Posts Tagged ‘zittrain’

In Tim Wu’s new review of Jonathan Zittrain’s The Future of the Internet and How to Stop It, the Columbia Law professor spends considerable time explaining how the economics of media have historically led to a consolidation that many would see as anathema to the diverse marketplace of ideas that we want. His discussion is well worth a read, but what I thought was most important from the piece was his mention of the many threats to the generative Internet:

“But I must part company with Zittrain over his main and more somber argument: that security crises will form the driving narrative of the Internet’s future. I do not doubt that there will be never-ending security problems and reactions. But the question is not whether cybersecurity will matter, but whether it will matter most. Zittrain’s security saga does not look to me like a full account of the future. He is leaving out many of the external forces that will change the Internet. One is the power of government, which, especially overseas, has begun reshaping the network to fit its obsessions. Another is the combined forces of language and culture, which are driving a once-global Internet into something more like a series of national ones: a Japanese Internet, a Spanish Internet, and so on.

But most important, the real story may lie in the power of industry structure and the long trend toward centralized control in the media industries. Over the last decade, the Internet has become interwoven with media and communications industries collectively worth trillions, with economics all of their own. Unlike Zittrain, I think that industry dynamics, more than a demand for safe appliances, will determine the future of this strange and extraordinary medium.”

A Typology of Threats to the ‘Net

So which threat is the most disconcerting? He points to four:

1. Zittrain’s security-driven adoption of sterile devices,
2. Wu’s economic-driven centralization,
3. Zuckerman’s culture- and language-driven splintered Internet, or
4. Barlow’s government intervention

Personally, I’m inclined to think a splintered net is the most troublesome because it destroys the forum for international conversation and deliberation we wanted the Internet to become. But what macro trend concerns you?

The growing menace of Internet crime is really astounding. Phishing. Malware. Spam. The volume of attacks and deceptions are extraordinarily high. Estimates of the number of personal computers which are controlled by botnets range from 12-30% of connected computers; these hundreds of millions of machines are then harnessed to attack servers, mine the net for personal data or any number of other nefarious activities. No longer is hacking the pursuit of curious tinkerers or bored teens. Today an entire industry, estimated recently by Gartner to be worth $3.2 billion in 2007, has arisen to sell malicious computer activities.

Cybercrime takes advantage of both the generative nature of the net, poorly written code and user ignorance. Like all crime, cybercrime has brought about attempts to regulate the Internet, and often these regulations err on the side of caution and over-regulate, limiting beneficial activities. Rampant copyright infringement brought about the DMCA which tried to limit illegal song-swapping, but instead has been used to silence critics or sue adorable kids. And, most likely, it hasn’t done a whole lot to stop copyright infringement.

What is at risk with Internet crime is a similar course of events. In briefly reviewing Zittrain’s book, Lessig poses the question:

“Whether a single event, or a coordinated event, whether intentional, or accidental, it is simply a matter of time before a catastrophic network event happens. And when it happens — think of it as a kind of i9/11 event, but the bad guys are not Al-Qaeda — will we be prepared for the inevitable iPatriot Act response? Are we better prepared than civil libertarians were when we were hit with the USA Patriot Act? Have we even framed the right debate?”

Arguably this over-regulation has already started to take place, but it could certainly get worse. To help flesh out some of the important ideas about the future of cybercrime, the Publius Project has commissioned three essays.

Michael Barrett, head of information security at PayPal, writes that the impetus for regulation of cars and airplanes were prominent accidents. Paul Starr tells a similar story in The Creation of the Media about the beginning of radio regulation. Following the sinking of the Titanic, the Radio Act of 1912 required all radio operators to be licensed, all ships to have transmitters and allocated bands of spectrum for certain purposes. Barrett thinks that cybercrime will have the same effect that the Titanic did and be the cause of serious government regulation of the Internet. In fact, he welcomes it as an important part of the interconnecting regulation needed from government, private industry and users.

