It used to be said that "The Net interprets censorship as damage and routes around it" - a quote by John Gilmore, in 1993.
In my view, the Internet community is now maturing to a state where it is going on the offensive rather than just taking defensive avoidance strategies.
When it is threatened, rather than just looking for ways to mitigate or "route around" potential damage, it is now going after the source of that damage (& its promoters). It is going beyond mere nullification to actually escalating the battle - either codifying methods pre-empting further problems from the same source, or actually attacking that group more broadly.
A prime example has been the rise of ad-blocking. Most Internet users are OK with the general principle of passive, neutral, non-invasive advertising. It's a bit annoying, but no more so than ads in public spaces like poster hoardings. But what gets resented is where those ads are privacy-invasive (eg with tracking), hugely interruptive (pop-ups) or consume a lot of resources (eg auto-playing video).
As a result, the Internet has given birth to a variety of tools which don't just block the annoyances, but take out the basic, more-acceptable formats too, as collateral damage. The Internet ad industry has over-reached the boundaries towards a form of pseudo-censorship (or at least, "mucking around with content" in undesirable ways), and found its fundamentals under attack. The idea that telcos will charge advertisers for traffic, on threat of blocking, is another example of something that will backfire even more strongly, as I wrote recently.
Another area is telcos'/ISPs' attempts to "monetise" Internet connections, or "optimise" traffic, in wholly self-serving fashion. The use of DPI for filtering, advert insertion with HTTP man-in-the-middle proxies, and various other unwanted forms of interference, has led to the wholly-predictable rise of encryption everywhere. We see HTTP2 with Google's SPDY baked-in, wider use of VPNs and so forth. The irony here is that this also has collateral damage, preventing some forms of actually-useful forms of network management. Again, strategic over-reach has resulted in the Internet not just defending its basic utility against a form of censorship, but escalating the battle.
What prompted this post was reading a new IETF Draft (see here) which explicitly "mandates end-users as the highest priority constituency for Internet standards". The needs of users (who generally aren't well-represented / advocated in standards) are now being absolutely prioritised above ISPs, vendors, developers, "implementors", governments and so forth. Theoretical considerations of technical "purity" or "elegance" come right at the bottom of the list.
It means that new IETF standards ought to check - and explicitly state - that user welfare is not harmed at the expense of other groups' gain. It's a bid to stop some of the back-room chicanery that goes on inside a lot of standards development (many groups are a lot worse than IETF - I'm sure readers will be able to identify the real culprits here). Small technical details are sometimes deliberately made to capture value on behalf of other constituencies, to the detriment of users (or rival groups).
This forces the principle of "design thinking" onto the normal engineering-led (and perhaps commercially-influenced) process.
This move appears to have been catalysed, in part, by the ham-fisted opposition to HTTP2/SPDY by the ironically-named "Open Web Alliance" set up by various (mostly US) telcos and vendors as part of ATIS. This group came up with the risible notion of "trusted proxies" which did not just allow useful traffic-management, but started with the premise of allowing ISPs free rein to break encrypted streams for a variety of use-cases, including ad-insertion, big-data collection, application discrimination and various other questionable practices.
In other words, the Internet is not just neutralising a specific example of "damage", but it's trying to ensure that those that attempted to damage it are de-fanged for the future as well.
The US battle against Net Neutrality was another instance. An attack by the ISP/telco industry on a relatively straightforward legal rule ended up with a much larger fight-back: culminating in the FCC implementing Title II for broadband, with help along the way from the likes of John Oliver and a major grass-roots campaign. What could have been a minor defeat turned into a major strategic rout, because of push-back to the way the US regulatory and lobbying system works. Whether it has learned its lesson is yet to be seen.
Various repressive regimes have also learned to their cost that attempting to harm the Internet can result in disproportionate retribution from it in response.
Over-doing the use-cases for zero-rating has also attracted the Internet community's ire, meaning that valid use-cases may suffer along with questionable ones, as some regulators ban the concept entirely.
