Book Review: The Future of The Internet, and How to Stop It

[A version of this review appeared in the EPIC Alert, 15.09. Sign up for the EPIC Alert here.]

Professor Zittrain‘s modestly titled “The Future of the Internet — And How To Stop It” elucidates what has made the Internet so successful, so creative, and yet has also placed it in danger. Zittrain finds the solution by isolating ways these key ingredients can be used to solve the rising problems. From the punch card census to Wikipedia; from the Internet worm to massive botnets run by mobsters; from government mainframes to embarrassing user-generated viral videos, Zittrain covers the gamut of the Internet history and experience, tying it under his model of the competition between generative networks and controlled, limited appliances and networks.

As Zittrain explains, the Internet is a generative network — it fosters innovation and disruption — in contradiction to appliancized networks such as the old America Online or Compuserve, which greatly limited innovation in favor of control. This generativity works on several “layers” of the internet — from the basic IP, or Internet Protocol, to devices, operating systems and even the content or social aspects of the Internet. This generativity has allowed the explosion of the Internet and its various uses: any device can be made to connect to the IP protocol; transport protocols such as FTP and HTTP can be made to work on IP; Websites and email services run on those protocols; computer components can run many operating systems; operating systems can run any software; Wikis and other software allow anyone to modify websites without the need to learn HTML. This he calls the “Hourglass structure of the Internet”:

While generativity has brought the Internet’s benefits into existence it has also brought a new breed of problems. Computers that run any code can easily fall victims to viruses, and become sources of annoyance or malfeasance to the rest of the Internet. Compromised computers can launch spam, phishing and denial of service attacks. One answer to these problems is to reduce the generativity, to create more “tethered appliances.” In some ways the next generation does not see the same generativity that the Internet previously had. Youth communicate via instant messaging, texting and social network sites, avoiding e-mail as too filled with spam, viruses and phishing attempts. Zittrain considers these “contingently generative” services — you’re free to do a lot, to create, but this license may be withdrawn.

But centralized, contingently generative devices raise other problems, of control and information collection. An automobile with a navigation device under control of a provider can have that device hijacked for eavesdropping by law enforcement. A digital video recorder that receives updates from its central server can be updated according to a court order, disabling functions that users were expecting.

Zittrain offers a different solution from the tethered appliance model. The answer is to promote solutions that preserve and indeed depend on the generative features. At the technical level, computers can be technically configured to easily recover from user mistakes — undoing virus installations. Or users can share simple statistics about their computers, allowing the creation of systems that decide whether new code is safe or not.

Privacy is the subject of one chapter, with Zittrain proposing that the solution for generative privacy problems lie in the “social layer.” Privacy regulations, based on the 1973 principles of Fair Information Practice (FIPs), are appropriate to “privacy 1.0″ threats of centralized information collection. Privacy 2.0 sees the dangers of ubiquitous sensors, of peer production and reputation systems. Zittrain would promote code-backed norms — so that one can list one’s privacy preferences similar to the way that the Creative Commons facilitates one listing their Copyright licensing preferences. Or users could be enabled to contextualize their data online, or enact “reputation bankruptcies” that would expire some of their older activity. But these ideas are still reminiscent of Fair Information Practices, still focused on the privacy 1.0 principles. Code backed norms are simply another way to talk about user control and consent. Contextualizing one’s data online is similar to the FIP of being able to amend or correct a record. Reputation bankruptcy is akin to deleting a record. And lastly, social networks are not quite distributed — YouTube is a centralized place to take down videos; Facebook and Myspace can both surveil as well exclude the content on it.

Norms and methods for expressing privacy preferences may help, but ultimately privacy 1.0 harms will remain and may indeed grow with the Internet. Privacy 1.0 solutions are still out there, but it looks like we’ll just need new ways of enacting them. Traditional concepts of privacy protection will still be relevant – they just need to be re-thought, engineered in. Perhaps even re-generated.

Posted: May 29, 2008 in: