Technologist Jonathan Zittrain explains how he feels about the iPhone and the dangers posed to innovation in the Internet as a whole.
Jonathan Zittrain is an internationally known cyberlaw scholar and technologist with a giant resume. He is Professor of Internet Governance and Regulation at Oxford Internet Institute and also teaches at Harvard. Zittrain is co-founder of the Chilling Effects Web site (a watchdog site) and holds patents on wireless and network devices. Zittrain has been making headlines with his latest book, The Future of the Internet and How to Stop It, in which he argues that closed-systems devices like the iPhone are potentially harmful. In a live Network World chat, Zittrain explained how he feels about the iPhone and the dangers posed to the Internet as a whole.
Moderator-Julie: Welcome! We are ready to begin.
Jonathan_Zittrain: Hi there -- I'm pleased to be here today. Thanks for coming out. Let debate + discussion begin! (Longer and more nuanced answers are likely in the book -- apologies for signal loss as we compress.)
Nakshatram: The iPhone is transforming the user interface - making Internet usage even simpler. This comes with a price: a closed system. Isn't the price worth it? And for how long will it stay closed?
Jonathan_Zittrain: I want to see us (and that means the market) avoid a dichotomy between the generative but now-dangerous PC-style platforms on the one hand, and the iPhone's gated community on the other. I'd prefer to work inward from the current Internet/PC rather than start with a closed system and pry it open.
Moderator-Julie: Pre-submitted question: Why do you think that "adding stress to the Internet" is something that would harm it? It would seem that it works more like the highway system. The roads are capable of carrying heavy loads from trucks and those loads have forced the builders of the roads to architect them to handle the stress of all forms of traffic. "Stress" has the potential to benefit all users of the infrastructure. If something like the iPhone could "break" the Internet, then it is already broken.
Jonathan_Zittrain: The stresses I emphasize in the book aren't just load -- I'm as amazed as many network engineers that the Internet has scaled as beautifully as it has. (Many have the same view about 802.11 wireless technologies; they're behaving far more reliably under heavy loads than many expected.) Instead, there's reason to worry that the open technologies of the Net and the PC now have much more reason to be subverted and exploited by bad guys, and that without action we'll see a market response to this abuse that puts us that much more into the iPhone zone -- or that of Facebook and Google apps.
baked: So you see the iPhone then as a logical outcome of market security pressures, but that the price of isolation is too high? What then is the solution to the security pressures you describe that are driving iPhone?
Jonathan_Zittrain: Exactly. I worry even that Android will fall victim to the very pressures driving people away from (or to lock down) their PCs. I'd like to see bottom-up ways of evaluating code, rather than farming out to McAfee, etc., and I think there are ways to preserve experimentalist architectures while also allowing room for prime time stuff. I talk about Butler Lampson's idea for a "red zone" and "green zone" on a single PC so people can put their mission-critical stuff in one place but still go offroading at the touch of a button (of course then there will end up being valuable data in the red zone -- that's why we keep it -- in which case we need a Checkpoint Charlie to try to move it to Green without bad things happening.)
Beregond: The first time I was told about the potential "Death of the Internet" IPv4 was still classful and CIDR dealt (for several years) with that problem. Then the BGP routing tables in core routers were getting too big for the amount of RAM in the routers in use at that time... Since then, the Internet has been threatened with death half a dozen times, including when the "Gated Community" of AOL was linked to the net. Why should we be more concerned about the potential threat of the iPhone and similar devices?
Jonathan_Zittrain: Well, there's death and then there's death. Sometimes the wolf is really coming! But the "death" I have in mind -- and to be sure, I rejected "The Death of the Internet" as the title of the book despite pleas from the publisher -- is more of a whimper than a bang. It's not some overloading of routing tables or bandwidth tsunami. It's more of a social transition: a realization by some bad actors that they can exploit the openness of the Net and PC to great effect, and a movement by the exploited to start making their IT feel more like a fridge or a TiVo than a Heathkit.
