 And now please join me in welcoming Caleb for his talk, BGP and the Rule of Custom. Thank you. Thank you. And thanks for coming. Tonight I'm going to speak to you about the BGP protocol, but it's not going to be that technical. Specifically, I'm going to concentrate on the way that BGP molds human interactions. So, there. I'm aiming at making this a reasonably accessible talk, so if you catch me using slightly incorrect terms for something, consider that I'm optimizing not only for the clarity of the correctness, but also for the widest possible audience. So, protocols that are at their root, systems of governance, so I'm going to propose a framework to think about governance, and then as I describe BGP, we will be able to analyze it through the lens of that framework. And so, as my slide shows here, I find it useful to dichotomize governance systems into either institutional, like democracy, or network, like the family, or like the CCC. And when you think about institutional governance, think about democracy, think about law, think about rights, equality. These are all concepts which are protected for us by an institution, in this case it's the state. And when you think about networks, think more about the family, think about reputation, honor, mutual respect. These are representations of the network governance model, and the network governance model turns out to be very important to BGP. Now, I'm going to argue that we need both institutional and network governance, and each one should be used for what it's best for. So, well, first I'm going to talk about where BGP came from. So, the year was 1989, and there were two people named Kirk Logheed and Yakov Rector, and they were having lunch. And at the time, the Internet of the Day, then known as NSFNet, was facing impending collapse, let's say. NSFNet was at the time experiencing explosive growth, and the EGP routing protocol was reaching the point where it just could no longer work. So, during that lunch, they defined a new protocol which they jokingly referred to as a two-napkin protocol, because they drawn their diagrams out on napkins, and we have here some photographs of those napkins. Something to understand about BGP at the time, and it was that at this time the so-called Internet was considered kind of this weird anarchist experiment. You see, real networks used grown-up protocols, such as X25, which, among other things, made sure at the protocol level that when you sent a piece of data, it would actually reach its destination. By contrast, Internet protocol was what we call a best effort protocol, meaning that sometimes a packet might arrive mangled, or maybe it wouldn't arrive at all. Computers on the Internet usually just use the TCP protocol to put the pieces back together and to resend the broken ones, but TCP is not really part of the Internet itself. It's more an application that runs over it. And it's telling that in this era, the Internet was referred to as TCP slash IP because at the time it was expected that any network must be providing reliable transport. Now, the effect of IP's simplicity as compared to other networking protocols cannot be overstated. And to consider a different protocol even, the one used in telephone networks, even to this day, it's so mind-numbingly complex that it actually encourages the telephone companies to monopolize in order to manage the protocol that they use. In fact, the Sonnet protocol that's used in the American telephone companies, there's an equivalent one here in Europe, it actually requires synchronized atomic clocks in the routers in order to schedule the messages so that there's an empty moment in each line that's just for the message to pass through. And in contrast, the simplicity of IP and the political design of BGP have allowed for just about anybody to become a network operator. So what is BGP? BGP is a protocol which every Internet router uses to talk to other routers when they're talking across an organizational boundary. See, inside an organization, you control all the computers so you can have them talk any way they want. But when you talk across boundaries, the long franca of routing protocols is BGP. And BGP involves two types of identifiers which organizations need to apply for. These are IP addresses, which most people know about, and they're the lesser-known autonomous system numbers, and each network provider has an AS number. Both IP addresses and AS numbers are issued by ICANN through its regional registries, which manage this issuance kind of in accordance to need. And an autonomous system is a network operator such as an ISP or a hosting provider, and having the AS number means that they're able to speak as equals with all the other network operators. It also means that when they interconnect with another network operator, the fact that they're interconnected is public, and that's a very important little piece of BGP. Now, BGP is, unlike the EGP routing protocol before it, a mesh protocol. And this fact has proven highly significant because it's created what I call the imperative to peer. And to understand the imperative to peer, I'll give you a scenario. Let's say that you and I are each a medium-sized network operator. So your customers want to talk to my customers, my customers want to talk to your customers. But as medium-sized network operators, we both need to buy internet from somebody else that's bigger than us. In the industry, we call this the upstream provider. And if my customers are asking for websites hosted by your customers, normally what's going to happen is I'm going to get those requests, and I'm going to have to send them to my upstream provider. They're going to give them to your upstream provider, who's going to give them to you. But since we're both paying for those links to our upstream providers, we're sort of paying for that traffic in a way. And now, if you and I happen to have routers in the same data center, then we could just run a wire across the room and then peer with one another, and BGP will bypass our upstream providers and route the traffic between me and you and me. And it's much more efficient. Now, it's important to understand that peering means you and your customers will talk directly to me and my customers. What it doesn't mean is that you can use me to reach my other peers or my peers' peers or my upstream or someone else. To do