Category Archives: Essays

The threath of Information Thieves

You know what’s cheap in the 21st century? Compute time. You know what’s expensive? Human judgment. And they’re not interchangeable. Humans are good at understanding things, computers are good at counting things, but humans suck at counting and computers suck at understanding.  – Cory Doctorow, Pester Power

This blog is becoming increasingly an asylum for victims of acts of social engineering. The rant on the Huurwoningen scam has already  over 100 comments and the Facebook trickery post also generates some fair amount of traffic. The thing that bothers me the most, is that in the huurwoningen case, Song Chine and others keeps on doing what they are good at: manipulating and deceiving people in order to scam them. They send the same nice, plausible and “innocent” e-mails to innocent people in an attempt to persuade them to comply with their request. But of course, the statements they make are completely false. And the sad thing is that it seems like there doesn’t seem to be law enforcement on these malevolent acts. There is no evidence that the charlatans are punished and they don’t seem to face the felony charges they deserve. What is also striking me is that there is no online haven or portal where victims can report such incidents of online deception, trickery and bogus calls. Another big issue with the phenomenon of social engineering, is that there is very little known about the exact length and breadth of its problem space. In a world built on digital information and global connectivity, that is dangerous. There’s also no mechanism that triggers the Federal Trade Commission (FTC) to step in. I think there’s still a long way to go. The law is currently not transparent and it is not clear what is covered and what not. Which institution should take ownership of what? The cybercops? Do service providers need to be made accountable for informing the cybercops of social engineering felonies? I don’t have an answer for that matter, but what I do know is that there’s an evolution where social engineering techniques are increasingly being applied for the purpose of unauthorized system access, information gathering and fraud. In the first place, I believe people should be educated about social engineering techniques and its consequences.  So in an effort towards creating more awareness, I am writing this piece.

Let me just step back, and start with the security of Information Systems. My alma mater colleague Peter De Bruyn wrote an excellent article on Social Engineering in Informatie and to a certain extent I will base myself upon his writings. He says that when we talk about the security of Informations Systems, usually only the technical side is looked at. Firewalls, encryption and RAID are good examples of that. However, these techniques are not always effective to protect Information Systems under all circumstances. There are also human-related risks to Information Systems. That’s where social engineering comes in. Indeed, attacks that exploit a person’s gullibility can also create a tremendous amount of damage. And such social engineering attacks are very hard to detect. Because things aren’t always what they seem. A social engineer will aim to catch us unaware. He will leverage his psychological power to move the victim into an unauthorized act.

It turns out there’s not a single and unanimous definition of Social engineering. The Wikipedia definition seems to be a good one though. It says that Social Engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. The thing is that almost everyone is vulnerable to Social Engineering attacks and maybe might even commit such acts. I am going to make a bold statement here: humans are  stupid. Social Engineers abuse the very fundamental human psychological properties and their decision making attributes (cognitive biases): their willingness to help others, their greed, their naivety, their willingness to perform, their fears,  their usage of  “mental shortcuts” and their initial goodwill and trustworthiness towards others.  Secondly, people might commit such crimes because humans lie to each other. Under certain circumstances, people might do anything (e.g., cyber-stalking, intimidate others) to obtain certain information that is important to them. On a side-note, I remember a mathematics teacher in high school once told me that any human being is capable of killing someone – just think of what happened during the Holocaust.  There’s a vast number of social engineering methods, and for your information, these are the most popular ones: pretexting, diversion theft, phishing, tailgating, baiting and quid pro quo. It’s not my intention to explain them in detail here though.

So how does a typical social engineering attack looks like? Traditional computer attacks focus on the technical weaknesses in hardware and software.  Social Engineering attacks however focus on human weaknesses. Some attacks though can have a mixed character and will be used to exploit technical weaknesses, as Peter points out. Good examples are trojan horses and (spear) phishing will offer you a “useful” application or all kinds of “vital” information is requested to better “protect” a target.  Ultrasurf is for instance used to circumvent Internet censorship, but it’s still a black box. You cannot know what the code does, unless you reverse engineer it. Luckily,  antivirus programs report it contains spyware and several trojan horses (which may actually enable government surveillance). Peter identifies four typical phases in a social engineering attack. It is a reoccurring pattern. In the first phase, the social engineer will try to collect personal information about the victim. Like names, e-mail addresses, telephone numbers and so on. Subsequently, the social engineer will try to build a trust relationship with the victim. He will use the information he gathered earlier on to take away any suspicion by indicating his familiarity (e.g., name-drop) to the potential victim’s environment.  The third face consists of gathering more specific information, like IT infrastructure and architectures, server and application names, usernames and passwords. In order to get this detailed valuable information,  psychological and emotional pressure means will be used. And finally, the attacker will exploit this information to get unauthorized access to the systems as to change, delete or copy data and basically use it to his/her own benefit.

The question that then arises is how can we combat the social engineering phenomenon? First and foremost, there will always be a risk of a successful attack based on social engineering. Humans expose inherent weaknesses. Computers do too, because they cannot interpret data carefully enough (but that’s another interesting and philosophical discussion). I think that recognizing the above described pattern could provide the impetus to protect oneself to the attacks, however, organizations and the public services should also take measures to combat this evilness.  Peter distinguishes three types of measures that can be taken. The first measure is to formulate clear and concrete policies about physical access to systems and list the type of activities and actions that employees are (dis) allowed to do when providing certain information. One can classify this information by separating sensitive information, private information, internal information and public information. Every policy should also contain clear instructions about identity verification (e.g., how to make correctly use of passwords). It is also imperative that personnel is encouraged to report suspicious acts to a central repository so that it can be centrally monitored. This will help security officers to step in and arrange for a forensic examination. A second measure is raising the security awareness by training and education. In our jobs, people need to be aware in their day-to-day work about what to do to assure the security of the information they handle. Employees should know why they need to respect the policies and what happens if they don’t. In corporate speak: policies should be executed like if they were a basic hygiene factor. Social engineering penetration tests can also contribute to raise security awareness by showing the vulnerabilities in the policies. Finally, some authors suggest taking technical measures too, to protect oneself from social engineering attacks. Think changing passwords frequently, strong authentication, time-based tokens or biometric identity checks.  By the way, a big research topic nowadays deals with how to model and analyze the socio-technical aspects of modern security systems and on how to protect such systems from socio-technical threats and attacks. This requires different communities of researchers (experts in computer security and in cognitive, social, and behavioral sciences) to sit together, in order to identify weaknesses potentially emerging from poor usability designs and policies, from social engineering, and from deficiencies hidden in flawed interfaces and implementations.

When the exact size of the social engineering problem is unknown, it is also hard to mine the phenomenon. So I am eagerly awaiting  an online mass initiative to sprout, which will allow us to combat this never-ending conflict. There’s definitely room for improvement in the collaboration between citizen and government, employee and organization and the enforcement of law and order.  What we do know is that everyone can become a victim of social engineering, and that such techniques are being applied by both in- and outsiders. And I am going to end again with a bold and sardonic statement: no matter how much we care, no matter how well aware we are: we will not and cannot desist and cease social engineering crimes. Social engineers are shrewd, and maybe sometimes we can outsmart them. But that’s also where it ends. Securing ourselves against such attacks is a very complex and never ending process.

Update 1: Here some pointers. In Belgium, users can report Internet crimes on eCops.be. You needn’t worry about who is qualified for what, eCops makes sure that your report is being investigated by the appropriate service. In The Netherlands, recently the NCSC started operating. NCSC cooperates in enhancing the defensibility of the Dutch society in the digital domain. Their goal is to realize a safe, open and stable information society by sharing knowledge, offering insight and also offering a proper action perspective.

Some ramblings on Facebook’s Timeline

I had already written about the concept of a digital timeline (Dutch) before. But I actually didn’t anticipate that a social networking site was going to use it at its core (although I heard it had been done before). So I was really surprised and excited that Facebook’s new release incorporated this timeline concept.

Your wall is now replaced by your Timeline. That is a whole new concept altogether!

Timeline chronologically shows all your activities on Facebook, including photos, videos, status updates and locations. Or does it represent your steps taken in life?

On a side note, from a layout perspective, I really like the new “cover” feature. It is big and fills your screen. There’s still a profile picture, but the focus lays on the cover. Seems like we are all stars and brands nowadays. An entire overhaul of the profile concept. And look how very creative it can be too.

Anyway, back to the concept of a timeline.

As JP points out, the Facebook Timeline makes it easier for us to visualise activity around the social objects we share. This will help us understand more about ourselves, our interactions, our relationships. Location and time will become more easily discernible. He has some great insights in his follow-up post too.

To expand on that: imagine how powerful the simple timeline concept really can be. What if you could run every user’s actions backwards and forwards like a video, continually branching off into other peoples’ timelines every time they crossed paths in an event or party, played the same killer game, joined in a conversation or the same group even. That would be an ocean of information really. This is how a story is formed and it makes me think of two things: 1) plancast and the intention web (read this post if you have some 5 minutes). So the Timeline could not only be a sharing engine, but also a forecasting engine.  2) Cory Doctorow’s short story called Another Place, Another Time comes to mind! Here’s an excerpt that exactly reflects my feelings on the Timeline too:

“See this? This is a point. That’s one dimension. It doesn’t have length or depth. It’s just a dot. When you add another dimension, you get *lines*.” He pointed at the next diagram with a chewed and dirty fingernail. “You can go back and you can go forward, you can move around on the surface, as though the world was a page. But you can’t go up and down, not until you add another dimension.” He pointed to the diagram of the cube, stabbing at it so hard his finger dented the page. “That’s three dimensions, up and down, side to side and in and out.”

