, bicycles, mopeds and cars, the air is brown and so is the water. Its a city where its one person's job to work in the Prada store at Plaza 66 and another person's job to sell fighting crickets in an open air market a few miles away, or deliver an unknown liquid in giant blue barrels strapped to either side of a bicycle. Here's a few other observations.

First, they don't have unsweetened iced tea in bottles. I have been desperately searching for an unsweetened iced green tea drink, but every one I order turns out to have sugar in it. Yesterday, Brad and I went to a little noodle stand for lunch. The young waitress there was practicing her English on us, and she sounded pretty good. So I asked her, ""Are you learning English in school?" "I went to your country, but its very expensive." Then she asked, "Do you like Shanghai?" "Yes, we do," I said. Then, I asked, "does this restaurant sell green tea in bottles?" "Yes," she responded. I was excited to finally ask..."Do you have a kind that is not sweet? A kind that has no sugar?" "Yes," she responded. "I have no money so I work very hard." Then she went off to take someone else's order.

Second, very building has a flourish on the top to distinguish the roof or top floors from the rest of the building. Literally, every one has something. It looks as if every building has on some kind of hat. Here are some pictures of some of the more notable hats (more coming soon, with faster Internet connection!)

Third, everything cool is next to something that's in your guide book. The best stuff we've seen has been in places we wandered into from an official site or attraction listed in the guide books. For example, yesterday morning, as the book directed, we went to Yu Garden and the touristy shops that surround it. After strolling around, beckoned in English by salespeople to purchase various tacky souvenirs, we wandered over to another market down the street. In there was everything you see in Chinatown, Hello Kitty bags of every shape and size, party favors and decorations, stationary, glitter, google eyes, needlepoint yarn, but by the 100s, stacked in stalls. The air conditioning was great, and the people (and their kids) staffing the stalls let you shop in peace.

Same with the Dong Tai Road Antique Market. This is a sweltering little area of stalls selling old coins, Mao buttons, Chinese locks and various other junky souvenier stuff. But right across the street is one of the best things we saw, the animal market. There, dogs, chipmunks, crickets (which we later learned people purchase to fight), fish and even a squirrel were for sale. I was really moved by the squirrel. I've never particularly liked them, but seeing this one in a tiny cage, doing backflips in an effort to escape touched me. I thought about purchasing him to let him go, the way my family used to do in Chinatown in New York, but I hadn't seen any other squirrels on the street, and worried that I might be damning him anyway, or creating some kind of environmental disaster. We left there with our stomachs a little turned.

More soon. Meanwhile, you can look at some of our pictures here.

Jennifer | 4:02 PM

Sunday, August 07, 2005


I received a lot of nice comments on my Mike Lynn story, for which I'm grateful, but I want to especially thank the many people concerned about my password insecurity issues who wrote with offers to help and various suggestions. I know that I of all lawyers should know better about taking security seriously and I am going to deal with this problem expeditiously. Thank you!

Jennifer | 4:10 PM

Friday, August 05, 2005


Part Four: The Final Installment, or Why I Didn't Gamble in Vegas

The story so far:

Cisco and Internet Security Systems (ISS) sued Mike Lynn and Black Hat immediately following Mike�s speech on vulnerabilities in Cisco�s widely used Internet routers. The lawyers scrambled and we were able to settle the case cheaply and expeditiously within 24 hours. We had plans to drink expensive champagne. But then, mere hours after we filed the settlement papers, FBI agents showed up on the conference floor and started asking questions.

I hurried away from my mother and our giant mai tai to the Black Hat area, where I found two men, obviously FBI agents, talking with the Black Hat lawyer. The agents told us that they were from the Las Vegas office, that they were visiting at the request of the Atlanta office (close to where both Lynn and ISS are located) and that they weren�t currently interested in talking with Mike.

