Law in the Internet Society

View   r5  >  r4  ...
ShimengChengFirstPaper 5 - 28 Jan 2013 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
Line: 15 to 15
 As an information science major myself, when I graduated from college in 2006, I had never heard any talking about how complex services on the net could restrict human freedom. All I had experienced was the expansion of freedom resulted from the faster-than-ever dissemination of information and the vast knowledge pool open to anyone on the net.
Changed:
<
<
The net itself, at its very beginning (the 60s and 70s), was an autonomous creation invented to break the then monopolizing powers in the telecommunication world – telephone and broadcasting. For many years following its invention, the packet switching feature of the net has decentralized information dissemination.The packet switching design is itself a decentralized structure. Unlike in a circuit switching system, the communication between two points in a packet switching system does not depend on having a dedicated data transmission path for the duration of the entire communication. At the data transmission level, there is no single entity in the net that is central to the functioning of the whole net. Thus, the net was born decentralized and free.
>
>
The net itself, at its very beginning (the 60s and 70s), was an autonomous creation invented to break the then monopolizing powers in the telecommunication world – telephone and broadcasting.

I don't think this is true. The designers and builders of the ARPAnet didn't have any such intention, I'm sure: their purposes, to the extent the purposes were clear, were military. And the design of the Net has presumed the presence of the telecommunications network operators from the beginning. Where in the record do you see the signs of such an intention?

For many years following its invention, the packet switching feature of the net has decentralized information dissemination.The packet switching design is itself a decentralized structure. Unlike in a circuit switching system, the communication between two points in a packet switching system does not depend on having a dedicated data transmission path for the duration of the entire communication. At the data transmission level, there is no single entity in the net that is central to the functioning of the whole net. Thus, the net was born decentralized and free.

I don't see this argument so clearly. A packet-switched network could be designed in a server-client, hierarchical structure, as the evolution of the Net in the Microsoft Era showed. The efforts of the Chinese Communist Party or the Iranian Islamic Republic with respect to the Net suggest that a political design of such a kind may also be imposed directly. None of which changes the fact that at layer 1 there are packet-switched networks moving the data, or that the Internet Protocol assumes that packets are the things that get routed in a network.

 However, what brings centralization back to the net are the service platforms built on top of the data transmission layer of the net. The existence of service platforms are often justified by the “complicated” functions they serve and the “convenience” brought to the users. The underling assumption is that personal computers or other personal devises cannot economically accomplish these functions on their own. However, the “convenience” provided by service planforms impose cost on human freedom. The service platforms gain enormous centralized power when ordinary functions of the net are performed through them. Under the current net architecture, behavior monitoring through activities on the net can generate enormous unjust profits for email service providers, search engines and social network operators, etc. Decentralizing services requires us to change certain behaviors in our daily life – namely, our dependency on the perceived “conveniences.” Democracy, both in our social structure and in the net, have cost. The “inconveniences” in the net context are just like, in the social context, the cost of everyone taking time off to go to vote in a democratic society. These “inconveniences” will not be a burden to us if we, the netizens, understand their meaningful purposes. It would be great if we have a plug-in personal server like Freedom Box, but before that, we still can do a lot to our emails and social networks by using simple and free softwares.

From an architectural point of view, how can we decentralize the services on the net? Start from our email services: we can each contribute a little storage space in our computer to build our own email server. Since the price of digital storage has become very cheap, it is possible for everyone to set up his or her own email server so that we do not need email service providers. By doing so, we avoid using a centralized platform that is built on top of the decentralized packet switching system. To achieve this, we do not even need a Freedom Box or similar product, we need only a free software that can help us to easily set up our own email server in our personal devises.

Added:
>
>
A little more is needed. A fixed IP address is necessary. MX records have to point somewhere. Persistent connection is also necessary. But what you say is required, namely storage, is not required. You could build a mail server for yourself on a virtual personal server in the cloud. That would require a few dollars a month. In the long run, it might very well be cost-effective not to own any hardware. The disadvantage is that you have additional legal protection if the storage of your email occurs on physical premises located in the US that you own or control, where the Fourth Amendment applies. But leaving that detail aside, why isn't it simple just to say above that having privacy in one's email requires a few dollars a month?

