Zittrain's "The Future of the Internet" -- how to save the Internet from the Internet

I've just finished reading Jonathan Zittrain's The Future of the Internet and How to Stop It, a provocative, well-reasoned, well-informed and sometimes frustrating book about the power of the Internet to allow people to be more effective at taking action -- whether that action is good or bad.

Zittrain talks about the principle of "generativity" in technology: the capacity of some technology to allow its users to make new things out of it, things the designer never anticipated, and does a very good job in enumerating the characteristics that make a technology more or less generative. Zittrain is more-or-less in favor of generativity: he talks about all the amazing things that the human race has accomplished by using that most generative of technologies: the public Internet and the general-purpose PC.

But Zittrain points out that generativity contains the seeds of its own destruction, because it allows bad people to leverage their malicious intentions -- with malware, spyware, DDoS attacks and so on -- to the point that an average person using the Internet is at constant risk from creeps and thugs. And what's more, all average people use the Internet because it's been so thoroughly woven into our lives.

Zittrain fears that the power of the Internet to let creeps do bad things will lead to a regulatory backlash and a series of Draconian laws that take away all the social benefits of the Internet, and that this will be enabled by a consumer backlash against general-purpose PCs in favor of "tethered appliances" -- TiVos, iPhones, etc -- that grant a measure of security by taking away the user-modifiability that is at the heart of the principle of generativity.

Here's where I started to get a little frustrated. I agree that the legislative backlash is here -- it's impossible to miss -- but I disagree that it's being driven by identity thieves and spyware vendors. I think it's being driven by the same authoritarian urge that gave rise to all the other spying and control laws that have been passed for centuries. Net-creeps may be the rubric, but that's as far as it goes.

More importantly, I disagree about the security offered by tethered appliances. Zittrain identifies the particular risks of these technologies that spring from governments and commercial partners remotely reprogramming them to attack their users -- for example, a court ordered EchoStar to remotely disable its PVRs, Google locked Google Video customers out of their purchases, the FBI has forced car-vendors to use OnStar to spy on drivers' conversations and location.

But that's only a tiny piece of the risk arising from "tethered appliances." The DRM wars have shown us that motivated attackers can always break code-signing trusted hardware platforms, given enough motivation. Tethered appliances are designed to allow remote parties to enforce policy on them without the knowledge or consent of their owners -- they're designed to treat their owners as attackers. So while it's possible to torque a PC into attacking its owner with spyware, it's even more possible with tethered appliances, because once you figure out how to slip inside, the whole device is designed, from the ground up, to stop the user from interfering with the "authorities" who have the keys.

Take CALEA, the law that forces phone-switch manufacturers to build in back-doors that allow cops to snoop on voice-traffic without physically accessing the switch. It's pretty implausible that the "police override" built into phone switches has never leaked outside of the police force. After all, the police leak all kinds of "confidential" information (ask a private eye, off the record, how easy it is to get a cop to look up a license plate number). All it would take is one leak to organized crime and the bad guys would have the same off-site phone-monitoring capability as the folks in blue.

I think that Zittrain takes the security claims of appliance vendors at face value, and that this really undermines the argument. Appliances are neither generative nor secure, and it's likely that appliances will be broken in more interesting ways by more creeps as they increase in value as targets. The backlash against PCs will be quickly met with another backlash against everything else, and no one is going to be able to opt out of the system altogether.

Nevertheless, the principle of generativity is a powerful lens through which we can view proposals for regulating and policing technology. The last third of the book offers "solutions" -- more like "directions in which solutions may reside," really -- that look to mitigate the harmful effects of generativity without clobbering the good effects.

The book is a cracking read -- smart and engaging as Zittrain himself is in person and at the podium -- and while I didn't agree with everything in it, it got me thinking about 200 miles a minute, and that's always a good thing. Link

Update: The whole book's also downloadable under a CC license!


  1. “More importantly, I disagree about the security offered by tethered appliances.”

    I disagree also, but if you substitute “perceived security” for actual security, Zittrain’s claim stands. I’d also add to that the perceived simplicity of tethered/dedicated devices for the average user.

    Sure, I enjoy setting up a Linux-based media center PC, but my mother-in-law is perfectly happy to have Time-Warner come out and install her set-top box for her.

  2. Most of my simple websurfing I now do on my Wii – in fact, I’m doing it now! – because many of the benefits in using the pc have evaporated – windows is so bloated that I can’t even surf and listen to mp3s at the same time, and *nix doesn’t have the other apps I like to use. I also do support, and for the technical illiterate, especially if it’s a guy (pr0n) I would recommend it in an instant. Granted, the more flash 8+ is out there, the less convenient it is, but for the basics including youtube it works great!

  3. My point in the previous post is that all web-appliance behaviour is not bad – as with any tool, you must know its limits. I personally can’t imagine not having a pc for more creative or complicated tasks.

  4. The Internet is pretty much horrible. Probably the invention responsible for the most freaks this side of Thalidomide.

    I say, let it burn.

  5. Ah, but Cory …

    “… but I disagree … I think it’s being driven by the same authoritarian urge that gave rise to all the other spying and control laws that have been passed for centuries.”

    Yes, of course. But certainly that urge is driven by fear in the first place ~ fear of identity thieves and spyware hackers, for two things, and many other things available for activating a hair-trigger fight-or-flight response (if not an actual paranoid abreaction) …

    Call me optimistic about human nature (What? Nevar!), but I reckon that most authoritarian types get that way through fear (at least originally) rather than through some basic, twisted love-of-squashing-freedom. Note that I do say “most,” and suggest that in any case it’s, well, it’s too fucking bad that some people are so easily motivated by (validly triggered or not) fear. Especially when they’re in a position to affect the rest of us.

