<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div><br>
</div>
<div><a
href="http://www.vanityfair.com/culture/2012/05/internet-regulation-war-sopa-pipa-defcon-hacking">http://www.vanityfair.com/culture/2012/05/internet-regulation-war-sopa-pipa-defcon-hacking</a>
</div>
<div><br>
</div>
<div>
<div>
<h1>
World War 3.0</h1>
</div>
<div>
<div>
<div>
<div>
<p>
When the Internet was created, decades ago, one thing
was inevitable: the war today over how (or whether) to
control it, and who should have that power. Battle lines
have been drawn between repressive regimes and Western
democracies, corporations and customers, hackers and law
enforcement. Looking toward a year-end negotiation in
Dubai, where 193 nations will gather to revise a U.N.
treaty concerning the Internet, Michael Joseph Gross
lays out the stakes in a conflict that could split the
virtual world as we know it.<br>
</p>
</div>
</div>
<div>
<div>
<span> By <span><a
href="http://www.vanityfair.com/contributors/michael-joseph-gross">Michael
Joseph Gross</a></span></span><span> Illustration by
<span><a
href="http://www.vanityfair.com/contributors/stephen-doyle">Stephen
Doyle</a></span></span></div>
</div>
<div>
<img src="cid:part4.00090903.01070202@apc.org" alt=""
title=""><b>TWO FUTURES?</b> Privacy, piracy, security,
sovereignty—the divisions on these issues reflect an even
deeper split between those who want tight control and those
who want unfettered freedom.</div>
<div>
<div>
<h4>
I. Time Bomb</h4>
<p>
<span>I</span>n 1979 the Dubai World Trade Centre
dominated the skyline of Dubai City, on the horn of the
Arabian Peninsula. Today, the World Trade Centre looks
quaint, like an old egg carton stuck into the ground
amid a phantasmagoric forest of skyscrapers. But come
December the World Trade Centre will once more be the
most important place in Dubai City—and, for a couple of
weeks, one of the more important places in the world.
Diplomats from 193 countries will converge there to
renegotiate a United Nations treaty called the
International Telecommunications Regulations. The
sprawling document, which governs telephone, television,
and radio networks, may be extended to cover the
Internet, raising questions about who should control it,
and how. Arrayed on one side will be representatives
from the United States and other major Western powers,
advocating what many call “Internet freedom,” a plastic
concept that has been defined by Secretary of State
Hillary Clinton as the right to use the Internet to
“express one’s views,” to “peacefully assemble,” and to
“seek or share” information. The U.S. and most of its
allies basically want to keep Internet governance the
way it is: run by a small group of technical nonprofit
and volunteer organizations, most of them based in the
United States.</p>
<p>
On the other side will be representatives from countries
where governments want to place restrictions on how
people use the Internet. These include Russia, China,
Brazil, India, Iran, and a host of others. All of them
have implemented or experimented with more intrusive
monitoring of online activities than the U.S. is
publicly known to practice. A number of countries have
openly called for the creation of a “new global body” to
oversee online policy. At the very least, they’d like to
give the United Nations a great deal more control over
the Internet.</p>
<p>
Mediating these forces in Dubai will be a man named
Hamadoun Touré. Charming and wily, he is a satellite
engineer who was born in Mali, educated in the Soviet
Union, and now lives in Geneva. He serves as
secretary-general of the U.N.’s International
Telecommunication Union (I.T.U.).</p>
<p>
Touré abjures pallid diplomatic doublespeak, instead
opting for full-on self-contradiction that nonetheless
leaves little doubt where his sympathies lie. In one
breath Touré says, “The people who are trying to say
that I.T.U. has an intention of taking over the
management of the Internet simply do not know how the
I.T.U. is functioning.” In the next, noting that
Internet users in America represent only a tenth of the
total, he says, “When an invention becomes used by
billions across the world, it no longer remains the sole
property of one nation, however powerful that nation
might be. There should be a mechanism where many
countries have an opportunity to have a say. I think
that’s democratic. Do you think that’s democratic?”</p>
<p>
<span>T</span>here is a war under way for control of the
Internet, and every day brings word of new clashes on a
shifting and widening battlefront. Governments,
corporations, criminals, anarchists—they all have their
own war aims.</p>
<p>
In February, the Swedish Supreme Court refused to hear
appeals from three founders of the Pirate Bay, the
world’s largest illegal file-sharing Web site, who had
been sentenced to prison for copyright infringement. The
same day, one of those men issued an online call to
arms, urging users to abandon the entertainment
industry: “Stop seeing their movies. Stop listening to
their music.... Remix, reuse, use, abuse.” Shortly after
that, Google was discovered to have been secretly
bypassing privacy settings on Apple iPhones and
computers that use the Safari browser; the company was
monitoring Web activity by people who believed they’d
blocked such tracking. Around the same time, the
European Union proposed that companies such as Google
must obtain explicit consent from individuals for data
collection; but these regulations would not take effect
for years, by which point digital dossiers on almost
every Internet user will have been bought and sold by
marketers many times over. Meanwhile, the F.B.I. has
been distributing “See something, say something” flyers
to Internet-café owners in the U.S., warning that the
use of certain basic cyber-security measures could be
considered grounds for suspicion of possible terrorist
activity. In response to the F.B.I.’s growing
preoccupation with virtual insurgents, guerrilla hackers
operating under the name Anonymous posted online an
audio recording of F.B.I. and Scotland Yard officials
discussing how to handle Anonymous attacks. Then
Interpol, together with American and European
authorities, busted 31 suspected Anonymous
hackers—including the one who covertly recorded that
conference call—and an F.B.I. official declared victory
over LulzSec, one of the most prominent Anonymous
splinters, with the boast that “we’re chopping off the
head” of that faction.</p>
<p>
The War for the Internet was inevitable—a time bomb
built into its creation. The war grows out of tensions
that came to a head as the Internet grew to serve
populations far beyond those for which it was designed.