First of all, it is not clear that cybercrime will be able to have the dramatic effects that a sinking Titanic did. Many of the threats from online activity, especially identity theft, are well-known and publicized. Others are becoming more publicized, like Internet-facilitated espionage. These cybercrimes will not necessarily serve as the shock that government needs to begin regulation. But, let’s say there is an event or series of events which are powerful enough to induce government response, like Barrett welcomes and Lessig fears, is that the right response?

Cybercrime, as best we know, is not centralized. There is no capital city to bomb, leaders to sanction or even mob boss to imprison. As security expert Bruce Schneier says, even the alleged Chinese spy-hackers are not controlled by the state. So, what the cyber-police or other government regulation would be up against is a distributed network of criminals - a classic starfish - and one does not combat decentralized organizations in the same manner as centralized ones. As The Starfish and the Spider points out, to beat a decentralized foe, in this case, cybercrime, one must decentralized oneself, centralize the opponent or change the ideology. In this light, Barrett’s assertion that “it’s quite possible that a new global governance organization is needed” seems misguided. While I welcome his support of a shared responsibility between stakeholders, I am fearful that calling for government regulation may be regrettable.

Instead, the words of Internet guru David Clark seem more nuanced:

So the starting point for improving the state of Internet security must be a social dialog, not just a technical dialog, about what sort of Internet we want. The challenge to the technical community is not to build a very secure Internet—that might be more of a price than we actually want to pay. The challenge is to find clever ways to give us more security without taking away our freedom of action. And finding these better solutions will require a design process that involves both technologists and social observers, because it will take both technical imagination and social imagination to conceive of a different Internet from what we have today, more secure but still suited to our desires for open, diverse access.

This social dialog should recognize the power of defaults and architect a security-bias. Beau Brendler, in his essay, embraces this by calling for simple solutions which “nudge,” to use Sunstein and Thaler’s expression, users towards more secure computing. Provide free anti-virus software and simple-to-understand security manuals, for one.

But if these soft-power solutions are to emerge, they had better do so quickly because while mainstream media rhetoric on the issues may border on panicked, those who know best are worried, too. And if we are to save the open, generative net, it will need saving from both itself and outside regulation.

David Weinberger, in an early essay for Publius explained that “Rules are norms that have failed.” In his reasoning, the majority of human action is not governed by explicit rules; instead, tacit governance - norms, conventions and expectations - dictate the appropriate behavior in most cases. Where explicit governance is needed, the norm based approach has failed. Roads need explicit speed limits to avoid people’s tendency to cause accidents. “The overwhelming preponderance on the Net of tacit governance over explicit is a sign of the Net’s depth, importance, humanity, health and success.”

This tacit governance is connected to the civic technologies extolled by Zittrain. Those technologies, like Wikipedia or the Internet, which require constant care and effort to be successful, rely on mix of tacit and explicit governance. On the one hand, the Internet Engineering Task Force decides through “rough consensus,” often by humming. On the other, Wikipedia has an extensive list of rules and policies (of which one is to “ignore all rules”).

This mix of governance strategies hints at an effort to capture the civic ethic which allows these technologies to avoid formal, external institutional rule-making. Partly as a result of a technopanic over online porn, the Communications Decency Act was passed to regulate online speech. Because badware is so pervasive, McAfee and Symantec have a tidy business of combating it. Both of these are purely explicit governance which can have numerous complications.

How do we govern the Internet and technologies in either purely tacit manners or through a mix which minimizes explicit rules? I think it comes back to the civic ethic which can motivate heroes like Ghandi or just a simple Wikipedian who deletes a malicious edit. The question, then, is how to capture this civic ethic and expand it to new fields? This is more than a technological question, but by designing the tools and understanding the motivations of civic engagers, we can seek to expand this.

