 So, hi there, and welcome to our little corner of cyberspace, or DVD-dom, or wherever this digital stream ends up. I'm here today to talk to you a little bit about internet technologies. My name is Jonathan Zittrin. I teach at Harvard Law School and am involved with the Berkman Center. And if you're watching this, it means that you are probably soon to be experiencing our internet law program in Cambridge, Massachusetts. If you're not signed up for iLaw, you're currently watching pilfered content. You have no guarantee it hasn't been subtly altered to give you wrong information that you won't understand in the least should you actually try to rely on it. But I'm going to presume that you actually haven't pirated this. And even if you have, as you know, the Berkman Center is all about openness. So really, go to town. It's all yours. Although I guess as an agency matter, I'm not actually in any position to tell you what you can do with it since I just work here. Anyway, my job, as I was trying to say, is to teach you about internet technologies, such as they are. I'm a fan of the internet. Maybe you are too. I was actually a fan of what came before the internet. I'm probably going to have a chance to talk a little bit about that. As you'll notice, speaking of talking, I'm talking very quickly. That's because, again, this is not only a talking picture to quote, sing in the rain, but a talking picture that can be fast forwarded or rewound or anything else. So I'm going to presume that you're sort of going along with me. And if not, I won't be in the least bit offended. Should you choose to rewind and listen to it again or even at point five x speed? OK, all that being said, let's get started in a crash course. And internet technologies, our hope is with this crash course to answer some of the following questions. I'm going to paint a big picture, but in the meantime, it would be nice to be able to answer questions such as, why is it so hard to trace people on the net and so easy for them to pirate with impunity? Secondly, why is video streaming so unreliable such that we still have to ship you a DVD, even though we're an internet center if you want to actually watch what we have to say here? And finally, why are we so vulnerable to viruses and hacks? All of these questions actually have perfectly reasonable answers to them. Some may shock and surprise you. We're going to find out as we get into the subject. So OK, let's start by looking at the way things used to be before the internet came in and ruined everything. And that was basically three systems of moving information from the powers that be to you, the listener and passive viewer. One was broadcast, television towers, radio towers, sent out signals through allocated spectrum. You're going to hear Yochai Benkler talk about spectrum allocation. But basically, you had TV and radio over broadcast, and the means of legal intervention and controlling it tended to be the FCC. They saw something that Justin Timberlake did to Janet Jackson. Once again, thoroughly dating this video, should you actually be daring to watch it anytime other than early 2004, then the FCC has the ability to come in and tell the radio station, sorry, your license is yanked. You may no longer do that sort of thing, that kind of thing. All right, so that's broadcast. Second is coaxial cable. Somebody, shouting in the early 70s, went to the trouble of unfurling, very thick, high conductivity cable out to lots of houses. They would pass houses. You could then pay for your cable hookup and away you would go. Again, a system sort of unto itself, where instead of using airwaves it was using wires, but there were still basically controlled head ends run by cable companies that would then send signals into your television set. And if anyone else wanted to get into your television set, they'd have to talk to your cable company to see about doing it. Finally, copper wire, one of the earliest forms of wire run to each house, providing what they call pots, plain old telephone service. These three ways of getting information to people were sort of stove piped. They didn't really cross. They had their own distinct regulatory regimes, some of which have to do with the nature of each of these means and modalities of communication, some of which I think had to do really with historical accident. But just as I filled in briefly with the Justin Timberlake story, a sense of how broadcast gets regulated within the United States, you can also come up with a whole parcel of regulations of cable TV coming over coax and of television service, I'm sorry, telephone service coming over copper wire. I have for some reason, TV is on my mind right now. OK, things have changed, and this is my artist representation borrowed from a man named David Clark of how things have evolved. And as you can see, it's a big mess. If this were a hypertext sort of presentation, you might be able to click on the various links and get technical documentation of each of them. But it's not. So I'm not going to tell you what they are. In fact, it's not even clear to me what some of them are, except the fact what you're supposed to take away from this slide is the idea that lots of wires are now crossed. The way that you get your information is no longer stovepiped into those three zones. You may be listening to what you think is radio, but it's coming over satellite. It's XM or something. You may be listening to radio over the internet. And as we will see, that actually can make huge differences in the legal regulatory regime that affects it. You can do VOIP, or VoIP, maybe VoIP. I don't know how you pronounce it yet, because it's still so new. But the idea basically of voice over internet protocol, actually having telephone calls take place over the internet. And even if you don't have a computer, you may have your telephone calls going over the internet, because for all you know, the phone company, once you pick up the phone and are talking through them to someone else, is cheating and going onto the internet to get your call across the country rather than having traditional long distance lines do it. This has created all sorts of regulatory puzzles, again, many of which we will explore, because there are times when the underlying technology actually matters, and that one's strategy of regulation, one's knowledge of the limits, and the powers that one may have to regulate these things depend, in large part, on the technical underpinnings of each of them. So to sort of preface a discussion of the technical underpinnings, I offer this picture, which is of a cable head end. And I ask, old or new, is this the past or the future we're looking at? And I say right now, early 2004, it's not clear. I think if you'd asked us a little earlier, we'd have said this is the past. The actual way that information will get to people won't depend on whether or not there's sort of an official cable head end. But I think there are actually reasons to believe, as I will explain later on in this presentation, why this actually may represent the future a lot more than it does just the present and the past. Similarly here, this is the cable box. This is a set-top box. You may even have such a thing. It's a Motorola digital cable sort of unit. And within the consumer electronics world, there is an amazing fight going on among people who do cable set-top boxes as to whose cable