[p2p-research] Fwd: meeting on p2p risks to national sec

Tue Jul 28 11:39:18 CEST 2009

Michel Bauwens linked to:
"Inadvertent File Sharing Over Peer-To-Peer Networks: How it Endangers
Citizens and Jeopardizes National Security."
> http://oversight.house.gov/story.asp?ID=2554

Here are some comments on the p2p file sharing issue from my own thinking
about it in the context of working towards peer-to-peer collaboration software.

First, and mostly unrelated, one witness is listed as from "Center for the
Study of Digital Property". Well, as Richard Stallman suggests, calling
something "property" begs the question of how it should be treated by
society. But, if it is "property', then how about taxing it annually?
   http://journalism.berkeley.edu/projects/biplog/archive/000431.html
   http://www.lessig.org/blog/2003/01/the_radicals_at_the_economist.html
   http://www.lessig.org/blog/2003/01/on_building_rather_than_suing.html
Let's see how fast we can get copyright and patent lawyers to say, "Oh, no,
that's not what we meant by property. You can't tax Micky Mouse; it's just
that he's like real estate only when it benefits us." :-)

Anyway, and on to my main points, there are serious security risks to any
system attached to the internet, obviously. So, the basis of this hearing is
not without some merit.
   http://en.wikipedia.org/wiki/LimeWire#Criticism
   http://en.wikipedia.org/wiki/File_sharing#Risks

But, what is left out of the equation in terms of balance is how intentional
sharing of information on peer-to-peer networks can enhance national and
global security.

For one example, one of the biggest early users of the Groove peer-to-peer
software for collaboration was the US Defense Department. That itself caused
some other issues:
   "Software Pioneer Quits Board of Groove"
   http://www.nytimes.com/2003/03/11/business/11PRIV.html
"Mitchell D. Kapor, a personal computer industry software pioneer and a
civil liberties activist, has resigned from the board of Groove Networks
after learning that the company's software was being used by the Pentagon as
part of its development of a domestic surveillance system. Mr. Kapor would
say publicly only that it was a "delicate subject" and that he had resigned
to pursue his interests in open source software. ... However, a person close
to Mr. Kapor said that he was uncomfortable with the fact that Groove
Networks' desktop collaboration software was a crucial component of the
antiterrorist surveillance software being tested at the Defense Advanced
Research Project Agency's Information Awareness Office, an office directed
by Vice Adm. John M. Poindexter. ... "With the dramatic change of funding
availability in the high-tech sector, it's become difficult for companies to
turn down the funding opportunities presented by the federal government,"
said Marc Rotenberg, director of the Electronic Privacy Information Center
in Washington. "It does show that some people in the high-tech community,
including some of the founders, are not happy with what's happening." ..."

In the interests of full disclosure, we did work on aspects of that system.
http://www.pdfernhout.net/a-rant-on-financial-obesity-and-Project-Virgle.html
http://www.cognitive-edge.com/blogs/dave/2007/03/unwired.php
However, my wife (an independent contractor) was upfront with Mr. P. about
her focus of getting people to see things from multiple perspectives and
working towards increasing global compassion. A more general effort she had
helped with even before 9/11 had failed afterwards in convincing the 
Something-in-Chief that an activity like invading Iraq would be a really bad 
idea, with the resulting waste of the lives of thousands of idealistic
young US Americans (and tens of thousands of US injured, many severely), let
alone hundreds of thousands of Iraqi fatalities and injuries and millions of
refugees), as well as trillions of US dollars in costs by the time it is
over (an expense which causes its own suffering to the people of the USA).
As I understand it, some official people wanted to get some information into
that Lyme-addled mind of his about geopolitical reality using better
presentation methods. The rest is my speculation based on later events. :-(
   http://www.google.com/search?hl=en&q=bush+lyme
I wish now I had taken her work even more seriously back then. By the way,
Mr. ex-appointed-President, you might wish to read this book I've found
helpful myself:
  "Healing Lyme: Natural Healing And Prevention of Lyme Borreliosis And Its
Coinfections "
http://www.amazon.com/Healing-Lyme-Prevention-Borreliosis-Coinfections/dp/0970869630
(It's an approach that relies mostly on Chinese-style herbs, as the standard
medical treatments often don't work, perhaps because Lyme was possibly
weaponized at Plum Island to be more awful?) I can only think (maybe in
error) that such sensemaking and presentation ideas and technologies as were
developed on that project (of which surveillance was only part) might have
been of some small value in the fortunate prevention of follow-on US
invasions into Iran and Syria which, depending on what sort of stuff those
two countries keep in their refrigerators
http://en.wikipedia.org/wiki/Iran_and_weapons_of_mass_destruction#Biological_weapons
http://en.wikipedia.org/wiki/Syria_and_weapons_of_mass_destruction#Biological
(presumably with better success than the US had on Plum Island with its own
refrigerators),
   http://www.google.com/search?hl=en&q=lyme+plum
such invasions might in the worst case have led to another depopulation of
North America, same as four hundred years ago. :-(
   http://en.wikipedia.org/wiki/Squanto
Which shows the potential value sometimes in seeing things from other
people's points of view, or better yet, working towards mutual security 
among peers.

