Time to reclaim the Internet

  2019-12-31

Time to reclaim the Internet

  By Hagai Bar-El   , 2015 words
Categories: Security Engineering, Security Policies

We grow increasingly reliant on quite a few Internet-based services: social networks, messaging, photo sharing, and the rest. The challenges we face with privacy, data ownership enforcement, surveillance, and other aspects of digital abuse could all be substantially reduced if those data sharing needs were addressed by the Internet as it was originally architected: decentralized and open. We have waited very long, and so remediation would take more than just new standards, but it is doable.

The problem

We reached a point at which we can barely imagine society operating without some key data sharing use-cases of the Internet: mobile instant messaging, social networks, live broadcast, etc. How and why we got to this point is a topic for another post; not on this blog, not by me. The fact that is of interest, however, is that this reliance comes with a price tag that we are just now starting to comprehend. Much has already been said on the deterioration of our digital rights, on the privacy we no longer have, on our data which we no longer control, and on our identity which is constantly being profiled to the finest detail, to be used for increasingly aggressive attention capturing advertising campaigns.

Hundreds of articles were written about the power held by the Internet services giants and the government, and several good books too, such as “Data and Goliath” by Bruce Schneier (which I reviewed here). Those Internet services companies sell us some very useful connectivity services (such as e-mail and social networks) in return for using our data for generating revenues.

By now we recognize that we have a problem. It has always been known that some Internet service providers take advantage of their users’ data, but we never saw manifestation for this problem, so the problem was considered as theoretic while free e-mail or picture sharing platforms were very material gifts. Just now, as the amount of data became so huge, and as correlation between data sources became so effective, that we notice the situation that we have inadvertently created. At least on the advertising front, effective profiling makes effective campaigns, and effective campaigns draw advertisers money that is invested into more adverts that are pushed more intrusively. Additionally, occasional data breaches that throw our financial and other data into the bad-guys public domain obviously do not improve our feeling about the bargain we have made in the first place.

Just as we realize that we have enabled a data-collection and surveillance economy, we also realize that at this point, increasing consumer awareness might no longer be enough. We became reliant on a handful of services that charge us in one of the primary artifacts of our lives — our data and our privacy. In some cases, we put the data in ourselves, and in other cases the data is created as we use the service. Sometimes we do not understand the deal we’ve made; sometimes we do but have little other choice.

This current situation can be classified partially as a market failure and partially as an issue of public health, and as in both such cases, the regulator happily intervened; a bit late, but better late than never. In record time for regulators, the EU introduced privacy laws (notably the GDPR) and a strong appetite for chasing the Internet giants each time they seem to exploit their power in an unfair way. For example, legislation now forces companies to clearly state what data they collect and what they use it for, as well as get your permission to collect this data. This is a good start, and it is in itself helpful; but it is not enough…

What is the purpose of such legislation? What is the role of transparency in commerce? What such regulation is made to allow us is to make better choices. It will not substantially change the deal we’re being offered, but it will ascertain that we can understand the deal enough to viably decide whether we want it or not. Privacy regulations are an essential part of the solution, even if not the entire solution.

We need those Internet services. We need our e-mail, we need our sharing platforms, social networks, etc. Being made aware of the deals we are bound by is essential, but unless we have alternatives, this awareness resembles democratic elections in states that have only one party. If you feel that you must be part of a social network, and the only prevalent social network is Facebook (to pick on one), then it does not make much of a difference if you like the deal they offer you, i.e., their terms of service, or not. The legislator plays its role; it defines and enforces a norm that enables you to compare between alternative service providers in a fair ecosystem, but for this to be of any real benefit, such alternatives must exist.

In an optimal world, once you can technically compare the different offerings, the market is ripe for more social network players, e-mail providers, chat providers, etc., to offer their services and compete for your business. But the world is not optimal. The handful of existing service providers established themselves so well by now as effective monopolies, that the barrier of entry to new players is way too high. You have so much of your data already locked-in with one or two service providers, that migration can barely be imagined. Furthermore, when it comes to connectivity and sharing services, the situation is yet tougher because the success of any new player depends on its ability to enroll a critical mass of users. As long as all those potential users are already bound to use a few monolithic services, services which offer very little interface to competing platforms, good luck in causing a substantial enough part of that user-base to migrate.

The solution: reclaiming the Internet

People who have been dealing with the Internet since the 80’s or 90’s will not take it by surprise, whereas late joiners likely will: The Internet was designed as a distributed, heterogenous system, yes. Websites do not necessarily start with “facebook.com/…", and e-mail addresses do not all end with “@gmail.com", believe it or not.