But this Timeline, and its unique way of visualizing also comes at a cost.

First of all, you are locked in into your Facebook identity as of your birth now. More and more, it will become our digital memory bank. Read some Nicholas Carr if you want to understand this better.

To end with, Kevin Marks also has some interesting and valid views on Facebook’s evolution.  Just like Twitter and Google+, Facebook is hostile to HTML he says. Images are chosen over links. For example, Facebook and G+ will show an image preview by default for a link. Another one is tagging friends in photos. This is still prevalent and even worsened in the new TimeLine redesign. It is making Facebook increasingly look like a giant bitmap too: header image with image links to friends, map (places visited) and likes. The url in return shows again an image preview. Give us back the textual links!

You can’t handcuff the truth

Today I was watching Terzake and comtemporarian ecstatic Balkan philosopher Slavoj Zizek was up for discussion. Apparently he had been on stage in the Ghent Bozar theater yesterday. It was packed. Indeed, with the crushing credit crunch upon us, people are looking for hope and a bright future. Hope and warmth is exactly what Slavoj brings us and that’s why he’s deemed a hero in Occupy circles. Truth be told, he might be a visionary to me too. The Slovenian intellect really seems to understand where we are at ideologically. We are trapped today in a capitalistic ideology. And it is overly democratic. Spoiled I would even say. Well, let me give you some examples: you have to have an opinion. It is so wrong to be indifferent today. You can do whatever you want. Slavoj on his end illustrates this with a very tasteless story. There is apparently a surgeon in New York whose speciality is to cut the penis in two, so you can have sex with two women. Now that is in stark constrast with the efforts we are putting in healthcare. Just giving 2 more percent is impossible because then we will lose our competitivity.

So Slavoj puts forward the opinion that it has become time for us to change our priorities a little bit. I think he is right, i don’t think we need to do drastically change our system. But things need to change evidently. And that is exactly what the Occupy movement also “stands” for. These people intuitively feel something is wrong. In the past people only fought for one specific issue, like the Iraq war or racism. Slavoj says that Occupy is the first mass movement that people vaguely have the insight that something is structurally wrong with the system as such. He sees OWS as a begin, a first mass movement for people to think and then to act.  Speaking of Wall Street:  ironically I think we can see it as a metaphor for a gardened street where a lot of wild, criminal and uncontrolled things happen. More: we use Twitter everyday to communicate. How chaotic, unsustainable is this medium? It is the same as everything inherent to our society: an utter mess on steroids.  There are simply no boundaries anymore. No structures, too little sustainability. Too much of everything. We have to reinvent ourselves. Rationalize. There is too much coupling. Of course being interconnect is good, but you have to think how one thing leads to the other. I think the first theories are already conceptualizing Slavoj’s ideas. I mean, in Information Technology it is so obvious that things are wrong. We don’t invest in high quality software but leverage on the latest trends . This has to stop. Normalized Systems is the cure. Our overwhelming democratic society is sadly overdue.

The Serendipitous Web

Ethan Zuckerman describes in his latest blog post exactly why I love to live in the big city:

It may not sound intuitively obvious to people living in the developed world, but a city like Lagos – with a population of 8 million, over 4% growth a year, living in a dense, crowded, traffic-choken sprawl – is an extremely appealing destination for Nigerians living in rural areas. In a developing world city, the schools and hospitals tend to be far better than what’s available in rural areas. Even with high rates of unemployment, the economic opportunities in cities vastly outpace what’s available in rural areas. But there’s a more basic reason – cities are exciting. They offer options: where to go, what to do, what to see. It’s easy to dismiss this idea – that people would move to cities to avoid rural boredom – as trivial. It’s not. As Amartya Sen argued in his seminal book, “Development as Freedom“, people don’t just want to be less poor, they want more opportunities, more freedoms. Cities promise options and opportunities, and they often deliver.

My roots are in the rural area, but I must say that cities are just more attractive for young people like me. They offer you round-clock opportunities and access to any kind of culture. Cities are often vibrant and dynamic. Cities give me some sense of harmony and structure! Everything seems to be so well balanced: traffic lights control the traffic, the sewer system, the electricity grid et cetera. The naked truth is slightly different however. As everything has its price, massive disruptions such as floods, earthquakes, political unrest or even a plague cannot withstand by a city. An atom bomb or an event like 9/11 can indeed cause some serious damage to people. It has a much bigger impact compared to the countryside. These risks must not be underestimated. But what we really need is more data. Data to support our disaster recovery systems, to increase health and wealth, to foster cultural diversity and basically to give politicians the means to make the right decisions about these topics. However, this will definitely bring tension between the public and private spheres.

