[Fwd: P2P Terror]

From: Michael M. Butler (butler@comp-lib.org)
Date: Wed Sep 26 2001 - 21:47:51 MDT




      Bad news from the Napster wars:

      the harder you fight against

      decentralized networks, the more

      enemies you create.

- - - - - - - - - - - -

By James Grimmelmann

Sept. 26, 2001

Their hatred is implacable, their forces are decentralized. They seek
the protection of remote hosts for their secret bases. Their networks
are weblike and personal, difficult for outside observers to
penetrate. They use e-mail, encryption and other new technologies to
hide their dark doings.

Pay close enough attention to the descriptions of America's newest
enemies coming from Washington's talking heads, and something starts
to seem oddly familiar. Haven't we heard about these people before?
Wasn't it just a few months ago that we were being warned about their
dire plans and the civil liberties compromises required to fight
them? But no. That wasn't about Osama bin Laden at all. That was
about ... about ... Napster?

Strange but true: The rules of engagement in "America's New War" have
a great deal in common with the content wars of the last few years.
The RIAA and the MPAA -- the FBI and the CIA of the entertainment
industries -- have been involved in extended legal battles with the
music traders and software hackers of the world, and the strategies
they have employed show some striking parallels to recent American
anti-terrorist strategic thought. Consider:

* All security is insecure.

The DeCSS debacle began when a 17-year-old amateur cracked the
encryption scheme on DVDs. If there's an unpenetrated Web server or
uncracked content-protection scheme out there, it's only because no
one truly dedicated has tried to break it. As long as the media
industries rely on technology-only solutions to protect their
content, that protection is purely nominal, falling quickly before
the determined hacker.

The harsh lessons of computer security are worth keeping in mind when
thinking about terrorism. Systems are large and complex beasts and
therefore vulnerable; the United States and its people are perhaps
the largest and most complicated system in the world. An attacker has
free choice of attacks: The hijackers last week were able to ignore
the tight physical security around the World Trade Center by choosing
an airplane-based attack instead. Security is what you use to spot
your attackers and slow them down long enough for you to respond. Far
better to seek out your opponents than to wait for them to come to

* The front line of the conflict is human intelligence.

Shutting down any loose network -- whether it's a cluster of
terrorist cells or a peer-to-peer file-sharing system -- depends on
closing the knowledge gap between initiates and outsiders. The mere
existence of a strong program of infiltration has an enormous
deterrent effect: How can you recruit new members with confidence if
every potential recruit might be a plant?

There's no way to just search the Internet for everyone running
personal Web servers to share out their MP3s, but with enough
dedicated surfers, the media companies have been able to spot most
sites big enough to worry about. The result is that people are forced
underground: They trade music in smaller networks than in Napster's
day, sacrificing convenience for safer obscurity.

Something similar operates in the realm of anti-terrorist
intelligence. There's no setting on spy satellites or metal detectors
to scan for "terrorist," but enough skilled agents who fit in can
track down any terrorist cell that interacts with the outside world.
The MPAA had an easier time of it than the CIA will -- it's a lot
easier to hire for Internet credibility than it is to hire for
radical terrorist credibility -- but it's the credibility, rather
than the technology, that opens doors and lets the light of law
enforcement in.

* If you can't shut down your enemy, shut down his hosts.

When the MPAA tried to suppress the distribution of DeCSS, it quickly
discovered that many of the individual users posting the code to the
Web were prohibitively difficult to identify, ruling out direct legal
action against them. The MPAA instead targeted their ISPs: legally,
the Web hosting companies were obligated to take down DeCSS pages,
unless the users were willing to stand up in court and be sued.
Through this sidestep, the MPAA was able to sic its lawyers on the
people it really wanted to sue, or failing that, make the problem go

In declaring that the U.S. government would not distinguish between
terrorists and regimes that harbor terrorists, President Bush acted
on the same principle. Like the ISPs, the Taliban would prefer to be
a bystander in any conflict. By making them liable for the safe
harbors they grant, though, Bush transferred some of the weight of
U.S. pressure to a more identifiable target -- in order to acquire
greater leverage against his real enemies.

So far, so good. But though Washington has been quick to copy from
Hollywood's playbook, it also seems reluctant to learn from the ways
in which those plays have failed.

* Zealous enforcement tactics against old enemies breed new enemies.

Before Napster, few people had strong opinions about the record
companies, and their voices were rarely heard. But in the process of
hunting down a few college students whose main offense was liking
music too much, the RIAA managed to antagonize much of the software
community and civil libertarians everywhere.

How did they blow it so badly? By giving its old enemies powerful new
arguments, tons of publicity and an impressionable audience to preach
to. Those students and music fans started hearing about cartels and
Gestapo tactics when they asked why their Napster wasn't showing any
songs today.

It's hardly any surprise the RIAA didn't understand how bad the P.R.
consequences of a heavy hand would be: The U.S. as a country has a
long and bloody history of isolating moderates while it chases

What will happen if the government of Pakistan is forced to do so
much of our dirty work that it destabilizes itself? How much ill will
will we harvest once the bombs start falling? And so on. Bold action
may sometimes solve present problems, but it carries enormous risk of
creating worse ones in the future. More worryingly ...

* You can make them hide, but you can't rid the world of them.

Or at least, if you can, the RIAA hasn't figured out how. Napster
went down in flames, but the Napster clones are numerous, thriving,
better-hidden and harder than ever to take out.

Flattening your visible enemies inspires your remaining enemies to
stay invisible; unless you make them no longer your enemies, they
will find a time and a place of their own choosing to emerge from
hiding. The best "victory" one can hope for in fighting a
decentralized foe is not to eradicate them, but only to suppress
their activities.

Try explaining this fact in Washington today, though, and nobody
seems to be listening. Has Israel been able to eradicate Hamas? Has
Britain been able even to suppress the IRA? For that matter, how well
has China done in eliminating Falun Gong? Which raises one last and
especially disturbing point, one that ought to go without saying ...

* Terrorists are not the only people who operate in decentralized secrecy.

There are other peer-to-peer rebels out there, working in secret to
change the world -- and most of them are what we would normally think
of as the good guys.

Think of Afghan dissidents spreading the rhetoric of democracy from
Internet cafes. From the perspective of the Afghan government, they
look much the same way terrorists who coordinate attacks through
e-mail look to us. Think of demonstrators scattering to avoid
punitive raids from the police; think of rebel leaders trying to
organize a resistance movement. A lot of people will be watching very
carefully what the United States does to wage this new sort of war.

On the one hand every new tactic we develop to defend democracy can
be turned against the forces of democracy somewhere else in the
world. And on the other, every bulwark the Internet provides against
the anti-dissent squads somewhere far off and repressive, it provides
also against the anti-terrorist branch of the FBI back home.

Technology giveth, and it taketh away. The same filtering software
that protects children from pornography is used by repressive
governments to "protect" their citizens from critical opinions. The
new formats for compressing music designed to sell more CDs instead
became the leading techniques for its illicit distribution.

As we prepare to develop ruthless new "weapons" in the fight against
global terrorism, it is hard to overstate the need for some
reflection on the ways those tactics might eventually be turned
against us and those principles we believe in. A strange prospect,
perhaps, but then again, until last week, how many people seriously
thought of a passenger jet as a weapon of war?

- - - - - - - - - - - -


This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 14:40:58 MDT