< Return to Video

28c3: The coming war on general computation

  • 0:09 - 0:10
    Introducer:
  • 0:10 - 0:16
    Anyway, I believe I've killed enough time so, ladies and gentlemen, a person who
  • 0:16 - 0:22
    in this crowd needs absolutely no introduction, Cory Doctorow!
  • 0:22 - 0:25
    [Audience applauds]
  • 0:25 - 0:26
    Doctorow:
  • 0:26 - 0:30
    Thank you.
  • 0:30 - 0:37
    So, when I speak in places where the first language of the nation is not English,
  • 0:38 - 0:44
    there is a disclaimer and an apology, because I'm one of nature's fast talkers. When I was
  • 0:44 - 0:50
    at the United Nations at the World Intellectual Property Organization, I was known as the
  • 0:50 - 0:56
    "scourge" of the simultaneous translation corps; I would stand up and speak, and turn
  • 0:56 - 1:00
    around, and there would be window after window of translator, and every one of them would
  • 1:00 - 1:07
    be doing this [Doctorow facepalms]. [Audience laughs] So in advance, I give you permission
  • 1:07 - 1:11
    when I start talking quickly to do this [Doctorow makes SOS motion] and I will slow down.
  • 1:11 - 1:17
    So, tonight's talk -- wah, wah, waaah [Doctorow makes 'fail horn' sound, apparently
  • 1:17 - 1:22
    in response to audience making SOS motion; audience laughs]] -- tonight's talk is not
  • 1:22 - 1:29
    a copyright talk. I do copyright talks all the time; questions about culture and creativity
  • 1:29 - 1:34
    are interesting enough, but to be honest, I'm quite sick of them. If you want to hear
  • 1:34 - 1:39
    freelancer writers like me bang on about what's happening to the way we earn our living, by
  • 1:39 - 1:45
    all means, go and find one of the many talks I've done on this subject on YouTube. But,
  • 1:45 - 1:50
    tonight, I want to talk about something more important -- I want talk to talk about general
  • 1:50 - 1:53
    purpose computers.
  • 1:53 - 1:58
    Because general purpose computers are, in fact, astounding -- so astounding that our
  • 1:58 - 2:03
    society is still struggling to come to grips with them: to figure out what they're for,
  • 2:03 - 2:10
    to figure out how to accommodate them, and how to cope with them. Which, unfortunately,
  • 2:10 - 2:12
    brings me back to copyright.
  • 2:12 - 2:18
    Because the general shape of the copyright wars and the lessons they can teach
  • 2:18 - 2:23
    us about the upcoming fights over the destiny of the general purpose computer are important.
  • 2:23 - 2:30
    In the beginning, we had packaged software, and the attendant industry, and we had sneakernet.
  • 2:32 - 2:38
    So, we had floppy disks in ziplock bags, or in cardboard boxes, hung on pegs in shops,
  • 2:38 - 2:44
    and sold like candy bars and magazines. And they were eminently susceptible to duplication,
  • 2:44 - 2:50
    and so they were duplicated quickly, and widely, and this was to the great chagrin of people
  • 2:50 - 2:52
    who made and sold software.
  • 2:52 - 2:59
    Enter DRM 0.96. They started to introduce physical defects to the disks or
  • 2:59 - 3:06
    started to insist on other physical indicia which the software could check for -- dongles,
  • 3:06 - 3:11
    hidden sectors, challenge/response protocols that required that you had physical possession
  • 3:11 - 3:17
    of large, unwieldy manuals that were difficult to copy, and of course these failed, for two
  • 3:17 - 3:23
    reasons. First, they were commercially unpopular, of course, because they reduced the usefulness
  • 3:23 - 3:28
    of the software to the legitimate purchasers, while leaving the people who took the software
  • 3:28 - 3:33
    without paying for it untouched. The legitimate purchasers resented the non-functionality
  • 3:33 - 3:38
    of their backups, they hated the loss of scarce ports to the authentication dongles, and they
  • 3:38 - 3:44
    resented the inconvenience of having to transport large manuals when they wanted to run their
  • 3:44 - 3:49
    software. And second, these didn't stop pirates, who found it trivial to patch the software
  • 3:49 - 3:55
    and bypass authentication. Typically, the way that happened is some expert who had possession
  • 3:55 - 4:01
    of technology and expertise of equivalent sophistication to the software vendor itself,
  • 4:01 - 4:06
    would reverse engineer the software and release cracked versions that quickly became widely
  • 4:06 - 4:12
    circulated. While this kind of expertise and technology sounded highly specialized, it
  • 4:12 - 4:17
    really wasn't; figuring out what recalcitrant programs were doing, and routing around the
  • 4:17 - 4:23
    defects in shitty floppy disk media were both core skills for computer programmers, and
  • 4:23 - 4:27
    were even more so in the era of fragile floppy disks and the rough-and-ready early days of
  • 4:27 - 4:34
    software development. Anti-copying strategies only became more fraught as networks spread;
  • 4:34 - 4:39
    once we had BBSes, online services, USENET newsgroups, and mailing lists, the expertise
  • 4:39 - 4:43
    of people who figured out how to defeat these authentication systems could be packaged up
  • 4:43 - 4:50
    in software as little crack files, or, as the network capacity increased, the cracked
  • 4:50 - 4:53
    disk images or executables themselves could be spread on their own.
