Infowar – A Case Study

[This weekend’s Opinion column in the Daily Post]

The recent decision by the Mubarak regime in Egypt to cut off all Internet access for its citizens is a textbook example of using a silver bullet to shoot oneself in the foot.

The whys and wherefores of how they’ve gone about doing so provide a useful opportunity to understand the paradox of control over the Internet and the costs involved when governments and other actors indulge their desire to dam the torrent of information that flows across their networks.

In order to do that, we need to dispel a rather pesky myth.

Perhaps the most dangerous misconception of the Internet is its survivability. It’s true that, as one information activist put it, the Internet treats censorship as damage and routes around it. But that statement is predicated on the actual presence of an Internet in the first place.

That may sound like a silly statement, but the Internet might not be as enduring as many assume it to be.

While many of the software and communications protocols that define the Internet are, by design, remarkably resistant to outside control, the physical networks through which our data passes are not nearly so robust.

James Cowie, a network analyst from Renesys Corporation, has written excellent analyses of state intervention in national communications both during the post-election strife in Iran and more recently in Egypt. Using forensic evidence gathered in real time, he constructs a vivid scenario: In contrast to Iranian authorities, who elected to use physical choke-points in the communications infrastructure to reduce the flow of information to a trickle, Egyptian authorities appear to have instructed all national Internet Service Providers simply to cut all communications with the outside world.

Starting at midnight (Egyptian time) on the 27th of January 2011, Egypt’s largest ISPs began disappearing from the Internet. Within a period of about 13 minutes, they simply stopped delivering data to and from their customers.

Cowie writes:

“[T]his sequencing looks like people getting phone calls, one at a time, telling them to take themselves off the air. Not an automated system that takes all providers down at once; instead, the incumbent leads and other providers follow meekly one by one until Egypt is silenced.”

How did this happen? Every large ISP participates in a cooperative system called the Border Gateway Protocol, or BGP. BGP allows them to discover how traffic destined to a remote network should be directed. Simply put, each ISP announces which address blocks it supports. These blocks can represent tens or even hundreds of thousands of individual machine addresses.

Designed for simpler times, BGP is a trust-based protocol. It relies implicitly of the good faith of all participants to continue working. This makes it remarkably vulnerable to the machinations of states or organisations whose interests don’t align with others’. Back in 2008, Pakistan Telecom caused a furore when, for a little over 2 hours, their bungled attempt to use BGP to block YouTube domestically resulted in the site disappearing from much of the Internet.

Just last year, a change to BGP traffic announcements resulted in about 15% of all Internet traffic being routed through networks in China for a brief period. This resulted in breathless speculation that the disruption was not accidental. Some claimed that it amounted to a reconnaissance in force, as it were, a probing of the global Internet to determine its resilience in the face of attack.

Intentional or not, these disruptions to the BGP apparatus make it abundantly clear that choke points exist on the Internet and that they are remarkably easy to subvert.

Debate continues to rage in technical circles about what can be done to mitigate BGP’s innate deficiencies. Changes will doubtless be necessary. But the liability wouldn’t be so grave if our physical communications networks weren’t so hopelessly centralised.

Egypt offers us a particularly vivid example of this. A country of over 80 million people, it has only a half a dozen or so large Internet providers. Only one of them, the Noor Group, initially resisted the demand to drop services. Some have speculated that its continued online presence was due to its extensive list of blue chip clients, including many banks and the Egyptian Stock Exchange.

Ultimately, though, it was a limited victory. Noor advertised only 83 of the roughly 3500 data routes in and out of Egypt. They were eventually forced off the air a week after their IT confrères.

In Iran, population 72 million, there are only 5 significant international links, all of which flow through a single Government-run office. Such centralisation makes it easy for the state to exert its influence.

(One European-owned company, Vodaphone, washed its hands of the decision to cut service to its Egyptian customers, claiming that the Mubarak regime had the legal right to issue the order. This rhetorical line apes the rationale provided by Nokia-Siemens when it was discovered that their equipment enabled Iranian authorities to block most traffic and eavesdrop on the rest.)

The Internet as a principle –that is, the idea of an open network allowing free communication regardless of source or sender– is not as popular as some might believe. It made its way into the commercial world more by stealth than by deliberation. Telcos didn’t really understand the Internet as a service; they just knew they had to offer it in order to compete.

One thing was clear to them: The sum of all services across a global network was clearly more valuable than those offered by a single provider. Equally attractive was the perception that these services came more or less for free with the connection.

But the seductive power of the Net hasn’t changed attitudes entirely.

Telecommunications companies, with a long legacy of market-controlling behaviour, still build and deploy their infrastructure using centralised models. Recently, some of them have begun lobbying for the right to exert control over the data that passes over their networks, potentially penalising services that compete with their own. Comcast, one of the largest ISPs in the US, recently got approval to acquire NBC Universal and its content-creation ecosystem, giving rise to fears that they might leverage their control over the information pipeline to dictate what passes through it.