Then Zuckerman makes the comparison between a city and communication technology. He touches on the fact that location data is collected through devices like a mobile phone, but also through services like Foursquare. What is more interesting though is that research points out that our lives are actually pathetically limited: “We all filter the places we live into the places where we’re regulars and the ones we avoid, the parts of town where we feel familiar and where we feel foreign. […]What makes cities livable, creative, vital, and ultimately, safe is the street-level random encounter.” So how does this translate to our most important communication technology today: the Web? Well, it turns out that the Web isolates us even worse than the city. The thing is that Web technologies let us digest just what our friends come up with. Since our online lives are just about knowing what our friends know, we might miss out on important stories. Moreover, online services such as Twitter and Facebook collect data about your browsing habits through their widgets (also in recent news in The Netherlands: mobile internet providers track customers traffic and analyse behavior through DPI). This tracking allows the social networking sites to filter and tailor to our personal taste even more, possibly resulting in polarization and extreme views, because we only get to see what web companies think is relevant to us. As a result, our status quo is not challenged and our world view will not be broadened: a threat to our democracy. This is exactly what Eli Pariser is concerned about. Google personalizes your search based on 57 signals about what they know about you (even more when you are logged on), and Facebook decides which information is displayed from our friends. Most people don’t know that Google’s personalized search and the algorithmic decisions Facebook makes, actually isolates us – makes us even ignorant I would say! But people think it’s good because we get to see more of what we already like. Here’s a TED video where Pariser explains what he calls the “filter bubble”:

According to Zuckerman, the solution to the isolation threat of our online experience lies in serendipity. When you live in a city and want to survive, you must be tolerant and open minded towards a diversity of beliefs and values. I believe that certain urban architectures will make you adopt this behavior of openness. At least it gives you some incentive to be more open-minded, even though that might be hard when a stereotypical black steals your bike’s saddle to make you suffer. So in order to remake the Web in the image of the city (note: not the other way around), we need to create online spaces that promote creativeness and innovation. Truth be told, I am not very convinced that the way we have been communicating, living and learning the last decades was so special. We can do much better. The work of activists such as
Mark Surman, pundits like Ethan Zuckerman and Eli Pariser as well as the thinking of writers such as Cory Doctorow, William Gibson and Neil Stephenson should be praised. In particular, on the front of architecture and design I also think of Adam Greenfield, a thought leader in information architecture but who has also been doing work on IT for urban environments through Urbanscale, a boutique practice providing design for networked cities and citizens. A bit closer to home, I am a fan of user experience engineer Alper.

The bottom line is that we need to shape online places that bring us unintended consequences and unexpected discoveries. Make us encounter things by accident. The real challenge for the Web is to embrace these architectures and design patterns of serendipity to connect people and ideas. Only then knowledge sharing will become effective and only then people will finally get of their couch and do something thanks to the Web.

The Interpersonal Communication Breakdown

As my girlfriend was writing an intriguing piece about Facebook and its detrimental effects on society, a spark of interest was immediately there. That’s why I want to outline some of my thoughts in this blog post.

No doubt that Facebook is an amazing tool for communication. However, excessive Facebook usage might potentially bring serious health, economic and social issues. This being said, I am not talking about things like the loss of privacy or identity theft online. The premise here is that social networking sites like Facebook are very addictive, as they fulfill the basic need for human love, attention, recognition and belongingness. Facebook enhances our self-esteem, but also satisfies our need to know what is happening around us. Scholars Sherry Turkle, Danah Boyd and Susan Greenfield have been writing very eloquently about these topics, and old media dogs such as Andrew Keen and Nicholas Carr have been covering this area too.  The above reasons are obvious and therefore no wonder so many individuals seem to suffer from what is called the “Facebook addiction disorder”. The consequences of this addiction are far reaching too: anxiety, stress and even depression. More and more, people are faced with an identity crisis because of this, reinforcing alienation from the real world.

As I already mentioned, these causes and consequences are not world shocking to me, and rather common sense, but an interesting and remarkable view is that social network sites like Facebook are also causing a communication meltdown.That is quite ironical though, as Facebook’s unofficial mission is Making the World More Open and Connected. A particular interesting view is put forward by Baroness Susan Greenfield. She especially touches on Facebook’s impact on the brain of the young generation.

[…]

In modern life, the appeal of social networking sites to children is easy to understand. As many parents now consider playing outside too dangerous, a child confined to the home can find at the keyboard the kind of freedom of interaction that earlier generations took for granted in the three-dimensional world of the street.

[…]

But beyond any frustration I feel is concern about the future our screen culture might create. One extreme situation could be a rise in psychiatric problems and fewer babies born because people can’t form three-dimensional relationships.

Greenfield rightly points out that interaction on social networking sites like Facebook are two dimensional by design. Greenfield argues then that this is gradually undermining peoples ability to have normal face to face communication which involves skills such as reading body language, voice tone and facial expression.

