Harley Hahn's
Internet Insecurity

Chapter 1...

Toward a Grand Unified Theory

The Roots of the Internet

The INTERNET is a large, global system that allows us to connect computer networks. The roots of the Internet stretch back to 1968. In that year, the U.S. Department of Defense funded a project to connect computers over a long distance, in order for researchers to be able to use computers at remote locations. At the time, the funding came from a program called ARPA (Advanced Research Projects Agency), so the first experimental network was called the ARPANET, and it was the Arpanet that evolved into the Internet.

On November 21, 1969, the first two computers were connected: one at UCLA in Los Angeles, the other at Stanford Research Institute in Menlo Park, California. On December 5, 1969, the Arpanet was officially established by connecting these two computers to two other computers, one at U.C. Santa Barbara, the other at the University of Utah. (So, if you would like to celebrate the birthday of the Internet, you can do so on December 5.)

During the 1970s and 1980s, the Arpanet was expanded to include many other universities, research companies and government offices (including the military). Eventually, non-research institutions were allowed to join and the name was changed to the Internet.

In the early 1980s, PCs (personal computers) became available and, within a few years, the technology to connect them into networks was developed. Throughout the 1980s and 1990s, more and more networks of PCs were created, and eventually, those networks were connected to the Internet.

In the olden days (before 1995), a company that wanted to connect LANs from distant offices would have had to arrange their own connections. This would require leasing special telecommunication lines, and involve a lot of expense, equipment, technical expertise and administration. Now, all the company has to do is create their own local networks and connect them to the Internet.

Jump to top of page

The Internet is Now "The Net"

At first, the Internet was seen primarily as a way to connect networks around the world into one large super-network. (The original motivation for the Internet, as I mentioned, was to allow researchers to use remote computers.) However, since the mid-1990s, hundreds of millions of people have been connecting their personal computers to the Internet, and an amazing thing has happened: we have found that when a huge number of people and computers are connected into one large network, something is created that is much more powerful — and much more wonderful — than anyone ever anticipated.

To understand why, we must stop looking at the Internet as a very large network. Instead, we must view it as a complex system in which hundreds of millions of computers and people have the potential to interact, and where a massive amount of information is available for free.

The power of networks comes from being able to connect two or more LANs to form a larger network. Once you do, all the computers and all the people on all the networks can talk to each other. In other words, they can communicate and share information.

Think of the Internet as a large organism, made up of many different cells, the cells being the computers and the people who use those computers. Now, let's compare a biological organism, for example, you, to the Internet.

There are more than 75,000,000,000,000 (75 trillion) cells in your body, and they are so complex that even biologists don't understand much of what happens inside them. The Internet consists of, perhaps, hundreds of millions of cells (about 1/300,000th the number of cells in your body). There are two basic types of Internet cells: computers and people. Compared to biological cells, Internet cells operate in a relatively simple way (from the point of view of the Internet). Thus, we can expect the Internet, considered as a single large organism, to be a lot simpler than your body — and it is.

However, this doesn't mean we really understand the Internet. After all, we are biological organisms and we have studied ourselves for many years.

Before we move on, I want to introduce two important terms. For some years, it has been common to refer to the Internet as THE NET, and in this book, I will use the two terms as synonyms. When we refer to services that are available on the Net, we often describe them as being ONLINE. For example, in Chapter 13, we are going to talk about online auctions.

I like the idea of "the Net" because it makes me think of something large and mysterious, and that's how I want you to think of it: as a large, mysterious growing organism that is more powerful and important than we can even imagine.

Jump to top of page

Is Big Brother Really Watching?

Have you read George Orwell's novel 1984? It is the tale of a society in which people are controlled and spied upon by an all-powerful, totalitarian government.

In the book, the leader of the government is referred to as Big Brother, and described as being "infallible and all-powerful". Throughout the city, there are many posters with a picture of Big Brother and the caption "Big Brother is Watching You". This is to remind the citizenry that, no matter where they go, no matter what they do, the government is watching.

The image is a compelling one, and since 1949, when Orwell's book was published, the idea of Big Brother watching us has been a metaphor for a society in which privacy has vanished. So to ask the question, "Is Big Brother really watching?" is to ask whether or not we are being spied upon by an outside agency such as a government organization or a company, or even by various malevolent people. The question is especially important in that today's technology is advanced enough to make such spying feasible and silent.

