O'Reilly Emerging Technology conference: breaking old regulations and old habits
Scary observations like this led me to help organize a Birds-of-a-Feather session on telecom policy tonight. In several forums today at the O'Reilly Emerging Technology conference, we heard that emerging technologies depend on changing old regulations, old rules, old habits.
Bruce Schneier lays out a feasible futureRenowned author and cryptography expert Bruce Schneier offered an extremely lively and surprisingly fun keynote, updating his Secrets and Lies book and suggesting some concrete steps toward better security. As readers of Schneier's book and Cryptogram columns know, he moved beyond technical fixes long ago and now looks for social ways to improve Internet security.
Schneier started by saying that, despite all the technical advances in computing, security is still a problem because of complexity. I would rather say--and I believe this to be the true lesson of Schneier's talk--that security is still a problem because it is not purely technical, but involves an ongoing battle between human beings. It is a matter of sociology and psychology; technology is merely a vehicle.
As Schneier said, "Security is a people problem, not a technical problem." Actually, the people he was referring to at that moment were not the malicious crackers themselves, but the crowds of negligent programmers, managers, data centers, and policy-makers who tolerate weak security.
His proposals for improving the situation included:
Immune to attackThe following talk, as a colleague told me, was an antidote to Schneier's pessimism. Steven Hofmeyr described an adaptive, largely self-regulating system of intrusion detection inspired by the workings of immune systems in biological organisms. Amazingly enough, in his tests, it really works.
I have read of research into distributed network intrusion detection systems, but what Hofmeyr proposed went several steps beyond what I'd seen. One starts by creating random patterns. Those that match the expected behavior of the system (as seen in logfiles, etc.) are discarded; others are kept around for a while to see whether they succeed in detecting anomalies. When one of them matches something new on the network, a human administrator is notified. For new patterns, therefore, some manual intervention is required to determine whether the anomaly is OK.
But when a certain number of patterns are installed and have proven their worth, they are remarkably good at detecting intrusions quickly. The bigger the network you're monitoring, the more useful and effective they are. But as one audience member pointed out, the system is meant for relatively stable and predictable networks with internal traffic, not for open systems like public Web servers.
Both Schneier and Hofmeyr believe diversity is useful to minimize the damage of attacks, but Hofmeyr has more faith that diversity is achievable. As he pointed out, a single patch to an operating system can change the attacks that work or fail.
Making policy through the back doorI started this weblog with the shocking observation by David Reed that the wireless networks at the heart of this conference might have been illegal in the United States, save for some historical luck. The idea was meant to shake up the typical hacker out of his or her apolitical bliss.
One wireless provider had enough insight yesterday to ask me for a report on tonight's policy BOF, but admitted, "I'd rather just build networks without having to worry about policy." And among the fifteen people who showed up at the BOF, one queried me, "Why are you asking the government for help?" These questions are reasonable but show the crying need for education even among practitioners of wireless. Imagine how much greater is the ignorance among the media, the general public--and even the policy-makers themselves!
The fact is that wireless rests on very shaky legal ground. There are no less than four types of devices that are licensed to operate in the spectrum used by 802.11, and anyone operating one of these devices has a right to shut down someone who runs an 802.11 network in the same space. This is not widely known (the manufacturers of 802.11 devices certainly don't want to talk about it).
Now what do you think? Which is more important to the economy and to social progress in general: digital broadband or ham radio? The truth is that ham radio trumps digital broadband, just because ham radio has been around longer and therefore is sanctified with a license to use the spectrum. (Yes, it's happened--a ham radio operator has actually shut down an 802.11 network.)
The solution is not to license 802.11 providers--that would just hamper them with bureaucracy--but to find some new common spectrum where unlicensed operators could put up their networks without interference. (They could interfere with each other, but if we get this far we can start to find technical and political solutions to that problem.)
The FCC has expressed interest in packet radio over the years, sponsors groups to find ways to make it work (some people who have worked with these groups came to the meeting tonight), and has even started proceedings to implement proposals--but both the search for better spectrum and the potential for ultra-wideband (UWB) are terminally stalled.
It's become painfully obvious that, since 802.11 proponents lack a major commercial presence with millions of dollars to throw around in lobbying and contributions, neither Congress nor the FCC has incentives to improve the environment for it. Indeed, the disincentives are very strong. The lobbying sharks of traditional telecom companies have smelled 802.11 blood and are beginning to converge on it.
