>> Kim Ricketts: Good afternoon and welcome. My name is Kim Ricketts and I manage
along with Kirsten Wiley the Microsoft Research visiting speaker series.
Today we welcome Jonathan Zittrain here to discuss with us his rather dire prediction -see the train wreck on the cover -- of where the Internet is going. And it's a place that
puts both innovation and personal freedom in jeopardy.
The Internet and the PCs that connect to it are generative: They can be changed by
anyone, anywhere. This quality has fuelled some of the incredible innovations that we've
all been enjoying and enriching our lives, such as Wikipedia, Facebook, YouTube and
others. Yet, the very qualities that make generative technologies amazing also make
them at risk, and frustrated users are seeking the safety and reliability of controlled
devices where only the creator of the device can change the features. The Internet is on
the path to an appliancized lockdown. But must we choose -- have to choose between
security and freedom in the Net world or can we have both.
Jonathan Zittrain holds the Chair in Internet Governance and Regulation at Oxford
University and is a principal of the Oxford Internet Institute. He's also the Jack N. and
Lillian R. Berkman Visiting Professor for Entrepreneurial Legal Studies at Harvard Law
School where he cofounded Harvard's Berkman Center for the Internet & Society in
1996.
With students, he began Chilling Effects, a website that tracks and archives legal threats
made to Internet content providers. His research interests include battles for control of
digital property and content, cryptography, electronic privacy, the roles of intermediaries
within Internet architecture, and useful and unobtrusive deployment of technology in
education.
So please join me in welcoming Jonathan Zittrain to Microsoft Research.
(Applause.)
>> Jonathan Zittrain: Thank you so much, Kim. Thank you for arranging this whirlwind
visit. And, really, you guys did not have to call out the Blue Angels for me yesterday.
That was really appreciated, though. And the fire boats with the -- it was just lovely. So
I should come out more often.
So I thought I would give you a bit from the book, but if you've read the book, I didn't
want to just tell you what was in the book, and if you haven't read the book, then you
won't know the difference anyway.
So what I was thinking I would do is -- I'm aware that we're in the political season now,
so I've been thinking about what it means to be political and in a polity and in a
democracy. So I thought I would talk a little bit about civic technologies and give you
sort of examples of what I see as civic and noncivic technologies and why we should care
about it and why in the crucible here in Redmond, Washington, where so much software
is born, the decisions that are made here could have a huge impact on just how civic our
society is because how civic our technology is.
Now, when I think of examples of civic technologies, a great starting example would be
the Internet itself. It is a truly unlikely beast. These are three of the Internet's founders.
They were classmates together at the same high school in suburban Los Angeles. And I
guess they just had like a "let's start a network club" instead of a debate club. And you
can see their pictured here for their 25th anniversary retrospective in Newsweek, Jon
Postel and Steve Crocker and Vint Cerf. And they're showing that you can build a
network out of just about anything. It's a little puzzling that the network doesn't work. It
goes from his ear to his ear and his mouth to his mouth, which Vint swears is an inside
joke rather than that the framers of the Internet do not know how to string tin cans
together.
But this is so evocative because this is actually the original chart of the ARPANET that
they reproduced for the photo. And it reflects a huge constraint that they had building it.
The constraint was that they didn't have a whole lot of money. It wasn't like Fred Smith
with FedEx where it was like, okay, we're going to make it so that a package can go from
anywhere to anywhere overnight, and that requires some startup costs to get that going;
rather, it's we're going to come up with some protocols that would say how you might
build a network and there'll be protocols that reflect the fact that nobody has a whole lot
of money, so it will primarily be cobbling together other networks, and it may well
involve piggybacking. So if Utah wants to get online, maybe they just piggyback with
somebody already online.
That ability, a child of constraint is also a child of freedom, because it turns out that they
didn't have to make any money with this. There was no business plan. The purpose
wasn't to make money, which already makes it sound insane. But the purpose was just
kind of to goof around and to experiment with network protocols and maybe to be able to
then exchange files themselves. And that meant, though, that because they didn't need a
business model they didn't have to figure out whom to charge and when, which meant
that you could have Utah piggybacking on top of SRI because it wouldn't matter; you're
not trying to charge people, so who cares whose bits are whose at this level. That made it
very easy to build in this unusual way.
Also, the way that the routing takes place -- I don't know if this analogy is great, but I've
used it before. This is the formal way of describing it: hourglass architecture,
ecumenical about what physical media is used to attach to the network. And up here very
broad because they don't care what application you're going to do on the network. We
don't care. Our only thing we care about, the only thing we care about is here, not
intellectual property, oddly enough, but Internet protocol. And here there's some basic
rules of the road that don't involve -- very quickly, we're still, to some people's chagrin,
using IP version 4, which is getting a little long in the tooth, but it's awfully hard to get
people to change it because it works so damn well. And in the meantime, what happens
up here and down here? We're just going to leave it to the imagination of everybody else
and have faith that they will have something useful to do on this network.
And in the meantime with these routing protocols, here is the more simple analogy: it's
like a big mosh pit. If I wanted to get this laser pointer to the back of the room, the
FedEx way, which is to say the same way, would be to hire somebody to move the laser
pointer and get a receipt and I get a status update and it moves and I pay money and then
it gets to where it's going. And if it doesn't, I know whom to blame.
The Internet way to do it is to say that we are the ones we've been waiting for and I can
just label it for the nice woman in the back of the room, hand it to you and you'll hand it
to him and he'll hand it to him. Why? Because you're just all some nice people. And for
all you know, the laser pointer might be for you. And when you get it, you're like, oh,
not Christmas yet, and you hand it back just because it's a neighborly thing to do.
You could do the U.S. Postal Service this way without a single letter carrier. Just go to
your front mailbox, check your mail. Some of it's for people to the west of you, you walk
that one house to your left; some of it's for people east of you, you walk it one house to
your right; the rest is for you, you take that inside and throw it away. That would work.
And it would eventually get to where it's going probably more quickly than third-class
mail. But that's an insane way to think about moving the mail, and yet that's exactly how
the Internet works.
There were other alternatives to the Net that were more sane, that were more FedEx-like.
This is the lovely CompuServe Information Service probably from the early 1990s. You
log in and here's everything you might want to do, and it's provided by CompuServe.
You click on the different buttons and you'll see different menus, different content. Now,
CompuServe may not be able to do everything, in which case it cuts deals, business
relationships with other content providers, and you pay it money. So it actually has a
sane plan of sustainability. And in competition with AOL and Prodigy and MCI Mail
and the Source, they vie to be attractive enough to have you pay them money. And yet
they're all subsumed, overwhelmed by the Internet, which has no main menu, no CEO, no
business plan, just this kind of faith that people are willing to move the laser pointer to
where it's going and will come up with stuff.
Best effort's routing. That's what they call it, right? Otherwise known as send it and pray
or every packet an adventure. A weird way to have a network compared to this much
more rational model. I mean, it's so weird that the Internet engineers who themselves are
not incorporated -- there's no president, their motto, if they had one, is: we reject kings,
presidents, and voting; we believe in rough consensus and running code -- they say their
mascot, if they had one, would be the bumblebee because the fur to wingspan ratio of the
bee is clearly far too large for the bee to be able to fly. And yet somehow the bee flies.
