Examination of Witnesses (Questions 960
- 979)
WEDNESDAY 18 APRIL 2007
PROFESSOR JONATHAN
ZITTRAIN AND
MR ANDREW
CORMACK
Q960 Lord Young of Graffham:
Mr Cormack, you said in your response to the last question, that
the Internet should be like normal society where individuals take
their own responsibility for their security. But they do not,
the police do. Security services do in normal society. It is not
up to each of us to look after our security because otherwise
that way leads to anarchy, does it not? It does concern me slightly.
Mr Cormack: I certainly would encourage there
to be a greater role in policing because I think visible policing
actually improves user confidence. I think it was a real shame
when the public website of the National Hi-Tech Crime Unit went:
it was a very clear public statement of, "We are investigating,
we are prosecuting, we are convicting people." I think that
was a real blow to public confidence. Certainly in some places
the security services, the police, deal with some aspects of securityhere,
at airportsagainst major incidents. The things which are
causing problems on most of the Internet are not major incidents,
they are incidents at the level of losing a credit card number,
being knocked over by a car. I do not think we want the security
services to be responsible for keeping us safe from those sorts
of actions, using a cash machine which has had a device attached
to it. At some point the user has to take responsibility.
Q961 Earl of Erroll:
I just want to come back to your ISPs doing something about this
traffic which is going through. Will we need to re-write some
of the mere conduit defence rules to do that?
Professor Zittrain: I suppose it is possible
that there are legal interventions by which we would not want
the ISP to say, "I'm just the conduit. I'm just delivering
this ticking package. You can't blame me."
Q962 Earl of Erroll:
That is what happens at the moment, is it not?
Professor Zittrain: Right.
Q963 Earl of Erroll:
So we need to re-write our mere conduit rules?
Professor Zittrain: Yes. The reason you find
me hesitating, I think, is that "re-write" could be
strong. Youat least with the assent of the European Commissioncould
take a nibble out of the blanket immunity, an immunity which I
think has served very well, but say, "Here are some particular
circumstances." In many jurisdictions the mere conduit defence,
when it rises to the level of actual knowledge of something in
progress, can tend to evaporate and the kinds of things I have
in mind approach actual knowledge, either in the zombie example
I gave or if you are a hosting service for a web server and the
web server itself has been compromisedthis is now happening
with alarming frequencysuch that any person visiting the
web page in question with a browser which is not properly patched
will come away from the website infected; and the person running
the website, who may have no technical expertise, who is a merchant
who sells products off the site, really cannot be made to care
about the problem unless the presence of the malware on that site
could have that site shut down.
Q964 Earl of Erroll:
Then why can we not prosecute them under current laws for being
a party to fraud?
Professor Zittrain: I think those generally
require some level of knowledge.
Q965 Earl of Erroll:
You just explained they do have a level of knowledge.
Professor Zittrain: They might have an alert
from somebody which says, like telling the owner of a book store,
"I think there's suspicious material on shelf B." They
would say, "Well, that doesn't mean I know it, it just means
somebody has lodged a complaint and I have to maybe investigate."
Earl of Erroll: That is an offence.
Q966 Lord Young of Graffham:
But telephone companies are not responsible for the conversations
which go down the line?
Professor Zittrain: Right.
Q967 Lord Young of Graffham:
They are not even responsible for some of the chat services and
other things. Is there not an analogy between the two? How can
you make people responsible for what goes on the Internet but
they are not responsible for what is on the telephone?
Professor Zittrain: Yes. Lord Chairman, the
way I would make the distinction, if there is one to be made,
is that in the telephone context the way in which we would imagine
the telephone company routinely being in a position to take responsibility
for bad things would really require listening in on the phone
calls, unless you get into some tricky technology. Here it is
not as if we would be asking Internet service providers to greatly
change their business model and be significantly more intrusive
upon the activities of their customers by having to listen in
on everything. Rather it would be, here are some very easily picked
up tell-tales, which are almost in an automated way able to be
detected, for which the best analogy with the phone company might
be, here's a phone which keeps being picked off the hook, keeps
calling a particular number and hanging up as soon as the other
number answers. The other number complains to the phone company
and the phone company says, "Hey, we're just a conduit."
