0:00:00.000,0:00:14.990
<i>34c3 intro</i>

0:00:14.990,0:00:22.770
Herald: And now please join me in welcoming[br]Caleb, for his talk BGP and the Rule of Custom

0:00:22.770,0:00:26.120
<i>Applause</i>[br]

0:00:26.120,0:00:30.050
Caleb James DeLisle: Thank you.

0:00:30.050,0:00:32.790
Thank you and thanks for

0:00:32.790,0:00:38.870
coming. Tonight I'm going to speak to you[br]about the BGP protocol but it's not going

0:00:38.870,0:00:44.469
to be that technical. Specifically I'm[br]going to concentrate on the way that BGP

0:00:44.469,0:00:53.969
molds human interactions. So there I'm[br]aiming at making this a reasonably

0:00:53.969,0:00:58.530
accessible talk so if you catch me using[br]slightly incorrect terms for something

0:00:58.530,0:01:04.159
consider that I'm optimizing not only for[br]the clarity of the correctness but also

0:01:04.159,0:01:10.860
for the widest possible audience. So[br]protocols that are at their root systems

0:01:10.860,0:01:16.750
of governance. So I'm gonna propose a[br]framework to think about governance and

0:01:16.750,0:01:22.820
then as I describe BGP we can we will be[br]able to analyze it through the lens of

0:01:22.820,0:01:31.240
that framework and so as my slide shows[br]here I find it useful to dichotomize

0:01:31.240,0:01:36.750
governance systems into either[br]institutional like democracy or network

0:01:36.750,0:01:42.890
like the family or like the CCC, and when[br]you think about institutional governance

0:01:42.890,0:01:46.930
think about democracy, think about law,[br]think about rights, equality, these are

0:01:46.930,0:01:52.579
all concepts which are protected for us by[br]an institution in this case it's the state

0:01:52.579,0:01:55.690
and when you think about networks think[br]more about the family, think about

0:01:55.690,0:02:00.479
reputation, honor, mutual respect. These[br]are representations of the network

0:02:00.479,0:02:04.219
governance model, and the network[br]governance model turns out to be very

0:02:04.219,0:02:09.419
important to BGP. Now I'm gonna argue that[br]we need both institutional and networks

0:02:09.419,0:02:19.080
governance and each one should be used for[br]what it's best for. So but first I'm going

0:02:19.080,0:02:25.209
to talk about where BGP came from. The[br]year was 1989 and there were two people

0:02:25.209,0:02:30.930
named Kirk Lougheed and Yaakov Rekhter and[br]they were having lunch and at the time the

0:02:30.930,0:02:37.390
Internet of the day, then known as NSFNET[br]was facing impending collapse let's say.

0:02:37.390,0:02:42.620
The NSFNET was at the time, experiencing[br]explosive growth and the EGP

0:02:42.620,0:02:47.680
routing protocol was reaching the point[br]where it just could no longer work. So

0:02:47.680,0:02:52.290
during that lunch they defined a new[br]protocol, which they jokingly referred to

0:02:52.290,0:02:55.510
as a two napkin protocol, because they had[br]drawn their

0:02:55.510,0:03:02.479
diagrams out on those napkins. And we have[br]here some photographs of those napkins.

0:03:02.479,0:03:08.600
Something to understand about BGP at the[br]time, and it was that at this time the so-

0:03:08.600,0:03:13.750
called Internet was considered kind of[br]this weird anarchist experiment. You see

0:03:13.750,0:03:20.269
real networks used grown-up protocols such[br]as X.25 which among other things made sure

0:03:20.269,0:03:25.189
at the protocol level that when you sent a[br]piece of data it would actually reach its

0:03:25.189,0:03:31.750
destination. By contrast, Internet Protocol[br]was what we call a best-effort protocol

0:03:31.750,0:03:35.930
meaning that sometimes a packet might[br]arrive mangled or maybe it wouldn't arrive

0:03:35.930,0:03:42.470
at all. Computers on the Internet usually[br]just use the TCP protocol to put the

0:03:42.470,0:03:47.790
pieces back together and to resend the[br]broken ones but TCP is not really part of

0:03:47.790,0:03:51.720
the Internet itself. It's more an[br]application that runs over it and it's

0:03:51.720,0:03:57.439
telling that in this era the Internet was[br]referred to as TCP / IP because at the

0:03:57.439,0:04:04.610
time it was expected that any network must[br]be providing reliable transport. Now the