Jonathan_Zittrain: And I wouldn't even say that I think the iPhone is killing the Internet -- just that, if it (and things like it, including Web 2.0 app platforms) start substituting for the PC instead of complementing it, we're in trouble. Which reminds me -- I think a number of the comments to the article were basically of the category: "But wait, now there's an iPhone SDK!" to which I say: Yes, but it's not at all like PC apps. Steve Jobs takes a cut of every app (imagine if BillG tried to do that on Windows!) and he reserves the right to kill anything he doesn't like for any reason -- which also means he can be told to kill things by a regulatory authority. How long would P2P apps have lasted if that ability existed in Windows?
baked: OK - but from a CIO's perspective, any security risk is too much both from the bad guys getting in and creating mischief, and proprietary data getting out (in my business, more the latter). Until innovations stabilize, I would think that every CIO will choose isolation. Unfortunately, once there it's hard to get them back out. How do you get the CIOs to either wait or to adopt temporary solutions?
Jonathan_Zittrain: Absolutely. Part of the problem is that everyone is being rational here! For CIOs I can understand the desire to bolt everything down. But I guess I'd say that bolting down too much can be like stripping a screw... employees will end up creating their own shadow IT if the official systems are too locked down. I'd ask CIOs to be willing to participate in some of the "digital nervous system" apps that we're developing (we're = Oxford/Harvard) to allow PCs to anonymously broadcast their basic vital signs (not the company documents), especially because then mainstream Internet users could ask the system things like, "How many expert/corporate machines have this software installed, vs. the AOL-types?" (apologies to AOL types)
dreamworld: You write glowingly of the open, collaborative process used to create Wikipedia. How can a process like that can be used to solve today's worst cybersecurity problems, which are criminal in nature?
Jonathan_Zittrain: I'm eager to see us develop the kinds of technical tools that Wikipedia has -- think quick revert -- so that harmful stuff isn't a catastrophe. And tools that let people collaborate to give early warning of bad or unfamiliar code. Right now surfing the Web is designed to be an autistic experience.
Moderator-Julie: Pre-submitted question: Do you use an iPhone, Blackberry or other PDA? How do you square that with your views of how tethered Internet appliances are hampering innovation on the Internet?
Jonathan_Zittrain: I actually don't use any of those devices -- I find that email is fun when it comes in, but a burden once it's stale, which is in about five seconds. So I like to deal with email from a PC, when I'm devoted to truly processing it. But I'm not too doctrinaire about it -- I don't think the iPhone is evil, just that (1) it and platforms like it may well crowd out the PC and (2) if that happens, we'll lose much of the ability to innovate that we've enjoyed for the past thirty years. And we'll gain new vectors of government/regulatory surveillance and control. Facebook can be told to kill Scrabulous in a way that Bill Gates was never told to kill Grokster or Bittorrent.
stever: Are there many open/closed mixed products and are we heading back to the "old days" in some sense?
Jonathan_Zittrain: I think the iPhone w/SDK is a good example of a mixed product -- a "contingently generative" technology. I worry it's the worst of both worlds rather than the best - and I see Facebook and Google apps the same way. I like 'em both, but they both reserve the right to kill any app at any time - so it's the old days of appliances, but still the new days of networked: with the vendor having a privileged role in reprogramming the users' experiences.
baked: One of the big security risks we see today are not necessarily the open net but these little high-capacity memory drives that can contain all your source code and walk out the door in one's pocket. So the bad guys will find every seam in the fabric and use whatever tools are available to enter. Not sure which is worse....
Jonathan_Zittrain: Agreed. I think the overall challenge is best put as how to operate successfully in an open environment. What if you couldn't keep secrets? What are the minimum number of secrets to be kept? (SSNs, merger proposals, etc.)
dreamworld: You favor the Internet Engineering Task Force, the Internet's premier standards body which operates via rough consensus and running code. Here's something you didn't mention: It takes a long time for IETF working groups to finish standards, and sometimes (as in the case of instant messaging) they fail to get standards to market in time to stop proprietary solutions from taking over. What are your thoughts on that?
Jonathan_Zittrain: Yes, I think the IETF may be dead. (Sigh, I probably shouldn't have said that.) What I mean more directly is that the IETF functioned best in a backwater, when people were basically having fun, not taking themselves too seriously. As soon as people with coats and ties (Vint Cerf excluded, of course) started showing up, "rough consensus and running code" became harder to achieve. The story of ICANN is this story in a nutshell, how something -- the top level of the domain name system -- run by one guy with sandals, could become a $30 million+ / year operation and everyone still hating it and little getting done. I even see it reflected in the troubles of going from IPv4 to IPv6.