that, you'd have to be my customer. Because peering has this limitation, it's usually mutually beneficial for two ISPs to just peer. And usually it happens with no money changing hands. And in fact, it almost always happens there's not even any paper contract. They just say, well, it makes sense. Let's run a wire. Now, in this scenario, you and I needed to have the upstream provider. And you might wonder, well, who doesn't need an upstream provider? There must be someone at the top. Where's the core? Well, the core is a series of what we call tier one providers. And in this picture, we have white lines which represent the peering agreements and the red lines represent the customer agreements. The tier ones are the people up at the top and they can reach anywhere on the internet using a peering agreement or a customer. They don't need to buy internet from anyone. However, they do need to pay the upkeep on their massive fiber optic networks which give them the global reach to get these peering agreements and to get these customers which makes them a tier one in the first place. And you can also see some interesting things. In the case you can be a customer and also appear. And you can also have multiple upstream providers. But with tier one, there's a bit of politics. See, tier ones are hesitant to peer with smaller operators if there's a chance that if they refuse to peer, the smaller one might alternatively become a customer. And so it's a bit like marriages between wealthy families because peering between tier ones, it's a complex process and they're each striving to ensure reciprocity of value. Now, small networks, on the other hand, they're not so concerned about this and so they're ready to peer with each other quite liberally. And this has created a situation known in the industry as donut peering wherein the tier ones are actually increasingly being routed around. And it's worthy of reflection. The fact that while sonnet with a synchronized atomic clocks has made an incentive to monopoly. BGP with its imperative to peer has created a situation where monopoly is discouraged. However, this system also has means of preventing bad behavior on the internet, which it works astonishingly well while at the same time preserving almost absolute free expression. So this is a chart of the percentage of all email that is spam. And to understand why this chart is remarkable, consider what a bad protocol email is. Email is basically a push protocol with an unlimited free speech. So all you got to do is get on the internet, fire up a mail server, and you can just send spam to anyone. It's magic. So really this percentage should be like over 99% but it's not. Well, email is an old and heavily used protocol and the network operators have made it kind of a special case. Email is actually one of the few protocols where messing with it can get you kicked off the whole internet. Even if you have your own network AS number, even if you are a network operator with peers and everything, you can still get chucked off the internet if you mess around with mail. So I'm going to try to explain how this works and I'm going to do it by trying to think of different types of actors that exist in the internet service sphere. So there's a lot of actors, of course, but I've made these four main categories which I think helps to explain the situation. And they're the customer, the provider, the network operator, and the civil society organization. So the customer is someone like me. I take an IP address on loan from my cable provider at home and I take one from my web hosting provider. It's not my IP address and it's not assigned to me. It doesn't have my name on it and they can take it back when I stop working with them. But that means I have relative anonymity because I'm not out there looking for peers. I have my provider. They know who I am. They know me. I know them. Nobody else needs to know who that IP address is associated with. However, my provider can trivially turn off my access to the internet, but by the same token, I can usually choose which provider to patronize as well. Modulo, the monopolies and the cable companies. Providers, on the other hand, they're not anonymous. They have to maintain relationships with network operators. They have to seek customers. They're out in the public. Providers also have an incentive to keep customers so they can't be obviously scammy and they can't provide bad service. They probably shouldn't be scummy and they can't provide bad service. They also have an imperative to stay friendly with at least one network operator. If the network operators just hate them, then they can't find internet. Providers have their own IP addresses. They're assigned to them from the internet registries. And so they can connect with multiple network operators, including even having peers. Although in practice, they often keep their networks fairly simple. But because of the way BGP exchanges information, their peers and their providers are publicly known. And as me, the little customer, borrowing an IP address, I'm fairly opaque. Now network operators, they're somewhat like providers. They provide a service, but in general, they make their business around providing raw internet access to smaller providers. And that's why I've differentiated them. Network operators are very much not anonymous. They have to have large numbers of peering agreements and customers, which again, all of these connections are transparent because of the way BGP works. And they're strongly pressured by the imperative to peer. If they're not able to find peers, then all the network traffic will have to be paid for. It can even squeeze them out of the market. They do have some powers though. They can refuse to peer with a network operator and they can even disconnect a customer, which they might do to maintain their reputation. Last group here is civil society. These are organizations like Team Simru and Spam House. They dedicate their time to shedding light on the bad guys of the internet. They're not anonymous as organizations, although their members can be hidden. And they also maintain lists of IP addresses and AS numbers, which are either known to be operated by spam organizations or which are just unused and shouldn't be existing. Internet civil society doesn't have any direct power, but their power comes from their reputation for providing