DPI-685 Assignment 1: The Internet in 2020
[N.B. This was an assignment submitted for DPI-685: 2020 Vision and Information Policy: Considering the Public Interest. The purpose of the assignment was to have us develop a utopian or distopian scenario about some aspect of the future at the conclusion of the next decade. Perhaps not surprisingly, I decided to write about the future of the Internet. I wasn't sure what else to do with it, so here it is world! Note that this is necessarily fiction (and is also a distopian future from my perspective), though it contains many grains of (unreferenced) truth.]
31 December 2020
If you would have asked me a decade ago what I would have thought the Internet would be like today, I would have been hard-pressed to give you an answer that was not filled with complete uncertainty. How can one predict the future of such an “organic” thing, especially since the previous two decades saw tremendous and unexpected growth in this medium? Yet there was one thing I had always taken for granted—always assumed would be part of the core values of the Internet: freedom and openness. What this meant to me was the freedom to connect, to send messages and publish whatever you pleased, and to participate in this arguably democratic medium. It was a true marketplace for ideas! There certainly were some limits on this freedom, from domestic law and the like, but they were relatively reasonable, and if necessary, it was relatively easy to be anonymous on the Internet.
I think we all expected this seemingly unshakable character of the Internet to endure well into the future, as it had already weathered the challenges of significant growth and the involvement of extremely varied political, ideological, and business interests. An artifact of being designed by academics in the United States, the Internet was founded on design assumptions and an ethos that carried openness and freedom with it as it grew. But what would happen if these features were used to attack the land that gave birth to this medium?
From the 1990s through to 2010, the Internet evolved significantly, moving from an academic curiosity, to a common information medium, and finally to a ubiquitous and required part of the daily lives of many in the developed world. The growing importance of the Internet, and its economic and national security significance, was also dawning on national governments. As ISPs and other major Internet-based companies were already giving significant attention to network security for their own businesses, governments were realizing that a security strategy was required at a national level to counter possible threats. While governments were still thinking about the first steps in working towards a viable cybersecurity program, the unthinkable happened: a massive Internet-based terror attack was launched against the United States during the midst of its presidential election campaign in August 2012.
The attack was sophisticated and multi-faceted, utilizing a combination of targeted attacks against specific targets and distributed denial-of-service (DDoS) attacks to flood US networks with high amounts of traffic to hide the attack. The targeted attacks were executed using stolen credentials and accumulated knowledge collected by software that exploited previously unknown vulnerabilities in major operating systems. This flood of traffic also served to delay communication, and news gathering and dissemination, causing uncertainty and panic amongst the American public.
A number of firms trading in US stock markets were hit first, when attackers executed a growing series of low-volume trades that significantly depressed the share price of many major US companies. The markets were eventually closed as traders noticed increasingly strange behavior and realized they were not in control. Over the course of several days as recovery and analysis was taking place, a number of the trades were cancelled, but it was difficult and controversial to differentiate between attacker-initiated and legitimate trades. This significant downtime for the market and the vulnerability of the firms involved caused short-term economic damage, and long term concerns in confidence of these entities.
Nearly simultaneously, the databases of several major logistics and shipping companies were corrupted, preventing further transportation or deliveries of everything from packages to medical supplies and fresh food from taking place. Again, recovery was possible over the course of several days as databases were rebuilt from backups and low-tech attempts to route some of the goods sitting on the ground took place. However, delayed and spoiled goods resulted in losses on the order of tens to hundreds of millions of dollars, in addition to the shock and confidence issues that this attack raised.
Soon after the first two attacks, several electric energy utilities in Texas that had energy control systems connected to their corporate networks were exploited. Attackers used these systems to cause several intentional faults that severely damaged a major generating station near Dallas and shut down a number of other stations throughout the state, causing a collapse of the power system for between 24 hours and several days in certain areas. The outage leading to food spoilage, major discomfort, and a number of deaths as air conditioning failed in the over-100°F heat.
Even after the events that initiated the physical world damages were over, the multitude of compromised machines continued to DDoS the networks, preventing telephone calls and news from reaching citizens through “modern” channels. Resolution of the problem only began several hours later in the day when an executive order was issued by the president to require ISPs disconnect consumer machines from the Internet until an interim solution could be found.
As could have been expected, the turmoil that resulted became a major issue in the presidential election, with campaign promises to regulate or tame the Internet coming from both parties. There was also much talk of holding those responsible for the attack accountable using all means available to the United States. However, determining responsibility proved to be difficult. Forensic analysis showed that the attacks seemed to originate from home users’ PCs on US soil, but it was quickly determined that these users did not have the capabilities to mount such an attack, and that these machines were only used as a staging ground for the attackers.
Some began pointing fingers at China and others, but the lack of evidence made this position untenable. However, the attacks did enable other responses. Similar to post-September 11 politics, the attacks cultivated the political will both domestically and internationally to make the Internet a far more accountable environment to dissuade future attacks out of fear of retaliation using legal, economic, or military force.
The “open” nature of the Internet and its historic ethos and roots were cited as the major enabling factors for these attacks. The expectation of opportunity to revamp many of the fundamental principles of the Internet brought together many strange bedfellows. IP rightsholders became advocates of stronger identity and accountability systems to enable better enforce their rights on the Internet. Similarly, some international governments and other institutions that had been pushing for multilateral governmental control over the Internet used this crisis to motivate the centralization of control over Internet addresses and names with the ITU.