One of the very next things I did was call Valentine, the Cisco/ISS lawyer. After spending hours working together, settling this case, after the bonhomie and the virtual handshakes, they'd still have a federal investigation hanging over our heads? I was really mad. Unfortunately, Valentine didn�t answer the phone. If he had, I would have learned that he didn�t know about the federal investigation. Instead, I left him a voicemail in which I definitely used the word �sleazy� more than once.

I then turned on the General Counsel for Cisco and the outside lawyer for ISS. Both calmly informed me that they hadn�t known about the federal investigation before my call. Valentine got one more call from me, apologizing for assuming he'd screwed us over.

The next step was to find out the extent of the federal interest in this matter and what they were investigating. I�m limited about what I can say on this point, as it is rarely a good idea to talk about the details of an ongoing federal investigation. I will say that there are currently no criminal charges and I�m confident that there won�t ever be, that the investigation soon will end, and that Mike will be able to go on with his life.

I can talk about the work I did and everything that unraveled next, however. This should give you some idea of what a lawyer�s job entails when she�s not in court.

The first thing I did was go back to my room and call the Las Vegas FBI office. I notified the agent in charge that I represented Mike Lynn and that he was asserting his Fifth and Sixth Amendment rights not to be questioned outside my presence. (Tip: Always assert both your right to remain silent and your right to have an attorney present.) I asked to confirm that there was no arrest warrant, and the person answering the phone said she�d leave a message for the lead agent.

I then did the same for the Atlanta office. I asserted Mike�s Constitutional rights on his behalf, and asked for confirmation that there was no arrest warrant. I also wanted to learn who the Assistant United States Attorney on the case was. Every federal investigation has a prosecutor assigned to it, even before charges are filed. The prosecutor is the person to convince of your client�s innocence, or at the very least, that your client should be allowed to self-surrender on a warrant rather than getting nabbed in front of his children or at work. (Another tip: Don�t try to convince law enforcement of your own innocence. Get a lawyer. Really.)

The agent who answered at the Atlanta office told me he�d leave a message and get back to me. It was 9PM Vegas time and midnight on the East Coast. I figured everything probably would be all right, at least until the morning, and I could go to the Microsoft party at Pure, the new nightclub in Caesar�s Palace. I left a message for Mike on his friend�s phone, since his own mobile phone had spitefully decided to die.

Pure was a little cavernous for the size of our crowd, but it looks great; a dark dance floor framed by white gauzy private tables. They didn�t have Rumplemintz, now my new favorite drink, but they did have a full bar, and I was up for a drink. I hadn�t been to any talks or chatted with anyone at the conference, so this was my first chance to talk to other attendees. And great people were at this party. I met the unindicted co-conspirator of one of my past clients as well as an old hacker friend turned spook turned respectable private citizen that I hadn�t seen in several years.

Then, my cell phone began to ring.

I want to give a little background before I chronicle the hysteria of the next three hours. First, everyone at the conference knew immediately that FBI agents had come by asking questions about Mike and the Cisco IOS presentation. The agents stuck out in the crowd because of their business suits. Though both lacked the tell-tale facial hair that often characterizes county officials, they were clearly law enforcement.

Second, the the Black Hat/Defcon crowd is filled with both conspiracy theorists and reporters, and sometimes the two types overlap. So all the hens were clucking, passing stories to each other, and distoring the information between tellings.

When my phone started to ring, it was friends of mine, friends of Mike�s, and various reporters calling. I received about five calls, all with rumors that Mike was in the process of getting arrested, in custody, that his house in Atlanta had been raided, or that agents were swarming the hotel looking for him. I tried but couldn�t reach Mike.

Worried, I gathered up my stuff and left the party, returning to my room to call the government, just as Pure was shooing all the hackers out to make room for the beautiful people of Vegas. It was 11:30 PM.

I called the Las Vegas FBI office. The agent told me he couldn�t check on arrest warrant information without Mike�s date of birth. I estimated the year, but that wasn�t good enough. I had to talk to Mike, but his cell phone was dead. Again, I left a message with friends.

Then I called the Atlanta office. The night agent was extremely helpful, but it was 3 AM there, and office was closed and the agents had all gone home. The night person gave me the name of the Atlanta agent and said she would have him call me first thing the next day. She had no other information for me.

