The hottest new faux-digerati lobby firm in DC in the communications field is Mike McCurry’s new firm Arts+Labs.  McCurry is an old political hand, Bill Clinton’s press secretary, looking for a second career after the Clintons. Apparently there’s no big cash to be had protecting our freedom of speech, but Cisco and AT&T are happy to fund him to run a firm to defend ISP’s right to do “deep packet inspection” (DPI).

Only Arts+Labs doesn’t dare call it DPI, which sounds just a bit scary and Big Brotherish.  Instead they call it the “intelligent network” that will smooth our experience, cleansing it of all those uneven experiences.   Those of us who are as old as I am - 56 - might remember that the term “Intelligent Network” was a Bell Labs idea that failed due to the success of the Internet.  As David Isenberg told it, the Internet was the “Rise of the Stupid Network“.

The Internet is a simple network, a stupid network, that just connects your computer to another computer with no interference. That’s opposed to old smarty-pants networks that tried limit users to those things that maximized the operators’ monopoly profits, by taxing the content providers and preventing innovators from attaching new devices, inventing new services at the edges, etc.  The Internet won, for a good reason: it enabled innovation, and it kept busybody operators from having to tinker with or spy on their users’ traffic.  It delighted users, rather than holding them hostage.

The Arts+Labs site looks cool, very Web 2.0′ish.  But hidden in that beautiful design, behind the slick and seductive words, is a dangerous idea, one that the founders of the United States rejected in the First Amendment.  The Arts+Labs site tries to convince you (and Congress) of the idea that it’s a “good thing” to allow your ISP to decide what you can see or hear or use.  That’s the same ISP that is given by Fed, State, or local regulators a monopoly or oligopoly over your ability to connect at high speed to the Internet.  For that monopoly to examine your traffic, make guesses as to what it means, and to decide for you which services you should connect to, using what protocols.

Don’t believe Mike McCurry, AT&T and Cisco’s new shill.  He may be connected, but it’s pretty clear that he wants to disconnect us.

I just found out, almost by accident, that one of my significant early mentors (though we’ve grown apart) died last Wednesday.  Mike Hammer’s obituary appeared in the MIT Tech newspaper on Tuesday.  Services were last Saturday.  He was only 60 years old (4 years older than I).

Since I first met him as an MIT sophomore in 1971 when I took an MIT graduate subject on advanced compilers from him, which led to him asking me to teach the same class the following academic year (a junior teaching a graduate seminar to grad students …) and later in the ’70’s when we co-developed the core MIT undergrad course in computer languages and their interpretation (6.035), he and I worked closely together. At the time he was a young professor at MIT’s Lab for Computer Science.  I give him credit for teaching me to think broadly, skeptically, and critically, and for encouraging me to take risks outside my comfort zone - it wasn’t my idea that I could teach a graduate seminar!

A few years later in 1983, when I was a young professor, he and I decided to take the risk of becoming technology entrepreneurs rather than just professors.  Though we went in very different directions (he created a new field of consulting, and I became a personal computer software leader) our careers were remarkably parallel but rarely intersected.

Many years later, when I was a v.p. at Lotus Development and he was famous for his work on Re-engineering the Corporation, he and I were involved with others in the launching of Vanguard, a unique organization/process that again refueled my freedom to explore and experiment in the intersection of technology and business.

His dying at such an early age makes me think.   I wish his passing were more recognized.  He did have a big effect on the world, just as he had a big effect on me in my youth, perhaps because of his unconventional approach to life and his career.

I owe Mike a LOT, and yet he will never hear that from me now.

The FCC today issued its formal opinion and order in regard to Comcast’s degrading of P2P and other traffic using DPI and RST injection.   Of course, I’ve been very interested in this, especially since I was asked by the Commission to testify as a witness at the en banc hearing at Harvard Law School in February.

After reading the order this morning, I felt like commending the FCC - so I filed a formal comment with the FCC,  and I posted it on my site as well. The decision is a good decision for the Internet.  In short here’s why:

The decision shows that the agency understands the importance of the technological principles of the Internet’s design.

The Internet is a world-wide system that does not belong to any one operator, whether providing access lines or backbone transport.

The design of the Internet Protocols specifies clear limits on what operators can and cannot do to Internet Protocol datagrams when those operators are acting as part of the Internet.

Not obeying those limits poses a serious risk to the continued success of the world-wide Internet. Happily, the FCC recognized and exposed Comcast’s transgressions of those limits.

