Christopher Bird and Christopher Drost are Torontoist's staffers accredited for the G20. They will be reporting on the inside for the duration of the summit; Torontoist's complete G20 coverage, including reporting from the streets, is here.

The protest march started at about 1 p.m., and peaceably enough. A massive assembly walked slowly down University Avenue, chanting all the standard chants—one of the more popular was "Hey hey! Ho ho! Stephen Harper's got to go!"

Everybody you could possibly expect to show up was there: major labor unions like the United Steelworkers and Canadian Auto Workers, Greenpeace and Amnesty International, Tibetans marching to free Tibet, Sikhs marching to condemn India, homeless people marching to not be homeless. From balaclavaed anarchists to families with children, everyone was marching hand in hand and singing.

The march bottlenecked as it passed the American consulate because the consulate was ringed with bike cops and a riot squad. This was the first time today we'd seen cops en masse, and unlike yesterday, they weren't in a good mood; this time they were tight-lipped and white-faced. It's worth remembering many of these guys are cops in smaller Ontario jurisdictions, and even the Toronto officers have never dealt with anything on this scale. The cops looked scared, although whether it was fear of the protesters themselves or fear of what might happen if the protesters charged them is anybody's guess.

As the march curved past Queen Street, we got our first true idiot sighting of the day: a dude perched on the head of the statue in front of the war monument in the centre of University Avenue. Sometimes he would try balancing on one foot; other times he grappled the statue's outstretched arm like an orangutan. We watched him for about ten minutes, wondering if he was going to fall twenty feet to the ground and break his fool head open, but luckily he wasn't so smashed as to lose balance.

Spending that time staring at him, we'd fallen to the back of the parade. We hurried forward to catch up, just in time to see protesters shouting at Canadian Federation of Labour march organizers. The march organizers were lined up in front of one of the police blockades that lined every exit south off the route, calmly saying "move along, it's a march," and "got to get to the rally at the end." A protester wearing a bathsheet with slogans on it around his neck—much like when you were little and played Superman by tying a towel around your shoulders—started yelling at them. He screamed "YOU ARE TAKING AWAY OUR DEMOCRATIC RIGHT TO PROTEST!" apparently unaware of the fact that he was doing exactly what he said they weren't letting him do. (It's entirely possible that he thought the CFL organizers were cops; it would explain the chant of "SHAME! SHAME!" that he started after yelling a few complaints.)

(An aside: there are two types of people—those who can get chants started, and those who can't. There's some sort of divide, possibly genetic. Maybe it's something to do with pheromones. Regardless, again and again over the day we saw people trying to start chants and failing, and then thirty seconds later somebody else would start the same chant and everybody would jump right in.)

In the exterior lobby of the Queen and John Starbucks, a group of protesters formed a human shield covering one of their own, who was apparently getting bandaged up after being struck in the head by cops (according to the group). The protesters got loud when an Italian reporter tried to take shots of the man, demanding their privacy. "You don't have a legal right to privacy," I pointed out, and the protesters rightly responded that "this isn't about legal rights, it's about being a human being." And you know, that's totally fair. What I should have said: "If you complain about being made the centre of attention when you've come out expressly to attract attention, you're an idiot."

At that point, we saw a plume of white smoke at Queen and Spadina. As we ran towards it we realized that we weren't choking on our own vomit, and so we walked over to some unmasked cops and asked them, "Hey, have you guys deployed tear gas?" To which one replied: "Fuck, I hope not." Eventually, some other protesters walking past us on the way back said that the plume of smoke was a flare "that some Black Bloc assholes set off."

That was the moment the whole idea of peaceful protest went to hell, as a wave of bandana-garbed agitators—at first only a couple hundred, but soon at least a thousand—broke out into a dead run, exiting the rear of the parade and streaming back along Queen. Literally seconds later, we were standing about fifteen feet from five or six of them beating the shit out of a cop car with clubs and bats and bricks, smashing every window on the vehicle, and finally a-monstering down Queen, smashing certain store windows as they went: Nike, Starbucks, various banks, and for some reason, 180 Queen (which isn't a business, but whatever, it had windows).

(The BMV Express near Queen and John wasn't attacked, possibly because, during the riot, it was open for business. "How's business?" I asked. "Better than during the MMVAs," an employee replied.)

The next hour or so consisted of following the idiot brigade around downtown Toronto, which wasn't easy because they ran with purpose, up Peter into the Chinatown back streets, then rushing out again and running down Queen. We saw, among other things, a pair of CBC vans at University with their windows smashed in—which, if anything, is evidence of how willing to lash out at just anybody the Black-Bloccers are. The standard critique of the CBC is that they're "too liberal," after all. But we had lost the mob as we spoke with the flabbergasted CBC journos (who really couldn't manage much more than "What the fuck? Seriously, what the fuck?"), and stood for a while at University and Queen as protesters approached one of the police lines.

This first approach was fairly tentative—largely nonviolent protesters dipping their toes into the water. Initially, the protesters were outnumbered by the cops, but then as more and more of them converged, they eventually outnumbered the police and started drawing closer and closer to the line: taking pictures, chanting, singing, screaming invective.

