Related link: http://www.oreillynet.com/etcon
Here’s a quote uttered by Internet engineering expert David Reed today that
everyone concerned with emerging technology (and wireless Internet in
particular) should hear: “Under the current regulatory regime, 802.11
would never have been legalized.”
Scary observations like this led me to help organize a
Birds-of-a-Feather session on telecom policy tonight. In several
forums today at the
O’Reilly Emerging Technology conference,
we heard that emerging technologies depend on changing old
regulations, old rules, old habits.
Bruce Schneier lays out a feasible future
Renowned author and cryptography expert Bruce Schneier offered an
extremely lively and surprisingly fun keynote, updating his
Secrets and Lies book and suggesting some concrete steps
toward better security. As readers of Schneier’s book and
columns know, he moved beyond technical fixes long ago and now looks
for social ways to improve Internet security.
Schneier started by saying that, despite all the technical advances in
computing, security is still a problem because of complexity. I would
rather say–and I believe this to be the true lesson of Schneier’s
talk–that security is still a problem because it is not purely
technical, but involves an ongoing battle between human beings. It is
a matter of sociology and psychology; technology is merely a
As Schneier said, “Security is a people problem, not a technical
problem.” Actually, the people he was referring to at that moment were
not the malicious crackers themselves, but the crowds of negligent
programmers, managers, data centers, and policy-makers who tolerate
His proposals for improving the situation included:
The oft-heard suggestion to make software manufacturers liable for
defects. This was acknowledged to embody several problems, especially
concerning small software developers, free software, and innovation in
general. (Note: software companies are doing their damnedest to move
in the opposite direction, by pushing
laws that would let them get away with releasing known defects.)
Making other companies liable for their own systems as well. They’d
act differently if they knew they could be sued when their customers’
social security numbers were released.
Requiring insurance for data protection and integrity. Insurance
companies, along with regulations, push companies to make all manner
of socially beneficial expenditures, from smoke alarms to
- Detection and response–rational prosecution and punishment.
“The limits of security,” said Schneier, “are the limits of the
Internet.” He compared the current situation to the rule of warlords,
and concluded, “We need to turn the Internet into a lawful society.” Schneier is a really neat person, despite his illusion that a Gore administration would have protected civil liberties more than the Bush administration does.
Immune to attack
The following talk, as a colleague told me, was an antidote to
Schneier’s pessimism. Steven Hofmeyr described an adaptive, largely
self-regulating system of intrusion detection inspired by the workings
of immune systems in biological organisms. Amazingly enough, in his
tests, it really works.
I have read of research into distributed network intrusion detection
systems, but what Hofmeyr proposed went several steps beyond what I’d
seen. One starts by creating random patterns. Those that match the
expected behavior of the system (as seen in logfiles, etc.) are
discarded; others are kept around for a while to see whether they
succeed in detecting anomalies. When one of them matches something new
on the network, a human administrator is notified. For new patterns,
therefore, some manual intervention is required to determine whether
the anomaly is OK.
But when a certain number of patterns are installed and have proven
their worth, they are remarkably good at detecting intrusions
quickly. The bigger the network you’re monitoring, the more useful and
effective they are. But as one audience member pointed out, the system
is meant for relatively stable and predictable networks with internal
traffic, not for open systems like public Web servers.
Both Schneier and Hofmeyr believe diversity is useful to minimize the
damage of attacks, but Hofmeyr has more faith that diversity is
achievable. As he pointed out, a single patch to an operating system
can change the attacks that work or fail.
Making policy through the back door
I started this weblog with the shocking observation by David Reed
that the wireless networks at the heart of this conference might have
been illegal in the United States, save for some historical luck. The
idea was meant to shake up the typical hacker out of his or her
One wireless provider had enough insight yesterday to ask me for a
report on tonight’s policy BOF, but admitted, “I’d rather just build
networks without having to worry about policy.” And among the fifteen
people who showed up at the BOF, one queried me, “Why are you asking
the government for help?” These questions are reasonable but show the
crying need for education even among practitioners of wireless.
Imagine how much greater is the ignorance among the media, the general
public–and even the policy-makers themselves!
The fact is that wireless rests on very shaky legal ground. There
are no less than four types of devices that are licensed to operate
in the spectrum used by 802.11, and anyone operating one of these
devices has a right to shut down someone who runs an 802.11 network in
the same space. This is not widely known (the manufacturers of 802.11
devices certainly don’t want to talk about it).
Now what do you think? Which is more important to the economy and to
social progress in general: digital broadband or ham radio? The truth
is that ham radio trumps digital broadband, just because ham radio has
been around longer and therefore is sanctified with a license to use
the spectrum. (Yes, it’s happened–a ham radio operator has actually
shut down an 802.11 network.)
The solution is not to license 802.11 providers–that would just
hamper them with bureaucracy–but to find some new common
spectrum where unlicensed operators could put up their networks
without interference. (They could interfere with each other, but if we
get this far we can start to find technical and political solutions to
The FCC has expressed interest in packet radio over the years,
sponsors groups to find ways to make it work (some people who have
worked with these groups came to the meeting tonight), and has even
started proceedings to implement proposals–but both the search for
better spectrum and the potential for ultra-wideband (UWB) are
It’s become painfully obvious that, since 802.11 proponents lack a
major commercial presence with millions of dollars to throw around in
lobbying and contributions, neither Congress nor the FCC has
incentives to improve the environment for it. Indeed, the
disincentives are very strong. The lobbying sharks of traditional
telecom companies have smelled 802.11 blood and are beginning to
converge on it.