0:04:04.610,0:04:09.409
effect of IP's simplicity as compared to[br]other networking protocols cannot be

0:04:09.409,0:04:17.108
overstated and to consider a different[br]protocol even the one used in telephone

0:04:17.108,0:04:22.380
networks even to this day it's so mind-[br]numbingly complex that it actually

0:04:22.380,0:04:27.280
encourages the telephone companies to[br]monopolize in order to manage the protocol

0:04:27.280,0:04:32.750
that they use. In fact the SONET protocol[br]that's used in the American telephone

0:04:32.750,0:04:36.590
companies - there's an equivalent one here[br]in Europe - it actually requires

0:04:36.590,0:04:41.190
synchronized atomic clocks in the routers[br]in order to schedule the messages so that

0:04:41.190,0:04:45.580
there's an empty moment in each line[br]that's just for the message to pass

0:04:45.580,0:04:52.190
through. And in contrast the simplicity of[br]IP and the political design of BGP have

0:04:52.190,0:05:03.150
allowed for just about anybody to become a[br]network operator. So what is BGP? BGP is

0:05:03.150,0:05:09.090
a protocol which every Internet router[br]uses to talk to other routers when they're

0:05:09.090,0:05:15.210
talking across an organizational boundary.[br]See inside an organization you control all

0:05:15.210,0:05:18.860
the computers so you can have them talk[br]any way they want

0:05:18.860,0:05:25.110
but when you talk across boundaries[br]the lingua franca of

0:05:25.110,0:05:33.100
routing protocols is BGP. And BGP involves[br]two types of identifiers which

0:05:33.100,0:05:39.000
organizations need to apply for. These are[br]IP addresses which most people know about

0:05:39.000,0:05:44.050
and there are the lesser-known autonomous[br]system numbers and each network provider

0:05:44.050,0:05:49.780
has an AS number. Both IP addresses and[br]AS numbers are issued by ICANN through its

0:05:49.780,0:05:56.320
regional registries which manage this an[br]issuance kind of in accordance to need.

0:05:56.320,0:06:02.130
And an autonomous system is a network[br]operator such as an ISP or hosting

0:06:02.130,0:06:07.919
provider and having the AS number[br]means that they're able to speak as equals

0:06:07.919,0:06:13.819
with all the other network operators. It[br]also means that when they interconnect

0:06:13.819,0:06:18.080
with another network operator the fact[br]that they're interconnected is public and

0:06:18.080,0:06:26.029
that's a very important little piece of[br]BGP. Now BGP is unlike the EGP routing

0:06:26.029,0:06:31.190
protocol before it, a mesh protocol and[br]this fact has proven highly significant

0:06:31.190,0:06:36.840
because it's created what I call the[br]imperative to peer. And to understand the

0:06:36.840,0:06:42.030
imperative to peer, I'll give you a scenario.[br]Let's say that you and I are each

0:06:42.030,0:06:47.489
a medium-sized network operator. So your[br]customers want to talk to my customers, my

0:06:47.489,0:06:52.259
customers want to talk to your customers[br]but as medium-sized network operators we

0:06:52.259,0:06:56.270
both need to buy Internet from somebody[br]else that's bigger than us. In the

0:06:56.270,0:07:01.650
industry we call this the upstream[br]provider and if my customers are asking

0:07:01.650,0:07:06.509
for web sites hosted by your customers[br]normally what's going to happen is I'm

0:07:06.509,0:07:10.139
going to get those requests and I'm gonna[br]have to send them to my upstream provider,

0:07:10.139,0:07:12.590
they're going to give them to your[br]upstream provider who is going to give

0:07:12.590,0:07:18.379
them to you. But since we're both paying[br]for those links to our upstream providers

0:07:18.379,0:07:26.060
there's, we're sort of paying for that[br]traffic in a way, and now if you and I

0:07:26.060,0:07:30.419
happen to have routers in the same[br]datacenter then we could just run a wire

0:07:30.419,0:07:35.949
across the room and then peer with one[br]another and BGP will bypass our upstream

0:07:35.949,0:07:38.330
providers and route the traffic between me[br]and you and

0:07:38.330,0:07:42.580
you and me. And it's much more[br]efficient. Now it's important to

0:07:42.580,0:07:48.370
understand that peering means you and your[br]customers will talk directly to me and my

0:07:48.370,0:07:54.520
customers. What it doesn't mean is that you[br]can use me to reach my other peers, or

0:07:54.520,0:07:59.289
my peers peers, or my upstream, or someone[br]else. To have to do that, you'd have to be

0:07:59.289,0:08:05.080
my customer because peering has this[br]limitation it's usually mutually

0:08:05.080,0:08:10.830
beneficial for two ISPs to just peer and[br]usually it happens with no money changing

0:08:10.830,0:08:16.550
hands and in fact it almost always happens[br]there's not even any paper contract

0:08:16.550,0:08:23.430
that they just say that makes sense let's[br]run a wire. Now in this scenario you and I

0:08:23.430,0:08:28.199
needed to have the upstream provider and[br]you might wonder well who doesn't need an

0:08:28.199,0:08:33.260
upstream provider there must be someone at[br]the top where is the core. Well the core

0:08:33.260,0:08:46.710
is a series of what we call Tier 1[br]providers. And in this picture we have

0:08:46.710,0:08:51.890
white lines which represent the peering[br]agreements and the red lines represent the

0:08:51.890,0:08:57.170
customer agreements. The Tier 1's are the[br]people up at the top and they can reach

0:08:57.170,0:09:03.410
anywhere on the Internet using a peering[br]agreement or a customer. They don't need

0:09:03.410,0:09:10.230
to buy Internet from anyone. However they[br]do need to pay the upkeep on their massive

0:09:10.230,0:09:14.510
fiber-optic networks which give them the[br]global reach to get these peering

0:09:14.510,0:09:17.890
agreements and to get these customers[br]which makes them a Tier 1 in the first

0:09:17.890,0:09:23.640
place. And you can also see some[br]interesting things in the case you can

0:09:23.640,0:09:29.509
have you can be a customer and also a peer[br]and you can also have multiple upstream

0:09:29.509,0:09:38.060
providers. But with Tier 1 there's a bit[br]of politics, see Tier 1's are hesitant to

0:09:38.060,0:09:43.000
peer with smaller operators if there is a[br]chance that if they refuse to peer the

0:09:43.000,0:09:48.210
smaller one might alternatively become a[br]customer and so it's a bit like marriages

0:09:48.210,0:09:53.959
between wealthy families because peering[br]between Tier 1's it's a complex process and

0:09:53.959,0:09:59.480
they're each striving to ensure reciprocity[br]of value. Now small networks

0:09:59.480,0:10:03.030
on the other hand they're not so concerned[br]about this and so they're ready

0:10:03.030,0:10:07.721
to peer with each other quite liberally[br]and this has created a situation known in

0:10:07.721,0:10:11.940
the industry as doughnut peering where in[br]the Tier 1's are actually increasingly

0:10:11.940,0:10:18.199
being routed around and it's worthy of[br]reflection the fact that while SONET with

0:10:18.199,0:10:24.460
a synchronized atomic clocks has made an[br]incentive to monopoly. BGP with it's

0:10:24.460,0:10:31.520
imperative to peer has created a situation[br]where monopoly is discouraged. However

0:10:31.520,0:10:37.730
this system also has means of preventing[br]bad behavior on the Internet which it

0:10:37.730,0:10:42.900
works astonishingly well while at the same[br]time preserving almost absolute free

0:10:42.900,0:10:51.760
expression. So this is a chart of the[br]percentage of all email that is spam and

0:10:51.760,0:10:57.480
to understand why this chart is remarkable[br]consider what a bad protocol email

0:10:57.480,0:11:03.660
is. Email is basically a push protocol[br]with an unlimited free speech. So all you

0:11:03.660,0:11:07.980
got to do is get on the Internet, fire up a[br]mail server and you can just send spam to

0:11:07.980,0:11:20.750
anyone. It's magic. So really this[br]percentage should be like over 99% but

0:11:20.750,0:11:29.059
it's not. Well email is an old and heavily[br]used protocol and the network operators

0:11:29.059,0:11:33.959
have made it kind of a special case. Email[br]is actually one of the few protocols where

0:11:33.959,0:11:38.640
messing with it can get you kicked off the[br]whole Internet even if you have your own

0:11:38.640,0:11:43.189
network AS number even if you are a[br]network operator with peers and everything

0:11:43.189,0:11:51.799
you can still get chucked off the Internet[br]if you mess around with mail. So I'm gonna

0:11:51.799,0:11:56.809
try to explain how this works and I'm[br]going to do it by trying to think of

0:11:56.809,0:12:07.809
different types of actors that are, that[br]exist in the Internet service sphere. So

0:12:07.809,0:12:14.280
there is a lot of actors of course but[br]I've made these four main categories which

0:12:14.280,0:12:19.230
I think helps to explain the situation.[br]And they're the customer, the provider,

0:12:19.230,0:12:25.130
the network operator and the civil society[br]organization. So the customer is someone

0:12:25.130,0:12:30.290
like me. I take an IP address on loan from[br]my cable provider at home and I take one

0:12:30.290,0:12:36.371
from my web hosting provider. It's not my[br]IP address and it's not assigned to me. It

0:12:36.371,0:12:39.070
doesn't have my name on it and they can[br]take

0:12:39.070,0:12:45.490
it back when I stop working with them.[br]But that means I have relative anonymity

0:12:45.490,0:12:49.939
because I'm not out there looking for[br]peers I have my provider they know who I

0:12:49.939,0:12:55.780
am, they know me, I know them, nobody else[br]needs to know who that IP address is

0:12:55.780,0:13:01.040
associated with. However my provider can[br]trivially turn off my access to the

0:13:01.040,0:13:05.950
Internet but by the same token I can[br]usually choose which provider to patronize

0:13:05.950,0:13:11.980
as well modulo the monopolies in the cable[br]companies. Providers on the other hand

0:13:11.980,0:13:15.450
they are not anonymous they have to[br]maintain relationships with network

0:13:15.450,0:13:21.510
operators, they have to seek customers.[br]They're out in the public. Providers also

0:13:21.510,0:13:27.079
have an incentive to keep customers so[br]they can't be obviously scammy and they

0:13:27.079,0:13:31.750
shouldn't, they can't provide bad service.[br]They probably shouldn't be scummy

0:13:31.750,0:13:36.010
and they can't provide bad service. They[br]also have an imperative to stay friendly

0:13:36.010,0:13:40.540
with at least one network operator. If all[br]the network operators just hate them then

0:13:40.540,0:13:46.830
they can't find Internet. Providers have[br]their own IP addresses they're assigned to

0:13:46.830,0:13:51.550
them from the Internet registries and so[br]they can connect with multiple network

0:13:51.550,0:13:55.930
operators including even having peers[br]although in practice they often keep their

0:13:55.930,0:14:03.030
networks fairly simple. But because of the[br]way BGP exchanges information, their peers

0:14:03.030,0:14:08.240
and their providers are publicly known,[br]whereas me the little customer borrowing

0:14:08.240,0:14:14.540
an IP address I'm fairly opaque. Now[br]network operators they're somewhat like

0:14:14.540,0:14:19.920
providers, they provide a service but in[br]general they make their business around

0:14:19.920,0:14:23.800
providing raw Internet access to smaller[br]providers and that's why I've

0:14:23.800,0:14:29.160
differentiated them. Network operators are[br]very much not anonymous they have to have

0:14:29.160,0:14:34.799
large numbers of peering agreements and[br]customers which again all of these

0:14:34.799,0:14:40.330
connections are transparent, because of the[br]way BGP works and they're strongly

0:14:40.330,0:14:46.270
pressured by the imperative to peer. If[br]they're not able to find peers then all

0:14:46.270,0:14:49.219
the network traffic will have to be paid[br]for. It can even squeeze them out of the

0:14:49.219,0:14:53.140
market. They do have som[br]powers though they can

0:14:53.140,0:14:57.169
refuse to peer with a network operator and[br]they can even disconnect a customer which

0:14:57.169,0:15:01.929
they might do to maintain their[br]reputation. Last group here is civil

0:15:01.929,0:15:07.059
society these are organizations like Team[br]Cymru and Spamhaus. They dedicate their

0:15:07.059,0:15:10.829
time to shedding light on the bad guys of[br]the Internet. They're not anonymous as

0:15:10.829,0:15:15.580
organisations although their members can[br]be hidden and they also maintain lists of

0:15:15.580,0:15:20.059
IP addresses and AS numbers which are[br]either known to be operated by spam

0:15:20.059,0:15:27.020
organizations or which are just unused and[br]shouldn't be existing. Internet civil

0:15:27.020,0:15:31.280
society doesn't have any direct power but[br]their power comes from their reputation

0:15:31.280,0:15:36.540
for providing valid and useful data.[br]They're also able to do their job because

0:15:36.540,0:15:42.540
of the transparency of providers and[br]network operators which is built into BGP.

0:15:42.540,0:15:46.380
I'm going to tell you a story about two[br]providers. One is called McColo and the

0:15:46.380,0:15:51.120
other is called PRQ, both of these[br]organizations were founded in 2004 and

0:15:51.120,0:15:55.410
both of them have been subject to certain[br]controversy but tellingly one of them

0:15:55.410,0:16:03.280
still remains with us and the other one is[br]long gone. So this is a splash page of

0:16:03.280,0:16:08.309
McColo back in 2008 before it went dark.[br]McColo was founded by a 19 year old

0:16:08.309,0:16:13.380
student named Nicola McColo and it thrived[br]for four years before being taken down.

0:16:13.380,0:16:16.890
McColo provided what's known as[br]bulletproof hosting. That means hosting

0:16:16.890,0:16:21.650
where the provider will keep your server[br]online no matter what you do with it.

0:16:21.650,0:16:25.949
Bulletproof hosting providers choose not[br]to cooperate with civil society or even

0:16:25.949,0:16:32.240
law enforcement unless they're forced to.[br]And in November of 2008 the Washington

0:16:32.240,0:16:37.410
Post gathered some damning evidence that[br]McColo was a hosting provider mostly

0:16:37.410,0:16:42.829
interested in providing service for[br]spammers. What's interesting is that

0:16:42.829,0:16:46.779
rather than send this evidence to the[br]police they sent it to McColo's network

0:16:46.779,0:16:51.300
operators. Like many providers McColo[br]bought Internet access from two major

0:16:51.300,0:16:54.449
network operators. In this case it was a[br]Hurricane Electric and Global

0:16:54.449,0:16:58.630
Crossing. When Hurricane and Global[br]Crossing were given this information from

0:16:58.630,0:17:03.050
The Washington Post they voluntarily chose[br]to abruptly ceased doing business with

0:17:03.050,0:17:08.190
McColo and the provider was caught off[br]guard and it and all of its customers went

0:17:08.190,0:17:18.679
offline. Here is the global volume of spam[br]which dropped to that day by as much as

0:17:18.679,0:17:24.040
75%. Needless to say no other network[br]provider was beginning or ready to begin

0:17:24.040,0:17:32.640
selling service to McColo and their[br]business crumbled. Now PRQ is in some ways

0:17:32.640,0:17:40.110
similar to McColo <i>heeey</i> and in some ways[br]they're quite different. PRQ was founded

0:17:40.110,0:17:44.780
by two Swedish guys known in BitTorrent[br]circles as anakata and Tiamo and they

0:17:44.780,0:17:49.280
provide what I call last resort hosting.[br]They've hosted highly controversial

0:17:49.280,0:17:53.850
websites such as WikiLeaks but they're[br]probably best known for hosting The Pirate

0:17:53.850,0:17:58.750
Bay. The Pirate Bay stands out is probably[br]one of the most famous websites to

0:17:58.750,0:18:06.180
publicly flaunt copyright. Going to the[br]extent of actually publishing abuse

0:18:06.180,0:18:17.780
complaints along with their sarcastic and[br]humiliating responses. This is something

0:18:17.780,0:18:22.140
that the copyright industry had never seen[br]before. High-power lawyers are just not

0:18:22.140,0:18:28.530
accustomed to getting replies signed go[br]fuck yourself. So all four of the founders

0:18:28.530,0:18:31.910
have spent some time in prison and the[br]site's data centers have been raided

0:18:31.910,0:18:36.520
multiple times and supposedly Hollywood[br]even use threats of trade sanctions

0:18:36.520,0:18:43.030
against Sweden to force them to shut this[br]thing down. But we find that as McColo has

0:18:43.030,0:18:48.440
drifted into historical obscurity, The[br]Pirate Bay is still alive and has even

0:18:48.440,0:18:54.440
become something of a cultural[br]institution. And we also find that unlike

0:18:54.440,0:18:59.340
McColo, PRQ and The Pirate Bay have never[br]had any problem with their network

0:18:59.340,0:19:05.290
operators. So one of the fundamental[br]tenets of the Internet is that network

0:19:05.290,0:19:10.670
operators are morally but not legally[br]responsible for the activities of their

0:19:10.670,0:19:15.560
customers and peers. So they may choose[br]who they do business with and they will

0:19:15.560,0:19:24.560
not be held to legal account for these[br]decisions. What are the lessons that we

0:19:24.560,0:19:28.220
can take away from this? [br]Recently there's been a lot of

0:19:28.220,0:19:33.470
work done on federated social networking[br]protocols. I'm sure some of you will take

0:19:33.470,0:19:38.860
part in this development but the vast[br]majority of you will be evaluating them to