set-top box will be on top of your set-top if you should have cable. And it might seem like a rather silly kind of thing. You don't really think about your cable set-top box. And again, it may turn out that cable set-top boxes all lose, they all go away. Everybody gets their CNN and their NBC and everything else over the internet someday. And at that point, who needs these things? On the other hand, it may turn out that the internet is what withers, what goes away, what turns out to be inefficient or otherwise unsuited to the powers that be for the delivery of content and the cable box actually makes a resurgence. These are some of the battles that are underway right now that when we do iLaw five years from now, we'll look back and see how stupid we were not to predict which way it was going. But right now, we're still just feeling stupid not knowing which way it's going to go. So I'm gonna offer some of each of the pads. Similarly here is a trusted Pentium III computer already, of course, vastly outdated, but old or new, is this the past or is this the future that we're looking at? The idea of interacting with technology using a little keyboard like that with obscure keys like scroll locks still stuck onto it hooked into a computer that you put more likely in your den. Do people have dens in your den, in your bedroom, in your study rather than in your living room as an entertainment device? Again, the convergence that people have been talking about has not yet happened and should it happen as it very well might, some things will be gone. They will be left out and the computer, the PC may very well be one of them. And this again is not just a kind of horse race. If this were HBS, if this were the business school, it would just be an interesting horse race, right? Who will be the winners and losers of the information age? Who cares, right, unto itself, except now that we're talking law school sorts of things, how it might affect the ability of the government, of outsiders, of those who are the winners to control, to control the content, to control the users, to monitor the users, all the sorts of issues that get to privacy, property, speech, control of the content rather than simply an issue of what stock is the one to buy right now? I won't dare to offer stock tips on DVD, Tivo, Tivo, Tivo, so I won't do that. Okay, here are three conceptions of the way in which networked technology has evolved. As you can see, part A in this figure, figure one, is a centralized network classically represented by the broadcast model I was talking about in the very first slide of the three stove-piped things, all the little nodes in that sort of starburst there are people like you and me, anybody who has a television set or a radio and there's a central source from which it emanates. Then you can imagine decentralized networks, things like NBC perhaps sending out stuff to affiliates, affiliates then send things further out or the telephone network. This is actually the classic example of a somewhat decentralized network where electronic switches would make it so that you pick up your phone and you get a dial tone, you're actually communicating through your local loop to a little switching station and then when you dial a number, let's say you're in New York, you wanna call Los Angeles, there's some way, it used to be receptionists, I think later they experimented with monkeys and finally they moved to integrated circuits and transistors to actually patch your local loop into one of several LA to New York lines that may exist, your own devoted line in that decentralized network, that would be represented by one of the long lines going from two of the hubs in that picture over to LA and then in LA, you would have a further connection of that long distance line. Again, imagine the patch cord in one of those old 1930s movies of telephone operators. I know I don't get out much, but they're great movies. You can imagine then a connection from that long distance line back to the proper local loop that leads literally to the house where the recipient of the phone call is. That was the plain old telephone service and it worked great, but of course it meant that you had to have enough dedicated lines from New York to LA simultaneously to handle all the calls that might individually take place between people in LA and New York at any given moment lest you run out and you end up with the vaunted all circuits are busy message. Okay, internet is closer to see what you see here, a distributed network and that's because there was no sense as the internet was being developed as essentially a research project in computer science departments and some firms in the late 60s, early 70s that anybody could afford a separate new network. There weren't gonna be trucks to lay down cable anytime soon. So the question was how could existing networks be used to wire everybody together in a peer to peer kind of way and I'm gonna talk more about how that was done as I talk later about routing, but for the moment at least, we can just say that the internet under the hood represents more item C here and for the purposes of stopping data of controlling flow, it's probably the least amenable to it in the first order compared to A or B. You may wonder who is it again that built and continues to maintain pieces of the internet and again by this, I don't mean the physical cables, the wires, the spectrum, who's minding the spectrum right now, rather I mean the protocols, the actual ways in which once you've got a computer that wants to talk to another computer and hooked up by an ethernet cord to what is called the internet, how do the packets, how does the data know just where to go, what path to follow, how to get to where it's going? What you see here is the homepage such as it is of the internet engineering task force, the ITF is not incorporated, it has no president, if it has a motto, the motto is we reject kings, presidents and voting, we believe in rough consensus and running code, it's basically a bunch of engineers working moonlighting more or less, maybe they work at companies but they do this as sort of their civic duty instead of going to the Rotary Club or volunteering at the soup kitchen or as a lawyer doing pro bono work as an engineer, you do IETF work and you get your own special propeller hat and other sorts of perquisites but it's not a formal organization with any particular power, it's merely a group of people that have gotten together to say, wouldn't it be nice if networks worked the following way and they again are the source of some of the protocols? We may have a chance to talk about how the IETF works a little bit later. For the moment though, here is a quote from a rather famous IETFer, Bob Braden talking about the fundamental principle by which he thinks the internet was designed and that is, I'll just read it aloud in case for some reason you can hear but not see, the lesson of the internet is that efficiency is not the primary consideration, ability to grow and adapt to changing requirements is the primary consideration. This makes simplicity and uniformity very precious indeed. This is one of those statements that's awfully hard to disagree with when you look at it, like who's against the ability to grow and adapt but it turns out to actually be an incredibly revolutionary way of thinking about running a network. It's saying that they want the