And as late as 1992, IBM was telling people there's no way you can build a corporate
network using Internet protocol. It's clearly just too crazy. And yet the bee flies.
I'm proud to say that thanks to a large infusion of government money, scientists have
finally figured out how bees fly. It turns out they flap their wins very quickly.
(Laughter.)
So I define a civic technology as one which is often incomplete at the time that the
vendor or maker of the technology makes it available to the public, that solicits the public
to come in and help make it a success by designing uses for it, by actually helping
implement it the way that routing is asking favors of people along the way. And that is a
participatory thing that is unlikely that it would work, but when it works, it works really
well and can outcompete the noncivic technologies that are much more cash and carry:
pay me money, I'll give you a service. Nothing civic about it; it's called business. And it
works.
So as these civic technologies get successful, they require sometimes a form of civic
defense. Because at some point somebody along the path of the laser pointer might just
say like, why am I doing this? Right? They have an existential moment where they're
like, this is ridiculous; pay me a dime or something like that in order to keep it going. If
there's value getting created -- sort of like that scene in Reservoir Dogs where they're all
pointing guns at each other. At some point there's enough reverberating doubt that
somebody wants to reach for the money and start to get it.
And there's an example of this in the Internet space. In February Pakistan asked its
Internet service providers to block YouTube to Pakistanis. This is the kind of request that
we study at the OpenNet Initiative at Harvard, and we chart Internet filtering around the
world. It's routine. It happens from a lot of countries: about 40 worldwide routinely ask
to have different sites blocked by their ISPs.
But the way that one particular Pakistani ISP decided to implement the block is pretty
amazing. They did a parlor trick. The way Internet routing works is not only do you
agree to move the packets from one place to another, but knowing where they're
supposed to go. There is no centralized map of the Internet. All there are are entities
who have limited vision. They can only see basically their immediate vicinity and they
report to those near them: Here's what I can see to my left; here's what I can see to my
right. And the people to the left then say, well, here's what I can see to my left, and like
dominoes outward you have a distributed map called routing tables.
So this Pakistani ISP made a stunning discovery. They said, you know what? We just
looked down and we saw YouTube right here. We're sitting on top of YouTube and we
didn't even know it. We are zero hops away from YouTube, which means if you have
your tired, your poor, your hungry packets yearning to see cats flushing toilets, send them
to me and you'll be happy because we're right on top of YouTube. You get the packets
and then you throw them away. That's how you filter.
So that's what it starts doing. Which meant that it advertised one layer out that it was
right next to YouTube, which meant that every router one layer out started sending
packets to them and advertising a layer out from them, hey, we're only one click from
YouTube, and so on and so on. Within a matter of minutes, YouTube is blocked around
the world. ISPs around the world are sending their data to Pakistan because one router
advertised that it was on top of YouTube. YouTube is one of the most popular Web sites
in the world owned by one of the most powerful companies in the world and there was
nothing individually they could do about it.
So why is it that we're still then able to use YouTube just fine and we don't even really
know about this incident? It kind of has -- this is also, I guess, a topical reference -- a
Batman kind of quality to it. The bat signal goes up, there's trouble in Gotham, and who
comes to the rescue but NANOG, the North American Network Operators Group, a
bunch of people who live in windowless rooms and their idea of fun is to watch the
NANOG list and to participate on it.
Nobody runs NANOG, per se. It's not like they're The League of Extraordinary
Gentlemen or something. It's just people who have nothing better to do but look at
NANOG and often have posts at various ISPs or are parked at one place or another. So
the word goes out, hmm, it looks like YouTube has been hijacked, and then they start
sharing, well, what are you going to do about it, here's how to fix it, here's how to
manually tweak your routers so that you ignore some or all of Pakistan. And within a
little while things go back up again. But it's almost like Santa's elves came to the rescue
here rather than that YouTube had some contract for security that took care of it, or
certainly that any government came in and made it all better.
Now, two questions to think about real quick: one is, what if NANOG got a life and the
people doing NANOG right now decided to go play Frisbee? That could be a problem
the next time something like this comes up. And, secondly, what if about 20 ISPs around
the world decided not to pollute the routing table for one destination but for the top
20,000 destinations on the Net. You would have a kind of digital pandemonium for
which this very ad hoc way of dealing with it might not be up to the task. But at least -this is what I call a civic defense model because it relies on just the goodwill of people
who aren't paid to do it but think that it's a good thing to do to keep things running
smoothly.
Another civic technology with a civic defense model: Wikipedia. Right? If a guy name
Jimbo came up to you in 2001 and was like, I got a great idea: we'll start with seven
articles and then anybody can edit anything at any time, and then we'll have a great
encyclopedia. Huh? Right? That is a crazy idea. That's not even like a bee. Right?
That's a brick. You're like, that's not gonna fly. Right? It's a stupid -- it's a profoundly
stupid idea. So stupid that even Jimbo never had it. Jimbo had the idea for Newpedia,
which was a more standard encyclopedia in which charitable donations, largely from
Jimbo, would pay experts to write articles that would then be given away to the world.
The Wiki was just throne in as an afterthought to allow the articles to be worked through
before they went to the public, and suddenly the Wiki took over the whole project and
Jimbo himself was as surprised as anybody else. And now you have this kind of
Wikipedia with hundreds of thousands of articles including in such languages as Klingon
and Volapuk, which is the new Esperanto. There was a brief scandal because somebody
took the Volapuk Wikipedia and wrote a robot that translated a number of other
Wikipedia articles into Volapuk, vaulting it into the 100,000-plus category of Wikipedii
and the Esperanto people were livid because it just didn't seem fair. But we digress.
The fact is Wikipedia is now so ubiquitous that you can find it on Chinese restaurant
menus. Like that is a seriously ubiquitous phenomenon. I don't know about you, but I
prefer my Wikipedia stir-fried with pimentos. I have a theory on this, but I can share that
later if you want.
But the fact is that when Wikipedia gets attacked, which is one of the first things anybody
actually evaluating the brick of the idea would say, it's like, well, wait, anybody can edit
it at any time, what's to stop anybody from making an article, just say George Bush is a
poopy-head? The answer is, well, nothing. You're like, well, that's why the idea is
stupid. And yet Wikipedia evolves within the Wiki a Wiki for administrators, who are
often just self-proclaimed people who live in windowless rooms and have nothing better
to do but edit Wikipedia all day long. Apologies to any Wikipedia administrators in the
room.
They have the notice board. And the notice board is a Wiki page that you can edit to say
that there's a problem on Wikipedia. This is the bat signal of Wikipedia. And literally it
reminds me of the definition of history that says that history is just one damn thing after
another. It's like, holy cow, right? Wikipedia? The problems are just one damn thing
after another, tendentious editing by user Andy V. Phil; an apparent delete/undelete bug,
user Yoshiko; Anon attacking me for reverting. A long story. I can't wait. Right?