0:19:38.860,0:19:43.900
make decisions about which technology to[br]adopt and I urge you to give some thought

0:19:43.900,0:19:48.880
toward the political identities of the[br]protocols which you make or which you

0:19:48.880,0:19:55.850
choose to make your own. Like many things[br]systems of communication are defined

0:19:55.850,0:20:02.310
largely by what they reject, whether that[br]be packets larger than 1500 bytes or Nazi

0:20:02.310,0:20:08.610
propaganda. And in a protocol I identify[br]three main ways that these rules can be

0:20:08.610,0:20:13.981
defined. The first is what we hard code[br]into the software source code. Some

0:20:13.981,0:20:18.260
examples are message formats and[br]permission systems but hardcoded rules

0:20:18.260,0:20:23.950
can be extended further with cryptography[br]and especially with block chains. Hard

0:20:23.950,0:20:29.060
coded rules are a perfect example of[br]institutional governance they can be very

0:20:29.060,0:20:34.330
fair. They are very fair because code[br]applies the rules equally to everyone and

0:20:34.330,0:20:38.820
for things which we consider a basic human[br]right such as private communications and

0:20:38.820,0:20:43.150
things which are easily quantifiable in[br]software, hardcoding can be the best

0:20:43.150,0:20:49.890
solution. However hard rules do have a[br]downside, Ethereum a cryptocurrency based

0:20:49.890,0:20:54.120
heavily on the libertarian philosophy of[br]freedom of contract found itself in a bit

0:20:54.120,0:20:59.050
of a quandary when a bug was discovered in[br]one of the very significant contract

0:20:59.050,0:21:03.330
allowing for all the money to be stolen[br]out of that contract. For those who don't

0:21:03.330,0:21:07.950
follow the topic Ethereum was hard forked[br]in order to stop the errant contract and

0:21:07.950,0:21:14.380
everybody had to update and while the fork[br]itself protected the participants in the

0:21:14.380,0:21:21.230
contract it struck a serious blow to the[br]fundamental philosophy of Ethereum and it

0:21:21.230,0:21:25.620
serves as a warning that we have a[br]downside to hardcoding. The second source

0:21:25.620,0:21:30.231
is of course the central authority. The[br]Internet uses ICANN as a central authority

0:21:30.231,0:21:35.650
to manage allocation of domain names, IP[br]addresses and autonomous system numbers.

0:21:35.650,0:21:38.530
The central authority[br]is kind of a poster child of institutional

0:21:38.530,0:21:43.240
governance. Like hardcoded rules, rule by[br]central authority also tends to be

0:21:43.240,0:21:49.750
egalitarian. Moreover a central authority[br]is actually capable of equity because it

0:21:49.750,0:21:54.061
can comprehend people's different[br]situations and adapt to them. Something

0:21:54.061,0:22:00.220
that a hardcoded rule cannot do but a[br]central authority like a hardcoded rule

0:22:00.220,0:22:06.010
is prone to coldness and bureaucracy and[br]moreover it's quite difficult to create

0:22:06.010,0:22:11.170
central authorities which do not give[br]certain individuals unaccountable power

0:22:11.170,0:22:16.730
over others. The third source of rules or[br]in this case customs where this talk gets

0:22:16.730,0:22:22.800
its name is from the network and this is[br]how the network operators and how BGP

0:22:22.800,0:22:26.890
mostly managed to keep email spam and[br]other bad things off the Internet. The

0:22:26.890,0:22:31.580
network is by far the most humane form of[br]governance. Social norms are passed along

0:22:31.580,0:22:36.340
from friend to friend rather than rules[br]being forced down upon people by central

0:22:36.340,0:22:41.350
authority or source code. And we see[br]network-like systems in families ancient

0:22:41.350,0:22:46.670
tribal societies as well as royalty and[br]elite in kingdoms and of course online.

0:22:46.670,0:22:53.990
However in electronic networks we tend to[br]associate it with, we get to choose who

0:22:53.990,0:23:00.060
we associate with from any connected[br]person in the world and but networks also

0:23:00.060,0:23:04.830
have a downside they're not egalitarian in[br]any way. Those central in the network are

0:23:04.830,0:23:10.140
simply more powerful than those on the[br]edges. In the feudal system law was often

0:23:10.140,0:23:14.410
applied differently to a person based on[br]how they were dressed or what family they

0:23:14.410,0:23:20.610
were from. And the origin of the term rule[br]of law it was initially described as a

0:23:20.610,0:23:27.340
better alternative to rule of the king or[br]rule of man. We have the law we

0:23:27.340,0:23:33.380
have the state because people demanded[br]them as in this case the inequity of the

0:23:33.380,0:23:38.260
network rule proved unacceptable. But[br]there's an important difference between

0:23:38.260,0:23:45.580
BGP's rule of custom and the patently[br]unjust feudal system. BGP is transparent.

