Select Committee on Science and Technology Minutes of Evidence


Examination of Witnesses (Questions 960 - 979)

WEDNESDAY 18 APRIL 2007

PROFESSOR JONATHAN ZITTRAIN AND MR ANDREW CORMACK

  Q960  Lord Young of Graffham: Mr Cormack, you said in your response to the last question, that the Internet should be like normal society where individuals take their own responsibility for their security. But they do not, the police do. Security services do in normal society. It is not up to each of us to look after our security because otherwise that way leads to anarchy, does it not? It does concern me slightly.

  Mr Cormack: I certainly would encourage there to be a greater role in policing because I think visible policing actually improves user confidence. I think it was a real shame when the public website of the National Hi-Tech Crime Unit went: it was a very clear public statement of, "We are investigating, we are prosecuting, we are convicting people." I think that was a real blow to public confidence. Certainly in some places the security services, the police, deal with some aspects of security—here, at airports—against major incidents. The things which are causing problems on most of the Internet are not major incidents, they are incidents at the level of losing a credit card number, being knocked over by a car. I do not think we want the security services to be responsible for keeping us safe from those sorts of actions, using a cash machine which has had a device attached to it. At some point the user has to take responsibility.

  Q961  Earl of Erroll: I just want to come back to your ISPs doing something about this traffic which is going through. Will we need to re-write some of the mere conduit defence rules to do that?

  Professor Zittrain: I suppose it is possible that there are legal interventions by which we would not want the ISP to say, "I'm just the conduit. I'm just delivering this ticking package. You can't blame me."

  Q962  Earl of Erroll: That is what happens at the moment, is it not?

  Professor Zittrain: Right.

  Q963  Earl of Erroll: So we need to re-write our mere conduit rules?

  Professor Zittrain: Yes. The reason you find me hesitating, I think, is that "re-write" could be strong. You—at least with the assent of the European Commission—could take a nibble out of the blanket immunity, an immunity which I think has served very well, but say, "Here are some particular circumstances." In many jurisdictions the mere conduit defence, when it rises to the level of actual knowledge of something in progress, can tend to evaporate and the kinds of things I have in mind approach actual knowledge, either in the zombie example I gave or if you are a hosting service for a web server and the web server itself has been compromised—this is now happening with alarming frequency—such that any person visiting the web page in question with a browser which is not properly patched will come away from the website infected; and the person running the website, who may have no technical expertise, who is a merchant who sells products off the site, really cannot be made to care about the problem unless the presence of the malware on that site could have that site shut down.

  Q964  Earl of Erroll: Then why can we not prosecute them under current laws for being a party to fraud?

  Professor Zittrain: I think those generally require some level of knowledge.

  Q965  Earl of Erroll: You just explained they do have a level of knowledge.

  Professor Zittrain: They might have an alert from somebody which says, like telling the owner of a book store, "I think there's suspicious material on shelf B." They would say, "Well, that doesn't mean I know it, it just means somebody has lodged a complaint and I have to maybe investigate."

  Earl of Erroll: That is an offence.

  Q966  Lord Young of Graffham: But telephone companies are not responsible for the conversations which go down the line?

  Professor Zittrain: Right.

  Q967  Lord Young of Graffham: They are not even responsible for some of the chat services and other things. Is there not an analogy between the two? How can you make people responsible for what goes on the Internet but they are not responsible for what is on the telephone?

  Professor Zittrain: Yes. Lord Chairman, the way I would make the distinction, if there is one to be made, is that in the telephone context the way in which we would imagine the telephone company routinely being in a position to take responsibility for bad things would really require listening in on the phone calls, unless you get into some tricky technology. Here it is not as if we would be asking Internet service providers to greatly change their business model and be significantly more intrusive upon the activities of their customers by having to listen in on everything. Rather it would be, here are some very easily picked up tell-tales, which are almost in an automated way able to be detected, for which the best analogy with the phone company might be, here's a phone which keeps being picked off the hook, keeps calling a particular number and hanging up as soon as the other number answers. The other number complains to the phone company and the phone company says, "Hey, we're just a conduit." On the equities of it, you could see it being less sympathetic to the conduit defence there.

