Part II

http://www.fourmilab.ch/documents/digital-imprimatur/
"How big brother and big media can put the Internet genie back in the bottle.
by John Walker
September 13th, 2003
Revision 3 -- October 9th, 2003


imprimatur 1. The formula (=`let it be printed'), signed by an official licenser of the press, authorizing the printing of a book; hence as sb. an official license to print.
The Oxford English Dictionary (2nd. ed.)

Without any doubt this explosive technological and social phenomenon discomfited many institutions who quite correctly saw it as reducing their existing control over the flow of information and the means of interaction among people. Suddenly freedom of the press wasn't just something which applied to those who owned one, but was now near-universal: media and messages which previously could be diffused only to a limited audience at great difficulty and expense could now be made available around the world at almost no cost, bypassing not only the mass media but also crossing borders without customs, censorship, or regulation.

To be sure, there were attempts by "the people in charge" to recover some of the authority they had so suddenly lost: attempts to restrict the distribution and/or use of encryption, key escrow and the Clipper chip fiasco, content regulation such as the Computer Decency Act, and the successful legal assault on Napster, but most of these initiatives either failed or proved ineffective because the Internet "routed around them"--found other means of accomplishing the same thing. Finally, the emergence of viable international OpenSource alternatives to commercial software seemed to guarantee that control over computers and Internet was beyond the reach of any government or software vendor--any attempt to mandate restrictions in commercial software would only make OpenSource alternatives more compelling and accelerate their general adoption.

This is how I saw things at the euphoric peak of my recent optimism. Like the transition between expansion and contraction in a universe with Ω greater than 1, evidence that the Big Bang was turning the corner toward a Big Crunch was slow to develop, but increasingly compelling as events played out. Earlier I believed there was no way to put the Internet genie back into the bottle. In this document I will provide a road map of precisely how I believe that could be done, potentially setting the stage for an authoritarian political and intellectual dark age global in scope and self-perpetuating, a disempowerment of the individual which extinguishes the very innovation and diversity of thought which have brought down so many tyrannies in the past.

One note as to the style of this document: as in my earlier Unicard paper, I will present many of the arguments using the same catch phrases, facile reasoning, and short-circuits to considered judgment which proponents of these schemes will undoubtedly use to peddle them to policy makers and the public. I use this language solely to demonstrate how compelling the arguments can be made for each individual piece of the puzzle as it is put in place, without ever revealing the ultimate picture. As with Unicard, I will doubtless be attacked by prognathous pithecanthropoid knuckle-typers who snatch sentences out of context. So be it.

The Emerging Consumer Internet
The original design of the ARPANET, inherited by the Internet, was inherently peer to peer. I do not use the phrase "peer to peer" here as a euphemism for "file sharing" or other related activities, but in its original architectural sense, that all hosts on the network were logically equals. Certainly, Internet connections differed in bandwidth, latency, and reliability, but apart from those physical properties any machine connected to the Internet could act as a client, server, or neither--simply a peer of those with which it communicated. Any Internet host could provide any service to any other and access any service provided by them. New kinds of services could be invented as required, subject only to compatibility with the higher level transport protocols (such as TCP and UDP).
This architecture made the Internet something unprecedented in the human experience, the first many-to-many mass medium. Let me elaborate a bit on that. Technological innovations in communication dating back to the printing press tended to fall into two categories. The first, exemplified by publishing (newspapers, magazines, and books) and broadcasting (radio and television) was a one-to-many mass medium: the number of senders (publishers, radio and television stations) was minuscule compared to their audience, and the capital costs required to launch a new publication or broadcast station posed a formidable barrier to new entries. The second category, including postal mail, telegrams, and the telephone, is a one-to-one medium; you could (as the technology of each matured) communicate with almost anybody in the world where such service was available, but your communications were person to person--point to point. No communication medium prior to the Internet had the potential of permitting any individual to publish material to a global audience. (Certainly, if one creates a Web site which attracts a large audience, the bandwidth and/or hosting costs can be substantial, yet are still negligible compared to the capital required to launch a print publication or broadcast outlet with comparable reach.)

This had the effect of dismantling the traditional barriers to entry into the arena of ideas, leveling the playing field to such an extent that an individual could attract an audience for their own work, purely on the basis of merit and word of mouth, as large as those of corporate giants entrenched in earlier media. Beyond direct analogues to broadcasting, the peer to peer architecture of the Internet allowed creation of entirely new kinds of media--discussion boards, scientific preprint repositories, web logs with feedback from readers, collaborative open source software development, audio and video conferences, online auctions, music file sharing, open hypertext systems, and a multitude of other kinds of spontaneous human interaction.

A change this profound, taking place in less than a decade (for despite the ARPANET's dating to the early 1970s, it was only as the Internet attracted a mass audience in the late 1990s that its societal and economic impact became significant), must inevitably prove discomfiting to those invested in or basing their communication strategy on traditional media. One needn't invoke conspiracy theories to observe that many news media, music publishers, and governments feel a certain nostalgia for the good old days before the Internet. Back then, there were producers (publishers, broadcasters, wire services) and consumers (subscribers, book and record buyers, television and radio audiences), and everybody knew their place. Governments needn't fret over mass unsupervised data flow across their borders, nor insurgent groups assembling, communicating anonymously and securely, and operating out of sight and beyond the control of traditional organs of state security.

Despite the advent of the Internet, traditional media and government continue to exercise formidable power. Any organisation can be expected to act to preserve and expand its power, not passively acquiesce in its dissipation. Indeed, consolidation among Internet infrastructure companies and increased governmental surveillance of activities on the Internet are creating the potential for the imposition of "points of control" onto the originally decentralised Internet. Such points of control can be used for whatever purposes those who put them in place wish to accomplish. The trend seems clear--over the next five to ten years, we will see an effort to "put the Internet genie back in the bottle": to restore the traditional producer/consumer, government/subject relationships which obtained before the Internet disrupted them.

A set of technologies, each already in existence or being readied for introduction, can, when widely deployed and employed toward that end, reimpose the producer/consumer information dissemination model on the Internet, restoring the central points of control which traditional media and governments see threatened by its advent. Each of the requisite technologies can be justified on its own as solving clamant problems of the present day Internet, and may be expected to be promoted or mandated as so doing. In the next section, we'll look at these precursor technologies.

Technological Precursors
The dark future I dread will be the consequence of the adoption, by marketing or mandate, of a collection of individual technologies, each of which can be advocated as beneficial in its own right but which, taken together, have consequences less apparent to many yet, I believe, quite evident to some now promoting them. Each of the following technologies is either currently in existence or is the object of an active development effort. These items necessarily interact with one another, so it is impossible to entirely avoid forward references in discussing them. If something doesn't seem clear on the first reading, you may benefit from re-reading this section after you've digested the essentials the first time through.
The Firewalled Consumer
Note: this item discusses a phenomenon, already underway, which is effectively segmenting Internet users into two categories: home users who are consumers of Internet services, and privileged sites which publish content and provide services. The technologies discussed in the balance of this document are entirely independent of this trend, and can be deployed whether or not it continues. If you aren't interested in such details or take violent issue with the interpretation I place upon them, please skip to the next heading. I raise the issue here because when discussing the main topics of this document with colleagues, a common reaction has been, "Users will never put up with being relegated to restricted access to the Internet." But, in fact, they already are being so relegated by the vast majority of broadband connections, and most aren't even aware of what they've lost or why it matters.
When individuals first began to connect to the Internet in large numbers, their connection made them logical peers of all other Internet users, regardless of nature and size. While a large commercial site might have a persistent, high bandwidth connection and a far more powerful server than the home user, there was nothing, in principle, such a site could do that an individual user could not--any Internet user could connect to any other and interchange any form of data on any port in any protocol which conformed to the underlying Internet transport protocols. The user with a slow dial-up connection might have to be more patient, and probably couldn't send and receive video in real-time, but there was no distinction in the ways they could use the Internet.