  • 4:53 - 5:00
    Which gave us DRM 1.0. By 1996, it became clear to everyone in the halls of
  • 5:00 - 5:06
    power that there was something important about to happen. We were about to have an information
  • 5:06 - 5:13
    economy, whatever the hell that was. They assumed it meant an economy where we bought
  • 5:13 - 5:20
    and sold information. Now, information technology makes things efficient, so imagine the markets
  • 5:20 - 5:25
    that an information economy would have. You could buy a book for a day, you could sell
  • 5:25 - 5:30
    the right to watch the movie for one Euro, and then you could rent out the pause button
  • 5:30 - 5:35
    at one penny per second. You could sell movies for one price in one country, and another
  • 5:35 - 5:41
    price in another, and so on, and so on; the fantasies of those days were a little like
  • 5:41 - 5:47
    a boring science fiction adaptation of the Old Testament book of Numbers, a kind of tedious
  • 5:47 - 5:52
    enumeration of every permutation of things people do with information and the ways we
  • 5:52 - 5:54
    could charge them for it.
  • 5:54 - 5:59
    But none of this would be possible unless we could control how people use their
  • 5:59 - 6:04
    computers and the files we transfer to them. After all, it was well and good to talk about
  • 6:04 - 6:10
    selling someone the 24 hour right to a video, or the right to move music onto an iPod, but
  • 6:10 - 6:15
    not the right to move music from the iPod onto another device, but how the Hell could
  • 6:15 - 6:20
    you do that once you'd given them the file? In order to do that, to make this work, you
  • 6:20 - 6:24
    needed to figure out how to stop computers from running certain programs and inspecting
  • 6:24 - 6:30
    certain files and processes. For example, you could encrypt the file, and then require
  • 6:30 - 6:34
    the user to run a program that only unlocked the file under certain circumstances.
  • 6:34 - 6:41
    But as they say on the Internet, "now you have two problems". You also, now,
  • 6:41 - 6:45
    have to stop the user from saving the file while it's in the clear, and you have to stop
  • 6:45 - 6:50
    the user from figuring out where the unlocking program stores its keys, because if the user
  • 6:50 - 6:54
    finds the keys, she'll just decrypt the file and throw away that stupid player app.
  • 6:54 - 6:58
    And now you have three problems [audience laughs], because now you have to
  • 6:58 - 7:02
    stop the users who figure out how to render the file in the clear from sharing it with
  • 7:02 - 7:07
    other users, and now you've got four! problems, because now you have to stop the users who
  • 7:07 - 7:12
    figure out how to extract secrets from unlocking programs from telling other users how to do
  • 7:12 - 7:17
    it too, and now you've got five! problems, because now you have to stop users who figure
  • 7:17 - 7:21
    out how to extract secrets from unlocking programs from telling other users what the
  • 7:21 - 7:22
    secrets were!
  • 7:22 - 7:29
    That's a lot of problems. But by 1996, we had a solution. We had the WIPO Copyright
  • 7:29 - 7:33
    Treaty, passed by the United Nations World Intellectual Property Organization, which
  • 7:33 - 7:38
    created laws that made it illegal to extract secrets from unlocking programs, and it created
  • 7:38 - 7:42
    laws that made it illegal to extract media cleartexts from the unlocking programs while
  • 7:42 - 7:47
    they were running, and it created laws that made it illegal to tell people how to extract
  • 7:47 - 7:52
    secrets from unlocking programs, and created laws that made it illegal to host copyrighted
  • 7:52 - 7:58
    works and secrets and all with a handy streamlined process that let you remove stuff from the
  • 7:58 - 8:03
    internet without having to screw around with lawyers, and judges, and all that crap. And
  • 8:03 - 8:10
    with that, illegal copying ended forever [audience laughs very hard, applauds], the information
  • 8:19 - 8:23
    economy blossomed into a beautiful flower that brought prosperity to the whole wide
  • 8:23 - 8:30
    world; as they say on the aircraft carriers, "Mission Accomplished". [audience laughs]
  • 8:30 - 8:34
    Well, of course that's not how the story ends because pretty much anyone who
  • 8:34 - 8:40
    understood computers and networks understood that while these laws would create more problems
  • 8:40 - 8:44
    than they could possibly solve; after all, these were laws that made it illegal to look
  • 8:44 - 8:49
    inside your computer when it was running certain programs, they made it illegal to tell people
  • 8:49 - 8:54
    what you found when you looked inside your computer, they made it easy to censor material
  • 8:54 - 8:58
    on the internet without having to prove that anything wrong had happened; in short, they
  • 8:58 - 9:04
    made unrealistic demands on reality and reality did not oblige them. After all, copying only
  • 9:04 - 9:09
    got easier following the passage of these laws -- copying will only ever get easier!