The apolitical radio operator who approached me today asked, "Can some policy shift actually shut me down?" It is indeed possible. And even though it probably won't get that bad (the public and the media know enough about wireless to provoke protest) the attention of Congress and the FCC are focused on pulling the monopoly telephone and cable companies out of the worst depression they've ever had. The last thing these forces want is a cheap, user-controlled alternative to their low-quality, overpriced services.
The hope forward may lie in doing what we're already doing--building the networks wherever we can--in combination with some creative digital-divide initiatives. We discussed:
Meanwhile, there are defensive measures we must take, too. Both Congress and the FCC are poised to close the regulatory doors that would let small, competing telephone companies coexist with the local monopolies in telephone and cable service. (This battle may already be lost, and in the opinion of some people at tonight's meeting was not worth fighting.) The notorious CBDTPA--which even Bruce Schneier singled out as a threat in this afternoon's keynote--would suppress innovative technology as well as the market for broadband. Municipalities that try to create networks are routinely sued by incumbent companies on a variety of pretexts. And a bevy of regulations could nickel-and-dime wireless Internet providers.
That was about as far as the BOF got by ten o'clock, when people began to rustle around and let conversations drop. I believe they were unconsciusly reacting to my shutting down my laptop. But the only reason I shut down my laptop was that I saw a message telling me my battery was low. I guess that's what it means to be a technology-driven policy group.
Don't forget 3GWhile analysts are increasing declaring "3G is dead," it's actually been successful in some parts of the world. Nowhere is it more successful than the Philippines, where wirelines are expensive and use is metered. This was the subject of the talk by entrepreneur and journalist Janette Toral.
While only 3 million people have access to fixed Internet access (and most of these go to Internet cafes to use it) 11 million get the Internet over cell phones. One of the most popular activities is SMS messaging, for which a variety of fun and user-friendly applications have sprung up. It has serious uses, too--farmers can access a service call B2BPriceNow.com, for instance, to determine fair prices for their commodities moment-by-moment.
Most U.S. observers are skeptical of SMS, but Toral thinks it could become more popular here and around the world. She recommends:
Who will blog the bloggers?I unfortunately missed most of the morning keynote by Steven Johnson, author of the popular book "Convergence," because I was busy in a conference call, saving the world. I made it to some of the following panel, where weblogs were heavily discussed. Weblogs seemed to be a theme running through the day. They played a big role in a talk about new journalism by San Jose Mercury News author Dan Gillmor, Most of which I also had to miss. And there was a BOF on blogging in the evening, but it adjourned to the bar and dissolved into chaos, appropriately enough.
The upshot is that a lot happened today concerning blogs, but I happened to be away for most of it. Which does not prevent me from gleefully abusing the medium right now.
File-sharing futuresKelly Truelove offered a talk about trends in P2P file-sharing systems. His focus was different from a talk given yesterday on the same subject by Lucas Gonze. Whereas Gonze traced theoretical work being done to create new distributed file systems, Truelove dealt with practical extensions to the two protocols that are currently most popular: Gnutella and FastTrack. (The latter is the basis of KaZaA and used to be employed also by Morpheus, which switched to Gnutella this past February.)
An ideal file-sharing system would be as fast as possible, use a reputation system to ensure that good data is returned, and would be massively scalable, anonymous, autonomous (that is, lack centralized points that could be shut down, and sensitive to different pricing of ISPs. Many of these goals are conflicting, of course.
In reality, systems that embody guarantees of robustness are also less efficient that others and impose extra burdens on the user. So those do not become as popular as systems that are more vulnerable. Even though today's systems lack the centralized indexes that Napster used, there is still a vulnerable centralization in boostrapping (finding other users to connect to).
Some ISPs forbid file-sharing systems under terms-of-service clauses that rule out running a server. Few block traffic from file-sharing systems unless forced to do so by copyright owners. But there is growing impatience with the loads generated by such systems. There is little appreciation for the notion that such systems can drive the adoption of high-bandwidth networking.
After Truelove's talk, I queried him about initiatives to provide special classes of low-priority traffic on the Internet. Researchers are suggesting that applications could voluntarily label themselves as second-class citizens and slow down when normal applications are active. If applications and network providers cooperate, a lot of the pressure on campus networks and other points would be relieved.