0:23:45.580,0:23:49.630
We know which network operators are[br]interconnected with whom and we know who

0:23:49.630,0:23:55.080
is protecting the bad actors[br]and in every case we find dystopia

0:23:55.080,0:23:59.550
whenever there's power without[br]transparency either in opaque proprietary

0:23:59.550,0:24:05.240
code, unaccountable central authorities or[br]in networks which form mafias, secret

0:24:05.240,0:24:11.350
societies in the feudal system. And I[br]think the key message from BGP has to be

0:24:11.350,0:24:17.930
that whether in central authorities or in[br]networks. Power and privacy do not mix.

0:24:17.930,0:24:23.820
With any measure of power there must be[br]equal transparency and accountability.

0:24:23.820,0:24:29.960
<i>Applause</i>

0:24:29.960,0:24:36.150
So in closing. I hope you go out there and[br]make protocols and make systems which far

0:24:36.150,0:24:43.860
surpass what we have today and to do that[br]I suggest looking at the past and what

0:24:43.860,0:24:49.270
protocols have been highly successful and[br]try to identify why they worked. Also look

0:24:49.270,0:24:56.620
at the ones that didn't work. Look at the[br]things that died in a hell storm of spam

0:24:56.620,0:25:01.640
and try to keep it simple. I developed[br]some software before and something I

0:25:01.640,0:25:06.750
learned the hard way is that complexity[br]becomes the enemy of adoption so maybe

0:25:06.750,0:25:11.409
it's a good idea we all write our[br]protocols on napkins. Thank you.

0:25:11.409,0:25:21.920
<i>Applause</i>[br]

0:25:21.920,0:25:24.260
Herald: Thank you Caleb. [br]We now have five minutes

0:25:24.260,0:25:28.330
for questions you know the drill. Please[br]line up at the microphones there's four

0:25:28.330,0:25:32.430
microphones two in the middle, one there,[br]one there. please don't leave the room

0:25:32.430,0:25:36.220
until the talk is over. If you stood up[br]you can leave but the rest please

0:25:36.220,0:25:39.360
stay seated you can spare five minutes[br]it's a lot of noise that people keep

0:25:39.360,0:25:43.490
leaving during the Q&amp;A. [br]Microphone number one please.[br]

0:25:43.490,0:25:49.940
Question: Hello I'm from Sweden. I[br]really like to talk to have a overview of

0:25:49.940,0:25:56.570
this I think it was mostly correct. I[br]would say that I'm working with both the

0:25:56.570,0:26:05.870
BGP and DNS and those association with[br]ICANN but I think you put them all on the

0:26:05.870,0:26:10.260
you give them a bit too much power they[br]are not that powerful unless you describe

0:26:10.260,0:26:16.180
them. They don't decide everything about[br]DNS and everything. They're running the

0:26:16.180,0:26:21.080
IANA contract for these domain names and[br]numbers and stuff like that. On behalf of

0:26:21.080,0:26:27.240
the community like the IETF and other[br]multi-stakeholder organizations. So they

0:26:27.240,0:26:33.040
only have the power over the new top-level[br]domains they don't have the power over the

0:26:33.040,0:26:41.100
common domain or .se domain in Sweden or[br].ch in Switzerland so if .se or .ch would

0:26:41.100,0:26:46.100
like to have The Pirate Bay, ICANN has[br]nothing to do with that.

0:26:46.100,0:26:47.730
Herald: Could you get to the question please?

0:26:47.730,0:26:50.590
Question: No it's not a question. [br]More to show that ICANN is

0:26:50.590,0:26:55.680
not the king.[br]Herald: There are other people queueing please.