Over time, this equality among Internet users has eroded, in large part due to technical workarounds to cope with the limited 32-bit address space of the present day Internet. I describe this process in detail in Appendix 1, exploring how these expedients have contributed to the anonymity and lack of accountability of the Internet today. With the advent of broadband DSL and cable television Internet connections, a segmentation of the Internet community is coming into being. The typical home user with broadband access has one or more computers connected to a router (perhaps built into the DSL or cable modem) which performs Network Address Translation, or NAT. This allows multiple computers to share a single fast Internet connection. Most NAT boxes, as delivered, also act as a rudimentary Internet firewall, in that packets from the Internet can only enter the local network and reach computers connected to the broadband connection in reply to connections initiated from the inside. For example, when a local user connects to a Web site, the NAT router allocates a channel (port) for traffic from the user's machine to the Web site, along with a corresponding inbound channel for data returned from the Web site. Should an external site attempt to send packets to a machine on the local network which has not opened a connection to it, they will simply be discarded, as no inbound channel will have been opened to route them to the destination. Worms and viruses which attempt to propagate by contacting Internet hosts and exploiting vulnerabilities in software installed on them will never get past the NAT box. (Of course, machines behind a NAT box remain vulnerable to worms which propagate via E-mail and Web pages, or any other content a user can be induced to open.)

The typical home user never notices NAT; it just works. But that user is no longer a peer of all other Internet users as the original architecture of the network intended. In particular, the home user behind a NAT box has been relegated to the role of a consumer of Internet services. Such a user cannot create a Web site on their broadband connection, since the NAT box will not permit inbound connections from external sites. Nor can the user set up true peer to peer connections with other users behind NAT boxes, as there's an insuperable chicken and egg problem creating a bidirectional connection between them.

Sites with persistent, unrestricted Internet connections now constitute a privileged class, able to use the Internet in ways a consumer site cannot. They can set up servers, create new kinds of Internet services, establish peer to peer connections with other sites--employ the Internet in all of the ways it was originally intended to be used. We might term these sites "publishers" or "broadcasters", with the NATted/firewalled home users their consumers or audience.

Technically astute readers will observe, of course, that NAT need not prevent inbound connections; a savvy user with a configurable router can map inbound ports to computers on the local network and circumvent the usual restrictions. Yet I believe that as time passes, this capability will become increasingly rare. It is in the interest of broadband providers to prevent home users from setting up servers which might consume substantial upstream bandwidth. By enforcing an "outbound only" restriction on home users, they are blocked from setting up servers, and must use hosting services if, for example, they wish to create a personal home page. (With consolidation among Internet companies, the access supplier may also own a hosting service, creating a direct economic incentive to encourage customers to use it.)

In addition, it is probable that basic broadband service will be restricted to the set of Internet services used by consumers: Web, FTP, E-mail, instant messages, streaming video, etc., just as firewalls are configured today to limit access to a list of explicitly permitted services. Users will, certainly, be able to obtain "premium" service at additional cost which will eliminate these restrictions, just as many broadband companies will provide a fixed IP address as an extra cost option. But the Internet access market has historically been strongly price sensitive, so it is reasonable to expect that over the next few years the majority of users connected to the Internet will have consumer-grade access, which will limit their use to those services deemed appropriate for their market segment.

In any case, the key lesson of the mass introduction of NAT is that it demonstrates, in a real world test, that the vast majority of Internet users do not notice and do not care that their access to the full range of Internet services and ability to act as a peer of any other Internet site has been restricted. Those who assert that the introduction of the following technologies will result in a mass revolt among Internet users bear the burden of proof to show why those technologies, no more intrusive on the typical user's Internet experience than NATted broadband, will incite them to oppose their deployment.

