[p2p-research] Fwd: meeting on p2p risks to national sec

[Paul D. Fernhout]

Michel Bauwens wrote:
> as usual, most interesting ...
> 
> it goes in too many directions to publish on the blog
> 
> would you consider a more tighter piece around the theme, 'p2p FOR national
> security', I think that kind of message is important,

Thanks, I'll think on that. A wiki page might make sense to if it is an 
ongoing growing theme.

By the way, another example of computer communications (p2p-ish email) and 
security going wrong:
   "IT: McAfee Leaks Conference Attendees' Personal Info"
http://it.slashdot.org/story/09/07/30/0337232/McAfee-Leaks-Conference-Attendees-Personal-Info
"In the cruelest of ironies, e-mail security vendor McAfee has accidentally 
coughed up the personal details of some 1400 attendees of its recent 
security conference in Sydney, Australia. Those who were sent the list — 
attached as a spreadsheet to a thank you e-mail — are far from pleased that 
such an extraordinary thing could happen. McAfee, which sells products to 
'stop sensitive and protected data from leaving the enterprise through email 
and web traffic' has blamed 'human error' for the blunder and is 'taking 
steps to ensure it doesn't happen again.' Doh!""
http://www.computerworld.com.au/article/312889/oops_e-mail_security_vendor_mcafee_spills_1400_private_names

So, that is just a general risk of computer technologies, that is not so 
fair to pin on just one implementation or one approach or even one set of 
individuals.

Also, if there are vendors of such security software, again it may be unfair 
to then pick on one implementation or one approach where groups don't use 
safeguards they could use.

Still, is McAfee's corporate offering just essentially automated censorship 
software in a corporate guise? So McAfee's software is scary in that sense. 
That kind of technology (deep packet inspection?) could be applied to more 
broadly censor internet traffic.

And it is ironic how McAfee's own breach of trust will probably drive an 
increase in its corporate censorship business through increased publicity of 
the issue.

I still see it as a race between the potential of the internet to bring 
abundance to all and the potential of the internet to bring police state 
terrorism to all (like in Orwell's 1984, where the two way TV seemed 
impossible in 1948 around when it was written, but now seems all too real 
with Carnivore, Echelon, TIA, and endless other surveillance systems by 
various governments and corporations -- including McAFee's offering to 
monitor and suspend outgoing email for arbitrary content reasons). If people 
spend most of their time within schools or corporations that employ such 
censorship and monitoring, does it really matter what the government does?

One advantage to writing such a document as you suggest, "p2p for national 
security", is to set the nature and tone of the debate by how the issue is 
framed.

Right now, the debate is being framed by that hearing title and attendees 
list that p2p is only good for leaking military secrets and stealing 
property; that is not true (because of the implicit "only"), but still has a 
bit of truth to it because, yes, even McAfee can leak secure information 
about security professionals using p2p email. That's probably not a framing 
of the debate p2p can win, since all it takes in one or two examples where 
it happened (like McAfee) to prove it could happen again, and so p2p is 
"dangerous" without justification (ignoring all the good uses of it, 
including to reduce network bottlenecks or build social ties). Note I used 
"only" there and how it was *implicitly* part of the framing. If you are 
explicit about "only" then the argument looses its unconscious force, since 
it is obviously falsifiable (like productive uses of email).

Framing the debate as, "How does p2p promote national security?" is thus 
more likely to be a debate that increases support for p2p. But, that is the 
sort of framing you won't see from people who use terms like "intellectual 
property", or who sell censorship firewalls, or who want national security 
to be defined in terms of contracts for weapons their company produces under 
heavy secrecy.

So, it is up to p2p advocates to reframe that debate. I'd suggest p2p 
advocates not shy away from the "security" aspect of p2p, because security 
is an important part of daily life. The key is that we can interpret 
security in a lot of different ways and approach security with a lot of 
different strategies (like building in intrinsic security in our 
infrastructure or achieving mutual security in our politics). So, at the 
core of such a position paper could be productive uses of p2p towards those 
two ends of intrinsic security and mutual security.

It is a tougher call how much one wants to focus on p2p's past use for more 
outdated arms-race promoting things in such a document. It is true that 
email or other p2p technologies are used by the military to escalate arms 
races (like developing new generations of killer robots or nuclear weapons), 
but that may not be something to encourage. I mean, it is an easy argument 
to make (and has been made) and would justify all sorts of new p2p 
investments (and has in the past, even to creating the internet), but it may 
not be where p2p advocates also interested in other social change aspects 
want to focus attention.