So, when we use the Internet, is Big Brother really watching? The answer is mixed. We certainly don't have a society, like the one in 1984, in which we are spied upon continuously. However, there is a lot more going on than most people realize, and even many casual Internet users are aware that a great many companies with Web sites are in the business of gathering information about the people who visit those sites. There is no doubt that privacy is an important issue to many of us and, there is also no doubt that many government organizations and companies are ready and willing to invade our privacy to forward their own ends.

So what keeps them from doing so? Not the technology, which is already up to the job. (I'll give you a few examples in a moment.) What keeps the government and corporations out of our electronic lives is the sense that we want privacy and that any organization that steps too far is going to face public outrage.

Jump to top of page

Carnivore is an Omnivore

Law enforcement agencies around the world have been, for some time, grappling with the problem of how to deal with criminals who use the Internet to communicate. In the United States, the FBI (Federal Bureau of Investigation) has developed a tool named Carnivore that is used to spy on people. Carnivore is a box that can be attached to a computer through which electronic communications are passing. Typically, the FBI would attach a Carnivore box to an ISP's computer in order to monitor that ISP's customers.

(Your ISP — Internet Service Provider — is the company that connects your computer to the Internet. The largest ISP in the world is AOL, but there are many, many others, ranging from very large companies to small, privately run businesses.)

The FBI developed Carnivore for themselves, because the commercially available Internet monitoring devices (called "sniffers") were not good enough. Carnivore was created for one reason and one reason only: to provide the FBI with an easy way to monitor Internet communications. Although Carnivore is mostly aimed at monitoring email, the device can track everything, including how people use the Web and what they say in a chat room or discussion forum.

If you are concerned at the thought of someone — even an authorized government agent — having the capability of legally monitoring Internet communications, you are in good company. In the United States, free speech is guaranteed by the Constitution, and the right to privacy, although not mandated by the Constitution, is a generally accepted fact of life supported by a long history of case law and legal precedent.

To me, the chief concern is the possibility of abuse in the name of government. The FBI addresses such concerns in two ways. First, spin. After Carnivore began to generate a huge amount of controversy, the FBI rechristened the device. Starting in February 2001, the FBI began to refer to Carnivore by the more benign sounding name of DCS1000 ("Digital Collection System").

Second, in the tradition of all law enforcement authorities who must explain to civilians why the means justify the ends, the FBI trots out the age-old story of good vs. evil. We, the good guys, (the FBI says) are in a never-ending battle against the bad guys (the criminals). The bad guys don't follow the rules and for the good of society, you must not restrict us if you want us to be effective fighting evil on your behalf. The bad guys are very, very evil and dishonest, and are doing their best to steal, cheat and corrupt society. We, on the other hand, are here to protect you. You can trust us.

Jump to top of page

What the FBI Assistant Director Has to Say

July 24, 2000, FBI Assistant Director Donald M. Kerr testified before Congress about Carnivore. Kerr begins by describing the threat:

"Criminals use computers to send child pornography to each other using anonymous, encrypted communications; hackers break into financial service companies' systems and steal customer home addresses and credit card information; criminals use the Internet's inexpensive and easy communications to commit large-scale fraud on victims all over the world; and terrorist bombers plan their strikes using the Internet."

Certainly there is some kernel of truth in these statements, but still, they are highly exaggerated. Read, for example, the following statement from later testimony given by Mr. Kerr. In answer to the question "Why does the FBI need a system like Carnivore?" he asserts,

"By now, it has become common knowledge that terrorists, spies, hackers, and dangerous criminals are increasingly using computers and computer networks, including the Internet, to carry out their heinous acts. In response to their serious threats to our Nation, to the safety of the American people, to the security of our communications infrastructure, and to the important commercial and private potentialities of a safe, secure, and vibrant Internet, the FBI has responded by concentrating its efforts, including its technological efforts and resources, to fight a broad array of Cyber-crimes."

Let's take another look at that first sentence:

"...it has become common knowledge that terrorists, spies, hackers, and dangerous criminals are increasingly using computers and computer networks, including the Internet, to carry out their heinous acts..."