  Lord Young of Graffham: Yes.

  Chairman: Let us go on investigating your concepts. Lady Hilton, please.

  Q968  Baroness Hilton of Eggardon: I would just like to take up your simile about walking on the pavement. Walking on the pavement is okay if there is a pavement, and secondly you do expect people driving cars not to drive onto the pavement, so I would expect other people to behave responsibly, too. So I am not sure that the analogy totally holds up.

  Mr Cormack: I think it is reasonable to rely on responsible other people to behave properly and it is also very useful to have the police come and arrest people who drive on the pavement. I think we are missing that as well to an extent on the Internet.

  Q969  Baroness Hilton of Eggardon: To go back to Professor Zittrain and the "Generative Internet" about which you are so keen, do you not see implications for personal security and safety online if it continues as at present and is developing? There are more and more cases where people are having problems with fraud and phishing, and so on.

  Professor Zittrain: I do, and it makes the message of that paper I wrote and the book that I have forthcoming one which upsets people on two sides of the spectrum, to fellow travellers of mine who are technically oriented and who believe that they can solve most of the problems they encounter online, they can program very good email filters, they are smart enough not to be caught by phishing. They tend not to see it as a responsibility of the technical community to intervene to stop the overall phenomenon. I want to argue to those people that they are wrong, that the problems are getting bad enough that if there is not a concerted effort—and it need not necessarily be an effort undertaken through the changing of legal liabilities, and we can talk more about that if you like—to deal with the problem what we will see is a migration of mainstream users and consumers of the network, especially to end points which are non-generative, and I am not keen on that, even as I find those end points very convenient to use, such as mobile phones and Sky Plus and things like that. I want to see the general purpose PC remain in the centre of the ecosystem, including in libraries, offices and cyber cafés where a number of people experience the Internet for so much of a percentage of their lives. If we do not act to fix some of these problems we will see people abandon it, and that is why I am in favour of some form of action.

  Q970  Baroness Hilton of Eggardon: Because with the sort of explosion of use, and so on, it is not at all clear that this can continue, is it?

  Professor Zittrain: I think that is right and there may be some elements of it—and this is the 20 per cent with which I agree with Bruce Schneier—which involve some reallocation of legal liabilities, but really the first line of defence will be along the lines which Mr Cormack is speaking of where we need to develop the technical tools so that when people are on the network they can participate on it in the way that we have a radar for each other when we are in a public park. A lot of the security we experience in the real world comes not because the police are just a moment away or there is instant surveillance but because we know that if anything particularly noticeably untoward happens citizens themselves will alert the police, will provide evidence afterwards and may even themselves intervene, and right now there are not good tools on the Internet to allow people to have that same kind of looking out for each other. I believe those tools can be developed. I am part of a project called StopBadware.org jointly among Oxford and Harvard where we are taking some steps to developing those tools and one hopes those experiments will not fail. If they do, they are still learning experiences, but I would like them to work.

  Q971  Lord Mitchell: Is the "generativity" of the Internet a permanent state of affairs, or is it a product of the explosive rate of innovation in the sector over the last couple of decades, which will then die down as technology matures?

  Professor Zittrain: It is certainly a contingent feature. There is nothing inherent about the way the network must always work which will keep it generative, and moreover I think the real nub of your question is, ought we to care about the generativity with the same amount of caring over time, or do we care about it at the beginning when we are sort of trying to subsidise it and then as it reaches its mature uses can we say, "All right, now let's just lock down the secure uses"? Electronic commerce and credit cards may be a good example of thinking about it that way. The way legal liabilities tend to work is that people are not themselves responsible should their credit card be compromised online and as a result they can afford to use something which might scare them or which they do not fully understand, knowing that they have limited liability should their number be stolen and that is seen as a helpful subsidy, at least at the beginning. My view, though, is that while it is awfully hard to predict the future, we are still only in the tenth year of what is probably a fifty year build out of the network and of its uses and there are some tantalisingly promising applications around the corner involving very socially useful and constructive implementations of peer to peer, mesh networks so that we do not need to have major Internet infrastructure, particularly in crowded areas, and data can still get from one point to another, the ability to store data across lots of computers and to have basically a virtual library which does not require one gate-keeping entity to be the Library of Alexandria. These features will not develop if the generative Internet and the end points around it are eclipsed thanks to security fears, so I would at least like to buy us another five or ten years of the generative status quo and then see if it turns out that things have slowed down and we pretty well know the uses to which the network will be put.