The apolitical radio operator who approached me today asked, “Can some
policy shift actually shut me down?” It is indeed possible. And even
though it probably won’t get that bad (the public and the media know
enough about wireless to provoke protest) the attention of Congress
and the FCC are focused on pulling the monopoly telephone and cable
companies out of the worst depression they’ve ever had. The last thing
these forces want is a cheap, user-controlled alternative to their
low-quality, overpriced services.
The hope forward may lie in doing what we’re already doing–building
the networks wherever we can–in combination with some creative
digital-divide initiatives. We discussed:
Using Community Development Block Grant (CDBG) money to install
wireless networks in disadvantaged neighborhoods and train residents
to maintain them
Promoting wireless as a way to save money right now–for instance, to
replace the expensive police radio systems that suck up huge amounts
of money in monthly fees
State-level bills that would bring together municipal leaders so they
can plan to build hybrid municipal networks of fiber and wireless, and
that would fund needy communities with the goal of upgrading their
Promoting the use of wireless in initiatives started by other federal
agencies, such as for rural communications
Fiber definitely has a role to play too. Cities could provide neutral
access points where end-users could hook up with ISPs, bypassing the
sclerotic incumbent players. At first, fiber would be an institutional
solution, or a luxury item for the affluent. But a $3,000 dollar
investment for something that will provide shockingly high bandwidth
for 30 years is not an unreasonable investment for individuals.
Meanwhile, there are defensive measures we must take, too. Both
Congress and the FCC are poised to close the regulatory doors that
would let small, competing telephone companies coexist with the local
monopolies in telephone and cable service. (This battle may already be
lost, and in the opinion of some people at tonight’s meeting was not
worth fighting.) The notorious
even Bruce Schneier singled out as a threat in this afternoon’s
keynote–would suppress innovative technology as well as the market
for broadband. Municipalities that try to create networks are
routinely sued by incumbent companies on a variety of pretexts. And a
bevy of regulations could nickel-and-dime wireless Internet providers.
That was about as far as the BOF got by ten o’clock, when people began to rustle around and let conversations drop. I believe they were unconsciusly reacting to my shutting down my laptop. But the only reason I shut down my laptop was that I saw a message telling me my battery was low. I guess that’s what it means to be a technology-driven policy group.
Don’t forget 3G
While analysts are increasing declaring “3G is dead,” it’s actually
been successful in some parts of the world. Nowhere is it more
successful than the Philippines, where wirelines are expensive and use
is metered. This was the subject of the talk by entrepreneur and
journalist Janette Toral.
While only 3 million people have access to fixed Internet access (and
most of these go to Internet cafes to use it) 11 million get the
Internet over cell phones. One of the most popular activities is SMS
messaging, for which a variety of fun and user-friendly applications
have sprung up. It has serious uses, too–farmers can access a service
call B2BPriceNow.com, for instance, to determine fair prices for
their commodities moment-by-moment.
Most U.S. observers are skeptical of SMS, but Toral thinks it could
become more popular here and around the world. She recommends:
- Instituting a caller-pays cell phone policy
Offering SMS for free to start with, and educating the market as to
- Encouraging interconnection between providers
Who will blog the bloggers?
I unfortunately missed most of the morning keynote by Steven Johnson,
author of the popular book “Convergence,” because I was busy in a
conference call, saving the world. I made it to some of the following
panel, where weblogs were heavily discussed. Weblogs seemed to be a
theme running through the day. They played a big role in a talk about
new journalism by San Jose Mercury News author
Most of which I also had to miss. And there was a BOF on blogging in
the evening, but it adjourned to the bar and dissolved into chaos, appropriately enough.
The upshot is that a lot happened today concerning blogs, but I
happened to be away for most of it. Which does not prevent me from
gleefully abusing the medium right now.
Kelly Truelove offered a talk about trends in P2P file-sharing
systems. His focus was different from a talk given yesterday on the
same subject by Lucas Gonze. Whereas Gonze traced theoretical work
being done to create new distributed file systems, Truelove dealt with
practical extensions to the two protocols that are currently most
popular: Gnutella and FastTrack. (The latter is the basis of KaZaA and
used to be employed also by Morpheus, which switched to Gnutella this
An ideal file-sharing system would be as fast as possible, use a
reputation system to ensure that good data is returned, and would be
massively scalable, anonymous, autonomous (that is, lack centralized
points that could be shut down, and sensitive to different pricing of
ISPs. Many of these goals are conflicting, of course.
In reality, systems that embody guarantees of robustness are also less
efficient that others and impose extra burdens on the user. So those
do not become as popular as systems that are more vulnerable. Even
though today’s systems lack the centralized indexes that Napster used,
there is still a vulnerable centralization in boostrapping (finding
other users to connect to).
Some ISPs forbid file-sharing systems under terms-of-service clauses
that rule out running a server. Few block traffic from file-sharing
systems unless forced to do so by copyright owners. But there is
growing impatience with the loads generated by such systems. There is
little appreciation for the notion that such systems can drive the
adoption of high-bandwidth networking.
After Truelove’s talk, I queried him about initiatives to provide
special classes of low-priority traffic on the Internet. Researchers
are suggesting that applications could voluntarily label themselves as
second-class citizens and slow down when normal applications are
active. If applications and network providers cooperate, a lot of the
pressure on campus networks and other points would be relieved.
What policies are needed for broadband?