Is it just my imagination or does this sound like a sheriff in the Old West, explaining why he is getting together a posse to go after a gang of incorrigible bank robbers?

If you are the type of person who worries about well-meaning government agencies running amok, you might be starting to become concerned. I am. In my experience with law enforcement officers, I have found that they always mean well. However, they are often ignorant of basic facts (I'll tell you a story about that later), and they have a particularly slanted view of humanity. To many officials, the checks and balances we use to protect our freedoms simply get in the way of effective law enforcement.

Should we worry about Carnivore? The FBI says no. According to Donald Kerr (again testifying before Congress), "There are a number of reasons why the public should have confidence in the FBI's lawful use of Carnivore." These reasons can be summarized as follows.

First, Congress has created legal protection for electronic communication, and the FBI (and presumably other government agencies) must follow the rules. Second, all electronic surveillance requires some type of court order. In order to get such an order, the FBI has to meet specific criteria. Third, the laws are such that the FBI can only use Carnivore to gather "hard evidence". They cannot "snoop".

What happens when the FBI manages to get such a court order allowing them to spy on a particular user? They serve it on the user's ISP and, with the help of the ISP's technical staff, install Carnivore.

All of this takes time and requires the FBI to jump through various legal and procedural hoops. However, as Kerr points out: "Of course, there are 'emergency' provisions whereby surveillance is permitted to proceed immediately, when high-level Department of Justice authorization is obtained, so long as a court order is filed within 48 hours."

Jump to top of page

When Internet Law Enforcement Runs Amok

The FBI is not the only government organization in the world that covertly monitors Internet communications. In fact, when it comes to monitoring people and organizations, the United States National Security Agency (NSA) makes the FBI look like amateurs. I have talked about Carnivore in detail to show you that the government has developed, and uses, sophisticated devices that allow them to eavesdrop on everything we do on the Net without our knowing it. And when we ask "How are we protected against abuse?" the answer comes back, "You are protected because we have to follow the rules. Moreover, you can trust us."

Tell that to a friend of mine. He has his own domain name — let's call it something.com — that he uses for email and a Web site. One day his house was visited by two U.S. Customs officers. My friend was away from the house at the time so they left a message. Later they called him on the phone. "We want to meet with you," they said, but they refused to say why. "If we come over to your house, will you be there?" My friend was suspicious so he said he would meet them, but only at his lawyer's office. The Customs officers agreed but they weren't happy about it.

A couple of hours later, at the lawyer's office, my friend found out what was happening. Evidently, Customs officers had been monitoring a child pornography discussion group, and a suspect on the other side of the country (a person who had, actually, not even broken a law) had sent a message with a forged address in the form name@something.com. In other words, some guy made up a fake email address that used the domain owned by my friend. (As a matter of fact, if you think about it, wouldn't you expect the type of person who deals in child pornography to use a fake email address?)

The Customs officers, not understanding this, looked up the ownership of the domain something.com, which happened to be owned by my friend, and found his street address. Since it was on the other side of the country, they contacted Customs officers in that area, and asked them to investigate. These officers, as I have related, dutifully went to my friend's house and, later, met him at his lawyer's office.

Here's the scary thing. My friend had nothing to do with any of this. All that had happened is that someone had posted a message with a fake email address that used my friend's domain. However, the Customs officers, when they went to his house, had a computer expert with them in their car, and they were prepared to come in, hook up their own equipment to my friend's computers, search them thoroughly, and, if they felt justified, confiscate his equipment — all because someone on the other side of the country had posted a fake email address that used my friend's domain.

In this case, the story does have a happy ending. My friend insisted the officers meet him at his lawyer's office, and the lawyer protected my friend. He made sure the officers understood their mistake and, before they left, they apologized for the trouble. In fact, during the conversation, it became clear that the officers understood next to nothing about the Internet.

What scares me is that, even though my friend did nothing wrong, official government agents, who didn't understand what they were doing, were prepared to accuse him of being a child pornographer and violate the privacy of his computer systems (not to mention ruin his reputation in the neighborhood). During this whole experience, the Customs agents were following all the proper rules and procedures, but that didn't help my friend. Fortunately, he had a smart lawyer.

But how many people do you know who can afford to pay a lawyer to protect them when the Feds knock on their door accusing them falsely of a crime that didn't really happen, because they monitored something on the Internet and didn't understand what they were monitoring? Can you?

Don't get me wrong. I'm not saying that no one in the government understands the Net, or that law enforcement officials have poor judgment. To the contrary, some of the most knowledgeable Internet people I know are in law enforcement, and I respect them enormously. They really are the good guys.

However, we do need to realize that, for some time, the government has had the tools and the inclination to monitor what we do on the Net. In non-democratic countries, monitoring Internet communications is the norm. Although we live in a democratic country, we must recognize how dependent we have become upon the Internet. We need to be aware of how the government has mastered the art of eavesdropping on the Net, and we need to hold the government accountable for its actions. Moreover, this is not an issue that is ever going to go away. When it comes to the Net, the price of freedom will always be eternal vigilance. We must insist that every government department that snoops on our communications be required to tell us what they are doing — without the double-talk and without the scare stories — and be accountable to the public.

Jump to top of page

What Superintendent Babin Has to Say

The Internet has grown enormously in just a few years, and the technology has created significant problems for law enforcement officers. To understand some of these problems and put them in perspective, I talked to Len Babin, a Senior Superintendent in the RCMP. The RCMP (Royal Canadian Mounted Police) is Canada's national police force, in many ways similar to the American FBI. Superintendent Babin is a high-ranking officer who is a long-time expert in crime, computers and the Internet. In the following statement, Babin explains some of the problems modern law officers face.

"The Internet is not defined geopolitically — it is supra-national. To a modern policeman, the criminal element now consists of more than just local criminals. Potentially, one might have to worry about criminals anywhere in the world. This is a brand new situation for law enforcement agencies. Never before have they had to understand and interpret distant actions in order to stay on top of crime in their local jurisdiction.

"Courts and legal systems are limited in their powers and, even now, the Internet is pushing the boundaries. Countries are making agreements about how existing laws are to be applied to Internet activities and, eventually, you may see such cooperation pushed to the level of a world court.

"Society defines everything police can do, right down to what they wear when they go to work."

"It is important to remember that police officers are the agents of society. They are not autonomous, nor are they there by their own volition. Society defines everything police can do, right down to what they wear when they go to work.

"Society has made laws to protect personal communications, but there are also laws to make it possible for officers to eavesdrop on these communications when necessary.

"A police officer is called upon to be the expert witness of the state. As such, the world of law enforcement is full of laws, rules and procedures designed to help a police officer succeed in court. An officer using electronic surveillance to collect legal evidence is bound by the same rules that apply to any type of evidence collection. In other words, whether an officer is investigating a murder or a traffic violation, the standards he or she must follow are the same.

"For example, in Canada, a court order will allow me to monitor communications, but only for those people that I have specifically identified in court. If I am monitoring a phone conversation, I am only allowed to listen when I recognize the voices of those specific people. If I hear other people talking, I must hang up.

"In terms of legal authority, the growth of the Internet has changed nothing. The law still gives police officers the authority to intercept certain communications. However, on the Internet, it is much more difficult to identify the originator of a communication. Internet technology, especially when used with encryption, threatens to take away the capability of police to carry out their legally authorized mandate to monitor certain private communications.

"As a result, police are starting to feel that power slip away, which may be why, in some cases, they may seem to be zealots. However, we do have a responsibility to keep up with the technology. For example, if there were a large terrorist act tomorrow, and it came out that the terrorists were using encrypted Internet communications that the FBI were unable to monitor, the FBI would undoubtedly be subject to criticism.

"I think you'll see the day when there will be pressure even on local police to monitor such communications. However, the question of how much to monitor is crucial. If you cast a very wide Net, everyone loses some freedom, and we would end up living in a zoo where, potentially, everyone could be controlled and spied upon.

"When it comes to breaking the law, a wide net would catch almost everyone in one way or another. However, it is necessary to catch the more blatant, serious criminals; so where do you draw the line?

"Who should decide? Usually, it's the legislators. However, when technology changes so quickly, the line moves quickly without the public or the legislators understanding what has happened.

