John Markoff’s article in the NYT about Internet vulnerabilities and projects like Stanford’s Clean Slate has been getting a lot of attention, including a thoughtful response from David Isenberg. David’s right that a lot of the ideas in the NYT piece echo my book’s thesis. Here’s my reply to David:
Suppose that we agree on a rough (to some, controversial) value judgment: the Internet’s architectural openness (its “generativity”) — and its progression into the mainstream — has been a genuinely awesome thing, facilitating radical (and mostly good) revolutions in how we express and entertain ourselves, how we learn, how we shop, essentially in how meaning is made.
Then: is there a signal threat to it apart from the ones arising from people (and regulators) who reject or are harmed by the Net’s openness even when it’s functioning as designed? I.e., apart from those who don’t share the value judgment about openness?
I gather that some say no. David Akin and David Isenberg, and perhaps Gene S. (although he sort of seems to say “a pox on both your houses”), say that for all its vulnerabilities, the Internet manages to keep on ticking, and suggestions that there is a growing — perhaps existential — threat to its functioning arising from anti-libertarian control freaks and mercenary security vendors — those who benefit from rejecting its generative premise rather than those who want to save it.
I say yes. It’s an tough empirical question and there is plenty of room for disagreement — much of this is crystal ball gazing — but it clouds the ball further to argue that anyone who tries to describe the threat is only doing so because he or she seeks lockdown. I worry both about the problem that will, if no better alternatives are offered, drive people away from open systems, and life in the gated communities that will welcome them.
So what’s the problem? As Gene says, the issue is not only with networks that are not secure, but also the endpoints: reprogrammable machines, PCs, that provide the basis for the botnets that can wreak various forms of havoc. It’s a miracle and an absurdity that infused in homes, workplaces, and laps around the world are PCs that can be repurposed in an instant, running code from the other side of the world without the vendor of the machine or its operating system, or the network service provider, having anything to say about it. That’s how an innovation like Skype — or, for that matter, a Web browser — can come about and hit prime time. It’s also how worms and viruses spread, and it’s not just about OS bugs: many of these come in through the front door, with the user choosing to run new code without understanding what’s hidden within it. I remember Microsoft’s “first immutable law of security“:
There’s a nice analogy between running a program and eating a sandwich. If a stranger walked up to you and handed you a sandwich, would you eat it? Probably not. How about if your best friend gave you a sandwich? Maybe you would, maybe you wouldn’t — it depends on whether she made it or found it lying in the street. Apply the same critical thought to a program that you would to a sandwich, and you’ll usually be safe.”
This is well intentioned, of course — we know what the author is trying to say by it — but it’s also crazy. Millions of years of evolution have helped us intuitively discern a good sandwich from a rotten one, and we don’t continually ingest little bits of food every few minutes as we walk down the street. There’s no such help with code. That’s why for 99.9% of the people out there, the idea of merrily running any code they see is already a fiction. (Most of the .1% are people who just don’t care if their PCs melt, rather than geeks who know how to secure them.) People turn to anti-virus vendors, firewall makers, and all the other patchy tech that Gene rightly dismisses as baling wire and twine. If that’s all they’ve got, people will be ripe for persuasion that they should lock themselves down more, opting for sterile environments like the Kindle for more and more tasks, or hybrid environments like that of the iPhone or Facebook Apps: outside code can run, but only with the prospective and ongoing permission of the platform operator. These are attractive solutions — I love my iPhone — but they are worrisome in the big picture, especially as the model for them begins to predominate across all software. Already, many of the otherwise-generative machines out there are being locked down by the boxes’ actual owners: PCs in corporate environments, schools, cyber cafes, and libraries are frequently unable to run new code without bureaucratized approval. And in the developing world, much of the excitement around the adoption of mobile platforms instead of clunky PCs tends, with a few notable exceptions, to play into the walled gardens. Where demand goes, supply follows: for the next generation of geeks and tinkerers, many find these walled gardens to be an unremarkable feature of the landscape. Today’s kidz are coding for Facebook and iPhone, not for GNU/Linux or Windows.
It’s not much answer to say: “Well, *I* don’t have problems with viruses; it’s just losers who don’t know how to protect their machines. Let them have a playpen, then.” This response reminds me of the end of Atlas Shrugged, when the handful of good capitalists retreat to a golden valley and mow each others’ lawns in a new economy, while the rest of the world melts. I don’t want an Internet where only the nerds remain. (USENET was fun, but …)
So, David’s subject line sounds right to me: “Fixing the Internet might break it worse than it’s broken now.” But that doesn’t mean that we should accept the status quo. If we do, we’ll lose it — or we’ll find that we’re one of a comparative handful clinging to it as everyone else migrates away.
What are the solutions that aren’t iatrogenic? I’m less sanguine than many on this list that some sort of liability regime for buggy code is the way to go, both because I think it will in many cases lead to less generative platforms and because the problem transcends mere bugs in code. (For a more detailed treatment of this, see <http://yupnet.org/zittrain/archives/18#29>.) And “more training” for users would be great, but seems unrealistic. We need solutions that require only a critical mass of people to implement, rather than counting on lots and lots of people to suddenly become tinkerers themselves — even as they rightly should enjoy the benefits of an experimentalist culture like that of the Internet and PC. My own ideas run less in the direction of re-architecting the entire Internet, though I’m intrigued by the Clean Slate project and its siblings, like that run by David Clark at MIT. David Isenberg is right that I’ve suggested some promise in virtual machine technology that allows promising but suspect code to run in a “red” zone, but this approach also has limits and drawbacks. (Who decides what’s red and green when the users’ cluelessness is what gives rise to the need for a red zone at all?) See, e.g., <http://yupnet.org/zittrain/archives/18#6>.
Instead, I think that collecting and making available more data about the shape of the problem can help enormously. We really don’t know what’s going on out there, and the sooner we can replace speculation with reality — and not have what little we know be a trade secret! — the better. See <http://yupnet.org/zittrain/archives/18#48> for more details on how this could work:
Social problems can be met first with social solutions — aided by powerful technical tools — rather than by resorting to law. As we have seen, vandalism, copyright infringement, and lies on Wikipedia are typically solved not by declaring that vandals are breaking laws against “exceeding authorized access” to Wikipedia or by suits for infringement or defamation, but rather through a community process that, astoundingly, has impact.
The Google/Stopbadware partnership — which made news a few weeks ago for reasons unrelated to its core operations — is one experiment in this area. I’m all for the Net solving its own problems — someone does always tend to step up. (E.g., thanks, Luis von Ahn, for the CAPTCHA!) Maybe that someone is among us?
There, now, I’ve gone ahead and ended with the thought that we are the change we’ve been waiting for. Or is it Ready to Lead? …JZ