Put simply, carriers would love nothing better than to go back to the telephone service model, where fees are based on where you are and who you talk to, with no conversation possible unless you’ve paid your toll.

The principle of an end-to-end network –that is, one that allows direct, unmediated connections between two parties– militates strongly in the opposite direction. Its appeal is remarkably seductive, leading most Internet users to view with displeasure the telcos’ (or governments’) desire to mediate communications.

Renesys quite rightly remarks that if cuts to Egypt’s Internet had lasted much longer, the reduction in commercial activity could have been catastrophic for the nation.

Furthermore, Cowie remarks, it wasn’t only Egypt’s pipelines that were at risk:

“[T]he majority of Internet connectivity between Europe and Asia actually passes through Egypt. The Gulf States, in particular, depend critically on the Egyptian fiber-optic corridor for their connectivity to world markets.

“Are the folks at Davos thinking about this? They should be.”

In a perfect world, consumer choice and basic business commonsense would always win. But the problem is that centralised networks not only cost a lot of money (placing their design and construction into the hands of the most powerful), they make a lot of money, too.

In monetary and political terms, the wealth of the network itself tends to pool rather than to flow.

A fundamental change has already overtaken the public’s perception about the value and nature of digital communications. Passive consumption of news through the television is considered passé, or at least diminished in relation to the sharing of photos, videos and words across the Internet.

As individual control over the flow of information rises, central control wanes. And this, obviously, is the crux of the dilemma facing businesses and governments across North Africa and throughout the world. They are belatedly coming to realise that they are fighting a many-headed hydra. As they cut off one avenue of communication, another rears its head.

But that hydra has a body, and the body is the network itself.

As this column goes to press, it appears that Egypt’s decision to cut off the Internet failed in every important regard. One protester is reported to have said, “F*** the internet! I have not seen it since Thursday and I am not missing it.… Go tell Mubarak that the people’s revolution does not need his damn internet!

I would be amazed, however, if this fact led other governments to act differently, should they find themselves in a similar situation. Indeed, the US Congress is currently considering legislation that would provide the President with an ‘Internet Kill Switch’ for use in case of emergency.

Likewise, I see no evidence that the ultimate futility of attempting to control the flow of information will change attitudes in the board rooms and offices where our increasingly centralised networks are planned. For telcos, the challenge is merely technical.

For the Internet –as it was originally intended– to become fully realised and fully resistant to coercion, the devices and infrastructure through which our data travels will need to reflect the same principle of decentralisation as the software and protocols we use today. That implies the construction of communications devices that are very different from the locked-in, network-centric phones, tablets and computers we’re familiar with. I can think of no short-term scenario in which the development of such products will take place in any significant way.

For some time to come, we will continue to live in a world in which the powerful continue to load silver bullets and take aim squarely at their own feet.

Selling Democracy – ctd.

Farhad Manjoo says the Revolution will not be digitised. His recent Slate column, subtitled “How the Internet helps Iran silence activists” makes the obvious point that technology makes all aspects of communications easier – even the unpleasant ones. But his simplistic analysis misses the import of his own observation.

The key to all this is his failure to distinguish between the network and the protocol. Manjoo says that the Internet helps Iran’s repressive efforts. That’s not true, at least not nearly to the extent he thinks. The network – the physical infrastructure of cables, switching and routing equipment, is what’s trapping people right now. If it weren’t for the end-to-end nature of the software protocols that make up what we conveniently call the Internet, little if any news at all would have emerged from Iran.

Continue reading

Drowning in the Bathtub

I confess I’ve been more than a little surprised recently to see the ripples of shock and alarm spreading through liberal circles in the US recently. Having won an historic election, progressives somehow find it unimaginable that the Republican leopard hasn’t changed his spots.

How dare Karl Rove have the temerity to open his mouth? How dare the Rush Corps pray for failure? Can’t they see we’ve won?

The Left has won, that much is true. But all it’s won is an election, nothing more. This is not the end of the fight. Though they’ve suffered an electoral rout, many Republicans feel they are still on decent ground, and have every reason in the world to feel there’s no great need to change tactics.

For these people, a failed stimulus and subsequent economic disaster is the stuff of dreams. It’s what they’ve been working toward for decades.

Continue reading

Perspectives on Privacy

[This week’s Communications column for the Vanuatu Independent.]

This week, the Australian government moved closer to implementing its controversial Internet Content Filter. The ICF represents the Rudd government’s latest attempt to curtail access to illegal or ‘unwanted’ online materials by requiring that all Australian Internet providers implement this filtering system. News sources report that the government has released the technical specification of its pilot implementation.

I’ve written before about the technical, ethical and legal problems surrounding this plan. I maintain that the system is ineffective and inappropriate, foisting a law enforcement role on the nation’s ISPs, and threatening free speech without providing sufficient protection from the very content it seeks to block.

With Internet deregulation on the horizon in Vanuatu, it seems timely to take a look at some of the basic issues underlying the debate.