"Police have always lived in the world of damned-if-you-do and damned-if-you-don't, and this is just another example. But you must realize that police officers are trying to do their job — the job they were hired to do."

Jump to top of page

How the Internet Works: TCP/IP

The Internet is vast beyond human comprehension and is very, very complicated. What is amazing is that, as large and complex as the Net may be, no one actually runs it. No person, no government, no organization, no one — if you can believe it — is in charge.

How can this be? Before I explain, I want to take a few minutes to discuss how the Internet works. By the time we are finished, you'll understand how such a large network can run automatically without having anyone in charge. The details are fascinating, and to explain them I'll have to get a bit technical. (But this is fun technical stuff, so don't worry.)

To start, let's talk about how information gets passed from one place to another on the Net.

Information, often referred to as DATA, is constantly being transported all over the Internet. Behind the scenes, data is passed from one computer to another until it reaches its final destination. For example, when you send an email message to a friend, your message is passed from your computer, to another computer, to another computer, and so on, until it reaches your friend's computer.

Of course, for this system to work, all the computers on the Internet must follow the same standards of data transmission. They do so by using a system called TCP/IP. (The name stands for "Transmission Control Protocol / Internet Protocol". When you talk about TCP/IP, pronounce it as five separate letters — "T C P I P" — without the slash. If you want to sound cool, say the letters quickly.)

The reason the Internet works is that all the computers on the Net — including your computer — use TCP/IP to communicate. More precisely, each computer on the Net runs a program that allows it to send and receive data using TCP/IP. Thus, in one sense, we can say that the Internet is simply a huge collection of computers, all of which exchange data according to the TCP/IP system. (Actually, from a technical viewpoint, this is a perfectly adequate definition of the Internet.)

Informally, we often speak about computers as if they were alive (which, of course, they aren't). For example, as I mentioned earlier, when computers exchange data, we say that they talk to one another. So, we might say that TCP/IP is the system that allows computers on the Internet to talk to one another.

The details of TCP/IP, as you might imagine, are hideously technical. However, the fundamental idea is easy to understand.

Let's say a chunk of data (such as an email message, or the text of a Web page, or a picture) has to be sent from one computer to another. The first computer breaks up the data into pieces, each of which is placed into a small package called a PACKET. Along with a portion of the data, each packet also contains the address of the destination computer and a sequence number. The packets are sent onto the Internet, where they are passed from one computer to another. At each point, the computer that receives a packet looks at the destination address and passes the packet to another computer that is one step closer to the destination. The packets all travel separately, and they may not even take the same route, but, eventually, they all reach the destination.

At that point, a program on the destination computer extracts the contents of each packet and, using the sequence numbers, reassembles the pieces into a copy of the original data. Thus, you can think of your email message (or Web page text or picture) as being broken into pieces, sent out over the Net, and reassembled at the destination. What is amazing is that the Internet is so fast that the whole thing often takes place in seconds, even when the packets have to travel a long distance.

Jump to top of page

Moving the Data: Routers, MAEs and NAPs

From the very beginning (1968), the Internet was designed to grow indefinitely without requiring any type of central administration. The idea was to construct a system in which a great many small parts (computers) would, by their very nature, form a large entity (a network) as soon as they were connected. To make such a network grow, all you would need to do is add more computers. Moreover, if you removed one or more computers, it wouldn't affect the integrity of the network as a whole. The network would just get smaller.

Every computer on the Internet (including your computer) uses TCP/IP to send and receive data. The beauty of TCP/IP is that, because it uses small packets with a standard size and format, the overall communication system can be designed efficiently. So, although the Internet itself is very complicated, the underlying communication system is conceptually simple. Each computer on the Net does its part simply by running a program that knows how to look at, interpret and transport small, standardized data packets.

However, there is more. There are a great many specialized computers, called ROUTERS, whose primary purpose is just to send and receive data packets. It is the routers that provide the communication links that hold the Net together.

There are millions of routers on the Net, many of which are connected to more than one communication line. This means that if a line happens to go down, there is almost always an alternate route. As I explained earlier, TCP/IP is designed so that it doesn't really matter how packets get from point A to point B. When a communication line or a specific router goes down (which happens from time to time), the other routers simply send their data packets by an alternate route until the problem is fixed.