What makes this work? What makes it work is that there are more obsessive-compulsive
people who are good-hearted reloading this page all the time and saying, I'll take number
one, I'll get number two and going through and dealing with the problems than there are
problems coming in the other end. At all times Wikipedia is approximately 45 minutes
away from utter destruction. If the Wikipedia editors here all took a lunch break at the
same time, the robots that are constantly hitting it trying to turn every single page into an
ad for a Rolex watch -- don't think that's not happening right now -- they would be
victorious. They would all go to lunch and they'd come back and find smoking ruins in
the wake.
But yet uncoordinated. It's not even like, well, it's two o'clock, good luck, Bill, not much
going on today. Hope there's no icebergs. There's no changing of the guard. It's just
there are enough of them, enough distributed at enough odd hours of the night that there's
always somebody at the helm keeping an eye on how things are going? Right? This is
insane. But it is a civic technology the way that a neighborhood watch when it works
rather than consists of several signs in the neighborhood that look like they haven't been
changed since 1948, this is the way a neighborhood watch actually works.
And occasionally you see people self-organizing informally, such as one of the gifts of
the show 24 has not only been a more lax attitude towards torture, but the
countervandalism unit has been formed using an anime woman with a mop and there are
people who believe in civility, maturity and responsibility. And, again, nobody appointed
them, of course; they're just there and they ban together and occasionally they might have
a meet up, right? Can you imagine the countervandalism unit meet up? Is it like -would it be at Denny's? Like would they tidy up after themselves? I don't know. But
that's the kind of thing that a generative, breathable civic technology at its best allows so
that it can survive its own success once there's a reason for some bad apples to try to
subvert it.
All right. So with that background, let's talk a little bit about the personal computer. I
bookend the beginning of the PC era as the West Coast Computer Fair in 1977. Images
from that time are blurry, but here's Steve Jobs in his first suit at age 21 introducing the
Apple II personal computer. For the first time in a convenient, single-plastic-molded
case without a soldering gun, you too could take home a box that when you turned it on
and attached it to a monitor would give you a blinking cursor. And you could be like 10,
print high, 20, go to 10, and be like, that's pretty cool. I don't know if you remember the
moment that you first did that. Or if you don't remember the moment and it's because
you never did it, somebody else did it and wrote other great software and then gave it or
sold it to you, and you were like, great, now I can use the Apple II as well. This thing
was intended as a hobbyist device, which is why it's at the West Coat Computer Fair
described as 10,000 walking, talking computer freaks. These are the people who would
rather build their own clock rather than buy one. It's like Heathkit types. Right? And we
know who we are, right? Then there's a small minority that are like I don't go to
Heathkit, I go to RadioShack and get the resistors myself.
But within two years this technology, civic in the sense that it is incomplete, just a
blinking cursor when it comes out, solicits outside contribution without any attempt to
really moderate the contribution or run interference on it. Within two years Dan Bricklin
and Bob Frankston invent VisiCalc, the first digital spreadsheet ever. And businesses
around the world are like, where have you been all our lives? And they're desperate for
VisiCalc, which means Apple II's start flying off the shelves, and Apple has no idea why.
They have to commission market research to figure out why their box has become so
popular. That's the kind of surprises that a civic generative technology welcoming
contribution from all corners can give even the vendor of the technology. And it turns
out the PC is ill-named. It's always great for work and for office and can even lead to the
ideal of a computer on every desk, in every home, and in every office.
And when I look at some of Jobs' contemporaries, here of course Bill Gates from his
traffic stop in Albuquerque, New Mexico, just around the time of the West Coat
Computer Fair. What I see in this picture first is somebody who's grinning from ear to
ear. I don't know that's because he thinks he'll buy and sell us all some day; I think it's
just because it's kind of funny: I got arrested for speeding. That's -- it's kind of funny.
This is a mischievous guy. And his sense of fashion has not changed significantly in 30
years. I'm allowed to say that, right?
But what I mean by this is these are happy-go-lucky, goofball, asocial, brilliant, poorly
dressed nerds. And they are the dark energy that powers these generative technologies,
these civic technologies and that believes in them even though you can't easily predict
that Internet routing is going to make sense, that Wikipedia is going to make sense, that a
PC that gives you a blinking cursor is going to have a market beyond the people who use
Heathkits. That's the kind of energy it is.
Dark energy in physics is the fact that the universe keeps expanding at every particular
point, it's just going outward. And I actually once talked to a cosmologist who said they
named it dark energy because that way they'd get funded by the Department of Energy;
that it's actually not energy at all, but like DOE now funds them because of the label,
which is great branding for this thing that they otherwise have no idea what it is. And
here it's a similar kind of difficult to capture in a bottle, but once you've got it, you start
seeing the kinds of advances that otherwise wouldn't shake out of the standard
competitive firm environment. And this box, which dates from, I don't know, 1995 or so,
how would we date it?
>>: Carbon data.
>> Jonathan Zittrain: Yeah, carbon data. That's somebody who works in materials. I
might instead look at the 66 light as was suggested here, which show the -- right? That
was the time of the turbo button if you wanted Prince of Persia to run faster kind of thing.
It would mean the hamsters inside would run on their wheels that much more madly.
They've actually just invented a hamster-powered paper shredder. The hamster runs on
the wheel and it shreds the paper here, and then the hamster can live in the paper after it
shreds it, which just shows you that reuse is a viable alternative to recycling. And this
was a the obligatory green message from the state of Washington.
So that machine which dates from '77 or '95 or 2007 has not changed significantly, and
the fundamental quality is you hand it code, it runs the code. No questions asked. And
part of the claim of the book is that for too long the free software versus proprietary
software wars obscured this point.
One of the central claims of the book is that for my purposes Windows is a
consummately civic and generative operating system, and I am indifferent to the fact that
the actual code of the OS is a black box, because you can build on top of it anything you
want, and there's no gatekeeping going on once I buy my Windows machine as to what
will run and what won't. And that completely, for these purposes, moots the free
software debate.
Now, it didn't have to be this way. Just like the Internet wasn't the only way to build a
network. This is a stupid, a silly, a weird way to think of building the kinds of
technologies that go beyond the geek and that go on people's desks.
What are the technologies that are supposed to be on people's desks? Things like this.
The Brother SmartWord processor from 1985. Right? We take everything you'd ever
want to do with something that looks like this and we put it on a main menu for you and
we look to the PC and say, great, that spreadsheet thing, that's pretty cool, we'll make that
number two. We can incorporate from the nerds and we can give you word processing
and all other sorts of stuff. But we give you a sensible, stable experience. This is the
information appliance that for years people thought was going to be the future of
consumer information technology.
And yet just the way that CompuServe with its same style of main menu got subsumed by
the Internet, we see this get subsumed by the PC. And you end up now today in all sorts
of environments, including very serious ones. Like a battleship, running not battleship
software -- by that I don't mean the game, I mean like a real battleship software -- instead
it's running stuff for which there's tons of code running side by side. And, again, I don't
care what platform we're talking about here. Any generative platform is going to have
this characteristic. And we have no idea what this stuff does. And for a while, who
cares? Just like it's not like we need a security model for Internet routing. At least until
Pakistan got clever, we didn't. Just like we didn't need a huge countervandalism unit for
Wikipedia until Wikipedia got that popular. Well, guess what, the PC has gotten very
popular. And now it turns out there's all sorts of reasons for one of these pieces of code
running on the machine to do stuff that is bad for the user.
