Bill Thompson answers critics
Constitutional heretic says Palladium inevitable
Writing in The Guardian newspaper today, Bill Thompson describes the reaction to his provocative essay Damn the Constitution: Europe must take back the Web that became the most talked-about tech piece last weekend.
Since this produced a huge and varied mailbag: spanning the extremes of vilification and enthusiastic support, I caught up with him with to explain. Reg regulars will know that I've lived in the US for couple of years, and I think the constitution is so bad it ought to be adopted in Britain at once, to replace the farcical aquatic ceremonies we currently endure. But I've also despaired of the popular failure to mobilize against restrictive technology [follow-up and mailbag]and restrictive legislation.
That seemed a good starting point for this discussion.
Reg:OK, I thought this was timely for two or three reasons. One was your column on Palladium for the BBC, which suggested a trusted space might be a good thing. Another is the failure of the EFF and the libertarians so far to counter the Pigopolists; and third is Danny's success with his fax-your-MP anti RIP campaign in the UK, by way of contrast.
But why do you think the US is irretrievably doomed? You seem to suggest that as long as it has a constitution, or this constitution, then it is.
Bill: It's not quite that bad. You're right that this was largely prompted by thoughts of what a trusted computing environment might look like, and the realisation that this was finally an opportunity to assert the primacy of political rather than commercial control over the future development of the net...
It was also prompted by reading Lessig's 'Code', which I'd avoided for so long but finally felt I had to engage with. His inability to see beyond the constitution, coupled with the realisation that with a trusted network... you could, at last, effectively 'zone' cyberspace, lead to the conclusion that we no longer had to do what the United States said. We could rethink the Net.
Once you do that - once you challenge the core assumption that the Net transcends geography and therefore must be subjugated to the interests of the world's only remaining superpower, then you find lots of possibilities open up. And I believe that many of those possibilities are significantly to be preferred to the current reality and the US vision of the Internet's future.
But much of the Net is safe, surely. It's the open PC that's under threat?
Well, I don't think the open PC - you can run whatever code you want - is threatened by Palladium or TCPA. I think we will still have a choice of running unregulated code... but the space within which that code operates will be limited.
I disagree. Palladium makes running unauthorized software very difficult, with the unique HW identifier - what Ross calls the Fritz chip. It's a closed system.
It doesn't have to be: Microsoft is being very careful to position Palladium as optional, and to say that you'll still be able to run unsigned apps... however, of course, they could change their mind about this. And that's a big part of my argument, they shouldn't be allowed to change their mind because there needs to be sensible regulation - legislation - about this *before it's all in place*... and I think governments can do this. Come back to the US - in the US there is a crisis of political legitimacy and a widespread belief that government should just back off. But TCPA is a prime example of something where *only* government can act in the public interest.
A so we need laws which cover it. In Europe we at least think this is possible - our governments sometimes pass awful laws (RIPA in the UK, the new copyright directive elsewhere) but they are amenable to control.
You don't accept that consumers can boycott TCPA systems. Why not?
I think that the benefits of TCPA systems will be so great that people will choose them over 'open' systems. They will be spam and virus free. They will allow people to assert their rights to fair use over copyright materials. They will be safer - precisely because more regulated - and the vast majority of the world's 6 billion people will prefer that to the free code anarchy that we geeks enjoy. As a person I'm on the side of free code, but I know I'm a minority.
OK, let's move onto that later. But you don't think the US consumer can stop TCPA - on Wintel's terms - by refusing to buy TCPA PCs?
Well, the Pentium ID was stopped before it got into production by technical people - TCPA PCs will offer lots of consumer benefits and while people choose AOL over other ISPs I'm not optimistic about them choosing an 'insecure' and 'unsafe' computer in PC World [UK equivalent of CompUSA - ed].
So no, I think that TCPA is going to happen. And the question then becomes how we regulate and control the use of these secured systems and the secured network that they will create. It will be a virtual network, living on top of the Internet, but it will grow very rapidly. It will be the place to get streamed video/audio and copyright materials, for one thing.
I'm still interested in the effectiveness of populist advocacy in the US; because to persuade people that an accountable version of TCPA is A Good Thing, you first have to "unconvince" the geeks that they can't stop the unaccountable TCPA. And answering this might explain why you have such a downer on the constitution.
OK, I think it works like this.
We are at a point of inflection in the development of the wired world. Things are changing and the old Internet is going to disappear. Partly this is because it does not properly serve corporate interests and they urgently need to re-engineer it so that it does so partly it is because many of us who care about the net realise that it is not amenable to political control either, and we want it to be so.
We do not believe that 'cyberspace' and 'the real world' are separate spheres, and we want the same (imperfect, failing but fundamentally human-centred) control over the net as we have over other aspects of the world.
But you have to undo the belief in the primacy of the market first!