Originally built to supplement the analog interactions
among American soldiers and scientists who knew one
another off-line, the Internet was established on a
bedrock of trust: trust that people were who they said
they were, and trust that information would be handled
according to existing social and legal norms. That
foundation of trust crumbled as the Internet expanded.
The system is now approaching a state of crisis on four
main fronts.</p>
<p>
The first is sovereignty: by definition, a boundary-less
system flouts geography and challenges the power of
nation-states. The second is piracy and intellectual
property: information wants to be free, as the hoary
saying goes, but rights-holders want to be paid and
protected. The third is privacy: online anonymity allows
for creativity and political dissent, but it also gives
cover to disruptive and criminal behavior—and much of
what Internet users believe they do anonymously online
can be tracked and tied to people’s real-world
identities. The fourth is security: free access to an
open Internet makes users vulnerable to various kinds of
hacking, including corporate and government espionage,
personal surveillance, the hijacking of Web traffic, and
remote manipulation of computer-controlled military and
industrial processes.</p>
<p>
<span>T</span>here is no agreement about how any of
these problems should be solved. There isn’t even
agreement on how to define the basic terms of debate.
“Internet freedom,” for instance, is the avowed
objective not only of the U.S. secretary of state but
also of WikiLeaks, which published hundreds of
thousands of classified State Department diplomatic
cables.</p>
<p>
One way to think about the War for the Internet is to
cast it as a polar conflict: Order versus Disorder,
Control versus Chaos. The forces of Order want to
superimpose existing, pre-digital power structures and
their associated notions of privacy, intellectual
property, security, and sovereignty onto the Internet.
The forces of Disorder want to abandon those rickety old
structures and let the will of the crowd create a new
global culture, maybe even new kinds of virtual
“countries.” At their most extreme, the forces of
Disorder want an Internet with no rules at all.</p>
<p>
A conflict with two sides is a picture we’re used to—and
although in this case it’s simplistic, it’s a way to get
a handle on what the stakes are. But the story of the
War for the Internet, as it’s usually told, leaves out
the characters who have the best chance to resolve the
conflict in a reasonable way. Think of these people as
the forces of Organized Chaos. They are more farsighted
than the forces of Order and Disorder. They tend to know
more about the Internet as both a technical and social
artifact. And they are pragmatists. They are like a
Resistance group that hopes to influence the battle and
to shape a fitful peace. The Resistance includes people
such as Vint Cerf, who helped design the Internet in the
first place; Jeff Moss, a hacker of immense powers who
has been trying to get Order and Disorder to talk to
each other; Joshua Corman, a cyber-security analyst who
spends his off-hours keeping tabs on the activities of
hackers operating under the name of Anonymous; and Dan
Kaminsky, one of the world’s top experts on the
Internet’s central feature, the Domain Name System.</p>
<p>
Although they may feel a certain kinship with one
another, they are not an organized group. Their main
point of agreement is that the Internet has changed the
world forever, in ways we are only beginning to
understand. They know that Order is impossible and that
Disorder is unacceptable. They understand that the world
is a messy place whose social arrangements come and go.