network not to be a Christmas tree laden with every single ornament of every feature that somebody wants. They want it just the barest minimum of features that would get data from point A to point Z without any great hassle but otherwise allowing applications at the end points to add on the tinsel and the ornaments but the network in the middle would be simple, simple, simple. This design is referred to a little bit as hourglass architecture, hence a picture clipart of an hourglass but let's abstract it a little bit more so that we can see what the IETF means when they say they favor hourglass architecture. So towards the bottom of the hourglass the idea was not to have the IETF engineers worry about it. Let there be a range of ways that a physical signal can get from one place to another and that's not the IETF's worry. It can be copper wires, maybe that's how you're going to end up participating in the internet. Thanks to a modem you'll use the phone network to hook into another computer. Maybe it turns out you've got a hardwired connection, kind of fiber sort of thing or maybe in some of the most exciting developments just in the past year or two it turns out that you're using some form of radio waves namely Wi-Fi 802.11B. Perhaps at this very moment you are stealing music or otherwise availing yourself of the internet's bounties by using your next door neighbors or someone else's Wi-Fi unit because they didn't bother to lock it down and if Yokai Benkler has a chance to present to you you'll find out it's a good thing they don't lock it down. The whole point is to share it especially because from the consumer point of view it's easy to share without really making life hard for you. Your neighbors can use it without it being as if your neighbors are constantly borrowing a cup of sugar or using your Lou or otherwise sort of interfering with your life you can just leave it unlocked and make other people's lives happy while your own is not diminished in the least. Again, from the point of view of the consumer internet service providers may have something very different to say about that. All right, so any medium is supposed to be the input to the internet and there are layers that again others are supposed to worry about as to how to make each particular medium work so that it can be conveying signals into the larger network. Okay, at the top of the hourglass the idea is to be able to run any task to have a generically neutral network that simply carries data. Where does this data come from? Well, roughly speaking, you figure it comes from computers but they don't even care about that if by computer you mean PC. The data may come from anywhere. Anything is supposed to be able once there is the network drop able to take an ethernet cord and start talking internet. And that means that anybody can develop an application without getting the permission of the intermediary. Again, this is completely counterintuitive. I cut my network teeth on things like CompuServe the proprietary information service. You may remember America Online which by this time may have gone bankrupt. It's not clear. But remember they were part of Time Warner for a while. I guess they bought Time Warner. Again, stupid, stupid, stupid but I'm not giving stock tips. So anyway, CompuServe America Online these were proprietary services in the first instance that you would call using a modem attached to your computer and then in a lugubrious fashion you could see ads and ask for the weather and see ads and do CB simulator which later became chat and see ads and that sort of thing. But it was all one proprietary network run in the case of AOL, Dulles, Virginia in the case of CompuServe, Columbus, Ohio until CompuServe got bought by AOL where they still leave the people in Columbus, Ohio but they're all demoralized. Where is this going? I do hope that my friends at CompuServe don't mind that I'm calling them demoralized and bought out by AOL. At least the second part is demonstrably true. Anyway, if you wanted to add a new application to CompuServe or to AOL, gee, wouldn't it be neat if we had an instant messaging feature to these things before there was instant messaging? You couldn't just add it. Your participation as a consumer of AOL or CompuServe or the source or any of these other proprietary networks was simply to use it. You couldn't change its functionality any more than a user of the telephone network could add call waiting without somehow arranging it and programming it with the phone company. And it's that form of control that the internet architects precisely disavowed as they made a very narrow middle of the sour glass and anticipated any number of applications that could take place on top. As the user of the network, you're free to write your own applications. Those applications can use the network to send data to identified parties somewhere else out on the net and not need any permission to do it. An extraordinary change that's led to such innovations as the World Wide Web. I mean, what is the World Wide Web really underneath but just a bunch of files served off a computer? It's just asking for files. Some of you may remember other ways of asking for files off of computers. Network neighborhood, have you strolled your network neighborhood recently? Gopher, Kermit, FTP, all of these vying and in retrospect from a certain user interface point of view crappy standards by which you were supposed to find stuff out there and then look at it. Now the web could have just been a series of Word documents in a very big network neighborhood and you would just have to navigate your way through double clicking to the, I don't know, quote unquote home page, but remember, it wouldn't be a web exactly, of some form of say university, you'd go to the server at Harvard University and double click to get a Word document off of it that says here's how to apply for admission. Well, there were a few people that came up with an idea for a new protocol on top of the middle of the hourglass that enabled people to click their way to various files in a very intuitive fashion. So here is a screen snapshot of the home of Mosaic which was the very first web browser, one of the first at least, I don't know if many of you remember Lynx, LYNX, but Mosaic, one of the first graphical web browsers. And it uses HTML, hypertext markup language which somebody was free to invent Tim Berners-Lee as it turns out. And this language is what browsers use to speak to servers that serve up things that browsers expect to get from them. So again, under the hood, it's all just data moving around and no one central authority had to give permission for people to design browsers, to have the browsers use a specific form of communication with each other and in turn to have that communication translate into web pages for everybody. So it's possible with today's internet to have any number of new applications that might come about all using the internet that could be for any number of purposes. And that's why there really is a difference between say the internet and the web. The web is a set of services, a set of protocols linked together using browsers for the most part that runs on the internet. The internet however, if we were doing a Venn diagram as a superset, it can subsume a whole number of activities only one of which might be web browsing. Email is another good example of this and so too