I thought I’d share some of the questions that came up as I read it –

In 1996, a physicist named Alan Sokol published an article in Social Text, a cultural studies journal.  It was called “Transgressing the Boundaries: Toward a Transformative Hermeneutics of Quantum Gravity,” and as the name suggests, it’s pretty impenetrable.  You can check it out here.  Soon after it came out, he published an article in the now-defunct Lingua Franca, saying that the first article had been a hoax.  He said he did it to see [...]]]> The Future of the Internet has a lot of worries in it about the state of cybersecurity.  I’ve argued against some extremely knowledgeable people in saying that the cyberwarfare threat has not been greatly exaggerated.  But there are some security fears that just don’t bother me so much.

In 1996, a physicist named Alan Sokol published an article in Social Text, a cultural studies journal.  It was called “Transgressing the Boundaries: Toward a Transformative Hermeneutics of Quantum Gravity,” and as the name suggests, it’s pretty impenetrable.  You can check it out here.  Soon after it came out, he published an article in the now-defunct Lingua Franca, saying that the first article had been a hoax.  He said he did it to see if the journal would “publish an article liberally salted with nonsense if (a) it sounded good and (b) it flattered the editors’ ideological preconceptions.”

I remember feeling pretty sympathetic to the Social Text editors at the time — which was before I was immersed in legal academia, where most of the law reviews are run by students and don’t perform what other fields would recognize as formal peer review.  Publishing an article doesn’t mean that the journal editors agree with everything it says, and no doubt the Social Text editors had little experience dealing with physics.  Sure, they could have sent it to other physicists, but in the meantime they probably welcomed what looked like a rare attempt by someone from the hard sciences to communicate with an otherwise-alien audience, even if the person was deemed an apostate by his colleagues.  Moreover, being of the postmodern deconstructionist bent, they gleaned a lot from the text — no doubt more than what its insincere author had put in.  (As Wiki says they put it: “its status as parody does not alter, substantially, our interest in the piece, itself, as a symptomatic document.”)

I was reminded of the Sokal Affair when I read Thomas Ryan’s presentation to the 2010 Black Hat conference about one Robin Sage.  This isn’t the U.S. special ops training exercise conducted each year, but rather a fake identity the author created on LinkedIn and elsewhere.

The author says he intentionally chose the photo of a young, attractive woman in order to better do what he did next: friend a bunch of security professionals on LinkedIn.  He says that Robin’s success in social networking said something about the security chops of those who friended her.

I’m not so sure.  He convincingly writes that her profile’s credibility could be debunked with a little Internet sleuthing, but I don’t think it’s surprising that many social network users regularly go to such lengths.  Some people are picky about from whom they allow connections; others are content to accept anything that looks like it’s not a spammer — and Robin was not.

Ryan includes some snippets of messages that Robin received from her new connections.  One asked her to review a paper he was writing; another complimented her on her looks; another pointed out a job opportunity.  I’m not sure any of these is troublesome.  Ryan figures that if the paper were shared and was pre-publication, a malevolent person behind the Robin persona could have passed it off as his or her own.  That’s a bit of a reach.  Yes, anything can happen, but there are risks in any communication or interaction with a stranger or mere acquaintance.  Ryan says in his paper’s summary that Robin was offered “gifts, government and corporate jobs, and options to speak at a variety of security conferences.”  But when that’s unpacked in the main text, it’s all very tentative — pointing out a job opportunity is not the same as offering a job, and suggesting interest in a conference is not the same as vetting the presentation should the interest be reciprocated.  There’s an intriguing section of the paper about the gender dynamic — Ryan intentionally chose a young, attractive woman as Robin’s avatar, ’and suggests that “Whether these same reactions would have been elicited towards another male is questionable. It can be put forth that Robins appearance and gender played a key role in many people’s comfort level.”

There’s some interesting research on this sort of thing, such as a study by researchers at the University of Wisconsin in which identical resumes were sent for academic jobs with only the names switched from one gender to another.  They found that men were given more opportunities than their identical women counterparts.  At the very least, gender comfort level can cut both ways, and Ryan’s experiment was, I think even by his own account, as casual as Alan Sokol’s with Social Text.  It’s more to make a provocation than to actually investigate gender bias or sloppy intellectual work, respectively.