The first changes began internationally, where it was declared by the ITU with the support of most of its member states that the time of the Internet’s self-governance was over. Coordinated Internet resources would now be centralized and controlled under the ITU, and partitioned along national lines to ensure each nation’s responsibility for its Internet activity. Internet protocol developers also worked hastily to consider technical approaches to making Internet users accountable for their actions. However, the most dramatic changes occurred domestically with coordination amongst key US partners.
In the wake of the 2012 attacks and a relatively locked-down Internet strategy developed hastily in response, the newly inaugurated President and Congress began on the task of taming the Internet. Their goals were to ensure that such attacks were not allowed to happen again, and to develop a stronger, more accountable internet that would allow its use to continue with confidence, particularly for commerce. The plan involved three components: 1) stronger regulation of “critical” Internet infrastructure, 2) liability regimes that hold internet users and their providers liable for the use of their internet connectivity to commit computer crime or other disruptive acts, and 3) the requirement for strong identity guarantees for users and providers to allow liability to be associated with a legal person. The intent was to make these requirements necessary for any company offering Internet service, and pressure was placed on US allies to take similar changes to ensure connectivity to US networks and consumers.
As this tumultuous decade comes to a close, we have an Internet, or rather internets, that I certainly could not have foreseen a decade ago. What is now known as the Internet is still our primary global information network, and still owned and operated by private sector telecommunication companies, but is much more heavily regulated by governments to ensure critical infrastructure is properly managed. The new liability regimes established under the 6-year-old Internet title of the Telecommunications Act mandate that individual responsibility is now a key component of all Internet transactions, and require users to be positively identified before connection takes place. Identity is also much stronger, and while the idea of the Government as a national identity provider for “internet drivers licenses” proved to be politically unpalatable, a cartel of tightly regulated private identity providers provides a similar service that allows internet users to positively identify themselves to others on the internet.
Those key values I alluded to before—freedom and openness—were sacrificed in the name of security after the 2012 network terror attacks. While free speech is of course still permitted on the Internet under the First Amendment, there has been an notable reduction in what used to be fairly careless discussion in internet forums—arguably a chilling effect from individual self-censorship out of greater awareness of ones identity being associated with their speech on the Internet. The structure of the Internet industry has also changed greatly. Regulatory compliance costs and other headaches of the reactive legislation have made it extremely challenging to operate an ISP, driving small players out of the market and encouraging consolidation, with AT&T-Verizon and Com3 (a merger of Comcast and Level3) dividing the market roughly evenly. Finally, innovation has suffered as consumers adopted iPhones, iSlates, Kindles, and other devices that provide strong security guarantees in order to limit exposure to worms and viruses that could expose them to liability. The approval process in place at Apple and Google has grown more stringent and expensive as a result, ending the days of creating applications in your spare time.
I used the expression “internets” above because the dramatic shift in the culture of the Internet was not accepted by everyone, leading to the creation of a second, parallel internet. Known colloquially as the “undernet”, this network bears much stronger resemblance to the Internet of 2010 and decades previous. Freedom, openness, and anonymity are still present, and so the Undernet has become the forum for many of the vices and other activities of the former Internet where users were concerned about revealing their identities. However, universal Undernet accessibility is difficult. The Undernet may not be connected to the Internet, due to both legal prohibition and technical incompatibility. It is also not popular amongst corporations and most other large organizations subject to government regulation, leading to an absence of commercial ISPs providing connectivity. Instead, it is mainly accessed wirelessly through community networks, and a few ISPs who have partitioned their networks to provide both Internet and Undernet service because they believe in the ideals of the Undernet. The Undernet has also become the primary network of countries that have refused to agree to the new Internet Protocol and the strong regulatory, accountability, and identity requirements it demanded. This partitioning of the formerly global Internet fell mainly along economic partnership and trade lines, with strong US allies adopting the system either universally, like Canada, or at least partly in parallel with the Undernet, like China.
While this may seem like a dystopian future when considered from the ideals of a 2010 Internet, not all of the effects of regulating and partitioning the Internet have been bad. The Internet is now a very trustworthy place, allowing enforceable contracts to be executed electronically and enabling greater electronic commerce. Computer crime and abuse has also largely disappeared, due in part to the accountability provided by strong identity, and also due to consumer popularity of safe computing devices like the Apple iPhone and iSlate or Amazon Kindle that only allow vetted software to run. And while it is certainly less common for whistle-blowers and others desiring anonymity to contact journalists or post information on the Internet, the Undernet has taken up this mantle.
Ultimately, though, we have had to make a significant trade for this newly secure Internet. In spite of the benefits of one global network, we established a new digital divide that once again falls along familiar geopolitical and economic lines. While I have hope that eventually we will reestablish a global network with extents similar to the reach of the former Internet, I cannot help longing for the earlier days of the Internet, one global Internet, that for three decades gave us a truly accessible marketplace for ideas.
April 14th, 2010 at 12:21 am
[...] steev's thoughts Inside the mind of steev. « DPI-685 Assignment 1: The Internet in 2020 [...]