Certificates
A certificate is a digital identification of a physical or abstract object: a person, business, computer, program, or document. A certificate is simply a sequence of bits which uniquely identifies the object it pertains to. In most cases it is guaranteed that there is a one-to-one mapping between certificates and objects. To make this less abstract, consider a non-computer analogue: passports. A passport (or, more precisely, a passport number, as individuals may, in certain circumstances, obtain multiple physical passports bearing the same number), uniquely identifies a person as a citizen of the issuing country. No two people are given the same passport number, and one person's attempting to obtain two different passport numbers is considered a crime involving a fraudulent declaration. A digital certificate is much like a passport. It is issued by a certificate authority, which vouches for its authenticity. (In the case of a passport, the certificate authority is the issuing government.) The certificate authority trades on its reputation for probity--to obtain high-grade personal certificates from recognised authorities, documentation equal to or better than that required to obtain a passport is necessary. As with passports, certificates issued by obscure or disreputable authorities will engender less trust than those from the big names.
Certificates are in wide use today. Every time you make a secure purchase on the Web, your browser retrieves a certificate from the e-commerce site to verify that you're indeed talking to whom you think you are and to establish secure encrypted communications. Most browser E-mail clients allow you to use personal certificates to sign and encrypt mail to correspondents with certificates, but few people avail themselves of this capability at present, opting to send their E-mail in the clear where anybody can intercept it and you-know-who routinely does.

When you obtain a personal certificate, the certificate authority that signs it asserts that you have presented them adequate evidence you are who you claim to be (usually on the basis of an application validated by a notary, attorney, or bank or brokerage officer), and reserves the right to revoke your certificate should they discover it to have been obtained fraudulently. Certificate authorities provide an online service to validate certificates they issue, supplying whatever information you've chosen to disclose regarding your identity. Having obtained a certificate, you're obliged to guard it as you would your passport, credit cards, and other personal documents. If another person steals your certificate, they will be able to read your private E-mail, forge mail in your name, and commit all the kinds of fraud present-day "identity theft" encompasses. While stolen certificates can be revoked and replacements issued, the experience is as painful as losing your wallet and worth the same effort to prevent.

A certificate comes in two parts: private and public. The private part is the credential a user employs to access the Internet, sign documents, authorise payments, and decrypt private files stored on their computer and secure messages received from others. It is the private part of the certificate a user must carefully guard; it may be protected by a pass phrase, be kept on a removable medium like a smart card, or require biometric identification (for example, fingerprint recognition) to access. The public part of the certificate is the user's visible identification to others; many users will list their public certificate in a directory, just as they list their telephone number. Knowing a user's public certificate allows one to encrypt messages (with that person's public key, a component of the public certificate) which can only be decoded with the secret key included in the private certificate. When I speak of "sending the user's certificate along with a request on the Internet" or tagging something with a certificate, I refer to the public certificate which identifies the user. The private certificate is never disclosed to anybody other than its owner.

What bothers me , as you see this article progress, is the fact that, as soon as the "trusted computer" platform is in effect, the way the author portrays it, is that two main things happen. One, you as a user on the net lose all anonymity.
Two, your computer checks your software on bootup, and only "authorized" software is enabled to run on your machine.

A future of "trusting computing" sounds like a horror such that, 1984 or Farenheit 451 , or THX 1138 seem tame by comparison. It's like DRM on steroids.
~Code

Interesting article, in some ways it reminds me a lot of the reaction in the Vatican to the Protestant reformation. So the question is how to enshrine privacy in to internet regulation without creating an anarchic chaotic mess. Classic Safety/Liberty dilemna (and I use dilemna very deliberately here). I am rapidly seeing this breaking down to unscrupulous people attempting to use the net's anonymity for their ends versus equally unscrupulous people attempting to strip the Net's anonymity for their ends and most of the rest of us playing the part of the rope in the tug of war.