Mitch Kapor made his decision. We made (or drifted into) ours. Whether it is
easy to know who was right (even both, or neither) can be a tough call. It's
also not always clear who is the real troublemakers in one of these
situations. Or the real patriots. Or who are just the people trying to
survive and muddle through in a mysterious and often confusing universe that
appears to be unimaginably old and unimaginably big and yet still somehow
seems to fit inside a human skull. :-)

People sent a letter to President Johnson about this sort of stuff in 1964,
so it's not like it is anything new, even if that letter is no doubt long
forgotten by most:
   http://en.wikipedia.org/wiki/The_Triple_Revolution
"The statement identified three revolutions underway in the world: the
cybernation revolution of increasing automation; the weaponry revolution of
mutually assured destruction; and the human rights revolution. It discussed
primarily the cybernation revolution."
   http://www.educationanddemocracy.org/FSCfiles/C_CC2a_TripleRevolution.htm
"The Weaponry Revolution: New forms of weaponry have been developed which
cannot win wars but which can obliterate civilization. We are recognizing
only now that the great weapons have eliminated war as a method for
resolving international conflicts. The ever-present threat of total
destruction is tempered by the knowledge of the final futility of war. The
need of a “warless world” is generally recognized, though achieving it will
be a long and frustrating process."

The Triple Revolution memorandum in three sentences above explains why the
USA's current defense policy of unilateral dominance is ultimately suicidal.
Instead, we get this machismo:
   http://www.defenselink.mil/news/newsarticle.aspx?id=45289
"""
WASHINGTON, June 2, 2000 – "Full-spectrum dominance" is the key term in
"Joint Vision 2020," the blueprint DoD will follow in the future. ...
Full-spectrum dominance means the ability of U.S. forces, operating alone or
with allies, to defeat any adversary and control any situation across the
range of military operations.
"""

Yeah right, this from a military still bogged down in the deserts and cities
of Iraq years later after a supposed "mission accomplished", where Iraq as a
country was not much of a threat or much of an oppositional force. These are
the people who get (with interest on previous expenses and future incurred
obligations) about a trillion dollars a year of US tax dollars? This is the
best strategy US military planners can come up with to protect the US people
from post-scarcity weapons like nukes, biowarfare, killer robots, and
information warfare in a very complex world facing economic collapse?
This is the best defense against the downsides of vast changes going on now?
Antagonize and threaten the heck out of the rest of the world to the point
where most people globally think the USA is the biggest threat to world
peace? And now, indirectly threaten to shut down peer-to-peer networks that 
might help build bridges across the globe?

Well, what else could they do with a commander-in-chief who said stuff like
this:
   "Bush: 'Bring on' attackers of U.S. troops"
   http://www.usatoday.com/news/world/iraq/2003-07-02-bush-iraq-troops_x.htm
Besides impeachment?
(Ignoring this is doctrine originating from the Clinton/Gore years. Or that 
we have a different president now.)