Then we heard that a cop car was on fire at King and Bay, which made no sense—weren't the police blockades preventing movement that far south? But it had happened. (Police Chief Bill Blair, in his press conference later that evening, would explain this by saying the cops didn't really know exactly how the protesters managed it.) We headed down to Adelaide and walked over to Bay, where a line of riot squad cops now blocked further southern access. At this point, most of the protesters remaining weren't the labour unions and NGOs that had bulked out the beginning of the day; now the crowd consisted mostly of hardcores, gawkers, and journalists.

The story of the protester/cop interaction in that segment of the city—between Yonge and Bay, Adelaide and King—is pretty analogous to when you were a kid and your mom told your little brother to stop touching you because your little brother was annoying you, and what did your little brother do? He got right in your face and waved his hands at you, and started yelling, "I'm not touching you! I'm not touching you!" over and over again. Think of that, except instead of your little brother, it's thousands of protesters, and instead of you, it's hundreds of cops. This sort of behaviour can't rightly be called "protest," because they're not talking about any issue or cause unless you think "WHOSE STREETS? OUR STREETS!" is some sort of elevated rhetoric. Call it what it is: baiting.

On the southern streets, at least, the cops did not bite, time and again. Protesters would get agitated when riot cops would drum their batons against their shields, but each time they did so, it was only to signal that a riot squad line was changing position—and most times when the police lines were changing position, it was to fall back. When we left, the police had formed a sort of weird line which guarded the entire intersection on three axes.

We left because we heard things were heating up at Queen's Park. We headed up along University and ran into another police line. The cops here had encircled a large group of protesters and were gradually whittling down their number by rushing forward and seizing a few at a time. Blair would later explain that police had video footage of Black Bloc–style protesters changing into different street clothes that made them look less like ninjas gone wild, and that the cops were targeting those protesters that they knew had committed violent acts. This isn't entirely implausible given the number of security cameras that police ostensibly can access, but it seems fairly unlikely that the cops could pinpoint with such accuracy which of the wannabe ninjas were those who had committed violent acts or vandalism. There's a reason they all wear masks and similar clothes, after all—it's so they can stand up for their beliefs by breaking shit and then running and hiding among actual innocent people.

That having been said, the protesters weren't willing to give up those the cops wanted, for obvious and perfectly understandable reasons. At this point, mutual distrust meant that things could only go badly, which is more or less what happened. We missed seeing a woman who was interacting with the police line nearly get trampled by a mounted officer (which we have to assume was a basic fuck-up rather than an actual attempt to murder a civilian with a horse, because in situations like this, fuck-up rather than malice is the real cause nine times out of ten). But we did see protesters, hands ziptied behind their backs, being hauled off by plainclothes officers. One of the first got punched in the head by a cop, which started a round of "police brutality" chants from the crowd watching on the other side. This of course meant that every time an arrested protester struggled, the "police brutality" chant went up again, regardless of whether there actually was any. (Usually there wasn't, beyond the usual struggling of a suspect who didn't want to be arrested, although there was definitely some pulling of hair at times when they were trying to get a hold on somebody. Whether you consider that brutality is up to you; I go back and forth, depending on the pull.)

Making our way around to the north end of the protest, a sort of drunken guy was having a yelling match with protesters in front of the line. "My dad is a cop! You gonna wish death upon my family? You fuckin' pussies, you chant and that's all you do, if you had any balls you'd do something!" Protesters yelled at him that he was an undercover cop, which is certainly possible. He reeked of beer, though it's possible that an undercover cop could just splash it on his shirt or hair.

Incidentally, this is one of the lesser reasons agents provacateurs were such a bad idea for Canadian governments to ever use in the first place (beyond the obvious ethical and legal considerations, and the fact that it was undemocratic and stupid): they've essentially given protesters carte blanche to ignore any contrary voice. "He's just a cop" was something we heard at least a dozen times over the day, even in response to mild disagreements with protester rhetoric. Way to aid the epistemological closure of an already-fringe political movement, RCMP.

The day was getting long for us, so we decided to peel back and start filing work. On our way out, we saw that Remington's had been attacked by protesters, which demands that we ask: since when do protesters hate gay strip clubs? On Queen Street West and at Queen's Park, more shit would soon go down, but at a certain point, it all starts to blend together. The protesters are mad about everything and the cops have given up on restraint. One cop, late in the day—a British ex-pat who used to be regular army in Northern Ireland and who you can tell is the sort of guy who just can't stand to leave that line of work—told us emphatically that "they should've just cracked down right at the beginning, so the little bastards would know we're not going to let them get away with this sort of thing," and his sentiment was clearly shared by many of his fellows.