Now, it's true that if any one of them had something that said delete the hard drive, that
would be bad. That hasn't been seen in a while. We haven't seen something diabolically
crude, like go into spreadsheets and reverse some of the numbers that you see and then go
back to sleep. Can you imagine doing payroll several weeks later and nothing adds up
and you have no idea why and your backups are looking the same way and now you can't
trust any spreadsheets because you don't know what the virus has touched and what it
hasn't? Haven't seen that happen yet either.
Although, there's nothing in particular standing in the way of somebody who sneaks
some code onto your machine -- either through the front door, because you think it's
going to do one thing but does another, or the back door through a vulnerability of some
kind -- from doing it. Instead we see things like the unholy alliance, which is only a
couple years old, between spammers and virus makers.
Remember the first time you heard about a virus that once it infects the machine, sets up
the machine as a mail server and starts sending spam from your machine? You're like
that's pretty clever. But evil. But clever. And then you see stuff like this that's like truly
a discarded script from 24 from the usually staid network world of last year. Strom worm
is fighting back against the researchers. It retaliates against them by launching denial of
service attacks, shutting down their access for days. As you try to investigate, it knows
and it punishes. They're afraid. I've never seen this before.
It's like, come on, how cliched is that? But wait a minute, this is real? Like, you're
telling me this is real? What is our defense against this? Our defense against this is for
users to get smarter, which is a strange basket in which to put eggs. I can't help but share
with you Microsoft's first immutable law of security. Apologies if you're the person in
the room that wrote this law. There's a nice analogy between running a program and
eating a sandwich. If a stranger walked up to you and handed you a sandwich, would you
eat it? I agree. Probably not. How about if your best friend gave you a sandwich. I
guess maybe I would, maybe I wouldn't. I would first say, Did you make it or did you
find this lying in the street? And that would be material to my decision. So here's the
critical thing. Just apply the same critical thought to a program that you would to a
sandwich and you'll usually be safe.
So, all right, I should take the millions years of Darwinian Evolution whose sole purpose
is to help me sniff something and know if I should ingest it and apply that to software.
Lift the lid of the software, take a tentative smell, and if that software doesn't smell right
or if it was found lying on the street, don't run that software.
Now, again, apologies to the fellow who -- or gal who wrote this. You know what they're
trying to get at, but this does have the feeling of a Band-Aid over a huge
wound-staunching-blood kind of thing. Here's a more simple version, just to tweak my
own institution. At Harvard Law School: Dear HLS faculty and staff, lately there's been
an insurgence of fraudulent e-mails at the law school. And you have to realize, they're
somebody from a different planet. This is a world in which, that's right, if you open the
wrong e-mail, you lose. You open an e-mail, that's it. Imagine if your television set were
such that it starts going crazy and you call Sony the next day; they're like, Were you
watching Channel 6 last night? Like, Yes. Like, Well, that's your problem. You should
never have been watching Channel 6. There was a virus on that channel and now your
TV is fried. Like that's what can happen with these e-mails. So there's a huge pile of
advice about what you should do to avoid getting infected. My favorite element of which
is be weary of e-mails that have misspellings, poor grammar or odd characters because
they're a red flag for fraud. I wrote back to the IT department. I was like, I think I got
one. They got me a one-way ticket to Oxford.
Or how about this: I was once at a conference at Fordham and bored to tears. And I saw
there was wi-fi so I connect to the access point. And it says please give me your
Fordham ID and password. I turn to the student next to me and, hey, would you mind, a
little social engineering. He puts in his name, his password, says, okay, you're a Fordham
student, but you are not running the Smart Enforcer. We won't let you on the network
because we care about security. You must run the Smart Enforcer before you get any
bits. All right. Fine. I'm desperate. I download the Smart Enforcer, and here's the
wizard as I follow it through: Start here, now Smart Enforcer gets a little crazy and it
says "install the Symantec Client Security System." Right? I don't know what this is.
I've heard of Symantec. I'm not sure I like what I know, but I'm desperate. So I'm going
to install it. And, by the way, you have 55 minutes left. So all right. It's like a 24
scenario: I download Symantec, I get it installed. Fine, fine, fine. It's in. I see my
carefully structured registry getting completely melted down. And then it says no, no, no,
you didn't update your definitions and you have 8 minutes left. Update. All right. I
update all my definitions. Finally Symantec has taken complete control of my machine.
What's the first thing Symantec tells me? It says Smart Enforcer is trying to access the
Internet. You really ought to block it.
And it just shows that the kind of belt-and-suspenders approach to security ends up with a
very Keystone Cops kinds of attitude that these are noncivic responses to the problems
that arise with a civic technology. And that failure to mesh the solution to the problem
means it's not going to be very effective.
One of the most contestable, and therefore interesting to me, claims of the book is that if
we don't come up with a civic defense architecture for the PC, we're going to say
good-bye to it. We will see the end of the PC as we know it. And we see it more and
more in corporate environments, in libraries, in schools, in cyber cafes. You can't just
add new software to the PC anymore. It's been reconfigured so that you need permission
from the local administrator to add any new code. Sometimes you do that to yourself
because you know you can't be trusted. So like Ulysses tied to the mast, you're like
Jessica Simpson screen saver. I really want it. And thank God you can't because it
comes with a bunch of spyware. At that point you're like, well, spyware, Jessica Simpson
screen saver; I want the screen saver actually.
And this is creating the demise of the PC, not just as it gets locked down, but as we see a
movement away from the last great shared hallucination Internet application: e-mail. If
you ask the kids today how they're sending messages to each other, they're not using
e-mail. They're using Facebook messaging, they're using instant messaging, and it ain't
IRC; it's stuff for which there is an intermediary who just keeps everything going
smoothly. And if somebody starts spamming, they get kicked off. There's nobody to
kick anybody off of e-mail if it doesn't work because it's just a shared hallucination
application. It's like a coyote running off the cliff that runs really far, and at some point
he looks down, he's like, this should not be working. And guess what? It's not working.
It's over.
So we see a movement away from these civic technologies and towards a new round of
gated communities. In the case of the network, it may be like Facebook Messaging or
instant messaging. In the case of the hardware, it's moving towards things like the TiVo
or the Sky Plus. TiVo has Linux inside screaming to get out. But it's not generative,
even though it's free software inside because you can only control it with a remote unless
you're willing to pull out a soldering gun.
The same is true of the BlackBerry, of many mobile phones. What an interesting space to
be looking at these days. But until recently this is the kind of thing you would see when
you would open up your Cingular mobile phone. And guess what? It looks just like the
main menu of the Brother SmartWord processer. It's exactly the same business model
and technological configuration. It's true of the Kindell (phonetic), of the iPod pictured
here in it's native Naugahyde pink coating. And it's true of this glorious, seductive
device: the iPhone.
Now, I look at the iPhone and I see the CompuServe main menu circa 1995. It's like wait
a minute, I've been here before. And Steve Jobs is like, that's right, except now there's a
clown fish. But we define everything on the phone, and that's what you want because the
last thing you want is this crazy civic environment where anybody can come on your
front lawn and pee on it, or worse, and you don't get to make a call anymore. That's why
we're going to make this more like an information appliance.
