34c3 intro Herald: And now please join me in welcoming Caleb, for his talk BGP and the Rule of Custom Applause Caleb James DeLisle: Thank you. Thank you and thanks for coming. Tonight I'm going to speak to you about the BGP protocol but it's not going to be that technical. Specifically I'm going to concentrate on the way that BGP molds human interactions. So there I'm aiming at making this a reasonably accessible talk so if you catch me using slightly incorrect terms for something consider that I'm optimizing not only for the clarity of the correctness but also for the widest possible audience. So protocols that are at their root systems of governance. So I'm gonna propose a framework to think about governance and then as I describe BGP we can we will be able to analyze it through the lens of that framework and so as my slide shows here I find it useful to dichotomize governance systems into either institutional like democracy or network like the family or like the CCC, and when you think about institutional governance think about democracy, think about law, think about rights, equality, these are all concepts which are protected for us by an institution in this case it's the state and when you think about networks think more about the family, think about reputation, honor, mutual respect. These are representations of the network governance model, and the network governance model turns out to be very important to BGP. Now I'm gonna argue that we need both institutional and networks governance and each one should be used for what it's best for. So but first I'm going to talk about where BGP came from. The year was 1989 and there were two people named Kirk Lougheed and Yaakov Rekhter and they were having lunch and at the time the Internet of the day, then known as NSFNET was facing impending collapse let's say. The NSFNET was at the time, experiencing explosive growth and the EGP routing protocol was reaching the point where it just could no longer work. So during that lunch they defined a new protocol, which they jokingly referred to as a two napkin protocol, because they had drawn their diagrams out on those napkins. And we have here some photographs of those napkins. Something to understand about BGP at the time, and it was that at this time the so- called Internet was considered kind of this weird anarchist experiment. You see real networks used grown-up protocols such as X.25 which among other things made sure at the protocol level that when you sent a piece of data it would actually reach its destination. By contrast, Internet Protocol was what we call a best-effort protocol meaning that sometimes a packet might arrive mangled or maybe it wouldn't arrive at all. Computers on the Internet usually just use the TCP protocol to put the pieces back together and to resend the broken ones but TCP is not really part of the Internet itself. It's more an application that runs over it and it's telling that in this era the Internet was referred to as TCP / IP because at the time it was expected that any network must be providing reliable transport. Now the effect of IP's simplicity as compared to other networking protocols cannot be overstated and to consider a different protocol even the one used in telephone networks even to this day it's so mind- numbingly complex that it actually encourages the telephone companies to monopolize in order to manage the protocol that they use. In fact the SONET protocol that's used in the American telephone companies - there's an equivalent one here in Europe - it actually requires synchronized atomic clocks in the routers in order to schedule the messages so that there's an empty moment in each line that's just for the message to pass through. And in contrast the simplicity of IP and the political design of BGP have allowed for just about anybody to become a network operator. So what is BGP? BGP is a protocol which every Internet router uses to talk to other routers when they're talking across an organizational boundary. See inside an organization you control all the computers so you can have them talk any way they want but when you talk across boundaries the lingua franca of routing protocols is BGP. And BGP involves two types of identifiers which organizations need to apply for. These are IP addresses which most people know about and there are the lesser-known autonomous system numbers and each network provider has an AS number. Both IP addresses and AS numbers are issued by ICANN through its regional registries which manage this an issuance kind of in accordance to need. And an autonomous system is a network operator such as an ISP or hosting provider and having the AS number means that they're able to speak as equals with all the other network operators. It also means that when they interconnect with another network operator the fact that they're interconnected is public and that's a very important little piece of BGP. Now BGP is unlike the EGP routing protocol before it, a mesh protocol and this fact has proven highly significant because it's created what I call the imperative to peer. And to understand the imperative to peer, I'll give you a scenario. Let's say that you and I are each a medium-sized network operator. So your customers want to talk to my customers, my customers want to talk to your customers but as medium-sized network operators we both need to buy Internet from somebody else that's bigger than us. In the industry we call this the upstream provider and if my customers are asking for web sites hosted by your customers normally what's going to happen is I'm going to get those requests and I'm gonna have to send them to my upstream provider, they're going to give them to your upstream provider who is going to give them to you. But since we're both paying for those links to our upstream providers there's, we're sort of paying for that traffic in a way, and now if you and I happen to have routers in the same datacenter then we could just run a wire across the room and then peer with one another and BGP will bypass our upstream providers and route the traffic between me and you and you and me. And it's much more efficient. Now it's important to understand that peering means you and your customers will talk directly to me and my customers. What it doesn't mean is that you can use me to reach my other peers, or my peers peers, or my upstream, or someone else. To have to do that, you'd have to be my customer because peering has this limitation it's usually mutually beneficial for two ISPs to just peer and usually it happens with no money changing hands and in fact it almost always happens there's not even any paper contract that they just say that makes sense let's run a wire. Now in this scenario you and I needed to have the upstream provider and you might wonder well who doesn't need an upstream provider there must be someone at the top where is the core. Well the core is a series of what we call Tier 1 providers. And in this picture we have white lines which represent the peering agreements and the red lines represent the customer agreements. The Tier 1's are the people up at the top and they can reach anywhere on the Internet using a peering agreement or a customer. They don't need to buy Internet from anyone. However they do need to pay the upkeep on their massive fiber-optic networks which give them the global reach to get these peering agreements and to get these customers which makes them a Tier 1 in the first place. And you can also see some interesting things in the case you can have you can be a customer and also a peer and you can also have multiple upstream providers. But with Tier 1 there's a bit of politics, see Tier 1's are hesitant to peer with smaller operators if there is a chance that if they refuse to peer the smaller one might alternatively become a customer and so it's a bit like marriages between wealthy families because peering between Tier 1's it's a complex process and they're each striving to ensure reciprocity of value. Now small networks on the other hand they're not so concerned about this and so they're ready to peer with each other quite liberally and this has created a situation known in the industry as doughnut peering where in the Tier 1's are actually increasingly being routed around and it's worthy of reflection the fact that while SONET with a synchronized atomic clocks has made an incentive to monopoly. BGP with it's imperative to peer has created a situation where monopoly is discouraged. However this system also has means of preventing bad behavior on the Internet which it works astonishingly well while at the same time preserving almost absolute free expression. So this is a chart of the percentage of all email that is spam and to understand why this chart is remarkable consider what a bad protocol email is. Email is basically a push protocol with an unlimited free speech. So all you got to do is get on the Internet, fire up a mail server and you can just send spam to anyone. It's magic. So really this percentage should be like over 99% but it's not. Well email is an old and heavily used protocol and the network operators have made it kind of a special case. Email is actually one of the few protocols where messing with it can get you kicked off the whole Internet even if you have your own network AS number even if you are a network operator with peers and everything you can still get chucked off the Internet if you mess around with mail. So I'm gonna try to explain how this works and I'm going to do it by trying to think of different types of actors that are, that exist in the Internet service sphere. So there is a lot of actors of course but I've made these four main categories which I think helps to explain the situation. And they're the customer, the provider, the network operator and the civil society organization. So the customer is someone like me. I take an IP address on loan from my cable provider at home and I take one from my web hosting provider. It's not my IP address and it's not assigned to me. It doesn't have my name on it and they can take it back when I stop working with them. But that means I have relative anonymity because I'm not out there looking for peers I have my provider they know who I am, they know me, I know them, nobody else needs to know who that IP address is associated with. However my provider can trivially turn off my access to the Internet but by the same token I can usually choose which provider to patronize as well modulo the monopolies in the cable companies. Providers on the other hand they are not anonymous they have to maintain relationships with network operators, they have to seek customers. They're out in the public. Providers also have an incentive to keep customers so they can't be obviously scammy and they shouldn't, they can't provide bad service. They probably shouldn't be scummy and they can't provide bad service. They also have an imperative to stay friendly with at least one network operator. If all the network operators just hate them then they can't find Internet. Providers have their own IP addresses they're assigned to them from the Internet registries and so they can connect with multiple network operators including even having peers although in practice they often keep their networks fairly simple. But because of the way BGP exchanges information, their peers and their providers are publicly known, whereas me the little customer borrowing an IP address I'm fairly opaque. Now network operators they're somewhat like providers, they provide a service but in general they make their business around providing raw Internet access to smaller providers and that's why I've differentiated them. Network operators are very much not anonymous they have to have large numbers of peering agreements and customers which again all of these connections are transparent, because of the way BGP works and they're strongly pressured by the imperative to peer. If they're not able to find peers then all the network traffic will have to be paid for. It can even squeeze them out of the market. They do have som powers though they can refuse to peer with a network operator and they can even disconnect a customer which they might do to maintain their reputation. Last group here is civil society these are organizations like Team Cymru and Spamhaus. They dedicate their time to shedding light on the bad guys of the Internet. They're not anonymous as organisations although their members can be hidden and they also maintain lists of IP addresses and AS numbers which are either known to be operated by spam organizations or which are just unused and shouldn't be existing. Internet civil society doesn't have any direct power but their power comes from their reputation for providing valid and useful data. They're also able to do their job because of the transparency of providers and network operators which is built into BGP. I'm going to tell you a story about two providers. One is called McColo and the other is called PRQ, both of these organizations were founded in 2004 and both of them have been subject to certain controversy but tellingly one of them still remains with us and the other one is long gone. So this is a splash page of McColo back in 2008 before it went dark. McColo was founded by a 19 year old student named Nicola McColo and it thrived for four years before being taken down. McColo provided what's known as bulletproof hosting. That means hosting where the provider will keep your server online no matter what you do with it. Bulletproof hosting providers choose not to cooperate with civil society or even law enforcement unless they're forced to. And in November of 2008 the Washington Post gathered some damning evidence that McColo was a hosting provider mostly interested in providing service for spammers. What's interesting is that rather than send this evidence to the police they sent it to McColo's network operators. Like many providers McColo bought Internet access from two major network operators. In this case it was a Hurricane Electric and Global Crossing. When Hurricane and Global Crossing were given this information from The Washington Post they voluntarily chose to abruptly ceased doing business with McColo and the provider was caught off guard and it and all of its customers went offline. Here is the global volume of spam which dropped to that day by as much as 75%. Needless to say no other network provider was beginning or ready to begin selling service to McColo and their business crumbled. Now PRQ is in some ways similar to McColo heeey and in some ways they're quite different. PRQ was founded by two Swedish guys known in BitTorrent circles as anakata and Tiamo and they provide what I call last resort hosting. They've hosted highly controversial websites such as WikiLeaks but they're probably best known for hosting The Pirate Bay. The Pirate Bay stands out is probably one of the most famous websites to publicly flaunt copyright. Going to the extent of actually publishing abuse complaints along with their sarcastic and humiliating responses. This is something that the copyright industry had never seen before. High-power lawyers are just not accustomed to getting replies signed go fuck yourself. So all four of the founders have spent some time in prison and the site's data centers have been raided multiple times and supposedly Hollywood even use threats of trade sanctions against Sweden to force them to shut this thing down. But we find that as McColo has drifted into historical obscurity, The Pirate Bay is still alive and has even become something of a cultural institution. And we also find that unlike McColo, PRQ and The Pirate Bay have never had any problem with their network operators. So one of the fundamental tenets of the Internet is that network operators are morally but not legally responsible for the activities of their customers and peers. So they may choose who they do business with and they will not be held to legal account for these decisions. What are the lessons that we can take away from this? Recently there's been a lot of work done on federated social networking protocols. I'm sure some of you will take part in this development but the vast majority of you will be evaluating them to make decisions about which technology to adopt and I urge you to give some thought toward the political identities of the protocols which you make or which you choose to make your own. Like many things systems of communication are defined largely by what they reject, whether that be packets larger than 1500 bytes or Nazi propaganda. And in a protocol I identify three main ways that these rules can be defined. The first is what we hard code into the software source code. Some examples are message formats and permission systems but hardcoded rules can be extended further with cryptography and especially with block chains. Hard coded rules are a perfect example of institutional governance they can be very fair. They are very fair because code applies the rules equally to everyone and for things which we consider a basic human right such as private communications and things which are easily quantifiable in software, hardcoding can be the best solution. However hard rules do have a downside, Ethereum a cryptocurrency based heavily on the libertarian philosophy of freedom of contract found itself in a bit of a quandary when a bug was discovered in one of the very significant contract allowing for all the money to be stolen out of that contract. For those who don't follow the topic Ethereum was hard forked in order to stop the errant contract and everybody had to update and while the fork itself protected the participants in the contract it struck a serious blow to the fundamental philosophy of Ethereum and it serves as a warning that we have a downside to hardcoding. The second source is of course the central authority. The Internet uses ICANN as a central authority to manage allocation of domain names, IP addresses and autonomous system numbers. The central authority is kind of a poster child of institutional governance. Like hardcoded rules, rule by central authority also tends to be egalitarian. Moreover a central authority is actually capable of equity because it can comprehend people's different situations and adapt to them. Something that a hardcoded rule cannot do but a central authority like a hardcoded rule is prone to coldness and bureaucracy and moreover it's quite difficult to create central authorities which do not give certain individuals unaccountable power over others. The third source of rules or in this case customs where this talk gets its name is from the network and this is how the network operators and how BGP mostly managed to keep email spam and other bad things off the Internet. The network is by far the most humane form of governance. Social norms are passed along from friend to friend rather than rules being forced down upon people by central authority or source code. And we see network-like systems in families ancient tribal societies as well as royalty and elite in kingdoms and of course online. However in electronic networks we tend to associate it with, we get to choose who we associate with from any connected person in the world and but networks also have a downside they're not egalitarian in any