Though Internet design is not a law, the Commission’s order respects the importance of that design, and rejects Comcast’s misbehavior and deception in applying technologies that go against the principles of that design.

While the discussion about DPI has ratcheted up recently, I’ve been trying to think creatively.  As I noted in my testimony, encryption of all traffic is not so easy, mainly because there is a lack of a complete approach to key distribution and authentication. Not only would the costs be shifted to the users of the network, but the systems would become much more complex and difficult to debug.  Also, the existing PKI is quite expensive and clunky.  The cost of a server certificate exceeds the cost of a years’ hosting service!

Another approach might be to detect and/or to deflect the DPIors. It would be fun to figure out some angles along those lines, rather than hoping that encryption will come through.

One idea that comes to mind is an old idea from Rivest called chaffing and winnowing. Since the “guy in the middle” really cannot presume to understand the meaning of the Internet Datagrams flowing between the source and the destination, one could hide the meaning by throwing messages into the stream that mislead the intermediate node, but are discarded by the destination. As I recall, Rivest introduced this idea when it looked like encrypting Internet traffic would be made illegal.  It would also work to deal with cases where ISPs block encrypted traffic. It differs from steganography because it doesn’t hide information in something, it hides information in a fog of chaff.

The best chaff would be chaff that wasted the watchers’ resources far out of proportion to the cost of sending it. Watchers need to “reassemble” flows to make sense of them.  So the trick would be to send chaff that form a jigsaw puzzle with many missing pieces, or contradictory pieces.  The watcher node would fill up its buffers with partial assemblies, and with luck, crash.  The destination wouldn’t see the partial stuff at all.

To detect the DPIor would be more difficult. But not necessarily impossible.  Even read-only DPI systems exist to have an eventual effect on the endpoints that are communicating.  Make the effect happen on purpose.  Measure its effect.  If the goal is to market prescription drugs to you, send stuff that makes the DPI system think you have a disease that you do not have.  If the goal is to market mortgages, make the DPI system think you are buying a house.  No matter how this information is used, if you end up with targeted but inexplicable marketing messages - you know DPI is in use.

Now if the goal of DPI is not marketing, but child porn detection, blackmail or implementing a pogrom, you can do the same thing, but you might want to make sure that your friends know that you are not a child porn reader or closeted gay soldier, or whatever might be the target of the surveillance.

Of course, it would be better to make such spying on customers against the law for ISPs.

Well, for the first time in my life I got to testify before a Congressional Hearing… The House Subcommittee on Telecommunications and the Internet held a hearing today about Deep Packet Inspection, where I was invited to be a witness, along with the CEO of NebuAd and others, to discuss the issues surrounding ISPs using Deep Packet Inspection to capture and to modify all of the communications their customers do across the Internet.  I’ve put the written testimony I shared with the committee prior to the hearing up on my server - I’d suggest you read it.

If you want to understand how NebuAd works (as an example of DPI in action), see Robert Topolski’s excellent reverse-engineering of its use in a report he did for FreePress.org.

The whole hearing was webcast.   I am hoping that it continues to be available online.  The other witnesses statements are available as well.

I have to grant that the DPI industry has some cojones.  See the industry association’s website at dpacket.org.

A small piece of positive news(July 19): someone just pointed out to me that an online news story says that Charter Communications dropped plans to deploy NebuAd in trials on June 24.

One of my grad students (whom I won’t embarrass here) just introduced me to a new UROP student as a fount of Internet know-how by saying that I “invented UDP”.   This just seemed odd to me.  Perhaps because our culture is so oddly focused on “who” and ignoring the more important “what”.   People Magazine is far more appreciated than Scientific American or Current Affairs.

So I wrote an email back explaining what I thought matters about UDP, and that the real import is a thread that involves contributions from many groups and a few individuals, all intellectually related and mutually supportive.   My student asked if he could publish it, and upon reflection I decided I should post the note in a place where he could refer to it, but I could ensure its integrity and currency.

The broader point is that what I really care about are the contributions I’ve managed to make to the world - the “what”.  I’m not all that humble, but I’d be happy if the ideas I’ve struggled to develop contribute to improving man’s understanding of man and his world. That would be enough.  Dayenu (as they say in Hebrew).

Finally, time to start blogging again. There seems to be a consensus that Wordpress is the easiest tool these days, so that’s what I chose for the new server. Let’s see how I do at keeping it going.