My phone rang and it was Mike, not yet arrested after all, calling with his birthdate. Relieved, I called the Las Vegas office. But in between now and my last call, the only agent on duty had gone home. The woman answering the phone was just a clerk and said she couldn�t give me any information until the office reopened the next morning. Just because he wasn�t arrested didn�t mean he wouldn�t be, so I had to know about the arrest warrant. But this clerk wasn�t talking.

One of the things they don�t tell you in law school is how much schmoozing the job requires. They also don�t train you how to calculate whether being sweet, being annoying or being self-righteous will best help you get your way. Only experience can really teach this. I opted for a combination of all three.

I explained how worried I was, how my client was a nice young man, more then willing to turn himself over and save everyone a lot of trouble if only she could help me. Then I suggested it was their fault we were all in this situation. After all, I called just a half hour ago. No one told me that the office would close. If I had known, I would have done things differently. I need this information. If you want this guy, I have him right here, I said. I kept asking the same questions different ways. The agent became a little annoyed with me, but then promised to call the Las Vegas agent I�d met and leave him a message. �Will he call me back tonight?� I asked. �Maybe,� she said. And we hung up the phone.

Amazingly, he did call me back that night. Groggy from sleep, the agent called me from his cell phone at 12:30A. He told me there was no arrest warrant and no agents from his office looking for Mike. I was surprised and grateful for the call, and very impressed with the agent�s consideration.

So I called Mike again, and told him to come meet me at Caesar�s Palace bar. I bought him and his friend a drink, and reassured him that arrest was not imminent. Our work was done until tomorrow morning. Some shmoo friends joined us and we all headed to Tangerine at Treasure Island, where the Microsoft party crowd had gone, to try to salvage the rest of the night.

At Tangerine, there was a long line waiting to get in. My schmoozing abilities were already warmed up, so I walked up to the bouncer at the VIP door and simply asked to be let in. The bouncer agreed and I was escorted inside. I waited for Mike and his friends, but as far as I know, they didn�t make it in after me. I thought about going back to the bouncer to advocate for them, but decided against it. �I can only do so much�, I told myself. �I�m just a lawyer.�

In one of the more intelligent moves of the day, I left Tangerine at the reasonable hour of 3 AM and headed home for some sleep, confident that Mike was definitely not in jail.

My phone rang the next morning at 5 AM. It was the Atlanta FBI agent, responsibly returning my call first thing in the morning, exactly as I�d asked him to do. It had seemed like a good idea to be called at first light when I hadn�t known whether my client was in jail. We had a conversation, and I think it went well. That�s all I can tell you. A reporter�s call woke me next at 7 AM. Sleepily, I decided that I should confirm the existence of a federal investigation, but assure people that the rumors of incarceration and computer seizures were false.

I was pretty awake after that call, or at least I wasn�t about to go back to sleep, and apparently I�d received the name and number of the AUSA when the Atlanta agent called earlier, so I called him. I then called Mike to meet me so I could update him on that conversation.

On the way to talk to Mike, I got a text message from the Cisco General Counsel, returning my call from the night before, stating he had information for me and asking me to call him. I almost didn�t call, because by now I�d already talked to the government and knew what was happening. But since he was nice enough to get back to me, I dialed him on my way out the door. He informed me that, in direct violation of the court ordered settlement injunction filed just the day before, someone had failed to take Mike Lynn�s presentation off of the Black Hat web server. He told me to prepare to go back to court for a possible contempt hearing later that day.

A little frazzled, I hurried down to the Caesar�s coffee shop to meet Mike. But I�d forgot to put in my contact lenses, and didn�t realize until I got off the elevator. I couldn�t even see if Mike was waiting for me or not. It was going to be another long day.

The Black Hat lawyer scrambled to undo the damage. Mike wasn�t responsible for the Black Hat server, but this was a serious gaffe that could scuttle the whole settlement we�d worked so hard to obtain. Eventually, through an excess of diplomacy, Black Hat was able to convince the plaintiffs� lawyers that the error was inadvertent and that the settlement should go forward. Noone was having an easy week.