Here is a better military strategy based on keeping relations between peers 
going indefinitely:
   "James P. Carse, Religious War In Light of the Infinite Game, SALT talk"
   http://video.google.com/videoplay?docid=-962221125884493114

Or, from Morton Deutsch, a focus on mutual security among peers:
   "Beyond Intractability: Morton Deutsch"
http://www.beyondintractability.org/audio/morton_deutsch/?nid=2430
"Q: You're starting to see the analogy to international conflict, or
intractable conflict on a larger scale?
A: Yes. Well, I wrote a paper about preventing World War III. That was
during the height of the cold war, I think I wrote it in 1982, it was called
"The Presidential Address to the International Society to Political
Psychology." And there I took the relationship between the United States and
the Soviet Union and characterized it as a malignant relationship, which had
some of the characteristics that I was talking about with the couple. It was
right for both the United States and the Soviet Union to think that the
other was hostile, would undo it, would damage it, you know, all of these
things. The relationship was a malignant one. They had to become aware of
the malignancy, and the only way out really was recognizing that it's
hurting, recognizing that there is a potential better way of relating. And
that better way of relating involves having a sense that one can only have
security if there's mutual security. And that's true in most relationships.
That's particularly true to recognize groups that have had bitter strife
where they've hurt each other. They have to deal with the problem of how to
get to where they can live together. It may be ethnic groups within a given
nation or community. They can only live together if they recognize that
their own security is going to be dependent on the other person's security.
So each person, each side, each group has to be interested in the welfare of
the other. On a national level it has to deal with military and other
economic security. At the group level and personal level, it often has to do
with psychological security. It has to do with someone recognizing, I
shouldn't be treating the other in an undignified, disrespectful way. So in
an interpersonal relationship, that kind of security, recognizing that not
only are you entitled to it, so is the other person entitled to it. And if
you don't give that other person that entitlement the relationship is going
to move in the other direction, back to bitter conflict."

Or even from the book Disciplined Minds, on how individuals can help promote 
a better balance of meshwork-and-hierarchy among peers:
   "Review of Jeff Schmidt's Disciplined Minds: A Critical Look at Salaried
Professionals and the Soul-Battering System that Shapes their Lives"
   http://www.uow.edu.au/arts/sts/bmartin/pubs/01BRrt.html
"""
Finally, Schmidt describes what is involved in being a radical professional:
identifying primarily as a radical, having a critical perspective on the
profession and institution, and doing things that make a difference, by
connecting to opposition groups and working on the inside. For most
teachers, then, doing things that make a difference would mean working in
radical ways within a mainstream school. Schmidt gives a list of 33
suggestions for radical professionals working in establishment institutions,
such as helping on politically progressive projects during working hours,
exposing the organization’s flaws to outsiders, and taking collective action
to maintain the dignity of individuals. These are all eminently practical
suggestions. Schmidt does not present a grand plan to transform professions
or society. Rather, his suggestions, like his analysis, are grounded in
day-to-day realities. That is what makes Disciplined Minds a really
subversive book, much more so than other books that may seem more radical in
theoretical terms but lack a tight connection to practice. How far to pursue
any subversive step is a matter of judgment, and here Schmidt cannot provide
much guidance since so much depends on an individual’s circumstances,
opportunities, understanding, skills and alternatives. It is usually safer
to be an activist about distant issues than confront the local power
structure. Is this a cop-out? Going too far means risking one’s job and
possibly the opportunity to pursue further change, but treading too softly
is a prescription for gradually becoming a defender of the status quo.
Schmidt encourages us to err on the side of action for change.
"""

And of course, IMHO, the biggest creative challenge is ideally to find a
path that both fulfills your hierarchically assigned task in a respectful
way while at the same time moves towards some larger goal of mutual security
and global abundance in an open and upfront way that the hierarchy has no
significant justifiable reason to confront or impede, as you help restore a
balance to the world. I'm proud that my wife found such a path for a time 
under difficult conditions, as fraught with ethical dilemmas as it has been:
http://www.amazon.com/Trickster-Makes-This-World-Mischief/dp/0865475369
http://blog.ted.com/2009/04/trickster_makes.php
"""
The trickster is anybody who's a bit of an outsider. They're the ones who
make change. They're not thinking about making change; they're almost doing
it in a selfish way. But because they're working outside the rules, they
change the rules. Everything around them is always new, everything is an
opportunity. It's important to honor mischief-making, in a constructive and
creative way, because that's how we effect change. And it's so important
that we figure out our inner mischief maker. That's the creative part of us.
And everybody's capable of it.
"""