Now, you may respond to that: But wait a minute, Steve Jobs opened up the iPhone. He
got religion and now it turns out there can be a software development kit for the iPhone;
let the dark energy be attracted to making new apps. This is not a real Newsweek cover,
just for -- it's a very slow week, if so.
But there are many, many exceptions to the way the iPhone store works. So, for one
thing, yes, we're celebrating now that it's the apps that are really cool, but it turns out the
environment is one in which to get an app from me, a developer, to you, an iPhone
holder, I can't just give it to you? I can't give you a floppy disk, a USB key? I can't
nuzzle the two phones together and move the app? No. The app must go through the
iPhone app store run by Apple. And if I want to charge for the app, Apple takes a cut.
Wow, why didn't Microsoft think of that in 1990? Because people have been like, how
dare you? Like, no, you don't take a cut of every app that comes through the door.
And if he doesn't like the app for some reason, it's not going to show up in the store.
What limitations? Illegal, malicious, privacy, porn, bandwidth hog, and my favorite:
unforeseen. Can't having anything unforeseen happening on the iPhone. And that's why
as you start to do this bottleneck you see a bunch of developers waiting up to six months
to be able to be approved to code for the iPhone. And you start to see things like just last
week this device, which let's you take your iPhone and connect it to your computer so
that you can now surf the Net using your iPhone's Wide-Area Network connection. This
suddenly disappears from the iPhone store and the makers of the app are like, huh. Like
we don't know why. But we know that maybe sometimes people aren't supposed to do
this. That's not part of the business model of the iPhone. So maybe that's why they killed
it.
Or just this morning you see this application which allows you to look at nearby movies
and their ratings. The box office app: Gone. Out of the store. We're not sure why. The
developer is like, well, we haven't heard from Apple, we've e-mailed them. They're just
waiting to see. Because (inaudible) speculates that maybe there's something under the
surface, an undiscovered security flaw, maybe.
Now, again, just think back. Could you imagine if Microsoft was like, We're sorry to
announce -- or maybe we won't announce it; you'll just discover it -- that Netscape will
no longer operate on our machines. There might be an undiscovered security flaw. I
mean, never in a million years would in the public eye the famously proprietary
Microsoft have done that. And yet here you see Apple doing it, and there's like -- I don't
know. You'll have to help me when we hit question and answer. Tell me what you think
the difference is between this emerging platform and the one we've had. It used to be the
Apple platform before Apple dropped computer from its name since 1977.
Now, it's not just our client-side apps, like at the iPhone, that are experiencing this shift to
a vender-mediated, ongoing intervention the way the technology works. Cool stuff that is
also attracting nerds, like the Facebook Platform, has all sorts of requirements and
limitations in the fine print that say, We reserve the right to kill your code running on
Facebook for any reason. So you develop some app, it goes great on Facebook, and then
Facebook can just shut it down. Or we reserve the right at a later date to start charging
for that app to continue to survive.
And, again, I hate to keep making the analogy, but it's so effective to my mind. Bill
Gates comes up to Intuit one Wednesday morning, is like, You guys have had a great run.
Quicken is really popular on these Windows machines. So, anyway, I'd like a million
dollars, and if I can have it by Friday, that would work for me. It's totally up to you. You
can give me the check or we can kill Intuit. Just let me know your decision.
That wouldn't fly. And it's exactly what Facebook and Google reserve the right to do on
their new Web 2.0 software as service platforms. And now what you see is Facebook
saying, amid complaints that, surprise, surprise, some apps on Facebook are crappy, it's
like who would have thought there'd be gambling going on in this establishment? Right?
Reminded of Theodore Sturgeon, the science fiction author, who was approached kind of
provocatively at a convention by somebody who said, you know, 90 percent of science
fiction is crap. He was like, 90 percent of everything is crap. It's like, you know, that's
kind of true. That's now known as Sturgeon's law.
So, right, Facebook is going to have the new great apps program. Those applications will
get higher visibility on the surface, be able to work more closely with Facebook. They
want to evolve to a place where the right companies get funded. They launch more
ambitious features. It's also (inaudible) another level of certification called the Facebook
Verification Program for applications that are trustworthy and they'll get added visibility
and a graphical badge.
So now you see more refined means of control. It's not just are you on the bus or off the
bus, but where on the bus are you sitting kind of thing that is a very different landscape
than the free-for-all that we have come to know.
All right. Let me race through a couple thoughts about noncivic technologies and then
what to do about it and then we'll break.
I've been talking about the benefits of civic technologies and some of the worries of the
ways those technologies are getting closed off or becoming contingent. But to really nail
it, let's look at a couple of examples of technologies that aren't civic to begin with and see
the ways in which in a new networked world they're being used.
And my anchor analogy for this is the simple toaster. We all know what a toaster is and
what it does. It's the consummate product. Okay. So imagine the Web 2.0 toaster. And
I still mean a physical box. You come down for breakfast one morning and there's a sign
on it that says: Congratulations. You've just received the summer update. You now
have a third slot. You look at it, like, wow, there's a third slot in the toaster, pretty cool,
nice update. Then later in the afternoon you come back and you see it's back to 2 and
there's a note on it that says: There was a bug in the summer update, we've reverted, we
apologize for any toast that was crushed in the reversion procedure. Like, okay.
Then the next week you come down and it's making orange juice. Now, at this point you
can't answer the question "what did I buy." What you bought was no longer a toaster.
You bought an ongoing relationship with a breakfast-oriented service provider. And
they're going to try to satisfy you as much as possible because they're competing with
other breakfast service providers: Where does your breakfast service come from? Are
you an Amana man? Oh, those are terrible.
And yet you feel much more not anchored with the stuff in your house because it's not
your stuff anymore; it's just part of a relationship with the stuff providers.
Now, two concrete, really quick cases in point. Case number one: This is an EchoStar
DVR. It's a DISH system, but they added digital video recorder functionality to it.
Great. TiVo sees this done by EchoStar and they sue for patent infringement. They sue
in Texas where plaintiffs always win, so TiVo wins. They get a judgment against
EchoStar for $70 million. Fine. That can be paid. But then TiVo under seal in briefs
asks for and gets more. They get an order from the judge telling EchoStar within 30 days
to fry all but a handful of the DVRs out there through a remote update. Congratulations.
You've got the summer litigation update. You now have an Echo brick.
And that was not possible before things were tethered to their vendors in an ongoing way
made possible by ubiquitous network connectivity. And if you can fry the thing through
a single court order around the world, you could also do something where the Simpsons is
accused of copyright infringement or defamation late in one of the shows. Fine. Let the
order go out to excise from all copies of the Simpsons reposing on DVRs the offending
two minutes, and then you'll just notice it's 20 minutes instead of 22 this week.
Example No. 2: The OnStar system. Some of you may have this. It provides
turn-by-turn directions for some General Motors cars. And it has a little button here
where if you run into trouble you press the button, you say, I've fallen and I can't get up,
help, help. This goes into this microphone and then over the speakers in the ceiling a
woman's voice comes out. This is the actual woman who says, Don't worry, help is on
the way. Great feature.