The Robin Sage experiment — and the lessons we’re supposed to draw from it — interest me because I’m interested in the ways in which kindness among strangers can be crucial to the world being a good place to live — and the Internet functioning at all.  It’s not surprising that a security professional would conduct an experiment in which people were duped into friending someone who wasn’t real and then conclude that those people were observing security practices that were too lax.  But the more you think about it, the more you can think of all sorts of similar experiments: offer to help someone with his or her shopping bags, and then drop them.  See someone taking a picture of his friends in a park, offer to do it so he can join the picture, and then run away with the camera.  Hold a door for someone, and then hit them from behind.  Should an experimenter do any of these, would the lesson be about the gullibility of the target or the cruelty of the experimenter?

To be sure, Ryan’s experiment was conducted among fellow security professionals.  He suggests that Robin’s fake job description suggested that she held a U.S. federal government security clearance — so other people with clearances might be misled into sharing classified information with her.  But there’s no reason to think that people would spill secrets under those circumstances any more than you’d write a check for $5,000 or give your home address to a brand new “friend” on Facebook.

The beauty of social networks like LinkedIn or Facebook is that they allow a level of connection with someone that has no easy real-world analogue.  LinkedIn can be for colleagues and friends, but it also can include faraway students who want to connect with a professor they’ve never met — and maybe never will — or any number of other configurations.  Just because Wikipedia allows anyone to edit most of its pages, doesn’t mean that it innately and permanently trusts every edit.  The system is set up to be able to revert the work of vandals, and any example of how “easy” it is to vandalize a Wikipedia page is beside the point.  The idea there is that there are more people quickly responding to vandals than there are vandals — so an open system functions.  Similarly, so long as we don’t share more than we mean to, the presence of strangers among our LinkedIn colleagues or even Facebook friends shouldn’t be a red flag.  More might be gained from “friends we haven’t met” than lost to the occasional bad actor.

So: pleased to meet you, Thomas Ryan — if that’s who you really are.  And even if it’s not.  …JZ

I’ve been intrigued by these concepts, too, and while I don’t think people should have to change their names to escape their pasts — whether earned or unearned — I like the idea of reputation bankruptcy.  It’s taken up as a partial solution to peer-to-peer privacy problems in the Future of the Internet:

Search is central to a functioning Web, and reputation has [...]]]> Google CEO Eric Schmidt created buzz (and some shock and criticism) when he suggested in a recent Wall Street Journal interview that, in the not too distant future, “every young person…will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends’ social media sites.”

I’ve been intrigued by these concepts, too, and while I don’t think people should have to change their names to escape their pasts — whether earned or unearned — I like the idea of reputation bankruptcy.  It’s taken up as a partial solution to peer-to-peer privacy problems in the Future of the Internet:

Search is central to a functioning Web, and reputation has become central to search. If people already know exactly what they are looking for, a network needs only a way of registering and indexing specific sites. Thus, IP addresses are attached to computers, and domain names to IP addresses, so that we can ask for www.drudgereport.com and go straight to Matt Drudge’s site. But much of the time we want help in finding something without knowing the exact online destination. Search engines help us navigate the petabytes of publicly posted information online, and for them to work well they must do more than simply identify all pages containing the search terms that we specify. They must rank them in relevance. There are many ways to identify what sites are most relevant. A handful of search engines auction off the top-ranked slots in search results on given terms and determine relevance on the basis of how much the site operators would pay to put their sites in front of searchers. These search engines are not widely used. Most have instead turned to some proxy for reputation. As mentioned earlier, a site popular with others—with lots of inbound links—is considered worthier of a high rank than an unpopular one, and thus search engines can draw upon the behavior of millions of other Web sites as they sort their search results. Sites like Amazon deploy a different form of ranking, using the “mouse droppings” of customer purchasing and browsing behavior to make recommendations—so they can tell customers that “people who like the Beatles also like the Rolling Stones.” Search engines can also more explicitly invite the public to express its views on the items it ranks, so that users can decide what to view or buy on the basis of others’ opinions. Amazon users can rate and review the items for sale, and subsequent users then rate the first users’ reviews. Sites like Digg and Reddit invite users to vote for stories and articles they like, and tech news site Slashdot employs a rating system so complex that it attracts much academic attention.

