Myth #3: The Net Is Too Filled With Hackers To Control
It was a classic act of hubris. The Secure Digital Music Initiative, a consortium of nearly 200 technology firms and record labels, thought the software it had developed to block illegal copying of music was so good that last September it issued an “open letter to the digital community” daring hackers to try their best to break it. The result was a fiasco. Within three weeks, at least four teams broke the code, and hacks were soon distributed widely across the Internet. In the folklore of the Net, the initiative’s challenge became one more example of a general truth: any method of controlling digital information will fail, because someone will always find a way around it-and spread the hack around the Internet.“There are no technical fixes,” says Bruce Schneier, cofounder of Counterpane Internet Security. “People have tried to lock up digital information for as long as computer networks have existed, and they have never succeeded. Sooner or later, somebody has always figured out how to pick the locks.”
But software is not the only means of controlling digital information: it’s also possible to build such controls into hardware itself, and there are technical means available today to make hardware controls so difficult to crack that it will not be practical to even try. “I can write a program that lets you break the copy protection on a music file,” says Dan Farmer, an independent computer security consultant in San Francisco. “But I can’t write a program that solders new connections onto a chip for you.”
In other words, those who claim that the Net cannot be controlled because the world’s hackers will inevitably break any protection scheme are not taking into account that the Internet runs on hardware-and that this hardware is, in large part, the product of marketing decisions, not technological givens. Take, for example, Content Protection for Recordable Media, a proposal issued late last year by IBM, Intel, Toshiba and Matsushita Electric (see “The End of Free Music?” TR April 2001). The four companies developed a way to extend an identification system already used in DVDs and DVD players to memory chips, portable storage devices and, conceivably, computer hard drives. Under this identification scheme, people who downloaded music, videos, or other copyrighted material would be able to play it only on devices with the proper identification codes.
In addition to restricting unauthorized copies, it was widely reported that the technology also had the potential to interfere with other, less controversial practices, such as backing up files from one hard drive onto another. In part because of controversy surrounding the technology, the companies withdrew the plan from consideration as an industrywide standard in February. But the point is clear: the technology has been tabled because its promoters believed it wasn’t profitable, not because it would not work. This and other hardware schemes have the potential to radically limit what people can do with networking technology.
Some hardware protection methods already exist. Stephen King released his e-book Riding the Bullet in March 2000, in what were effectively two different versions: a file that could be read only on specialized electronic devices-electronic books-and a file that could be read on computer monitors. Even though the text was available for free at Amazon.com, some people went to the trouble of breaking the encryption on the computer file anyway; distributed from Switzerland, it was available on the Internet within three days. But the electronic-book version was never cracked, because e-books, unlike computers, cannot do two things at once. “On a computer, you can always run one program to circumvent another,” says Martin Eberhard, former head of NuvoMedia, the developer of the Rocket eBook. “If a book is on a computer screen, it exists in video memory somewhere, and someone will always be able to figure out how to get at it.”
Eberhard’s e-books, by contrast, were deliberately designed to make multitasking impossible. True, future e-books could, like computers, perform two tasks simultaneously, but publishers could refuse to license electronic books to their manufacturers, in much the same way that film studios refuse to allow their content to be used on DVD machines that don’t follow certain rules. And even computers themselves, in Eberhard’s view, could be “rearchitected,” with added hardware that performs specific, controlling tasks. “If people have to rip up their motherboards to send around free music,” he says, “there will be a lot less free music on the Net.It would be an ugly solution, but it would work.”
Of course, consumers will avoid products that are inconvenient. A leading example is digital audio tape recorders, which by law are burdened with so many copy protection features that consumers generally have rejected them. But to assume that companies involved with digital media cannot come up with an acceptable and effective means of control is to commit, in reverse, the same act of hubris that the Secure Music Digital Initiative did, when it assumed that clever people couldn’t break its software. And if the hardware industry resists making copy-protected devices, says Justin Hughes, an Internet-law specialist at the University of California, Los Angeles, an appeal to Congress may be “just a matter of time.” If the Internet proves difficult to control, he says, “you will see legislation mandating that hardware adhere to certain standard rules, just like we insist that cars have certain antipollution methods.”
“To say that a particular technology guarantees a kind of anarchic utopia is just technological determinism,” he says. “This argument should be ignored, because the real question is not whether the Net will be tamed, but why and how we tame it.”
We are in the beginning stages of the transfer of most of society’s functions-working, socializing, shopping, acting politically-from what Internet denizens jokingly call “meatspace” into the virtual domain. In the real world, these functions are wrapped in a thicket of regulations and cultural norms that are, for the most part, accepted. Some free-speech absolutists dislike libel laws, but it is generally believed that the chilling effect on discourse they exert is balanced by their ability to punish gratuitous false attacks on private individuals. Regulations on the Net need not be any more obnoxious. “If the whole neighborhood’s online, it’s okay to have a cop on the beat,” says Schneier.
The risk, of course, is overreaching-of using law and technology to make the Internet a locus of near absolute control, rather than near absolute freedom. Paradoxically, the myth of unfettered online liberty may help bring this undesirable prospect closer to reality. “Governments are going to set down rules,” says Hughes, “and if you spend all your time fighting the existence of rules you won’t have much chance to make sure the rules are good ones.”
In other words, hackers may be their own worst enemies. By claiming that the Net is inherently uncontrollable, they are absenting themselves from the inevitable process of creating the system that will control it. Having given up any attempt to set the rules, they are unavoidably allowing the rules to be set for them, largely by business. Corporations are by no means intrinsically malign, but it is folly to think that their interests will always dovetail with those of the public. The best way to counterbalance Big Money’s inevitable, even understandable, efforts to shape the Net into an environment of its liking is through the untidy, squabbling process of democratic governance-the exact process rejected by those who place their faith in the endless ability of anonymous hackers to circumvent any controls. An important step toward creating the kind of online future we want is to abandon the persistent myth that information wants to be free.