There is a central irony in the 21st century that our future is most at risk 
from people using post-scarcity technologies like p2p networks to achieve 
scarcity-oriented aims (like unilateral military dominance or corporate 
monopolies built around artificial scarcity of medicines). The challenge 
IMHO of national security (and global security) in the 21st century is to 
get the people who routinely work with post-scarcity technologies (robotics, 
AI, biotech, nuclear, nanotech, bureaucracy, internet, etc.) to see this 
irony of using the technologies of abundance to create artificial scarcity. 
If we can get more people to laugh about this irony, then more people might 
work for a paradigm shift that is then reflected in our social and physical 
infrastructure.

We need to make that change given our advancing technology both for security 
reasons and for others (ethics, practicality, elegance, beauty, and so on). 
So, we need to bring back together our need for security (whether military 
or economic) with a need for other virtues, rather than pursue a "TINA" 
(There is No Alternative to an arms race) approach to security. A TINA 
approach based on competitive arms races separates security from all those 
other virtues. TINA says we have no choice but to play a finite game, 
whereas we always have a choice to play an infinite game (even if we may 
indeed lose it).
   http://en.wikipedia.org/wiki/Finite_and_Infinite_Games

But statistically, we see much more certain as a society to lose a finite 
TINA arms race, sooner or later, either from systemic collapse as we are 
seeing now across the global economy (with the USA just taking a bit longer 
to fall than the USSR) or from some accidental Armageddon, like depicted in 
Dr. Strangelove as well as lots of other movies (Terminator, Twelve Monkeys, 
etc.).

A global minshift towards intrinsic security and mutual security is really 
needed IMHO in militaries across the globe and needs to be reflected in 
their doctrines and equipment and the research they fund.
"DARPA Progam Manager Position on Self-Replicating technology"
http://groups.google.com/group/virgle/browse_thread/thread/7de4be2daaa71723?hide_quotes=no#msg_64c7c2fb922a4bcf
"Brittle Power"
http://en.wikipedia.org/wiki/Brittle_Power

But this is not *just* a mindshift needed within military hierarchies. It 
also needs to be a mindshift within the peer networks that military 
hierarchies sometimes worry about. As long as many peers see peer-to-peer as 
something to "steal property" or "defeat security", then peer activities may 
be self defeating and stealing their own potential, both in antagonizing the 
hierarchy, and also in limiting how peers see their own powers. As Stallman 
says, it is self-defeating to be terms like "intellectual property" that beg 
the question of how copyrights and patents should be treated. And a focus on 
using peer-to-peer to exchange copyrighted corporately-created works 
diminishes a peer's time and desire to play, create, and share new works to 
reflect the stories and songs we all need for a new paradigm based around 
intrinsic security and mutual security.

So, both hierarchy-heavy and meshwork-heavy social groups needs to be part 
of this global mindshift towards redefining our national security needs and 
how we achieve them:
   "A Wombat speaks on the need for a Global Mindshift"
   http://www.global-mindshift.org/memes/wombat.swf

Or, even the Conservative Right: :-)
   http://www.amconmag.com/article/2005/mar/14/00017/
"""
If Marxism is the delusion that one can run society purely on altruism and 
collectivism, then libertarianism is the mirror-image delusion that one can 
run it purely on selfishness and individualism. Society in fact requires 
both individualism and collectivism, both selfishness and altruism, to 
function. ... The most fundamental problem with libertarianism is very 
simple: freedom, though a good thing, is simply not the only good thing in 
life. Simple physical security, which even a prisoner can possess, is not 
freedom, but one cannot live without it. Prosperity is connected to freedom, 
in that it makes us free to consume, but it is not the same thing, in that 
one can be rich but as unfree as a Victorian tycoon’s wife. A family is in 
fact one of the least free things imaginable, as the emotional satisfactions 
of it derive from relations that we are either born into without choice or, 
once they are chosen, entail obligations that we cannot walk away from with 
ease or justice. But security, prosperity, and family are in fact the bulk 
of happiness for most real people and the principal issues that concern 
governments.
"""

There are four themes there (security, prosperity, family, freedom). But 
that conservative article left out the notion of community, which is 
frequently left out of economic analysis even as it is essential to becoming 
and being a health human being. So, building better ties between friends and 
neighbors and global communities is obviously another aspect of this.

So, one really needs to make the p2p case (appropriately framed) in all five 
areas, advocating creating some living balance of security, prosperity, 
family, community, and freedom. Ideally, one might propose some new 
synthesis (like intrinsic security and mutual security) and perhaps some 
specific new software tools or other ideas and technologies for using 
peer-to-peer to achieve a lot of all of those values at the same time with 
less compromises.

--Paul Fernhout
http://www.pdfernhout.net/