way. Those central in the network are simply more powerful than those on the edges. In the feudal system law was often applied differently to a person based on how they were dressed or what family they were from. And the origin of the term rule of law it was initially described as a better alternative to rule of the king or rule of man. We have the law we have the state because people demanded them as in this case the inequity of the network rule proved unacceptable. But there's an important difference between BGP's rule of custom and the patently unjust feudal system. BGP is transparent. We know which network operators are interconnected with whom and we know who is protecting the bad actors and in every case we find dystopia whenever there's power without transparency either in opaque proprietary code, unaccountable central authorities or in networks which form mafias, secret societies in the feudal system. And I think the key message from BGP has to be that whether in central authorities or in networks. Power and privacy do not mix. With any measure of power there must be equal transparency and accountability. Applause So in closing. I hope you go out there and make protocols and make systems which far surpass what we have today and to do that I suggest looking at the past and what protocols have been highly successful and try to identify why they worked. Also look at the ones that didn't work. Look at the things that died in a hell storm of spam and try to keep it simple. I developed some software before and something I learned the hard way is that complexity becomes the enemy of adoption so maybe it's a good idea we all write our protocols on napkins. Thank you. Applause Herald: Thank you Caleb. We now have five minutes for questions you know the drill. Please line up at the microphones there's four microphones two in the middle, one there, one there. please don't leave the room until the talk is over. If you stood up you can leave but the rest please stay seated you can spare five minutes it's a lot of noise that people keep leaving during the Q&A. Microphone number one please. Question: Hello I'm from Sweden. I really like to talk to have a overview of this I think it was mostly correct. I would say that I'm working with both the BGP and DNS and those association with ICANN but I think you put them all on the you give them a bit too much power they are not that powerful unless you describe them. They don't decide everything about DNS and everything. They're running the IANA contract for these domain names and numbers and stuff like that. On behalf of the community like the IETF and other multi-stakeholder organizations. So they only have the power over the new top-level domains they don't have the power over the common domain or .se domain in Sweden or .ch in Switzerland so if .se or .ch would like to have The Pirate Bay, ICANN has nothing to do with that. Herald: Could you get to the question please? Question: No it's not a question. More to show that ICANN is not the king. Herald: There are other people queueing please. Herald: Microphone number two please. Question 2: Thank you. Great great lecture. So what actually is the reason why some illegal activities are tolerated by ISPs and some like child abuse is not? Speaker: That's a great question. I think that what it comes down to is what is socially acceptable. So when you have why does some activity, why does some illegal activity like smoking a joint outside, not cause you to have the police and other activity like murdering somebody would. It's all about what is socially acceptable to the people around you and what is socially acceptable to the people around them and in the case of ISPs somebody is peering with the the people that serve The Pirate Bay somebody else looks at that and says it's not, I don't feel that that's a problem somebody else looks at them and says I don't feel but people who think that is a problem and so it's okay. I hope this answers your question. Herald: Do we have an Internet question? No. Okay microphone number one please. Question 3: Why do you think network operators being morally but not literally responsible for what content they accept on the network worked so well for McColo and PRQ and doesn't work at all for social media? Speaker: Oh great great question. Why it doesn't work. If I understand you properly? Why Twitter is still a crap hole. It is. Well here's the thing Twitter has it's - I am probably getting sued - it's a, it's basically an institutional governance system. They said like we're in charge everybody is flat on here so on top of a network governance system they built in a institutional governance system and the institutional governance system it's like a high school it's just it's terrible. So I should use this opportunity to plug Mastodon because Mastodon is an example of a system which is federated and looks well it doesn't look exactly like BGP but I think it will in five years. Applause Herald: One hopefully brief question from two please. Question 4: Yes. Hi. Thank you very much for talking about BGP. As someone who knows a lot about BGP and I was kind of wondering if you could help answer a question and that's that I kind of view BGP is kind of like a static protocol and it was stuck it was written on two napkins and it's been a little bit expanded beyond that. My concern is like with, with rogue countries or someone else harnessing IP blocks and like sync holding traffic for google.com or facebook.com which has happened several times in the last couple years can you think of a way where you can either get BGP to conquer that problem or with the new decentralized protocol to conquer that problem? Speaker: Filters, filters, filters. Basically. I don't know that much about BGP but I know that some people are in the business of making their filters from the data that's in the WHOIS database that just say this is what you're allowed to announce cool this is we'll build a filter that's what your your box can send to us. The problem is that ISPs are lazy and we don't have we don't have standardized stuff for making these filters so we end up with a lot of people just sit putting no filter and saying yeah announce whatever you want and then you know China announces Google and all the traffic goes like this. Herald: And that's all for today. Thank you Caleb. Applause 34c3 outro subtitles created by c3subtitles.de in the year 2018. Join, and help us!