Jonathan_Zittrain: But what I respect about the IETF is that it only adopted enough process to keep things moving -- focusing at all times as much as possible on substance over process, including "fairness" and "democracy." In the later chapters of the book, I argue that fixing the Net is ours to do, in just the informal, junior, unchartered way the IETF operates (those adjectives taken from the RFC entitled "30 Years of RFCs").
dusty6649: Your warning does not hold water! If what you propose comes about then why didn't the same thing happen to television when the Internet was born?
Jonathan_Zittrain: Not sure I understand your emphatic and slightly peeved claim. You mean, why didn't the Internet kill television? Because it's only recently that moving images of TV quality were possible on the Net, mostly with the publishers who fill TV's content objecting every step of the way to making it happen. Ultimately I do worry that TV *will* kill the Net -- that we'll end up with something approximating the ethos and structure of Cable TV, just done over TCP/IP.
stever: Do you make any distinctions between Wi-Fi and cellular transports?
Jonathan_Zittrain: Well, I respect the medium-independence of TCP/IP hourglass architecture. I'm with fellow travelers like Tim Wu on wireless Carterphone and am heartened by Android and by Verizon's statements about opening up its network. The devil will be in the details, and of course they won't (rightly) want to open up their networks so much that they lose the advantages of managed networks, such as user authentication that allows for billing, abuse complaints, etc.
Beregond: AOL began life as a separate system that was later linked to the Net. Even before it was linked, (even in the days when it only ran Q-Link for Commodore 8 bit machines) there were predators. The bigger it got, the more predators it drew. Won't any successful walled gardens of tomorrow face the same problem?
Jonathan_Zittrain: Yes, I think they will. I just don't want them to be predators of the same ilk. Remember when it was AOL v. CompuServe v. The Source? (BTW, I recommend heartily A Game of Thrones.)
Nakshatram: It's a Catch-22 - we need standards to make our lives easy, but speed of standards release can't catch up with the speed of changing technology.
Jonathan_Zittrain: Yes - if we can preserve the experimentalist architecture for everyone, while allowing people to roll up their sleeves and get their work done when they need to, it'll be easier to let the forking and restandardizing to take place.
Moderator-Julie: Pre-submitted question: The majority of PC users aren't hobbyists. They don't tinker with their systems, create applets or participate in wikis. They just use their PCs to access Internet content created by someone else. Isn't it OK if these people migrate to appliances?
Jonathan_Zittrain: Use appliances, sure; migrate, no. Skype is that much more useful as more people use it -- not just nerds. It's good to be able to Skype grandma. The generative PC is (well, was) useful to non-techies because they could install software written by others. This serves as an important safety valve -- if TiVo gets too grabby or over-regulated, we can revert to MythTV, so long as the PC infrastructure is there to support it.
stever: So your world is defined by expediting "standards" and a lot more cross licensing?
Jonathan_Zittrain: I worry that as soon as we're into the zone of cross-licensing -- that's already an L-word that stops molecular motion -- it assumes there's IP [intellectual property] to be licensed to begin with. I'd like to make sure we maintain a hardware infrastructure that allows nerds to come up with new stuff on their own and deploy it to the rest of us -- a safety valve against the more formalized/proprietary systems that will naturally be competing too.
dreamworld: Does anyone in your vision make money on IT anymore? Or does it all become freeware?
Jonathan_Zittrain: Sure -- think how much money the Net and PC have let people make -- largely because the framers of each didn't set out to recoup it all or negotiate to get a slice. This is a classic commons problem, where a little common work can make us all better off and many of us richer, but it's sometimes tough to get firms and people to contribute.
dstevens: Aren't the innovators going to continue to innovate even though the "masses" choose to take the easy way out with appliances? In the K-12 world we (technology support people) are constantly asked to provide technology in the most effective way with little or no thinking involved on the user end. The innovators are several steps ahead of the masses, by the time the masses catch up to the innovators, the innovators are innovating something new.