  Q972  Lord Mitchell: As part of our investigations we have recently come back from California, from the west coast, and we visited a whole series of companies there. Microsoft and Apple in particular, we noted, seemed to be moving in different directions with Microsoft continuing to facilitate the download of applications but with health warnings and Apple, we discovered on certain products, in particular the iPhone, do not permit any applications at all to be downloaded. I just wondered what you think about that.

  Professor Zittrain: I see the iPhone as essentially the poster child, the canonical example, of an utterly non-generative device which is still incredibly useful. Steve Jobs himself last January, in talking about the iPhone, said, "You bet we're not going to let third party code run on it. You do not want to end up with this phone and you run three applications from somewhere and suddenly it will not make calls any more. That is not going to sell and that is the philosophy which goes into the iPod as well." Under very rare circumstances you can re-flash your iPod and try to run third party code on it, but it feels like you are skating on thin ice when you do it and the next time your iPod phones home to Apple to check for updates, if Apple discovers it they might feel themselves entitled to wipe it clean. So I do see that approach from Apple. You see that approach, too, from Microsoft at times, in the Xbox, as I mentioned, in their new Zune. All of these things are not under that old PC model of, "Put out a generic device, call it half finished and let third parties do it." I am not against information appliances, such as the iPhone. I do see them as having a place. I like the idea that you can have the PC as a test bed for an application, you try out Voice-Over-Internet Protocol through something like Skype first and you awkwardly use a headset, and sometimes it works and sometimes it does not, and then some merchant can distil it into a pure appliance size form like Vonage or, say, an iPhone. That is great, but to me that remains great because the PC still is very present in the eco system and should the makers of those tethered appliances, who are always in a position to change the way they operate, get a little too clever, take away too many features, make it, for instance, so that your mobile phone cannot easily clock the total number of minutes used that month, even though many people might find that useful but no third party code exists to do that, you can always fall back to the PC as a safety valve, and without that safety valve I think we would find those information appliances starting to behave very differently.

  Q973  Chairman: What about your concept for a red and green machine? It is a bit like the cell phone. The biggest complaint, particularly, shall we say, elderly people make about the cell phone is that they do not want 90 per cent of it. You could make the same argument for a PC, particularly in certain people's hands. They might want to access information on the Internet, they might want to send email and receive email, but they are not in the game of downloading peculiar programs because they're a geek and they want to try this. I get the feeling—and this might be a bit provocative—that you geeks run this thing and yet you are two per cent of the users, and it might be a good idea to have a green and a red switch.

  Professor Zittrain: Yes. Lord Chairman, I brought up the green and the red switch as a way of trying to split the difference because, as you know already, I do not favour the status quo. I see the problem in the status quo and the implication, if no action is taken, that people really will move away from these PCs under just the set of values you mentioned. I see the red and the green machine, if contained within one machine, as a short-term way to buy a little bit more time, to make it so that within one box you can have some of the reliability and ease of use of an appliance when it is geared into green, but when you or another user of the machine—and so many of these machines are shared machines in a household where the kids are actually eager to go off-roading in a very good way and experiment with new applications, to be able to shift into red but not have accidents from the red machines spill in the green zone. This is seen as a way of trying to split the difference and I would favour those kinds of tools in order to make it happen. It is just that so often tools that start in the province of geeks, written by geeks and for geeks like the Web browser, Mosaic browser, written in the course of a few months, then turn out to be the fundamental building block of the network we see today. If you had tried to sell the idea of a Web browser to CompuServe, America Online and Minitel back in the era of the proprietary networks and make the case for the return on investment for the level needed, how we will market this, all that kind of stuff, at least history the one time we have played it through shows that the browser did not emerge from those circumstances. So to be able to have it come from the geeks, but then maybe it is just one out of a thousand applications which are tried, it can still become so key that it can very easily make that jump into the mainstream because the person who is not a geek has the PC and at some point can double click and run that new application.

