The Thousand Autumns of Communication

Technology for better or worse has a way of exposing the absurdities and hypocrisies inherent in the current political and social regime, whether that regime is 21st century American capitalist democracy or 18th century Japanese feudal society. I'm just finishing David Mitchell's wonderful book The Thousand Autumns of Jacob de Zoet. One of its many delights is the way it portrays how the Japanese and Europeans alike are trapped within their existing set of rules only to discover themselves in a new world; one where not only do their rules no longer function, but they aren't even relevant -- in fact, they don't make any sense at all. You'll have to read the book to see what I mean.

Of course, the trap of applying old rules to new worlds is most apparent now in the realm of internet communication. These issues were well explored in Neal Stephenson's Cryptonomicon nearly a decade years ago. And actually, it is interesting the extent to which governments have been able to prevent the kind of free-wheeling, free-communication world that he envisions. Still, outside of very authoritarian societies, these efforts have existed until recently at the margins. The internet seems to have some kind of fundamental quality of exposing the contradictions inherent in our desire for total security and total freedom, and eventually the rulers and ruled are going to have to give up the idea that the two are reconcilable. For those who haven't had much exposure to the culture in the United States I'll point out that that irrational idea is at the heart of the American mythology. I think that an attempt to have one's cake and eat it too is a great recipe for creating a culture of aggression, because you end up having to eat other people's cake as well.

I'm thinking about this because I woke up this morning to read that the U.S. Tries to Make It Easier to Wiretap the Internet. OK, really? This latest attempt to put the internet genie under house arrest has a quality of almost charming niaveté until one realizes that the effort is very serious and the somewhat startling implications of that.

Government does have a responsibility to try to protect people from those who have shown that they are willing to do great harm to others. Given this, is it reasonable for the government to be able to listen in on conversations that people think are private? Most of us would say yes. Without this capability people who wished to do harm could communicate freely and we would lose our ability to take action against people who did plan to do harm, but haven't actually done anything yet. Most of us know that our private email is not really so private and most of us are reasonably comfortable with that. And actually until I read this article, I was under the assumption that the authorities did have some means of intercepting Skype and other centralized packet-switched voice communications. But apparently this is either not the case or the government is being very canny in choosing not to reveal the extent of current capabilities. And actually, I prefer the later explanation because I think the former is really less palatable. This is because there is an interesting aspect to the issue of wiretapping that many people -- including those in government who should know better -- miss. The ability to monitor communications only really works for investigation and prosecution when the people who are being monitored don't know that they might be monitored.

Over time, criminal and terrorists find different ways of communicating or communicate very sparingly. Given this, if we think things through, the main purpose for developing and then publicizing capabilities to monitor ostensibly private communications is not to listen in on what is happening but is in fact much broader than that. The purpose is to deter people from talking about things that they "shouldn't be" period -- "shouldn't" of course being open for very broad interpretation. In other words, surveillance is more about deterrence and disruption than detection. (That and catching really dumb bad guys, which is a good thing, because there are apparently quite a lot of those. Still, the really smart bad guys are the one's who have done the most evil.) What does that -- and the deliberately public nature of this proposal -- imply? The main purpose of all of this is to prevent communication from occurring in the first place.

Why is that important? Because besides getting in the way of bad guys talking, there are a lot of other reasons that people might want to communicate that are not criminal or violent but that might go against the interests of government. We are seeing this very obviously in other parts of the world, most notably in Saudi Arabia where they are "encouraging" bloggers to register their blogs, but it doesn't take much imagination to see that this capability might be attractive to some policy makers in the "free and secure" world as well. After all, dissent can be a slippery slope. And as was shown with the FBI's surveillance of Martin Luther King and other political movements in the sixties in the US, the threat of wire-taps and surveillance can be a very powerful tool on its own, as it breeds an atmosphere of paranoia, mutual suspicion and reduced ability to coordinate activities even amongst completely law-abiding organizations. To take a more current example, this is one of the means that the Russian government has taken to crush dissent while preserving the illusion of democracy.

So now I'll get to the "what is so laughable if it weren't so disturbing" part. The software developers reading this will know immediately what I mean when I call out the following little aspect in the proposed regulations: "Developers of software that enables peer-to-peer communication must redesign their service to allow interception." For those of you who aren't current software developers, or just haven't had your morning coffee yet, I'll spell out the implications.

The software ecosystems that we work in now are just that -- ecosystems. Ecosystems that function well have evolved all sorts of diverse and redundant ways to communicate, and that is what has been happening over the last decade or two in software, especially in the Open Source communities. For example, software "products" aren't really even products anymore, in the sense that you buy an application on a DVD and copy it to your computer. Instead, software platforms like Eclipse are delivered through (distributed) provisioning systems and assembled ad hoc on the desktop. When we develop software, we use version control systems that allow us to track the changes we make to the software. When we communicate about bug fixes, we use collaboration tools to facilitate that. All of this software is located in all sorts of different places, and developers are constantly coming up with new ideas and approaches, many of them quite beautiful and free-spirited. All of these are increasingly distributed and peer to peer.

As one example, a tool that is seeing explosive growth in the development community is "git", which provides a completely decentralized version control system. Now, one would have to be an especially dumb bad guy to use a version control system for planning criminal activities! But for that reason, git makes a nice extreme case of the implications of these regulations. If the policy is really to apply to every possible case, then that means that anyone developing any kind of software that does not go through a centralized service must provide a secure, undetectable back door for surveillance. (Word to the EGit and Mylyn developers -- might as well get cracking now!)

I know, this vision does sounds a bit absurd, and perhaps it is, but hey, governments do absurd things all the time. I think about this every time I fill out an Eclipse Contribution Questionnaire and have to answer the question about whether the software contains any cryptography. Is it too much of a stretch to imagine one day in the not too distance future when we have to certify whether the software provides any means of per to peer communication? Hmmm, let's hope the FBI doesn't find out about telnet...

As always, I'd love to hear what you think. And by the way, if you decide to read "The Thousand Autumns of Jacob de Zoet" -- and I hope you do -- I certainly won't mind if you click on the links here and order it at Amazon. But I'd much prefer it if you went to your local library and picked up your copy there. Who knows, you might run into someone you can talk to using the original peer to peer communication protocol (also known as "face to face"), you'll reuse precious resources, and most importantly you'll be helping to preserve these rich local resources that -- and this would be incredible if it didn't at the same time seem so inevitable -- are also becoming victims of our out of control WalMart culture.