As biometric readers become more commonplace in our endpoint machines, it will be possible for online destinations routinely to demand unsheddable identity tokens rather than disposable pseudonyms from Internet users. Many sites could benefit from asking people to participate with real identities known at least to the site, if not to the public at large. eBay, for one, would certainly profit by making it harder for people to shift among various ghost accounts. One could even imagine Wikipedia establishing a “fast track” for contributions if they were done with biometric assurance, just as South Korean citizen journalist newspaper OhmyNews keeps citizen identity numbers on file for the articles it publishes. These architectures protect one’s identity from the world at large while still making it much more difficult to produce multiple false “sock puppet” identities. When we participate in other walks of life—school, work, PTA meetings, and so on—we do so as ourselves, not wearing Groucho mustaches, and even if people do not know exactly who we are, they can recognize us from one meeting to the next. The same should be possible for our online selves. []

So far: a couple weeks ago Google and Verizon announced a “legislative framework proposal” to “preserve the open Internet and the vibrant and innovative markets it supports, to protect consumers, and to promote continued investment in broadband access,”  blogged here.  The proposal emerged in the vacuum created by a Federal court ruling overturning the FCC’s regulation of Comcast’s throttling of peer-to-peer traffic, and it was criticized harshly by a number of open Internet advocates as an undue boon to the network providers’ interests.

Now the FCC has re-entered the picture with its September “further inquiry,” [...]]]> There’s some movement in the U.S. network neutrality debates under a rather dry heading: “Further Inquiry Into Two Under-Developed Issues in the Open Internet Proceeding.”

So far: a couple weeks ago Google and Verizon announced a “legislative framework proposal” to “preserve the open Internet and the vibrant and innovative markets it supports, to protect consumers, and to promote continued investment in broadband access,”  blogged here.  The proposal emerged in the vacuum created by a Federal court ruling overturning the FCC’s regulation of Comcast’s throttling of peer-to-peer traffic, and it was criticized harshly by a number of open Internet advocates as an undue boon to the network providers’ interests.

Now the FCC has re-entered the picture with its September “further inquiry,” and done so with a deft touch.  First, by seeking additional comments, the document makes it clear that its “NPRM” — a proceeding to craft rules to promote an open Internet that many thought the Comcast decision had derailed — is still alive.  Exactly how any rules will be made is not discussed; instead, the FCC notes the areas where consensus has been reached: some conception of net neutrality is a good idea, at least on non-wireless platforms; that network practices should be disclosed; that net neurality shouldn’t preclude reasonable network management practices by ISPs; and that case-by-case, flexible adjudication beats lengthy and complex rules.

That’s an astute move: to the extent that the Google/Verizon document represented horse trading — “I’ll agree that net neutrality should apply to wired networks if you agree that it’s too soon to talk about rules for wireless” — the FCC has moved rhetorically to lock in the parts of the deal that most embrace an open Internet by pointing out that there’s now consensus on those points.

That leaves the most controversial parts of the agreement as objects for further inquiry, and it’s where the FCC is looking for more public comments.  These “under-developed issues” are on the confusing “specialized services” and the less confusing (but no less challenged) wireless proposed exemptions (or at least temporary relief) from net neutrality rules.

There, the FCC offers a lucid and measured summary of the state of play on each issue, along with some initial thoughts on ways to resolve each, drawing from among the many comments already received from industry and public interest participants.  For specialized services, there’s the question of what happens when a network provider wants to use the pipe it has into someone’s house or business for something independent of vanilla Internet broadband.  There are legacy examples of this: the same wires that carry a phone company’s Internet DSL service carry regular old telephone service, too; and the same cable company coax that carries broadband also carries cable TV.  Indeed, those “specialized” services used to be the main ones, with the Internet as the afterthought.