I can put up with Greenfield and it makes sense, but other studies go much farther and posit screen communication is decreasing the quality of “social interaction”. Communication tends to be more about gossiping than in face to face communication, so it goes. That can count for Facebook, as it looks to me that it is not so much different from real life and the conversations we have on the bus, at the dinner table or in the cafeteria. What is more shocking to me, is that pundit Sherry Turkle seems to put forward the idea in her latest book “Alone together” that online communication lessens intelligent conversations. Why would online conversations be shallow? What defines the quality of a conversation? Simple questions and answers are also prevalent in real life, as we need to be smart and come up with prompt answers in a system where time is money. And when do we have intelligent conversations in real life? Most of our conversations is water cooler talk anyway, be it at the dinner table, in the cafeteria or on the bus. Who decides that the information online is less significant than the information we share in our real world? Does a social networking site like Facebook influence our behavior in such a way that we cannot have “normal” conversations any more? That we don’t understand each other any more?

If social networking sites like Facebook really lower the “quality” of offline interaction and make us more anti social, and as the online playing field is becoming increasingly important, then this perhaps also raises the need for new skills in a society where screen communication is the de facto. I do indeed agree that interpersonal communication will change, but I do not see why that would lessen the quality of our conversations. Maybe we should ask ourselves to what extent skills such as body language, voice tone and intonation are still relevant. Other skills and signals, such as listening, might become more important too as we work more and more distributed and distantly. A new reality requires new perspectives. To put it simple: our nature changes, and evolution takes place. Natural selection is the result.

WiFi Sourcing

When we had finally found a decent place to live in, we discovered one vital thing was missing to complete the picture: the holiness of Internet connectivity. While our lodging in Delfshaven, Rotterdam, does have a cable connection, the landlord did not approve of our request to also opt-in for Internet with the same cable company that already delivers television,  for the sake of administrative burdens. And as there is no telephone line, ADSL was not an option either. You can imagine how tremendously inconvenient that is in a world where you are expected to be connected all the time.

So basically we were not left with many options, although the landlord advised us to go with a dongle —mobile broadband through a USB stick that functions as a modem. It is true though that dongles are omnipresent nowadays, but for two young people starting up their lives, the carriers data plans and their respective rates are still too high.

However, when you are not — legally speaking — the owner of an Internet connection, there is still the possibility you can rely on an open wireless network sitting there somewhere in your neighborhood, waiting for you to stand under its umbrella. Well, as a matter of fact, not a single WiFi network was open. So then a friend of us suggested to go talk to the neigbhours, explaining them that we were having a hard time acquiring an Internet connection, asking them if we could share their connectivity, but as a consequence of that of course also contributing to their monthly bill.

Taking that advise, I reached out to them. This was a disappointing experience, as all of them were very hesitant to say the least. Some apprised me even that they would never even think of sharing their connection, as they think it brings troubles. So that left us with two options: going with the expensive dongle or (illegally) breaching the closed networks security.

A locked wireless network is secured by a password, and in our surroundings, again, all of the networks were protected, either using WEP encryption but most of them even using the more secure WPA encryption. WEP has security limitations and is therefore fairly easy to crack.  You just have to collect enough initialization vectors (IV) and data packages and a weak scheduling attack will do the rest. While the recommended solution to WEP security problems is to switch to WPA, even with WPA enabled, the network will remain vulnerable to password cracking of cracking weak passphrases.

I am not writing this to prove that I know how to crack such closed networks.  It was just striking me that all people locked down their wireless networks. This is in line what is said in the Open Wirless Movement call to action post. It nowadays indeed is harder to find an open wireless network. People lock their networks because they fear about privacy and security risks when WiFi is unencrypted. Well, just like my mom who is still fearing that her credit card data will be stolen once exposed on the Net. No wonder when almost every day our media reports about credit card and identity theft. Another fear might be that they have dataplan restrictions in place,  even for broadband, and they don’t want others “free-riding” and hogging bandwidth. Such a data restrictions are however no longer the case in a country like The Netherlands though and as per my understanding broadband connections are capable of at least something, only slowing down the traffic to a minimum extent. The above, in a sense, makes me think that people are quite greedy.

The earlier mentioned EEF post discusses the technical work that needs to be done in order to fight “the real problem, which isn’t that people are encrypting their WiFi: it’s that the encryption prevents them from sharing their WiFi with their friends, neighbours, and strangers wandering past their houses who happen to be lost and in need of a digital map.” So what is needed is WiFi that is open and encrypted at the same time. Apparently, the proposed protocol offers some additional privacy/security benefits not available in shared-pass-phrase WPA2 since under WPA2 all the users on the network can calculate each others’ session keys and eavesdrop on each other. With the  suggested design, that would cease to be possible. Moreover, WiFi networks turn out to make inherently much more efficient use of the electromagnetic spectrum than systems of widely spaced cell phone towers. So in order to make the Internet work seamlessly for everyone, we would need short-range networks with routers everywhere.