Last month, the Personal Democracy Forum brought together leading thinkers on the evolution of politics and technology. The list of speakers was really impressive and I’ve been watching the videos posted to Blip.tv. I really enjoyed Jonathan Zittrain’s discussion of “civic technologies” which he defines as those technologies which succeed as long as people are self-consciously willing to help it succeed. Non-civic technologies work pretty well regardless of people’s efforts. To JZ, radios are non-civic, but Wikipedia is civic. It, along with others like PCs and the Internet, require neighborliness to work and defend against threats that may befall them (in the form of the tragedy of the commons or short-term commercial exploitation).

The law is expensive to enforce and, as such, requires cooperation. Historically, volunteer groups used to help round-up criminals. More recently, the public has been used to “notice anything suspicious.” This nature of the law, which requires cooperation, is what makes civic disobedience so potent. When laws are unpopular enough that citizens choose to not assist in their enforcement, then the legal institutions are put under enough strain that they may break.

A civic engagement, though, can help to enforce certain ethics. Wikipedia is a civic technology because it has a core of users which defend against spam and other violations of the rules. Digg, JZ points out, does not have this civic nature and has spawned a site, Subvert and Profit, which aims to game the system.

The Internet and Wikipedia are able to succeed largely without formal governance because tacit norms of civic technology provide enough incentive to defend against violators; the users operate in a framework of empowerment and realization which motivates them to create and defend.

Much of Zittrain’s work has been an effort to understand and create civic ethics around technologies. PCs are under massive attack by adware, viruses, trojan horses and spam; StopBadware.org is a way to combat this. The the principle of free expression online is under massive attack by corporations and governments censoring the Internet; the OpenNet Initiative and the forthcoming Herdict are ways to combat this.

Although I’m not clear exactly the delineation between civic and generative technologies (they are intricately connected), it is obvious that the civic ethic is an important way to frame the debate over Internet governance.

One of the questions I’ve been kicking around since getting back from Berkman@10 has been one raised by Jonathan Zittrain’s book, The Future of the Internet. As I noted back when I reviewed it, JZ’s premise is that increasingly, vendors are selling locked-down, sterile devices to willing consumers who are fearful of the negative effects of generativity - spam, spyware, viruses.

In parallel with this shift towards sterility has been a push-back by those with the technical skills to hack their devices for additional functionality. With Linux or Wikipedia, the user is encouraged to hack, edit and create. With the iPhone or TiVo, the opposite is true and we are expected to accept what Steve Jobs or another executive decides. This has not been accepted happily by all and many are unlocking their iPhones or other sterile devices.

This “forced generativity” might seem like a protection against sterility - no device can be fully locked down and users are bound to open them incrementally. When I asked JZ this during a Washington Post discussion, his answer pointed out an important qualification: this forced generativity is increasingly contingent upon avoiding centrally controlled updates which can re-sterilize freed iPhones or TiVos.

Zittrain also laments that not everyone has the technical skill to force generativity, saying “I don’t want a world where only the hackers get Get Out of Jail Free cards, and where everyone else risks serious crossfire to break out of a sterile platform.” I think this is an important point, but not necessarily the entire truth. Of course, technically-inclined folks are more likely to be able to avoid sterility, but aren’t they the people who can take advantage of generativity in the first place? Hackers are the ones adding to Linux and using the neutral Internet to create new web services.

However, anecdotal evidence would suggest that more than just hackers force sterility. For example, Jan Chipchase (NYT profile), a cultural anthropologist who studies the use of mobile phones in the developing world, has written about “cultures of repair.” If you travel around the developing world (and to a lesser extent, richer nations), you will encounter a massive industry dedicated to mobile phone augmentation. Chipchase writes, “Aside from the scale of what’s on sale there is a thriving market for device repair services ranging from swapping out components to re-soldering circuit boards to reflashing phones in a language of your choice , naturally.” These are not just repairs; at times they come very close to doing what American hackers do with the iPhone - they add functionality and opportunity. And it isn’t just the technically minded, its the poorest of the poor:

“The informal repair services that are offered are quite simply driven by necessity - highly price sensitive customers cannot afford to go through more expensive official customer care centers and even if they could their phones are unlikely to be covered by warrantee - having been bought through grey market channels, been sent as gifts from friends and relatives abroad, or were locally bought used, second or third+ ownership.”