In the late evening, after hours of going through Drost's photos and my notes, we headed out again, this time to the detention centre near Filmport where we'd been the previous day. We missed the action, arriving there only to see protesters cuffed with zipties and sitting quietly on the sidewalk, surrounded by riot squad cops processing them for arrest. One protester spoke to media, claiming that the cops had made a deal with them to have them leave peacefully and then gone back on their word and arrested them anyway. The cops we spoke to all said the same thing: no, we made a deal with them to leave and they started to leave and then they just stopped, why didn't they leave? (Speaking with locals didn't really tell us which side was truthful because the locals weren't sure exactly what had gone down; however, when I asked about the mounted cops the G20Mobilize Twitter feed claimed had been on the scene, the locals all emphatically agreed that no horse cops had been around for the drama, so keep that in mind.)

But the important discovery of the night was that the cops are, by now, at their wit's end. "We just keep standing back and standing back and letting them do their thing." "Anyone tells you it's all peaceful, they're full of crap. I was on the line and they're pushing, pushing, shoving, and that's nothing, but you shove back and you're the bad guy now." "We get protesters asking us to fucking come running when they're scared of other protesters and then they turn around and scream at us for not doing the job right." "They complain about a couple hundred arrests, but that's like one in ten of the people who were being violent." Bitching like this isn't anything new for cops—"We're under-appreciated" might as well be the Universal Cop Motto—but they're all tired and angry, and when you've got thousands of angry protesters and hundreds of angry cops?

It's not going to be a pleasant weekend.

Photos by Christopher Drost/Torontoist.

All new MasterCards in Canada, as well as Visa cards from two of the big banks, supply cardholder info over radio waves.

Most newly issued credit cards pose major fraud and privacy concerns because of how they're designed to be scanned through the air, some cyber-security experts warn.

"Contactless" MasterCards and Visa cards have been available in Canada for several years, but they've only recently reached the bulk of consumers as the country's biggest banks adopt them.

The credit cards have an embedded computer chip called a radio frequency identification, or RFID, tag. When waved near a payment terminal in a store, the chip supplies the card's number and expiry date through radio waves, avoiding the need to swipe or insert the card or have a cashier handle it.

'It's not encrypted, which is not what we were expecting.'—IT security expert Pablos Holman

And that's the first problem, U.S. cyber-security expert Pablos Holman says.

Anyone can buy an RFID credit card reader online, where second-hand units sometimes sell for under $10, and start scanning cards in public — without cardholders knowing.

"It's not encrypted, which is not what we were expecting," said Holman, who has gone on U.S. TV newscasts to demonstrate the security gap. "It's really easy to read. … Now you can get a generic RFID reader and use open-source programs available on the web and read cards."

RFID credit cards surfaced in Canada since 2006, when MasterCard started aggressively pushing its PayPass cards. Today, about 90 per cent of MasterCards in the country are RFID-enabled and the company aims for 100 per cent by the end of the year, said Scott Lapstra, vice-president of market development for MasterCard Canada.

Visa has been slower to market such "proximity cards" under its own brand, payWave.

Royal Bank decided only this year to make all its Visas payWave-enabled and all newly issued TD Visa cards have the feature. But most Visa cards in Canada, including those from CIBC and Scotiabank, don't have RFID.

Both credit-card companies limit contactless purchases to $50 each and have pushed to have reader terminals installed mainly in high-volume, low-price businesses like big-chain coffee shops, fast-food outlets, gas stations and grocery stores.

The benefit for customers, the card companies say, is faster, more convenient shopping and less fumbling for cash. Merchants, on the other hand, can cut down on lineups and boost their average sale value.

"A person who uses PayPass spends about 25 per cent more on their card on a monthly basis," MasterCard's Lapstra said. "We launched this product to … have our cards be used more."

Fraud risk

Lapstra and other financial executives insist the system is safe.

The PayPass website vaunts the card's "secure encryption technology" and says the card "never leaves your hand to make a payment," making it difficult for someone to copy it clandestinely. Visa's site boasts it's "one of the most secure payment solutions available today," while TD Canada Trust promises "payment details are securely transmitted."

"It's encrypted information that is specific to that one transaction. It is not your card number, it is not your PIN and it certainly is not going out into the open," said Anne Koski, head of payment innovations at Royal Bank's cards division. "It's encrypted information."

Information stolen from an early-generation RFID credit card can be encoded onto a traditional magnetic-stripe card and used to make counterfeit purchases, a security expert says. (Canadian Press)

Not so, says 3ric Johanson, an IT security expert from Seattle who gave CBC News an in-person demonstration of how to hack a MasterCard from President's Choice Financial. (Johanson had his first name legally changed from Eric.)

Using his laptop, a PayPass reader and some software, Johanson, sitting in the lobby of a downtown Toronto hotel, extracted a credit card's number and expiry date, using his own reader at close range. Earlier in his trip, he had pulled off a similar feat in front of a stunned audience at a security conference, using a random audience member's RFID credit card.

"When you go to read a card, you just take a reader and say, 'Give me your card number,' and it will do that," Johanson said.

"It's still very much transmitted over the air by the RFID interface. There's no message for the card to authenticate the reader it's about to talk to — it will talk to anyone."