  • 9:09 - 9:14
    Here, 2011, this is as hard as copying will get! Your grandchildren will turn to you around
  • 9:14 - 9:18
    the Christmas table and say "Tell me again, Grandpa, tell me again, Grandma, about when
  • 9:18 - 9:24
    it was hard to copy things in 2011, when you couldn't get a drive the size of your fingernail
  • 9:24 - 9:28
    that could hold every song ever recorded, every movie ever made, every word ever spoken,
  • 9:28 - 9:32
    every picture ever taken, everything, and transfer it in such a short period of time
  • 9:32 - 9:36
    you didn't even notice it was doing it, tell us again when it was so stupidly hard to copy
  • 9:36 - 9:43
    things back in 2011". And so, reality asserted itself, and everyone had a good laugh over
  • 9:43 - 9:48
    how funny our misconceptions were when we entered the 21st century, and then a lasting
  • 9:48 - 9:53
    peace was reached with freedom and prosperity for all. [audience chuckles]
  • 9:53 - 9:58
    Well, not really. Because, like the nursery rhyme lady who swallows a spider
  • 9:58 - 10:02
    to catch a fly, and has to swallow a bird to catch the spider, and a cat to catch the
  • 10:02 - 10:09
    bird, and so on, so must a regulation that has broad general appeal but is disastrous
  • 10:09 - 10:14
    in its implementation beget a new regulation aimed at shoring up the failure of the old
  • 10:14 - 10:18
    one. Now, it's tempting to stop the story here and conclude that the problem is that
  • 10:18 - 10:23
    lawmakers are either clueless or evil, or possibly evilly clueless, and just leave it
  • 10:23 - 10:29
    there, which is not a very satisfying place to go, because it's fundamentally a council
  • 10:29 - 10:33
    of despair; it suggests that our problems cannot be solved for so long as stupidity
  • 10:33 - 10:39
    and evilness are present in the halls of power, which is to say they will never be solved.
  • 10:39 - 10:41
    But I have another theory about what's happened.
  • 10:41 - 10:46
    It's not that regulators don't understand information technology, because it should
  • 10:46 - 10:53
    be possible to be a non-expert and still make a good law! M.P.s and Congressmen and so on
  • 10:53 - 10:58
    are elected to represent districts and people, not disciplines and issues. We don't have
  • 10:58 - 11:02
    a Member of Parliament for biochemistry, and we don't have a Senator from the great state
  • 11:02 - 11:09
    of urban planning, and we don't have an M.E.P. from child welfare. (But perhaps we should.)
  • 11:09 - 11:15
    And yet those people who are experts in policy and politics, not technical disciplines, nevertheless,
  • 11:15 - 11:20
    often do manage to pass good rules that make sense, and that's because government relies
  • 11:20 - 11:25
    on heuristics -- rules of thumbs about how to balance expert input from different sides
  • 11:25 - 11:26
    of an issue.
  • 11:26 - 11:30
    But information technology confounds these heuristics -- it kicks the crap out
  • 11:30 - 11:36
    of them -- in one important way, and this is it. One important test of whether or not
  • 11:36 - 11:41
    a regulation is fit for a purpose is first, of course, whether it will work, but second
  • 11:41 - 11:45
    of all, whether or not in the course of doing its work, it will have lots of effects on
  • 11:45 - 11:52
    everything else. If I wanted Congress to write, or Parliament to write, or the E.U. to regulate
  • 11:52 - 11:57
    a wheel, it's unlikely I'd succeed. If I turned up and said "well, everyone knows that wheels
  • 11:57 - 12:02
    are good and right, but have you noticed that every single bank robber has four wheels on
  • 12:02 - 12:06
    his car when he drives away from the bank robbery? Can't we do something about this?",
  • 12:06 - 12:11
    the answer would of course be "no". Because we don't know how to make a wheel that is
  • 12:11 - 12:17
    still generally useful for legitimate wheel applications but useless to bad guys. And
  • 12:17 - 12:21
    we can all see that the general benefits of wheels are so profound that we'd be foolish
  • 12:21 - 12:26
    to risk them in a foolish errand to stop bank robberies by changing wheels. Even if there
  • 12:26 - 12:31
    were an /epidemic/ of bank robberies, even if society were on the verge of collapse thanks
  • 12:31 - 12:35
    to bank robberies, no-one would think that wheels were the right place to start solving
  • 12:35 - 12:36
    our problems.
  • 12:36 - 12:42
    But. If I were to show up in that same body to say that I had absolute proof
  • 12:42 - 12:48
    that hands-free phones were making cars dangerous, and I said, "I would like you to pass a law
  • 12:48 - 12:53
    that says it's illegal to put a hands-free phone in a car", the regulator might say "Yeah,
  • 12:53 - 12:56
    I'd take your point, we'd do that". And we might disagree about whether or not this is
  • 12:56 - 13:01
    a good idea, or whether or not my evidence made sense, but very few of us would say "well,
  • 13:01 - 13:07
    once you take the hands-free phones out of the car, they stop being cars". We understand
  • 13:07 - 13:12
    that we can keep cars cars even if we remove features from them. Cars are special purpose,
  • 13:12 - 13:17
    at least in comparison to wheels, and all that the addition of a hands-free phone does
  • 13:17 - 13:23
    is add one more feature to an already-specialized technology. In fact, there's that heuristic
  • 13:23 - 13:27
    that we can apply here -- special-purpose technologies are complex. And you can remove
  • 13:27 - 13:33
    features from them without doing fundamental disfiguring violence to their underlying utility.
