• Home
  • About
  • Blog
  • News
  • Events
  • Media
  • Video
  • Glossary
  • Contact
  • Download
  • RSS

Do we need a new Internet?

February 17th, 2009  |  by jz  |  Published in Book, Future of the Internet, Generativity, news  |  2 Comments

John Markoff’s article in the NYT about Internet vulnerabilities and projects like Stanford’s Clean Slate has been getting a lot of attention, including a thoughtful response from David Isenberg.  David’s right that a lot of the ideas in the NYT piece echo my book’s thesis.  Here’s my reply to David:

Suppose that we agree on a rough (to some, controversial) value judgment: the Internet’s architectural openness (its “generativity”) — and its progression into the mainstream — has been a genuinely awesome thing, facilitating radical (and mostly good) revolutions in how we express and entertain ourselves, how we learn, how we shop, essentially in how meaning is made. 

Then: is there a signal threat to it apart from the ones arising from people (and regulators) who reject or are harmed by the Net’s openness even when it’s functioning as designed?  I.e., apart from those who don’t share the value judgment about openness?

I gather that some say no.  David Akin and David Isenberg, and perhaps Gene S. (although he sort of seems to say “a pox on both your houses”), say that for all its vulnerabilities, the Internet manages to keep on ticking, and suggestions that there is a growing — perhaps existential — threat to its functioning arising from anti-libertarian control freaks and mercenary security vendors — those who benefit from rejecting its generative premise rather than those who want to save it.

I say yes.  It’s an tough empirical question and there is plenty of room for disagreement — much of this is crystal ball gazing — but it clouds the ball further to argue that anyone who tries to describe the threat is only doing so because he or she seeks lockdown.  I worry both about the problem that will, if no better alternatives are offered, drive people away from open systems, and life in the gated communities that will welcome them.

So what’s the problem?  As Gene says, the issue is not only with networks that are not secure, but also the endpoints: reprogrammable machines, PCs, that provide the basis for the botnets that can wreak various forms of havoc.  It’s a miracle and an absurdity that infused in homes, workplaces, and laps around the world are PCs that can be repurposed in an instant, running code from the other side of the world without the vendor of the machine or its operating system, or the network service provider, having anything to say about it.  That’s how an innovation like Skype — or, for that matter, a Web browser — can come about and hit prime time.  It’s also how worms and viruses spread, and it’s not just about OS bugs: many of these come in through the front door, with the user choosing to run new code without understanding what’s hidden within it.  I remember Microsoft’s “first immutable law of security“:

There’s a nice analogy between running a program and eating a sandwich. If a stranger walked up to you and handed you a sandwich, would you eat it? Probably not. How about if your best friend gave you a sandwich? Maybe you would, maybe you wouldn’t — it depends on whether she made it or found it lying in the street. Apply the same critical thought to a program that you would to a sandwich, and you’ll usually be safe.”

This is well intentioned, of course — we know what the author is trying to say by it — but it’s also crazy.  Millions of years of evolution have helped us intuitively discern a good sandwich from a rotten one, and we don’t continually ingest little bits of food every few minutes as we walk down the street.  There’s no such help with code.  That’s why for 99.9% of the people out there, the idea of merrily running any code they see is already a fiction.  (Most of the .1% are people who just don’t care if their PCs melt, rather than geeks who know how to secure them.)  People turn to anti-virus vendors, firewall makers, and all the other patchy tech that Gene rightly dismisses as baling wire and twine.  If that’s all they’ve got, people will be ripe for persuasion that they should lock themselves down more, opting for sterile environments like the Kindle for more and more tasks, or hybrid environments like that of the iPhone or Facebook Apps: outside code can run, but only with the prospective and ongoing  permission of the platform operator.  These are attractive solutions — I love my iPhone — but they are worrisome in the big picture, especially as the model for them begins to predominate across all software.  Already, many of the otherwise-generative machines out there are being locked down by the boxes’ actual owners: PCs in corporate environments, schools, cyber cafes, and libraries are frequently unable to run new code without bureaucratized approval.  And in the developing world, much of the excitement around the adoption of mobile platforms instead of clunky PCs tends, with a few notable exceptions, to play into the walled gardens.  Where demand goes, supply follows: for the next generation of geeks and tinkerers, many find these walled gardens to be an unremarkable feature of the landscape.  Today’s kidz are coding for Facebook and iPhone, not for GNU/Linux or Windows.