Meanwhile, people were still calling me with arrest rumors and tales of Atlanta search warrant executions. I was pulled out of one Defcon talk three separate times to confront rumors that Mike hadn�t made it through security at the airport. One caller told me he had received that bad news directly from Mike. But upon further questioning I learned that they had last talked an hour earlier than when I last talked with my client and everything had been fine. Everyone means well, but when dealing with something like a federal investigation that they don�t understand and don�t trust, the truth is hard to find.

Today, Mike�s responsibilities under the settlement agreement are almost complete and I expect the civil case to be dismissed very soon. As for the federal investigation, there was only so much more I could do for Mike in Las Vegas. He would return to Atlanta and I to San Francisco. An Atlanta lawyer who was familiar with the U.S. Attorney�s Office there would be in a better location to monitor the situation on the ground. When Mike returned to Atlanta he hired a great lawyer there. I�m optimistic about the outcome and looking forward to the day when Mike and I get to have that glass of champagne. Mike quit his job to give a presentation his employer didn�t want him to give. But he did so out of a sense of responsibility to Internet security. I�m proud that my employment doesn�t make me choose between the two.

The End.

Jennifer | 10:08 PM

Thursday, August 04, 2005


ISS and Cisco v. Granick�s Gambling Plans: Part Three

After chilling out during his long drive, Cisco/ISS Attorney Andrew Valentine was true to his word: his clients were willing to talk about a deal. We scrambled to make the speaker phone in the hotel connect to the conference phones in the courtroom, then told the judge that we might be able to settle the entire case. Judges love to hear that. So the Cisco/ISS team, which was about 6 people, retired to the attorney conference room in the lounge upstairs in the Federal Building, while the Black Hat lawyer, Mike Lynn and I settled into the Black Hat suite at Caesar�s Palace and we got to work.

Our basic agreement was that if Lynn and Black Hat agreed not to disseminate the presentation, the video, or the decompiled code any further and Lynn agreed not to disseminate any of the stuff he worked on while at ISS at all, then Cisco and ISS would drop the case. Everyone was cool with this. But agreeing is only the first of many steps. If you�ve ever negotiated something, you know it is painstaking work. Even when you generally agree on principle, you have to imagine everything you might want and everything you might want to avoid. Then you have to draft language that describes clearly and precisely that and no more or less. Once all the lawyers got together, everyone was able to think about other terms and conditions that might be nice to have, as well as things that might theoretically happen that should be prohibited. So there was a lot to argue about.

Its kind of a code among lawyers that what�s said in settlement negotiations doesn�t get blabbed around. When working things out for our clients, lawyers sometimes take unofficial positions to see how it sounds, or think out loud, or act more rabidly than we really feel, staking out a position from which we can come down. So I�m going to try to keep to the code but still point out a few things about the agreement process. Overall, the lawyers in the conference were relatively reasonable, under the circumstances, especially since there wasn�t a lot of inherent trust between the two sides. If you read the settlement agreement, you can reverse engineer the issues that most concerned each side. For example, ISS and Cisco insisted on stipulating between themselves that they had prepared an alternative presentation �designed to discuss Internet security, including the flaw which Lynn had identified, but without revealing Cisco code or pointers which might help enable third parties to exploit the flaw, but were informed they would not be allowed to present that presentation at the conference.� We insisted that the agreement specifically state that Lynn was not precluded from lawful discussions of Internet security using materials lawfully obtained.

Probably the most hotly debated provision was paragraph 9. We all agreed that ISS and Cisco should be able to reassure themselves that at the end of this matter, Lynn would not retain any materials to which he wasn�t entitled. We all agreed that Lynn and others had privacy rights that should be honored. But it took over an hour to work out a process that would respect both concerns.

