Changing the encoded anonymity of the web
My big idea is that we have to fix the internet. After 40 years, it has begun to corrode, both itself and us. It is still a marvelous and miraculous invention, but now there are bugs in the foundation, bats in the belfry, and trolls in the basement.
I do not mean this to be one of those technophobic rants dissing the Internet for rewiring our brains to give us the twitchy attention span of Donald Trump on Twitter or pontificating about how we have to log off and smell the flowers. Those qualms about new technologies have existed ever since Plato fretted that the technology of writing would threaten memorization and oratory. I love the internet and all of its digital offshoots. What I bemoan is its decline.
There is a bug in its original design that at first seemed like a feature but has gradually, and now rapidly, been exploited by hackers and trolls and malevolent actors: Its packets are encoded with the address of their destination but not of their authentic origin. With a circuit-switched network, you can track or trace back the origins of the information, but that’s not true with the packet-switched design of the internet.
Compounding this was the architecture that Tim Berners-Lee and the inventors of the early browsers created for the World Wide Web. It brilliantly allowed the whole of the earth’s computers to be webbed together and navigated through hyperlinks. But the links were one-way. You knew where the links took you. But if you had a webpage or piece of content, you didn’t exactly know who was linking to you or coming to use your content.
All of that enshrined the potential for anonymity.
You could make comments anonymously. Go to a webpage anonymously. Consume content anonymously. With a little effort, send email anonymously. And if you figured out a way to get into someone’s servers or databases, you could do it anonymously.
For years, the benefits of anonymity on the net outweighed its drawbacks. People felt more free to express themselves, which was especially valuable if they were dissidents or hiding a personal secret. This was celebrated in the famous 1993 New Yorkercartoon, “On the Internet, nobody knows you’re a dog.”
Now the problem is nobody can tell if you’re a troll. Or a hacker. Or a bot. Or a Macedonian teenager publishing a story that the pope has endorsed Trump.
This has poisoned civil discourse, enabled hacking, permitted cyberbullying, and made email a risk. Its inherent lack of security has allowed Russian actors to screw with our democratic process.
The lack of secure identification and authentication inherent in the internet’s genetic code has also prevented easy transactions, thwarted financial inclusion, destroyed the business models of content creators, unleashed deluges of spam, and forced us to use passwords and two-factor authentication schemes that would have baffled Houdini.
The trillions being spent and the IQ points of computer science talent being allocated to tackle security issues makes it a drag, rather than a spur, to productivity in some sectors.
In Plato’s Republic, we learn the tale of the Ring of Gyges. Put it on, and you’re invisible and anonymous. The question that Plato asks is whether those who put on the ring will be civil and moral. He thinks not. The internet has proven him correct.
The web is no longer a place of community, no longer an agora.
Every day more sites are eliminating comments sections.
If we could start from scratch, here’s what I think we would do:
- Create a system that enables content producers to negotiate with aggregators and search engines to get a royalty whenever their content is used, like ASCAP has negotiated for public performances and radio airings of its members’ works.
- Embed a simple digital wallet and currency for quick and easy small payments for songs, blogs, articles, and whatever other digital content is for sale.
- Encode emails with an authenticated return or originating address.
- Enforce critical properties and security at the lowest levels of the system possible, such as in the hardware or in the programming language, instead of leaving it to programmers to incorporate security into every line of code they write.
- Build chips and machines that update the notion of an internet packet. For those who want, their packets could be encoded or tagged with metadata that describe what they contain and give the rules for how it can be used.
Most internet engineers think that these reforms are possible, from Vint Cerf, the original TCP/IP coauthor, to Milo Medin of Google, to Howard Shrobe, the director of cybersecurity at MIT. “We don’t need to live in cyber hell,” Shrobe has argued.
Implementing them is less a matter of technology than of cost and social will. Some people, understandably, will resist any diminution of anonymity, which they sometimes label privacy.
So the best approach, I think, would be to try to create a voluntary system, for those who want to use it, to have verified identification and authentication.
People would not be forced to use such a system. If they wanted to communicate and surf anonymously, they could. But those of us who choose, at times, not to be anonymous and not to deal with people who are anonymous should have that right as well. That’s the way it works in the real world.
The benefits would be many: easy and secure ways to deal with your finances and medical records. Small payment systems that could reward valued content rather than the current incentive to concentrate on clickbait for advertising. Less hacking, spamming, cyberbullying, trolling, and the spewing of anonymous hate. And the possibility of a more civil discourse.