 How about social network? The fundamental components of social network are millions of individual webpages linked to each other. Even before social networks emerged, webpages were frequently linked to one another through the links provided by the webpage owners on their webpages. Then why social network like Facebook has been able to attract millions of users? It is often claimed that the biggest “convenience” offered by Facebook is its “find by name” feature. As long as you know the name of a person, you can friend him/her on Facebook. There is no need to know the web address of anyone's Facebook page. However, if we create our own webpages, put our names on and store the webpages in our own devises, we can easily search the whole web to look for other's webpages – the perceived “convenience” of the “find by name” feature can be replaced by one second of web searching. All we need is a web domain that we have full property ownership, and a free software that helps us to design our webpage.
Changed:
<
<
How about web searching? Web searching differs from social network and email services in that it is a complicated service that requires constantly scanning of the whole net, massive storage place and good algorithms. The Freedom Box's approach to web searching is to disguise the real search request by randomly generating a few faked search inputs alone with the real search request, so that Google will not be able to keep an accurate log of the real search requests. This is a smart approach to temporarily combat with Google, but several things may happen following the deployment of this strategy: (1) Google will try to enhance its data mining algorithm so that it can filter out the faked inputs generated by Freedom box's algorithm; (2) Google will need to enhance its search engine to deal with the sharp increase in the number of search requests, since each real search request is now accompanied by a few faked requests; (3) Google may go bankrupt if it cannot get the real log that is critical for its advertisement business. If the success of Freedom Box is to completely wipe out Google's business model from the market, then we will be left with no private enterprise willing to offer free web searching. In the future when the the data storage become so cheap, the internet connection become so fast and the processors in our personal devises become so powerful, we may be able to each have a search engine of our own in our own house. But before that, the intermediate solution can be replacing Google with a public search engine funded by tax money, maintained by elected trustworthy engineers, made to disclose important search algorithms and allows individuals to change the search algorithms and to access the stored data. Freedom Box's attack on Google can win us time to develop such a public search engine, so that we can eventually decentralized the power currently owned by the one entity in the net, acquired illegitimately and unjustly.
>
>
Once again, a little more is needed. The existing social network of actual friends should not be thrown away just because we are trying to build something secure and private. We want to make migration as easy as possible. And we want to provide people with the ability to make "social applications" easily. That is, we need federated social networking APIs to replace the centralized APIs on which Facebook "apps" now run. This is all possible to develop, but it isn't as simple as you are making out.
 
Added:
>
>
How about web searching? Web searching differs from social network and email services in that it is a complicated service that requires constantly scanning of the whole net, massive storage place and good algorithms. The Freedom Box's approach to web searching is to disguise the real search request by randomly generating a few faked search inputs alone with the real search request, so that Google will not be able to keep an accurate log of the real search requests.
 
Added:
>
>
No, that's the approach of the existing "Track Me Not" Firefox add-on you could be using already.
 
Deleted:
<
<

 
Added:
>
>
This is a smart approach to temporarily combat with Google, but several things may happen following the deployment of this strategy: (1) Google will try to enhance its data mining algorithm so that it can filter out the faked inputs generated by Freedom box's algorithm; (2) Google will need to enhance its search engine to deal with the sharp increase in the number of search requests, since each real search request is now accompanied by a few faked requests; (3) Google may go bankrupt if it cannot get the real log that is critical for its advertisement business.
 
Added:
>
>
No, none of this is true, as the history of the Track Me Not add-on shows. The number of additional searches involved is infinitesimal because almost no one uses the add-on. Google doesn't adjust anything. If you are a privacy-oriented web searcher using sensible proxying arrangements, not logging in at Google and using Track Me Not, you are searching with reasonable privacy, and Google doesn't mind, because you are part of the 0.001% of their user base that cares enough to do it right.
 
Added:
>
>
If the success of Freedom Box is to completely wipe out Google's business model from the market, then we will be left with no private enterprise willing to offer free web searching.
 
Changed:
<
<

Is Encouraging Competition The Answer To Spying?

>
>
But neither they nor I nor you expects that to happen. So it's hardly worth worrying about. Replacing Google with federated search will eventually happen anyway, when someone figures out how to do federated search efficiently. You might as well take that remote contingency into account, because it's less remote than the one you are now considering.
 
Deleted:
<
<

[First Paper, Original]

 
Changed:
<
<
-- By ShimengCheng - 15 Oct 2012
>
>
In the future when the the data storage become so cheap, the internet connection become so fast and the processors in our personal devises become so powerful, we may be able to each have a search engine of our own in our own house.
 
Changed:
<
<
No doubt that behavior monitoring through activities on the net can generate enormous profits for email service providers, search engines and social network operators. Yet for individual user, there is virtually no way to prevent this from happening. Unless yourself become an email service provider, how can you ensure that your next email service provider will not secretly spy on you?
>
>
Why would you pose the technological alternative this way? If completely decentralized search were possible, federated search would be possible too, and would be obviously better.
 
