Read Surveillance or Security?: The Risks Posed by New Wiretapping Technologies Online
Authors: Susan Landau
Application designers do not need to negotiate with the Internet developers or ISPs to launch an application; they just need a communications
endpoint-a PC, a laptop, or even a cell phone-and they can be in business. Put another way, no changes were needed in the underlying Internet
infrastructure to enable the most important Internet application of all: web
browsers. All that took was the development of html, the computer language used to create documents on the web, and http, the protocol that
enables linking and web browsing.81 The same is true for other Internet
applications, like VoIP, RSS feeds, and so on. And because html and http
were made available patent and royalty free, in order to develop Amazon,
Google, Flickr, or Facebook, engineers simply wrote code and launched.82
As a communications medium, the Internet has had an immediate and
profound impact on public discourse. The network's decentralization of
control means that anyone can publish. Indeed, the Internet makes possible Andy Warhol's claim that in the future everyone will be famous for
fifteen minutes.83 Similarly anyone can read. The Internet provides a forum
for publication that virtually everyone in the world can access. By lowering
the cost of participation, the Internet has changed the rules in virtually
every domain of human commerce.
Instead of being a one-to-one communications channel as is supplied
by the telephone,84 the Internet allows one-to-many (blogs, YouTube, etc.)
and many-to-many communication (Meetup.com). Of course the Internet
did not introduce one-to-many communications-both radio and television broadcasts do that. The change the Internet has brought is that
anyone with an Internet connection can be a broadcaster. The new technologies of publication such as blogs, photo-sharing sites, and so forth
encourage the public to act as newsgatherers.85 The general public has
much more power and control than it had even a decade ago, although
this is true only in nations where the Internet functions freely.86 Usercreated content means that the voices of individuals are heard in a way unknown even a decade ago. Private citizens not only gather the news,
they play a role in shaping it."
The networking afforded by the Internet has enabled the growth of
grassroots communities. One example of this in the United States is the
political action committee MoveOn, which originated in 1998 as an email
effort opposing President Bill Clinton's impeachment and quickly grew to
an organization of three million.88 Another involved priests who had sexually abused children over a period of years. New York University faculty
member Clay Shirky looked at two cases, one in 1992 and one in 2002.89
Both resulted in convictions, but the second created a national group of
activist Catholics seeking fundamental change in the Church;90 Shirky
posits the Internet made the difference. The network simplified distribution of information and enabled members to network between meetings.
Through lowered transactional costs-fast communications channels,
uncomplicated one-to-many communications, an easy ability to share and
forward information-the Internet is fundamentally changing society.
Various laws have been developed to describe this value-the value, of
course, depends on what you choose to measure. A broadcast network,
such as TV or AOL's network-based services, serves one user at a time, and
so its value would be proportional to the number of users, or simply n for
n members. Users interact with each other-they email, IM, and so on-and
Metcalfe's law captures that aspect, describing the value of a network as
proportional to the square of the number of users, or n(n - 1)/2.91 Reed's
law looks at the social groups that form, and claims the value of a network
with n participants is 2", or the number of subgroups that can be created
from this set of participants.92
A networking site can host all sorts of groups: people who live in Berkeley and like to play bridge, people who like to birdwatch at Tule Lake, and
people who live in Berkeley, like to play bridge, and like to birdwatch at
Tule Lake. (The ability of the networking site to easily create these groups
is inherent in the flexibility of the Internet's end-to-end design.) Since the
number of possible subgroups doubles each time a new member joins the
site, this makes large networking sites very powerful. That easily draws in
new members, but also makes it difficult for a competitor to pose a serious
threat to an existing large site.
Network architecture enables new speakers and it encourages new
connections. By erasing-figuratively and, of course, not completelyorganizational boundaries, the network abets collaboration. Wikipedia, the
online collaborative encyclopedia,93 is one example. Perhaps an even more
striking example is the open-source operating system Linux. (Open source means that the source code, which is written in a high-level language
comprehensible to humans, is made public, enabling programmers to
transform it if they so choose; closed-source programs, such as Apple's
iPhone or the Microsoft operating system, show only the machine's "object
code," which, because people find it incomprehensible, they cannot
change.) Operating systems are huge, running to millions of lines of code.
Until the early 1990s, these were developed by large teams of people. Linus
Torvalds, at the time a twenty-year-old Finnish engineering student,
changed that.
Torvalds posted to a mailing list that he was building an operating
system kernel94 (the central piece of the operating system that manages
schedule calls, memory accesses, and the like) and could use some help.
A month later the ten-thousand-line kernel was ready. Programmers
liked the idea of collaborating on an open-source operating system. Linux"
was developed through a collaborative effort started by Torvalds but
with thousands of programmers across the world contributing code
and bug fixes. By 2002, it was a system with over thirty million lines of
code.96 Linux arrived as the Internet was being transformed from a U.S.based network supporting research and academic institutions to a much
broader one.97 New York University researchers Jae Yun Moon and
Lee Sproull commented that "easy access to the Internet or its equivalent
is a necessary precondition for the kind of distributed work represented
by Linux.""