is Nutella. What is Nutella? A peer to peer network? Well, of course, nobody had to lay cable to make Nutella work. It's a network that runs on the internet. And what is it to say then that Nutella is a network at all? It's a network because it's a series of people all who run Nutella. And what does Nutella do but try to talk to other people who run Nutella? So you can knock on a computer's door that's sitting on the internet and say, hi, are you Nutella running? And if the computer isn't, well, I guess it's not part of the Nutella network. And if it is, then why it is? This is kind of like having a network of Republicans. I wouldn't recommend that you go knock on doors and ask people inside if they're Republican. But if they were, you could then say, okay, from now on, I'm going to give you this special Republican newsletter about, I don't know, guns, butter, what do Republicans talk about? But this sort of thing is the way in which Nutella is itself a network. And just as Republicans don't need permission from anybody to so label themselves and to organize, I guess if you weren't a Republican and said you were, there might be trademark infringement issues, but that's Terry's department. You don't need on the internet any permission to come up with something like Nutella, even though it can annoy, even threaten the powers that be to a large degree. That at least is the internet as it stands in early 2004. There's plenty of reason to think that the internet may change so that deploying things like Nutella precisely because it is thought to be threatening to certain interests, you can think of your own interests that might be threatened by some other new program. There's reason then to think that maybe that would change. But right now at least it's thanks to hourglass architecture that anybody can write software that is network aware and deploy it and gatekeepers in the middle typically have very little to say about it. Okay, so that's an example of the things that can run on top of the internet. In the middle of the hourglass is what we've been dancing around so far, which is internet protocol. That's the stuff that the IETF had been working on. And those are the fundamental protocols by which information is to get transferred around the internet. So I'll give an example of how routers work. Those are the fundamental units of devices that pass data around on the internet in order to give you a flavor of internet protocol. The first step in understanding this is to realize that if all computers on the internet are able at any moment to talk to any of the other computers on the internet, there has to be some way of keeping them straight. How do you know when you're sending out a packet of data whether it's going to one computer or another? I mean, you don't want to send it usually to everybody around. That would be both spammy and probably a little bit broader than you intended your message to go. So the way that internet engineers solved this early on was to imagine a unique number being assigned to every single computer on the internet, at least for the duration of time that computer was on the internet. Now these numbers range from zero to a lot. It's thought to be, I guess, a 32-bit address space. I'm not sure, but I'll look it up and maybe issue an addendum to this DVD later. But roughly speaking, they've divided the number into a hierarchy of four numbers. So 128.36.0.19 is an example of a solitary internet protocol address that, again, typically is meant to represent the presence of one machine on the internet. And each of those numbers goes from zero to 255. So if you multiply 255 times 255 times 255 times 255, you get the greatest potential number of machines that there could be under this version of internet protocol, IPv4. The internet assigned numbers authority, not incorporated, no president, no headquarters, really. I guess there's some offices at the University of Southern California, Marina Del Rey, where John Postel used to work. He was a researcher who did a lot of work on numbers and naming in the late 60s, early 70s and participated very much in the internet engineering task force and was the so-called RFC editor, which meant to say he issued documents and numbered sequence that described how internet protocols worked. And people who wanted to pitch in on developing these protocols would at one time or another put those documents under John's nose and he would decide whether or not they were worthy of inclusion in the RFC, Request for Comments series. He, among other things, assigned numbers. So it was up to IANA, again, not really a formal company, but just another name for John, to assign a number or a block of numbers to an internet service provider so that provider could in turn assign those numbers to its customers. That could be AOL, that could be Harvard, that could be China. Anybody in the business of hooking people up to the global network needs to have numbers to hand out to give them. And it was from IANA that they would originally get these numbers. There's been talk for several years now of the danger of running out of numbers. Again, it's not just like you can add one to the last number and then have a new one. And the way the hierarchy's been done, there's been some real worry about this and a new protocol coming around called IPv6. I'm not sure what happened to IPv5 that's supposed to allow for more numbers than there are stars in the known universe. But it turns out that even though lots and lots of computers have been added to the internet and in fact we're now starting to enter the era in which toasters are on the internet, maybe one number would be needed per slot, that sort of thing, we haven't had the shortage in part because some people have done work around technology so that people can end up sharing a number. If you have one of those cheap Linksys boxes, a home gateway for your broadband connection and you're sharing it among several computers, from the point of view of your cable company and for a while to their chagrin, it looks like you only have one computer hooked up when in fact you're sharing it among several through a process called NAT, numeric address translation and the cable companies for a while couldn't decide if it was a threat or a menace and I then think they decided it was both and are still wondering quietly if there are ways to somehow track NAT activity and of course charge you for extra computers that you might try to put on to the network. To the network purists anyway, they hate things like NAT. NAT makes it harder for computers to talk to each other across the internet because the principle of one number one computer is violated and for the purists, the people who work with IANA or with the IETF, what they'll typically tell you is NAT is awful. It's time to make sure we have enough numbers to be allocated wisely to have one per each computer. So let's presume that's what we're doing. We have each computer has a number. Let's just talk about now how you move the data from one computer that maybe stays in New York to another computer that might be in Los Angeles. So I have a diagram here. At the source, let's say that's where the data begins. You take the data and let's say by hook or by crook you have found out the internet protocol number of the destination to which the data should go and it's very far away. What happens is you hand that data to your