It would be strange to say that the same net neutrality principles that mean Comcast can’t favor access to cnn.com over foxnews.com also ought to mean that Comcast can’t favor MTV over Animal Planet in basic cable.  Basic cable is Comcast’s to fill as it pleases, conducting all sorts of deals to figure out whether a new channel should be cute cats or pay-per-view boxing.  (To be sure, this is with the exception of the byzantine and ill-considered “must carry” rules that give legacy TV broadcasters a chance to demand a corresponding cable channel without having to negotiate a deal for it — while also allowing those broadcasters to refuse to allow the cable company to carry the channels unless they cut a deal.  That’s Congress’s mess, though, not the FCC’s.)

So the strongest view against specialized services might be: OK, network providers, maybe you keep your legacy specialized services, but other than that, we want you to use your bandwidth for open Internet.  But then one could see new specialized services shoehorned in via one’s telephone (“Look, a new handset with a screen to plug into the regular phone line!”) or cable (“A new channel called the Best of YouTube, with fast forward, rewind, and favorite buttons on my cable remote!”).  The puzzle is: if we want to give those legacy modalities a chance to freshen up, or even contemplate new kinds of specialized services not anchored in the old ones, can we do it without the prospect of diminishing the open Internet that’s currently so popular over those very wires?  The Internet tail stands to wag the telco/cable/TV dog to which it was first attached; how to mediate between them now, if at all, should the dog (and its more proprietary frame) stage a comeback?

Check out pp. 2-4 of the FCC’s document for its own view of the issue, along with some approaches that could help situate specialized services without simply banning them.  I’m intrigued with the idea of guaranteed capacity for regular Internet service — in other words, new specialized services should not be used to shrink the pie for regular Internet offerings.  Experimentation could continue apace on the open Internet, with some of its best results then bottled up and offered sleekly through a more appliancized offering.  So long as there’s still general public access to and broad usage of the regular Internet, a hybrid ecosystem could offer the best of both worlds.  In a way, it’s preferable to have generative and “sterile” environments side-by-side than to have generative environments compete with “contingently generative” ones.  The latter is like the case of the iPhone — to a developer, it acts just like the open PC environment, where anyone can code for it and reach consumers, until it doesn’t — Apple bans a particular app or changes its rules after achieving huge market share.

And speaking of mobile smartphones, there’s then the question of wireless.  Some net neutrality advocates might ask: what question, saying that it should be treated the same as everything else — as Internet protocols intended.  Others, most directly the wireless carriers themselves, say that nondiscrimination rules will constrain their investment in building out the more nascent wireless infrastructure.  Again the FCC lays out some options, and for the first time that I’ve seen, asks the question not only of net neutrality for use of wireless bandwidth, but app neutrality for developers’ access to a smartphone platform’s app store.  The Future of the Internet has my own views on that question, and the FCC neatly asks if perhaps rules on one could help justify an absence of rules on the other: maybe app neutrality would make us worry less about network discrimination, or net neutrality could still permit app discrimination.

Despite the nondescript eponymous title that suggests that it’s just another abstruse government document, the FCC’s further inquiry is worth a read.  And its contents signal that regulators can be reassuringly versed in the topics they’ve taken up, even as their power to regulate remains in question.  There are still some moves the FCC could make to create net neutrality rules in the absence of a new statute, and without mentioning (much less taking) them, the invitation to comment is one the major parties to the debate won’t ignore.

The designers and makers of the Internet and PC platforms did not expect to come up [...]]]> I wrote the Future of the Internet — And How to Stop It, and its precursor law review article the Generative Internet, between 2004 and 2007. I wanted to capture a sense of just how bizarre the Internet — and the PC environment — were.  How much the values and assumptions of, metaphorically, dot-org and dot-edu, rather than just dot-com, were built into the protocols of the Internet and the architecture of the PC.  The amateur, hobbyist, backwater origins of the Internet and the PC were crucial to their success against more traditional counterparts, but also set the stage for a new host of problems as they became more popular.

