Internet security—who needs it?

Internet security—who needs it?

Internet security—who needs it?

Inside the Internet.
Jan. 28 2004 3:40 PM

See You on the Darknet

Why we don't really want Internet security.

Illustration by Mark Alan Stamaty

I have a game I play whenever I read an essay on politics written by a techie: How long until the first reference to George Orwell? Autodesk founder John Walker, in a recent 28,000-word monograph ponderously titled "The Digital Imprimatur," wastes no time: His piece is subtitled "How big brother and big media can put the Internet genie back in the bottle." If your eyes don't glaze over right then, they will as soon as Walker begins to explain how by signing up for cheap broadband service, with its firewalls and dynamic IP addresses, you've already compromised your freedom.

Walker goes on, listing spam filters, antivirus software, even those perennially just-around-the-corner micropayment schemes as further nails in the coffin of liberty. "I have been amazed at how few comprehended how all the pieces fit together in the way I saw them inevitably converging," he says, in the patiently condescending tone of a Bond villain. But Walker's heavy-handed prose would be funnier if he didn't have a point.


True, his final forecast is standard tech-blog fare: Totalitarian governments (you know, like the one in 1984) will clamp down on the Net by instituting a digital Mark of the Beast, a personally assigned crypto-certificate that tags every online transaction, letting authorities track exactly who did what, where, and when. But Walker also argues that the rest of us (the ones who aren't yet peons in Orwellian regimes) will voluntarily sign up for similar surveillance when the certificate system is marketed to us as a cure for spam, fraud, and other Internet annoyances. He's right that we'll be sold this stuff. The question is, will we buy it?

Personal ID certificates are already an essential part of the Next Generation Secure Computing Base, a content-control system for PCs being developed by Microsoft (which owns Slate) and an industry consortium that includes Intel and other chip makers. Together, the alliance hopes to build an uncrackable data vault into future PCs, one that works in tandem with the Windows operating system. Users would need to present the right certificates before being allowed to transfer data into or out of the vault. Those who try to pick the locks may find they've left digital fingerprints all over the place. The system will be opt-in, as noted in the working group's FAQ (See No. 25: "It can be disabled permanently," unlike Orwell's telescreens).

I'm all for that kind of security where it belongs—I sure hope my bank adopts it. But as Walker notes, an always-on ID would take a lot of the fun out of idle Web surfing. Advocates tout secure computing as a way to protect your medical records from hackers. But who are they kidding? The biggest beneficiaries would be music companies and Hollywood studios, whose downloadable songs and movies would be much harder to pull from the vaults of individual computers and trade around the Net.

So why would we opt in to such a restrictive system? The FCC and Congress could mandate it—they're already being lobbied to create a national Internet driver's license on the grounds it'll stop everything from spam to libel to pedophilia to terrorism. Even Howard Dean plugged this proposal in a speech two years ago (he got to Orwell on Page 6). But Walker is right. It's more likely that private companies will begin to require people to present digital IDs in the name of a better customer experience. E-commerce and entertainment sites could require them as antipiracy measures. Corporate networks could insist all inbound messages be digitally signed to minimize spam from outsiders. How would we respond? Walker thinks that with such constant incentives, average users, the people who don't spend every moment obsessing about the potential repercussions of a certificate system, might just leave the ID system on permanently. 


Walker's scenario is credible enough that Newsweek covered his essay in an article that only de-Orwellized it to the extent of changing Big Brother to "Big Government." But Newsweek also added the missing part of the story: a more nuanced sense of how Internet users would react to such a system. Using the Net without the feeling you're being watched, downloading and uploading stuff you'd get in trouble for leaving on your desk—come on, that's a major part of its appeal. Any privacy clampdown would boost outlaw computing as surely as the 55 mph limit did speeding *. "Picture digital freedom fighters huddling in the electronic equivalent of caves, file-swapping and blogging under the radar of censors and copyright cops," Newsweek concluded. They might as well have added: Cooooooooooool.

An ad hoc alliance of techno-rebels covertly transferring unauthorized data in defiance of network authorities—sound familiar, Neo? It's such a popular scenario that the same Microsoft researchers leading the company's secure computing efforts wrote a paper two years ago describing this inevitable backlash, which they dubbed the darknet. The darknet! Jeez, are they trying to make piracy cool? Who'd want to hang out on the boring old Internet when the other kids are on the darknet? The term has been picked up by mainstream publications including Rolling Stone, which defined darknets (plural) as "file-trading networks created by and for small, private groups of people." Instead of relying on KaZaA, these groups use programs like WASTE that let them swap wares on discrete networks without being remotely tracked. Even a cop with a subpoena would be hard-pressed to detect such a network's existence.

Microsoft's paper flatly warns that trying to shut down these networks could backfire:

There is evidence that the darknet will continue to exist and provide low cost, high-quality service to a large group of consumers. This means that in many markets, the darknet will be a competitor to legal commerce. From the point of view of economic theory, this has profound implications for business strategy: for example, increased security may act as a disincentive to legal commerce.

That's already happening, according to BigChampagne founder Eric Garland, whose company tracks and reports file-swapping behavior as a marketing tool for entertainment companies. "You see people opt out at every turn," he says, when they encounter antipiracy mechanisms affixed to music and video downloads. Garland's research finds that average Net users balk at even the free-and-easy user ID system in Apple's iTunes. The result: 50 million Americans trade illegally on P2P networks, while only a few hundred thousand buy legal downloads. "It's a terrible mistake to underestimate the average Internet user," Garland told me. "They want to deal with the Internet on their own terms. They're not all computer savvy, but they're savvy enough to find someone who is." And the 50 million veterans of the music wars will be hard to sell on the security or convenience of any system that takes away their options.

Wondering how the security vs. privacy struggle might play out, I e-mailed Steven Levy, the respected tech journalist who penned the Newsweek article. "I'm currently at CES," he replied, "which is shaping up as a celebration of the stuff that gives Hollywood chills—distribution, ripping, burning, of all sorts of content (for personal use, of course)." Exhibitors avoided discussing security systems that might get in the way of all that fun, Levy noted. "If it's onerous out of the box"—i.e., if it requires a digital driver's license that keeps users from enjoying the full benefits of the darknet—"people won't use it, and won't want to buy computers that have it."

Walker's manifesto spells out the ugly truth: As the Net gets more powerful, other powers will feel increasingly threatened by it and try to take it under control. But to do so, they'll need the complicity of those who build the hardware and software. If the Consumer Electronics Show is any clue, the gadget makers have figured out that if the powers that be get their digital imprimatur and their secure Internet, the real money will be in darknets.

Correction, Jan. 29, 2004: The text above originally referred to Jimmy Carter's 55 mph speed limit. But it was actually President Nixon who signed the law mandating the sluggish pace nationwide. Return to the corrected sentence.