  • 13:33 - 13:38
    This rule of thumb serves regulators well, by and large, but it is rendered null
  • 13:38 - 13:43
    and void by the general-purpose computer and the general-purpose network -- the PC and
  • 13:43 - 13:48
    the Internet. Because if you think of computer software as a feature, that is a computer
  • 13:48 - 13:53
    with spreadsheets running on it has a spreadsheet feature, and one that's running World of Warcraft
  • 13:53 - 13:58
    has an MMORPG feature, then this heuristic leads you to think that you could reasonably
  • 13:58 - 14:02
    say, "make me a computer that doesn't run spreadsheets", and that it would be no more
  • 14:02 - 14:07
    of an attack on computing than "make me a car without a hands-free phone" is an attack
  • 14:07 - 14:13
    on cars. And if you think of protocols and sites as features of the network, then saying
  • 14:13 - 14:19
    "fix the Internet so that it doesn't run BitTorrent", or "fix the Internet so that thepiratebay.org
  • 14:19 - 14:24
    no longer resolves", then it sounds a lot like "change the sound of busy signals", or
  • 14:24 - 14:28
    "take that pizzeria on the corner off the phone network", and not like an attack on
  • 14:28 - 14:31
    the fundamental principles of internetworking.
  • 14:31 - 14:36
    Not realizing that this rule of thumb that works for cars and for houses and
  • 14:36 - 14:41
    for every other substantial area of technological regulation fails for the Internet does not
  • 14:41 - 14:45
    make you evil and it does not make you an ignoramus. It just makes you part of that
  • 14:45 - 14:51
    vast majority of the world for whom ideas like "Turing complete" and "end-to-end" are
  • 14:51 - 14:57
    meaningless. So, our regulators go off, and they blithely pass these laws, and they become
  • 14:57 - 15:01
    part of the reality of our technological world. There are suddenly numbers that we aren't
  • 15:01 - 15:06
    allowed to write down on the Internet, programs we're not allowed to publish, and all it takes
  • 15:06 - 15:11
    to make legitimate material disappear from the Internet is to say "that? That infringes
  • 15:11 - 15:16
    copyright.". It fails to attain the actual goal of the regulation; it doesn't stop people
  • 15:16 - 15:21
    from violating copyright, but it bears a kind of superficial resemblance to copyright enforcement
  • 15:21 - 15:27
    -- it satisfies the security syllogism: "something must be done, I am doing something, something
  • 15:27 - 15:33
    has been done." And thus any failures that arise can be blamed on the idea that the regulation
  • 15:33 - 15:38
    doesn't go far enough, rather than the idea that it was flawed from the outset.
  • 15:38 - 15:42
    This kind of superficial resemblance and underlying divergence happens in other
  • 15:42 - 15:47
    engineering contexts. I've a friend who was once a senior executive at a big consumer
  • 15:47 - 15:51
    packaged goods company who told me about what happened when the marketing department told
  • 15:51 - 15:55
    the engineers that they'd thought up a great idea for detergent: from now on, they were
  • 15:55 - 16:00
    going to make detergent that made your clothes newer every time you washed them! Well after
  • 16:00 - 16:05
    the engineers had tried unsuccessfully to convey the concept of "entropy" to the marketing
  • 16:05 - 16:10
    department [audience laughs], they arrived at another solution -- "solution" -- they'd
  • 16:10 - 16:16
    develop a detergent that used enzymes that attacked loose fiber ends, the kind that you
  • 16:16 - 16:20
    get with broken fibers that make your clothes look old. So every time you washed your clothes
  • 16:20 - 16:25
    in the detergent, they would look newer. But that was because the detergent was literally
  • 16:25 - 16:31
    digesting your clothes! Using it would literally cause your clothes to dissolve in the washing
  • 16:31 - 16:37
    machine! This was the opposite of making clothes newer; instead, you were artificially aging
  • 16:37 - 16:43
    your clothes every time you washed them, and as the user, the more you deployed the "solution",
  • 16:43 - 16:47
    the more drastic your measures had to be to keep your clothes up to date -- you actually
  • 16:47 - 16:51
    had to go buy new clothes because the old ones fell apart.
  • 16:51 - 16:55
    So today we have marketing departments who say things like "we don't need computers,
  • 16:55 - 17:01
    we need... appliances. Make me a computer that doesn't run every program, just a program
  • 17:01 - 17:06
    that does this specialized task, like streaming audio, or routing packets, or playing Xbox
  • 17:06 - 17:10
    games, and make sure it doesn't run programs that I haven't authorized that might undermine
  • 17:10 - 17:16
    our profits". And on the surface, this seems like a reasonable idea -- just a program that
  • 17:16 - 17:23
    does one specialized task -- after all, we can put an electric motor in a blender, and
  • 17:23 - 17:27
    we can install a motor in a dishwasher, and we don't worry if it's still possible to run
  • 17:27 - 17:33
    a dishwashing program in a blender. But that's not what we do when we turn a computer into
  • 17:33 - 17:38
    an appliance. We're not making a computer that runs only the "appliance" app; we're
  • 17:38 - 17:44
    making a computer that can run every program, but which uses some combination of rootkits,
  • 17:44 - 17:48
    spyware, and code-signing to prevent the user from knowing which processes are running,
  • 17:48 - 17:53
    from installing her own software, and from terminating processes that she doesn't want.