I am absolutely in favor of such a new protocol, but as always it takes time and has to go through different phases before it becomes a standard.  Requirements have to be analyzed more deeply and thoroughly, the protocol needs to be designed, implemented and tested. While it is good to see it is already materializing, I have been wondering how we can work something out using current WiFi  structures and protocols already in place. A concept that I call WiFi sourcing is introduced in the remainder part.

WiFi Sourcing refers to the practice of sharing a WiFi network with trusted agents for a limited time and limited bandwidth.

That firstly brings me to Clay Shirky’s concept called cognitive surplus. Basically this idea says that we should use our free time more wisely and exploit our goodwill. As we now have access to new media we can collaborate instead of passively watch television. Our society and daily lives will thus improve dramatically.

What if say your are in a certain foreign neighborhood, desperately in need of access to a wireless network as you need to check the local map to find a place because you are lost, but you find yourself in a very inconvenient situation because there is no open Internet access.  Although there are plenty of networks around you and electromagnetic wireless signals are flowing through your body, you just cannot access any of them since they all are password protected.

Let’s apply the principle of cognitive surplus to closed WiFi networks. If you would be able to tap into a database where people can access and contribute to “data” about closed WiFi networks, that could be very valuable.  Users of the service would then just lookup the Service Set Identifier (SSID), or browse by location as WiFi networks could be mapped to a location. A simple lookup will do the rest, and the password will be displayed accordingly. As such, people can share their network.

I think that in the first place people should be reminded and made aware that they are socially responsible of opening up their networks instead of hoarding them. However, if everyone opens up their network in the wild, people will notice there connection is slowing down if used carelessly and abundantly by others. So the ability to share a pass-phrase with certain “trusted” users over others should be possible.

Just like in “Down and Out in the Magic Kingdom” by Cory Doctorow the concept of Whuffie – social capital – should be part of the design of such a system. It functions as a way to normalize and steer human behavior, rewarding safe, conservative behavior and penalizing struggles and conflict. There are many more trust metrics, such as “Karma”, a system where people can give you reputation points based on your behavior. So a moderation, rating or reputation system as well as trust metrics are essential. The service earlier described should be build with that from the ground up and the community should support it.

From a cryptographic point of view, to increase trust and security, some sort of a Web of Trust is created.  Keys (PGP) will be accumulated from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. Everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. So if people abide to a fair use, they can be added to a trusted listed and can be referred to other WiFi proprietary owners. Just like in the Foaf+ssl protocol, trust is established recursively. Individuals add people they trust to their profile. Those people in turn do the same.

If such reputation based mechanisms are carefully implemented, people would be able to fine tune the allocation of bandwidth too. I am thinking of the design of a new application layer where the pass-phrase gets hashed multiple times, as many times as needed, according to the number of users that one wants to allow to share with. After all, if the password is plainly shared the danger exists that it will be passed on or spread to others. The proprietor of the closed WiFi network would administer the second level pass-phrases and distribute them accordingly. The newly generated pass-phrases could then be assigned to 1 to n IP addresses. Of course, the user wants instant access to the network so there should be a way to assign them automatically without the direct involvement of the WiFi owner. The authentication to the network would happen within the boundaries of the software itself, translating the newly generated passwords to the unique WiFi pass-phrase. It should be designed in such a way that is impossible to reverse engineer the cryptography to the original WiFi password.

Towards the shift of Internet Architecture

“That’s what we’re delivering. Prepaid cards for Internet access. Complet avec number shortages and business travelers prowling the bagel joints of Rue St Urbain looking for a shopkeeper whose cash drawer has a few seven-day cards kicking around.

“And you come in here, and you ask me, you ask the ruling Bell, what advice do we have for your metro-wide free info-hippie wireless dumpster-diver anarcho-network? Honestly—I don’t have a fucking clue. We don’t have a fucking clue. We’re a telephone company. We don’t know how to give away free communications—we don’t even know how to charge for it.” — Cory Doctorow, Someone Comes to Town, Someone Leaves Town

Citizens, telephony dinosaurs like Alcatel-Lucent and The Man have different interests with respect to Internet access. That’s what I think Cory Doctorow tries to stress in the Someone Comes To Town Someone Leaves Town novel too — definitely a recommended read.

The above basic, simple-as-it-is idea has been on my mind lately, in the wake of the cablegates controversy. In a previous post I’ve talked about WikiLeaks impact on the freedom of expression on the Net — for a great analysis, read Henry Story’s great analysis on other WikiLeaks issues.

My premise for this post: WikiLeaks not only re-architectures society, it also catalyzes the shift of Internet architecture.

