Download - Future of the Internet â And how to stop it.
Download - Future of the Internet â And how to stop it.
Download - Future of the Internet â And how to stop it.
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
166<br />
Solutions<br />
remain as safety valves should network filtering begin <strong>to</strong> block more than bad<br />
code.<br />
In <strong>the</strong> meantime, ISPs are in a good pos<strong>it</strong>ion <strong>to</strong> help in a way that falls short<br />
<strong>of</strong> undesirable perfect enforcement, and that provides a s<strong>to</strong>pgap while we develop<br />
<strong>the</strong> kinds <strong>of</strong> commun<strong>it</strong>y-based <strong>to</strong>ols that can facil<strong>it</strong>ate salutary endpoint<br />
screening. There are said <strong>to</strong> be tens <strong>of</strong> thousands <strong>of</strong> PCs converted <strong>to</strong> zombies<br />
daily, 27 and an ISP can sometimes readily detect <strong>the</strong> dig<strong>it</strong>al behavior <strong>of</strong> a zombie<br />
when <strong>it</strong> starts sending thousands <strong>of</strong> spam messages or rapidly probes a sequence<br />
<strong>of</strong> <strong>Internet</strong> addresses looking for yet more vulnerable PCs. Yet ISPs currently<br />
have l<strong>it</strong>tle incentive <strong>to</strong> deal w<strong>it</strong>h this problem. To do so creates a twostage<br />
cus<strong>to</strong>mer service nightmare. If <strong>the</strong> ISP quarantines an infected machine<br />
until <strong>it</strong> has been recovered from zombie-hood—cutting <strong>it</strong> <strong>of</strong>f from <strong>the</strong> network<br />
in <strong>the</strong> process—<strong>the</strong> user might claim that she is not getting <strong>the</strong> network access<br />
she paid for. <strong>And</strong> quarantined users will have <strong>to</strong> be instructed <strong>how</strong> <strong>to</strong> clean <strong>the</strong>ir<br />
machines, which is a complicated business. 28 This explains why ISPs generally<br />
do not care <strong>to</strong> act when <strong>the</strong>y learn that <strong>the</strong>y host badware-infected Web s<strong>it</strong>es or<br />
consumer PCs that are part <strong>of</strong> a botnet. 29<br />
Whe<strong>the</strong>r through new industry best practices or through a rearrangement <strong>of</strong><br />
liabil<strong>it</strong>y motivating ISPs <strong>to</strong> take action in particularly flagrant and egregious<br />
zombie s<strong>it</strong>uations, we can buy ano<strong>the</strong>r measure <strong>of</strong> time in <strong>the</strong> continuing secur<strong>it</strong>y<br />
game <strong>of</strong> cat and mouse. Secur<strong>it</strong>y in a generative system is something never<br />
fully put <strong>to</strong> rest—<strong>it</strong> is not as if <strong>the</strong> “right” design will forestall secur<strong>it</strong>y problems<br />
forevermore. The only way for such a design <strong>to</strong> be foolpro<strong>of</strong> is for <strong>it</strong> <strong>to</strong> be nongenerative,<br />
locking down a computer <strong>the</strong> same way that a bank would fully secure<br />
a vault by nei<strong>the</strong>r letting any cus<strong>to</strong>mers in nor letting any money out. Secur<strong>it</strong>y<br />
<strong>of</strong> a generative system requires <strong>the</strong> continuing ingenu<strong>it</strong>y <strong>of</strong> a few experts<br />
who want <strong>it</strong> <strong>to</strong> work well, and <strong>the</strong> broader participation <strong>of</strong> o<strong>the</strong>rs w<strong>it</strong>h <strong>the</strong><br />
goodwill <strong>to</strong> outweigh <strong>the</strong> actions <strong>of</strong> a minor<strong>it</strong>y determined <strong>to</strong> abuse <strong>it</strong>.<br />
A generativ<strong>it</strong>y principle suggests add<strong>it</strong>ional ways in which we might redraw<br />
<strong>the</strong> map <strong>of</strong> cyberspace. First, we must bridge <strong>the</strong> divide between those concerned<br />
w<strong>it</strong>h network connectiv<strong>it</strong>y and pro<strong>to</strong>cols and those concerned w<strong>it</strong>h PC<br />
design—a divide that end-<strong>to</strong>-end neutral<strong>it</strong>y unfortunately encourages. Such<br />
modular<strong>it</strong>y in stakeholder competence and purview was originally a useful and<br />
natural extension <strong>of</strong> <strong>the</strong> <strong>Internet</strong>’s arch<strong>it</strong>ecture. It meant that network experts<br />
did not have <strong>to</strong> be PC experts, and vice versa. But this division <strong>of</strong> responsibil<strong>it</strong>ies,<br />
which works so well for technical design, is crippling our abil<strong>it</strong>y <strong>to</strong> think<br />
through <strong>the</strong> trajec<strong>to</strong>ry <strong>of</strong> applied information technology. Now that <strong>the</strong> PC<br />
and <strong>the</strong> <strong>Internet</strong> are so inextricably intertwined, <strong>it</strong> is not enough for network