How much of the cyber libertarians' failure to stop Pigopolists is a) fundamental political objection to passing new laws b) apathy c) lack of organization or precedent for social organization? Or, d) coders who just want to "left alone" - and like Cory (cited by Bruce Sterling in his Open Source speech) - want to find technical solutions rather than political solutions. These aren't mutually exclusive, of course - they're intersecting areas of a Venn diagram. Your mailbag seems to suggest that at least the will is there.
It's all four. The coders have failed us in the same way as the Communist Party failed us: in the USSR it built a state tyranny which was far more oppressive than the market could ever dream of being, in China it continues to do so and the lack of faith in politics - the lack of belief that 'political' action can be effective or even worthwhile when the system is owned by the corporations - has destroyed the possibility of effective US action.
But for this, you blame the constitution
I think that many people realise the Net is in a bad way. They don't know what to do about it in my essay I wanted to outline one way forward: that we simply abandon the current model, which is roughly 'let the First Amendment rule', and do something else, which involves finding ways to allow governments to exert authority over the net.
In order to do that you have to map the net onto the real world, which TCPA allows you to do for the first time. You have to give up some freedoms, but they are (I believe) empty freedoms.
And you have to be willing to do politics not just coding.
I don't think the US is capable of any of this, so we should just leave them to get on with things their own way. And I think Europe could be the core of a new approach - but only one new approach, and there could be others.
I disagree here, there's nothing wrong with the Constitution. It was only one strange case in the 1890s that allowed a corporation to be treated as an individual 'person'. Roll that back, and the corporation is stripped of First Amendment rights.
But you'll never persuade the lawyers or the courts to do that sort of thing - they are so tied up in textual analysis that they make the Christian theologians look positively relaxed about doctrine; Lessig is harsher than Aquinas ever was...
The constitutional lawyers and their approach to new situations are simply untenable when it comes to defining the principles which should govern our online life. We need to start from the basic principle that cyberspace is not separate from real space, and so each state can have its own laws and codes.
But you don't demonstrate how a European TCPA could withstand capture by the Home Office, the Police, and every other national law n'order body. You wave the word "culture" around like a magic wand, but the fact is, NCIS et al have been very successful in bending European privacy directives their way. As successful as Disney.
The only way to avoid the capture of the system by the hardline law and order agencies is through political effort - what I'm calling for is a real engagement in the political process by those who understand technology and want the net to thrive.
You see, I don't think we really have a choice: there will be trusted PCs and a secure, zoned Internet in five years whether we like it or not. We can either try to take control of that network now, through the democratic process and
the power given to us as citizens within a democracy, or we can leave it to the corporations and the corrupt politicians who serve only the interests of their paymasters. It will happen whether we take part or not, and no new protocols or tools or cool software from the geeks at SourceForge will stop it. We really do not have a choice.
I think that the first step is to free ourselves from the attitude that it will all sort itself out and we can just leave it to the US to find a way.
There's also an equally unwilting faith in the power of lawyers to fix things. I've heard the EFF described as a job opportunity for lawyers - but nevertheless it's the geeks weapon of choice for popular advocacy, something rather less direct than fax-your-MP.
So, in short, by attacking the Constitution, you're trying to encourage direct political engagement?
Absolutely. I don't believe in lawyers, I do believe in politics - broadly construed - as a way to make the world a better place. And this puts me up against a broad swathe of the US population who have come to believe that politics is fundamentally about removing freedom: I believe politics is about preserving freedoms worth having. I believe in collective action. I also believe in the NHS.
The constitution has become an instrument of torture for those who believe that we create the world anew each generation. We are squeezed between its amendments just as Protestant martyrs were squeezed in the torture chamber, and we will only be free if we reject it. I value the freedoms and rights that US citizens have, but I do not accept that they will automatically apply everywhere online - and I will fight to ensure they do not. Each state must retain its right to determine for itself how it will extend online, and if we disagree with their choice we should argue and use political channels to achieve our ends.
But if not constitutional law, then what? There are very few examples of enlightened legislation in the history of technology, no? The biggest difference between the US and the rest of the world is that the rest of the world adopted a common mobile phone standard; but that wasn't legislated anywhere.
I think it may have been - in that in many countries the government decided what standard to use while in the US it was 'left to the market' But I'd need to check.
I believe GSM was 'encouraged' by key EU countries, but not legislated... it was actually left to the telecomms engineers to go away and agree on a solution. I wonder if this is a model you'd prefer to see adopted for your "People's TCPA"?
Legislation is not only about forcing people to do things - that's a very US view, if you don't mind me saying. It's also about creating an environment in which good things can happen.
The EU spends vast amounts of money on scientific research [Framework programme] without MEPs saying which projects get funded and lots of laws are about encouragement rather than constraint. So in the UK you get £50 off your VAT bill if you pay electronically, but the law does not force you to do so. This is a good model for enhancing the network and encouraging people to opt in to a European approach.
I think that the alternative is to create a network infrastructure that allows each country to decide for itself. Some will choose a US-style model. Here in Europe we have liberal states which will be relatively free; Saudi Arabia doesn't like photos of women in swimsuits or criticism of Allah. Why should we all have to do it the US way?