internet service provider because unless the computer is in your very room, chances are good, it needs to leave your room and get to the ISP, that much you know. So off it goes to the ISP. The ISP in turn might well have its own ISP. So all they do is kind of serve as a middleman. It's kind of like you hand a package to mailboxes, et cetera. And for a huge markup, they just hand it to UPS because for some reason you didn't think to go to the UPS store yourself, although I understand that UPS has now bought mailboxes, et cetera. So they are one and the same thing. Anyway, your ISP may have an ISP, it in turn may have an ISP. That's why you see those three circles there. But at some point, if your data's going far, chances are good, it enters what you call, as a technical matter, the cloud. The cloud is the middle of the internet and much like a real cloud, it's never quite clear just where the middle is. You might be in the middle of it, even if you think you're at the periphery and vice versa. But imagine giving all this data ultimately up the ISP chain and AT&T has got it. And it turns out that the person to whom it's going, by number, there's reason to think that it's a sprint customer or a customer of a customer of sprint and it should go that way. Well, AT&T and sprint, generally have agreements with one another, such that sprint agrees to take all the packets from AT&T destined for sprint customers and AT&T agrees to take all the packets from sprint destined for AT&T customers, roughly on a handshake. They are then peers and as they peer, they just give data to each other as it goes about its way. And ultimately then it might bounce out the other side of the cloud over to the set of internet service providers who serve the ultimate destination. For this to work, it means, generally you wanna clump your internet protocol address numbers together so that 140.247.anything.anything is over in this direction, topologically speaking. And that's how you know roughly what direction to send it. Even if you haven't yet figured out the ultimate final place where the data is supposed to go. It's sort of like having a bucket brigade and to illustrate this, why don't I just imagine doing the US Postal Service, not with a postmaster general who has a huge fleet of trucks, government-run trucks that visit every single American home and business six days a week. Isn't that amazing? An agent of the government knocks on everybody's door every day except Sunday. That's pretty astonishing and it requires a lot of centralized hierarchical control. It's not a decentralized internet-like network. So imagine if you didn't have an opportunity to have the postman do your work for you. How might then things work? Well, the idea is to have people near you do some of the work for you. And how best to explain this? Well, getting back to our cloud idea, if you look inside the cloud, you just see lots of little clouds inside and imagine I wasn't speaking to a camera but instead was speaking like a normal person would to a room full of people. If I wanted to move a microphone or my clicker from the front of the room to the back of the room, I could hire some person to take it and run it to the back of the room. That's the US Postal Service way of doing it. Or I could pass it just one arms reach ahead to the person in the front row who would pass it back a row, who would pass it back a row and eventually it would get to where it's going. And to get back to the Postal Service metaphor, it says if you went to your front door and you checked your mail in the late afternoon and there's some mail for you, you take that in your house and you throw it away. There's some mail for people that are west of you and you just take that mail and you have reason to know which way west is and how it's been addressed so that it's just westerly. Maybe you see it's addressed to California and you're in Massachusetts, so you know it has to go west. So you walk one house westward and drop it in their box and then go back to your house. And there's some mail for the east, you walk to the east and you do that. There's some mail for the north, you walk across the street, put in the house across the street and then you're done. And it's not asking a lot of any one entity to just do that short hop but if you multiply all the hops together, eventually you can get to where you're going and that can work quite well if you again, you don't want to have to fund a massive network of postal trucks to get the mail to where it's going at roughly the third class rate. That's the fairly effective metaphor for even today how the internet works. So you can try to implement a one to many model using this bucket brigade sort of means of conveying packets. You just better have a very big source and everybody tunes into it all at once. And of course you have a very big source and it's shoving lots of data out at CNN.com and suddenly everybody wants to hear about Justin Timberlake it had better have a similarly large internet service provider capable of handling all that traffic. But at some point it all ends up in the cloud and you can't guarantee the size of everything in the cloud. At some point it's just sort of in the general stream under the care of somebody who hasn't formally contracted with the big source on one end or maybe even with the destination at the other end. And that's one reason why quality of service, technical term of art that means being able to guarantee a certain amount of bandwidth, a throughput from one end all the way to the other is so difficult to achieve and it's one reason again why video streaming can turn out to be pretty dicey even though you've bought the largest connection you can it's only guaranteeing a certain connection a certain distance into the cloud and if the person from whom you are streaming is far away and there's some bottlenecks in the middle that's about it. You can only do so much. A strange but true fact even about today's internet that may be evolving. You can see lots of business reasons why this is no way to run an outfit that wants to stream stuff to you but that works just fine for email and instant messaging where taking five seconds rather than three seconds makes basically no difference to the people using the net. Another way of thinking about getting data around the net is through a sort of peer to peer model. Peer to peer has kind of gotten a strange distinct name thanks to things like Nutella and Napster but it's a much more generic term indicating a distribution of resources of bandwidth across many of the entities on the internet so that you don't end up with everybody standing on one side of the ship at the same time causing it to list dangerously and to slow down as it's trying to get somewhere. So with peer to peer the idea is to just get data from whoever's near you and Nutella in its fundamental form is an example of a service that tries to distribute information around from lots of people and it allows consumers to be producers, suppliers of content even if it's not their own whether for good purposes if you wanna judge it that way or depending on the activity for bad. SETI at home is not a peer to peer network it's quite centralized I don't know if you're familiar with it it is the search for extraterrestrial intelligence and the idea was that they had tons of numbers to crunch they had a bunch of data that had to be combed