But they are united in the conviction that what must be
preserved and promoted at all costs is what the forces
of Order and Disorder, in their very different ways, are
both intent on undermining: the integrity of the
Internet itself as a reliable, independent, and open
structure.</p>
</div>
</div>
</div>
<div>
<div>
<div>
<h4>
II. Free-for-All</h4>
<p>
<span>V</span>int Cerf knew from the start that there
was a problem—he just couldn’t fix it. The year was
1975, and Cerf was on a team of computer scientists at
Stanford University under contract to finish a new
communications network for the U.S. military. The goal
was full cryptographic capability—a system that allowed
all messages to be authenticated from both sides—on a
network that could be used anywhere in the world. Two
things prevented the scientists from making this network
as secure as they would have liked. One obstacle was
institutional: “The only technology that would have
allowed for such security was still classified at the
time,” Cerf recalls. The other obstacle was simple
momentum. Before the developers could implement truly
secure encryption, Cerf explains, “the system kind of
got loose,” meaning that problems would have to be fixed
on the fly.</p>
<p>
Cerf is frequently referred to as “the father of the
Internet.” His most celebrated achievement, for which he
shares credit with the engineer and computer scientist
Robert Kahn, was creating the TCP/IP protocol, the
system that allows computers and networks all over the
world to talk to one another. He was an early chairman
of the Internet Corporation for Assigned Names and
Numbers, or <span>icann</span>, which maintains the
Domain Name System, the virtual address book that shows
your computer where to go when you type the name of a
Web site into your browser. He now works as Internet
Evangelist—that’s his actual title—for Google.</p>
<p>
Most of the Internet’s problems, Cerf believes, stem
from the issue of state sovereignty. The Internet was
designed to ignore national boundaries. It was designed
this way, Cerf says, because “it was intended to deal
with a military problem”: how could soldiers exchange
messages without letting their enemies know where they
were? Cerf and others solved that problem by building a
decentralized network that routed messages from place
to place using addresses that had nothing to do with
physical locations.</p>
<p>
This was something new. International telephone
transmissions were marked with country codes that named
their origins and end points and had to pass through
central switches in the countries at both ends. Radio
transmissions, similarly, had to hop from the fixed
points of towers. On the Internet, by contrast, traffic
skittered from place to place on a network whose shape
could be in constant flux. The Internet had no center at
all.</p>
<p>
With one exception. The sole centralized feature of the
Internet was the Domain Name System. The United States
created that system, which lives on root servers, and
Americans maintained it even as the Internet started
spreading. The first thing your computer does when you
type a Web site or e-mail address into your browser is
to ask a local D.N.S. server for the numerical IP
address of that destination. Because the D.N.S. servers
are the first stop, the D.N.S. is not just the
Internet’s address book. It’s also the corner post
office. Whoever runs the D.N.S. system can potentially
control whether your browser requests get to the proper
place and thus control where you can and can’t go
online.</p>
<p>
<span>B</span>y the mid-1990s, the Internet was teeming
with life, some of it dangerous or unpleasant. Certain
aspects of the unpleasantness were inadvertently
self-created. Since World War II, the U.S. government
had classified cryptography as a munition, subject to
stringent export controls. In the Internet’s first
decades, those restrictions made it difficult to do
business securely online. No one liked the prospect of
making financial transactions on the Web without strong
encryption, and international transactions were
impossible unless parties in both countries used the
same encryption techniques. So in 1997, President Bill
Clinton relaxed export controls on encryption. This had
the unintended effect of giving criminals new ways to
steal intellectual property: now they could easily
encrypt what they took and send it out of the country,
to Russia, China, or elsewhere. Those criminals
pioneered the systematic exfiltration of intellectual
property that plagues American business today.</p>
<p>
Loosening export controls also had the effect—and this
was very much intended—of commercializing the Internet.
In fact, the Clinton administration was creating
something close to an online free-for-all with its
determined efforts to make the Net an engine for
business. But even after the encryption export controls
were relaxed, businesses outside the U.S. remained wary
of the Internet, thinking of it as a de facto American
protectorate. Its one centralized feature, the Domain
Name System, remained under U.S.-government control.</p>
<p>
Clinton had seen that problem coming, and had already
set out to turn the D.N.S. over to the private sector.
The result was <span>icann</span>, a nonprofit body
whose advisory committees include representatives of
more than 100 countries and scores of corporations.
Technically, <span>icann</span>remains under the
Commerce Department’s authority, but other governments
have a meaningful say in the group’s decisions. For
instance, Xiaodong Lee, one of China’s Internet czars,
is <span>icann</span>’s vice president for Asia. The
creation of <span>icann</span> signaled that the
Internet would be something akin to global patrimony,
not an online version of American soil.</p>
<p>
This shift helped set the Internet free. But the more
the global economy came to depend on the Internet, the
harder it was for governments to tame or limit it. This,
too, was intentional. To ensure a surge of e-commerce,
the administration systematically pushed aside or
revised whatever might stand in the way, including
taxes, tariffs, regulations, and intellectual-property
standards. Grabbing with both hands for the Internet
economy meant letting go of old ideals of governance.</p>
<p>
Whole new problems eventually arose as markets and
communications moved online, and as all these online
exchanges were preserved digitally and became
searchable. Who owned all this data? Who should have
access to it? Corporations such as Microsoft, Google,
and Facebook began butting heads with the government.
They also began butting heads with their own customers.</p>
<p>
Corporate ambitions are a huge issue, but “the real War
for the Net,” Cerf believes, “is governments who want to
control it, and that includes our own government. If you
think about protecting the population and observing our
conventional freedoms, the two are really very much in
tension.” Cerf cites the debate over the U.S.A. Patriot
Act, enacted in 2001, which greatly expanded the U.S.
government’s domestic-surveillance authority. He also
cites efforts by Middle Eastern governments to control
online communications, particularly as the Arab Spring
began to unfold, in 2011. And then there’s the vast
example of China, whose Great Firewall puts severe
limits on what Chinese users can view online.</p>
<p>
On the Internet, what constitutes a “government” anyway?
