Thursday, May 15, 2008
Bad news from the Napster wars: The harder you fight against decentralized networks, the more enemies you create.
Sep 26, 2001 | Their hatred is implacable, their forces are decentralized. They seek the protection of remote hosts for their secret bases. Their networks are weblike and personal, difficult for outside observers to penetrate. They use e-mail, encryption and other new technologies to hide their dark doings.
Pay close enough attention to the descriptions of America's newest enemies coming from Washington's talking heads, and something starts to seem oddly familiar. Haven't we heard about these people before? Wasn't it just a few months ago that we were being warned about their dire plans and the civil liberties compromises required to fight them? But no. That wasn't about Osama bin Laden at all. That was about ... about ... Napster?
Strange but true: The rules of engagement in "America's New War" have a great deal in common with the content wars of the last few years. The RIAA and the MPAA -- the FBI and the CIA of the entertainment industries -- have been involved in extended legal battles with the music traders and software hackers of the world, and the strategies they have employed show some striking parallels to recent American anti-terrorist strategic thought. Consider:
All security is insecure.
The DeCSS debacle began when a 17-year-old amateur cracked the encryption scheme on DVDs. If there's an unpenetrated Web server or uncracked content-protection scheme out there, it's only because no one truly dedicated has tried to break it. As long as the media industries rely on technology-only solutions to protect their content, that protection is purely nominal, falling quickly before the determined hacker.
The harsh lessons of computer security are worth keeping in mind when thinking about terrorism. Systems are large and complex beasts and therefore vulnerable; the United States and its people are perhaps the largest and most complicated system in the world. An attacker has free choice of attacks: The hijackers last week were able to ignore the tight physical security around the World Trade Center by choosing an airplane-based attack instead. Security is what you use to spot your attackers and slow them down long enough for you to respond. Far better to seek out your opponents than to wait for them to come to you.
The front line of the conflict is human intelligence.
Shutting down any loose network -- whether it's a cluster of terrorist cells or a peer-to-peer file-sharing system -- depends on closing the knowledge gap between initiates and outsiders. The mere existence of a strong program of infiltration has an enormous deterrent effect: How can you recruit new members with confidence if every potential recruit might be a plant?
There's no way to just search the Internet for everyone running personal Web servers to share out their MP3s, but with enough dedicated surfers, the media companies have been able to spot most sites big enough to worry about. The result is that people are forced underground: They trade music in smaller networks than in Napster's day, sacrificing convenience for safer obscurity.
Something similar operates in the realm of anti-terrorist intelligence. There's no setting on spy satellites or metal detectors to scan for "terrorist," but enough skilled agents who fit in can track down any terrorist cell that interacts with the outside world. The MPAA had an easier time of it than the CIA will -- it's a lot easier to hire for Internet credibility than it is to hire for radical terrorist credibility -- but it's the credibility, rather than the technology, that opens doors and lets the light of law enforcement in.
If you can't shut down your enemy, shut down his hosts.
When the MPAA tried to suppress the distribution of DeCSS, it quickly discovered that many of the individual users posting the code to the Web were prohibitively difficult to identify, ruling out direct legal action against them. The MPAA instead targeted their ISPs: legally, the Web hosting companies were obligated to take down DeCSS pages, unless the users were willing to stand up in court and be sued. Through this sidestep, the MPAA was able to sic its lawyers on the people it really wanted to sue, or failing that, make the problem go away.
In declaring that the U.S. government would not distinguish between terrorists and regimes that harbor terrorists, President Bush acted on the same principle. Like the ISPs, the Taliban would prefer to be a bystander in any conflict. By making them liable for the safe harbors they grant, though, Bush transferred some of the weight of U.S. pressure to a more identifiable target -- in order to acquire greater leverage against his real enemies.
So far, so good. But though Washington has been quick to copy from Hollywood's playbook, it also seems reluctant to learn from the ways in which those plays have failed.
Get Salon in your mailbox!