through using processing power to see if there were any patterns within it and whether the movie Contact with Jodie Foster and that big device that fell over a book by Arthur C. Clark. Anyway, whether or not perhaps that scenario could turn out to be true requires lots of number crunching to find out. So SETI got the idea of breaking the data into lots of little chunks and sending it out to be processed by you the screensaver. So you might download the screensaver and on the internet from the central source mind you get the data crunch it at your house and then send back the results. This became actually so popular that even though they had tons of data they ran out of data to send people because so many people were offering up their computer processors and what turned out to be a mini scandal and what passes for the nerdy geeky world gave the same data out to multiple people because they didn't want them to feel bad that there was nothing left to crunch where it was crunched all over again. So scandal in the SETI household you heard about it here first. Anyway, that's just an example of a screensaver designed to entertain you while it crunches the data as part of the SETI program. Okay, so let's turn to another problem. It's a little bit above just the issues of routing we've been talking about and that is this is an example of some fraudulent spam that I got not too long ago. Dear valued AOL customer, we've changed our policy you should reconfirm your account information and just click here at verify.aol.com and as you'll see that's a little link it turns out that that's not where you go that's a hyperlink that goes to a different place which probably somewhere in Russia eager to take your credit card number and use it for illicit purposes but this is amazing right because here it is it's coming from billing at aol.com and if you were replying to it it would go your reply to billing at aol.com so how do they manage to say that they're billing at aol.com when they are clearly not and that's because again the internet engineers faced a question when it came to identifying people not just by number but by identity how do we identify people when they sign up for their email and one answer is well we can maintain a central database of what computer maps to what particular email address but that's a big pain and why not just turn to where the knowledge already is namely in the people themselves people can just come up and say I know my own name I don't need to look it up I will simply write it on the return address of the envelope similarly to the way with the postal service you'll write your return address and you want to write Bill Clinton the White House in the upper left hand corner I know that's somewhat dated but George W take your pick nobody stops you from doing it and similarly the email system wasn't designed to avoid fraud I think in the first instance because people didn't think there would be much reason to want to pretend you were someone other than who you were particularly for nefarious purposes of course that seems somewhat naive these days and in fact if I expand on my Eudora some of the header information asking my mail server eon.law where it got this mail from it turns out it's coming from a BG which I think is either Belgium or Bulgaria address definitely not an AOL outpost but something very subtle kind of like really squinting at the postmark and saying wait a minute White House, Bulgaria, I'm not so sure that's the kind of thing you find yourself having to do which seems awfully strange for a service that people are trying to sell to grandmothers and others who stereotypically aren't computer geeks so this leads into the next subject which is basically why is it so easy for us to get viruses and worms and these sorts of things and what can we do about it well this is the cover of the national strategy to secure cyberspace a report from now just about a year ago which had two points to it point number one was be very afraid cyberspace is awfully insecure we're all going to hell in a handbasket part two was and what are we going to do about it public-private cooperation which of course is a euphemism for nothing now why is that what's being called for because it's awfully hard to see what else you can do the people that wrote this report saw a threat but the way the distributed net is with almost all of the smarts the processing power the applications all of the action happening at the edges at each computer rather than in the middle at some controlled network it makes it awfully hard to exercise control except one computer at a time urging people to take their respective computers and update their virus definitions and stop clicking on anacornacovid.pif thinking that you're going to get a picture of anacornacovid when in fact you're going to give yourself a virus and send copies of the virus to everybody else because what are you really doing you're double clicking on a program indicating you want to run it whatever it does and it happily says yes I'm a new program I'm like Nutella I'm like a web browser I'm a network aware program and my job is to send copies of myself to everybody in the address book or otherwise that I can find on the computer again an example then of people at the edges being the weak links propagating the stuff simply because they don't know where to click but an inversion then I guess not but and an inversion the fundamental freedom of the internet which is for anybody using it to be able to innovate and to do whatever he or she likes without having to clear it first now there is some precedent for this sort of thing as exemplified by uh... this which is a captain crunch boson's whistle which came as a prize in the uh... mid-seventies with cap and crunch cereal it turns out that if you were to whistle through it and clear it out of the uh... serial detritus that was inside it would emit this tone which turned out to be exactly the tone that if you blew it into a pay phone would indicate to the pay phone that a quarter had been dropped in so free phone calls for purchasers of cap and crunch cereal a little known benefit to rotting your teeth this was a phone network then that was meant to be controlled using the same channel of communication through which you spoke the users were who how did they know empowered to control the network simply by uttering the right sound well you can bet the phone network very quickly fixed that wagon and now if you blow the cap and crunch whistle all you do is annoy people it doesn't give you free phone calls anymore the mode of control of the phone network is separate from the channel of communication the phone network so if you want to cheat on your phone you've got to come up with ideas like collect calling your friend at a pay phone and having your friend accept the charges which then get billed the pay phone kind of thing but uh... not that that would work so uh... that's an example of a lesson learned from the phone network and implementable by the phone network that hasn't been carried over into the internet particularly because there's no they're there in the middle there's no a t and t alone to say all right we're just going to fix this no more can you control routers or computers by using the internet itself instead the channel of communication on the internet is almost inherently the channel of control and that's what makes it so hard