  Q974  Chairman: If you know which knobs to disable. I am still frustrated that I cannot adjust the ignition timing in my car when I am driving along. It does not really make a lot of sense to do it, but it was fun when you could do it, but they gave it up rather early because the average person had not got a clue what they did when they changed their ignition timing.

  Professor Zittrain: Yes, and I would think that the ignition timing of the car is a good example of what I think Lord Mitchell was getting at with the question about when will we say generativity has worked its magic and we have kind of invented the things there are to invent and now we should lock in those gains and just make it very easy to use and safe. For the automobile, I feel as if over the past 50 years there has not been a whole lot of change in the uses to which we put cars. It is just a question of optimising them under the hood, lowering the emissions, making them cheaper, that kind of thing. With the PC, I do not see us yet in that stage. There are still so many new things which can be done with it that it may well be worth it to take some of the admitted trade-offs which come from keeping a generative system, and the annoyances, and say that they are not the same as retaining a very fine ability to fine tune your car, because by being able to change the ignition timing it is not as if it is suddenly going to fly or be able to take extra people, or do something else radically different from what a car does.

  Q975  Lord Mitchell: If we could move from cars and ignition timing to copy machines and television, you talked about how consumers would rightfully clamour for the same degree of reliability as they get from such products, but it certainly seems to us that you rule out the obvious ways whereby the industry might develop such a relationship. Could you comment on that?

  Professor Zittrain: If I understand the question, there is some sense where you just might say, "Leave it to the market." The market will determine through a reflection of consumer preference what the right balance is between generativity and stability, if indeed these things are pitted against each other. I think there is some truth to that, but there are some really important caveats. One caveat is that when people make a purchasing decision the fact is they decide on the basis of current uses, not future ones, and the number of times in the Internet and PC context where we have seen serendipity really pay off, we bought the PC for this purpose but a year later we find we are not using it to keep recipes, we are using it to talk with our kids -

  Q976  Lord Mitchell: It is like text messaging on a mobile phone.

  Professor Zittrain: Exactly, and even taking photos on a mobile phone. That is sort of an added feature where you might think, "I never use that thing. I don't need it," but more and more you see such whistles and bells becoming integral and in a purely software environment where it is not a matter of actually having hardware in the machine to get it to perform differently. The cost of trying out those new features in cheap networks is so low—you just double click, you try it out, you like it or you do not like it—and for that reason it is not clear to me that the market will perfectly respond. There is also the fact that those driving the markets have reason, quite naturally—this is market theory at work—to want to have a "winner take all" mentality. At the time you are building an operating system and competing with other operating system makers it is to your advantage, maybe, to welcome as much third party innovation as possible because the more uses there are for Windows created by others, the more copies of Windows there are that will be sold. But the moment you achieve monopoly, then it gets to be to your advantage to try to vertically integrate and see to it that the applications that everybody uses on your now very popular system also come from you. That is the kind of enclosure which it would be nice if we could have the market naturally resist overall.

  Q977  Lord Young of Graffham: Coming back to your analogy, we are talking about 1920 or 1925 for the evolution of the car. One day, I do not know how long, the software comes along where it is going to be much more difficult for the viruses to infect it, that element of security. You could switch the machine off and switch it on again, but that is another matter. If we intervene at the network level now, presumably the ISP level, we could make users more secure by restricting and denying them the options of taking chances, making long choices. Do people need all the facilities which the Internet provides today, or should we actually go round and restrict people from doing things on the Web?