You might ask, where are the routers located? They are all over the place: in telephone central offices, in computer rooms, in specialized switching facilities, and so on. (In fact, I have one in my basement.)

As we discussed earlier, access to the Internet is provided by ISPs (Internet Service Providers). To use the Net, you arrange for service from an ISP. Once you connect your computer to the ISP, you are on the Net.

Similarly, an organization with a network also connects to the Net via an ISP. In this case, the network administrator arranges for a connection between the network and the ISP. Once this connection is established, every computer on the network is also on the Net.

So, as you can see, the Internet has many, many communication lines all over the world. For the system to work, there must be a way for the various ISPs to connect to one another. To do so, they use the services of what are called NSPs (Network Service Providers). The NSPs, which are large telecommunication companies, maintain a system of high-capacity communication lines called the BACKBONE of the Internet. Along the backbone, there are special points at which ISPs can connect. These points, which act as communication hubs, are called NAPs (Network Access Points).

Thus, to use the Net, you connect your computer to an ISP, which uses a NAP to connect to the Internet backbone. In the United States, there are several tens of NAPs. If one of the NAPs were to go down temporarily, it would cause a lot of inconvenience but, because there so many of them, the outage would not be fatal to the Net.

Jump to top of page

Who Runs The Internet?

By now, you can understand that the Internet, as a whole, is completely automated. As long as enough computers are running and enough communication lines are intact, everything works without human intervention, and when a computer or a communication line does go down, the Internet works around it until a human being can make the necessary repairs.

With such a system, all that is necessary is for each organization and each person to take care of their particular part of the Net. For example, every organization (companies, universities, and so on) must take care of their own networks, and arrange for their own connection to the Net. Each person must do the same him- or herself. You, for example, are responsible for making sure that your computer and your Internet connection are up and running.

The secret of the Internet's success is that it is completely decentralized. Indeed, by its very nature, the way it was designed, the Internet must be decentralized to work properly. In fact, if the Internet had been designed to require a central authority, the network would have collapsed under its own weight a long time ago.

Thus, there is no need for a central authority.

Think of the cells in your body. Although they are specialized and some may be more important than others, you can safely remove any particular cell — or, in some cases, many cells — without hurting the body as a whole. Moreover, at any time, various parts of your body can grow simply by creating new cells.

Because the Internet does not require a central authority to run the system, it can grow without bound in such a way that no one is in charge. And if no one is in charge, who will police the system? Who will set standards of behavior, and who will enforce the rules?

The short answer is, nobody. Nobody is in charge. Nobody is in control.

You are on your own, but don't let that bother you. No one controls the weather or the rotation of the planets around the Sun or most of the plants and animals in the world, but the world and the universe get along just fine.

I know it seems strange to realize that, as human beings, we have created (and we maintain) something that is so complex and so powerful that we can't control it, but that's okay. We just need to get used to the idea.

Jump to top of page

The Nature of the Net

By its very nature, the Internet is beyond the control of human beings. However, that doesn't stop various organizations and people from trying to exert control. There are a number of motivations for wanting such control, the most common of which is money.

One of the best-known examples is AOL, the largest ISP in the United States. (At one time, the company was named America Online, but now it is just plain AOL.)

As you know, the basic role of an ISP is to allow you to connect your computer to the Internet. AOL, however, goes a lot further. They use their own software (which they give away for free) to create a special environment for their customers. The AOL environment is especially easy to use for beginners. It allows AOL customers to send and receive email, to talk to one another, to look at Web sites, and to access a large number of proprietary services.

So what's the problem? There are several, and to appreciate them, you need to understand an important aspect of human nature.

Human beings are adept at forming hierarchical systems in which responsibility is centralized and someone is clearly in charge. Indeed, being able to form such systems is one of the most important reasons for our success as a species. Creating well-defined hierarchies allows us to organize ourselves into groups of any size and to accomplish much more than if we had to work alone.

Because we are built this way, we tend to measure the value of an organization by its size. For example, we value a large, international conglomerate a lot more than a small, local business. One reason, of course, is that a large, international conglomerate can make a lot more money than a small, local business. Another reason is that the people running a large, international conglomerate have a great deal of power and, generally speaking, human beings admire such people.