Recently there have been a number of cases that threat Net Neutrality, such as the Google and Verizon proposal. It suggests that net neutrality should not apply to mobile phone-based connections. This is plain wrong, because in Africa a huge number of people have access to the Internet solely via mobile phones. Moreover, as Jeff Sayre elaborates, it would allow an altogether new fee to be charged for wireless throughput. This means that content providers–bloggers, ecommerce sites, social networks, you name it–will all be assessed wireless transmission fees. The higher the fee paid, the faster their data will be allowed to travel. As such, if this deal would get closed, it would discriminate against content providers and certain users. In order to safeguard the future of the Net, it should be as accessible in wired as wireless (e.g. WiFi, mobile) circumstances.

I am a Net Neutrality partisan because I believe it is for the best.

Here’s why.

Today, what we see is that WikiLeaks dissidents attempt to make computer resources unavailable through DDOS attacks. Ironically, as for the cablegates this does not make sense since the cables themselves are being distributed as a torrent. This means that the sensitive materials are in a P2P space and virtually impossible to stop from being distributed. Even if the WikiLeaks “promotional pages” are removed, the DDOS attacks make no sense as Ethan Zuckerman notes on his blog.

“It’s worth mentioning that Wikileaks is using peer to peer networks to distribute the actual cables. DDoS may be effective in removing their web presence, but it’s going to have a much harder time removing the sensitive material from the internet. The DDoS attacks are actually a useful reminder that we still don’t have a good way to serve web sites on a purely peer to peer architecture.”

So in order to save the Web, we need a P2P architecture. And guess what, very recently Tim Berners-Lee picked this up in the W3C Technical Architecture Group:

“I brought up my desire to extend HTTP to allow it to gracefully switch to p2p under stress at the last TAG afce-face meeting.”

Extending HTTP to work with P2P might be a solution for DDOS attacks initiated by totalitarian governments, terrorist groups and individuals, but the DNS system, which translates IPs to domain names, and maintains top-level domains will still be controlled by ICANN, a non-profit institution.

This means that authorities still can take websites offline.

Luckily, Peter Sunde, Pirate Bay Spokesperson, is working on creating a decentralised domain name service for the Web.

The other side of the story is that from the telecoms. Hans Vanderstraeten, director of strategy at Alcatel-Lucent, reinforces what others in the industry have been articulating: that the Internet should be layered. He believes that the Internet will be growing significantly, and that this will clog the network. As a result, net neutrality will be impossible in the long run. So that’s why Alcatel-Lucent plans to be giving priority to services that are actually demanded by the consumer, such as YouTube.

For me the above is just a mere disguise of the dollar bill motive or driven by profits.

And I think P2P is the path to follow as to empower citizens on the Interwebs.

But the cablegates are getting governments, businesses and citizens to hop on the Net Neutrality wagon and we all are very curious of the outcome of this debate — that’s something to be optimistic about.

Nonetheless, a Net Neutrality proponent and activist as I might be, Berners-Lee and Sundes proposals give me mixed feelings. First of all, the proposal of a P2P architecture for both HTTP and DNS respectively: isn’t that a bit late? Isn’t that like stating “back to the ice age, when you’re in the middle of industrial age”? Secondly, I’m cynical in a sense that I think it’s already too late. The Commercialization of The Internet needs counterbalance, but I’m just wondering if Peter Sunde and the likes will be able to coordinate such dencentralized initiatives. I’m afraid that the Web will become only more fragmented and that, in the end, we have multiple public and private Webs.

WikiLeaks and the re-architecturing of society

While others have been writing about Julian Assange’s ability to control media, I am more concerned about WikiLeaks impact on the future of the Web. Pundits like Jeff Jarvis have articulated some brilliant insights on new media business models and such, but the Internet in terms of media seems to be too well-trodden nowadays. I always tend to think about the Web more radically, just like Sean Parker:

“re-architecting society. It’s technology, not business or government, that’s the real driving force behind large-scale societal shifts.”

So what about WikiLeaks and the Web? Let’s start with Jonathan Zittrain‘s book “The Future of the Internet and how to stop it“.  In his book he eloquently explains how the promise of the Internet might not be realized any longer. Due to its “generativity”, the Internet permits anyone, anywhere to build on it. But in order to preserve the Net’s glorious promise, we should stick to its most important principle: Net Neutrality. It is a hot topic nowadays. Scientific American‘s latest issue dedicates an entire article to the concept, written by Tim Berners-Lee, one of the Web’s fathers. One of the principles Tim touches is universality. James Hendler uses the AAA-slogan in his Semantic Web book to refer to the same — Anyone can say Anything about Anything. There shouldn’t be any hardware or software constraints to access the Web. But more importantly, people must be able to put anything on the Web — they must be able to “build” on it.

Think about the vast implications of universality.

The foundation of democracy is directly linked to freedom of speech and the concept itself is at the heart of the Web. Somehow that makes our society’s technology a democracy, and just like democracy itself the Web needs to be protected.