The Internet is designed from scratch to allow many people to connect with many service providers, using a standard set of enabling protocols. Most people will be amazed to learn how much of what they do with the Internet today could technically be done two decades ago, if anyone cared about usability back then; but most did not care about usability for the masses back then. The Internet was for geeks, and most people would not bother with it anyway. My Grandma did not care about the Internet, and vice versa. She did not have an e-mail account, and saw no issue with it being so. Google with Gmail did not invent e-mail. It did not even invent web-based e-mail. But it was quick to master, it gave large quotas, and hence rightfully deserved becoming the de-facto e-mail provider for people who don’t get e-mail from an IT staff and who don’t care to become IT people themselves.

Social networking is indeed a newer use-case, but it is nevertheless one that calls just for a new client application, and perhaps a new client-server communication protocol. It is a genius use-case by all means, but nothing that is of paramount novelty technology-wise. Internet veterans can attest that the distribution of posts where people contribute content that gets shared with all interested individuals via subscription is something that the NNTP protocol accomplishes flawlessly since the mid 80’s.

So if we wish to undo the situation we got ourselves into, the first step is to take those new compelling Internet use-cases, such as social networks, instant messaging and live sharing, and build suitable standard Internet protocols for them, utilizing the distributed client-server architecture that our ancestors so wisely devised. Not much needs to be written from scratch; we already have core protocols for messaging (SMTP, which e-mail still uses), instant messaging (Jabber/XMPP, IRC), content distribution, etc. We only need to define the proper wrapping layers that improve their suitability for purpose, and design the client applications that are tailored for the masses, not just for geeks. Once we have those in place, economy will arrange for new service providers that will use those protocols and build their own Internet applications that are truly distributed and interoperable, as the Internet natively is.

If Provider-A sells me social network services, and Provider-B sells those services to my friend, standard Internet protocols assure that what I share through Provider-A is also consumable by users of Provider-B. If this sounds as science fiction, then it is just because we are used to purposefully-siloed social networks; e-mail, SMS messages, and Newsgroups do that all the time. Finally, if I do not like the terms of service (e.g., the cost) that Provider-A offers me, or if I am not satisfied with some other aspects of its service (inconvenient user-interface, mobile client that drains the battery, whatever), then I can port my data to another provider. If this also sounds like fiction, then consider that cloud storage allows this since the day it was born.

Good communication standards can support all use-cases we have grown to rely on when using social networks and all other Internet-based sharing platforms. Such communication standards already facilitate e-mail, web browsing, IP telephony, shared storage, content distribution, and many other complex use-cases of connectivity. Establishing effective standard protocols for social networking and other life-story sharing use-cases will allow for the same social networking experiences to be carried out in an open and decentralized fashion, like the rest of the Internet. We shall understand that decentralization is not merely a facet of network architecture; rather, it is the rope attaching a set of needs that we have with the economical system that guards society against being exploited through its needs.

Who needs to do what?

There are two stakeholders that are called to action.

First, we need the standardization fora, such as the IETF, to put the necessary standards in place. Those standards should be strict enough to guarantee interoperability, while also being abstract enough to enable innovation on behalf of particular players. We are probably speaking of a core communication and sharing backbone coated with multiple layers of extendible frameworks to support particular use-cases. It is not easy, but so wasn’t Bluetooth or the World-Wide-Web.

Proper standardization for contemporary use-cases will enable a multitude of service providers to offer interoperable services in a market that actually enables the user to choose his/her deals, but it will not in itself untangle the current situation in which the barrier of entry is so high for newcomers. This is where the regulator needs to intervene once again.

Legislation already improves transparency by forcing service providers into disclosing how they treat the data they are entrusted with, technically allowing the user to opt-out. Legislation shall now allow the user a usable opt-out. If we consider that the service is such that is essential for the user, a usable opt-out is an opt-out that allows the user to hop from one service to another, rather than from one service into a vacuum (as it is today). This can be made possible only if the existing service providers are compelled into playing by the same new standards as the rest of the ecosystem; standards that allow for interoperability and portability of user data. Having multiple competing social network operators that provide the best product possible for the right price will be of no use if decades of my life stories and relationships are locked in the database of the current vendor, or if migrating to one of the new vendors implies loosing my ability to interact with the rest of the people who did not yet migrate.

The technical standardization fora shall design the alternatives to centralized services, and the legal system shall establish the legal landscape in which such alternatives, or any alternatives whatsoever, can practically be selected as in free markets.

 

No feedback yet


Form is loading...


Form is loading...

  XML Feeds

Search

License

All contents are licensed under the Creative Commons Attribution license.