• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources

Group Sites

• The Hindu
• Business Line
• The Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

D. Murali

Save the Internet before a `Pearl Harbour' moment happens, urges this paper. More on the `future of the Net' and `how to stop it.'

JONATHAN L. Zittrain's recent research paper is arresting enough to make you stop what you're doing. For, it is titled `The future of the Internet - and how to stop it'. The 67-page document is available on www.ssrn.com.

"In this article I explicitly sketch out the generative features of the Internet and the PCs so commonly connected to it - along with the alternative configurations that these instrumentalities defeated," writes Zittrain. He says that `the technology's openness to the deployment of third-party innovation' has a powerful inertia, making it overcome regulatory and commercial attempts at control, but this feature is `increasingly at odds with its own ability to sustain that innovation'.

Zittrain is unhappy that Internet technologists have too long ignored Internet and PC security issues. He calls for `some form of major intervention' to maintain `core aspects of the Internet's generativity'. Without such intervention, "a series of security-related disruptions will lead to a fundamental shift in consumer demand for increased stability in computing platforms." If he seems to sound like a doomsayer, read on.

Geometric rise in attacks on generativity

First, what is generativity? A technology can be more or less generative with respect to a given audience, explains the author. He describes generativity as "a function of (1) how deeply a technology leverages a set of possible tasks; (2) its adaptability to a range of different tasks; (3) its ease of mastery; and (4) its accessibility." The computers we currently use offer generativity.

But there is a risk that the chapter titled `the cyber security fulcrum' highlights. It opens dramatically, thus: "From the moment the Internet joined the PC, the movement of bits was bound to offend, cheat, and steal in ways that evaded easy resolution."

As evidence, the author plots the number of `incidents' reported to the Coordination Center (CC) of Carnegie Mellon University's Computer Emergency Response Team (CERT). "The increase in incidents since 1997 has been roughly geometric, doubling each year through 2003. CERT/CC announced in 2004 that it would no longer keep track of the figure, since attacks had become so commonplace and widespread as to be indistinguishable from one another."

If you're looking for current numbers, www.internetnews.com has a report dated December 29, 2005 that in 2005, AOL blocked an average of 1.5 billion spam messages each day from reaching the e-mail boxes of the AOL Network. "The total number of spam e-mails blocked by AOL in 2005 reached over a half trillion (556 billion) - a slight increase over 2004. The percentage of total e-mail that AOL blocks as spam at the gateway reached 80 percent in 2005." Charles Stiles, AOL's Postmaster, is cited in the report as saying that spam gangs have turned into a "tightly knit, controlled, Web-based spam mafia coordinating sustained attacks on netizens in 2005."

Enter, the appliancized PC!

Zittrain declares that a major intervention is needed "to head off the threats to the Net's vulnerability" and that it has to be "more refined than what is likely to follow if nothing is done until today's Net experiences a `Pearl Harbour' moment."

A chapter titled `Postdiluvian Internet' describes `fundamental changes to network and PC architecture'. The first component in this is `the Appliancized PC' - one that will run only those programs designated by the entity that sold it. Zittrain explains that, in the taxonomy of generativity, such a PC may have "all the leverage and adaptability of a regular PC, but its accessibility for further coding is strictly limited".

Some appliancized PCs among us are masquerading as home entertainment devices, such as TiVo, points out the author. He sees similar patterns in new information appliances such as `smartphones', that is cell phones `designed to surf the Internet and handle non-telephonic tasks like taking pictures and maintaining calendars and to-do lists'.

A section titled `Limiting what PC software will run' gives the example of Microsoft Windows XP Service Pack 2; it alerts the user who tries to run `unknown' software, thus: "The publisher could not be verified. Are you sure you want to run this software?" How would users respond? "Many will figure the computer ought to know the answer better than they do, finding themselves saying no to perfectly good software while saying yes to dodgy wares — at least as easily as the other way around." Ditto with cookies.

Allowing the consumer to choose is no panacea for application screening, states the author. "Consumers confused enough to click on a virus-laden email in the first place will not likely be deterred by a warning box, especially if that warning box appears quite often as innocuous-but-unsigned software is sought to run." In short, "the user is simply not in the best position to determine what software is good and what software is bad."

Licence to code

The paper discusses legal antidotes that the US tried in vain, viz. the Security Systems Standards and Certification Act and `its nearly-identical successor', the Consumer Broadband and Digital Television Promotion Act.

The author proposes `a license to code', issued not by governments but by operating system makers. "Like a driver's license or a cosmetologist's license that vouch for the basic training and identity of the holder, a license to code would exist at first simply to require a verifiable identity behind the production of software and contribute to the forming of a reputation. It could be held by a software author to indicate permission to make new works."

These licence-holders have to pass the test of trust. "Like new traders on auction site eBay — whose identities have an icon of sunglasses next to them to indicate possible shadiness of character — they would first have to prove their worth among daring consumers, slowly building enough of a reputation for their software to be trusted, or submit the software to testing of some kind, the sort that Microsoft requires for those who want their device drivers to be signed, or that some smartphone makers require before the code will be allowed to run on a smartphone," explains Zittrain.

End the end-to-end thinking and adopt `two Internet' solution

`Refining principles of Internet design and governance' that the author outlines begin with superseding `End-to-End' thinking that prefers control and intelligence at the edges of a network rather than in the middle, "as a way of ensuring both a flexible network and maximising choice for its users".

End-to-End supporters wrongly presume that mainstream consumers are capable of painstakingly tweaking and maintaining their machines against attack, says Zittrain.

"It may be more sensible to screen out viruses through ISP-operated network gateways than through constantly-updated PCs."

How about `Two Internet' solutions: generative PCs vs locked-down information appliances? The paper describes `a compromise' in the form of PCs with `red' and `green' switches.

The `red' mode would be akin to today's PCs, capable of running any software it encounters, explains Zittrain.

"This would maximise consumer choice about how to use the PC, allowing participation in unanticipated applications whose value in part depends on uptake among other users, such as PC-to-PC Internet telephony. Such a configuration would also retain the structural vulnerability to worms and viruses."

The safer one is the `green' mode, in which the PC runs a different operating system, and `only specially approved or vetted software - less interesting, but much more reliable'.

Much like a driver putting a SUV (sports utility vehicle) into all-wheel drive for off-roading, is an analogy that the author provides.

Thus, in the `two Internets' system, there is the "new, backwater, experimentalist one that restarts the generative cycle among researchers and hackers, implemented `off-road' from consumers", while the second, the existing grid is consigned to "an appliancized fate, where little new happens and existing technology firms develop existing applications".

The challenge facing those interested in a vibrant global Internet is to maintain that experimentalist spirit in the face of pressures, declares Zittrain.

Do you see `red' already?

ITworks@TheHindu.co.in

More Stories on : Internet | Security | IT Works

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
What the buzz was all about

Copyright © 2006, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line