The FBI realizes that this feature exists in cars like OnStar, and they order an OnStar-like
company to reprogram a single vehicle containing people of interest to the FBI with an
update that simply turns on the microphone at all times. The company does this and then
files suit anonymously, so their customers won't realize, leading to the case: The
Company versus the United States of America. Amazing title for a case. It's reminiscent
of some of the old (inaudible) cases, like United States versus Six Reels of 8-Millimeter
Film. It's like I wonder who's going to win that case, right? Let's just say if the U.S. can't
beat six reels of 8-millimeter film, you have no business being in a war overseas.
So the company loses in the district court in an opinion under seal. An appeal is taken,
and then the Ninth Circuit finds for the company on the thinnest of reeds. They say that
the way the FBI asked for this to be implemented at all times, including if the help button
is pressed it goes to the FBI, so if the bad guys actually fall and can't get up and ask for
help, it goes to the FBI, who presumably won't come.
If you can make the system so that at all times it goes to the FBI but when they ask for
help it conferences in the lady with the headset, no problemo, right? That's weird.
That's -- I can think of cases where I might like to have that, but I think of a lot of cases
where it's like, whoa, maybe I credit that the United States government would never
abuse this kind of power and completely just -- I see for the fraud that it is the report by
the current Department of Justice Inspector General finding 30,000 lapses in the use of
national security letters.
But in China these things are rolling off the assembly line with these features and, boom,
you're handing to the state a means of surveillance through consumer choice that it had
never before had. Same, of course, with mobile phones, the ability to reprogram them at
a distance and simply turn on the mike as an ambient noise catcher to see what's going
on.
The World Economic Forum last January, the head of China Mobile, the largest mobile
provider in China, was on a panel about mobile advertising -- mobile advertising, colon,
the next great bubble. And he was saying how cool it was that he can count the number
of people attending a sporting event by just counting the number of mobile phone signals.
In fact, he can know who attended the event. There's like silence in the room. And a guy
asked a question, he's like, Isn't there a privacy problem with this? The guy was like, No,
we take privacy very seriously. We only give this information to the government. The
people were like, oh, okay.
So there was a time when law enforcement itself was a civic activity. There weren't
enough sheriffs. I'm talking United States mid-19th Century. And what was one of the
most controversial laws? The compromise, a political accommodation reached among
the elites by which the North would return slaves to the South if they escaped. How do
you do it? You have to raise a posse. How do you raise the posse? You invoke the
Posse Comitatus law, and as the sheriff you can get able-bodied men to come and help
you enforce the law of some kind. Well, guess what happened? The sheriff sends out the
call and suddenly able-bodied men are realizing they just have to shampoo their cat right
then and there and they're not available; "call me for tomorrow's posse, I'll give you a rain
check" kind of thing.
To enforce the law in a huge, substantial, broad-based way requires the cooperation of the
public in all sorts of ways, including massive surveillance regimes. Somebody has to
drill the hole in the wall, somebody has to wait outside, the landlord has to let you into
the apartment, et cetera, et cetera. And if any link in that chain objects, you start running
into friction.
The noncivic technologies that are tethered to their vendor that can effect huge change by
one feature update across a swath of users, these don't require any cooperation and mean
that the natural check that comes when people basically have to be down with the law in
order for it to be effectively enforced, that check evaporates. And it was never
permanently enshrined in the law, formally enshrined there, except through things like
Posse Comitatus, which only worked if people agreed to join the posse. Without that
there, you run into all sorts of trouble.
In North Korea, the radios are tunable by law to one of only three stations. The radios
physically can only be tuned to like the Kim Jong-il Party Hour, the Kim Il Sung
Reflection Hour, and like Rhythm and Blues and that's it. And they have an idea in South
Korea to take solar-powered radios that can go to any station and float them across the
demilitarized zone so that people can actually have technology that offers them more
flexibility.
Somewhere between that clear extreme, on the one hand, and the utter openness of the
1977 Apple II or the 1990 Windows 3.1, somewhere in between we're going to reach this
hybrid environment. And I am worried that we'll get the worst of both worlds rather than
the best.
In the absence of finding ways to engage people in solving problems together, knowing
that there are still bad apples among us, we just have to get more and more into
technological tools implemented in a top-down way. This in Britain: Because of the
ongoing abuse of carpool lanes, they now have roadside cameras to detect blood because
people were putting dummies in the car next to them as they were driving to fool the
cameras. So I'm waiting for the first pig carcass to be found in a car in the passenger's
seat -- no, really, we're both going to the vet kind of thing -- in order to get the carpool
lane.
Now, I have some ideas about what to do about this, how to try to thread a middle course
between what is too much openness for a mainstream technology now -- we can't just go
back to 1977 -- and yet avoiding the kind of control that I see in the models that the
market is now producing.
But I think I should stop right now and see if there are questions, comments, reactions,
and maybe I'll work in some of the solutions slides as we go. Thank you very much.
(Applause.)
>>: (Inaudible) e-mail in 1982, we had to give the full path to get to our recipients
(inaudible).
>> Jonathan Zittrain: Do you mean that you (inaudible) is that what you're talking about?
>>: Yeah, SDC, RDC (inaudible).
>> Jonathan Zittrain: Those were the days, huh. Okay. You might be talking about
X400, which was an ITU standard. Yeah. Things got better. I agree with that.
>>: (Inaudible.)
>> Jonathan Zittrain: Yes. Yeah. Yeah. Those were the days.
The at sign, though, is incredibly powerful, because it means you can unify a ton of
disparate name spaces and still have a consistent format for it. Remember that
CompuServe and AOL were the e-mail address without the at sign because they were the
whole world. And the way to migrate them online was just to give them an "at," say,
okay, they're all at cis.com or compuserve.com or aol.com. And I'm waiting for a move.
To me it would be a huge strategic move by Facebook to realize you should be a
Facebook identity at somewhere and all current Facebook identities are simply at
facebook.com. And maybe you'll just choose to interact with others only in the
facebook.com universe, but then let Microsoft set up its own Facebook server, and I
might trust Microsoft as an institution so now I can find people at microsoft.com and that
data is hosted there. You can start to go distribute it and get more generative with what
features each Facebook server allows. It's a big change for Facebook. They're not down
with this yet.
>>: They need to move to this hybrid model.
>> Jonathan Zittrain: Yes.
>>: It depends on the hypothesis that the civic model that we have today will come
crashing down.
>> Jonathan Zittrain: Yes.
>>: And you've shown some ways where which it might come crashing down, but I
haven't seen a lot of evidence that conclusively it will and that we really need to do
something different.
>> Jonathan Zittrain: Yeah. I think that these phases kind of have two pieces to them.
The first is too early to tell; the second is too late to do anything about it.
Chapter 3 of the book is my best effort to lay out the evidence as best I know it. And so
I'd be interested, if you have a chance to read Chapter 3, by the end of it are you feeling
nervous, are you like, well, you know, it's all still speculative, when I get that first worm
that transposes the things in the spreadsheet, you know, that will do it.