It’s not much answer to say: “Well, *I* don’t have problems with viruses; it’s just losers who don’t know how to protect their machines.  Let them have a playpen, then.”  This response reminds me of the end of Atlas Shrugged, when the handful of good capitalists retreat to a golden valley and mow each others’ lawns in a new economy, while the rest of the world melts.  I don’t want an Internet where only the nerds remain.  (USENET was fun, but …)

So, David’s subject line sounds right to me: “Fixing the Internet might break it worse than it’s broken now.”  But that doesn’t mean that we should accept the status quo.  If we do, we’ll lose it — or we’ll find that we’re one of a comparative handful clinging to it as everyone else migrates away.

What are the solutions that aren’t iatrogenic?  I’m less sanguine than many on this list that some sort of liability regime for buggy code is the way to go, both because I think it will in many cases lead to less generative platforms and because the problem transcends mere bugs in code.  (For a more detailed treatment of this, see <http://yupnet.org/zittrain/archives/18#29>.) And “more training” for users would be great, but seems unrealistic.  We need solutions that require only a critical mass of people to implement, rather than counting on lots and lots of people to suddenly become tinkerers themselves — even as they rightly should enjoy the benefits of an experimentalist culture like that of the Internet and PC.  My own ideas run less in the direction of re-architecting the entire Internet, though I’m intrigued by the Clean Slate project and its siblings, like that run by David Clark at MIT.  David Isenberg is right that I’ve suggested some promise in virtual machine technology that allows promising but suspect code to run in a “red” zone, but this approach also has limits and drawbacks.  (Who decides what’s red and green when the users’ cluelessness is what gives rise to the need for a red zone at all?)  See, e.g., <http://yupnet.org/zittrain/archives/18#6>.

Instead, I think that collecting and making available more data about the shape of the problem can help enormously.  We really don’t know what’s going on out there, and the sooner we can replace speculation with reality — and not have what little we know be a trade secret! — the better.  See <http://yupnet.org/zittrain/archives/18#48> for more details on how this could work:

Social problems can be met first with social solutions — aided by powerful technical tools — rather than by resorting to law. As we have seen, vandalism, copyright infringement, and lies on Wikipedia are typically solved not by declaring that vandals are breaking laws against “exceeding authorized access” to Wikipedia or by suits for infringement or defamation, but rather through a community process that, astoundingly, has impact.

The Google/Stopbadware partnership — which made news a few weeks ago for reasons unrelated to its core operations — is one experiment in this area.  I’m all for the Net solving its own problems — someone does always tend to step up.  (E.g., thanks, Luis von Ahn, for the CAPTCHA!)  Maybe that someone is among us?

There, now, I’ve gone ahead and ended with the thought that we are the change we’ve been waiting for.  Or is it Ready to Lead? …JZ

Responses

Feed
  1. New Internet is Not Solution « Arctic Penguin says:

    February 18th, 2009 at 10:40 am (#)

    [...] (2/18): Zittrain has posted his response to the Markoff article. Possibly related posts: (automatically generated)OREO For 02 17 09Trading [...]

  2. Chris Peterson says:

    February 18th, 2009 at 11:51 am (#)

    So here’s something I’m unclear about –

    The Markoff piece seems to be talking about restructuring the architecture of the Internet. And in FOI you talk about developing identity layers, etc. But I don’t really understand how this would work in practice.

    I read all the solutions in FOI, i.e. herdict, sandboxing, ISPs, etc. But what changes would you see made to TCP/IP or the fundamental architecture of this “new” Internet? Or, if you wouldn’t have those changes made, what are people who are making that argument suggesting?

Blog

  • The Future of the Internet: Five Years Later

    • In 2008, The Future of the Internet called attention to a “sea change” in the way consumer devices interact with the Internet. “The future is not one of generative PCs attached to a generative network,” the book warns; “it is instead one of sterile appliances tethered to a network of control.” In response to the security threats posed by malicious third-party code, increasing numbers of users will likely gravitate towards gadgets “tethered” by continuous communication between product and vendor. And this proliferation of tethered computing—the “appliancization” of PCs—will deal a serious blow to the principles of generativity and free expression that drove the early Internet.

    Since the publication of The Future of the Internet, the ethos of strict appliancization has taken a new turn. In 2011, Professor Zittrain wrote an update on the book’s message: “at the time of the book’s drafting, the alternatives seemed stark: the “sterile” iPhone that ran only Apple’s software on the one hand, and the chaotic PC that ran anything ending in .exe on the other. The iPhone’s openness to outside code beginning in ’08 changed all that. It became what I call “contingently generative” — it runs outside code after approval (and then until it doesn’t).” This trend towards contingently generative models continues into the present day, and represents a shift similar in many respects to the one The Future of the Internet predicted.

