13 Jul Jonathan Zittrain responds to Duncan Hollis
[Jonathan Zittrain, Professor of Law at Harvard Law School and Co-Director of the Berkman Center for Internet & Society, responds to Duncan Hollis, An e-SOS for Cyber-Space. This post is part of the Second Harvard International Law Journal/Opinio Juris Symposium.]
Duncan Hollis’s e-SOS article reinforces several important insights. The first emphasizes that the current state of computer and network security is bad and getting worse, and that traditional responses are insufficient. These responses include the self-help of installing layers of firewalls and anti-virus mechanisms, as well as government intervention through traditional rule and sanction against bad acts. My own thinking around alternative responses and their respective inadequacies is structured around four quadrants.1 Two depend on singular and universal application to work; while two draw their power from competition.
Government action is in the former category. Wrongs are defined, and in the most simple model, the state then acts against wrongdoers. Corporate and individual responses are in the latter category because they are less encompassing and more varied. The hope is that from that mix, new solutions can emerge, as, for example, each anti-virus vendor strives to offer the most complete and rapidly-updated definitions.
Hollis’s second contribution lies within what I’d place as the fourth category: tending towards singular and universal, while drawing its power from the community rather than the state. A multiplicity of well-meaning individual and institutional actors can come together against a problem in ways that might be more effective than simple state-based regulation. Hence one of the original sources of the nautical SOS: a ship foundering at sea may not be in range of a government coast guard, but fellow ships can help. They might do so out of good will, or due to the norms of the sea and the profession of seafaring, or because of a simple mutuality so often modeled by game theory: the helper may one day need help, and the self-interest of helping lies in expecting that the favor will be returned should an ill wind reverse course.Hollis seeks to have the government quadrant reinforce such norms, perhaps requiring help should an SOS be sounded. This plays to government’s strength: it can better command and cajole mainstream parties who aspire to obey the law as helpers than restrict the untraceable wrongdoers against whom help is needed. Hollis has well documented just how difficult attribution of cyberattacks can be to those who commenced them.
Some of the criticism of Hollis’s proposals inheres in their faithful analogy to real-world distress calls, which naturally exist against a backdrop of non-distress. As soon as there is a divide between normalcy and crisis, one must judge when a distress call is warranted and how to scale responsive help. Each potentially helpful party is anticipated to make a human decision about contemporaneous assistance. Human because at such a time many factors will be weighed, such as whether helping could draw fire – exactly the kinds of factors a state weighs in deciding whether to live up to the terms of a mutual defense treaty when its neighbor has been attacked – and human because a person’s, or more likely many people’s, attentions will be required to make good on the aid request. As attacks become more numerous and quick, the cost of turning the cogs of response can become a real drawback – or even make the scheme ineffective.
Moreover, the primary sources for Hollis’s assessment of the state of cybersecurity tend towards the more worried and hawkish end of the spectrum. When combined with the loose nature of the eSOS, this makes it more likely that the proposed duty to assist would license states to view many varieties of cyberattack as hostile, and assign the “distress” indicator to criteria other than severity of effect, including just designating various targets as “high distress” targets. This could make minor incidents more likely to scale into large and dramatic ones.Some of my own solutions have thus sought out forms of mutual aid that do not require the explicit generation of a call for help and a response. Rather, they seek to make the fabric of the Internet simply more robust, thanks to the widespread but uncoordinated adoption of software that naturally lends aid as it is required. For example, a system of assistance can be devised through the handful of Web server platforms operating in the world: “mirror as you link.”2 Today, if one clicks on a link to an external site and that site is unavailable – perhaps attacked with a classic denial-of-service – there is no alternative to accessing it. Mirror-as-you-link would change that. Participating Web server administrators could make it so that for some or all of the links to external sites that they offer on their pages, the contents of the faraway sites would be saved (“cached”). They would do this only for sites that wish it to be done, and then only for sites that also perform such mirroring themselves. Then, when one site goes down, a Web surfer clicking on a link to get there can return to the referring site and ask for a copy of whatever he or she is missing since the destination site is down.
Such a scheme could not only provide some defense against denial of service attacks and content defacements, but also help to create a distributed archive of the Web – something currently left to the tireless private ministrations of the Internet Archive. Among the costs of operating the Archive are not simply the sheer computing power and storage capacity needed to regularly crawl and save the Web, but also the risk that such a Fort Knox repository would itself be deemed a target for attack or corruption. Saving our collective public work can and should be a collective task; the Internet Archive should be a spear at the front of a huge vanguard.We are not used to thinking this way online. Too easily have our expectations about security been driven by models that are not true to the Internet’s distinctive origins and continuing architecture – my online world should work, and if it doesn’t, either I’m to blame (in the libertarian model), the government’s to blame (it should have policed better), or the corporate sector is to blame (the product didn’t work as it should).
The heart of an e-SOS is to empower people and institutions to see them as able not only to help themselves but to help others, and to see how an otherwise-small iota of power can be a contribution to a formidable defense system, one well suited to our online environment, and least suited to abuse.
^Jonathan Zittrain, A Mutual Aid Treaty for the Net, 8 The Future of the Constitution Series, The Brookings Institution (2011), http://www.brookings.edu/papers/2011/0127_internet_treaty_zittrain.aspx.