  • 17:53 - 17:59
    In other words, an appliance is not a stripped-down computer -- it is a fully functional computer
  • 17:59 - 18:02
    with spyware on it out of the box.
  • 18:02 - 18:09
    [audience applauds loudly] Thanks.
  • 18:09 - 18:14
    Because we don't know how to build the general purpose computer that is capable
  • 18:14 - 18:19
    of running any program we can compile except for some program that we don't like, or that
  • 18:19 - 18:24
    we prohibit by law, or that loses us money. The closest approximation that we have to
  • 18:24 - 18:29
    this is a computer with spyware -- a computer on which remote parties set policies without
  • 18:29 - 18:34
    the computer user's knowledge, over the objection of the computer's owner. And so it is that
  • 18:34 - 18:37
    digital rights management always converges on malware.
  • 18:37 - 18:41
    There was, of course, this famous incident, a kind of gift to people who have
  • 18:41 - 18:47
    this hypothesis, in which Sony loaded covert rootkit installers on 6 million audio CDs,
  • 18:47 - 18:52
    which secretly executed programs that watched for attempts to read the sound files on CDs,
  • 18:52 - 18:56
    and terminated them, and which also hid the rootkit's existence by causing the kernel
  • 18:56 - 19:01
    to lie about which processes were running, and which files were present on the drive.
  • 19:01 - 19:06
    But it's not the only example; just recently, Nintendo shipped the 3DS, which opportunistically
  • 19:06 - 19:10
    updates its firmware, and does an integrity check to make sure that you haven't altered
  • 19:10 - 19:15
    the old firmware in any way, and if it detects signs of tampering, it bricks itself.
  • 19:15 - 19:20
    Human rights activists have raised alarms over U-EFI, the new PC bootloader,
  • 19:20 - 19:25
    which restricts your computer so it runs signed operating systems, noting that repressive
  • 19:25 - 19:30
    governments will likely withhold signatures from OSes unless they have covert surveillance
  • 19:30 - 19:31
    operations.
  • 19:31 - 19:35
    And on the network side, attempts to make a network that can't be used for copyright
  • 19:35 - 19:41
    infringement always converges with the surveillance measures that we know from repressive governments.
  • 19:41 - 19:48
    So, SOPA, the U.S. Stop Online Piracy Act, bans tools like DNSSec because they can be
  • 19:48 - 19:53
    used to defeat DNS blocking measures. And it blocks tools like Tor, because they can
  • 19:53 - 19:58
    be used to circumvent IP blocking measures. In fact, the proponents of SOPA, the Motion
  • 19:58 - 20:03
    Picture Association of America, circulated a memo, citing research that SOPA would probably
  • 20:03 - 20:09
    work, because it uses the same measures as are used in Syria, China, and Uzbekistan,
  • 20:09 - 20:12
    and they argued that these measures are effective in those countries, and so they would work
  • 20:12 - 20:14
    in America, too!
  • 20:14 - 20:20
    [audience laughs and applauds] Don't applaud me, applaud the MPAA!
  • 20:20 - 20:26
    Now, it may seem like SOPA is the end game in a long fight over copyright, and
  • 20:26 - 20:31
    the internet, and it may seem like if we defeat SOPA, we'll be well on our way to securing
  • 20:31 - 20:36
    the freedom of PCs and networks. But as I said at the beginning of this talk, this isn't
  • 20:36 - 20:43
    about copyright, because the copyright wars are just the 0.9 beta version of the long
  • 20:43 - 20:47
    coming war on computation. The entertainment industry were just the first belligerents
  • 20:47 - 20:52
    in this coming century-long conflict. We tend to think of them as particularly successful
  • 20:52 - 20:59
    -- after all, here is SOPA, trembling on the verge of passage, and breaking the internet
  • 20:59 - 21:05
    on this fundamental level in the name of preserving Top 40 music, reality TV shows, and Ashton
  • 21:05 - 21:07
    Kutcher movies! [laughs, scattered applause]
  • 21:07 - 21:13
    But the reality is, copyright legislation gets as far as it does precisely because it's
  • 21:13 - 21:19
    not taken seriously, which is why on one hand, Canada has had Parliament after Parliament
  • 21:19 - 21:24
    introduce one stupid copyright bill after another, but on the other hand, Parliament
  • 21:24 - 21:30
    after Parliament has failed to actually vote on the bill. It's why we got SOPA, a bill
  • 21:30 - 21:37
    composed of pure stupid, pieced together molecule-by-molecule, into a kind of "Stupidite 250", which is normally
  • 21:38 - 21:44
    only found in the heart of newborn star, and it's why these rushed-through SOPA hearings
  • 21:44 - 21:49
    had to be adjourned midway through the Christmas break, so that lawmakers could get into a
  • 21:49 - 21:55
    real vicious nationally-infamous debate over an important issue, unemployment insurance.