Then there's the spies. Bodies like the NSA & GCHQ have had to deal with far more, and stronger, crypto, because recalcitrant vendors, whose reputations and exports have been hurt by intercepted data or underhand hacks, responded to users' demands uncompromisingly. The intelligence agencies - who have a difficult and thankless task - committed the cardinal sin of over-reach, and then had to deal with the consequences.
It seems likely that some of the push for LTE-U (4G in the same spectrum as WiFi) may go the same way. By angling for a version called LAA which needs licenced spectrum as a pre-requisite, the industry may well find itself unable to use LTE-U at all once the regulator gets involved. Plus it might even get worse - by suggesting WiFi and LTE can "play nicely" together (with coexistence protocols) in unlicenced bands, perhaps we'll get escalation. Surely this means private WiFi could run in today's licenced bands as well, as the evidence shows it could be implemented in ways that wouldn't interfere? That could hypothetically aid overall efficiency of spectrum utilisation, whilst not damaging the value of carriers' own spectrum....
The strategy of arguing "Who, me? Innocent little me? My intentions are good, honest!", with fingers crossed behind ones back, is no longer a viable one.
It could be argued that with these new powers, the Internet is in danger of becoming more than just petulant, but risks sometimes throwing the baby out with the bathwater. That seems to be the case with some of the genuine security risks that might emerge as an unintended consequence of crypto. It's possible that the Internet will need to control its own power better, a bit like the Incredible Hulk.
But for now, until it gets that self-control, the lawyers and lobbysists, telcos and ISPs, advertisers and snoops all need to imagine the Internet saying "You wouldn't like me when I'm angry" before pushing their luck too far. If you "try it on" with the Internet, prepare for a bigger slap than you expected. So for example, all this nonsense about "level playing fields" (see here), erecting toll-gates (here), or sly attempts to influence lawmakers about spurious notions of "platform neutrality" (here) will make the Internet bite back. Hard.
In my view, the Internet community is now maturing to a state where it is going on the offensive rather than just taking defensive avoidance strategies.
When it is threatened, rather than just looking for ways to mitigate or "route around" potential damage, it is now going after the source of that damage (& its promoters). It is going beyond mere nullification to actually escalating the battle - either codifying methods pre-empting further problems from the same source, or actually attacking that group more broadly.
A prime example has been the rise of ad-blocking. Most Internet users are OK with the general principle of passive, neutral, non-invasive advertising. It's a bit annoying, but no more so than ads in public spaces like poster hoardings. But what gets resented is where those ads are privacy-invasive (eg with tracking), hugely interruptive (pop-ups) or consume a lot of resources (eg auto-playing video).
As a result, the Internet has given birth to a variety of tools which don't just block the annoyances, but take out the basic, more-acceptable formats too, as collateral damage. The Internet ad industry has over-reached the boundaries towards a form of pseudo-censorship (or at least, "mucking around with content" in undesirable ways), and found its fundamentals under attack. The idea that telcos will charge advertisers for traffic, on threat of blocking, is another example of something that will backfire even more strongly, as I wrote recently.
Another area is telcos'/ISPs' attempts to "monetise" Internet connections, or "optimise" traffic, in wholly self-serving fashion. The use of DPI for filtering, advert insertion with HTTP man-in-the-middle proxies, and various other unwanted forms of interference, has led to the wholly-predictable rise of encryption everywhere. We see HTTP2 with Google's SPDY baked-in, wider use of VPNs and so forth. The irony here is that this also has collateral damage, preventing some forms of actually-useful forms of network management. Again, strategic over-reach has resulted in the Internet not just defending its basic utility against a form of censorship, but escalating the battle.
What prompted this post was reading a new IETF Draft (see here) which explicitly "mandates end-users as the highest priority constituency for Internet standards". The needs of users (who generally aren't well-represented / advocated in standards) are now being absolutely prioritised above ISPs, vendors, developers, "implementors", governments and so forth. Theoretical considerations of technical "purity" or "elegance" come right at the bottom of the list.
It means that new IETF standards ought to check - and explicitly state - that user welfare is not harmed at the expense of other groups' gain. It's a bid to stop some of the back-room chicanery that goes on inside a lot of standards development (many groups are a lot worse than IETF - I'm sure readers will be able to identify the real culprits here). Small technical details are sometimes deliberately made to capture value on behalf of other constituencies, to the detriment of users (or rival groups).
This forces the principle of "design thinking" onto the normal engineering-led (and perhaps commercially-influenced) process.
This move appears to have been catalysed, in part, by the ham-fisted opposition to HTTP2/SPDY by the ironically-named "Open Web Alliance" set up by various (mostly US) telcos and vendors as part of ATIS. This group came up with the risible notion of "trusted proxies" which did not just allow useful traffic-management, but started with the premise of allowing ISPs free rein to break encrypted streams for a variety of use-cases, including ad-insertion, big-data collection, application discrimination and various other questionable practices.
In other words, the Internet is not just neutralising a specific example of "damage", but it's trying to ensure that those that attempted to damage it are de-fanged for the future as well.
The US battle against Net Neutrality was another instance. An attack by the ISP/telco industry on a relatively straightforward legal rule ended up with a much larger fight-back: culminating in the FCC implementing Title II for broadband, with help along the way from the likes of John Oliver and a major grass-roots campaign. What could have been a minor defeat turned into a major strategic rout, because of push-back to the way the US regulatory and lobbying system works. Whether it has learned its lesson is yet to be seen.
Various repressive regimes have also learned to their cost that attempting to harm the Internet can result in disproportionate retribution from it in response.
Over-doing the use-cases for zero-rating has also attracted the Internet community's ire, meaning that valid use-cases may suffer along with questionable ones, as some regulators ban the concept entirely.
Then there's the spies. Bodies like the NSA & GCHQ have had to deal with far more, and stronger, crypto, because recalcitrant vendors, whose reputations and exports have been hurt by intercepted data or underhand hacks, responded to users' demands uncompromisingly. The intelligence agencies - who have a difficult and thankless task - committed the cardinal sin of over-reach, and then had to deal with the consequences.
It seems likely that some of the push for LTE-U (4G in the same spectrum as WiFi) may go the same way. By angling for a version called LAA which needs licenced spectrum as a pre-requisite, the industry may well find itself unable to use LTE-U at all once the regulator gets involved. Plus it might even get worse - by suggesting WiFi and LTE can "play nicely" together (with coexistence protocols) in unlicenced bands, perhaps we'll get escalation. Surely this means private WiFi could run in today's licenced bands as well, as the evidence shows it could be implemented in ways that wouldn't interfere? That could hypothetically aid overall efficiency of spectrum utilisation, whilst not damaging the value of carriers' own spectrum....
The strategy of arguing "Who, me? Innocent little me? My intentions are good, honest!", with fingers crossed behind ones back, is no longer a viable one.
It could be argued that with these new powers, the Internet is in danger of becoming more than just petulant, but risks sometimes throwing the baby out with the bathwater. That seems to be the case with some of the genuine security risks that might emerge as an unintended consequence of crypto. It's possible that the Internet will need to control its own power better, a bit like the Incredible Hulk.
But for now, until it gets that self-control, the lawyers and lobbysists, telcos and ISPs, advertisers and snoops all need to imagine the Internet saying "You wouldn't like me when I'm angry" before pushing their luck too far. If you "try it on" with the Internet, prepare for a bigger slap than you expected. So for example, all this nonsense about "level playing fields" (see here), erecting toll-gates (here), or sly attempts to influence lawmakers about spurious notions of "platform neutrality" (here) will make the Internet bite back. Hard.
2 comments:
I always enjoy your writing, Dean, but this is a particularly good article. Very well argued, and I like the Hulk analogy. Thanks!
I guess I disagree here. The Internet in a way is a tool. We are seeing many repressive countries around the world using it to build their own closed gardens of the Internet to fit their needs - China, Russia and a bunch of middle eastern countries. In the US, you see government bodies taking too much interest in our so called privacy - and the backlash isn't really working...
The internet changes nothing in the ways countries and enterprises treat their citizens and customers. It amplifies what was already there.
Post a Comment