What is happening is a broad effort to force generativity upon an industry which is woefully sterile. The warrantees, contracts, networks and devices of the mobile telecommunications sector reek of sterility. People, and not just hackers, are pushing back.

Perhaps the real conclusion from this small quibble is that people do want and are capable of utilizing generativity. Efforts to control too much will be rejected or augmented.

Jonathan Zittrain, the co-founder of the Berkman Center and professor at Oxford University, has a new book entitled “The Future of the Internet - And How to Stop It” in which he solidifies himself as one of the leading thinkers in Internet studies.

JZ provides a simple framework for understanding digital technologies whose implications are profound. For JZ, what make the Internet (and to a lesser extend, other technologies) great is its ‘generative’ nature. “Generativity is a system’s capacity to produce unanticipated change through unfiltered contributions from broad and varied audiences.” The generative nature of the net has enabled a whole new era of innovation spawning Google, Wikipedia, YouTube and more. However, with these welcome advances has come another effect of generativity - badware. The generative state of the net also allows malicious exploits like spam, viruses and spyware.

These massive enterprises pose an existential threat to the Internet as it has functioned and prospered thus far. As a result, a new form of digital devices and networks have arisen. JZ calls these sterile and TiVo, most cell phones and other locked down devices are prime examples. A middle ground is exemplified by the iPhone whose SDK provides a form of “contingent generativity” - you can generate new innovations as long as Steve Jobs approves. The rise of intermediaries is something about which I have written before.

What Zittrain has done in The Future of the Internet is fire a warning shot past the bow of all the tech geeks who relish their TiVos and iPhones. He openly admits that these devices are wonderful accomplishments of technology and design, but the book forces the reader to come to grips with the ideological and practical implications of these “safe devices.”

The implications are manifold and often unwelcome. Sterile devices tend to make innovation more difficult as freedom is limited. Wikipedia would not have taken off and have millions of articles in a model of control. In fact, its predecessor, Nupedia, was a failed attempt at controlled encyclopedia creation.

Contingency provides government or other would-be oppressors an easy means to surveil or censor. Through his work with the OpenNet Initiative JZ has studied the dozens of nations who actively censor the Internet, in effect making the generative network a sterile one. Similarly, the shift to cloud computing or software as a service means that data centers are controlling huge amounts of other people’s businesses and have the ability to stop things they would prefer not occur or are more easily open to regulations which may stifle creativity.

The obvious and easy answer that governments, corporations and users are embracing to avoid the many negative effects of generativity (badware) is the shift to sterility. However, JZ thinks a more norm-based approach will be able to save the benefits of generativity while vastly limiting the downsides. A prime example is robots.txt, an optional but widely accepted standard which allows people to not be included in search engines. Google and Yahoo have no compulsion to follow webmasters’ requests, but they do. Likewise, Wikipedians by and large seek consensus and a neutral point of view, even though they are free to not do so. JZ’s plea is for “netizens” to vote with their processors and bandwidth for solutions which embrace the ethos of generativity. The Berkman Center’s StopBadware.org is an example and has worked with Google to stop people visiting websites known for disseminating dangerous code.

Charlie Rose consistently provides insightful questions and challenges to the big thinkers of today’s world. He recently spent 30 minutes with Jonathan Zittrain whose new book, The Future of the Internet, is keeping me up late. I am thoroughly enjoying its discussion of the value of generativity, or the ability to create through open digital platforms, and the possibility of the rise of sterile appliances - those devices like the TiVo or iPhone with limited capabilities for creativity.

Rose and Zittrain discuss the book but touch on a number of important topics including the future of technology, international competition, education and collaboration.

Watch the video here.