  • 21:55 - 22:02
    It's why the World Intellectual Property Organization is gulled time and again into enacting crazed,
  • 22:02 - 22:07
    pig-ignorant copyright proposals because when the nations of the world send their U.N. missions
  • 22:07 - 22:13
    to Geneva, they send water experts, not copyright experts; they send health experts, not copyright
  • 22:13 - 22:18
    experts; they send agriculture experts, not copyright experts, because copyright is just
  • 22:18 - 22:25
    not important to pretty much everyone! [applause]
  • 22:27 - 22:34
    Canada's Parliament didn't vote on its copyright bills because, of all the
  • 22:34 - 22:40
    things that Canada needs to do, fixing copyright ranks well below health emergencies on first
  • 22:40 - 22:45
    nations reservations, exploiting the oil patch in Alberta, interceding in sectarian resentments
  • 22:45 - 22:50
    among French- and English-speakers, solving resources crises in the nation's fisheries,
  • 22:50 - 22:55
    and thousand other issues! The triviality of copyright tells you that when other sectors
  • 22:55 - 23:01
    of the economy start to evince concerns about the internet and the PC, that copyright will
  • 23:01 - 23:07
    be revealed for a minor skirmish, and not a war. Why would other sectors nurse grudges
  • 23:07 - 23:12
    against computers? Well, because the world we live in today is /made/ of computers. We
  • 23:12 - 23:16
    don't have cars anymore, we have computers we ride in; we don't have airplanes anymore,
  • 23:16 - 23:23
    we have flying Solaris boxes with a big bucketful of SCADA controllers [laughter]; a 3D printer
  • 23:24 - 23:30
    is not a device, it's a peripheral, and it only works connected to a computer; a radio
  • 23:30 - 23:36
    is no longer a crystal, it's a general-purpose computer with a fast ADC and a fast DAC and
  • 23:36 - 23:37
    some software.
  • 23:37 - 23:43
    The grievances that arose from unauthorized copying are trivial, when compared
  • 23:43 - 23:49
    to the calls for action that our new computer-embroidered reality will create. Think of radio for a
  • 23:49 - 23:54
    minute. The entire basis for radio regulation up until today was based on the idea that
  • 23:54 - 23:59
    the properties of a radio are fixed at the time of manufacture, and can't be easily altered.
  • 23:59 - 24:03
    You can't just flip a switch on your baby monitor, and turn it into something that interferes
  • 24:03 - 24:09
    with air traffic control signals. But powerful software-defined radios can change from baby
  • 24:09 - 24:14
    monitor to emergency services dispatcher to air traffic controller just by loading and
  • 24:14 - 24:19
    executing different software, which is why the first time the American telecoms regulator
  • 24:19 - 24:24
    (the FCC) considered what would happen when we put SDRs in the field, they asked for comment
  • 24:24 - 24:29
    on whether it should mandate that all software-defined radios should be embedded in trusted computing
  • 24:29 - 24:35
    machines. Ultimately, whether every PC should be locked, so that the programs they run are
  • 24:35 - 24:37
    strictly regulated by central authorities.
  • 24:37 - 24:42
    And even this is a shadow of what is to come. After all, this was the year in
  • 24:42 - 24:48
    which we saw the debut of open sourced shape files for converting AR-15s to full automatic.
  • 24:48 - 24:54
    This was the year of crowd-funded open-sourced hardware for gene sequencing. And while 3D
  • 24:54 - 24:58
    printing will give rise to plenty of trivial complaints, there will be judges in the American
  • 24:58 - 25:03
    South and Mullahs in Iran who will lose their minds over people in their jurisdiction printing
  • 25:03 - 25:10
    out sex toys. [guffaw from audience] The trajectory of 3D printing will most certainly raise real
  • 25:10 - 25:13
    grievances, from solid state meth labs, to ceramic knives.
  • 25:13 - 25:18
    And it doesn't take a science fiction writer to understand why regulators might
  • 25:18 - 25:24
    be nervous about the user-modifiable firmware on self-driving cars, or limiting interoperability
  • 25:24 - 25:29
    for aviation controllers, or the kind of thing you could do with bio-scale assemblers and
  • 25:29 - 25:34
    sequencers. Imagine what will happen the day that Monsanto determines that it's really...
  • 25:34 - 25:39
    really... important to make sure that computers can't execute programs that cause specialized
  • 25:39 - 25:45
    peripherals to output organisms that eat their lunch... literally. Regardless of whether
  • 25:45 - 25:50
    you think these are real problems or merely hysterical fears, they are nevertheless the
  • 25:50 - 25:54
    province of lobbies and interest groups that are far more influential than Hollywood and
  • 25:54 - 26:00
    big content are on their best days, and every one of them will arrive at the same place
  • 26:00 - 26:05
    -- "can't you just make us a general purpose computer that runs all the programs, except
  • 26:05 - 26:10
    the ones that scare and anger us? Can't you just make us an Internet that transmits any
  • 26:10 - 26:15
    message over any protocol between any two points, unless it upsets us?"
  • 26:15 - 26:19
    And personally, I can see that there will be programs that run on general
  • 26:19 - 26:24
    purpose computers and peripherals that will even freak me out. So I can believe that people
  • 26:24 - 26:28
    who advocate for limiting general purpose computers will find receptive audience for
  • 26:28 - 26:34
    their positions. But just as we saw with the copyright wars, banning certain instructions,
  • 26:34 - 26:39
    or protocols, or messages, will be wholly ineffective as a means of prevention and remedy;
  • 26:39 - 26:46
    and as we saw in the copyright wars, all attempts at controlling PCs will converge on rootkits;
  • 26:46 - 26:51
    all attempts at controlling the Internet will converge on surveillance and censorship, which
  • 26:51 - 26:57
    is why all this stuff matters. Because we've spent the last 10+ years as a body sending
  • 26:57 - 27:02
    our best players out to fight what we thought was the final boss at the end of the game,
  • 27:02 - 27:06
    but it turns out it's just been the mini-boss at the end of the level, and the stakes are
  • 27:06 - 27:07
    only going to get higher.