Shirley Matthews, head of chip platforms at Visa Canada, acknowledged that payWave credit cards do not disguise the card number and expiry date when they send that data over the air to a card reader.

"We don't typically encrypt that," Matthews said.

The MasterCards in Johanson's demonstrations were of a later model and didn't cough up their cardholders' names. But most first-generation RFID credit cards, like the ones that Holman demonstrated on TV, will do so, and many are still in circulation, raising serious privacy concerns — in addition to fraud risks.

'We are not aware of ... any evidence that PayPass cards are able to be compromised.'—Scott Lapstra, MasterCard Canada

Credit-card company and bank executives played down these concerns, saying the cards can only be scanned from close range, even requiring physical contact with a reader sometimes.

"Typically, my experience has been you actually have to touch the card to the reader," Koski said.

Lapstra added: "The cards are actually powered from the reader and they have to be within four centimetres of that reader."

But that only means you need to boost the power of the reader to scan the cards from a greater distance, according to the security experts who spoke to CBC News.

Johanson said it's possible to use an RFID "gate antenna" — two electronic readers spanning a doorway, similar to the anti-theft gates in retail stores — to scan the credit cards of people passing through.

With enough high-powered gates installed at key doorways in a city or across the country, someone could collect comprehensive information on people's movements, buying habits and social patterns.

"These days you can buy a $500 antenna to mount in doorways that can read every card that goes through it," Johanson said.

Several hacks possible

The newest generation of RFID credit cards transmit an encrypted, one-time security code alongside the card number and expiry date to authenticate each transaction, as Koski alluded to.

But Johanson said it's possible to circumvent that system by deploying what's called a replay attack: A fraudster scans the RFID card dozens of times in a public place in a matter of seconds, without the cardholder knowing, and captures the security codes that the card transmits. A cloned card is then programmed to "replay" those codes at a store's payment terminal.

The credit-card company would only catch on to the fraud when the real cardholder tried to make a subsequent payWave or PayPass purchase with a security code that had already been used by the scammer.

Several other kinds of information hacks are possible, Johanson said:

• With a first-generation RFID credit card, a fraudster can secretly scan the card's number (including a security code called CVV1) and expiry date, then program a traditional magnetic-stripe Visa or MasterCard with that information. Even without the cardholder's name, the fraudulent, cloned card could be used in many retail locations.
• Someone could scan RFID credit cards in the mail while they're being sent to cardholders. Issuing banks have typically disregarded privacy and security concerns and refused to use magnetically shielded envelopes for mailing payWave- and PayPass-enabled cards. The advantage of this hack is that a scammer would get the person's mailing address as well, a crucial piece of info for most online purchases.
• A company could use the workplace's card-access doorways to scan employees' credit cards and compile information on their finances and lifestyle. For example, any credit card number beginning with "5192" is a U.S.-dollar MasterCard from Bank of Montreal — and an employee who started coming to work with one in his pocket one day, then went on a three-week "sick leave" the next, might raise a red flag.

Visa, MasterCard and their issuing banks stress that credit-card security is a multi-layered apparatus, relying on much more than just the integrity of card information. One factor is the effort required to pull off a swindle.

"Particularly when it comes to contactless, these are small-ticket transactions," Koski said. "I mean, what are you gonna do, take $50 worth of free coffee?"

"Where we see fraud in the credit-card industry in general is areas where it's a stolen card and highly fence-able goods, so electronics and things they can turn into cash," Lapstra added.

"PayPass is focused on lower-dollar value, high throughput: fast foods and coffees and those kinds of things. … We are not aware of or have any evidence that PayPass cards are able to be compromised."

Johanson said it's only a matter of time, though, before sophisticated criminals who have proven adept at wide-scale debit-card fraud turn their attention to RFID credit cards.

"As with most things, what's probably going to happen is they're going to wait for a high degree of market adoption before it gets interesting to attackers."

RFID cards

MasterCard: Aims to have all cards in Canada enabled with its PayPass contactless system by end of year. Major issuers include Bank of Montreal, National Bank, Capital One, President's Choice Financial, Canadian Tire Financial, Citigroup.

Visa: Has 31 million cardholders in Canada but would only disclose that "several million" of those contain its payWave RFID technology. Major issuers are Royal Bank and TD. Notable non-players are CIBC and Scotiabank.

He pointed to the example of the chip and PIN system, which Visa, MasterCard and their competitors began implementing in the early 2000s. Each credit card has a microchip in it, which works with a corresponding personal identification number, or PIN, entered by the cardholder to authenticate each purchase.

As chip-and-PIN cards become the norm, researchers at Cambridge University in Britain reported in a paper last month that the system is "broken." In a demonstration on BBC News, computer scientists fooled journalists' credit cards into making purchases without the valid PIN.

Such frauds are a bane to consumers, the researchers say, because to the banks it appears as though the correct PIN was used and it wasn't theft. Several British cardholders reporting counterfeit transactions on their accounts have had their claims rejected by their bank and been stuck with the bill.