We worked almost non-stop from 8:30A to 2:30P, running on caffeine and cold bagels. Some lawyers were great with punctuation, some with grammar. I personally spent 5 whole minutes convincing everyone to change a �which� to a �whether�. Sigh. At a certain point, you can lose sight of the forest because of all the trees. We had delays exchanging versions of the settlement documents because the Black Hat lawyer didn�t have a laptop with him and I kept getting my password sniffed and locked out of my email account whenever I would use the wireless. (Did I mention how annoying this is? Oh, well. Live by the sword, die by the sword.) But by the afternoon we had something everyone agreed upon. As we were wrapping up, one of the opposing lawyers asked me if I was happy. �Happiness is a relative term,� I responded, �and I�m relatively happy.�

That afternoon we reconvened in the United States District Court in San Francisco (the Vegas team by telephone) to file the document with the judge. The judge entered the stipulated injunction immediately, Cisco and ISS promised to dismiss the case once and for all when we complied with the terms, and Team Vegas breathed a sigh of relief and made a date to drink expensive champagne together that very evening.

My parents have retired to Las Vegas, so I went off to have dinner with my mom and sister, and do some shopping in the Forum Shops. (The Granicks are originally from New Jersey, shopping capital of the world.) It was Thursday at 6 PM and we were sitting at the Forum's Chinese restaurant (just like it used to be back in the Roman Empire), and my mother and I had just received the gigantic two person Mai Tai we'd ordered. I was pix messaging a photo of us drinking it to my father when the phone rang in my hand. A friend told me that that there were two FBI agents looking for me and asking questions about Mike�s presentation. They were wandering around the floor of the Black Hat conference, wearing suits and couldn�t be missed. He told me that the agents said they �just wanted to talk� to people. �Talk? Fuck that,� I advised. Always judicious when dealing with law enforcement, I excused myself from my family meal, and ran back to the convention center to see what was going on.

To be continued �.

Jennifer | 5:08 PM

Wednesday, August 03, 2005


Part Two:

At the point that I first talked to Andrew Valentine, I wasn�t even sure I wanted to be involved in the case, but as I read the TRO papers, I became really interested in the legal issues that the suit raised.

You�ll remember that I wrote yesterday that ISS claimed copyright in the slides Mike used on Wednesday morning. I hadn�t seen the original ISS slides, but I imagined that they looked different but had similar bullet points or words. This wasn�t very interesting to me. I would argue that the bullet points were unoriginal and not deserving of much copyright protection, or that it was fair use, or that Mike jointly retained the copyright with ISS, but none of this is particularly fun. The second copyright claim was Cisco�s in the decompiled code. Certainly Cisco has copyright in the source code, and I suppose in the binary, too, and therefore it probably has copyright in the machine code as well. But Mike only used little edited snippets of the machine code to illustrate his points about how he found the IOS vulnerability and why it existed. This was classic fair use, something important to defend, but only kind of fun, if only because it was so damn obviously permissible.

The more interesting claim was the trade secret claim. They were suing under California�s trade secret law. California has adopted the Uniform Trade Secrets Act, which is relatively broad. It prohibits the misappropriation of trade secrets.

A trade secret is information that:
(1) Derives independent economic value, actual or potential, from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use; and (2) Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.

So the first question is, �what�s the secret?� The complaint says that Lynn had Cisco source code, but he didn�t. He had the binary code. The binary isn�t secret, since Cisco sells it. Is the decompiled code secret? Is it the fact that there�s a vulnerability? Would the law allow a product flaw to be a protected trade secret? I�ve had lawyers argue it to me, but I can�t believe that any court would think that�s a good idea. Imagine if we did that with cars. The fact that it blows up if someone rear ends you is a protected secret, because people wouldn�t buy the cars if they had that information? I�m not sure there�s anything here of Cisco�s that the law would protect.

The second question is, even if there is some kind of trade secret, did Mike misappropriate it. Misappropriation means acquisition by improper means, or disclosure without consent by a person who used improper means to acquire the knowledge. The law specifically says that reverse engineering (decompiling) is proper, not improper, means.

