zortrium.net

1/23/08: Future of the Internet

Tussle in Cyberspace: Defining Tomorrows Internet
This article discusses the dynamics of the various players and investors on the Internet who have often conflicting interests and goals for how the net should evolve. The authors term this 'the tussle', and understanding the tussle forms the basis of the paper. Tussles occur between many groups and on many issues - for instance, consumers wish to have greater freedom on the net, while ISPs wish to have greater control. Conflicting parties are constantly shifting to meet the latest actions of the other parties. Other types of tussles occur between parties with different goals, such as IP holders wishing to protect their property and users wishing to share information over the net. The main point of the paper is that technical design cannot solve the tussle, but it does shape the arena in which tussles occur. Therefore, the internet ought to be designed to facilitate the healthy evolution of what is a very competitive space. One of the primary considerations ought to be that the net is designed for choice - giving users choice provides healthy competitive pressures and ensures that tussles are kept in check. A related point, however, is that even these choices are not 'value-neutral', and what standards are put into effect are all part of the tussle. The paper also discusses the role of 'fear and greed' in the economics of the internet - greed driven by profits, and fear driven by competition. These effects also rely on the ability of the consumer to choose, driving competition. Another important aspect of the internet is that users mostly don't trust each other, and the need for trust (at some level) should be built into the system. For instance, it should be possible for users to choose a third-party to control an interaction (in other words, establish trust between the two parties). The paper also discusses the end-to-end concept, which says that the network transparently moves packets from source to destination without interfering in the core of the network. The authors argue that this is still important, but a more complex discussion is needed for the internet today-failures in transparency are guaranteed to happen, for instance. Finally, it is argued that policies and non-technical laws are always going to play a part in the tussle, and should be accepted as such by the technical designers of the net.

1/21/08: Spyware and Phishing

It's the Economy, Stupid
The first article discusses the intertwining issues of economics and computer security. The discussion is fairly recent, but is advanced through conferences such as WEIS, in which computer-savvy professionals get together with economists and lawyers to discuss computer security. Economics increasingly play a part in computer security because there are typically economic incentives against companies either securing their technologies themselves or releasing information that would allow others to fix them. Since consumers can be shouldered with the burden of insecure technology, there is usually not enough done by the software manufacturer to secure the product. Because of issues such as these, the internet and computer systems in general have often evolved as an inherently insecure field, and one that needs addressing through conferences such as WEIS.

Spyware on My Machine? So What?
The second article pertains to spyware and the increasingly common perspective that spyware is not an evil but necessary to support certain forms of free and useful software. The application in question is called Marketscore, and routes all traffic from its users through the application's own servers, where the traffic is analyzed. Furthermore, it also transmits sensitive, encrypted data, which Marketscore possesses the ability to read. However, many users who have Marketscore installed on their machines seem unconcerned at this invasion of their privacy, and apparently don't mind having the spyware in order to use whatever free service the application is offering. The article offers the perspective that perhaps people are getting tired of the constant security leaks and privacy breaches trumpeted online and have resigned themselves to the fact that their 'private' information really isn't that private; hence, they accept it and just get some free software out of it. This seems to be a flawed perspective, however, because a vigilant user is certainly capable of keeping their computer free of spyware and adware, and I see no particular reason to surrender privacy to anonymous third parties such as Marketscore.

Why spyware poses multiple threats to security
The third article is a more general overview of the problem of spyware. Spyware comes in several varieties, such as RATs, keyloggers, DoS drones, and general system probes that look for vulnerabilities to be exploited. One very important aspect of spyware is that it hampers system performance, both locally and over the net, since the spyware is constantly using CPU time and network bandwidth to do whatever it does. Furthermore, computers that have been turned into 'drones' by spyware can execute internationally coordinated attacks, which become very hard to fight, since the attackers are unsuspecting spyware victims, not the actual people responsible for the attack. Important steps to take to combat the problems are consumer education about the nature of spyware, legislation to force software developers to reveal anything that might be considered 'spyware', legal measures taken against the distributors of malicious spyware, and, finally, planned defenses of important systems in the event of a distributed DDoS attack. Through steps such as these, the threat and prevalence of spyware can potentially be reduced.