valid and useful data. They're also able to do their job because of the transparency of providers and network operators, which is built into BGP. I'm going to tell you a story about two providers. One is called Macolo and the other is called PRQ. Both of these organizations were founded in 2004, and both of them have been subject to certain controversy, but tellingly one of them still remains with us and the other one is long gone. So this is the splash page of Macolo back in 2008 before it went dark. Macolo was founded by a 19-year-old student named Nicola Macolo, and it thrived for four years before being taken down. Macolo provided what's known as bulletproof hosting. That means hosting where the provider will keep your server online no matter what you do with it. Bulletproof hosting providers choose not to cooperate with civil society or even law enforcement unless they're forced to. And in November of 2008, the Washington Post gathered some damning evidence that Macolo was a hosting provider mostly interested in providing service for spammers. What's interesting is that rather than send this evidence to the police, they sent it to Macolo's network operators. Like many providers, Macolo bought internet access from two major network operators. In this case, it was Hurricane Electric and Global Crossing. When Hurricane and Global Crossing were given this information from the Washington Post, they voluntarily chose to abruptly cease doing business with Macolo, and the provider was caught off guard, and it and all of its customers went offline. Here's the global volume of spam, which dropped to that day by as much as 75%. Needless to say, no other network provider was ready to begin selling service to Macolo, and their business crumbled. Now, PRQ isn't in some way similar to Macolo. Hey! And in some ways, they're quite different. PRQ was founded by two Swedish guys known in BitTorrent circles as Anacada and Tiamo, and they provide what I call last resort hosting. They've hosted highly controversial websites such as WikiLeaks, but they're probably best known for hosting the Pirate Bay. The Pirate Bay stands out as probably one of the most famous websites to publicly flaunt copyright, going to the extent of actually publishing abuse complaints, along with their sarcastic and humiliating responses. This is something that the copyright industry had never seen before. Our lawyers are just not accustomed to getting replies signed, go fuck yourself. So all four of the founders have spent some time in prison, and the site's data centers have been raided multiple times, and supposedly Hollywood even used threats of trade sanctions against Sweden to force them to shut this thing down. But we find that as Macolo has drifted into historical obscurity, the Pirate Bay is still alive and has even become something of a cultural institution. And we also find that unlike Macolo, PRQ and the Pirate Bay have never had any problem with their network operators. So one of the fundamental tenets of the internet is that network operators are morally, but not legally responsible for the activities of their customers and peers. So they may choose who they do business with, and they will not be held to legal account for these decisions. So what are the lessons that we can take away from this? Recently, there's been a lot of work done on federated social networking protocols. I'm sure some of you will take part in this development, but the vast majority of you will be evaluating them to make decisions about which technology to adopt. And I urge you to give some thought toward the political identities of the protocols which you make or which you choose to make your own. Like many things, systems of communication are defined largely by what they reject, whether that be packets larger than 1500 bytes or Nazi propaganda. And in a protocol, I identify three main ways that these rules can be defined. The first is what we hard code into the software source code. Some examples are message formats and permission systems, but hard coded rules can be extended further with cryptography and especially with blockchains. Hard coded rules are a perfect example of institutional governance. They can be very fair. They are very fair because code applies the rules equally to everyone. And for things which we consider a basic human right, such as private communications, and things which are easily quantifiable in software, hard coding can be the best solution. However, hard rules do have a downside. Ethereum, a cryptocurrency based heavily on the libertarian philosophy of freedom of contract, found itself in a bit of a quandary when a bug was discovered in one of the very significant contracts allowing for all the money to be stolen out of that contract. For those who don't follow the topic, Ethereum was hard forked in order to stop the errant contract and everybody had to update. And while the fork itself protected the participants in the contract, it struck a serious blow to the fundamental philosophy of Ethereum and it serves as a warning that we have a downside to hard coding. The second source is, of course, the central authority. The internet uses ICANN as a central authority to manage allocation of domain names, IP addresses, and autonomous system numbers. The central authority is kind of a poster child of institutional governance. Like hard coded rules, rule by central authority also tends to be egalitarian. Moreover, a central authority is actually capable of equity because it can comprehend people's different situations and adapt to them, something that a hard coded rule cannot do. But a central authority, like a hard coded rule, is prone to coldness and bureaucracy. And moreover, it's quite difficult to create central authorities which do not give certain individuals unaccountable power over others. The third source of rules, or in this case, customs, where this talk gets its name, is from the network. And this is how the network operators and how BGP mostly manage to keep email spam and other bad things off the internet. The network is by far the most humane form of governance. Social norms are passed along from friend to friend rather than rules being forced down upon people by central authority or source code. And we see network-like systems in families, ancient tribal societies, as well as royalty and elite in kingdoms, and of