The Internet certainly enables large programming projects with thousands of contributors. The network's ability to aid production is broader
than that. Worldwide access to the network allows a fundamental change
in production of intellectual goods. It permits people to contribute even
when their only reward is the pleasure of having done so. Of course, some
problems are unlikely to particularly benefit from a very large set of contributors, but many other tasks-such as developing an open-source screen
reader for people with visual impairments or finding cures for diseaseswould be.99
As Yale law professor Yochai Benkler has observed, the Internet encourages nonmarket social production: "What characterizes the networked
information economy is that decentralized individual action-specifically,
new and important cooperative and coordinated action carried out through
radically distributed, nonmarket mechanisms that do not depend on proprietary strategies-plays a much greater role than it did, or could have,
in the industrial information economy.i100 The Internet has changed many
playing fields.
2.9 Threats to the Network
The Internet has moved to the point where it is fundamentally changing
modes of production. Just on the cusp of such bounty, the Internet's open
architecture is under attack from multiple directions.
The network is being assailed by content owners-especially the music
and movie industries-who find the combination of perfect copying that
digital data makes possible with the ability to rapidly and broadly share
that content a serious threat to their business. In a desire to hold onto a
business and business model threatened by new technologies, some have
sought to restrict the use of peer-to-peer communication systems.
In response to flourishing electronic crime and the difficulty of tracking
criminals who may be halfway across the globe, a different set of concerns
is being raised by law enforcement and lawmakers. They want to know
who the bad guys are and shut their websites and computers down. In an
effort to prosecute cyberintrusions and prevent new ones, some seek full
attribution-knowing the party behind a communication-and authentication for network access.
The third objection to the Internet's design comes from national security and law enforcement. Their focus is on mobile, elusive enemies, who
exploit the mobile and anonymous communications that the network
enables. In an attempt to recreate the tools of the PSTN, they want to
embed surveillance capabilities into communications infrastructure.
These are strong pressures. The Internet was once the playground of
engineers, who could dismiss thoughts of criminal uses. The network's
success has made it society's tool, increasingly under society's regulation.
What will be the impact of these different pressures?
The challenge to peer-to-peer systems is unlikely to have much effect.
Peer-to-peer architecture provides the Internet's robustness and enables the
network to stay up during major disruption. The objections are not to
peer-to-peer architectures, however, but to peer-to-peer file sharing. Any
laws affecting peer-to-peer file sharing have to be carefully constructed,
and that has not always been the case with proposed legislation.
While peer-to-peer file sharing enables the illegal sharing of music and
movies, it also enables the distribution of large programs. BitTorrent, a
program based on the clever idea of using downloaders of files as distribution sources, is used by NASA for dissemination of satellite images. It is
also used by various computer companies for the distribution of large files
such as operating systems; by established content providers including
CBS, Twentieth Century Fox, and Sports Illustrated for delivering video programming to online viewers;101 and by game companies for patch
updates. The broad value of Internet peer-to-peer file sharing makes
attempted legislative attacks on it unlikely to succeed.
The call for attribution is likely to have only a limited impact. Attribution compromises the openness of the network, and is likely to be valuable
only in limited circumstances. As society debates whether to build surveillance capabilities into the Internet, we must weigh the costs. These include
not only risks to civil liberties, privacy, and innovation, but also the serious
danger that we will create serious security risks. It is time to explain why
network security has been so difficult to achieve.
At a celebration marking the ARPANET's twentieth anniversary, Danny
Cohen, one of the Internet "pioneers,"' provided a poetic description of
the network's origins:
In the Beginning, ARPA created the ARPANET. And the ARPANET was without form
and void. And darkness was upon the deep. And the spirit of ARPA moved upon
the face of the network and ARPA said, "Let there be a protocol," and there was a
protocol. And ARPA saw that it was good. And ARPA said, "Let there be more protocols," and it was so. And ARPA saw that it was good. And ARPA said, "Let there
be more networks," and it was so.
Indeed it was so. Unfortunately rather more of the biblical story holds.
Gaps in the network's security were a temptation in this Garden of Eden,
and more than one user partook of the forbidden fruit. But I anticipate.
Let the story unfold itself.
3.1 The Principles behind the Internet's Design
The network protocol was Kahn and Cerf's 1974 TCP/IP. Its simplicity
enables complex procedures to be layered on top including protocols for
web page exchange, secure communications, and downloads of audio and
video. As I have described, with the ARPANET's success came other networks including the Internet.
Baran and Davies sought to build a reliable communications network
for data transmission. They succeeded well beyond that. The network that
developed from Baran, Davies, and Kleinrock's initial ideas augmented by
Cerf and Kahn-and a host of others-has been transformed into a network
on which society relies.
The Internet has become fundamental to business communication.
Governments use the network to transmit information both internally and
to the citizenry. The public uses the network multiple times a day to check a stock price, email or Instant Message a friend, or look up a restaurant
review. Information in support of critical societal needs traverses the Internet. But the network of Baran and Davies lacks security, a problem that
has come to haunt the Internet creators. The subject of this chapter is the
inherent insecurity of the Internet's design and how this came to be.
3.2 Designing for Reliability and Availability
Cerf and Kahn do not mention security in their initial paper on the
protocol enabling packet-switched networks to internetwork.2 The two
engineers were concerned about breakdowns, packet loss, drops in connection, and robustness.' The rationale for the network was that it would be
a system linking researchers and scientists.