Deleted:
<
<
So we need to make that trivially easy. With the plug servers and the Rasberry Pi beginning to bring the cost of a microserver the size of a cellphone charger down to $30, as I said two years ago they would, and with FreedomBox software, we can give people something as reliable as and more simple to use than a telephone answering machine which is their personal email server, their secure chat, voice and video communications software, their protection against local snooping, and many other good things, all at once, in a device you plug into the wall and forget.

How do you obtain the evidence that your information on social networks is being used in behavioral studies? Even if we outlaw behavioral studies through collection of private information, how can the governing administrative agency ensure the compliance with the ban when such studies are done by computer programs running behind the scene? My assumption in this essay is that it is technically impossible to achieve zero spying.

Why do you make that assumption? "Zero spying" may not be a practicable goal (as it isn't in the "real" world). But that's not a very interesting or important result. We want to know whether we can provide people with at least the level of network services they presently enjoy, minus as much as possible of the snooping and tracking by private and public parties, in ways that non-specialist network users, including children, can readily install, use and maintain. If possible we want that software to run not only in small low-cost server computers, but also in the "smart" applicances (refrigerators, dishwashers, microwave ovens, rice cookers and coffee-pots) with which the manufacturers of such devices will soon be flooding the whole human world. Our work at FreedomBox Foundation is hardly done after two years; we will just be getting to the public beginning of real software for real, but specialist, users at that point (including however many many children). You are essentially assuming that the people around the world who think they know how to do this are wrong. There is no evidence yet for the accuracy of the assumption, so far as I know. We are of course only sort of smart, and we are no doubt optimistic about our ability to educate ourselves, but how do you know we're wrong?

The question then turns into whether we can minimize the amount of behavioral information produced through spying, and therefore curb the unjust enrichment of big service providers on the net.

One solution is to turn email service providers, search engines and social networks into public carriers and to impose certain public carrier duties on them. However, this requires huge government interference with the IT market and we do not trust the government to operate important functions in the net.

How would this help? The problem with the architectures isn't that particular intermediaries are untrustworthy. The problem is that any intermediaries, including governments, empowered unnecessarily by exploitable technology of this kind will be gaining power no one ought to have, and no one need be given.

Ideally, we need a decentralized system to solve this problem – an invention like BitTorrent? that does not rely on one single entity in the net to complete certain functions. However, what email service and social network are different from file transmission is that the former two demand large storage place in order to complete their functions.

This is wrong. All the data you have stored on all the social networks, photosharers, YouTubes and every other form of cloud storage you are using—unless you are an IT professional or a passionate collector of pornographic video—could be bought for less than $50 in one-time cost. You need backup, too, which—properly implemented through secure sharing networks of actual friends, provided e.g. by FreedomBox—costs a few dollars more, also once.

Can we each contribute a little storage space in our computer to form a decentralized email system? Theoretically it is possible for everyone to set up his or her own email server so that we do not need email service providers.

Indeed, this is precisely how the email protocols in the net are set up to work most simply. I've had an email server of my own longer that you've had a computer of any kind, probably by more than a decade. We don't need to invent anything. It all works automatically and correctly already.

But that requires we each to have a computer that is connected to the internet 24/7, so that the data sent to us via the email protocol can be stored in our own computer while we are away.

No. That's completely false. That's not how the Standard Mail Transmission Protocol (SMTP) works. Every email sender and relay is configured to allow for the fact that other intermediate or endpoint servers might not be available. The tools for handling intermittently-connected mail servers have been technically advanced for two decades now. You need to be sure that technical details on which you rely for your conclusions are correct. Speculation on these points can't work for you.

But in any event, why should that seem like an obstacle? Most people in most societies now carry devices that are pervasively connected to the network. Infrastructure for pervasive connection by servers is no more complicated than the existing infrastructure. Indeed, it is almost always much simpler.

In comparison, through the economy of scale, commercial email service providers provide better services at a lower cost, and saves us from the trouble of maintaining our own email server.

Depends how cost is measured. I attach a much higher value to the preservation of the integrity, secrecy and privacy of my email than I do to the cost of maintaining my own mail server, which is indistinguishable from zero. Your conclusion seems amazing and absurd to me, so I wonder whether we are disagreeing about technology or disagreeing about social value.

In the social network context, it is theoretically impossible to have a decentralized social network because it is the network effect and the collection of information that create value for every user. The reality is, if we want better, cheaper and advance services, we risk losing our privacies.