1/17/08: Privacy and Security

Think Before You Share
The first article details the many ways in which online activity can reveal private information in ways that are often not intended. Facebook in particular is a culprit, as it is extremely popular among college students and often contains information that students assume is 'private', yet can fairly readily be viewed by staff, administrators, and many other people. Cases are cited where disciplinary action was taken against students based on evidence extracted from Facebook. Another case is cited where a girl who disappeared was investigated mostly through her various online profiles. Finally, these social networking sites can lead to cyberstalking in certain situations. Though systems like Facebook provide privacy settings, they often are ignored, and students would do well to be more vigilant about protecting themselves online.

Facebook's 'Privacy Trainwreck: Exposure, Invasion, and Drama
This article discusses the Facebook "News Feed", which provides live, up to the minute descriptions of your friends activity on the site. Their was a large outcry about this, as it seemed to be an invasion of users' privacy; Facebook naturally countered that all information on the news feed was already accessible through the site, so nothing that wasn't already public was being revealed. The author discusses how this logic doesn't exactly work. One difference is the massive increase in exposure the feed provides, which can make activity on the site uncomfortable knowing that your every move will be immediately broadcast on your social network. Another issue is that it results in information overload about people who you wouldn't normally follow; this can lead to a false sense of connection and situations in which you know a lot about someone, yet you don't really 'know' them at all and they don't know that you know a lot about them. Making all this information easily available and waving it in front of you is harmful, the article argues.

Beware of Using Social-Networking Sites to Monitor Students
This article discusses the problems that arise from using a social networking site like Facebook to monitor student activities and act as a law enforcement tool. While it is a simple and fairly widespread tactic, it is inadvisable to attempt to fully monitor these sites both because they're impossible to keep complete track of due to their size and because it can lead to situations such as a university reacting to one piece of evidence on the site while failing to take action on another piece of evidence. Thus, there is potentially liability incurred by assuming responsibility for policing the sites. The best policy, then, is to only use the sites as such when a specific complaint or incident is targeted and the site is targeted for inspection. Otherwise, it is best to not attempt to monitor students on the sites.

1/16/08: Peer-to-peer File Sharing Legality

Give and Ye Shall Receive! The Copyright Implications of BitTorrent
This article overviews the workings and implications of the P2P filesharing system BitTorrent. When someone wishes to download a file from BitTorrent, they connect to a server which keeps track of all the people uploading or downloading that same file. The basic idea is that you download pieces of the file from other people who have already downloaded those pieces, while uploading the pieces you\'ve already downloaded to others who require that piece. Since you can upload and download from multiple people at once, your download speed is dependent on the number of other people uploading the file. Hence, more popular files are likely to actually download more quickly. This contrasts to traditional P2P software in which you\'d download from the single user hosting the file.

The next section overviews the issues of reproducing copyrighted material with BitTorrent. One issue is that individual users only upload parts of the complete file, so it isn\'t always clear if that constitutes reproduction. Another issue is that there are many temporaries copies being shared, which is another legal ambiguity. A further issue of distribution concerns whether the use of BT constitutes making the content \'available to the public\'. Unlike traditional downloading methods, the availability of a file depends on the existence of one or more \'seeds\' to host it, though most of the filesharing goes on between \'leechers\', or people downloading the content. This is debatable due to the various legalese wordings that sometimes make distinctions that are not made at other times, such as rights regarding transmitting a whole or parts of a work. Furthermore, legal \'private\' copying could simply be defined as not public, which could then be applied to torrent traffic, depending on how it is interpreted. The article comes to the conclusion, however, that BitTorrent infringes on copyrights, since its use is an act of reproduction and users are required to upload in order to download.

IAAL*: What Peer-to-Peer Developers Need to Know about Copyright Law
This article discusses the various ways that US copyright laws may be applied to P2P applications. Two main types of infringement can occur: direct infringement, in which users violate a copyright owner\'s rights, and secondary infringement, in which the P2P software is considered an enabler to the infringement. In order to prove secondary infringement (which is more relevant to the P2P software itself), there are several claims that must be proven (such as the knowledge that infringement was occurring or the intent to promote infringement, for instance). In the high-profile Napster case, many of these such claims against Napster were upheld by the courts, and ultimately declared that Napster needed to police its users activity more. Napster went bankrupt in the midst of the process, however. In the Aimster case, encrypted traffic was used as an argument that the system intentionally turned a blind eye to its users illicit activites. An important defense used in both cases was the Betamax defense, which was required to show that the system had significant noninfringing uses (as opposed to the simpler, but most likely untrue, defense that no direct infringement actually occurred). Thus, it is important to maintain records of important noninfringing uses for the purpose of legal defense. There are also the DMCA \'safe harbors\' to consider, but these are largely outmoded by the nonexistence of P2P traffic when they were drafted. The article ends with a list of things for developers to consider when developing P2P software, such as being wary of customer support (which might be used to claim encouragement of illegal activity) and either going for a complete control approach or a no-control approach.

1/14/08: Copyright and Patent Law

Jail Time in the Digital Age
This article discusses the case of a Russian programmer who was thrown in jail in the US for writing a particular piece of software that didn't violate any law, but enabled someone with criminal intent to pirate one of Adobe's eBooks. The law enabling this is the DMCA. The issue is that the DMCA goes further protecting technology than ordinary copyright law would, so it causes more activity to fall under the umbrella of illegality. The US is fairly alone in this approach, which essentially regulates copyright issues through the technology rather than the copyright laws. The article argues that this undermines both legitimate use and security, which depends on revealing flaws.

Our Case Against YouTube
The article concerns the litigation against YouTube for copyright infringement (caused by users uploaded copyrighted content). The DMCA makes provisions for content providers who unknowingly host copyright content, which allows such filesharing systems to exist. However, YouTube derives profits from advertising money as a result of the copyrighted content drawing its visitors. Thus, it is argued that it is YouTube\'s job to patrol for copyrighted content and keep it off the site. This properly respects intellectual property and is certainly manageable by YouTube management.

DRM Protects Downloads, But Does it Stifle Innovation?
This article is a discussion about the merits of DRM, which attempts to enforce fair use of copyrighted content, but often at the expense of convenient fair use. A pro-DRM argument is that it allows content to be released in the desired format because it ensures that people will pay for it. An anti-DRM argument is that the DCMA prohibits tinkering with DRM media, and hence is harmful to technological innovation (along with being inconvenient to the end user). In effect, it favors old business models at the expense of new ones. However, DRM undoubtedly caused more legitimate content to appear online (in services such as iTunes). DRM is supposed to protect the content owner\'s ability to make economic gain off the work. However, it can stifle the community\'s benefit from the work, leading to restricted product ecosystems (such as iPod+iTunes) and inoperable media formats.

Call It the Digital Millennium Censorship Act. Unfair Use
This article discusses an application of the DCMA to a case in which Microsoft attempted to restrict access to a tech specification and then invoked the DCMA against Slashdot users who began posting the specification out in the open. Microsoft alleged the specification a trade secret and demanded that Slashdot take down all links to it on the site. The article argues that if Microsoft gets its way, the DCMA effectively is allowing individual censorship to take precedence over judicial process. Another pending law (UCITA) would be even worse by validating the tactics used in Microsoft\'s End User License Agreement to enforce its terms and expanding what would be considered a breach of contract. The DMCA and UCITA be extremely hurtful to standards, since they would allow vendors to hide their degree of (non)compliance with the standards and hide behind agreements like the one used by Microsoft to do it.

1/10/08: Internet Governance and Control

Who Will Control the Internet?

Unlike other international networks such as the global phone network (which is administered by a UN organization), the Internet has no such international ruling body and is in effect controlled by the private, nonprofit organization ICANN, which is located in the US. Many members of the international community feel that this situation unfairly favors the US over other members of the international community. ICANN effectively exercises control by administering domain names and IP addresses for computers across the globe, as well as deciding other important policy issues. Originally, a single man (Jon Postel) performed these administrative duties, but in 1998 ICANN was created and the duties were handed off. When pressure for international administration came to a head in 2006, the US decided not to relinquish any power over ICANN. However, another aspect to this was that the countries most clamoring for authority were also the ones who most regulated the internet in their countries, which, it was argued, went against the fundamentals of the net.

Read the letter that won the internet governance battle

This article details a letter written by US secretary of state Condoleezza Rice to the UK foreign minister Jack Straw (who was acting in the role of presidency of the EU) while the EU was negotiating a proposition for international control over ICANN. The letter argues that the existing internet administration has worked very well for over a decade and stresses that the hands-off, decentralized approach is important to innovation and new services constantly appearing on the net. A private-sector approach, the letter says, is greatly preferable to a bureaucratic body overseeing the internet, and as such the current US stance is justified.