  • 27:07 - 27:12
    As a member of the Walkman generation, I have made peace with the fact that I will
  • 27:12 - 27:17
    require a hearing aid long before I die, and of course, it won't be a hearing aid, it will
  • 27:17 - 27:22
    be a computer I put in my body. So when I get into a car -- a computer I put my body
  • 27:22 - 27:28
    into -- with my hearing aid -- a computer I put inside my body -- I want to know that
  • 27:28 - 27:32
    these technologies are not designed to keep secrets from me, and to prevent me from terminating
  • 27:32 - 27:39
    processes on them that work against my interests. [vigorous applause from audience] Thank you
  • 27:40 - 27:48
    [applause continues]
  • 27:48 - 27:52
    Thank you. So, last year, the Lower Merion School District,
  • 27:52 - 27:55
    in a middle-class, affluent suburb of Philadelphia,
  • 27:55 - 27:57
    found itself in a great deal of trouble,
  • 27:57 - 28:01
    because it was caught distributing PCs to its students, equipped with rootkits
  • 28:01 - 28:06
    that allowed for remote covert surveillance through the computer's camera and network connection.
  • 28:06 - 28:10
    It transpired that they had been photographing students thousands of times,
  • 28:10 - 28:14
    at home and at school, awake and asleep, dressed and naked.
  • 28:14 - 28:18
    Meanwhile, the latest generation of lawful intercept technology
  • 28:18 - 28:24
    can covertly operate cameras, mics, and GPSes on PCs, tablets, and mobile devices.
  • 28:24 - 28:30
    Freedom in the future will require us to have the capacity to monitor our devices
  • 28:30 - 28:36
    and set meaningful policy on them, to examine and terminate the processes that run on them,
  • 28:36 - 28:40
    to maintain them as honest servants to our will,
  • 28:40 - 28:45
    and not as traitors and spies working for criminals, thugs, and control freaks.
  • 28:45 - 28:49
    And we haven't lost yet, but we have to win the copyright wars
  • 28:49 - 28:51
    to keep the Internet and the PC free and open.
  • 28:51 - 28:58
    Because these are themateriel in the wars that are to come, we won't be able to fight on without them.
  • 28:58 - 29:04
    And I know this sounds like a counsel of despair, but as I said, these are early days.
  • 29:04 - 29:08
    We have been fighting the mini-boss, and that means that great challenges are yet to come,
  • 29:08 - 29:14
    but like all good level designers, fate has sent us a soft target to train ourselves on.
  • 29:15 - 29:20
    We have a chance, a real chance, and if we support open and free systems,
  • 29:20 - 29:29
    and the organizations that fight for them -- EFF, Bits of Freedom , EDRI, ORG, CC, Netzpolitik,
  • 29:29 - 29:33
    La Quadrature du Net, and all the others, who are thankfully, too numerous to name here
  • 29:33 - 29:38
    -- we may yet win the battle, and secure the ammunition we'll need for the war.
  • 29:38 - 29:39
    Thank you.
  • 29:39 - 30:12
    [Sustained applause]
  • 30:12 - 30:16
    [Doctorow] So, either questions or long, rambling statements followed by "What do you think of that?"
  • 30:17 - 30:19
    [laughter]
  • 30:19 - 30:20
    [Doctorw] Yes. Any questions?
  • 30:21 - 30:26
    [Organizer (?)] If you have questions, can you go to the microphones that are in the aisles, here
  • 30:27 - 30:34
    and just ask away. If you form a neat, orderly line, we'll go, you know, left-right left-right
  • 30:38 - 30:41
    [Question] So if you game this out all the way to the end
  • 30:42 - 30:49
    You end up with a situation where either the censorship people have to
  • 30:49 - 30:57
    outlaw von Neumann and Herbert's architectures and replace them with something that's not a universal Turing machine,
  • 30:59 - 31:04
    or they lose, full stop. I mean, and there is a big spectrum in between the two.
  • 31:04 - 31:07
    don't let me distract from that. I mean, you know.
  • 31:07 - 31:11
    I'm talking about the very last bastion line of freedom, there.
  • 31:12 - 31:16
    Do you think a bunch of assholes that don't even understand how DNS works
  • 31:16 - 31:21
    are going to be willing to shoot themselves in the - head that hard?
  • 31:21 - 31:27
    [Doctorow] I guess my answer is that the fact that there's no
  • 31:27 - 31:31
    such thing as witchcraft, didn't stop them from burning a lot of witches, right? So...
  • 31:31 - 31:33
    [Laughter, applause]
  • 31:33 - 31:39
    By the same token, I think the ineffectiveness of the remedy is actually even worse for us, right?
  • 31:39 - 31:44
    Because this is like the five year plan that produces no wheat,
  • 31:44 - 31:50
    that yields an even more drastic five year plan that also produces no corn, right?