  Mr Cormack: I think I have two answers to that one. The short answer is, I do not think it would help because most of the bad users of the network use extremely simple technology. The email I had from the widow of the late dictator of Nigeria offering me a share of several million dollars was plain text. It was more simple than the email which was sent to get me here, because that had an attachment. The longer answer is, the network has a single function, which is to move packets of information from here to there. Everybody uses that. The model of the Internet very consciously originally was very simple in the middle and all the intelligence was at the edges. You could, in principle, move things to the centre. That would make it more like the telephone network. It would also be challenging to recognise a bad decision. At the moment the network cannot tell, it does not need to know whether something is an email, whether it is a piece of software or whether it is a music download, so whether something is an email I want to respond to or an email I do not want to respond to, a program I want to download or a program I do not, is many, many layers of intelligence above what the network provides at the moment. Again, if you wish to move things to the centre and say, "This is good. This is not," you are assuming you know what will happen in the future. If you had gone to Microsoft ten years ago and said, "Remove the bells and whistles from your operating system," I think the ability to do TCP/IP would have gone very rapidly. It was a passing fad. Five years ago, remove the bells and whistles, there would have been no audio devices, I suspect, so no conversations by IP telephony.

  Q978  Lord Young of Graffham: Of course, if you start doing too much at the centre then you run the risk of becoming a centre, actually restricting what people really do in terms of content, because presumably if you are identifying what it is you can suddenly start to take out words you do not want to appear and things of that sort?

  Mr Cormack: Yes.

  Q979  Lord Young of Graffham: Professor, you are on record as arguing that the "end-to-end principle" and the principle of network neutrality no longer reflect adequately the complexities of the Internet. Could you develop this point for us?

  Professor Zittrain: Yes, and I appreciate the opportunity to clarify it because to many of my fellow travellers those are fighting words. First, let me make it clear I think the principle of end-to-end neutrality is brilliant. It began as simply a technical heuristic, "Here's a way to build a robust network," and that technical heuristic has proven itself over the years as networks that did not do the end-to-end have not shown themselves as flexible or as powerful, and in that sense I very much like end-to-end. I also am not fond of the idea of content filtering. I co-founded a project now called the Open Net Initiative, which performed the first large-scale enumeration of filtering, common now in over 40 states worldwide. It began with China and Saudi Arabia and extended outwards. So I have got a real commitment against having that kind of filtering take place unnoticed. That said, the kind of modularity that end-to-end suggests—you have the network, keep it open, let the intelligence (as Mr Cormack says) remain at the end points—has a hidden premise in it, and the hidden premise is that the people at the end points can control those end points and make intelligent choices about how they will work. If that is the case, it is just saying, "Let the market work its magic. People will buy the end points or configure the end points as they want." Now that the network is so mainstream, we are grappling with what we have talked about over the course of this hearing so far, which is that people will make poor choices and that often people do not have these end points in their own true custody. That can either be because the computers and other devices they are using are issued by their employers or by libraries, and in that sense they are not a real end point in the technical sense, there is some middle out there that controls it. It is also true in the sense that the so-called tethered appliances we have been talking about, a Sky Plus box or a mobile phone, which can be instantly re-programmed at a distance by its maker but not re-programmed by any third party—and I would put the iPod and the iPhone into that category—these really also push the definition of end point. In my book I have collected a number of examples which remain surprisingly obscure to me of regulators realising the power of the end point and doing such things. In a patent case between EchoStar and TiVo, digital video recorder makers, TiVo won against EchoStar, saying that EchoStar's digital video recorder had infringed the patent. They got money out of a Texas jury, but additionally they got an order from the judge saying that EchoStar must send a signal to the EchoStar boxes placed with consumers around the world and fry the boxes at a distance. That is a form of remote control occasioned by a regulator which end-to-end does not protect, and that is why I say we need now a more holistic approach. That modularity is helpful for technical reasons between the end point and the middle, but we now need a more holistic approach to understand the regulatory possibilities within the collective network.


 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2007