I'm still reading, but I really like "prognathous pithecanthropoid knuckle-typers".

intresting code, And it all makes sense, heck windows media is already doing this to a point, and we should all be scared of this. I am so concerned that the internet the way we knoe it will not be hear in the time slot you specified. So many ppl do not know this is even going on.

Indeed, many prospects that have been denoted have dissuaded me from further investing in future computer technology, such as Micro$ofts palladium. Concerning the article though, it was quite enjoyable, and for the quasi-computer illiterate like myself a subject I had not fully delved into. Those form s of regulations were not apparent to me before reading the article.

Suikio

There are two more installments left to go!! I forget to mention.......

Yeah it did seem to end abruptly, I assumed there were more to come.

I am all for marching in Washington, D.C. during my Thanksgiving break from schoo. We all know we have to do something; and quick. I like some of those ideas that were posted earlier.

I don't know how we would attract mass media atten. though, with most of the media being owned by the big media corporations... Also, does anyone know of that site in which you can connect with other people online who are starting boycott riaa groups in your local area?

Thanx for ruining my day, my year, and my life Code. Now I get to join the ranks of the conspiracy theorists thanx to you.

This is absolutly sickening, and it started a long time ago, however, we can't lay all the blame on corperations and their politicians. Hasn't anybody ever heard of mothers trying to change things "for the children" as well? A while ago my journalism teacher let me borrow a book titled something like "Ten lies we teach our children" detailing what Columbus really did and other such unsavory facts.

The only thing we can hope for, is that the proles can put a stop to this BS before it really starts. The moment M$ puts out its "trusted computer", is the moment I buy a powerful laptop and desktop that doesn't have it(hello linux).

I love this quote, even though it is... true
Whenever a politician starts talking about "the children," keep one eye on your wallet and the other on your liberty.

On a lighter note, glad to see your still with us Code. The movement has lost somewhat due to your leaving the forums.

Code, glad to see you back. I enjoy reading you well thought out and intelligent posts.

The more you know about the RIAA, government, the DMCA, Trusted Computing, the Patriot Act, etc., etc., the harder it is to NOT want to buy into the conspiracy theory.

It's a given that the RIAA members conspire amongst themselves. That's the entire purpose of the organization.

As is ours.

We are a conspiracy to do, oh, whatever it is that is contrary to the RIAA. No. Just kidding. But we ARE certainly a conspiracy to thwart the actions of the RIAA, to counter their propaganda, to shine some light on the dark corners.

The difference is that we are a public conspiracy. Our dialogue is open to all eyes.

and we don't make money off of it...

and, its simply the right thing to do......we offer choice.
dont like us....go elsewhere.
RIAA hasnt figgered that out.
or big govt......small govt for that matter.

~time flies~

arpanet.....a development of several govts in fact......

Advanced Research Projects Agency net

arpa net.
i 'surfed' it as well
dont leave out 'project echelon'

~time flies~

ech.
im gonna have to shup......good post.....
but there are incorrect aspects.
the arpanet as far as from early 70's is false.
will post more later, if the subject is up still. once again, great post.
i am well--stroke acting up
be well.

~time flies~

RELATING TO THIS "TRUSTED COMPUTING" CRAP

Could one of you very intelligent and up to date gentlemen ( and I mean that honestly), also make an article informing the readers here about the "fritz chip"? (It is named after a congressman, imagine that!) I have been reading a lot about it, and I DO NOT like it anymore than this Microsoft pallidium creation. The "fritz chip", from what I have read, is JUST AS BAD!

Please report on it for everyone here to read and spread the word about!

Those who haven't heard of TCPA/NGSCB/"trusted computing", read this:
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

The author John Walker, is a co-founder of Autodesk and has retired to Switzerland to pursue his own researches. I agree with that personal lifestyle choice of his and wish I could do the same. Leave this madness. It's depressing.