    Jon Brodkin and Peter Bright’s Ars Technica op-ed on the Microsoft Metro app store offers some valuable commentary on a big development in this “sea change.” The article recognizes that “Microsoft is imitating Apple in one very bad way, by limiting the distribution of Metro applications to a Microsoft-controlled app store… by bringing Windows to tablets, Microsoft could strike a blow for openness in a market dominated by a closed system. Instead, Microsoft is bringing the same restrictions found on iPads to both Windows tablets and PCs.” As forecasted by The Future of the Internet, devices that only run approved code are gaining popularity. Metro, the curated user interface that has found its way onto Microsoft’s tablets and PCs (in the case of the PCs, alongside a fully-functional desktop mode capable of side-loading non-Windows Store applications), won’t run applications from outside the Windows Store. Moreover, the apps available through the Store are subject to a bevy of restrictions on content. With these restrictions on installable applications come the restrictions on generativity that The Future of the Internet anticipated: “lock down the device, and network censorship and control can be extraordinarily reinforced.” And, as the Ars Technica piece observes, the Windows Store’s rules would exclude critically-acclaimed content like the video game Elder Scrolls: Skyrim, simply for its PEGI 18/ESRB M rating. It isn’t hard to extrapolate, as Brodkin and Bright do, that these rules could give rise to debacles similar to Apple’s (repealed) ban of a satire app developed by a Pulitzer Prize winner.

    Though the Windows Store’s restrictions resemble Apple’s policies in many ways, there is a crucial difference: Metro-running Windows 8 products are designed as PC replacements, rather than sui generis devices like the iPad. And since Windows desktops have long been preferred gaming platforms, the theoretical exclusion of content like Skyrim from the Windows Store makes Windows 8’s emphasis on the Metro interface particularly jarring.

    With Metro, Microsoft has made a decisive move towards contingent generativity. Brodkin and Bright note that “there are security benefits to a closed app store model, particularly for less tech-savvy users who may not understand all the dangers on the Web. There are also, arguably, convenience benefits; end-users can be reasonably confident that the apps they download will work correctly and be at least marginally useful…But while these security and convenience benefits might be enough to justify the existence of a curated app store, they don’t justify the decision to make that store the only option for all users. Informed users should be allowed to install applications from wherever they want.” Brodkin and Bright prefer a system like Gatekeeper, a fixture in newer versions of Apple’s OS X, from Mountain Lion forward. Gatekeeper gives users the choice to restrict their operating system to App Store apps and outside apps that have been signed with Apple-issued Developer IDs, or open up the device to all programs, whether or not they’ve been vetted by Apple. The “Future of the Internet” Blog is fairly enthusiastic about Gatekeeper: about a year ago, a post here suggested that “the middle ground of allowing non-App Store signed code may represent the best of both worlds.” But we were quick to warn that Gatekeeper strikes a tenuous balance: “one small tweak — lose that Control-click for sideloading — and OS X could fully merge with iOS, both in functionality and in security methods.” Metro’s riff on content control could be just that sort of tweak—especially given recent speculation that Microsoft may dump desktop mode in Windows 9, leaving only Metro.

    Moreover, a contingently generative business model like the Windows Store’s carries some ethical implications that, while not damning, are certainly worth examining. Distribution systems like the Windows Store, Apple’s App Store, and the Android Market receive 30% of the sales revenue from applications sold in their stores (in the Windows Store, this cut drops to 20% after an app reaches $25,000 USD in revenue). Further restrictions on side-loading in new operating systems would drive a great deal of business towards big companies’ proprietary marketplaces—and with that traffic would come big payouts. With the uptick in store traffic that tighter gatekeeping would engender, it’s easy to imagine the equilibrium of Mac’s OS X Gatekeeper being forsaken for more restrictive, and more lucrative, operating systems. To analogize, a la The Future of the Internet: when the company that makes your computer requires you to install programs through their official store, it isn’t so different from the company that makes your toaster forcing you to buy from their bakery—and taking a cut out of every bread purchase you make.

    Even though Windows 8 PC users can still make use of a fully-functioning desktop operating system, Microsoft’s failure to include a side-loading option for the heavily-emphasized Metro interface—particularly in devices marketed as PC replacements—is a step in the wrong direction. It’s also an indication that the seas are changing in the way The Future of the Internet predicted. Given that Android’s more open approach to outside applications[1] still leaves the Android Market increasingly economically viable, Ars Technica is right to voice its disappointment in xenophobic operating systems like iOS and Metro.