On the equities of it, you could see it being less sympathetic
to the conduit defence there.
Lord Young of Graffham: Yes.
Chairman: Let us go on investigating
your concepts. Lady Hilton, please.
Q968 Baroness Hilton of Eggardon:
I would just like to take up your simile about walking on the
pavement. Walking on the pavement is okay if there is a pavement,
and secondly you do expect people driving cars not to drive onto
the pavement, so I would expect other people to behave responsibly,
too. So I am not sure that the analogy totally holds up.
Mr Cormack: I think it is reasonable to rely
on responsible other people to behave properly and it is also
very useful to have the police come and arrest people who drive
on the pavement. I think we are missing that as well to an extent
on the Internet.
Q969 Baroness Hilton of Eggardon:
To go back to Professor Zittrain and the "Generative Internet"
about which you are so keen, do you not see implications for personal
security and safety online if it continues as at present and is
developing? There are more and more cases where people are having
problems with fraud and phishing, and so on.
Professor Zittrain: I do, and it makes the message
of that paper I wrote and the book that I have forthcoming one
which upsets people on two sides of the spectrum, to fellow travellers
of mine who are technically oriented and who believe that they
can solve most of the problems they encounter online, they can
program very good email filters, they are smart enough not to
be caught by phishing. They tend not to see it as a responsibility
of the technical community to intervene to stop the overall phenomenon.
I want to argue to those people that they are wrong, that the
problems are getting bad enough that if there is not a concerted
effortand it need not necessarily be an effort undertaken
through the changing of legal liabilities, and we can talk more
about that if you liketo deal with the problem what we
will see is a migration of mainstream users and consumers of the
network, especially to end points which are non-generative, and
I am not keen on that, even as I find those end points very convenient
to use, such as mobile phones and Sky Plus and things like that.
I want to see the general purpose PC remain in the centre of the
ecosystem, including in libraries, offices and cyber cafés
where a number of people experience the Internet for so much of
a percentage of their lives. If we do not act to fix some of these
problems we will see people abandon it, and that is why I am in
favour of some form of action.
Q970 Baroness Hilton of Eggardon:
Because with the sort of explosion of use, and so on, it is not
at all clear that this can continue, is it?
Professor Zittrain: I think that is right and
there may be some elements of itand this is the 20 per
cent with which I agree with Bruce Schneierwhich involve
some reallocation of legal liabilities, but really the first line
of defence will be along the lines which Mr Cormack is speaking
of where we need to develop the technical tools so that when people
are on the network they can participate on it in the way that
we have a radar for each other when we are in a public park. A
lot of the security we experience in the real world comes not
because the police are just a moment away or there is instant
surveillance but because we know that if anything particularly
noticeably untoward happens citizens themselves will alert the
police, will provide evidence afterwards and may even themselves
intervene, and right now there are not good tools on the Internet
to allow people to have that same kind of looking out for each
other. I believe those tools can be developed. I am part of a
project called StopBadware.org jointly among Oxford and Harvard
where we are taking some steps to developing those tools and one
hopes those experiments will not fail. If they do, they are still
learning experiences, but I would like them to work.
Q971 Lord Mitchell:
Is the "generativity" of the Internet a permanent state
of affairs, or is it a product of the explosive rate of innovation
in the sector over the last couple of decades, which will then
die down as technology matures?
Professor Zittrain: It is certainly a contingent
feature. There is nothing inherent about the way the network must
always work which will keep it generative, and moreover I think
the real nub of your question is, ought we to care about the generativity
with the same amount of caring over time, or do we care about
it at the beginning when we are sort of trying to subsidise it
and then as it reaches its mature uses can we say, "All right,
now let's just lock down the secure uses"? Electronic commerce
and credit cards may be a good example of thinking about it that
way. The way legal liabilities tend to work is that people are
not themselves responsible should their credit card be compromised
online and as a result they can afford to use something which
might scare them or which they do not fully understand, knowing
that they have limited liability should their number be stolen
and that is seen as a helpful subsidy, at least at the beginning.