What finally convinced me was that I talked to some serious nerds. And for a while was
not trying to lead them down the path, I was just genuinely wondering are we really just
walking off this cliff with nothing under it? There's got to be something I'm missing
here. And I would say to them, Imagine a 24 situation where your life depends on
bringing down 40 percent of the machines on the Net, the PCs on the Net within a week.
If you don't do it, you'll die. Tell me if you'll be dead at the end of the week. And most
of them think -- they actually think it over -- Ed Felten of Princeton said, Can I have two
weeks? It's like, okay, you can have two weeks. He's like, great, done.
And then you start to ask, well, why hasn't it happened? And it's the same kind of
question that makes me compare the kinds of security you have at a bank versus at a
7Eleven versus an airport versus a train station. How many attacks would there have to
be in train stations before we turn them into airports with trains? Probably three: The
first one we write off; the second one, hmm; the third one it's a trend and now we have to
completely rethink security for trains. And guess what? Then they move to Greyhound.
Or then they do movie theaters.
And you ask some of the Homeland Security people why haven't we seen the really
low-tech, low-price -- I mean, remember the Washington sniper? Right? For like about
six weeks the entire D.C. metro area you wouldn't go out and fill your car with gas. And
that was just one guy and a little kid. I mean, so then you're like, well, why haven't the
bad guys come up with that? The answer is not because our border security is so tight
and because our containers are so well inspected.
So I'm nervous that without plans to figure out how to deal with that when the third strike
arrives the response will be disproportionate and will be noncivic. Because the last
people you can trust are the people. I mean, that's been amply made clear these last three
incidents. So that's why I'm wanting to try to deal with it sooner rather than later.
Other questions? Yes.
>>: So I'm wondering how this whole research started, like when did you start becoming
aware of this potential danger?
>> Jonathan Zittrain: The question was when did this research start, when did I become
aware of this potential danger. Some of this goes back at least ten years. And I cut my
own teeth here at Microsoft as a program manager intern the summer of 1990. I was
T-Jon-Z and working on Excel 3.0, including the shrink-to-fit feature. Scoped that out.
It was some very tricky stuff on the Apple side of things because the print setup box -well, don't get me started.
And also in competing with Lotus 1-2-3, it turns out that market research -- because
Lotus 1-2-3 had 85 percent market share then -- Excel was the underdog -- it showed that
these stupid accountants who used it, they were stuck with the stupid slash command:
slash FS to save a file. And even though it was so clear that Excel's scheme was better,
like we couldn't get them out of it. And Quattro had just come up with a -- they ripped
off the whole scheme and put it into Quattro and got sued for copyright infringement
that -- another story.
So part of my job as one approach to this problem was to come up with synonyms,
because the copyright was not over the letters but over the words, like "file save."
Synonyms for each menu tree that would conveniently lead to the same menu tree but
with different words. So like "folder stash" instead of "file save." And just try doing that
with "data consolidate pivot table" and you're just like Webster's is no help.
So, anyway, I've been thinking about the stuff for a while, and (inaudible) on
CompuServe for years. I loved CompuServe. But I also was aware of the ways in which
there was an uneasy relationship between the generative islands within CompuServe, like
the forums where people could just kind of talk to each directly without mediation or
with mediation of an independent contract or sys op and (inaudible) company.
And we see that today -- we were just talking about this earlier -- in enterprises like Yelp
and TripAdvisor and Citysearch, where they don't really like the corporate overseer, but
they're having fun and they're generating all this content and why not.
So I've long been interested in what we'd call the civic areas made possible by networked
technology. And that's why the solutions part of the book, basically the last part of the
book, tries to see how we could design new technologies -- and by "we" I mean pretty
much anybody who feels like he or she wants to step up to the plate, just like nobody
needed a license to make Wikipedia, just somebody did it -- technologies that allow
people who want to be helpful to try to be helpful, to set up the equivalent of a NANOG
or a countervandalism unit for PCs, some of which might require a lot of skill. You've
got to be a pretty good PC hacker to be helpful. If NANOG had clueless people on it, I'm
glad they want to help, but they can't help.
But there are other ways in which even clueless people can help. So we think of, for
example, software you could download to each machine, each participating machine, that
radiates its vital signs back to other participating machines and how happy it is basically,
how many restarts, how many pop-up ads, all that kind of stuff, and what processes are
running on the machine. And then eventually I could start asking questions of the herd,
like I've got this new piece of software I'm about to run: is it recent or has it been around
the herd for years? On average does the herd get less happy or more happy when it runs
this code? And you get all sorts of problems, like it turns out when TurboTax is put on a
machine, the users get much less happy. It's like, well, that could be for other reasons
than that TurboTax isn't good.
But that's a great research area. And it's one particularly suited to university or university
and .com partnership, because it's more than just one app, more than just one OS even.
And it's about a collective effort to know what's going on.
>>: Assuming that people don't like this Big Brother control over their technology, why
doesn't the market make it in case people move away from those things that are like that?
Or do people actually want all this safety ->> Jonathan Zittrain: Yeah. This is a great question. The question basically is so if
you're scared by the security stuff or by the privacy stuff, why isn't the market taking care
of this? And that's a really neat question. That it's one you could ask about Internet
searching, where people will tell a survey that they're concerned about how long their
cookies are set by search engines, and then they keep using the same search engines.
I propose in the book a lot of things that might be described as market interventions. This
project I was just talking about where you would download software to your machine, in
a way it's just me being a market participant writing software, admittedly with no
business model, because we're not trying to make money, but the Internet didn't have one
either, nor does Wikipedia, that ask people to participate to make a better Net. In that
sense I'm not calling for the government to come in and fix this market failure sort of
thing.
But I think at the moment the reason why The Company in The Company versus the
United States wanted to be anonymous was because of the market implications if it
became widely known.
Actually what I hadn't said yet was that I just recently successfully petitioned to have the
hearing unsealed, so I know the company. And I've been trying to mull over -- it's now a
public record; I got the name of the company -- should I blog it, should I say here's the
company, this is what they did. It's the kind of thing -- I kind of know how the media
works sometimes. If it's a slow new week, it could be one click down in CNN.com in
technology news, and that company would have a huge problem on its hands.
Should I do that? Let me ask the people. I would sell more books.
>>: Why wouldn't you do it?
>>: (Inaudible) you should do it here.
>> Jonathan Zittrain: No. I have signed an agreement that says I will not divulge any
nonpublic information in this room.
>>: It's public information, you said.
>> Jonathan Zittrain: But it's not known to the public. Hmm.
>>: (Inaudible.) Let's stay on the subject.
>> Jonathan Zittrain: But the question back was why not do it? And I guess one answer
is -- and this is really why I haven't done it yet. I probably will ultimately do it. But, one,
I'd feel bad for the company. They were actually trying to -- within the limits of their
own balance sheet trying to do the right thing. They didn't have to sue. Most companies
don't. In fact, what makes me able to discover them is because they sued. How many
other companies have done it and not sued. But already that subtlety is so difficult to get
across to the AP reporter. They're going to take a bath in a way because they tried to do
the right thing. So that makes me a little hesitant to out them, and even as I might
carefully try to do it, I know what the headline is going to say, and that's that.