to control as a a way of trying to tamp down innovation and as a way of trying to tamp down viruses and other awful things that keep happening over this network that is more and more being used in a way that people really want it and need it to be up twenty four hours a day seven days a week as a quick aside by the way uh... to control dialing a phone numbers a t and t uh... chose to switch from pulse dialing literally hanging up and picking up the phone rapidly uh... kind of tapping the uh... uh... the place where the handset goes in order to indicate what number you were dialing with touch tone what's touch tone but sound that's controlling using the uh... mode of communication itself and as a result thanks to touch tone phones and touch tone uh... standardization you could have things like answering machines not made by a t and t that could be controlled from far away using touch tone phones and today t and t had a chance to think about this and bill gates been running and they would never have handed the rest of the world away to develop things like voicemail on an answering machine that compete with voicemail from a t and t simply by having unleashed touch tones they would have done it uh... quite differently the way that version two point oh pay phones not susceptible to post and whistles would have done getting back then to the way the internet works because it's distributed uh... you can see viruses spreading throughout from one pier to another from one anaconda cova piff clicker to another without anybody in the middle easily able to do something and only recently have we seen internet service providers trying to do for example with email some preliminary scans of it to alert their users hey this had a virus in it but we stripped it out it's a form of control that is p's and cherry of doing and only seeing very few alternatives is more and more infections are taking place have finally turned to uh... to do these sorts of things have come about here's a report on uh... the sapphire uh... worm that uh... hit a while ago since high-speed worms are no longer simply a theoretical threat worm defenses need to be automatic there's no conceivable way for system administrators to respond to threats of the speed human-mediated filtering provides no benefit for actually limiting the number of infected machines this is now saying things have gotten so out of hand we need to actually have the equivalent of patriot missile batteries that are automatically firing at worms assuming that their worms before a human is even had a chance to judge them this is a form of trigger happiness that again may well be required but is starting to rub up against the idea no questions asked you hand me a packet i passed the packet i don't care if you're a democrat or republican i don't care if the packet is pro-democrat or pro-republican i don't care if it's good if it's bad if it's music of its text i'd just pass packets that form of neutrality is ebbing away at the edges to prevent network abuse like viruses but second to prevent institutional abuse abuse of record companies by looking for packets that aren't threats to the network but are uses of the network that threaten other people these are the sorts of changes that are coming about what had previously been a free-for-all open network kind of like the last day of woodstock where it really just started to rain and everybody realized they were just on some guy's farm and it was time to get out that's the sort of moment we'd be at right now on the internet but what had basically been a big party where nobody would lie about their identity has turned into you know this is instrumentality contraband of abuse of network threat coming up with strategies for dealing with it that don't end up tamping down on the innovative capacity is one of the biggest challenge facing the thoughtful internet policy person today including exactly where to try to insert control among the backbone providers among internet service providers or one computer at a time uh... notice by the way as part of this report uh... it points out that uh... sapphire represents a significant milestone in the evolution of computer worms although it did not contain a destructive payload it's spread worldwide in roughly ten minutes most viruses and worms their damage is that they spread that's all they do they arrive on your computer and promptly use your computer once you click on it or otherwise activate it to send themselves to other computers the disruption to the network is just in all the emails that are generated as it's trying to spread when the literal network traffic of the emails passing along this is kind of weird right what if in addition to the worm going through your address book and busily looking for addresses to automatically send itself to it decided oh and by the way delete everything on the hard drive it's four more keystrokes from the virus author but very rarely do we see worms and viruses that try to do such things viruses are incredibly sophisticated sometimes they will go to great lengths to look for virus software on the machine and disable it i mean it's really incredibly sophisticated stuff the leading hard drive would just be like that and yet they don't now this might be because they're written by twelve-year-olds and twelve-year-olds don't delete hard drives they just like to spread the thing it might be because their proof of concept it's like the next one will erase your hard drive we just wanted to see as a test whether the first one could propagate a lot uh... you can imagine the white knuckles of the people that write reports such as a strategy to secure cyberspace realizing it's just by the grace the good graces of the virus authors you don't have billions and billions of dollars worth of damage to these computers as they get erased or data gets altered randomly imagine a virus not that this is a suggestion going into spreadsheets and just changing numbers every so often and suddenly you couldn't rest assured that your spreadsheets hadn't been tampered with that's a virus that would keep people up at night and it's just as easy to write as the ones we see today so there's anything to this presentation be afraid be very afraid and let's have more government private sector cooperation so okay um... oh i did another interesting footnote on the worm front uh... one of the worms uh... ms blaster was followed on by someone else who wrote a worm which one spreading removed the ms blaster worm they were so frustrated with people not removing it themselves they sent out a new worm that went into delete the old worm some users even welcomed it my computer hasn't been right since it was affected last week said nadine novell a manhattan textile worker who uh... then got the second worm and was thrilled to see that uh... it fixed the first one okay so this gets back to one of the principles underlying the original internet that made it so right for the sorts of problems and issues we've been talking about right keep it simple that's the bob braden quote keep it open growth could come for anywhere that's also the bob gradient quote technical meritocracy that's my rather hurried description of the way the itf works why does john postel run it or why did he because john postel's a really smart guy he's a good judge of what's a decent proposal what's not fine he should be the rfc editor did we take a vote on