When Google announced in 2010 that it had fallen victim
to Chinese hackers, it chose to publicize the fact that
the Gmail accounts of Chinese political dissidents had
been compromised. Congressional staffers asked company
officials at the time about rumors that Google’s data
losses were in fact far more extensive. They recall
tense conversations with Google executives, who in
effect asserted executive privilege. One Hill aide
recalls, “Clearly these people are used to having their
way with everybody, which pissed us off. Because they
are not a state within a state, even though they
practically claim sovereignty.”</p>
<h4>
III. The Dark Tangent</h4>
<p>
<span>D</span>ead Addict remembers his hand trembling as
he dialed the number. What, he wondered, was the point
of even making the call? He stopped, reminding himself:
the Dark Tangent was counting on him.</p>
<p>
In 1992, a very young man named Jeff Moss, whose hacker
name is the Dark Tangent, wanted to meet some friends
he’d made online. So he organized a summer gathering in
Las Vegas, which he planned to call “Def Con,” short for
“defense condition” (<span>defcon</span>), the
military’s term for its worldwide alert posture. Changes
in <span>defcon</span>—a numbered scale from 1 (war) to
5 (peace)—had cued the turning points in <i>WarGames,</i> a
movie that made the young Jeff Moss aspire to become a
hacker in the first place. Moss had high hopes. For one
thing, he wanted Def Con to be a great party. He also
wanted to start “building a system of checks and
balances” between hackers and law enforcement, two
cultures that were becoming bitter adversaries. So when
his friend Eli, who goes by the name Dead Addict,
volunteered to help Moss plan the gathering, Eli got the
job of calling one of the hackers’ arch-nemeses, an
assistant attorney general in Arizona named Gail
Thackeray, and inviting her to come.</p>
</div>
</div>
</div>
<div>
<div>
<div>
<p>
Two years earlier, Thackeray had helped the U.S. Secret
Service run Operation Sun Devil, one of the first
crackdowns on illegal computer hacking. A lot of hackers
hated Thackeray, and Dead Addict was not surprised when
she responded to his invitation with the words “No. I
wouldn’t go to a convention of car thieves, either.”</p>
<p>
Hackers are nothing if not persistent, and Thackeray was
eventually persuaded to spend a few days in the kiln
that is Vegas in July. In a fire-engine-red blazer, she
listened impassively while hackers as young as 14
described how to crack into every imaginable “secure”
computer system. The hackers, for their part, eagerly
picked Thackeray’s brain, to learn the legal
implications of their recent and planned adventures. As
Moss remembers, Thackeray frequently interrupted their
questions to insert the word “hypothetically” in order
to make herself feel a little better about being there.</p>
<p>
Every summer, Moss uses Def Con to promote conversation
between the Internet’s forces of Order and Disorder. He
has become the go-between who translates his
subculture’s concerns to the culture at large, and vice
versa. Each year, more and more law-enforcement,
military, and intelligence personnel go to Def Con. On
the cusp of early middle age, Moss remains
boyish-looking. He wears rimless oval glasses and favors
long, silk-lined Shanghai Tang coats. Moss has become a
powerful man. He sits on the U.S. government’s Homeland
Security Advisory Committee, and he serves as the chief
security officer for <span>icann</span>.</p>
<p>
<span>W</span>here Vint Cerf argues that sovereignty
lies at the heart of the War for the Internet, Moss—who
as a hacker cut his teeth gaining access to systems and
information that belonged to others—argues that the
heart of the matter may be intellectual property. As
Moss points out, before the Internet, when copyrighted
information existed mostly in the form of physical
objects, it was inconvenient to violate copyright law,
for purely practical reasons. Then the Internet created
a giant mashup of Alexandria, the Louvre, the <i>Times-Herald-News-World-Journal-Tribune,</i> and
all of television, Hollywood, and the music industry.
People started to feel existentially entitled to this
wealth of information. As it became normal to post
songs, video clips, essays, and stories—all copyrighted
by other people—on Web sites, that sense of ownership
increased. In many minds, it became not just a
convenience but a right.</p>
<p>
This transformation occurred during the same years the
Internet became a place to do business. When
social-media sites such as Twitter and Facebook merged
those two functions—turning the common person’s
scrapbook into a cash cow for corporations—they sparked
the Internet’s next evolutionary adaptation. The
consumer and the citizen now combined to form a
complicated new species, most of whose members
experienced the change as extremely empowering—even as
they were also becoming extremely vulnerable.
Individuals were using their free access to intellectual
property to express themselves to one another—our
Facebook “likes” equaled our actual “selves”—creating a
phenomenon that is, for governments as well as
corporations, the most tempting target imaginable. This
trove of information is to an ordinary census database
what a super-collider is to a slingshot.</p>
<p>
Privacy advocates sounded alarms about the problem, but
the 2009 Green Revolution protests in Iran were a major
turning point. The ease with which the Iranian
government spied on its own citizens—using techniques
that anyone could deploy, with free and open-source
software—showed the fundamental insecurity of all
unencrypted data (which is almost all data) on the
Internet. Iranian-government authorities were able to
read citizens’ e-mails, diagram their social networks,
and keep watch on almost anything else they wanted to
observe. The spectacle of that violation, Moss says,
underscored for everyone that the character of the
Internet had fundamentally changed. It had evolved from,
as he puts it, a place “to put pictures of your cat” to
a place where “your liberty’s at stake.”</p>
<p>
Even so, the most influential Web sites, such as Google,
Facebook, and Twitter, balked at adapting to the new
reality they’d helped bring into existence. No
communications on any of those sites were fully
encrypted yet. Without mockery, Moss recites their
arguments in a plain tone, strained only by mild
weariness: “It’s too expensive. We never designed it to
be all encrypted. And, you know, the Net is not a
private place anyway. It’s not really our problem.” His
response, in the same tone, is that, since these
corporations built their empires by encouraging
everybody to share everything, they have a
responsibility to provide security.</p>
<p>
During that violent week in 2009, Iran also blocked its
citizens’ access to popular dissident Web sites.
