TR: Many people let companies like Symantec guard the door 24-7, while Microsoft and Apple automatically update their operating systems. Won’t this prevent your “watershed” crisis?
JZ: This risks turning PCs into gated communities that can too easily become prisons patrolled by a single warden. Suppose a security vendor or OS maker, through its success against badware, starts collecting user proxies to decide what will and won’t run on nearly everyone’s machine and enforces those decisions through near-instant automatic updates. This not only creates an antigenerative architecture with a gatekeeper like the days of Prodigy and AOL, but it also offers a way for regulators to demand that such gatekeepers eliminate code deemed socially – rather than technologically – bad or to insert new code for individual surveillance. To be sure, the actions by the biggest players so far have been measured. Microsoft currently distinguishes between critical security updates and others that are merely suggested.
TR: So what will www.stopbadware.org do that’s so different?
JZ: First, we need to deeply understand the problem of bad code – code that will turn people away from participation in the generative Internet – as something more than technical. This includes policy and legal issues that automatic antivirus detectors are, of course, not built to address. Second, we want to marshal a solution that does not cause new problems of centralized control. We can do this on both the input and output sides: developing and distilling evaluations of code in ways that consumers can understand – especially since there is a variety of risk tolerance among them – and in which they can participate.
TR: Surely average PC owners can’t evaluate new code to gauge risks or even regularly consult a new website. What do you hope to offer them?
JZ: Imagine, for example, a simple display, a networked “dashboard” where users contemplating code can contribute to – and then read – simple demographics like how many other people are running it, how many were running it last week, and whether the computers running it appear to be better off with it on board. If enough people participate, meaningful – and currently unobtainable – data can be collected and packaged to keep genuine choice in the hands of the user. That’s a generative solution to a generative problem.