The designers and makers of the Internet and PC platforms did not expect to come up with the applications for each — they figured unknown others would do that.  So, unlike CompuServe, AOL, or Prodigy, the Internet didn’t have a main menu.  And once for-profit ISPs started rolling the Internet out to anyone willing to subscribe, there came to be a critical mass of eyeballs ready to experience varieties of content and services — the providers of which didn’t have to negotiate a business deal with some Internet Overseer the way they did for CompuServe et al.  Some content and services could be paid for, at least as soon as credit cards could function cheaply online, and other could be free — either because of a separate business model like advertising, or because the provider didn’t feel inclined to monetize visiting eyeballs.  Tim Berners-Lee could invent the World Wide Web and have it run as just another application, seeking neither a patent on its workings nor an architecture for it that placed him in a position of control.  Today, of course, the Web is so ubiquitous that people often confuse it with the Internet itself.

When bad apples emerge on an unmediated platform — and they do as soon as there are enough people using it to make it worth it to subvert it — it can be difficult to deal with them.  If someone spams you on Facebook, the first step is to make it a customer service issue — complain to Facebook, and they can discipline the account.  If someone spams you on email, it’s much trickier, because there’s no Email Manager — just lots of email servers, some big, some little, and many of them with accounts hacked by others.  That’s one reason why a newer generation of Internet users prefers Facebook or Twitter messaging to old fashioned email.  Same for the PC itself: with no PC Manager, there’s no easy way to get help or exact justice when exposed to malware.  I worried that malware in particular, and cybersecurity in general, would be a fulcrum point in pushing “regular” people away from the happenstance of generative platforms designed by nerds who figured they could worry about security later.  Hence a migration to less generative platforms managed like services rather than products.

I understand and sympathize with that migration.  But it’s important to recognize its downsides — particularly if one is among the libertarian set, which has been comprised some of the most vocal critics of the Future of the Internet.  Whether software developer or user, volunteering control over one’s digital environment to a Manager means that the manager can change one’s experience at any time — or worse, be compelled to by outside pressures.  I write about this prospect at length here.  The famously ungovernable Internet suddenly becomes much more governable, an outcome most libertarian types would be concerned about.  Many Internet freedom proponents aren’t willing to argue for or trust those freedoms to a “mere” political process; they prefer to see them de facto guaranteed by a computing environment largely immune to regulation.

Lessig now seems to disagree with that; his view in Code 2.0 is that:

citizens of any democracy should have the freedom to choose what speech they consume.  But I would prefer they earn that freedom by demanding it through democratic means than that a technological trick give it to them for free.

It’s an interesting bookend to a small gem of an article he wrote in 1999, where he said:

The architecture of cyberspace embeds a set of values, as it embeds or constitutes the possible. But beyond the values built into this architecture, there are values that are implicated by the ownership of code. Its ownership can enable a kind of check on government’s power-a separation of powers that checks the extent that government can reach. Just as our Constitution embeds the values of the Bill of Rights while also embedding the protections of separation of powers,[] so too should we think about the values that cyberspace embeds, as well as its structure.

Randal Picker, in a terrific article revisiting the famed Sony case that upheld the right of manufacturers to make and sell VCRs, despite the fact that surely many people were using them to infringe copyright by recording shows for their personal libraries, outright welcomes new forms of regulation made possible by software becoming a service.  My brief response to (and disagreement with) his article is here, but both of us agree that new kinds of regulation lie in our future.