Of course California isn't short of laws itself. Especially regarding drinking and er, smoking. But equally there's a European tradition of civil disobedience - people simply ignore laws they don't like.
So how do you see a European subnet arising? Technically, and politically?
That's cool, though: I think the other side of my argument is that once you have a trusted, zoned network we'll all start undermining and subverting it. But in a European way!
As for your question, I think it should start with a serious discussion about what controls we need to have in place before trusted systems arrive - how we will constrain or encourage the companies involved. Perhaps EU chips need to work differently from US chips, or have a specified range of identifiers or some extra functions. Intel wants to obey local law and sell to the EU, so. . .
But does Europe have the political will to see these demands are met in the WTO talks, and the like? And can you imagine that the US wouldn't retaliate, economically?
They will do what we want. Then we can decide how to zone the EU.net - perhaps we offer people certificates for their processors which identify them as 'inside' Europe. Then we take some of the worst excesses of the US system - DCMA for example - and annul its impact within the EU zone, to give people an incentive.
So we tell Adobe that their eBook software has to allow sharing and fair use or it will not run within the EU zone.
There's no need or potential for retaliation - US corporations make left hand drive cars for the UK, don't they? What's the difference? At the moment Europe does not have the political will to do this, but they will have by the time I'm finished.
You've mentioned to me that your Euro-TCPA will allow multiple identities too. Can you elaborate?
There is a strong need for each of us to control our appearance in the real world, and this applies online too. I don't need to use the same persona each time I'm online, just as I'm different at work or at the pub or with my lover. A trusted net can be trusted with multiple identities too - pseudonyms - and only I need to know that they all resolve to the same physical individual. This is one instance where the new net offers the potential for a lot more freedom - real freedom - than the current network. It is hard (impossible?) to be really anonymous today, but with the right network architecture and the right laws in place we could have secure trusted pseudonyms.
I think the main objection is that Europe has its own democratic deficit - even though the guy with the most votes usually gets in. We don't exactly have open institutions we can trust on a supra-national level. You'll recall one of my favorite quotes, relayed to Tony Bunyan [ Statewatch monitors abuse of state power in Europe] when requesting the deliberations of the Home Affairs committee, he was told "This is not a public library".
Or I was investigating data sharing in the EU, in 1995, and a Europol press officer (!)told me at the end of the interview - "We've never spoken. I don't exist!"
Absolutely - it's far from perfect but we can start to address that, and surely it's better to have your own imperfect elected representatives than just decide to do what the US Congress decides?
Do you think the EFF/geek lobby's approach is DESIGNED to fail? As a failure, it's succeeding splendidly, so far, isn't it?
Well, you could see them as deep moles who've spent the last five years getting into a position where they can do maximum damage, but I think that (sadly) they are genuinely committed and just totally ineffectual. They don't understand US politics, they don't appreciate how to have an impact and they don't know how to connect with any community other than the deep techies whose views are unrepresentative and poorly articulated anyway.
It makes me think of the hard left in the UK in the 1980s.
Both faith-based cults. It was interesting to see McClunker's rallying cry to 'go home and eat pizza!' demolished by Slashdot posters. Presumably, that was the very audience he was trying to pander to. What did you make of his article?
It was a counsel of despair - precisely the response of a US citizen who has no faith in the political process and believes that the only solution is to route around the damage to the democratic process.
He argues that it's no good lobbying for good law because that only feeds the system, echoing the anarchists who say that you shouldn't vote because it only encourages the politicians.
If only life was as simple as he would like it to be - unhappy with Censorship? Then invent a new protocol and the world will be a better
Sadly this is not true: the 'success' of DMCA is that it is technology-neutral: any circumvention of DRM is illegal, however broken the original protection was to start with.
In this world we need to engage with the process, not avoid it. Why not suggest that the geeks get themselves elected to Congress instead of asking them to stay away from Washington?
Why not educate the administration instead of simply letting it get on with passing bad laws? Instead, well-respected commentators like McCullagh say 'technology is a more effective tool than the political process to stop governments from overreaching' and actually believe it. No wonder we're in such a mess.
I like his photos, though. The San Francisco landscapes are beautiful. So how will your "People's TCPA" work? I presume there'll be a UID in every component, and PCs will no longer be upgradeable?
I don't know how it will work, I just want us to start thinking about it now before it's too late. I can't see why it should get in the way of upgradeability. The point is not to tie everyone into a Microsoft-sponsored licensing scheme but to provide a trusted computer that can be a full participant in the network - swapping graphics cards or disk controllers doesn't have to impact that. In fact, the sort of 'lock-down' we see in Windows licensing is there because you don't have any hardware-level authentication at the processor level. Once your processor(s) are able to do that then they can certify any new hardware - basically just confirm that the new hardware is also authenticated for use in the trusted network.®
Sponsored: Becoming a Pragmatic Security Leader