As used in this title, unless the context requires otherwise:(a) �Improper means� includes theft, bribery, misrepresentation, breach or inducement of a breach of a duty to maintain secrecy, or espionage through electronic or other means. Reverse engineering or independent derivation alone shall not be considered improper means.

So then the question is, did Mike use reverse engineering or independent derivation alone? It seemed that Cisco was claiming that Mike�s actions were improper because he violated the End User License Agreement (EULAs), which prohibited reverse engineering. So now I was having fun. I�m totally interested in EULAs and the circumstances under which they take away public rights that are otherwise guaranteed us. Usually, a breach of contract is no big deal. But increasingly in the tech field, we�re seeing big penalties for what�s essentially a contract violation. Under the Computer Fraud and Abuse Act, if you exceed your authorization to access a computer, you�ve committed a crime. Cases have said you exceed authorization when you breach a EULA, terms of service, or employment contract. Other cases have said that EULAs can waive fair use rights and other rights guaranteed under copyright law. Lynn�s case presented the question of whether EULAs could subvert the legislature�s express desire to allow people to reverse engineer trade secrets.

I decided to get involved in the case. There were lots of ways to argue the case. I could say that the EULA wasn�t enforceable. I could say that if Lynn violated the EULA, it was only at the behest of plaintiff ISS and I could cross claim for indemnification. But my best legal argument was that violation of an End User License Agreement is not a trade secret violation. Improper means includes a breach of a duty to maintain secrecy. But the EULA did not impose a duty to maintain secrecy. It was merely a promise not to reverse engineer. A violation of that promise is a violation of contract, but not an improper means of discovering a trade secret.

There was the possibility that Mike had information that was secret as to ISS and that he had promised to keep secret under his employment agreement or NDA. But the complaint didn�t identify any ISS trade secrets and Mike hadn�t disclosed any ISS information other than whatever was in the presentation, so this was a great legal argument.

Fortunately for Mike, I never got to make it to a judge, because we were able to settle the case within 24 hours. A lot of people have asked what the basis was for the injunction that the court entered, or why the court entered an injunction, or why Mike can�t give out the slides from his presentation, and the answer to each question is the same. We agreed to an injunction to settle the case, and the reason we settled the case is because all Mike has to do is stuff he�s mostly willing to do anyway, and Cisco and ISS will dismiss the lawsuit. At the point that you get sued, or even charged with a crime, it matters less what actually happened and whether you did something wrong and more what it takes to get out of the case as unscathed as possible. It�s sad, but true, that our legal system can often be more strategy than justice.

Though I wanted to fight the case, as a good advocate, I had to explore the possibility of settling it as well. [And I definitely didn�t want to have to fly back to San Francisco for a court hearing the next morning!] Valentine, the Cisco/ISS lawyer was pretty reasonable, and able to clearly state what exactly it was that his clients wanted, at least at that time of day. I went back to Lynn and Black Hat with his proposal and could see that we were close to an agreement. I called Valentine and told him, and he sent me bullet points representing the essence of our agreement. It was 1:30 A. I emailed back some comments, but we basically had a deal. Then the Black Hat people and I double checked that the impounded official video of Lynn�s presentation was safe and sound and I went to bed.

I woke up at 5:30A because the Black Hat lawyer and I were supposed to meet at 6A to get a copy of the settlement agreement that Valentine courageously had stayed up all night writing. We were hoping to get it signed before the 8:30A court hearing that day. Now, Valentine is licensed to practice in California and his bar number is close to mine, so we were admitted about the same year, and I imagine he�s about my age, maybe a little older. At our age, staying up all night really sucks. For those of you in your 20s who are reading this, stay up all night now as much as you can before you lose the knack. By the time Valentine sent it to us, he was pretty raw, I�m sure. Not thinking, I redlined his proposal pretty heavily and sent it back to him with a breezy note. He was getting ready to leave for the court hearing, and I think my redlines might have broken his usually reasonable brain. His position basically went from, we�re close to a deal, to forget this, we have no deal and I�ve got court to go to. I was seriously disconcerted. If I was going to have a TRO hearing, I would have at least written a brief, and maybe even have showed up in San Francisco. I reminded Valentine that we�d agreed that if we were close, we�d postpone the hearing, and we were definitely close. He said he�d have to talk to his clients and he�d get back to me. So there I was, sitting with Mike on the Black Hat conference floor, unable to check my email because you hackers sniff my password and lock me out of my own account, doing Lexis searches and waiting for word of whether we�d be arguing against a TRO in 30 minutes, or knocking out a deal. Luckily, there were bagels.