Not long ago, after Google had defied from China because Chinese hackers hacked into US internal networks, of amongst others Google, to find dissidents e-mail addresses, Secretary of State Hillary Clinton said that Web freedom should become a formal plank in American foreign policy. For the first time, the United States formally articulate that the Internet’s nature should be “protected”.

“On their own, new technologies do not take sides in the struggle for freedom and progress, but the United States does. We stand for a single internet where all of humanity has equal access to knowledge and ideas. And we recognize that the world’s information infrastructure will become what we and others make of it. Now, this challenge may be new, but our responsibility to help ensure the free exchange of ideas goes back to the birth of our republic.”

In regards to the cablegates controversy, it again was Hillary Clinton again that reacted after WikiLeaks gave people around the world an unprecedented insight into the US Government’s foreign activities.

The catch then is if Clinton goes after the whistleblowers or the free flow of information.

The Net itself, characterized by its open social structures and architecture is all but to blame here. It is a platform that allows people to spread information more easily. But the future of the Internet, and moreover the Web, is at risk if governments chase WikiLeaks, because it underpins one of the principles of the Web.

The Web is, just like a nuclear bomb, a technology. However, once nuclear bombs have advanced, scientists realized that when such bombs explode, radio active materials such as isotopes are released. While numerous bombs were produced during cold war, these weapons of mass destruction were never used for war directly. An inherent danger of mutually assured destruction is looming.

So the question is how the Web will evolve.

Unfortunately we still have soldiers in a war, fighting the enemy on the front line. There are still weapons, although there are laws that restrict citizen weapon usage. But let’s not mistake these kind of restrictions for what the governments might go after when they impose restrictions on the Net. When earlier this week Amazon decided to pull the plug on WikiLeaks, I was afraid that the end of the Internet as we know it, had already happened. Luckily, as per Amazon, the WikiLeaks ban was not initiated by government inquiries. WikiLeaks simply did not conform to terms of service. But when governments really start chasing WikiLeaks by banning them from the Net, they mislead the public by fighting the medium, not the cause. The result is the breaching of a human right called freedom of speech.

And the cause is that society is evolving. Old structures are no longer in place.

If US diplomats are really engaging in espionage to the United States, this means international covenants are not respected. In the first place, the public administration should fight those who leak confidential, classified or secret information. As for WikiLeaks, I think that they are leveling the diplomacy playfield by making leaders more accountable for what they sad and what they do. The Internet gives us the ability to spread this type of information and the Web scales.

There definitely is a need to know. No way it is about transparency or the need to share. We are simply too concerned as humans and we should act accordingly when our untrustworthy leaders are failing us. Therefore, WikiLeaks role of making people aware of ethical, political and historical significance while keeping the identify of sources anonymous, and revealing of suppressed and censored injustices, is crucial.

Let it however be clear that we do need activists that fight for the good, but we need to be clear about their intentions, and moreover about WikiLeaks intentions. Who is behind this organization and can it actually function in a decentralized way? Who controls it? Which techniques are used to verify integrity? A lot of questions to be answered.

Another danger is that Wikileaks’ libertarian anarchy might bring Adam Smiths’ invisible hand out of balance in the free market economy. Finally, WikiLeaks should not replace the government but should cooperate with the public and the private.

To end with, let’s talk about the glorious promise of the Net. For all those who take the Internet for granted: imagine what would happen if the government starts imposing new control structures. Sadly, this is already happening outside the US as articulated, again, in Clinton’s speech:

“In the last year, we’ve seen a spike in threats to the free flow of information. China, Tunisia, and Uzbekistan have stepped up their censorship of the internet. In Vietnam, access to popular social networking sites has suddenly disappeared. And last Friday in Egypt, 30 bloggers and activists were detained. One member of this group, Bassem Samir, who is thankfully no longer in prison, is with us today.”

Berners-Lee has been quoted multiple times saying that “the goal of the Web is to serve humanity”. I couldn’t agree more, and I even want to take it to the next level stating that it is critical to human survival. Clinton adds in her speech that “the spread of these technologies is transforming our world, [but] it is still unclear how that transformation will affect the human rights and the human welfare of the world’s population”. Again, I couldn’t agree more. However, what does “human welfare” and serving humanity really mean? This is a matter of right and wrong.

Let’s not pretend that the Internet is not doing any harm to people. Factually the Internet is turning markets upside down, destroying relationships and endangering people’s lives. But on the other hand, it is creating so much value. It is the most powerful information source, brings people back together and helps them to establish new relationships. It even facilitates drug discovery to combat Alzheimer’s disease.

So the real question in regards to the WikiLeaks controversy is how, and which measures and techniques the governments are going to apply to fight these “dissidents” and how WikiLeaks will be operating.

I truly believe that we haven’t seen anything yet. Everyday I meet people that don’t seem to understand how disruptive the Web really is. And as for WikiLeaks, it is part of our society. Let’s just hope that it contributes to a better world.