Security expert Holman said the credit-card companies had a tremendous opportunity with the rollout of RFID, chips and PINs — the sector's biggest overhaul since "magstripe" cards were implemented in the early '80s — to implement a robust, safe payment system.

"What people don't understand is the credit-card industry isn't trying to make cards secure," Holman said. "They just have a risk-management problem where they try to control the amount of fraud on their system."

Click on the tabs to read about the different ways a scammer could get RFID credit-card info, and how they could exploit the data:

Anatomy of a hack »

• Crowd sourcing
• Doorway jamming
• Wallet stealing
• Postal scanning

A fraudster enters a cramped subway car, where they can get close to people, and uses an RFID reader hidden in a shoulder bag to scan the credit cards in people's purses and pockets.

Attack of the clone

• Encode stolen info onto a magstripe card
• Only works with data pilfered from an early-generation RFID card, and only at certain merchants
• No $50 limit on transaction

Replay that again scam

• Program a fake card to play back transaction-specific authentication codes scanned from a real card
• $50 limit
• Stops working as soon as real cardholder uses their card again

Tangled web

• Use intercepted credit-card info to buy things on the internet
• Only works for sites with minimal online-purchase security, otherwise would need data like billing address

• This story is now closed to commenting.

Payments Industry News Blog

A huge agenda of global issues was crammed into four days of 'secret' meetings by a mysterious group of power brokers. But who elected them and why are we paying for them?

Weary and bramble-scratched, elated by the press coverage, and sick of riot vans and lukewarm Spanish omelette baguettes, we return from Bilderberg 2010 with the following thoughts uppermost in our tired mind:

• 'Global cooling' is on the cards

Check out the agenda for Bilderberg 2010: "Financial reform, security, cyber technology, energy, Pakistan, Afghanistan, world food problem, global cooling, social networking, medical science, EU-US relations." That list is a window into your future. Don't think for one minute that it isn't. And don't ignore it, because it isn't ignoring you.

I love how "social networking" must fry the Bilderbergian mind. On the one hand, as Zuckerberg of Facebook says, privacy is no longer a social norm so it's okay to milk the networking sites for information, social trends and dissident thinking; however, you can't stop the people from arranging a meet-up to discuss internet censorship or the rights and wrongs of "global cooling". Speaking of which, Bill Gates (Bilderberg 2010) is funding "cloud whitening" technology; trials start soon. Global dimming isn't just something that happens every time Big Brother starts. On the basis of this agenda, I think we can expect a lot of statements about cutting-edge cloud-technology trials in the next 12 months. If it works in Dubai, it can work in Britain too...

• You can't keep a good story down

If I had to pick the point when Bilderberg finally broke through into mainstream news, it would be when the BBC News Blog published a round-up of Bilderberg reports. Twelve months ago, this would have been barely conceivable. This year, Kissinger must be spitting chips.

• People love their 'leaders'

I know this sounds peculiar, or at least it does to me, but this year's Bilderbloggings have quite commonly been met with outrage at the idea that we should submit Bilderberg to greater scrutiny. You hear people talk about the delegates at Bilderberg as their "leaders", and you see the delegates mythologised as the greatest and the best – whose benign Olympian machinations should progress untroubled by the interference of public and press. "Leaders" like the CEO of Royal Dutch Shell, and the chairman of Kissinger Associates Inc.

I'm baffled to the point of punching tree trunks to witness the determination of some folk to throw themselves in front of these heads of corporations and presidents of banks and to wave their arms protectively, yelping: "Leave them alone! Let them strategise for the good of the world in peace! How could they possibly have a frank discussion with our politicians if we were privy to it? Stop this unseemly prying!" I mean, seriously. The day that Marcus Agius, chairman of Barclays, strategises for my good is the day he repays me the hundreds of pounds of bank charges he's been levying on me since my schooldays. The day that Peter Voser, CEO of Royal Dutch Shell, sits around a table with the express concern of making the world a better, more beautiful place for all of us, is the day that my arse grows teeth and eats my hat.

Do this: Look at the list of participants and ask yourself one simple question: what's their bottom line?

• I'm on a list

One afternoon, towards the end of the conference, my wife and I chanced upon some of the Bilderberg organisers out on a two-limo trip to the seafront. We recognised them from our stay at the hotel before the conference began. We went up and asked them if they could confirm the names of British delegates attending this year's meeting. In horror, they jackknifed from the promenade, back into their limos, one of them cackling weirdly and holding her handbag to her face. Another snatched a camera from the footwell, and started snapping my face as I snapped hers. You can see me give the thumbs-up in the photo. So, if I wasn't before, I'm now on Bilderberg's least wanted list. What a bore.

Maybe they'll write me nice letter, asking me to cease and desist. Or maybe ... maybe it's best I state now, for the record: I'm not a communist, a fascist, a racist or a petty thief. I didn't steal that laptop, I didn't photograph those children, I don't mutilate horses. I didn't sleep with that prostitute. I don't believe in UFOs. I don't have sketchbooks filled with drawings of the Houses of Parliament on fire. I don't hate progress. I am not possessed of vile feelings towards the Dutch, the Spanish, the Jews, the Mormons, the Welsh, or anyone on earth except Peruvian folk musicians. I'm not into S&M.; I've never paid anyone to hose me with custard, or tread on my testicles in six-inch heels. I don't spend Friday nights in a gimp suit. I'm not an adult baby. I *did* make a porn film once, but it wasn't a very good one. Too much plot.