So, has the future happened?  Certainly young coders today are writing for the Facebook and iPhone apps platforms more than they are for Windows, OS X, or GNU/Linux.  Those platforms haven’t been “sterile” — e.g. resistant to all outside development, as the book’s introduction feared.  Rather, they’re what I called “contingently generative” and what Sarah Rotman Epps more pithily calls “curated computing.”  The idea is the same: to be generative enough to welcome outside coders — indeed, if wildly successful, to turn other platforms into ghost towns — but to be able to modify what they do at any time, before or after the fact.  Not only does that set the stage for monopolistic behavior — developers, many coding for fun, build empires that are then hard to move to a new platform when the rules change — but also for new regulation.  Android is an interesting development here — a sort of canary in the coal mine, as the Android platform contemplates more “off roading” by users, running unapproved apps, than the iPhone does.  It’s too early to say which model will prevail, especially as either one, being contingent, can evolve towards the other.  Steve Jobs could announce freedom to run outside code on iPhones tomorrow, and Google could revise Android so that only apps from the official Android store can persist.  Either vendor can kill an app, or the entire phone, at a distance, if it detects jailbreaking, or for any other reason.

In 2004, the Web was going strong, but much of our time was spent outside a browser: email was Outlook or Eudora, word processing was Word, spreadsheets were Excel, etc.  If you were given only a browser, there’s a lot of work you’d have a hard time doing.  Today that’s simply not true.  Google docs and spreadsheets are spreading, and Microsoft is hastening to catch up with Windows Live.  Yet some have trumpeted the end of the open Web, and cited the Future of the Internet to buttress their claims.  They have a point.  Just because something can be accessed by a Web browser doesn’t make it part of the Web.  (You can even just open a file on your hard drive using your browser, most easily if it ends in .html.)

If the services we migrate to online are still controlled and curated by only a handful of gatekeepers, we run all the risks, and stand to lose many of the benefits, of the generative Internet.  I’m not ready, as others may be, to say that essentially every new technology has its infancy and adolescence, where it’s chaotic and there are lots of players and lots of innovation, to be followed by boring adulthood as the losers lose and the few winners win and consolidate.  My hope was, and is, to be able to take on the “bad apples” problem in a way that doesn’t terribly compromise generativity — the way that Wikipedia, so far, has managed to stop spammers and vandals without wholesale abandoning the precept that anyone can edit a page, whether registered or not.  I wrote some thoughts on how to do that in the book, and have since followed up with a piece called “The Fourth Quadrant.”  It seems all the more pressing to me as concerns about cybersecurity, and now cyberwarfare, are very much on the mind of governments around the world.

I’m not exactly a pessimist.  I recognize, and celebrate, the fact that the digital environment of 2010 is the coolest, most interesting, most option-filled it’s ever been.  In that sense, mirroring the situation with Internet access despite censorship around the world, the slope of the generative curve is positive.  But, also mirroring the situation with censorship and filtering, I see the pieces further moving into place for a step change in how the Internet works.  In where new innovations come from.  And in how readily regulators can pull the plug on services and content they don’t like.  At its core, the Future of the Internet is an argument against complacency, and against the simplicity of thinking that if only market forces are allowed to work their magic, everything else we care about will more or less fall into place.

I look forward to the week’s discussions.  …JZ

From her description, drawing from the Court’s facts of the case:

Mrs Lindqvist set up internet pages at home on her personal computer in

order to allow parishioners preparing for their confirmation to obtain

information they might need. At her request, the administrator of the

Swedish Church’s website set up a link between those pages and that site.

The pages in question contained information about Mrs Lindqvist and 18

colleagues in the parish, sometimes including their full names and in

other cases only their first names. Mrs Lindqvist also described, in a

mildly humorous manner, the [...]]]> Colleague Karen McCullagh has pointed out a decision from the European Court of Justice that appears to suggest that the inclusion of identifiable personal data on a personal web page could run afoul of the European data directive.

From her description, drawing from the Court’s facts of the case:

Mrs Lindqvist set up internet pages at home on her personal computer in

order to allow parishioners preparing for their confirmation to obtain

information they might need. At her request, the administrator of the

Swedish Church’s website set up a link between those pages and that site.

The pages in question contained information about Mrs Lindqvist and 18

colleagues in the parish, sometimes including their full names and in

other cases only their first names. Mrs Lindqvist also described, in a

mildly humorous manner, the jobs held by her colleagues and their hobbies.