Government authorities hijacked the Internet’s address
book—using a technique called D.N.S. blocking—so that
when people tried to organize via Facebook or Twitter,
they got sent elsewhere. Today, as chief security
officer for <span>icann</span>, Moss is implementing a
set of technical changes that will eventually make it
more difficult for anyone to engage in D.N.S.
blocking—difficult, but not impossible. “I’m curious if
it’s fixable,” Moss admits. “Everybody always calls it
rebuilding the airplane in flight. We can’t stop and
reboot the Internet.”</p>
<p>
<span>T</span>echnical constraints are complicated by
politics. Not everyone approves of the changes Moss
promotes. This winter, Congress considered two bills
designed to stop online piracy. The Protect Intellectual
Property Act (<span>pipa</span>) and the Stop Online
Piracy Act (<span>sopa</span>) could have allowed the
U.S. government to mandate D.N.S. blocking—the technique
that Iran had used—to prevent Americans from seeing
unauthorized postings of copyrighted material on
social-media or search-engine sites. The bill might also
have made those sites responsible for removing links to
pirated material. The D.N.S.-blocking provision was
dropped from the bills, whose other problematic features
were still subject to revision. But a ferocious Web
revolt, incited, in part, by Internet giants such as
Reddit, Google, and Wikipedia, invoked the specter of
censorship. The legislation was effectively killed.</p>
<p>
According to Moss, people who want more government
control of the Internet are saying, “Well, we’ll just do
this. We’ll just do that.” He says, “It’s like, You just
don’t <i>do</i> that with the Internet. Don’t have the
legislator who doesn’t understand how anything works
make the decisions. The biggest fear is that you’ll have
governments around the world legislating technical
standards. And then everything comes crashing down.”</p>
<p>
Besides, he goes on, “the more government tries to
regulate, the more people will try to build an Internet
that is uncensorable and unfilterable and
unblockable”—with tools such as darknets, which are
hidden networks that run on privately owned machines. On
the other side, authoritarian governments want to build
their own private Internets. The Iranian government has
in fact launched a “halal” Internet, cut off from the
rest of the world.</p>
<p>
Even Moss, who participates in the highest-level
discussions about global Internet policy, finds himself
unable to keep up with all of the efforts to control the
Internet that are happening right now. He says, “If
you’re using an analogy of Internet wars, the battles
are coming faster.” No sooner had <span>sopa</span> and <span>pipa</span> been
scuttled than other legislation sprang up in their place
in the U.S., Europe, and elsewhere. In January, after
Poland signed an international copyright agreement that
included provisions similar to those in <span>sopa</span> and <span>pipa</span>,
a group of Polish legislators protested the vote by
wearing Guy Fawkes masks—the visual emblem of
Anonymous—inside the Polish parliamentary chamber.</p>
<p>
One thing is clear. After this winter’s debates on
piracy, it will be difficult for legislators to handle
Internet policy the way they’ve handled so many other
issues: by gentlemen’s agreements among interested
parties. The intensity of protest will make that
impossible. And the guerrillas have powerful weapons.</p>
<h4>
IV. The Summer of Lulz</h4>
<p>
<span>T</span>he man known as Jericho said, “Raise your
hand if you were never an asshole at some point in your
career.” Not many hands went up. Last August, hundreds
of people jammed into a ballroom at the Rio hotel in Las
Vegas for a Def Con panel on hackers who operate under
the name of Anonymous. The event was called “Whoever
Fights Monsters”—a reference to Nietzsche: “Whoever
fights monsters should see to it that in the process he
himself does not become a monster.” Jericho’s line was a
reference to Aaron Barr, the former C.E.O. of the
cyber-security firm HBGary Federal. Several months
earlier, Barr had plotted to discredit WikiLeaks by
faking documents to make the group look unreliable. Then
Barr investigated the Anonymous hackers who were
supporting WikiLeaks, and boasted to the<i>Financial
Times</i> that he had “collected information on their
core leaders, including many of their real names.” In
retaliation, Anonymous hackers annihilated Barr’s Web
site, spilled HBGary’s archive of 71,000 e-mails onto
the Web, raided Barr’s Twitter account, and remotely
deleted everything from his iPad. Stephen Colbert
summarized the event memorably: “Anonymous is a hornet’s
nest, and Barr said, ‘I’m gonna stick my penis in this
thing.’”</p>
</div>
</div>
</div>
<div>
<div>
<div>
<p>
Jericho is known to the outside world as Brian Martin, a
Denver cyber-security consultant. The objective of his
discussion was to talk about—and to—Anonymous hackers.
Some of them were in attendance. Jericho was hoping to
nudge them toward using their power in constructive ways
that minimize collateral damage.</p>
<p>
He sat at a table onstage with Joshua Corman, whose day
job is as director of security for a firm called Akamai.