I'm not manically depressed, delusional, bitter towards the world, a brooding failure, a collector of SS regalia, obsessed with one particular local weather reporter, or suicidal. I didn't raise my voice. The steps of the police station weren't slippy. I don't want to kill bankers or string up politicians. I don't want to overthrow the government. I wouldn't mind if there were fewer talent shows on TV, but it's nothing that's likely to spill over into bloodshed. I'm not wearing a bra. I haven't had sex with a turkey.

• People aren't angry enough

There were 130 people up the hill, chugging sangria and strategising. And down at the foot of the hill, on the other side of the riot vans, about 130 people with flags and cameras. My God, that's depressing. In a world that, by any estimation, is a hard, gruelling, unfair place to billions of humans, in which assets are being grabbed, wealth is being relentlessly centralised (the Bilderbank, Goldman Sachs, has just notched up its best ever quarter, in which George Osborne so kindly lets us choose our own "austerity measures" – in such a distressingly cocked-up world, 130 of us made it all the way to the Spanish seaside to say: "Maybe what you're strategising up there isn't working out for the best."

Perhaps there would have been more, but people have got other things on their mind: they're behind on their mortgage payments, saving up for a wedding, saving up for a divorce, saving up for a holiday that doesn't involve being detained by policemen, disenchanted by CamCleggian sameness, hotly engaged in local politics, knackered, sick, drunk, or Spelbound (in the Britain's Got Talent sense of the word). They're furious enough that Robert Green let that goal in, never mind anything else. Where's the headspace to be concerned about Bilderberg?

Bertrand Russell saw it coming. He saw a world in which "any serious criticism of the powers that be will become psychologically impossible". I'm surprised you've even got time in your day to have scrolled this far down.

• One person can make a difference

Last year, I wrote about my visit to Vouliagmeni to see what Bilderberg was all about. It wasn't a happy trip. But in my final piece I asked people to come along in 2010 and help sprinkle the "slug" of Bilderberg with the "salt" of publicity. About 10 or so people took me up on this. Of these 10, one was "Quierosaber", the brave fellow who crawled into the hills before sunrise, with leaves wrapped around his head, and took photos of the delegates (see our Spot the Delegate quiz, and our Bilderberg 2010 Power Gallery). In one of his photos appeared Gordon Campbell, the premier of British Columbia. The Canadian press started asking questions, and discovered that he'd paid for his plane ticket to Bilderberg using public money.

Sure, Campbell was on the quietly published list of attendees, but the difference between a list of names and a photo is incalculable. So there we have it: accountability, transparency, and none of it possible without people like Quierosaber packing a knapsack at 4am, wrapping laurel leaves round a borrowed camera and hiding under brambles.

• There's an awful lot of unelected 'advising' in the world

One of the participants snapped by Quierosaber is the glacial senior fellow of the Hudson Institute, Marie-Josée Kravis, (wife of Henry Kravis, head of private equity megafirm KKR). The tax-exempt Hudson Institute is a US "thinktank" which has a clearly stated aim: "We seek to guide global leaders in government and business." It's funded by good and wise people like Monsanto, DuPont, Pfizer, McDonald's, General Atomics, IBM, Proctor & Gamble, and Conrad Black (Bilderberg attendee and currently guest of Florida correctional institution).

The Hudson Institute was set up by the Rand Corporation (which had previously been set up by the Douglas Aircraft Company to advise the US military). In a nutshell, that's who Marie-Josée Kravis works for, and that's who George Osborne spent Bilderberg 2006, 2007, 2008 and 2009 listening to. In the words of Aretha Franklin: who's zoomin' who? And who the hell asked these foundations for their guidance in the first place? Stop issuing reports! Stop thinktanking! Stop presenting "well-timed recommendations to leaders in government". Mind your own unelected business for a change. And pay some tax while you're about it.

• There's still no answer to the big question

I'd like to quote the prime minister, David Cameron (Bilderberg, 2008): "Greater transparency is at the heart of our shared commitment to enable the public to hold politicians and public bodies to account … It's your money, your government, you should know what's going on. So we're going to rip off that cloak of secrecy and extend transparency as far and as wide as possible."

In the spirit of secret cloaks being ripped away, it seems reasonable to ask: does the secretive "private meeting" of Bilderberg, which takes "one-third" of its participants "from government and politics", have any effect at all on our domestic and international policies? Does this fantastically media-shy group that has our brand new lord chancellor, Kenneth Clarke QC MP, on its inner steering committee, does this four-day conference, with its agenda and its lanyards and its side-meeting seminar rooms, does it serve to influence the way our country is run? Or is that a bit like asking: Does Amy Winehouse like a drink?

