Review of The Future of the Internet

Review of The Future of the Internet

Cyberlaw expert Jonathan Zittrain's latest book, The Future of the Internet—And How to Stop It (Yale University Press, 2008; licensed under CC-BY-NC-SA and freely available online), is a thought-provoking analysis of the temptations and dangers inherent in attempts at making the Internet safer by limiting its flexibility and openness. Zittrain holds degrees in both computer science and law, and is a professor of Internet law at Harvard University; he is thus well-versed on both the technical and legal aspects of the Internet. The book convincingly demonstrates that security threats from malware and botnets are increasing at an alarming rate and will soon reach a point where people will feel that "something must be done." But overreaching steps to contain these threats, Zittrain says, might damage the Internet as much as worms and spambots.

The book begins with a history of personal computers and computer networks, comparing them with other technological developments. An interesting analogy is drawn with AT&T, the company which, throughout most of the 20th century, controlled virtually every aspect of telephone services in the United States. AT&T attempted to prohibit any intervention or modification of its system by outside parties, and even waged a long legal battle against the sale of the Hush-A-Phone, a small cup-like device attached to the mouthpiece which purported to prevent bystanders from listening in on the conversation. A court of appeals ultimately allowed the sale of the Hush-A-Phone on the grounds that it did not "affect more than the conversation of the user," but devices which directly interacted with the telephone system were prohibited for many years. Only in 1968 did the FCC rule that proprietary devices could connect to the AT&T network, as long as they did not damage the system. The result was a diversification of the uses of the phone network, with answering machines, faxes and cordless phones entering the mainstream.

Generativity

AT&T's phone system was an example of what Zittrain calls "non-generative technology." The entire system was designed and maintained by a single large company with little incentive to seek improvements, and amateurs or hobbyists were not allowed to fiddle with the parts. Early computer systems followed a similar marketing strategy: they were rented along with a service contract. Zittrain attributes the explosive growth of personal computers to the fact that programs could be written by anyone, easily distributed, and used for purposes beyond the original intention of the manufacturer. For example, Apple was not even aware of the existence of VisiCalc, the first spreadsheet program, when it noticed the resulting increase in the sales of its personal computer. A similar effect occurred when proprietary networks such as CompuServe and AOL were drowned out by the Internet, in which the creation of content by anyone was much simpler. In Zittrain's words, the PC and the Internet are "generative" in that they have a "capacity to produce unanticipated change through unfiltered contributions from broad and varied audiences."^[1]

But the generativity of the Internet can also be the cause of its downfall, since malicious software can be written and distributed as easily as the next revolutionary product. While the Internet was never designed for security, until recent years there was little economic incentive for breaking into other people's computers. This is changing, though: innocent computers are unwittingly incorporated into botnets and used for various spam-related purposes, or even for waging DDoS attacks on websites for a ransom. The figures cited by Zittrain are truly alarming: by some accounts, upwards of 10% of all computers on the Internet are part of a botnet. And at one point, a single botnet used up 15% of Yahoo's server load for a spam-related task. It seems that severe Internet disruptions may well become more common in the future.

Zittrain is worried that the public will eventually come to distrust the network, and will seek safer (but less generative) alternatives instead. Some such alternatives are already available on the market. For example, the iPhone is basically a computer with a wireless network connection, but it can only run software approved by Apple. Even personal computers are sometimes locked down to various degrees, with many workplaces now prohibiting users from installing software on their office computer, for fear of introducing viruses.

Will this trend continue, with people buying "boxes that look like PCs" but are actually only web browsers, and offices going back to the days of mainframes and terminals? Personally, I remain skeptical. There are many far less severe methods for dealing with an increasingly hostile outside network. Even completely disconnecting an office network from the Internet, a rather severe step, would not destroy generativity altogether, since innovative products could still be introduced by traditional CD-ROM installation. And I find it hard to imagine corporate IT departments giving up the ability to separately purchase products such as word processors and backup software, without being tied down to a single supplier. However, the world we live in, in which universal unobstructed Internet access is taken for granted, may change in coming years. Zittrain is correct that we should recognize this possibility and prepare for it.

Wikipedia and the future of the Internet

The book concludes with a wide and varied set of ideas for increasing the safety of the Internet without losing its generativity. Interestingly, many of these ideas arise from an analogy between Internet worms and Wikipedia vandalism. Like all generative systems, Wikipedia faced problems as its popularity grew: in this case, the problem of vandalism resulting from the "anyone can edit" policy. But rather than massively protecting articles, vandal fighters, equipped with appropriate technology, keep the situation (more or less) in check. Why can't something similar be done for Internet worms? There are many reasons, but Zittrain cites the ease of crowdsourcing a simple task like RC patrol as opposed to the difficulty and technical skills required in identifying and fighting malicious code. Nevertheless, there are some intriguing collaborative efforts in this direction, such as StopBadware (co-directed by Zittrain), a nonprofit organization using a volunteer computational grid to identify malware. None of these solutions will entirely neutralize the threat of network abuse, since eventually malware writers will attempt to infiltrate the malware-fighting volunteer networks themselves. But that would really mean that such efforts are beginning to show success, just as vandalism on Wikipedia is an indicator of Wikipedia's popularity. And, like vandalism on Wikipedia, such problems can probably be dealt with with as they come along.