  • 31:50 - 31:54
    I mean, this will make them angrier, and cause them
  • 31:54 - 31:57
    to expand the scope of the regulation, you know.
  • 31:57 - 32:00
    "The beatings will continue until morale improves" as the T-shirt goes, right?
  • 32:00 - 32:03
    That's actually my worry.
  • 32:03 - 32:08
    I think that if they saw some success, they might actually back off.
  • 32:08 - 32:11
    The fact that this will be a dismo failure over and over and over again,
  • 32:11 - 32:15
    the fact that terrorist will continue to communicate terrorist messages
  • 32:15 - 32:18
    and child pornographers will continue to communicate child pornographic messages
  • 32:18 - 32:22
    and so on, will just make them try harder at ineffective remedies
  • 32:22 - 32:25
    [interlocutor] yeah, i mean a specialized Touring machine on an Asic[?]
  • 32:25 - 32:28
    is actually really,really hard, 'cause you have to make one
  • 32:28 - 32:30
    for every application,and that sucks...
  • 32:30 - 32:34
    [Doctorow] Yeah, so again, I don't think they are going to ban general purpose computers.
  • 32:34 - 32:36
    I think what they're going to do
  • 32:36 - 32:39
    is they're going to say "We want more spyware in computers",
  • 32:39 - 32:42
    "we want more U-EFI",we want... and not just like U-EFI that
  • 32:42 - 32:45
    helps you detect spyware,but U-EFI where the signings
  • 32:45 - 32:48
    are controlled by third parties,you don't have an easy owner override
  • 32:48 - 32:49
    and all the rest of it.
  • 32:49 - 32:52
    I think that that's going to be the trajectory of this stuff.
  • 32:52 - 32:57
    Not "gosh, you know, that stupid policy that we pursued
  • 32:57 - 33:00
    at great expense for 10 years was a complete failure.
  • 33:00 - 33:03
    We should admit it and move on". I think that the answer is going to be
  • 33:03 - 33:06
    "Oh my God, you know, look at what idiots we look like...
  • 33:06 - 33:09
    we can't possibly admit defeat." You know, see the war on drugs.
  • 33:09 - 33:16
    [laughs and claps]
  • 33:16 - 33:19
    I'll answer you in a second 'cause there's someone already ready for a question.
  • 33:19 - 33:27
    [Conductor] We'll take… We actually got quite a bit of time. here. So, next question.
  • 33:29 - 33:38
    [Question] Regarding the recent initiative by a big software company
  • 33:38 - 33:46
    to promote secure boot on U-EFI, do you think that personal computers
  • 33:46 - 33:59
    will arrive like the situation in the… like the Playstation platforms soon?
  • 33:59 - 34:09
    And what do you think that we'll have some means to counterattack or to…
  • 34:09 - 34:12
    [Doctorow] Yeah, so the question is really "Is U-EFI going to be a means
  • 34:12 - 34:15
    of freezing out alternative operating systems
  • 34:15 - 34:22
    on the desktop. And I kinda feel like, kind of technocratic, well educated, western, northern...
  • 34:22 - 34:27
    middle class people are gonna be able to figure how to get around this stuff
  • 34:27 - 34:32
    what i am more concerned about not least because I think organizations like the FTC
  • 34:32 - 34:35
    will probably eject pretty strenuously unless there is
  • 34:35 - 34:39
    you know you can take a lid off and press a little red button to reset
  • 34:39 - 34:41
    which is what they are talking aboout now
  • 34:41 - 34:45
Title:
28c3: The coming war on general computation
Description:

Download hiqh quality version: http://bit.ly/sTTFyt
Description: http://events.ccc.de/congress/2011/Fahrplan/events/4848.en.html

Cory Doctorow: The coming war on general computation
The copyright war was just the beginning

The last 20 years of Internet policy have been dominated by the copyright war, but the war turns out only to have been a skirmish. The coming century will be dominated by war against the general purpose computer, and the stakes are the freedom, fortune and privacy of the entire human race.

The problem is twofold: first, there is no known general-purpose computer that can execute all the programs we can think of except the naughty ones; second, general-purpose computers have replaced every other device in our world. There are no airplanes, only computers that fly. There are no cars, only computers we sit in. There are no hearing aids, only computers we put in our ears. There are no 3D printers, only computers that drive peripherals. There are no radios, only computers with fast ADCs and DACs and phased-array antennas. Consequently anything you do to "secure" anything with a computer in it ends up undermining the capabilities and security of every other corner of modern human society.

And general purpose computers can cause harm -- whether it's printing out AR15 components, causing mid-air collisions, or snarling traffic. So the number of parties with legitimate grievances against computers are going to continue to multiply, as will the cries to regulate PCs.

The primary regulatory impulse is to use combinations of code-signing and other "trust" mechanisms to create computers that run programs that users can't inspect or terminate, that run without users' consent or knowledge, and that run even when users don't want them to.

The upshot: a world of ubiquitous malware, where everything we do to make things better only makes it worse, where the tools of liberation become tools of oppression.

Our duty and challenge is to devise systems for mitigating the harm of general purpose computing without recourse to spyware, first to keep ourselves safe, and second to keep computers safe from the regulatory impulse.

more » « less
Video Language:
English
Duration:
54:35

English subtitles

Incomplete

Revisions