Continue reading

Town and Country

[This week’s Communications column for the Vanuatu Independent.]

It’s axiomatic that in our so-called Information Society, improving communications is synonymous with improving people’s quality of life. Easier access to information is generally accepted as a good thing.

Far be it from me to gainsay the truisms that keep me in pocket money. But I do enjoy being wrong.

One of the most important lessons I’ve learned in my time here in Vanuatu is that trends and patterns are not so universal as they sometimes seem. Things that are self-evident elsewhere in the world should not be taken for granted here. Society, geography, economy and a few dozen other differentiating factors make Vanuatu unique in important ways.

Received wisdom, even from the leading lights of development theory, often does more damage than good if it’s not leavened with a solid grounding in local conditions. And that’s why I’ve been waiting with bated breath for an upcoming report by the Pacific Institute of Public Policy (PiPP) on the social effects of mobile telephony in Vanuatu.

Continue reading

Then and Now

[This week’s Communications column for the Vanuatu Independent.]

In July 2004, the World Bank presented a report on the state of Vanuatu’s public utilities to the public.

This was a watershed moment. From that moment, the government of Vanuatu formally committed itself to a process that ultimately led to the break-up of the telecommunications monopoly and the creation of the Utilities Regulatory Authority.

The transformation since then has been nothing short of remarkable. Nobody seems to have anticipated just how widespread and immediate the effects of telecoms liberalisation would be. Some of the expectations outlined in the Infrastructure Regulatory Review appear now to be quite conservative, in some cases landing nearly outside the ballpark.

Perhaps most telling is the report’s contention that ‘low income, low population base, low urbanization and low literacy rate are characteristics which suggest that demand for telecommunications services in Vanuatu is likely to be constrained.’

Experience seems to indicate quite the opposite.
Continue reading

Single Point of Failure

On January 14, 2005, the Intelsat 804 satellite suddenly lost its power source and began drifting helplessly in space. This satellite provided much, and in some cases all, of the communications lines for countries from Sri Lanka to Samoa.

The effect of this sudden loss of service was particularly severe on Pacific island nations, because in many places this satellite represented the only communication link to the outside world. As of January 21, some countries were still offline, and others were still experiencing problems.

International communications were badly disrupted. International telephone and fax traffic stopped. Internet access was gone. Banks and credit card companies could not conduct transactions, leaving tourists without cash and resort owners accepting debts on faith alone. Airlines and airports could not communicate easily. Most importantly, disaster early warning systems were severely impaired.

When reviewing the list of affected countries, one thing quickly becomes clear: the countries most affected by the satellite failure were those whose communications systems had a single point of failure.

Single Point of Failure. Every network analyst knows, and fears, this term. It’s simple enough in principle: when planning a communications system, always make sure that there’s no single part whose failure can bring the whole system down.

In practice, it’s not as easy as it sounds. The failure of the Intelsat 804 satellite continues to cause significant problems throughout the Pacific region, particularly among the small island nations. This is mostly because the cost of communications makes having back-up satellite access very difficult.

Because of the relatively small amount of traffic they buy, Pacific island nations are relatively unimportant to international satellite providers. Technicians working to fix the problem reported spending hours, even days, trying to contact Intelsat staff. They spoke of being given emergency space on an alternative satellite, only to be bumped off by other customers.

The money that a satellite provider makes from a small island country is, relatively speaking, very small. From a business perspective, we’re not very important to them. But for us, international communications are more important than just business.

What if there had been a natural disaster? At the height of the hurricane season, in a region prone to earthquakes, volcanoes and tsunamis, this is not merely idle speculation. In fact, shortly after the outage occurred, there was a strong earthquake in Micronesia. Had it caused even a localised tsunami, the loss of communications could have cost us many lives.

Looking at the list of affected countries, it quickly becomes clear that those who suffered most are the ones who had only one connection to the outside world. Several countries had separate contracts for data and voice communications. When voice communications disappeared, they were able to use their data lines to compensate. In one case, technicians were able to use Voice Over IP (VOIP) protocols to enable outbound telephone calls within twelve hours.

What lessons can we take from this incident? It’s clear now that those carriers who relied on a single source for their data and voice communications paid most dearly. Their customers paid dearly too, in terms of lost business. It was pure luck that no lives were lost. Next time, we might not be so lucky.

But what can we do to prevent this happening again? The answer is to remove single points of failure wherever possible. Satellite communication is expensive, and underwater cable even more so. Still, it’s been demonstrated that opening national markets to multiple data carriers usually reduces prices for consumers and increases revenues for the carriers. In New Caledonia, data use has increased by one thousand percent since it opened its communications market three years ago. Importantly, they were one of the least affected nations when the Intelsat 804 failed.

Opening the communications market is not an appropriate answer for every island nation. Some are simply too small to support it. In these cases, using separate providers for voice and data service at very least ensures that if the one is lost, the other is still available.

Single Points of Failure are a liability in every system. International communications is one area where such a liability can cost lives.