The Internet’s original design relied on few mechanisms of central control.
This lack of control has the generative benefit of allowing new services to be introduced, and new destinations to come online, without any up-front vetting or blocking by either private incumbents or public authorities. With this absence of central control comes an absence of measurement. The Internet itself cannot say how many users it has, because it does not maintain user information. There is no awareness at the network level of how much bandwidth is being used by whom. From a generative point of view this is good because it allows initially whimsical but data-intensive uses of the network to thrive (remember goldfish cams?)—and perhaps to become vital (now-routine videoconferencing through Skype, from, unsettlingly, the makers of KaZaA).
Because we cannot easily measure the network and the character of the activity on it, we cannot easily assess and deal with threats from bad code without laborious and imperfect cooperation among a limited group of security software vendors.
But limited measurement is starting to have generative drawbacks. Because we cannot easily measure the network and the character of the activity on it, we cannot easily assess and deal with threats from bad code without laborious and imperfect cooperation among a limited group of security software vendors. The future of the generative Net depends on a wider circle of users able to grasp the basics of what is going on within their machines and between their machines and the network.
What might this system look like? Roughly, it would take the form of toolkits to overcome the digital solipsism that each of our PCs experiences when it attaches to the Internet at large, unaware of the size and dimension of the network to which it connects. These toolkits would run unobtrusively on the PCs of participating users, reporting back—to a central source, or perhaps only to each other—information about the vital signs and running code of that PC, which could help other PCs determine the level of risk posed by new code.
When someone is deciding whether to run new software, the toolkit’s connections to other machines could tell the person how many other machines on the Internet are running the code, what proportion of machines belonging to self-described experts are running it, whether those experts have vouched for it, and how long the code has been in the wild.
Building on these ideas about measurement and code assessment, Harvard University’s Berkman Center and the Oxford Internet Institute—
multidisciplinary academic enterprises dedicated to charting the future of the Net and improving it—have begun a project called StopBadware (www.stopbadware.org), designed to assist rank-and-file Internet users in identifying and avoiding bad code. The idea is not to replicate the work of security vendors like Symantec and McAfee, which, for a fee, seek to bail new viruses out of our PCs faster than they pour in. Rather, these academic groups are developing a common technical and institutional framework that enables users to devote some bandwidth and processing power for better measurement of the effect of new code. A first step in the toolkit was developed as “Herdict PC.” Herdict PC was a small piece of software that assembles vital signs like number of pop-up windows or crashes per hour. [It incorporates that data into a dashboard usable by mainstream PC owners. Efforts like Herdict – including such ventures as Soluto (www.soluto.com) – will test the idea that solutions that have worked for generating content might also be applicable to the technical layer. Such a system might also illuminate Internet filtering by governments around the world, as people participate in a system where they can report when they cannot access a Web site, and such reports can be collated by geography.
A full adoption of the lessons of Wikipedia would give PC users the opportunity to have some ownership, some shared stake, in the process of evaluating code, especially because they have a stake in getting it right for their
THE NEXT DIGITAL DECADE:ESSAYS ON THE FUTURE OF THE INTERNET 105
own machines. Sharing useful data from their PCs is one step, but this may work best when the data goes to an entity committed to the public interest of solving PC security problems and willing to share that data with others. The notion of a civic institution here does not necessarily mean cumbersome governance structures and formal lines of authority so much as it means a sense of shared responsibility and participation. Think of the volunteer fire department or neighborhood watch: While not everyone is able to fight fires or is interested in watching, a critical mass of people are prepared to contribute, and such contributions are known to the community more broadly.
The success of tools drawing on group generativity depends on participation, which helps establish the legitimacy of the project both to those participating and those not. Internet users might see themselves only as consumers whose purchasing decisions add up to a market force, but, with the right tools, users can also see themselves as participants in the shaping of generative space—as netizens.
Along with netizens, hardware and software makers could also get involved.
OS makers could be asked or required to provide basic tools of transparency that empower users to understand exactly what their machines are doing. These need not be as sophisticated as Herdict. They could provide basic information on what data is going in and out of the box and to whom. Insisting on getting better information to users could be as important as providing a speedometer or fuel gauge on an automobile—even if users do not think they need one.
Internet Service Providers (ISPs) can also reasonably be asked or required to help. Thus far, ISPs have been on the sidelines regarding network security.