Yes, what I'm saying is that most US Americans may already owe their lives
to the result of a project involving peer-to-peer technology. And maybe even
to an all-too-clever person who organized it and who had previously been
convicted of multiple felonies (for IMHO apparently justifiable reasons):
   http://en.wikipedia.org/wiki/John_Poindexter
It must have been obvious from the start that GW Bush was clueless.
Politics makes strange bedfellows and combined actions can often have
unintended consequences. :-) Even this one.
   "Where does the phrase "politics makes strange bedfellows" come from?"
   http://www.answerbag.com/q_view/277516

Not that all this is anything I'd be able to prove myself, or even can be
100% certain of as it is a complex chain of events involving lots of people
and some degree of uncertainty as regards the capabilities of secretive
countries, as well as the fact that more ordinary explanations might help
explain stopping at Iraq. And I saw it all from a distance. But it does 
sound strange enough to be plausible, right? :-)

But beyond peer-to-peer tools used directly in acknowledged conventional
national security situations, if peer-to-peer tools are used to develop an
alternative and more intrinsically secure infrastructure for the USA and the
world, one supporting mutual security and global prosperity, the overall
security benefits due to peer-to-peer may be enormous. That sort of idea of
developing an intrinsically secure and sustainable infrastructure for global
abundance is what I would like to use peer-to-peer systems for. So, one
needs to balance the benefits of peer-to-peer against the risks.

Everyone wants security. We often just define it differently using different
assumptions. For example, I believe that it is foolish to spend vast amounts
per year extrinsically defending the Persian Gulf oil fields (where much of
"our" oil in the USA comes from) when just a few years of such expenses
could insulate enough homes in the USA and upgrade enough cars to
intrinsically reduce the need to import any of that oil at all. I am
(personally) concerned about energy security, but looking at it from a
different perspective, based on Amory and Hunter Lovins' ideas
   http://en.wikipedia.org/wiki/Brittle_Power
"Brittle Power: Energy Strategy for National Security is a 1982 book by
Amory B. Lovins and L. Hunter Lovins, prepared originally as a Pentagon
study, and re-released in 2001 following the September 11 attacks. The book
argues that domestic energy infrastructure is very vulnerable to disruption,
by accident or malice, often even more so than imported oil. According to
the authors, a resilient energy system is feasible, costs less, works
better, is favoured in the market, but is rejected by U.S. policy. In the
preface to the 2001 edition, Lovins explains that these themes are still
very current."

So, sometimes peer-to-peer efforts can take the security high ground. :-)

And that's exactly the sort of soft energy paths that Amory and Hunter
Lovins recommended the USA adopt thirty years ago. Unfortunately, that
advice was not followed quickly enough, although now many are listening to it.

And of course, email is essentially peer-to-peer. And almost everyone uses
that. :-)

As Michel has said elsewhere, peer-to-peer is more about a relationship
between people than whether there is a server somewhere in the middle.
   "Michel Bauwens Explains Peer-to-Peer"
   http://www.youtube.com/watch?v=zL5hhlV94GI

Google Wave is peer-to-peer in that sense too. As is Wikipedia too, in a sense.

Little Big Planet is a somewhat peer-to-peer application in that sense --
with the motto, "Play, Create, Share".
   http://en.wikipedia.org/wiki/LittleBigPlanet
"In January 2009, Sony announced that the game had sold 611,000 units in
North America up to the end of December 2008 and that there were 1.3 million
unique users playing LittleBigPlanet."

Still, the rest of the world may not see it that way yet. By the phrasing of
the meeting title, this does seem like something of a witch hunt.