Corman, a compact, bearded man, tapped his fingers on
the table, fiddling with his Starbucks coffee cup. A few
months later, in Corman’s dining room in the small New
Hampshire town where he lives, we watched a video of the
discussion. He recalled being almost paralyzed with
nerves.</p>
<p>
After the HBGary hack last February, the public image of
Anonymous went split-screen. On the one hand, Anonymous
operations supported the Arab Spring (and, later, Occupy
Wall Street). On the other hand, a group of hackers
identifying itself as a splinter of Anon, called LulzSec
(“lulz” means “laughing out loud” at the victim of a
prank; “sec” means security), launched a series of
attacks that trashed all standards of privacy and
security. The attacks, known as “the summer of lulz,”
were, on the whole, as pathologically anarchic as
something the Joker might have done. LulzSec hacked
Fox.com and leaked the contestant database for the show <i>X
Factor,</i>then posted a fake news story about Biggie
Smalls and Tupac Shakur on the PBS Web site. When
Arizona passed a Draconian immigration bill, LulzSec
spilled online the personal contact information of
hundreds of the state’s policemen.</p>
<p>
In many cases, Corman recalls, “there was no moral, or
righteous, or freedom cause” behind the actions. “It was
about having fun and breaking stuff.” When he decided to
speak publicly, Corman endorsed the goals of using the
Web to effect political change and expose corruption,
goals that Anonymous hackers sometimes cite. Even so, he
could not stop worrying that by doing so he was putting
himself and his family in harm’s way.</p>
<p>
<span>R</span>eporters generally refer to Anonymous as a
“group” or, somewhat more accurately, as “a loose
collective.” Anonymous, Corman explains, is not really
a group, and it is a “collective” only insofar as there
is some overlap among the individuals who perform the
deeds attributed to Anonymous. “Anonymous is more like a
brand or a franchise,” Corman says—it’s a term used by
many individuals and groups with many ideologies for
many kinds of actions. Hacking by Anonymous generally
expresses a hunger for the complete transparency of
governments and corporations. Anonymous hackers often
oppose surveillance and promote self-government. Beyond
these principles, there is little consensus. Corman
compares Anonymous to a Rorschach blot, in which the
forces of Order and Disorder alike see what they want to
see.</p>
<p>
With Jericho, Corman started tracking Anonymous last
year. (This effort has nothing to do with his day job at
Akamai.) On Corman’s blog, the two offer what may be the
most clear-eyed analysis of the Anonymous phenomenon
available anywhere. Why, given the risks, does Corman
pursue it? In some ways, the arc of his life seems to
leave him little choice. He became the man of the
household at age 14, after his parents’ divorce. Like
many children who prematurely take on adult
responsibilities, he developed a fascination with power.
For Corman, that fascination was nourished by the
comic-book adventures of Spider-Man, a six-foot plastic
statue of whom stands in the foyer of his house. He
often quotes a famous Spider-Man line—“With great power
comes great responsibility.” Corman sometimes escaped
from the burdens at home by diving into his computer. He
compares his early experiences of programming, and of
the Net, to a kind of sorcery.</p>
<p>
Corman believes that the spread of “hacktivism,” which
first made mainstream headlines when Anonymous attacked
the Church of Scientology in 2008, demonstrates that
“those who can best wield this new magic are not
nations. They’re not politicians. The youngest citizens
of the Net don’t even recognize allegiance to a country
or to a political party. Their allegiance is to a hive.
In some ways this is very exciting. In other ways this
is terrifying.” The terrifying part, for Corman, is that
the Web gives individuals immense power without
instilling the “compassion, humility, wisdom, or
restraint to wield that power responsibly.”</p>
<p>
Corman once jokingly referred to himself as “the guy
with the Spider-Man statue who’s gnashing his teeth in
New Hampshire.” Like everyone who understands the
decentralized structure of the Internet, he is skeptical
of government attempts to control it. He does harbor
some hope, and it’s partly a legacy of those comic
books: “The most badass hackers I know get no
satisfaction out of attacking. They prefer defending,
because it’s harder.” He wonders if we’re about to see
the rise of another form of Internet vigilante, who will
create tools to vanquish Anonymous attacks and deliver
the miscreants by the scruff of the neck, as Superman
would, to the government’s doorstep. “Do the Avengers
need to rise?” Corman asks. “When do they rise? They
rise when the system doesn’t sufficiently fight evil.”</p>
<p>
In the meantime, Anonymous has spawned a tiny cottage
industry that keeps a very low profile: mercenary
fighters hired by major corporations to protect them
from attacks. HBGary used to perform this kind of
service, until it was ambushed. These mercenaries
conduct surveillance on the Internet chat rooms where
Anonymous hackers congregate, hoping to warn corporate
clients of potential peril. They also develop virtual
weapons that companies can buy to defend themselves.</p>
<p>
It is hard to defend against the media, however, which
has mainly served the purposes of Anonymous. One Fortune
100 mercenary I spoke with laid out the typical template
in the press: “The stories are: Insert high-value target
here; something bad happens; attribute it to Anon. And
people are eating that up.” At the “Whoever Fights
Monsters” panel discussion in Las Vegas last summer,
Joshua Corman says, one hacker in the audience asked,
“Why doesn’t Anonymous do something more discreet
instead of these huge attacks that cause collateral
damage, and just tell the press what you did?” Another
hacker, who is known to participate in Anonymous
operations, answered instantly: “They don’t cover it. We
tried.” Listening to that exchange, Corman says, he
realized, “The media is a player in this drama. They’re
not observing or describing. They’re being played.”</p>
<p>
And they’re being played by all parties. The bust of
Anonymous and LulzSec in March was hailed even by many
leading cyber-security bloggers as “the end of Anon.”