In many cases family circumstances and telephone numbers and other matters

were mentioned. She also stated that one colleague had injured her foot

and was on half-time on medical grounds.

Mrs Lindqvist had not informed her colleagues of the existence of those

pages or obtained their consent, nor did she notify the supervisory

authority for the protection of electronically transmitted data of her

activity. She removed the pages in question as soon as she became aware

that they were not appreciated by some of her colleagues.

The European Court of Justice Held:

1) The act of referring, on an internet page, to various persons and

identifying them by name or by other means, for instance by giving their

telephone number or information regarding their working conditions and

hobbies, constitutes the processing of personal data wholly or partly by

automatic means within the meaning of Article 3(1) of Directive 95/46.

2) reference to the fact that an individual has injured her foot and is on

half-time on medical grounds constitutes personal data concerning health

within the meaning of Article 8(1) of Directive 95/46.

The full opinion can be found here. This result does seem pretty extreme, and I’m trying to figure out what limiting principle there is — other than it being largely disregarded and practically difficult to enforce — by which people who mention other people in a blog post (and the fact that they might be feeling under the weather) are not running afoul of privacy regulations.

Now lawyers and diplomats are all over the subject, and ICANN has ballooned into a multi-million dollar organization. I’ve argued elsewhere that arguments about ICANN and domain names don’t much matter except to those who want a piece of the financial pie, and I think predictions of domain names’ unimportance have largely proven [...]]]> Internet founding parent David Clark was a guest in my cyberlaw class in the fall of 1997. We talked about Internet governance, although I don’t think anyone (including us) called it that yet. ICANN wasn’t a gleam in the U.S. Department of Commerce’s eye, but even then the amazing state of the domain name system — how it came into being, how it was managed — made for an extraodinary story.

Now lawyers and diplomats are all over the subject, and ICANN has ballooned into a multi-million dollar organization. I’ve argued elsewhere that arguments about ICANN and domain names don’t much matter except to those who want a piece of the financial pie, and I think predictions of domain names’ unimportance have largely proven true. Sure, IBM would not be happy if it lost ibm.com, but it’s at no risk of having that happen, and the fact is that most people find things by Googling them than by entering a domain name. So long as search engines can crawl to various destinations, a world in which we couldn’t use mnemonic domain names wouldn’t be much different than the one we have now.

With that background, I’ve been thinking about the global petition to “keep the core neutral” signed by fellow travelers like Wendy Seltzer, Larry Lessig, and David Post. Is it something worth signing?

The petition itself reads a bit vague to me:

Everyone has the right to seek, receive and impart information and ideas without interference through any media, including cyberspace.

As the new generic top-level domain name space emerges and policy choices are made about how ideas may be expressed at the Internet’s top-level, we ask ICANN to keep the core neutral of non-technical disputes and choose policies that respect freedom of expression and permit innovation in the new domain name space.

Encouraging the free flow of information is a foundational principle of public policy decisions related to information and communication technology. Freedom of expression rights, which are fundamental in an Information Society, foster democratic participation, individual empowerment, and economic development.

Cyberspace remains a unique and special place that bridges ancient divisions, where diverse communities interact readily, and all views are welcome. But only if these attributes are valued by policymakers who set Internet governance rules and incorporated into policies about how ideas may be expressed in domain names.

We ask that ICANN stay within its technical mandate and refrain from embedding particular national, regional, moral, or religious policy objectives into global rules over the use of language in domain names. It would be dangerous “mission-creep” for ICANN to adjudicate between conflicting policy objectives and set global standards for expression that are enforced through ICANN’s technical function. Please do not allow ICANN to become a convenient lever of global control by those seeking to censor unpopular or controversial expression on the Internet.

Please keep the Internet’s technical core neutral from national or other ideological conflicts, allowing freedom and innovation to flourish in cyberspace.

I’d be perfectly happy to see lots of new top-level domains, rather than halting steps towards domains like .museum and .aero. Some could be chartered, with particular requirements to earn a name there — such as the venerable .edu, which used to be limited to American two- and four-year degree-granting institutions, one to a customer. (Though somehow Harvard Business School snuck in with hbs.edu despite Harvard also having harvard.edu.) Trademark owners might be unhappy at the prospect of having to defend their mark in each new top-level domain, but with enough domains that might not be necessary, since Internet users would not expect to find International Business Machines at IBM.*.