    - Ben Sobel, Kendra Albert, and JZ

    [1] Though the Google Play approach to openness is far from perfect! Ad-Blocking apps were recently pulled from the Play Store, in a move that will come to illustrate just how viable it is to distribute a side-loaded Android app without any help from the Play Store.

  • Rock star RA wanted

    • I’m seeking a full-time one-year rock star research associate to engage with a variety of projects and classes, with a broad opportunity to immerse in cyberlaw and Internet topics.   Blurb below, with more information on how to apply at <http://cyber.law.harvard.edu/getinvolved/jzra>.  …JZ

    –

    Professor Jonathan Zittrain of Harvard Law School, the Harvard Kennedy School of Government, the Harvard School of Engineering and Applied Sciences, and the Berkman Center for Internet & Society, seeks a full-time research associate in Cambridge, MA for a period of one year, beginning no sooner than June 1, 2013.

    This position requires the ability to absorb large amounts of written and other media materials from various sources (including but not restricted to: original sources, scholarly articles, news articles/blogs, interviews, databases) in a short amount of time, critically analyze that material and render it forward. This could take the form of prep materials for panels, conferences and presentations; article outlines; fact checking materials; original article or paper drafts; slide decks or other digested forms. The research assistant should be prepared to help prepare materials for class sessions and syllabi, lead discussions and work with project managers to accomplish research-related goals.

    Research is often self-directed with little outside guidance beyond broad outlines and themes (though occasional targeted research assignment for a specific fact or image can be expected, and feedback is provided), so the ability to quickly critically appraise sources and identify interesting, relevant and original paths is essential. Wide-ranging interests and the ability to work on almost any issue or topic that arises is a plus, as is an ability to ramp up quickly on unfamiliar fields or topic areas. Excellent writing and editorial skills with an attention to detail are also required.

    This job is an ideal opportunity for those interested in future graduate school or law school studies, whether currently admitted or still applying to such programs.

    Over the course of the year, a motivated individual will sharpen and focus his or her research agenda and make valuable contributions (in his or her own name) to the field of cyberlaw and beyond, while being exposed to interesting thinkers in academia, industry, and government. A research associate in this position will work very closely with Professor Jonathan Zittrain and his team, assisting in a variety of research areas, e.g. ubiquitous human computing, mesh networking, and cybersecurity, as well as on topics around access to knowledge and open scholarly publishing under the auspices of the Harvard Law School Library.

    The position will not start before June 1, 2013.  As with all Berkman staff positions, this is a term position, ending June 30, 2014.

  • F-T: Don’t sue over tweets

    • I just published a short piece in the F-T in the wake of legal threats against users who tweeted or retweeted a link to a BBC report of child abuse that turned out to be wrong.  Here’s the full text –

    Those who didn’t see the false child abuse accusations against Lord Alistair McAlpine on an ill-considered BBC documentary may have instead heard about them through social media. This week, London’s Metropolitan Police suggested they might file charges against those Twitter users who sullied the reputation of the retired Conservative politician by knowingly repeating the lie that he was a child abuser. But the police may be less fearsome to the average BBC-linking tweeter than Lord McAlpine himself. Read more »

  • Taking More than Candy from a Baby

    • Update – 10/17/2012: The parties involved in the lawsuit – Speak for Yourself and SCS/PRC reached a settlement, allowing the app to remain in the Android and iOS app stores. More at the Nieder family blog.

    Original Post:

    Generativity hasn’t had a poster child — until now.

    Meet Maya, a four-year-old child who could lose her ability to speak with the elimination of an app from the iOS App Store.

    As detailed in the Nieder family’s original blog post on the subject, Maya uses Speak for Yourself (SfY), an iPad app that serves as an “augmentative and alternative communication” (AAC) device. Before finding SfY, Maya had tried multiple AAC devices, but hadn’t found one that worked for her. Read more »

  • “Unabomber manifesto tied to tech news headlines”

    • When you see the headline “Powerful ‘Flame’ cyberweapon tied to popular Angry Birds game,” does it cause you to think that there is actually some connnection between the recently discovered malware Flame and Angry Birds? That would be entirely reasonable, but wrong. Read more »

About Jonathan Zittrain

jonathan zittrain

Jonathan Zittrain is Professor of Law at Harvard Law School and co-founder of the Berkman Center for Internet and Society at Harvard Law School

RSS Tweets from Z

  • An error has occurred, which probably means the feed is down. Try again later.

Blog Archives

Creative Commons BY-NC-SA Jonathan Zittrain unless otherwise noted.
Powered by WordPress using Gridline Lite.