course, online. However, in electronic networks, we tend to associate it with... We get to choose who we associate with from any connected person in the world. But networks also have a downside. They're not egalitarian in any way. Those central in the network are simply more powerful than those on the edges. In the feudal system, law was often applied differently to a person based on how they were dressed or what family they were from. And the origin of the term rule of law, it was initially described as a better alternative to rule of the king or rule of man. We have the law, we have the state, because people demanded them, as in this case, the inequity of the network rule proved unacceptable. But there's an important difference between BGP's rule of custom and the patently unjust feudal system. BGP is transparent. We know which network operators are interconnected with whom, and we know who is protecting the bad actors. And in every case, we find dystopia whenever there's power without transparency, either in opaque proprietary code, unaccountable central authorities, or in networks which form mafia's secret societies in the feudal system. And I think the key message from BGP has to be that whether in central authorities or in networks, power and privacy do not mix. With any measure of power, there must be equal transparency and accountability. So in closing, I hope you'll go out there and make protocols and make systems which far surpass what we have today. And to do that, I suggest looking at the past and what protocols have been highly successful and try to identify why they worked. Also look at the ones that didn't work. Look at the things that died in Hellstorm of Spam. And try to keep it simple. I developed some software before, and something I learned the hard way is that complexity becomes the enemy of adoption. So maybe it's a good idea that we all write our protocols on napkins. Thank you. Thank you, Caleb. We now have five minutes for questions. You know the drill. Please line up at the microphones. There's four microphones, two in the middle, one there, one there. Please don't leave the room until the talk is over. If you stood up, you can leave, but the rest, please stay seated. You can spare five minutes. It's a lot of noise that people keep leaving during the Q&A. Microphone number one, please. Hello. I'm Mem from Sweden. I really like to talk to have an overview of this. I think it was mostly correct. I would say that I'm working with both BGP and DNS. I have no association with ICANN, but I think you put them on the... You give them a bit too much power. They are not that powerful unless you describe them. They don't decide everything about DNS and everything. They're running the IANA contract for these domain names and numbers and stuff like that on behalf of the community like IATF and other multi-stakeholder organizations. They only have the power over the new top-level domains. They don't have the power of the common domain or SC domain in Sweden or CH in Switzerland. So if SC or CH would like to have the pirate bay, ICANN has nothing to do with that. Could you get to the question, please? It's not a question. It's more a show that ICANN is not the king. There's other people queuing, please. Microphone number two, please. Thank you. Great lecture. So what actually is the reason why some legal activities are tolerated by ISPs and some, like child abuse, is not? That's a great question. I think that what it comes down to is what is socially acceptable? So why does some activity, why does some illegal activity like smoking a joint outside not cause you to have the police and other activity like murdering somebody would? It's all about what is socially acceptable to the people around you and what is socially acceptable to the people around them. And in the case of ISPs, somebody is peering with the people that serve the pirate bay, somebody else looks at that and says, ah, it's not, I don't feel that that's a problem. Somebody else looks at them and says, I don't feel that people who think that is a problem, and so it's okay. I hope that answers your question. Do we have an internet question? No? Okay, microphone number one, please. Why do you think network operators being morally but not literally responsible for what content they accept on the network worked so well for Macono and PRQ and doesn't work at all for social media? Oh, great, great question. Why it doesn't work, if I understand you properly, why Twitter is still a crap poll? It is. Well, here's the thing. Twitter has, it's a, I'm probably going to eat a suit, it's basically an institutional governance system. They said, like, we're in charge, everybody is flat here. So on top of a network governance system, they built an institutional governance system and the institutional governance system, it's like a high school, it's just, it's terrible. So I should use this opportunity to plug Mastodon because Mastodon is an example of a system which is federated and looks, well, it doesn't look exactly like BGP, but I think it will in five years. One hopefully brief question from two, please. Yes, hi. Thank you very much for talking about BGP. As somebody knows a lot about BGP and I was kind of wondering if you could help answer a question and that's that, I kind of view BGP as kind of like a static protocol and it was stuck, it was written on two nap kids and it's been a little bit expanded beyond that. My concern is like with rogue countries or someone else harnessing IP blocks and like synchullingtrafficforgoogle.com or facebook.com which has happened several times in the last couple of years. Can you think of a way where you can either get BGP to conquer that problem or with a new decentralized protocol to conquer that problem? Filters, filters, filters, basically. I don't know that much about BGP but I know that some people are in the business of making their filters from the data that's in the whois database that just say this is what you're allowed to announce. Cool, we'll build a filter, that's what your box can send to us. The problem is that ISPs are lazy and we don't have standardized stuff for making these filters so we end up with a lot of people just putting no filter and saying you announce whatever you want and then China announces Google and all the traffic goes like this. And that's all for today, thank you Caleb. Thank you.