Some of the problems described by Zittrain are also confronting Wikipedia specifically. Many people have an obvious economic incentive in altering the content of Wikipedia to suit their needs. Thus, it is not inconceivable that vandalism will be transformed from a graffiti-like nuisance to a profitable business. If this happens, we may one day have to deal with massive, multiple-IP, botnet-driven advertising, inserted simultaneously into thousands of marginally-related articles. If a single botnet was able to occupy a sizable portion of Yahoo's server load, how will a small corps of vandal fighters deal with such an attack? These questions are beyond the scope of Zittrain's book, but perhaps we Wikipedians should think about the matter sooner rather than later.

Ultimately, there's a place on the Internet for restricted appliances alongside more generative (and less reliable) counterparts. I fully agree with Steve Jobs, who said at the launch of the iPhone that "[t]he last thing you want is to have loaded three apps on your phone and then you go to make a call and it doesn't work anymore,"^[2] a statement which Zittrain seems to view with some reservation. We want phones to be highly available and rely on them for emergency services. There's a reason why the Skype website warns that "Skype is not a replacement for your ordinary telephone"; that sort of reliability just isn't available on the Internet. The popularity of restricted appliances like smart phones does not necessarily threaten the continued existence of traditional PCs. But any effort at increasing the safety of the net, while maintaining its generativity, is a worthy endeavor.

Notes

^ Zittrain, p.70.
^ John Markoff, "Steve Jobs Walks the Tightrope Again," The New York Times, published Jan. 12, 2007 (retrieved May 23, 2008).

Next "Book review" →

In this issue

1 June 2009 (all comments)

From the editor

Book review

Scientology arbitration

+ Add a comment

Discuss this story

These comments are automatically transcluded from this article's talk page. To follow comments, add the page to your watchlist. If your comment has not appeared here, you can try purging the cache.

Zvika, this is an excellent review, well-written and well-organized. You should cite that Steve Jobs quote. I'll go over it more closely a little later and try to make some more suggestions, but overall I think Signpost readers will find it very useful.--ragesoss (talk) 14:02, 23 May 2009 (UTC)[reply]

Thanks :) I added a reference to the Steve Jobs quote. Let me know if you have any further suggestions. --Zvika (talk) 14:16, 23 May 2009 (UTC)[reply]

Suggestions and thoughts:

At the beginning, it would be helpful to have a little more background on the author.
If possible, a bit more explanation would be helpful to connect the Hush-A-Phone issue to later innovations like faxes. It seems like there is a big difference between something you put at the end of a phone connection but that doesn't fundamentally change what the phone network does (like a Hush-A-Phone or an answering machine) and something like faxes (or phreaking) that puts the phone network to uses besides delivering real time audio signals.
It would be interesting if you extended the analogy with Wikipedia to your conclusions about highly generative and more reliable but less generative systems co-existing. Can we anticipate the escalation of malicious editing (perhaps with newer automated vandalism or even vandal botnets?). Can we foresee a similar broad public demand for a more reliable but less generative counterpart to (or version of) Wikipedia? There are several such alternatives, with various generativity-reliability balances, available (e.g., Citizendium, Britannica, scholarly publishing); should we look for some of those projects to gain or regain some of Wikipedia's mindshare?

--ragesoss (talk) 01:26, 25 May 2009 (UTC)[reply]

Those are really good points. I am not sure though that I will have a chance to address them before this week's deadline. If I don't, I leave it up to you to decide if you want to wait with this for next week, or publish as is, or whatever. --Zvika (talk) 06:10, 25 May 2009 (UTC)[reply]

Waiting until next week is no problem.--ragesoss (talk) 06:22, 25 May 2009 (UTC)[reply]

OK, I tried to address these points without making the review too long. The third point is particularly troubling and I don't have any answers, though I must say the idea is troubling. Perhaps the article will spawn some fruitful dialog on this. --Zvika (talk) 18:38, 30 May 2009 (UTC)[reply]

Work of this quality brings up the inevitable question "is this suitable to cite as a periodical publication?" That is a question for the broader Signpost as a whole, whether it should be considered an edited publication ... and whether, in fact, pursuit of an ISSN and OCLC (sp) might be warranted. --User:Ceyockey (talk to me) 23:20, 1 June 2009 (UTC)[reply]