To be continued�.

Jennifer | 6:10 PM

Tuesday, August 02, 2005


ISS and Cisco v. Granick�s Gambling Plans. By Jennifer Granick

What follows is my take on �Ciscogate�, the uproar over researcher Michael Lynn�s presentation at this year�s Black Hat conference, in which he revealed that he was able to remotely execute code on Cisco routers. I have been representing Mike during this crisis, so I�m clearly partisan, and what I can say is limited by attorney-client responsibilities. But while many people are speculating about the facts, there hasn�t been much on the law, which turns out to be really interesting.

I arrived in Las Vegas around 1:00 PM on Wednesday. My plane had been delayed and I was anxious to get to Caesar�s Palace and get prepared for my presentation, scheduled for 3:15P. My parents and sister also were coming to see me and I had to get approval for their day passes from the Black Hat powers-that-be. I had heard that there was a chance of some legal problems with a talk that Mike Lynn had planned to give about Cisco router vulnerability and that the night or so before the conference, Cisco sent temp workers to cut Lynn�s slides out of the presentation materials and to seize CDs containing his powerpoint presentation. But I wasn�t involved in the case yet.

When I arrived, someone pointed Lynn out to me. He was wearing a white backwards-facing baseball hat with the word �GOOD� on it and chatting animatedly with friends. I introduced myself and he told me that he�d quit his job and given the talk anyway, and that he expected to be sued. Lynn knew that Cisco had fixed the problem he found and stopped distributing the vulnerable code, but he was deeply concerned that the company did not do nearly enough to persuade its customers to upgrade promptly, or to explain to them why upgrading was necessary. Based on some web searching, he thought that Chinese hackers were working on breaking routers too, and that people needed to know. Up until very recently, Mike�s employer, ISS, had approved his talk and were happy for him to give it. But very recently, they dramatically changed their minds and forbade him from giving it. They made Mike pick another topic. By the morning of the conference, Mike decided he had to quit his job and give the talk anyway.

[In subsequent conversations with Cisco attorneys, I was assured that Cisco and ISS were working on a presentation that would reveal the flaw without revealing what Cisco and ISS felt was proprietary information or giving bad guys a road map to an exploit. I never saw this presentation and to the best of my knowledge Mike didn�t either. If this is true, I don�t know why Lynn, ISS and Cisco were communicating so poorly. Of course, I also don�t know what Cisco and ISS were worried about, since Lynn�s presentation neither revealed confidential information nor provided much assistance to would-be intruders. Cisco also told me that they offered to give the new joint ISS and Cisco talk, but that Black Hat refused. My understanding of Black Hat�s position was that speaking slot wasn�t given to Cisco and ISS but to Mike Lynn, and if he wanted to talk about something else, he could, but they weren�t going to give the slot to Cisco just because the originally scheduled talk was about their product.]

I�m generally a believer in the free flow of information. I�ve written an article on vulnerability disclosure, and generally don�t like rules that stop people from telling the truth, for whatever reason. But I understand that exploit code, while communicative, can also be used as a dangerous tool. Lynn understood this too. His presentation did not give away exploit code, or even enough information for listeners to readily create exploit code. In fact, he said, Cisco employees who had vetted the information were themselves unable to create and exploit from his information. But Mike wanted to show people that (1) he knew what he was talking about and (2) he could do what he said could be done. He included just enough information to make those points. (Following the talk, other researchers who�d seen it agreed that it would take a lot of work to get from Mike�s presentation to an exploit.)