But in other ways I am very much trying to out some of the fine print of these contracts,
trying to get the developers to care because for some of these contracts, if Facebook were
told by their developers, community, like we're not going to code for Facebook if you
reserve the right to charge us a fee of any kind at any moment, like screw that, at that
point Facebook might be like, well, we were just putting that in to cover ourselves in case
we wanted to go that way. They're not materially committed to it yet. And with enough
pressure from the community, they might well recede.
And you could try this similar thing with privacy protections or even architectural
interventions that could make it -- right? What would you do -- what would you want for
the inside of that car? Maybe you would want something that is part of the
nonchangeable firmware that when that microphone is powered there is an LED attached
to it that when current is running through the microphone the LED is on. And then you
say to the FBI, gee, we'd love to, but we want you to know there'll be a red light on when
you're listening to everything.
You could do that if you wanted and the public could demand it, and then you get back to
uh-oh, how many people -- how many kidnapped kids won't be found because the red
light goes on. And now we're really into the debate. Chapter 5 is my best shot at
basically arguing for the red light.
>>: How much is the interest or the topic of civic involvement (inaudible), is that a
Western notion and as we think in a global -- I'm wondering how many of your ideas and
solutions have very much the Western lens on it.
>> Jonathan Zittrain: Yeah.
>>: And it's certainly -- you think about China, you think about Korea, you think about
India and people that weren't necessarily raised in a democratic world in this together
environment, how the views might be different.
>> Jonathan Zittrain: That is a great question. On the empirical questions of to what
extent are the sorts of values that make me able to use shorthand, like that's weird. Or
that's unsettling. Everybody's like, yeah, that's unsettling. Good question.
In Europe I usually get people when I talk about things like this to be as unsettled, but
that's still the West. I haven't spoken as much about this book in other countries. And I
would be genuinely curious to know I am open to the possible that a lot of this reflects
certain values that happen to be -- I mean, even the British and the Europeans think of the
Americans as like these First Amendment nuts. It's like they, you know, oh, no, how dare
you filter out pornography or whatever it is, gambling, the hot-button stuff. Hate speech
is actually what it is for the Europeans. Like the idea that we would constitutionally
protect hate speech seems bizarre to them.
But, of course, the question behind your question is to the extent that it is culturally
contingent, is it the wrong thing to do if you are in the position to be generating software
for the entire world to use to make the software such that reflects those values.
Another great question. I'm not sure I have a quick answer to that, but I wouldn't say the
answer is an instant, oh, that would be a form of undesirable cultural imperialism.
One of the best features of the Net is the way in which it -- unadulterated, because there's
lots of caveats with filtering and such as it gets deployed -- but the way in which it really
does open the doors of modernity in places that wanted to have them shut. And I guess
it's okay for me to decide that I support that. And it's being brought by consumer choice
rather than at the barrel of a gun, "here, you must use the Internet," kind of thing. But it's
a great question.
When I look at the uptake in places, another civic technology we're developing is to track
Internet filtering around the world. And the way we do it right now is a very noncivic
centralized way at the OpenNet Initiative. We get money from foundations that want to
see good things happen, so like MacArthur gives us several million dollars, we take
months, sometimes years, we send people to different countries and have them access the
Internet there, push a button, ask for a ton of Web sites and get out before they get
arrested. And that's a dicey model.
It also has methodological limits, because we have to know ahead of time what sites to
ask for, which means we need all sorts of regional experts to tell us what the Chinese kids
are all wanting to look at these days. Instead we are developing and should have
deployed by the fall a toolbar that you can load into -- we've written a Firefox version and
an IE version. You can load it into either browser. And with it when you can't get there
from here, you click a button in the lower right corner that say just says "I can't get there
from here, what's going on. " And the act of asking that question aggregated across
everybody asking the question or not helps to provide the answer, because we see that a
bunch of people in China are asking why they can't get to BBC and nobody in America is
and now we can start making inferences. And, in fact, what the toolbar will do is as
you're is surfing -- if you install it here in America, as you surf, there'll be either a green,
a yellow or a red light. Green means nobody is particularly reporting this as blocked;
yellow means somebody around the world says it blocked in a substantial number, but
not near you; red means people near you are saying they can't get there, can you take a
look. The corresponding Web site: amiblockedornot.com. And instead of playing
Solitaire or editing a Wikipedia article, why not spend your idle time going to
amiblockedornot and hitting reload to see one Web site after another that's been reported
as blocked by somebody else, having a frame below that tries to load it in your browser
and say whether you can get there too. That would accomplish the work of the OpenNet
Initiative in a civic distributed way.
And so far the enthusiasm for it does not appear to be a Western versus Nonwestern
thing. Lots of people everywhere are interested to at least know what they're missing.
>>: So there's a whole bunch of technologies through the last few hundreds years -- cars,
radio, with the printing press itself -- that have been tremendously generative and they've
created all sorts of social problems. And we as a society have accepted these
technologies without necessarily creating these very closed systems that we're worried
about.
And I'm wondering if the concern that you have comes from only looking at the computer
revolution in this trend within the amazing things that computers and the Internet have
generated, or if you looked at other possibly similar historical analogs.
>> Jonathan Zittrain: I looked at some historical analogs. Not enough to make a Ph.D.
committee happy kind of thing, but enough to talk about it right now, unless any of you
are on a Ph.D. committee. And I'm surprised that you mentioned the car as a generative
technology. Because the way I see most of these other technologies is they start off in the
realm of the tinkerers. There's the equivalent West Coast Computer Fair for enthusiasts
of horseless carriages or of radio, and then very quickly as they go mainstream they get
made nongenerative and you end up with a few brand leaders who produce that
technology, or in the case of radio are licensed to broadcast on the airwaves, and then
that's it. You don't have the hobbyists anymore.
In automobiles, they are not generative. They are less and less so with notable
exceptions, like I think the Prius let's you hack it a little bit. And I got to say I'm nervous
about that. It's like hack your Prius so it doesn't make that annoying beep-beep sound
when it backs up anymore. It's like, well, there's two sides to that story.
And I don't care whether the refrigerator is generative. Like I'm just as happy with it not
being generative. In radio, the last eddies of generativity are around CB radio, for which
by law you are not allowed to say anything entertaining over citizens band radio. If you
like decide to set up on Channel 6, which is vacant -- I guarantee you it's vacant right
now -- and start telling like Uncle Bob's stories, like every night at 7:00, they will find
you and fine. You. Because that's not what CB is for. It's only for uninteresting
communications.
So I feel like information technology, because it so much underpins speech and political
interaction and social change, I mean so much stuff that has to do with freedom of
association, of self-determination, of knowledge, of the oil that actually makes a
democratic polity work much more important, that that be generative and be able to be
disruptive and generate stuff that is seen as not worthy of funding or not pleasant rather
than generative chemistry sets where people can make any form of 18 kinds of anthrax in
their spare time, like I just as soon the government control the hell out of that. But I
may -- it looks like I'm misunderstanding your question.
>>: I think we need to follow up on this rather than have a conversation right here.
Thank you very much.
>> Jonathan Zittrain: Thank you all very much.
(Applause.)