Jonathan_Zittrain: Yes. The key question is whether those innovators can easily expose the rest of us to what they're doing. The people who did KaZaA and Skype (same people!) didn't need to clear them with anyone -- they just naturally started out with the more daring and techie among us, and they and others then adapted the tech so mainstream users could benefit from it. There are many future tech configurations that won't allow that sort of diffusion to happen. What if the K-12 places had hardware infrastructures where you couldn't just send them a new app to try? Or only browsers, for that matter, configured not to trust sites not on a whitelist.
Nakshatram: And we also have IPs in technology a la Qualcomm! That literally divided the world.
Jonathan_Zittrain: True. That's why I think if we rewound time and played it back again it's not clear we'd be where we are -- imagine if people actually knew what was truly being invented at the time the Net's standards were being developed!
dusty6649: As the net becomes overly crowded do you think it will become a pay-as-you-use program?
Jonathan_Zittrain: I hope not -- there's still several billion more people to go. I'd rather they join the Net than, say, mobile telephony networks that do indeed have the pay-as-you-go mentality. That's why current work in ad hoc networking (and projects like one laptop per child that try to have this built in) will be such interesting bellwethers.
stever: So where does IBM's (bought into I forget the name) early entry before AOL stand?
Jonathan_Zittrain: I think IBM and Prodigy teamed up, but I wouldn't swear it. IBM had lots of cash but was hamstrung by being... IBM. Not a lot of whimsy there. Chapter Four of the book pulls together some of the v. interesting literature on this topic, where firms in general are not able to innovate, but individuals can. Eric von Hippel has some great stuff along these lines.
Moderator-Julie: Pre-submitted question: I was surprised by your findings of how appliances can be used by law enforcement -- for example, that the FBI could use OnStar to record conversations in a car or a cell phone could be turned into a microphone. Is this risk well known or understood?
Jonathan_Zittrain: I'm amazed at how little attention cases like TiVo v. EchoStar, and The Company v. The United States, have gotten. They certainly trouble me, and Chapter Five of the book tries to explain how our market choices are, in an uninformed way, leading us to results we will rue.
ptrawles: It seems like we're headed toward a multi-tiered Internet. For corporate users the company locks their environment down. For home/independent users the less tech-savvy adopt appliances/closed systems while more tech-savvy stick with PCs and "open" systems.
Jonathan_Zittrain: Yes, plausible and I'd count that as a very bad outcome. That's a future we should want to stop.
stever: Prodigy...used to use it a lot and forgot… yes you/we are correct about IBM. Thanks for reminding me and I am off to buy your book. I thank you for your time!
Jonathan_Zittrain: :)
dstevens: What about Internet II? Isn't that already an answer to frustration?
Jonathan_Zittrain: Internet II means different things to different people. To the extent that it's just about fast protocols -- and some versions are just that -- I don't see it solving any of the generative problems covered in the book. E.g., viruses and worms could spread that much faster! Other initiatives, like the Stanford Clean Slate Initiative and a project undertaken by Net luminary David Clark at MIT, try to rethink the Net from the ground up -- now that we know how important and central (but not centralized) it is. I've participated in some of the associated meetings and found them fascinating, but they're naturally marred by self-consciousness: it's all about remaking a Net that can be all things to all people while avoiding a bunch of problems we now know to be true, some internal to the Net and some more socially/legally constructed, like IP theft. I haven't seen those knots cut yet and would in the meantime like to buy some more time for our venerable Net and PC platforms.
Moderator-Julie: Pre-submitted question: What do you think should be done to mitigate the risk of law enforcement or regulators taking advantage of new features that allow spying and whatnot?
Jonathan_Zittrain: I think the well-informed public can stay away from them in the absence of privacy guarantees. There's a reason that the company in The Company v. The United States wanted to remain anonymous as it challenged the FBI's demand to use its car communications system to eavesdrop on passengers! Also, I think we can and should develop legal frameworks to protect personal data stored in cloud computing configurations as much as we would personal data on a laptop.
ptrawles: I see your point about the risk this poses to innovation. However, doesn't it inherently add value to the Internet when more people are available? If getting grandma online via an appliance allows her to e-mail the kids then there is good done. If grandma was likely to create or try bleeding-edge software this could hurt, but my parents at least are not going to come close (and as their tech support for that I'm thankful). I do think that the stratification is inevitable and has already been set in the Linux vs. Windows market segmentation. There is so much more innovation coming from the Linux front. Once again, however, I don't see Linux ever truly taking out Windows on the desktop due to the cost of retraining. As you mention if we had it do over again we likely wouldn't be where we are - I've no idea of whether we'd be better or worse, but we wouldn't be here.