Explicitly top of Bilderberg's agenda this year is "financial reform". Present at this year's conference: Paul Volcker, chairman of Obama's economic recovery advisory board. Just after Bilderberg, Obama warns of massive layoffs of teachers, police and firefighters. Also present was Portugal's finance minster, Fernando Teixeira dos Santos. Portugal has just voted through an emergency package of tax hikes and public spending cuts. Was any of this discussed in the financial reform sessions? If not, what was discussed?

If Bilderberg doesn't influence public policy, then why is it four days long, and why does it spend €10m protecting the sanctity of its discussions? Why hold it at all? What a waste of busy people's time! And if it does influence public policy, then by what twisted logic is public money being spent keeping it secret? And why, in this publicly protected secrecy, should Klaus Kleinfeld (disgraced former CEO of Siemens AG) and Dieter Zetsche (the chairman of Mercedes-Benz), and James A Johnson (board member of Goldman Sachs, member of the trilateral commission, member of the Council on Foreign Relations), have the ear of our politicians?

Cameron wants us to have the answers to these questions. As he says: "It's your money, your government, you should know what's going on." So we ask: How much British public money has been used to police Bilderberg? Who's putting the request in to MI5? Who's paying for the watermelons? Does the Bilderberg Group have an accounts book? Could we see it? Could someone ask Ken Clarke for a copy? Isn't it about time the Daily Telegraph got involved? Are taxpayers paying for the riot vans? Or are corporations hiring police forces as private armies to stand guard over a private meeting?

These questions are exactly as stupid and exactly as important as asking whether Sir Peter Viggers bought his own duck house. These are questions about political process that deserve simple and straightforward answers, not the scorn of idiots for asking them.

• It takes longer to get from Sitges to Santander than you might think

I missed the ferry home. And not even by a whisker. I was a good 100km out in my estimate. There was shouting and recrimination on a rain-sodden Basque motorway. I can't believe I didn't do what the VP of Fiat did and come by private jet.

• There are only 358 shopping days till Bilderberg 2011

Maybe you think there's nothing to worry about here. Maybe you think Bilderberg isn't a public-private travesty of secrecy and lies. Maybe you see nothing odd in Tony Blair (Bilderberg 1993) lying to parliament about going. Maybe you think this is how "important stuff" gets done, how geopolitics should be conducted. Maybe you think it's okay that a representative of the Hudson Institute, which campaigns against organic food and is funded by Monsanto, should be locked in a conference centre for four days discussing the "world food problem" with Joaquín Almunia, the EU commissioner for competition.

Maybe you look at the world and think it'll all be okay tomorrow because, for you at least, it's sort of okay today. Maybe you see "social networking" and "cyber technology" on Bilderberg's agenda and you aren't concerned. Maybe you don't think Peter Mandelson's rushed-through digital economy bill had anything to do with his attendance at Bilderberg 2009.

Maybe you don't see an irony in the individual getting screwed and screwed again by the same corporations and bailed-out banks who are so forthcoming with their advice for our politicians. Maybe you don't feel like you're getting shafted. Or maybe you've just got numb. There are plenty of other things to worry about in the world. Serious things, like health and poverty and terrorism. And anyway, the people up the hill in Bilderberg will sort it out for us. They're clever people. They're experts. They just spent four days talking about "medical science" and the "world food problem". They're on it. We can relax.

Or maybe you think it would a good thing to keep the Bilderball rolling. The massively increased coverage of this year's Bilderberg didn't just "happen". People made it happen. People emailed photos to press agencies, rang up friends who worked for newspapers, gave interviews to camera crews, and a local lawyer whose wife was giving birth to twins gave pro bono advice over the phone. So here's an idea: maybe you were given a telephoto lens three Christmases ago and you've never had cause to use it. Maybe you're not sure we should start bombing Iran just yet. Maybe you're a fan of "greater transparency", and fancy taking Cameron up on his pledge "to enable the public to hold politicians and public bodies to account". Maybe you'd like to meet some of the sharp, savvy, committed, interested people I've met this last week. Maybe you'd like to be one of them.

Borrow a tent, set up a YouTube channel, start saving now for the flight. Email us on bilderberg2011@yahoo.co.uk. Let's add a zero to the end of 130. And let's put an end to the lunatic, inappropriate, expensive and undemocratic secrecy of Bilderberg.

I have been attending the American Registry for Internet Numbers (ARIN) meeting in Toronto. ARIN is one of the RIRs, i.e., the Internet address registry and policy making authority for North America. Although I have observed and participated on RIR lists for some time and interacted with RIR representatives at ICANN, WSIS and IGF, this is the first time I have been able to attend a meeting. I'm glad I did.

The ARIN meeting is very well organized. It is smaller-scale and much more focused than an ICANN or IGF meeting. The staff goes out of its way to be welcoming and friendly. Attendees are mostly network technicians of various flavors. Real Internet governance is taking place here, because organizations with real control of private and shared resources and operational capabilities are involved.