The justification is that the Internet was rightly designed to be a dumb network, with most of its features and complications pushed to the endpoints. The Internet’s engineers embraced the simplicity of the end-to-end principle for good reasons. It makes the network more flexible, and it puts designers in a mindset of making the system work rather than designing against every possible thing that could go wrong. Since this early architectural decision, “keep the Internet free” advocates have advanced the notion of end-to-end neutrality as an ethical ideal, one that leaves the Internet without filtering by any of its intermediaries, routing packets of information between sender and recipient without anyone looking along the way to see what they contain. Cyberlaw scholars have taken up end-to-end as a battle cry for Internet freedom, invoking it to buttress arguments about the ideological impropriety of filtering Internet traffic or favoring some types or sources of traffic over others.
End-to-end neutrality has indeed been a crucial touchstone for Internet development. But it has limits. End-to-end design preserves users’ freedom only because the users can configure their own machines however they like.
But this depends on the increasingly unreliable presumption that whoever runs
a machine at a given network endpoint can readily choose how the machine should work. Consider that in response to a network teeming with viruses and spam, network engineers recommend more bandwidth (so the transmission of
“deadweights” like viruses and spam does not slow down the much smaller proportion of legitimate mail being carried by the network) and better protection at user endpoints. But users are not well positioned to painstakingly maintain their machines against attack, and intentional inaction at the network level may be self-defeating, because consumers may demand locked-down endpoint environments that promise security and stability with minimum user upkeep.
Strict loyalty to end-to-end neutrality should give way to a new principle asking that any modifications to the Internet’s design or the behavior of ISPs be made in such a way that they will do the least harm to generative possibilities. Thus, it may be preferable in the medium-term to screen-out viruses through ISP-operated network gateways rather than through constantly updated PCs. To be sure, such network screening theoretically opens the door to undesirable filtering. But we need to balance this speculative risk against the growing threat to generativity. ISPs are in a good position to help in a way that falls short of undesirable perfect enforcement facilitated through endpoint lockdown, by providing a stopgap while we develop the kinds of community-based tools that can promote salutary endpoint screening.
Even search engines can help create a community process that has impact. In 2006, in cooperation with the Harvard and Oxford StopBadware initiative, Google began automatically identifying Web sites that had malicious code hidden in them, ready to infect browsers. Some of these sites were set up for the purpose of spreading viruses, but many more were otherwise-legitimate Web sites that had been hacked. For example, visitors to chuckroast.com can browse fleece jackets and other offerings and place and pay for orders.
However, Google found that hackers had subtly changed the chuckroast.com code: The basic functionalities were untouched, but code injected on the home page would infect many visitors’ browsers. Google tagged the problem, and appended to the Google search result: “Warning: This site may harm your computer.” Those who clicked on the results link anyway would get an additional warning from Google and the suggestion to visit StopBadware or pick another page.
The site’s traffic plummeted, and the owner (along with the thousands of others whose sites were listed) was understandably anxious to fix it. But cleaning a hacked site takes more than an amateur Web designer. Requests for specialist review inundated StopBadware researchers. Until StopBadware could check each site and verify it had been cleaned of bad code, the warning pages stayed up. Prior to the Google/StopBadware project, no one took responsibility for this kind of security. Ad hoc alerts to the hacked sites’ webmasters—and their
THE NEXT DIGITAL DECADE:ESSAYS ON THE FUTURE OF THE INTERNET 107
ISPs—garnered little reaction. The sites were fulfilling their intended purposes even as they were spreading viruses to visitors. With Google/StopBadware, Web site owners have experienced a major shift in incentives for keeping their sites clean.
The result is perhaps more powerful than a law that would have directly regulated them, and it could in turn generate a market for firms that help validate, clean, and secure Web sites. Still, the justice of Google/StopBadware and similar efforts remains rough, and market forces alone might not direct the desirable level of attention to those wrongly labeled as people or Web sites to be avoided, or properly labeled but with no place to seek help.
The touchstone for judging such efforts is whether they reflect the generative principle: Do the solutions arise from and reinforce a system of experimentation? Are the users of the system able, so far as they are interested, to find out how the resources they control—such as a PC—are participating in the environment? Done well, these interventions can encourage even casual users to have some part in directing what their machines will do, while securing those users’ machines against outsiders who have not been given permission by the users to make use of them. Automatic accessibility by outsiders—whether by vendors, malware authors, or governments—can deprive a system of its generative character as its users are limited in their own control.