Jonathan_Zittrain: Yes, I'll be interested to see if GNU/Linux can take off on the desktop, e.g. ubuntu. And I take your point that grandma on an appliance is better than no grandma at all! I don't begrudge the appliances -- I just want to see what we'd call a critical mass of generative PCs (and successors) still in the mix. Maybe even enough for grandma to want one -- since don't we want to be able to Skype with her without waiting for it to become an "approved" app through a partnership with the appliance vendor?
ptrawles: One of the things I'm most concerned about is the sheer folly of many patent filings. The "smartphone" patent and subsequent lawsuits are going to kill innovation just as fast as closed systems. Once the Internet became a moneymaking opportunity the game was afoot and will inevitably be hampered by the lawyers.
Jonathan_Zittrain: Yea; I devote some of Chapter Eight to saying that patents are out of control. But I mostly cite to all the other scholars who say that with greater depth than I. Most of the book I've tried to make cover new ground, which also means that it's a little uneven -- for example I don't talk all that much about net neutrality, since that debate is already so thoroughly met.
dreamworld: You devote a whole chapter to the future of privacy on the Net, but in the end you seem to assert that consumer privacy will be better protected by MySpace pages, blogs and wikis than more traditional means. Why is that?
Jonathan_Zittrain: Well, I think that privacy is best protected through norms than through trying to make everything into a lawsuit. I acknowledge the very real problems that come up when armies of the world's tourists are producing images and feeding them into Flickr and Facebook stamped with time, date, location, and identity of the people in the photo -- far more intrusive than CCTV here in Britain! So I propose ways to convey social cues along with the raw data of something like a photo. Let Star Wars Kid say early: Hey, I don't approve of this; it was an accident it got online, please forward a cat doing something funny instead of this to your friends... please? How many, if they saw that before forwarding Star Wars Kid onward, would respect those wishes? The answer tells us whether we're ready to govern ourselves and see the Net as the social phenomenon that it is, not just a big pile of stuff to copy and paste.
dusty6649: Do you think the day will ever come when there will be a program that is capable of putting a stop to all hackers or I should say a quick fix?
Jonathan_Zittrain: Nope, no magic bullets, except in the appliance. And that way lies a cauterization of what I think is most valuable about the Net and PC. How do they put it? The price of freedom is eternal vigilance! We just need some new tools to help those who want to help. Some binoculars and walkie-talkies for the Neighborhood Watch.
Beregond: Would you consider appliances the answer to the prayers of those who run (or advocate) a closed or controlled society?
Jonathan_Zittrain: You bet. The Chinese gov't no doubt loves some of the tools we've developed in that category: car navigation systems with microphones that can be secretly and remotely turned on; DVRs that can have content retroactively excised if it's found to be objectionable.
Moderator-Julie: Pre-submitted question: Your book is somewhat utopian -- proposing answers to the Internet's toughest security problems from the goodwill of the community. Wouldn't a capitalistic approach be more likely to succeed?
Jonathan_Zittrain: Many of the book's approaches are capitalistic in the way that Wikipedia is: Wikipedia rises or falls with its popularity in the market, and it even allows anyone, .com or otherwise, to copy all of its contents. So it passes a market test every day. My book has some public policy ideas and recommendations in it, but most of the interventions I suggest are market ones -- whether by software developers or by consumers.
Moderator-Julie: Please remember to join us for our next chats. All of them begin at 2 p.m. ET.
-- Monday, May 5, When it comes to Network Access Control, what's truth and what's fiction with security guru Joel Snyder
-- Thursday, May 15, Open source and its changing role in the enterprise with Stormy Peters
-- Tuesday, June 3, Enterprise Computing Trends You Can’t Afford to Ignore, with Deloitte's John Hagel and Eric Openshaw.
Upcoming topics will include how to detect fraudulent network gear, Crimeware and how to stop it - and MANY MORE! If you have an idea for a chat, please e-mail editor Julie Bort.
Jonathan_Zittrain: Thanks so much, everyone. I'll look for comments and Qs in additional venues!
Moderator-Julie: Thank you for being our guest today, Jonathan!