Its hard not to compare-contrast ARIN with ICANN, although ICANN can only suffer by comparison. One comes away with the conviction that the so-called bottom up policymaking which ICANN constantly claims to do is actually (more or less) seriously pursued here. The key differences are the smaller scale; the homogeneity of the participants; a more well-defined process that is grounded in a membership. Activities are focused on that area where highly technical decisions (e.g. routing policies, or minimum address block size) intersect with public (Internet-wide) policy issues such as security, privacy, and efficient utilization of scarce, shared resources.

The ARIN meeting is far more focused on policy making than its European counterpart (RIPE-NCC) - which I think is good. RIPE meetings contain a lot of parallel sessions with educational/informational content, all of which are interesting. But there is less of a sense of focused, collective decision making there—it is more like a conference. I really liked the way nearly all ARIN discussions are in plenary and decisions are actually made. Participants are provided with materials which concisely and with reasonable neutrality summarize the proposals, and the issues and concerns associated with them. Even the lunches were organized around discussion topics, where tables were set aside for discussion of particular topics. I sat at a table for discussion of Governmental involvement in RIRs, and had a great exploration of that topic with a law professor from Michigan State, people from the U.S. Drug Enforcement Agency, the U.S. Department of Homeland Security, and ARIN Council members Dave Farmer and Bill Darte.

Indeed, the basic framework of the ARIN meeting was so well done that the one act of process manipulation that occurred stood out like a sore thumb. The meeting got off to a bad start on Monday, with the FBI and Royal Canadian Mounted Police making a presentation on how badly they need Whois data. This presentation came right before consideration of a proposal that attempted to increase the confidentiality of Whois information. This proposal, #2010-3 concerning "Customer Confidentiality, had been proposed by some small, independent hosting service providers. Whereas all other proposals were considered in numerical sequence, 2010-3 was taken out of sequence and considered right after the FBI/RCMP presentation, which was inserted into the program at the last minute. So instead of being given the same opportunity to speak from the floor regarding 2010-3 as the rest of us, the FBI and the RCMP got 30 minutes of proselytizing, and it was all too obvious that these police agencies had mobilised to oppose the customer confidentiality proposal. (As an aside, the proposal was supported by AT&T, while opposition was voiced by Google and Paypal.)

Although the agenda manipulation was disturbing, the results were not that bad. The proponents learned that certain aspects of the status quo Whois policy allowed them to do pretty much what they wanted to do anyway, and its main advocate withdrew his own support for the proposal. He noted that he had been lobbied heavily by the FBI contingent the night before.

The presentation of Geoff Huston on the scalability of routing was another highlight of the meeting. I don't have the space to go into the technicalities and data of the presentation, which you can download here anyway, but the upshot was this. Huston's data about growth in the number of unique routing table entries, and in the number of Autonomous Systems (networks connected to the Internet) uncovers a counter-intuitive anomaly. Despite the regular annual growth in the number of networks connected, the number of routing table updates exchanged by BGP routers is remaining more or less constant. In other words, despite massive, long-term growth in the number of networks and routes on the Internet, the number of updates is remaining almost exactly the same - about 40,000 per year. Huston interprets this to mean that the distance or diameter of the Internet as a whole is not increasing; instead, the density of connections is increasing. From there, Huston went on to to conclude that BGP is scaling because of the RIRs' "policies and practices" that encourage aggregation. The scalability of BGP is not, he claimed a "natural" phenomenon but a product of the RIR's policies. This of course was music to the ears of the ARIN community, but the claim was quickly deflated by Chris Morrow from Google. It is actually money that drives this, he claimed. Service providers don't want latency. In order to limit latency, they organize their networks to avoid too many hops and thus constrain the diameter of the internet as a whole. In other words, the result Huston found could be more a result of "natural" market incentives than a product of wise policies imposed on the Internet by wise RIRs.

The informational discussion of RPKI here was a bit disappointing—it came near the end of the day, time was short and people were getting tired. None of the governance implications were explored or discussed adequately; indeed, if you listened only to Mark Koster's presentation you would have thought that there were no policy or governance implications at all. ARIN, like other RIRs is pursuing a very aggressive implementation schedule; inital producion is planned for the end of 2010, and Koster estimated that miraculously, a single trust anchor would emerge by the end of 2011. One participant (Joe Jaegli) did raise concerns about how much this changed the openness of the system. Danny McPherson admitted that "you are trading off autonomy for security" but the nature of this trade off was not explored. Some commenters insisted that RPKI "doesn't really change anything" because ISPs can use alternative trust anchors. But if you probe this argument it is almost exactly the same as saying that we don't need to worry about ICANN because you can always form an alternate root.

To sum up, we've had pretty open, focused and (with the one exception noted) fair discussions here. For those with the technical background to understand the Internet governance implications of RIR decisions and policies, I'd encourage participation and membership in ARIN.

Written by Milton Mueller, Professor, Syracuse University School of Information Studies

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Internet Protocol, IP Addressing, IPv6, Policy & Regulation, Regional Registries, Security, Whois