it now is kind of by acclamation he volunteered he will be until someone else does it that sort of thing build protocols assuming people are roughly reasonable and nice now it's these sorts of things that can only make somebody ask is this some kind of joke it wasn't a joke to begin with it really was a series of safe assumptions by people who built networks primarily in the first instance used by people who build networks that's right the first use of the internet was for people who use the internet and build the internet to talk about how to use and build the internet somewhat circular but again people uh... for whom their idea of a joke is to issue one of those rfc documents about how to do network protocol using carrier pigeons rather than spoofing a an email from aol and asking for your credit card number so maybe a better way to ask the question is can the internet really work over the long haul and answer that question realize that there was doubt at the beginning whether could even work over the short haul in nineteen ninety two we had from my bm the observation you cannot build a corporate network out of tcp i p that was the air which if you want a corporate network you'd come to i bm and they'd sell you an expensive network or novel right number novel networks had to just buy this stuff and maybe it would hook your computers together and maybe it wouldn't those protocols have all gone by the wayside both because of the flexibility of tcp i p because of the price which is hard to beat the intellectual property protection zero basically a gift bestowed upon the world by these i e t f is working together to create something sometimes using government grant sometimes in effect using the largest of their employers who are sparing their time but no one racing to claim ownership of it that's what built the internet that we use uh... scott bradner one of the i e t f is fond of pointing out that essentially i'd be almost calling the internet of b why abhi there's some bees on slide right now i don't see them because i guess for a while this is apocryphal aerodynamicists if presented with a schematic of abhi would say that it might make for a uh... like nice plush toy but it was not in fact something that would fly it just let me be a look at it there's no way in being fly but of course it can and the i t f is look at this is a hour basically a b if you know how to fly really well even though it looks like it wouldn't work and i'd be on wasn't crazy they were just wrong to say that it couldn't i guess the question i would ask is well you know at some point like imagine it starts raining i don't think these can fly in the rain very well they all just going to the hive or something until the storm is over the question now is are we in a situation thanks to all sorts of problems that have come up some of which are network saturation and abuse related some of which have to do with the anonymity and other features built into the original internet uh... that have led to its abuse people will no longer subordinate that are in power and they will find to need it changed what are the things that are missing that we can expect to see added on later some form of quality of service letting some packets travel more quickly than others get out of the way email i'm video and i'd better get there soon or i'll start looking her key jerky packets are dropped out ways of ranking things that seem kind of innocuous right why shouldn't you have such a scheme but then before you know it of course some schmuck will decide that all of his packets are incredibly important get out of the way video i'm donald trump's email and i deserve to be there suddenly a rather egalitarian framework of we all suffer the same random glitches in internet service can turn out to be now let's let the public schools suffer let's have donald trump get really fast service county and traffic management these are the sorts of things in whose absence you see the likes of sprint eighty and t exchanging data at these major exchange uh... points on a handshake i'll take your data if you take mine is just too much of a pain to measure who's doing what where it's going and who ought to be profiting from it the more you can do accounting and traffic management of course the more you can start to take what is something where there had not been a market and therefore simply a rough exchange and start making a market out of it is it good or bad well it might be good because it helps allocate supply to demand properly it might be not so good because suddenly you want to send a packet through that bucket brigade is if i want to send this thing to the back of the room again and with accounting and traffic management we can have one person say well i'll pass it for a penny and the person behind him says you know pass it for a dime and i'll eleven cents just to get it two rows back these are the sorts of things that maybe look pretty bad relative to a system in which it never occurred to anybody to charge there was no easy means of doing settlements or it might be pretty good might people be more inclined to share their wireless if there were some way to simply advertise their wireless access point by saying yeah you can look in if you want and it'll cost you all i don't know a dollar for an hour and then people come by and they start paying you dollars while other people start setting up access points and before you know what the creation of the market has led to a creation of supply to meet demand these are deep questions only glancingly uh... asked and answered in early two thousand four again for which there are likely to be uh... some answers within a few years encryption security we haven't talked too much about but these are again things that aren't typically implemented the network level right now in ipv4 there's some thought they might be around an ipv6 in the meantime it's up to the endpoints to worry about encrypting things there are ways to do it but uh... most uh... people still haven't really enabled such things an authentication which is to say being able to utter with certainty i am who i say i am and you can really believe that and you can mean it and these are the sorts of things that would now allow for example a possible elimination of the spam problem uh... because all of a sudden uh... if there were a way to easily authenticate who you were people receiving email could say if email comes in and they haven't bothered to authenticate themselves trash it. I only want to get email from people who are willing to say who they are and then if somebody who's willing to say who he or she is sends you spam that's it. I never want to hear from them again and they have to go find someone else to send their spam it's a way of not just creating one fake identity after another in order to get the spam through these are the sorts of things again that are under uh... construction so uh... with that i think we're almost out of tape i'm eager to uh... meet you at iLaw i'm sure there might be lots of questions things that i sort of skipped over ran through uh... never really defined the request for comments documents all sorts of things like that but uh... that's so that if this tape is pirated there's still significant gaps in your knowledge and you'll have to come to the live presentation at iLaw uh... to learn about it so with that i will sign off wish you well and see you soon