    However: Hell of a fine short review, sir. Always good to read a piece where the reviewer disagrees with the author in places and yet still makes one want to read the book.

  6. I disagree that tethered appliance aren’t generative, too. Quite the opposite, in fact.

    The original X-box and the TiVo are considered to be hacker’s paradises. There is an entire cottage industry surrounding modifying the TiVo for more capacity and adding devices to it. Yes, that’s because TiVo encourages such behavior (or used to and now just tolerates it, instead). But Microsoft had no idea how far people would mod their box and subvert it. Even a device like a Roomba can and has been hacked for other purposes.

    There may be additional steps, but once the genie is out of the bottle, technology-wise, generative behaviors begin.

  7. It’s cool that those devices are hackable, but you have to admit that in the best case that’s because the sole manufacturer decided to add in hackability as a sort of “feature” of the design they produced. The worst case is that it was an unintentional accident uncovered by curious minds.

    Either way, the point is hackability isn’t something that’s inherent in a “tethered device” platform, like it is with PCs. It’s a feature that can be granted and denied by the manufacturer each time they release a product. You may think you’re pretty clever for hacking your XBox to run linux, but if Microsoft doesn’t like that you can be damn sure the next XBox can be made to thwart your hack. Not so with open standards architecture.

  8. Mithrandir: “The Internet is pretty much horrible. Probably the invention responsible for the most freaks this side of Thalidomide.”

    Actually, the freaks were already there and always had been. That’s like blaming the telephone for heavy breathers and prank callers.

  9. I’ve said it before, you can’t assume everyone is a criminal. Hacking can be both beneficial to the development of a tech as well as a window of opportunity for the evildoer; at most it should prompt further development in order to protect the user, even if -when- such action makes the tech obsolete. Tethering goes against the spirit of investigation and development, slowing progress.
    I want tech that enables me to do more; the ethical compass should always reside on the person, not the corporation.

  10. Interesting thoughts, but I gotta call you out on the CALEA example. Because it seems like it would be easy for hackers to take advantage of the back door and they haven’t for whatever reason — the example support’s Zittrain’s position.

    My problem with the whole theory is that, I think, the world includes and will continue to include both generative and nongenerative options. Even as Tivo, Microsoft and others, with or without the government’s help, limit user customization, the marketplace provides alternatives. Your grandma gets her Comcast box – easy to set up and run – and you get your Linux-based media center PC – which takes a little more work. There is no reason that customization won’t be available for those that want it.

    But great review – I’m ordering the book right now.

  11. @Wizardru #6:
    Ah, but that doesn’t jive with Zittrain’s definition of “generativity”. Check out page 71 of his book here (warning: PDF link).

    I agree that a hackable appliance is better than a locked-down appliance, but gadget-makers need to understand that being hostile to those who want to leverage the features of their products is counterproductive.

  12. Wht fnd rthr ntrgng s th prlll btwn ths nd th rgmnts sd t spprt th rght t kp nd br rms n th S: Th vst mjrty f gn wnrs r lw-bdng, nc ppl wh dn’t g ‘rnd mggng, mrdrng nd gnrlly bng hrrbl.

    Gn cntrl dsrms vryn nltrlly – I suppose the UK’s knife-crime rash would be the unpleasant equivalent of illegally backdooring into phone switches and other tethered devices, from a purely meme-equivalence viewpoint.

    I guess it all comes down to the simple fact that you can’t stop people from abusing things just by regulating them.

    (I’m not pretending to have any answers here, I’m just riffing thoughts).

  13. MarkHB,

    Please do not post any more comments about gun control in threads that are not about gun control.

  14. If you check Jonathan Zittrain’s web site, not only will you find a downloadable .pdf, but a couple experimental formats — futureoftheinternet.org/download

    Most exciting is the one with a group running an open annotation project using the Diigo system.

    I like this! It really seems to me the next logical step in book publishing, where your work basically becomes the framework for a wiki.

  15. To hell with the future of the Internet(s). Where was the book’s cover photo taken? Was it Photoshopped? It looked so very cool.

  16. Sounds like a very interesting book. But, what’s going to happen in the US, when all the baby boomers are 60, 70 and older. I’m at the tail end of the boomers. People are going to live longer/no one seems to think about the huge # of old timers/the net/gadgets. They use computers etc.. But, at some point, it will have an impact. I already complain that my phone is so small can’t see the numbers without reading glasses. I’m only 43. Just a thinker…wondering if any one has any thoughts on the subject.

  17. T100, if you’re thinking that way, then what’s really worth considering is the debasing of education in mathematics and the hard sciences at virtually every level of schooling. The repercussions of that one might actually be linked to the end of the Baby Boom, as the downturn in engineering and science study seems vaguely synchronous with the Boomers passing a certain age.

    Going to be interesting, for sure.

  18. I haven’t finished the book yet, but I agree with Cory that the backlash isn’t “being driven by identity thieves and spyware vendors”, the backlash is being driven by corporate and state interests. However, those bad guys (the first ones mentioned) provide the ideal way to get internet users to happily accept changes which will reduce the generativity of the PC/internet. So I think Cory and Zittrain are both right.

    I am finding Zittrain’s concept of generativity most interesting; same for the way he visualises layers of networks. I’d like to see people do more of this kind of analysis in relation to, for example, the music industry and the excesses of copyright. Zittrain touches only lightly on the content and social layers of the network (as far as I have read), but I’m sure his conceptual frame will be very useful there.

    My rating: essential, thought provoking reading.

Comments are closed.