This is also wrong. The complexity of a "social networking" application is much lower than that of the Web itself: the Web can be used to make distributed database applications as easily as centralized ones. Many architectures and implementations, including Diaspora*, GNU Social, and BuddyCloud, are working on aspects of the technology. FreedomBox is built, among other reasons, to provide the infrastructure for federated social networking. You could join some 37,000 other people at my Freedom in the Cloud talk, or you could even just read some of the material posted on the wall outside my office on the 6th floor east corridor.

If it is technically and economically impossible for us to stop spying, can we make service providers compensate us for mining our private data? If Google offers us 10GB email accounts for free and in exchange doing behavioral studies through what we write in our emails, someone else may want to offer a better deal in order to get us to use their services. Microsoft started a loyalty program called Bing Rewards in 2010, giving Bing users credits that can be redeemed for products or gift cards. In order to receive credits, users not only have to conduct searches on Bing and to use other Bing features, they also must have installed the Bing toolbar, acquired a Windows Live ID and used Internet Explorer on a PC when conducting the search. No credit is given if Chrome, or Firefox, or Mac is used. Bing director Stefan Weitz explicitly stated in an interview that the program aimed to get Bing users to “have a conversation” with them about Bing features.

So Bing bribes users in order to compete with Google. If there is enough competition in the market of web searching, each search engine will presumably try to offer more to users in order to get more inputs in their search bars, which are the basis of their data mining. Moreover, each search engine in a competitive market will get less search requests comparing to that of Google gets today. Collectively, less behavioral information can be produced if the raw data pool is broken into multiple pieces belong to different service providers. Will service providers trade data among themselves in order to generate more behavioral information? Perhaps yes, but it is better than letting Google have almost the entire raw data pool. The same theory also applies to the email service market. In a more competitive market, not only users get better services, we also curb the total amount of behavioral information that service providers can produce.

What leads you to believe that aggregation of data is difficult? You should understand that it is not difficult at all, that the whole point of this process is the aggregation of data from thousands of sources, in which one more or one less, or even an order of magnitude more or less, is of no technical or substantive relevance.

The only question left is about social networks. Facebook differs from Gmail and Google Search in that Facebook's central function depends on each user's information input. It is the collection of billions of personal information that makes Facebook valuable. Whilst for Gmail and Google Search, their central functions – email and web searching, will not be affected if less people use these services. Thus, competition law seems not to be a good cure for our privacy issues in social networks, for the reason that if we break Facebook into several mini networks, we destroy the very value it creates.

This is simply another wrong inference from the previous proposition that federated social networking is for some reason theoretically impossible, despite the evident existence of the Web within which Facebook is cancerously situated.


I don't think it's necessary to discuss the "market will fix it" just-so story that is the current synthetic presentation in the essay. The logic depends upon so many technical propositions that are unestablished that it doesn't seem to me worthwhile to decide how the logic would run on this one point against a duly established accurate technical background. As a beginning point I would recommend the talk of mine already mentioned, which in addition to being aimed at establishing the technical matters on which you touch, has the advantage of also being itself an artifact of the process whereby what you claim can't happen is already occurring. It thus provides you with more than an architectural primer. Let's get the technology right first, settling whatever questions you may have about how things actually work, and what can be done with software before we go on to the more difficult task of drawing interim social conclusions.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:
 
Changed:
<
<
>
>
But before that, the intermediate solution can be replacing Google with a public search engine funded by tax money, maintained by elected trustworthy engineers, made to disclose important search algorithms and allows individuals to change the search algorithms and to access the stored data. Freedom Box's attack on Google can win us time to develop such a public search engine, so that we can eventually decentralized the power currently owned by the one entity in the net, acquired illegitimately and unjustly.

Search as a public utility is available now, if we want to pay the price for it. But I don't understand why I would want the government to own the search box, even more than I don't want Google to own the search box. And which government in the world is everyone else going to trust to own the search box? Must we then have as many Googles as there are countries that can afford to try to build one?

The approach hasn't solved any problem, and I don't know why it seemed to you as though it would.

The wiki's history facility, which you can find under the "History" button on every page, maintains every version of every topic. By looking at the history, you can see the differences from version to version, knowing exactly who has changed what.

For this reason, you should replace each old version with a new one. If you stack them vertically, the history facility works much less well. Because I use the history facility to understand each student's contribution to the whole wiki, and to study how drafts evolve, I am particularly dependent on your using it as well. I have removed the old draft here. Now I will make a new version, separately, that contains my comments on this draft. You will then replace the contents of the page with your revisions, and the history will work again.

 
Deleted:
<
<
Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.

Revision 5r5 - 28 Jan 2013 - 22:09:35 - EbenMoglen
Revision 4r4 - 30 Nov 2012 - 01:11:56 - ShimengCheng
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM