Posts Tagged ‘publius’

The growing menace of Internet crime is really astounding. Phishing. Malware. Spam. The volume of attacks and deceptions are extraordinarily high. Estimates of the number of personal computers which are controlled by botnets range from 12-30% of connected computers; these hundreds of millions of machines are then harnessed to attack servers, mine the net for personal data or any number of other nefarious activities. No longer is hacking the pursuit of curious tinkerers or bored teens. Today an entire industry, estimated recently by Gartner to be worth $3.2 billion in 2007, has arisen to sell malicious computer activities.

Cybercrime takes advantage of both the generative nature of the net, poorly written code and user ignorance. Like all crime, cybercrime has brought about attempts to regulate the Internet, and often these regulations err on the side of caution and over-regulate, limiting beneficial activities. Rampant copyright infringement brought about the DMCA which tried to limit illegal song-swapping, but instead has been used to silence critics or sue adorable kids. And, most likely, it hasn’t done a whole lot to stop copyright infringement.

What is at risk with Internet crime is a similar course of events. In briefly reviewing Zittrain’s book, Lessig poses the question:

“Whether a single event, or a coordinated event, whether intentional, or accidental, it is simply a matter of time before a catastrophic network event happens. And when it happens — think of it as a kind of i9/11 event, but the bad guys are not Al-Qaeda — will we be prepared for the inevitable iPatriot Act response? Are we better prepared than civil libertarians were when we were hit with the USA Patriot Act? Have we even framed the right debate?”

Arguably this over-regulation has already started to take place, but it could certainly get worse. To help flesh out some of the important ideas about the future of cybercrime, the Publius Project has commissioned three essays.

Michael Barrett, head of information security at PayPal, writes that the impetus for regulation of cars and airplanes were prominent accidents. Paul Starr tells a similar story in The Creation of the Media about the beginning of radio regulation. Following the sinking of the Titanic, the Radio Act of 1912 required all radio operators to be licensed, all ships to have transmitters and allocated bands of spectrum for certain purposes. Barrett thinks that cybercrime will have the same effect that the Titanic did and be the cause of serious government regulation of the Internet. In fact, he welcomes it as an important part of the interconnecting regulation needed from government, private industry and users.

First of all, it is not clear that cybercrime will be able to have the dramatic effects that a sinking Titanic did. Many of the threats from online activity, especially identity theft, are well-known and publicized. Others are becoming more publicized, like Internet-facilitated espionage. These cybercrimes will not necessarily serve as the shock that government needs to begin regulation. But, let’s say there is an event or series of events which are powerful enough to induce government response, like Barrett welcomes and Lessig fears, is that the right response?

Cybercrime, as best we know, is not centralized. There is no capital city to bomb, leaders to sanction or even mob boss to imprison. As security expert Bruce Schneier says, even the alleged Chinese spy-hackers are not controlled by the state. So, what the cyber-police or other government regulation would be up against is a distributed network of criminals – a classic starfish – and one does not combat decentralized organizations in the same manner as centralized ones. As The Starfish and the Spider points out, to beat a decentralized foe, in this case, cybercrime, one must decentralized oneself, centralize the opponent or change the ideology. In this light, Barrett’s assertion that “it’s quite possible that a new global governance organization is needed” seems misguided. While I welcome his support of a shared responsibility between stakeholders, I am fearful that calling for government regulation may be regrettable.

Instead, the words of Internet guru David Clark seem more nuanced:

So the starting point for improving the state of Internet security must be a social dialog, not just a technical dialog, about what sort of Internet we want. The challenge to the technical community is not to build a very secure Internet—that might be more of a price than we actually want to pay. The challenge is to find clever ways to give us more security without taking away our freedom of action. And finding these better solutions will require a design process that involves both technologists and social observers, because it will take both technical imagination and social imagination to conceive of a different Internet from what we have today, more secure but still suited to our desires for open, diverse access.

This social dialog should recognize the power of defaults and architect a security-bias. Beau Brendler, in his essay, embraces this by calling for simple solutions which “nudge,” to use Sunstein and Thaler’s expression, users towards more secure computing. Provide free anti-virus software and simple-to-understand security manuals, for one.

But if these soft-power solutions are to emerge, they had better do so quickly because while mainstream media rhetoric on the issues may border on panicked, those who know best are worried, too. And if we are to save the open, generative net, it will need saving from both itself and outside regulation.

Last month, the Personal Democracy Forum brought together leading thinkers on the evolution of politics and technology. The list of speakers was really impressive and I’ve been watching the videos posted to Blip.tv. I really enjoyed Jonathan Zittrain’s discussion of “civic technologies” which he defines as those technologies which succeed as long as people are self-consciously willing to help it succeed. Non-civic technologies work pretty well regardless of people’s efforts. To JZ, radios are non-civic, but Wikipedia is civic. It, along with others like PCs and the Internet, require neighborliness to work and defend against threats that may befall them (in the form of the tragedy of the commons or short-term commercial exploitation).

The law is expensive to enforce and, as such, requires cooperation. Historically, volunteer groups used to help round-up criminals. More recently, the public has been used to “notice anything suspicious.” This nature of the law, which requires cooperation, is what makes civic disobedience so potent. When laws are unpopular enough that citizens choose to not assist in their enforcement, then the legal institutions are put under enough strain that they may break.

A civic engagement, though, can help to enforce certain ethics. Wikipedia is a civic technology because it has a core of users which defend against spam and other violations of the rules. Digg, JZ points out, does not have this civic nature and has spawned a site, Subvert and Profit, which aims to game the system.

The Internet and Wikipedia are able to succeed largely without formal governance because tacit norms of civic technology provide enough incentive to defend against violators; the users operate in a framework of empowerment and realization which motivates them to create and defend.

Much of Zittrain’s work has been an effort to understand and create civic ethics around technologies. PCs are under massive attack by adware, viruses, trojan horses and spam; StopBadware.org is a way to combat this. The the principle of free expression online is under massive attack by corporations and governments censoring the Internet; the OpenNet Initiative and the forthcoming Herdict are ways to combat this.

Although I’m not clear exactly the delineation between civic and generative technologies (they are intricately connected), it is obvious that the civic ethic is an important way to frame the debate over Internet governance.

Continuing the Publius Project this week is an essay by Ronald Deibert of the Citizen Lab at the University of Toronto. In it, he calls for the defense of the global communication environment which faces a growing number of threats from a variety of actors. His involvment with the OpenNet Initiative has made Deibert keenly aware of the role that governments play in censoring the net; from Belarus to Burma governments censor the Internet and as Pakistan’s YouTube snafu shows, these can have broad ramifications. Profit-maximizing telcos are hoping to end net neutrality and, further, he points to the military and intelligence officials taking an interest in the net and is worried by the effect. “[M]otivated by short-term security and cultural concerns, dozens of governments and corporations are carving up, colonizing, and militarizing the once seamless Internet environment.”

Deibert ends the brief essay with a call to reestablish the foundational ethics of the Internet: collaboration, openness, free expression and tinkering. His call to arms is similar to Zittrain’s support of generativity and represents an increased awareness that the halcyon days of the Internet’s youth may be entering a time of great threat from short-sighted exclusionary and competitive behavior by governments and corporations.

In that same vein is Susan Crawford’s brainchild, OneWebDay – an annual day of celebration of the Web. What Earth Day is for the environment, OneWebDay, September 22nd, is for the Web. By focusing on the principles which enable so much creativity and community, OneWebDay is an important tool in defense of the Internet.

[Previous response to the Publius Project]

[Image credit]