My view, though, is that while it is awfully hard to predict the
future, we are still only in the tenth year of what is probably
a fifty year build out of the network and of its uses and there
are some tantalisingly promising applications around the corner
involving very socially useful and constructive implementations
of peer to peer, mesh networks so that we do not need to have
major Internet infrastructure, particularly in crowded areas,
and data can still get from one point to another, the ability
to store data across lots of computers and to have basically a
virtual library which does not require one gate-keeping entity
to be the Library of Alexandria. These features will not develop
if the generative Internet and the end points around it are eclipsed
thanks to security fears, so I would at least like to buy us another
five or ten years of the generative status quo and then see if
it turns out that things have slowed down and we pretty well know
the uses to which the network will be put.
Q972 Lord Mitchell:
As part of our investigations we have recently come back from
California, from the west coast, and we visited a whole series
of companies there. Microsoft and Apple in particular, we noted,
seemed to be moving in different directions with Microsoft continuing
to facilitate the download of applications but with health warnings
and Apple, we discovered on certain products, in particular the
iPhone, do not permit any applications at all to be downloaded.
I just wondered what you think about that.
Professor Zittrain: I see the iPhone as essentially
the poster child, the canonical example, of an utterly non-generative
device which is still incredibly useful. Steve Jobs himself last
January, in talking about the iPhone, said, "You bet we're
not going to let third party code run on it. You do not want to
end up with this phone and you run three applications from somewhere
and suddenly it will not make calls any more. That is not going
to sell and that is the philosophy which goes into the iPod as
well." Under very rare circumstances you can re-flash your
iPod and try to run third party code on it, but it feels like
you are skating on thin ice when you do it and the next time your
iPod phones home to Apple to check for updates, if Apple discovers
it they might feel themselves entitled to wipe it clean. So I
do see that approach from Apple. You see that approach, too, from
Microsoft at times, in the Xbox, as I mentioned, in their new
Zune. All of these things are not under that old PC model of,
"Put out a generic device, call it half finished and let
third parties do it." I am not against information appliances,
such as the iPhone. I do see them as having a place. I like the
idea that you can have the PC as a test bed for an application,
you try out Voice-Over-Internet Protocol through something like
Skype first and you awkwardly use a headset, and sometimes it
works and sometimes it does not, and then some merchant can distil
it into a pure appliance size form like Vonage or, say, an iPhone.
That is great, but to me that remains great because the PC still
is very present in the eco system and should the makers of those
tethered appliances, who are always in a position to change the
way they operate, get a little too clever, take away too many
features, make it, for instance, so that your mobile phone cannot
easily clock the total number of minutes used that month, even
though many people might find that useful but no third party code
exists to do that, you can always fall back to the PC as a safety
valve, and without that safety valve I think we would find those
information appliances starting to behave very differently.
Q973 Chairman:
What about your concept for a red and green machine? It is a bit
like the cell phone. The biggest complaint, particularly, shall
we say, elderly people make about the cell phone is that they
do not want 90 per cent of it. You could make the same argument
for a PC, particularly in certain people's hands. They might want
to access information on the Internet, they might want to send
email and receive email, but they are not in the game of downloading
peculiar programs because they're a geek and they want to try
this. I get the feelingand this might be a bit provocativethat
you geeks run this thing and yet you are two per cent of the users,
and it might be a good idea to have a green and a red switch.
Professor Zittrain: Yes. Lord Chairman, I brought
up the green and the red switch as a way of trying to split the
difference because, as you know already, I do not favour the status
quo. I see the problem in the status quo and the implication,
if no action is taken, that people really will move away from
these PCs under just the set of values you mentioned. I see the
red and the green machine, if contained within one machine, as
a short-term way to buy a little bit more time, to make it so
that within one box you can have some of the reliability and ease
of use of an appliance when it is geared into green, but when
you or another user of the machineand so many of these
machines are shared machines in a household where the kids are
actually eager to go off-roading in a very good way and experiment
with new applications, to be able to shift into red but not have
accidents from the red machines spill in the green zone. This
is seen as a way of trying to split the difference and I would
favour those kinds of tools in order to make it happen. It is
just that so often tools that start in the province of geeks,
written by geeks and for geeks like the Web browser, Mosaic browser,
written in the course of a few months, then turn out to be the
fundamental building block of the network we see today. If you
had tried to sell the idea of a Web browser to CompuServe, America
Online and Minitel back in the era of the proprietary networks
and make the case for the return on investment for the level needed,
how we will market this, all that kind of stuff, at least history
the one time we have played it through shows that the browser
did not emerge from those circumstances. So to be able to have
it come from the geeks, but then maybe it is just one out of a
thousand applications which are tried, it can still become so
key that it can very easily make that jump into the mainstream
because the person who is not a geek has the PC and at some point
can double click and run that new application.
