The Future of the ‘iPatriot Act’
July 14th, 2008 | by bballou | Published in Future of the Internet | 12 Comments
Larry Lessig’s generous review of the Future of the Internet makes an interesting point:
“Whether a single event, or a coordinated event, whether intentional, or accidental, it is simply a matter of time before a catastrophic network event happens. And when it happens — think of it as a kind of i9/11 event, but the bad guys are not Al-Qaeda — will we be prepared for the inevitable iPatriot Act response? Are we better prepared than civil libertarians were when we were hit with the USA Patriot Act? Have we even framed the right debate?”
First, will there be an ‘i9/11′, and second, will it prompt an ‘iPatriot Act’? The actual chances of a catastrophic network failure are pretty slim. But were one to occur, it would probably look a lot like the attacks on the DNS root servers in 2007. Here’s what happened:
The 13 Domain Name System (DNS) root servers record who controls the Top-Level Domains (‘.com’, ‘.edu’, ‘.uk’, and so forth) and where. This file of information is quite small, and very few computers actually have to call upon the root servers to find the sites they’re looking for. But without them, the single Internet we’re used to would fracture, and computers would have no easy, reliable way to find the IP addresses they’re looking for.
On February 6, 2007, hackers issued a Distributed Denial of Service (DDoS) attack on the root servers, sending gigabytes of useless requests every minute in order to overload the roots and prevent them from responding to genuine Internet traffic. Such an attack was made possible only by harnessing the power of hundreds or thousands of ‘zombie’ computers infected with malicious bots.
The 2007 DDoS attack failed, however. Because the malicious network traffic was relatively easy to distinguish from genuine network traffic, and because most of the DNS root servers were able to distribute the requests over hundreds of component computers, only two of the 13 servers (each themselves made of dozens of computers) were affected. And this was the most successful such attack against the network. In order to noticeably disable network traffic, hackers would have to (in theory at least) destroy all thirteen servers.
All of this is to say that a catastrophic network failure, while possible, is unlikely. But that’s not to say there won’t be an ‘iPatriot Act’. In fact, we’re already seeing its development in agencies and hearings across the country, as regulators push policies that discourage open, generative products and encourage closed, tethered ones.
Take, for example, the Department of Homeland Security’s list of ‘best practices’ for software developers. Among the suggestions:
Don’t trust users: “Developers should assume that the environment in which their system resides is insecure. Trust, whether it is in external systems, code, people, etc., should always be closely held and never loosely given.”
Secure the end-points: “Attackers are more likely to attack a weak spot in a software system than to penetrate a heavily fortified component. For example, some cryptographic algorithms can take many years to break, so attackers are not likely to attack encrypted information communicated in a network. Instead, the endpoints of communication (e.g., servers) may be much easier to attack.”
In themselves these are not bad pieces of advice. But within DHS’s broader vision of online security, they indicate that the government considers safe technologies to be tethered technologies, and vice versa.
Take as further examples any of the current IP-enforcement laws working their way through Congress. H.R. 4279 would create an IP czar at the Department of Justice; S. 522 would create an entire ‘Intellectual Property Enforcement Network’; and S. 2317 would allow the Department of Justice to sue copyright infringers in civil as well as criminal court.
What’s interesting about these bills is that more often than not, Intellectual Property protection is packaged as consumer protection. In fact, just last month the Senate held a hearing entitled “Protecting Consumers by Protecting Intellectual Property”, in which witnesses and legislators advocated for the very bills discussed above.
What all of this amounts to is that agencies and officials are pushing increasingly closed systems of code and increasingly strict Intellectual Property regulations. Both of these encourage increasingly tethered appliances. We don’t need a catastrophic network failure to have an ‘iPatriot Act’: such an act is already in the works.
July 18th, 2008 at 4:37 pm (#)
I agree with you optimism about the basic networks robustness in principle. It’s more like the highway system than a tall building.
After 9/11 I began musing that the most vulnerable targets are ones with high potential energy and/or low entropy, e.g. sky scrapers and jet fuel. The internet, after all, was conceived as a thing that could survive attacks. The giant server farms might not be a good idea…
July 19th, 2008 at 6:23 pm (#)
[...] this over-regulation has already started to take place, but it could certainly get worse. To help flesh out some of the important ideas about the future [...]
August 8th, 2008 at 12:20 am (#)
You can slap it around, spit on it, call it names, try to regulate it– it’s iNevitable. Not like a bad novel. No climax… just TIA.
August 8th, 2008 at 4:52 am (#)
[...] Future of the Internet Friday, Aug 8, 2008 [...]
August 8th, 2008 at 8:35 am (#)
There is no need to pass an iPatriot Act though the bills above do tighten down the surveillance conduits and make it easier for the government to block critical domains and enforce the DMCA. The Patriot Act, Homeland Security and DMCA all contain very onerous surveillance provisions that allow any investigator to tap into your computer via the internet IP on your machine. I am a Ph.D. working on describing data-mining and surveillance technologies. My research reveals that the deal was done in the Homeland Security Act. The pieces of legislation above just close the door for any last minute challenges.
August 8th, 2008 at 10:25 am (#)
The elite are scrambling to patch the hole that is the internet. The emergent abilities of a global network — and, more specifically, of a public with access to that network — were not foreseen. We have them at a rare and vital moment of weakness; one in which their usual and known formulas have failed.
But we must move fast.
They are very adept at maintaining power, and the time will not last. We must be diligent, and move fast while we can.
August 9th, 2008 at 11:07 am (#)
[...] Future of the Internet Friday, Aug 8, [...]
August 10th, 2008 at 8:07 am (#)
[...] The Future of the ‘iPatriot Act’http://futureoftheinternet.org/the-future-of-the-ipatriot-act [...]
August 15th, 2008 at 5:21 pm (#)
I like how they only mention (.com, .edu, and .uk). Not (.net, or .org), and H.R. 4279 would create an IP czar at the DOJ? A czar?! This is ridiculous. The totalitarianism of this reeks, and that’s the pungent smell of evil.
October 14th, 2008 at 3:20 pm (#)
[...] this over-regulation has already started to take place, but it could certainly get worse. To help flesh out some of the important ideas about the future [...]
January 8th, 2009 at 1:42 pm (#)
[...] Future of the Internet Friday, Aug 8, 2008 [...]
June 29th, 2009 at 12:12 pm (#)
[...] Zittrain. “The Future of the Internet and how to Stop it.” Last Updated July 14, 2008. http://futureoftheinternet.org/the-future-of-the-ipatriot-act (Accessed: August 10, [...]