After my talk, I caught up with Mike and discussed the possibility that Cisco or ISS would sue him. I told him to call me if he heard anything. Then my family and I went to Shintaro at the Bellagio for dinner. It was my parents� 37th anniversary.

Shintaro has three really beautiful jellyfish tanks in the front of the restaurant, behind the sushi bar. The restaurant is actually kind of large and sits on the Bellagio lagoon. We wanted a table with a window view, but the maitre d� said they were all reserved, even though we had a reservation, it was 5:45P and there were very few other people around. Noone came to sit at those tables the whole time we were there. We had sushi, which was really fresh and good, and then my sister and I shared the crispy lobster in black bean sauce. As with my father�s lamb dish, it was really good, but the sauce was a little overpowering for the delicacy of the meat. The waiter was adept at explaining the sakes, and I ordered a really good one to share with my dad, a junmai ginjo called gissen, I believe. I would definitely go back if it were not for the snootiness of not letting us have a window seat even though noone cool enough to preempt us would dream of going to dinner so ungodly early.

By the time dinner was over, Cisco and ISS had filed a lawsuit and served papers requesting a temporary restraining order on Black Hat, but not on Mike. Mike had heard about the lawsuit, though, and called me. I met him at Caesar�s Palace where a reporter gave me a copy of the moving papers. Black Hat�s PR person told me that Cisco and ISS were suing Black Hat and Lynn, and that they�d scheduled an ex parte hearing before Judge White in San Francisco for the next morning at 8:30A to ask for a temporary restraining order (TRO).

Now I had to decide whether I was interested in the case. I took the papers back to my room to read, and told Mike not to talk directly to opposing counsel. If they called him, he should tell them to call me. This is just habit that I can�t break. As a criminal defense attorney, you never let opposing counsel get anywhere near your client. Even though Mike wasn�t my client, and this wasn�t my case, and it wasn�t criminal, it was reflex to protect him at all costs from the prying questions of an opponent. Sure enough, the attorney for ISS and Cisco, Andrew Valentine (AV) called Mike, and then called me.

AV is a pretty pleasant, reasonable person for someone who�s sued someone I like very much. We started talking about the case, and I was asking what exactly he was claiming that Lynn had done wrong. It appeared to be three things. First, ISS was claiming copyright in the presentation that Mike had given on Wednesday morning (Wednesday presentation). Second, Cisco was claiming copyright in the decompiled machine code that Mike obtained from the Cisco binaries and had included in his slides. And finally, Cisco was claiming trade secret in the information Mike had obtained by decompiling and studying Cisco source code. The complaint (warning: large file) also alleged that Mike had breached his non-disclosure agreement with ISS.

I didn�t and don�t think much of the legal case, and I�ll explain why in the next installment. But every attorney knows that an opponent�s weak legal case is first and foremost an opportunity to get a good settlement. No party wants to litigate against a rich corporation if they don�t have to. It�s a different story for the lawyers, though. For me, no matter how much I care about the client, it�s a job that I enjoy. I like to litigate a case if the issues are interesting and these definitely are. But the client comes first, so I asked AV what his clients really wanted out of all of this. We parsed and narrowed, and came to a point where I thought we might be able to cut a deal. I told him I�d talk to Lynn and Black Hat and get back to him one way or another.

To be continued tomorrow�.

Jennifer | 5:28 PM

Monday, August 01, 2005


Cisco and ISS v. Michael Lynn: I'll have my version of what people are calling Ciscogate up here sometime very soon. In the meanwhile, here are some interesting articles about what I did this weekend:

First, Mike gave his talk. Then he got sued. Then I decided to represent him.
We promptly settle the lawsuit. But promptly is a term of art, it takes all night and most of the next day.
Surprisingly, the FBI investigates.
Schneier and others laud Mike for his responsible disclosure and criticise Cisco for trying to keep the problem quiet.
Hackers on Cisco.

Jennifer | 3:02 PM