0:26:55.680,0:27:00.200
Herald: Microphone number two please.[br]Question 2: Thank you. Great great

0:27:00.200,0:27:09.380
lecture. So what actually is the reason[br]why some illegal activities are tolerated

0:27:09.380,0:27:16.841
by ISPs and some like child abuse is not?[br]Speaker: That's a great question. I

0:27:16.841,0:27:27.050
think that what it comes down to is what[br]is socially acceptable. So when you have

0:27:27.050,0:27:31.400
why does some activity, why does some[br]illegal activity like smoking a joint

0:27:31.400,0:27:38.080
outside, not cause you to have the police and[br]other activity like murdering somebody

0:27:38.080,0:27:42.540
would. It's all about what is socially[br]acceptable to the people around you and

0:27:42.540,0:27:46.990
what is socially acceptable to the people[br]around them and in the case of ISPs

0:27:46.990,0:27:50.600
somebody is peering with the the people[br]that serve The Pirate Bay somebody else

0:27:50.600,0:27:55.040
looks at that and says it's not, I don't[br]feel that that's a problem somebody else

0:27:55.040,0:27:58.920
looks at them and says I don't feel but[br]people who think that is a problem and so

0:27:58.920,0:28:02.120
it's okay. I hope this answers your[br]question.

0:28:02.120,0:28:07.180
Herald: Do we have an Internet question?[br]No. Okay microphone number one please.

0:28:07.180,0:28:13.590
Question 3: Why do you think network[br]operators being morally but not literally

0:28:13.590,0:28:18.500
responsible for what content they accept[br]on the network worked so well for McColo

0:28:18.500,0:28:22.690
and PRQ and doesn't work at all for social[br]media?

0:28:22.690,0:28:27.370
Speaker: Oh great great question. Why it[br]doesn't work. If I understand you

0:28:27.370,0:28:35.340
properly? Why Twitter is still a crap[br]hole. It is. Well here's the thing Twitter

0:28:35.340,0:28:42.130
has it's - I am probably getting sued[br]- it's a, it's basically an

0:28:42.130,0:28:46.230
institutional governance system. They said[br]like we're in charge everybody is flat on

0:28:46.230,0:28:53.050
here so on top of a network governance[br]system they built in a institutional

0:28:53.050,0:28:57.210
governance system and the institutional[br]governance system it's like a high school

0:28:57.210,0:29:04.940
it's just it's terrible. So I should use[br]this opportunity to plug Mastodon because

0:29:04.940,0:29:10.480
Mastodon is an example of a system which[br]is federated and looks well it doesn't

0:29:10.480,0:29:15.779
look exactly like BGP but I think it will[br]in five years.

0:29:15.779,0:29:22.519
<i>Applause</i>

0:29:22.519,0:29:24.710
Herald: One hopefully brief question from[br]two please.

0:29:24.710,0:29:29.330
Question 4: Yes. Hi. Thank you very much[br]for talking about BGP. As someone who

0:29:29.330,0:29:33.100
knows a lot about BGP and I was kind of[br]wondering if you could help answer a

0:29:33.100,0:29:38.251
question and that's that I kind of view[br]BGP is kind of like a static protocol and

0:29:38.251,0:29:42.190
it was stuck it was written on two napkins[br]and it's been a little bit expanded beyond

0:29:42.190,0:29:48.420
that. My concern is like with, with rogue[br]countries or someone else harnessing IP

0:29:48.420,0:29:53.880
blocks and like sync holding traffic for[br]google.com or facebook.com which has

0:29:53.880,0:29:57.580
happened several times in the last couple[br]years can you think of a way where you can

0:29:57.580,0:30:03.929
either get BGP to conquer that problem or[br]with the new decentralized protocol to

0:30:03.929,0:30:08.160
conquer that problem?[br]Speaker: Filters, filters, filters.

0:30:08.160,0:30:14.110
Basically. I don't know that much about[br]BGP but I know that some people are in the

0:30:14.110,0:30:18.150
business of making their filters from the[br]data that's in the WHOIS database that

0:30:18.150,0:30:22.120
just say this is what you're allowed to[br]announce cool this is we'll build a filter

0:30:22.120,0:30:27.480
that's what your your box can send to us.[br]The problem is that ISPs are lazy and we

0:30:27.480,0:30:33.350
don't have we don't have standardized[br]stuff for making these filters so we end

0:30:33.350,0:30:37.180
up with a lot of people just sit putting[br]no filter and saying yeah announce

0:30:37.180,0:30:41.100
whatever you want and then you know China[br]announces Google and all the traffic goes

0:30:41.100,0:30:45.030
like this.[br]Herald: And that's all for today.

0:30:45.030,0:30:47.513
Thank you Caleb.

0:30:47.513,0:30:50.064
<i>Applause</i>

0:30:50.064,0:30:55.482
<i>34c3 outro</i>

0:30:55.482,0:31:12.000
subtitles created by c3subtitles.de[br]in the year 2018. Join, and help us!