Control the Internet? A Futile Pursuit, Some Say

This article discusses potential pitfalls to the proposed idea of removing ICANN from unilateral US control. Essentially, the article voices the opinion that the internet cannot actually be controlled - while DNS and ICANN are important, they still don\'t ultimately \'control\' the internet. Thus, trying to \'control\' the internet is a non-issue. Since the internet is highly distributed and designed to withstand link failures without significant interruption, it is hard to control, unlike networks with but a few focal points. Furthermore, technical issues inherent in the internet\'s design make discussing political issues of it difficult.

Don't give UN control over Internet

The DNS system is responsible for converting IP addresses to easily remembered names, but the DNS system is not the highest point of translation. All DNS servers ultimately gather information from just 13 root servers, all of which are overseen by ICANN. The author argues that giving the UN control over ICANN's duties would open it up to all sorts of political abuses (whereas the US has mostly kept away from political influence). Furthermore, it raises the prospect of a net tax for infrastructure in developing countries, which could raise costs for consumers in the US, who would then have no say over how the money is spent. The article argues that the current net is free of taxes, censorship, and politics, and that is how it should remain.

1/7/08: Internet History and Quality of Service

A Brief History of the Internet
The theoretical origins of the Internet began with papers on packet switching published in the early 1960s. The earliest physical implementation of two communicating computers was a telephone line based system connecting a computer in Massachusetts with one in California. The concept of a computer network coalesced around the ARPANET plan, which was to network computers spread across many academic institutions. The concept of email originated on the ARPANET in 1972.

The primary idea behind Internet communications was an open architecture, which did not dictate the particulars of how individual networks were implemented, but only how networks could interface with each other. The protocol that formed to accomplish this goal was TCP/IP, which addressed issues of ensuring successful packet delivery and graceful recovery in the event of problems during transmission. The essential idea behind TCP/IP was communication by using streams of bytes and acknowledgement packets to indicate successful transmission of other packets. TCP referred to these particular aspects of the networks (flow control and packet recovery), while IP referred to addressing and moving individual packets. Though some skeptics thought TCP to be overly complex for personal computers, compact implementations were developed and connected the world of PCs to the net along with the use of new technologies such as Ethernet.

The increasing size of the Internet led to new challenges, such as domain name availability and routing algorithms (two major protocols emerged, IGP and EGP, for moving away from the central routing control originally used). ARPANET finally transferred from the old NCP protocol to TCP/IP in 1983.

Transitions to wider-area network interoperability came with Federal agencies agreeing to share costs of major network links and to use TCP/IP as the mandatory protocol. Many groups formed to administer and maintain the new, shared Internet infrastructure. The US NSFNet gradually oversaw a shift from the Internet backbone based on but a few research institutions to commercial enterprises, which supplanted the older, more rigid systems and caused explosive growth in the number of existing Internet nodes. When ARPANET was discontinued in 1990, TCP/IP was clearly becoming the dominant network protocol for computers across the globe.

Internet standards evolved in the form of RFCs, which allowed anyone with access to the Internet to build systems using the given standards. Further, many of the old task forces were recombined into the IRTF, which along with other groups oversaw and facilitated increasing non-academic and diverse traffic over the net. The W3C formed to oversee standards for the World Wide Web. Commercial ventures using TCP/IP were helped along by the very fact of their potential interoperability, as it gave companies incentives to make sure even their competitors' products were completely compatible over the net.

Why We Don't Need QOS: Trains, Cars, and Internet Quality of Service
This article discusses the idea of Quality of Service over the Internet, or QOS, which essentially involves giving preference to certain kinds of net traffic. The article argues that QOS is unneeded because, at best, it slightly delays the problems associated with too much network congestion, but these same problems can much more readily and robustly be solved by simply increasing net capacity. In other words, any time or money implementing QOS would be better spent upgrading the network and staying with the current system, as QOS is not particularly useful when the network isn't very congested (which happens if you increase net capacity), nor is it useful when the network is very congested (which may happen shortly if you do not increase net capacity). Thus, the choice seems clear to simply ignore QOS and focus on net infrastructure speed. I agree with this viewpoint - the rapidly increasing speeds of networks, especially in countries actively pushing the adoption of new technologies (such as Japan) clearly demonstrate that we are nowhere near hitting a wall in terms of how much total bandwidth we can provide. As such, it would turn out better for both would-be priority traffic and all other traffic to focus on increasing bandwidth rather than giving certain traffic preferential treatment.