One can also talk about p2p risks to your own personal security. :-(

While I believe this is a bad law, intentionally violating copyrights is now
a felony in the USA. :-(
   http://www.usdoj.gov/criminal/cybercrime/CFAleghist.htm
And there are other types of content that are also illegal in the USA.
   http://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalypse

Personally, I would not run a peer-to-peer content hosting system like
LimeWire or similar things where I was not reasonably sure of what content
it was hosting, or where I was not sure where it was taking any content from
on my own system, or where the source code or traffic was not inspectable,
or where the collective content was not vetted by an active community
process, or where I did not have time and energy to supervise it. So, I
don't run one. :-) Still, that does not mean whether I think such systems
are legal or not; I'm just being extra cautious, and I don't see any
significant personal value for me to take on any risk in that area. Others
might make that decision differently for legitimate reasons.

That's why I personally prefer a workgroup model of peer-to-peer instead of
supporting sort of anonymous network for arbitrary content cached locally
like much software called peer-to-peer file sharing tools. A workgroup model
system is what I am working towards with the Pointrel Social Semantic
Desktop, where people would decide who is in a workgroup and what content
was worked on in a workgroup (similar to a mailing list in that sense).
   http://sourceforge.net/projects/pointrel/

I have considered (in theory) a possible way to use Gnutella and similar
file sharing networks as one of many backends for coordinating shared
content (currently all the implemented ones are central server based in some
way or just involve copying files from a shared drive). But having such a
backend is not a priority for me to implement or use myself. Down the road,
that might change if there was some big value there, but it is so hard to
get anything going well, it's not an area I want to explore right now given
extra controversy and risk.

Anyway, I became interested in this model in part because of concerns about
the types of designs people might put in a related system I wanted to do
called OSCOMAK, related to free and open source physical technology. That
project has had a trial Halo Semantic MediaWiki website (without too much
success).
   http://www.oscomak.net/
It took a lot of time to deal with spammers to it too, and I just keep it up
now for archival purposes without allowing more changes. I also don't want
to host designs I don't approve of (most likely advanced weapons or various
controversial biotech things). That does not mean others might not want to
host various designs, of course based on different values or evaluations of
risk (for example, explosives are used in mining, but I'm not interested in
worrying about them and all the security implications). Again, it's so hard
to get any content together, and I don't want to get bogged down in
controversies about military or dual-use products or other issues from the
start. I'd rather focus on the low hanging non-controversial fruit of
straightforward helpful technology (if there is any such thing in the end?
Tea cosies, perhaps? :-)
"Beware of the tea cosy... it could put you in hospital - Scotsman.com News"
http://groups.google.com/group/openmanufacturing/msg/9450d466b34f374e

Though even a workgroup has its sinister sounding side depending on how
people decide to share their workgroup results or how open they make
invitations to workgroups. One term there is "darknet":
   http://en.wikipedia.org/wiki/Darknet_(file_sharing)
"A darknet refers to any type of closed, private group of people
communicating; however, since 2002, the term has evolved to more
specifically refer to file sharing networks in general, whether that network
is private or (without respect to the legality of such) readily accessible
to the public. The phrase "the darknet" is used to refer collectively to all
covert communication networks."

Most corporate communication systems could be considered "darknets" in that
sense to an extent (as in, the public can't join in the network or access
most of the content). And lots of web applications are like that, even
private Google Groups or private Yahoo Groups. Yes, I know often people want
to use that term to mean something about the network or encryption more than
the accessibility of the content, but it's kind of like seeing the peer
aspect more than the transport or server aspect as defining peer-to-peer.
Although friend-to-friend is also another way of looking at this.

I would not expect any data transmitted over public networks, even encrypted
data, to be secure in the long term. Much stuff is undoubtedly archived, and
quantum computing could in theory easily break any current crypto anyone is
likely to really use. As I've said elsewhere,
http://groups.google.com/group/openmanufacturing/msg/ae28e8971f8f9669?hl=en
I think activists should make their plans and conduct their lives under the
assumption the intelligence agencies are watching everything they do. I'm
not saying that is the actual case; I'm just saying it is the safest
assumption, and I doubt much is gained of practical value assuming otherwise
anyway (and some of value might even be lost, a chance to change opinions of
the watchers). See:
   "Social Movements and Strategic Nonviolence"
   http://sociology.ucsc.edu/whorulesamerica/change/science_nonviolence.html

I'm sure people can make arguments for these other systems with anonymous
content broadly distributed, but it is not a space I personally want to be
in. I'd rather see places like Wikipedia or ibiblio or Wikileaks with
significant legal backup dealing with these issues of free speech or
defending marginal content. Getting entangled in one of those issues early
on is probably just a project hinderance as far as worry and divided attention.