So what to make of the petition? Dan Krimm, who is running the campaign and is a fellow at IPJustice.org, explained the idea behind it: ICANN is considering approving lots of new top-level domains, with an approval process that lets it eliminate candidate names for “moral” reasons or because particular governments object. All else equal, it might make sense for ICANN to simply have a cash-and-carry policy for registering new TLDs, just as original domain name registration in .com was first-come, first-served, with very few exceptions. (Single-letter domains were not allowed, although a handful like x.com slipped through, and is now held by PayPal/eBay. In 1994, someone tried to register fuck.com and had what appears to be an authentic exchange with the relevant pre-ICANN people that shows just how ad hoc policymaking was then.)

But I find it hard to really care if ICANN wants to allow some names and deny others. I don’t see how a willingness to have some content-based process for determining new TLDs can become “a convenient lever of global control by those seeking to censor unpopular or controversial expression on the Internet.” How would this global control transpire, when one needs no particular domain name to put content up on the Net? Far more convenient would be search engines themselves, which can determine what is and isn’t visible on a casual search. Of course, one can be concerned about both. So: search engine content control will be the next post. …JZ

But this is a good time to point out something beyond the cat-and-mouse of spam-and-filter: email is dying.

Email is the last great “shared hallucination” applications of the Internet. The Internet itself is a [...]]]> Like others, in the past week I’ve noticed a major uptick in the spam I receive on longstanding email addresses. It’s gotten to the point where I’ve configured Gmail to scoop up the mail from those boxes so it can do its own junk mail sorting, and then I POP the mail into my Eudora client from Gmail. It’s taken me from downloading email where more than 9 out of 10 are spam to fewer than 1 out of 10 as spam — with the spam sitting harmlessly on Gmail.

But this is a good time to point out something beyond the cat-and-mouse of spam-and-filter: email is dying.

Email is the last great “shared hallucination” applications of the Internet. The Internet itself is a shared hallucination — built to allow the routing of packets without any particular central coordination or backbone — and first uses to which it was put are similarly able for anyone to step up to the plate and join. Internet Relay Chat can be done with anyone setting up a chat server; Usenet newsgroups — what we know today as message boards and what dimly live on within Google Groups — could be created by anyone, and their propagation would depend on the individual decision of each newsgroup server operator on whether to subscribe to it.

Newsgroups and IRC were overrun by spammers and crooks, and they have been subsumed by alternatives. There are still some people who use IRC for nostaglic purposes or because they’re on very low bandwidth, but its most prominent use today is as a way for zombie computers to listen in at a designated server and channel for instructions from its master. Newsgroups appear like the walking dead themselves, with most of the conversations they hosted now carried on elsewhere. The alternatives to each are within walled gardens, proprietary alternatives of the sort that used to run on CompuServe and AOL. Indeed, a lot of Web 2.0 is based within proprietary servers, available for outside use only with the ongoing indulgence of the sponsoring firms.

So too goes email. If one were denied email in 1997 it would eliminate much of the Internet’s usefulness. Today it wouldn’t be that big of a deal. Indeed, most students today rarely use email, preferring instant messaging, Facebook, Myspace, and other private messaging attached to a proprietary service. The benefit of these alternatives is that, because they’re run by a central source, there’s an extra custodian who can take a hard line against spam and other abuse. Myspace doesn’t do such a great job at it, but try spamming on Facebook and you’ll quickly lose your account.

The drawback is that the vision behind a common application like email — one where any PC can announce itself as a mailserver — is dismissed. And as natural monopolies form, there will be new gatekeepers who can implement content control, who can decide to charge or not, or who can terminate or deny membership. Email is clearly broken, and the various anti-spam tricks designed to extend its life can only go so far. But it’s sad to see the last great shared app eclipsed. …JZ