In the business world, it is common — some people might even say natural — for the people who run companies to want those companies to grow as large as possible. Large companies mean more customers, more money and more power.

The Internet is designed as a distributed system that works best when it is not centralized.

The Internet, however, is designed as a distributed system that works best when it is decentralized. Any Internet company (and AOL is not the only one) that tries to centralize and grow too large, finds that it runs into unexpected problems. Outside the Net, larger companies can enjoy a great deal of efficiency because of the economies of scale. On the Net, the opposite is true. Every Internet communication requires a one-to-one connection between two computers, and the more connections you have, the more you create bottlenecks.

Up to a point, it is possible to alleviate the bottlenecks by spending money on more computers, more routers, more communication lines, and more employees. Such actions, however, work against the basic nature of the Net. Internet companies that become too large find out that, the more they centralize and grow, the less efficient they become. On the Net, having too many customers makes it harder to earn money, because you quickly reach the point where each new customer adds proportionally more to the overhead than he or she can contribute in potential revenue.

Once an Internet company gets too large, it starts to collapse from its own weight, and the business model (the plan for making money) that the company used when it started soon becomes inadequate. What follows is an intense pressure to generate profits. This force gives rise to a determined effort on the part of the company to squeeze out as much money as possible, as quickly as possible, in any way they can. Many such companies go out of business. Others manage to stay alive, but only by changing the basic nature of their business.

Now, back to AOL. AOL started as an ISP that offered extra services to their customers. At the time, they made their money by charging a monthly fee. However, within a few years, AOL became a victim of its own success. They acquired so many customers that the monthly fees were not nearly enough to cover the increased overhead. For this reason, they changed themselves from an ISP to a marketing company. That is why, if you use AOL, you will find yourself looking at so many advertisements.

Now you can understand why it is crucial that AOL require its customers to use proprietary software to access the Internet. Having control of the software enables AOL to control what their customers look at as they use the Net, and that is the only way they can use every opportunity to sell, sell, sell.

Actually, the basic nature of the Net makes such a course inevitable. Any Internet company that grows large enough is going to encounter enormous overhead. When that happens, the choice is either (1) die, or (2) look for ways to sell as much as possible to their customer base.

For that reason, AOL's primary business is no longer Internet access. AOL is actually a marketing company that uses Internet access and special services to attract a customer base. (If you are an AOL user, I am sure you know exactly what I mean.)

However, AOL is not alone; Microsoft is also in the game. Some years ago, Microsoft started their own ISP business, MSN (Microsoft Network). At first, MSN users used standard Internet software, with a few extra Microsoft programs, to access the Net. Then Microsoft decided to compete head-to-head with AOL. To do so, they created MSN Explorer, a proprietary program that, like the AOL software, does its best to create an all-encompassing environment for their Internet customers.

Eventually, all such efforts are doomed to failure, because they work against the basic nature of the Net. On the Internet, trying to become prosperous by becoming large is like rolling a heavy rock uphill. You can do it for awhile — maybe even a long while if you have enough money — but eventually, the nature of the rock will have its way.

Does this mean I am saying that AOL's and Microsoft's ISP efforts are going to fail eventually? Yes, I am. (You just wait and see if I am not right.) The Internet works best with sharing, collaborating and one-to-one communication, all of which are decentralized activities. However, in order to make a large amount of money on the Internet, a company must create a large centralized, hierarchical organization, and that is just not the way the Net works.

The business of the Internet is not business.

The reason I want you to understand this principle is because it extends far past the possibilities of commercial enterprise. From time to time, we hear people call for government control over the Internet, to protect us from bad things such as crime, child pornography, propaganda, and so on. However, because the Net is a distributed system, it cannot ever be run by anyone. No person, no government, no police force — no organization is ever going to be able to control or censor the Net.

You must accept the fact that no authority is ever going to be able to arrange things so that you and your loved ones can be perfectly comfortable all of the time. AOL and Microsoft try to do that, but only at the expense of creating a basically unsound system, in which using the Internet turns into an irritating marketing experience.