Please note that Walker is trying to provoke us to action. He says, I wouldn't write out this plan for perfection if I didn't think you all could do something about this.

The "Big Brother" image is no doubt a reference to Micro$oft. I agree with Walker's alarm. The more you read the various proposed legislative efforts on the horizon, the more you realize that the aimsof the DMCA and the Patriot Act are marching in lockstep. In a word---'the content layer (corporations) colluding with the government (code layer)---to seize control of the distribution layer.

And it's on every front, a chilling reminder of Nixon's harassment of his enemies list-- the IRS, the DOJ, the FTC, the FCC and even affecting television, with the broadcast flag. It is no stretch of conpiracy fears to imagine the first thing you 'viddy" when you fire up your tv is the Microsoft flag on the startup screen. And defaulting to preset channels chosen by someone other than yourself. It is also entirely possible that preferred partners would give better reception, audio and fuzzy video, than others.

I am encouraged that a serious challenge is effective, as the DOJ and 19 state attorney generals have announced investigation to the tying prectices of MS music service. That's sweet! MS is once again moving ahead with its predatory practices into an unrelated area, the music download business. Even when the user chooses another player, MS defaults to MS Media Player. Another example of Gates' contempt for the settlement decree.

is there anything within the TC compliant software to prevent microsoft from putting "illegal" files onto competitors machines? and/or a government from putting "illegal" files onto a dissidents machine?

To see how easy it would be to impose restrictions on the internet as it stands today one would only have to visit here:

http://www.internettrafficreport.com/main.htm

As you can see any country or groups of contries rely on specific routing points which when blocked or impaired by ip sniffing software would severely impact normal daily traffic throughput.

Big brother and his bully friends could be just around the corner...

tweednpc -thanks for the kind words!

Tom and George, as usual, thanks for your insights. Right on target!
And thanks to leflaw for posting this for me.

Damn zeitgheist you said the "E" word now we'll really be getting some notoriety if we weren't already... LOL

Don't forget carnivore & 'magic lantern'

When the computer industry puts more resources into keeping the average user honest rather than fixing their buggy software or fighting the daily dose of malicious virues (without monetary compensation, like that will ever happen) seems like the perfect time to buy linux (open source software) and noninvasive hardware.

The Amazing Kreskin predicts when the big "P" is ready to be rolled out with the TCPA in place there will be a run on noninfected pcs the likes of which has never been before witnessed by man...

Thank you code for leading this thread. I hope that you will be appreciated, and also that your other recent achievments will not suffer.

So that anyone that isn't yet clear will understand, a boycott of the RIAA, is only a tiny step to defend the Constitution. A set of ideas that many of my family, and yours went to their graves defending. Ideas and beliefs so fundamental they are more than the sum of all of us, they are infact the future.

Please take part in the future, and remember those that have gotten us this far. Do not let them down.

The traditional media conspires against We The People... some of us People are mavericks and are going to just go AROUND the traditional media pipelines... when enough stink is made, maybe the traditional media will attempt to get in on it... but perhaps then, the mavericks will sue them for copyright infringement!

Wouldn't it be nice...

Shmoo (something up my sleave)

In a way, the "Trusted Computing" moniker is a combination oxymoron / misnomer. Namely, because T.P.T.B. (The Powers That Be) are adamant in their belief that we, the people, CANNOT be trusted with computers, digital media, etc.

W-B

You are dead on.

Some of our founding fathers made their opinion of the general public clear.

"When I mention the public, I mean to include only the rational part of it. The ignorant and vulgar are as unfit to judge of the modes [of government], as they are unable to manage [its] reins." The people are a "great beast" that must be tamed, his colleague Alexander Hamilton declared.

Judging from the actions of corporations and our government, the prevailing attitude is the same as that expressed by Alexander Hamilton so many years ago.

I think it is time the “great beast” showed our government who is really in charge, we the people.