The idea that any faction of Anonymous has a “head” that
could be chopped off, as the F.B.I. claimed, suggests
either a fundamental lack of understanding of the
phenomenon or a willful misrepresentation of it. (It may
well be the latter. According to the F.B.I., the most
prominent among the hackers who were arrested, Hector
Monsegur, known as “Sabu,” had been an F.B.I. informant
since the previous June—a period during which he rallied
LulzSec hackers to attack the F.B.I.) Corman says, “Even
if every current participant of Anonymous were arrested,
someone would take up the design of this activity, if
not the mantle.” In other words: as an instrument of
disruption, Anonymous may be too resilient ever to be
killed.</p>
<h4>
V. Organized Chaos</h4>
<p>
<span>A</span>new telecom treaty is unlikely to result
in either side achieving total victory. At the very
least, however, the negotiation in Dubai will move
countries to put their cards on the table and declare
just how much control they want to assert over Internet
governance.</p>
<p>
The Net has given more individuals more power in a
shorter period of time than any new technology in
history. And unlike many other world-changing
technologies, there is no institutional barrier to
access. This has made it, on balance, mostly destructive
of institutional authority, especially that of
nation-states. National sovereignty encompasses many
powers, but one of its core elements has been a monopoly
on the control of overwhelming force. Now that hackers
are able to penetrate any and all computer networks,
including military ones, that monopoly no longer exists.
Nation-states, not surprisingly, resist the erosion of
their power and seek ways to reclaim it.</p>
<p>
Hamadoun Touré, who will be running the show in Dubai,
says he seeks nothing more than a “light touch” on the
Internet’s operations. He in fact chuckled when he
uttered those words in the course of an interview.</p>
<p>
At least three big issues are very likely to be on the
table in Dubai, and there’s nothing light about them.
One is taxation—a “per click” levy on international
Internet traffic. Western countries and business
organizations oppose such a tax, as you would expect.
China and many Third World countries favor it, saying
the funds would help build the Internet in developing
countries.</p>
</div>
</div>
</div>
<div>
<div>
<div>
<p>
A second issue is data privacy and cyber-security.
Authoritarian governments want to tie people’s real
names and identities to online activity, and they want
international law to permit national encryption
standards to allow government surveillance.</p>
<p>
The third issue is Internet management. Last year,
Russia, China, and some pliant allies jointly proposed a
U.N. General Assembly resolution (which failed)
suggesting the creation of a global
information-security “code of conduct” and—as if
declaring open season on <span>icann</span> and the
other non-governmental groups currently in
charge—asserting that “policy authority for
Internet-related public issues is the sovereign right of
states.”</p>
<p>
All of these proposals amount to a wish list by the most
extreme elements of the forces of Order. The forces of
Disorder have no official voice at the
negotiations—obviously they’re not invited—but they
represent a wild card. Although they have thus far shown
no apparent interest in Dubai, some of them have
announced plans to perform a technical feat beyond
anything done so far. In what is being called Operation
Global Blackout, they want to bring down the Domain Name
System itself—and thus halt all Internet traffic
completely—with a springtime attack on the root servers,
all in the name of protesting “<span>sopa</span>,
Wallstreet, our irresponsible leaders, and the beloved
bankers who are starving the world for their own selfish
needs out of sheer sadistic fun.” Whether that happens
(or even could happen), the announcement was an obvious
warning flag. Internet experts take the threat
seriously. Even if it fails, it presages future
attempts.</p>
<p>
<span>I</span>n the War for the Internet, is there a
middle way? The forces of Organized Chaos are not an
organized group, don’t call themselves by any name, and
disagree on many points. In what follows, I’m going to
try to distill a synthesis of their views.</p>
<p>
The commitment that unanimously binds them is to make
the Internet as reliable as possible. One leading
apostle of reliability is Dan Kaminsky, a security
analyst and D.N.S. expert and the head of a new stealth
start-up. He is a close friend of Jeff Moss’s—and, like
Moss, a self-appointed ambassador to Washington. He
sometimes opens meetings on the Hill by saying, “There
are bad guys on the Internet. Unfortunately, you’re
helping them.” He is a serial entrepreneur whose current
mission is to augment passwords with other ways for
Internet users to prove their identities that are more
robust, easier to use, and harder to crack. “The only
thing everyone agrees on,” says Kaminsky, “is that the
Internet is making everyone money now and it’s got to
keep working.”</p>
<p>
As they devise new systems of authentication, Kaminsky
and others are working to be sure that these
authentication systems preserve the qualities of privacy
and online anonymity—even though anonymity has
contributed to, if not created, almost every problem at
issue in the War for the Internet. The task at hand is
finding some way to square the circle: a way to have
both anonymity and authentication—and therefore both
generative chaos and the capacity for control—without
absolute insistence on either. It is a neat
philosophical trick: Sun Tzu meets John Locke meets Adam
Smith meets Michel Foucault.</p>
<p>
No one can say exactly how these sorts of standards
would be defined and applied, or who would be their
custodians. World governance doesn’t work. It has been
pursued for eons by hardheaded pragmatists and
woolly-brained eccentrics. Time and again it has been
defeated by the vagaries of human nature and the
opportunistic conflict of competing interests. In the
case of the Internet, the number of interested parties
runs into the billions, and they come from divergent