Likewise, one can also make arguments for principled civil disobedience with
regard to infringing on copyrighted material or software patents (including
by using peer-to-peer networks or tools), but that is not on my own priority
list, given there is so much one can do within the law. The most popular
content people want to share (mainstream music, movies) really ideally
should be replaced with peer produced content IMHO, as it often reflects a
certain set of values and world view. Fair use for parody or commentary or
maybe even mixups may be a different issue than sharing commercially
produced copyrighted works as-is, but at least in the USA, some of that may
be legal. A different issue is the archiving or sharing of copyrighted
material that is decades old and has had its copyright period extended by
legal changes after its creation, given that you would think copyrights
should be shorter in the fast-moving internet age than the twenty years or
so common in the age of steamships and the pony express; but it might take
another Supreme Court case to decide the legality of those laws under that
test (Lawrence Lessig flubbed the last one). Likewise, materials developed
in part using taxpayer or charitable funds might be in a different category
too, given that the public has already paid for them in some way (another
Supreme Court case?). I'm not recommending infringing on any copyrights; I'm
just suggesting these different situations all might be thought about
differently as one thinks about how the laws should change to better reflect
peer-oriented values, or in contemplating which laws might in theory be more
worthy of principled civil disobedience than others for those willing to do
jail time for a felony charge with hopes of changing the law if it is
unconstitutional or significantly against the public interest.
   http://www.google.com/search?hl=en&q=felony+copyright+infringement
However, again, I am not encouraging anyone to break the law (and most US
prisons are nasty places to be); I'm just pointing out the issue and how
civil disobedience is one I am not interested in pursuing myself given I
feel there are so many other alternatives one can do within the (bad) law.
If anything, I'd suggest people think long and hard before violating any
copyrights as there is rarely any reason that makes any sense given there
are lots of free alternatives for most things these days -- even music and
video, and if something is not free that you want it, it might be better to
just make a free alternative of some sort and route around the damage of
overly long copyright. Look at what Wikipedia has accomplished. For
reference on this topic:
   http://en.wikipedia.org/wiki/Civil_disobedience
"Civil disobedience is the active refusal to obey certain laws, demands and
commands of a government, or of an occupying power, without resorting to
physical violence. It is one of the primary tactics of nonviolent
resistance. In its most nonviolent form (in India, known as ahimsa or
satyagraha) it could be said that it is compassion in the form of respectful
disagreement."

One aspect I'm more interested in about licensing is tagging copyrighted
content in various ways to know if it does not have a free license so it can
be more easily purged from a peer workgroup focusing on free content. That
is sort of like a free software version of DRM for peer-to-peer systems,
looking at non-free content as contaminated stuff you want to get rid of as
soon as possible, or maybe even filter out before it reaches your systems,
as you treat non-free stuff as damage and work around it. :-)
"License management tools: good, bad, or ugly?"
http://groups.google.com/group/gnu.misc.discuss/browse_thread/thread/df4b4363d544f766/1e499c6db59117a2
Then you could set things up so your email client (or mailing list) would
only accept emails that came with certain free licenses. :-) So, rather than
use DRM to enforce restrictions on distributing content, you could use it to
prevent accepting content with restrictions on redistribution.
   "An animated short about Trusted Computing."
   http://www.lafkon.net/tc/

One can only fight so many battles at one time, and some of them may not be
worth fighting anyway. Does that make me a fuddy duddy? :-)
   http://www.thefreedictionary.com/fuddy-duddy
   "An old-fashioned, fussy person."

Or maybe just potentially more effective within a small sphere? :-)
   http://en.wikipedia.org/wiki/The_Seven_Habits_of_Highly_Effective_People

Anyway, I still find the title of the meeting worrisome, of course. I guess
we will find out how much of a democracy remains in the USA. At least most
of the people are still there to protest any change, even if we may never 
know exactly why. :-)

--Paul Fernhout
http://www.pdfernhout.net/