Q974 Chairman:
If you know which knobs to disable. I am still frustrated that
I cannot adjust the ignition timing in my car when I am driving
along. It does not really make a lot of sense to do it, but it
was fun when you could do it, but they gave it up rather early
because the average person had not got a clue what they did when
they changed their ignition timing.
Professor Zittrain: Yes, and I would think that
the ignition timing of the car is a good example of what I think
Lord Mitchell was getting at with the question about when will
we say generativity has worked its magic and we have kind of invented
the things there are to invent and now we should lock in those
gains and just make it very easy to use and safe. For the automobile,
I feel as if over the past 50 years there has not been a whole
lot of change in the uses to which we put cars. It is just a question
of optimising them under the hood, lowering the emissions, making
them cheaper, that kind of thing. With the PC, I do not see us
yet in that stage. There are still so many new things which can
be done with it that it may well be worth it to take some of the
admitted trade-offs which come from keeping a generative system,
and the annoyances, and say that they are not the same as retaining
a very fine ability to fine tune your car, because by being able
to change the ignition timing it is not as if it is suddenly going
to fly or be able to take extra people, or do something else radically
different from what a car does.
Q975 Lord Mitchell:
If we could move from cars and ignition timing to copy machines
and television, you talked about how consumers would rightfully
clamour for the same degree of reliability as they get from such
products, but it certainly seems to us that you rule out the obvious
ways whereby the industry might develop such a relationship. Could
you comment on that?
Professor Zittrain: If I understand the question,
there is some sense where you just might say, "Leave it to
the market." The market will determine through a reflection
of consumer preference what the right balance is between generativity
and stability, if indeed these things are pitted against each
other. I think there is some truth to that, but there are some
really important caveats. One caveat is that when people make
a purchasing decision the fact is they decide on the basis of
current uses, not future ones, and the number of times in the
Internet and PC context where we have seen serendipity really
pay off, we bought the PC for this purpose but a year later we
find we are not using it to keep recipes, we are using it to talk
with our kids -
Q976 Lord Mitchell:
It is like text messaging on a mobile phone.
Professor Zittrain: Exactly, and even taking
photos on a mobile phone. That is sort of an added feature where
you might think, "I never use that thing. I don't need it,"
but more and more you see such whistles and bells becoming integral
and in a purely software environment where it is not a matter
of actually having hardware in the machine to get it to perform
differently. The cost of trying out those new features in cheap
networks is so lowyou just double click, you try it out,
you like it or you do not like itand for that reason it
is not clear to me that the market will perfectly respond. There
is also the fact that those driving the markets have reason, quite
naturallythis is market theory at workto want to
have a "winner take all" mentality. At the time you
are building an operating system and competing with other operating
system makers it is to your advantage, maybe, to welcome as much
third party innovation as possible because the more uses there
are for Windows created by others, the more copies of Windows
there are that will be sold. But the moment you achieve monopoly,
then it gets to be to your advantage to try to vertically integrate
and see to it that the applications that everybody uses on your
now very popular system also come from you. That is the kind of
enclosure which it would be nice if we could have the market naturally
resist overall.
Q977 Lord Young of Graffham:
Coming back to your analogy, we are talking about 1920 or 1925
for the evolution of the car. One day, I do not know how long,
the software comes along where it is going to be much more difficult
for the viruses to infect it, that element of security. You could
switch the machine off and switch it on again, but that is another
matter. If we intervene at the network level now, presumably the
ISP level, we could make users more secure by restricting and
denying them the options of taking chances, making long choices.
Do people need all the facilities which the Internet provides
today, or should we actually go round and restrict people from
doing things on the Web?