For better or for worse, no one is in charge of the Net, and no one ever will be in charge. This means that — as a society and as individuals — it is up to us to develop the maturity, the values and the judgment to use the Net wisely and productively. No one is going to do it for us.

And that is one reason why the Net is going to change us a lot more than we expect.

Jump to top of page

Is It Realistic to Have
an Expectation of Privacy?

With everything we have discussed so far, it is natural to wonder whether or not we can expect to have privacy when we use the Internet. The answer is yes and no. It depends very much on what we mean by "privacy".

I think you'll agree that when you go out in public, you have less privacy than when you stay home. For example, say that you and your spouse decide to watch a movie tonight. You can either stay home and watch the movie on television, or you can go out to a theater.

If you stay home, you have privacy. If you talk during the movie, only one person (whom you know well) will hear you. If you go to a theater, and you talk during the movie, it is likely that people whom you do not know will overhear you.

Similarly, when you leave your house and give up your privacy, you also expose yourself to potential problems. Somebody might hurt you or rob you. You might have an accident in your car or while walking on the street. You might run into someone unpleasant and have a bad experience.

These situations are so common that it almost seems superfluous to even discuss them. We all recognize that going out in public affects our expectations of privacy and safety, and we act accordingly. Thus, when you are in a theater watching a movie, you are more careful discussing personal matters than when you stay home and watch the same movie on television. Similarly, whenever you leave your house, you take simple precautions to ensure your comfort and safety. You avoid unsafe areas, you lock your car, you look both ways before you cross the street, and so on.

When you first start using the Internet, you need to adjust to a brand new environment. What you may not realize is that your period of adjustment will last a lot longer than you think. It may take several years before you really understand the nuances of the Net. (Indeed, some people never figure it out.)

One of the most confusing ideas is that of privacy. In the outside world, you know when you are in public: you are outside your home, there are people around you, and so on. On the Internet, it's totally different. As soon as you connect to the Net, you are in public.

Of course, you are not in public the same way as when you leave your house but, nonetheless, you are in a situation in which you (and your computer) can be affected by forces beyond your control, often without your knowledge.

As you read this book, you will learn more about the real nature of the Internet experience. As you do, you will develop a better understanding of how much privacy you can expect. I will explain which issues are important, and how you can best think about them.

Some people think that if they use the Net sparingly (or not at all), their privacy is assured. Such is not the case. The Net has a lot more information than anyone realizes, and even if you don't use the Net, other people may be able to use it to find out about you. For example, if you have a listed phone number, your name, address and number are on the Net. If you have done anything even remotely newsworthy, there is probably information about you on the Net. For example, I know someone who runs marathons. Information about him is on the Net, because the results of such competitions are often posted on a Web site.

I have a friend whose grandmother likes to use the Internet to find information about the various houses in which she has lived. She lives in Ohio, and in the course of her investigations, she discovered that Ohio makes a great deal of real estate information available for free on the Net. She found out that, without leaving her home or talking to anyone, she can find out how much her neighbors paid for their houses, what they pay in taxes, who owns the property, who used to own the property, and so on.

Such information is, of course, already public. If it weren't, the government wouldn't have released it. However, once the information is on the Net, it becomes easy to access. You don't have to go to a government office and hunt for what you want.

Right now, there is a huge amount of public information that is effectively private, simply because it is too much trouble to access. Once it is put on the Net, everything changes, and that information becomes accessible to anyone in the world.

So, how much privacy can you expect to have? Technically, it is possible for someone to eavesdrop on your Internet activities. Realistically, no one is watching what you do on the Net any more than anyone is listening to your phone calls. If you haven't done anything egregious that has drawn the attention of the police, no one on the Net really cares what you are doing. On the other hand, you can't stop the Net from collecting information about you. There is probably information about you on the Net right now, and there will be a lot more in the future.

Clearly, how our society thinks about privacy is going to have to change. We are going to redefine what we mean by privacy and how much we have a right to expect. We will also have to make some collective decisions as to what type of information should be available on the Net.

It will take years for these new attitudes to evolve. In the meantime, the Internet is going to affect your life in ways that nobody anticipates. We do, indeed, live in interesting times.

Jump to top of page