cultures and pursue irreconcilable objectives. As Vint
Cerf points out, this basic reality seeps through every
aspect of the War for the Internet. Around the world and
across generations, people have different tolerances for
civility, incivility, and invasion of privacy. “I think
it will be very hard to resolve this in a way that’s
globally acceptable,” he says.</p>
<p>
Freedom in human society, by definition, includes some
concept of boundaries. Freedom on the Internet has,
thus far, lacked any real concept of boundaries. But
boundaries are being invented. It seems certain that
nations, corporations, or both will create more zones on
the Internet where all who enter will have to prove
their real-world identities. Google and Facebook are
already moving in this direction. The most heavy-handed
suggestions entail a virtual passport or ID, which could
include biometric data.</p>
<p>
Some see stringent, universal, and mandatory
authentication of identity as a commonsense solution to
a number of the Internet’s biggest problems. If all of
our alter egos were brought into line with our analog
selves, wouldn’t we all behave better? Wouldn’t online
criminals stop using the cloak of anonymity to steal
from and spy on people? Wouldn’t people pay for the
books, music, movies, and newspapers that many now take
for free?</p>
<p>
The forces of Organized Chaos reject this argument. Vint
Cerf says, “When I hear senators and congressmen
complaining about anonymous speech, I want to stop them
and say, you should read your own history. The anonymous
tracts that objected to British rule and rules had a
great deal to do with the American Revolution. Weren’t
you paying attention in civics?”</p>
<p>
<span>G</span>iven the radically decentralized nature of
the Internet, the most important thing that anyone can
do is to try to make the center hold—but not too
tightly. That means protecting the Domain Name System,
the Internet’s sole central feature, from government
control while keeping governments involved in
maintaining it. The point is: there is no single “safe
pair of hands,” whatever the forces of Order might say.
Any safe pair of hands is a dangerous pair of hands.</p>
<p>
At the same time, the security of the D.N.S. itself
needs to be radically upgraded, to obstruct hijacking
and surveillance. Software-coding languages must become
more secure, to make programs more difficult to hack and
manipulate. Breach-reporting standards must be
established, at least for critical infrastructure, to
help corporations and law enforcement share knowledge
about hacking threats. Metrics for security and
privacy—two qualities that most people value but no one
knows how to measure—need to be defined. Finally,
“network neutrality” must be preserved. Net neutrality
is almost as plastic a concept as Internet freedom, but
to the forces of Organized Chaos, it means maintaining
the telecommunications infrastructure as a level playing
field. The Internet is open to everyone; service
providers can’t discriminate; all applications and
content moves at the same speed.</p>
<p>
To accomplish any of these things, governments will need
to create formal mechanisms to give the people who know
the most about the Internet—including computer engineers
and hackers—a meaningful voice in making policy. Basic
Internet literacy is now as critical to good governance
as basic knowledge about economics or public health, yet
Washington is still full of what Congresswoman Zoe
Lofgren, of California, calls “Wite-Out-on-the-screen
people.” Dan Kaminsky says that hackers, for their part,
have to stop focusing exclusively on “breaking stuff ”
and also start focusing on “fixing stuff.”</p>
<p>
And if Internet companies do not want intrusive
regulation, whether from their own governments or from
treaties such as the one to be negotiated in Dubai, they
will need to start solving the Internet’s problems on
their own. Melissa Hathaway, who led cyber-security
strategy for Presidents George W. Bush and Barack Obama,
points out that “the top 20 Internet service providers
in the world carry 90 percent of the Internet traffic.
They can see when you’re infected by a botnet. They can
see when you’ve been hacked.” Hathaway has defined a set
of general principles that Internet companies and
governments might get behind, such as a “duty to warn if
in imminent danger.” As she puts it, “It’s just like the
law of the sea: the duty to assist.”</p>
<p>
Beyond this core agenda, the forces of Organized Chaos,
by and large, think that the Internet should be allowed
to evolve on its own, the way human societies always
have. The forces of Organized Chaos have a pretty good
sense of how it will evolve, at least in the short term.
The Internet will stratify, as cities did long ago.
There will be the mass Internet we already know—a
teeming bazaar of artists and merchants and thinkers as
well as pickpockets and hucksters and whores. It is a
place anyone can enter, anonymously or not, and for
free. Travel at your own risk! But anyone who wishes can
decide to leave this bazaar for the security of the bank
or the government office—or, if you have enough money,
the limousine, the Sky Club, the platinum concierge. You
will always have to give something up. If you want utter
and absolute privacy, you will have to pay for it—or
know the right people, who will give you access to their
hidden darknets. For some services, you may decide to
trade your privacy and anonymity for security. Depending
on circumstance and desire, people will range among
these worlds.</p>
</div>
</div>
</div>
<div>
<div>
<div>
<p>
Aside from wealth or arcane knowledge, the only other
guarantor of security will be isolation. Some people
will pioneer new ways of life that minimize their
involvement online. Still others will opt out
altogether—to find or create a little corner of the
planet where the Internet does not reach. Depending on
how things go, that little corner could become a very
crowded place. And you’d be surprised at how many of the
best-informed people about the Internet have already
started preparing for the trip.</p>
</div>
</div>
</div>
</div>
</div>
<pre class="moz-signature" cols="72">--
</pre>
</body>
</html>