Mr Cormack: I think I have two answers to that
one. The short answer is, I do not think it would help because
most of the bad users of the network use extremely simple technology.
The email I had from the widow of the late dictator of Nigeria
offering me a share of several million dollars was plain text.
It was more simple than the email which was sent to get me here,
because that had an attachment. The longer answer is, the network
has a single function, which is to move packets of information
from here to there. Everybody uses that. The model of the Internet
very consciously originally was very simple in the middle and
all the intelligence was at the edges. You could, in principle,
move things to the centre. That would make it more like the telephone
network. It would also be challenging to recognise a bad decision.
At the moment the network cannot tell, it does not need to know
whether something is an email, whether it is a piece of software
or whether it is a music download, so whether something is an
email I want to respond to or an email I do not want to respond
to, a program I want to download or a program I do not, is many,
many layers of intelligence above what the network provides at
the moment. Again, if you wish to move things to the centre and
say, "This is good. This is not," you are assuming you
know what will happen in the future. If you had gone to Microsoft
ten years ago and said, "Remove the bells and whistles from
your operating system," I think the ability to do TCP/IP
would have gone very rapidly. It was a passing fad. Five years
ago, remove the bells and whistles, there would have been no audio
devices, I suspect, so no conversations by IP telephony.
Q978 Lord Young of Graffham:
Of course, if you start doing too much at the centre then you
run the risk of becoming a centre, actually restricting what people
really do in terms of content, because presumably if you are identifying
what it is you can suddenly start to take out words you do not
want to appear and things of that sort?
Mr Cormack: Yes.
Q979 Lord Young of Graffham:
Professor, you are on record as arguing that the "end-to-end
principle" and the principle of network neutrality no longer
reflect adequately the complexities of the Internet. Could you
develop this point for us?
Professor Zittrain: Yes, and I appreciate the
opportunity to clarify it because to many of my fellow travellers
those are fighting words. First, let me make it clear I think
the principle of end-to-end neutrality is brilliant. It began
as simply a technical heuristic, "Here's a way to build a
robust network," and that technical heuristic has proven
itself over the years as networks that did not do the end-to-end
have not shown themselves as flexible or as powerful, and in that
sense I very much like end-to-end. I also am not fond of the idea
of content filtering. I co-founded a project now called the Open
Net Initiative, which performed the first large-scale enumeration
of filtering, common now in over 40 states worldwide. It began
with China and Saudi Arabia and extended outwards. So I have got
a real commitment against having that kind of filtering take place
unnoticed. That said, the kind of modularity that end-to-end suggestsyou
have the network, keep it open, let the intelligence (as Mr Cormack
says) remain at the end pointshas a hidden premise in it,
and the hidden premise is that the people at the end points can
control those end points and make intelligent choices about how
they will work. If that is the case, it is just saying, "Let
the market work its magic. People will buy the end points or configure
the end points as they want." Now that the network is so
mainstream, we are grappling with what we have talked about over
the course of this hearing so far, which is that people will make
poor choices and that often people do not have these end points
in their own true custody. That can either be because the computers
and other devices they are using are issued by their employers
or by libraries, and in that sense they are not a real end point
in the technical sense, there is some middle out there that controls
it. It is also true in the sense that the so-called tethered appliances
we have been talking about, a Sky Plus box or a mobile phone,
which can be instantly re-programmed at a distance by its maker
but not re-programmed by any third partyand I would put
the iPod and the iPhone into that categorythese really
also push the definition of end point. In my book I have collected
a number of examples which remain surprisingly obscure to me of
regulators realising the power of the end point and doing such
things. In a patent case between EchoStar and TiVo, digital video
recorder makers, TiVo won against EchoStar, saying that EchoStar's
digital video recorder had infringed the patent. They got money
out of a Texas jury, but additionally they got an order from the
judge saying that EchoStar must send a signal to the EchoStar
boxes placed with consumers around the world and fry the boxes
at a distance. That is a form of remote control occasioned by
a regulator which end-to-end does not protect, and that is why
I say we need now a more holistic approach. That modularity is
helpful for technical reasons between the end point and the middle,
but we now need a more holistic approach to understand the regulatory
possibilities within the collective network.
|