Infowar – A Case Study

[This weekend’s Opinion column in the Daily Post]

The recent decision by the Mubarak regime in Egypt to cut off all Internet access for its citizens is a textbook example of using a silver bullet to shoot oneself in the foot.

The whys and wherefores of how they’ve gone about doing so provide a useful opportunity to understand the paradox of control over the Internet and the costs involved when governments and other actors indulge their desire to dam the torrent of information that flows across their networks.

In order to do that, we need to dispel a rather pesky myth.

Perhaps the most dangerous misconception of the Internet is its survivability. It’s true that, as one information activist put it, the Internet treats censorship as damage and routes around it. But that statement is predicated on the actual presence of an Internet in the first place.

That may sound like a silly statement, but the Internet might not be as enduring as many assume it to be.

While many of the software and communications protocols that define the Internet are, by design, remarkably resistant to outside control, the physical networks through which our data passes are not nearly so robust.

James Cowie, a network analyst from Renesys Corporation, has written excellent analyses of state intervention in national communications both during the post-election strife in Iran and more recently in Egypt. Using forensic evidence gathered in real time, he constructs a vivid scenario: In contrast to Iranian authorities, who elected to use physical choke-points in the communications infrastructure to reduce the flow of information to a trickle, Egyptian authorities appear to have instructed all national Internet Service Providers simply to cut all communications with the outside world.

Starting at midnight (Egyptian time) on the 27th of January 2011, Egypt’s largest ISPs began disappearing from the Internet. Within a period of about 13 minutes, they simply stopped delivering data to and from their customers.

Cowie writes:

“[T]his sequencing looks like people getting phone calls, one at a time, telling them to take themselves off the air. Not an automated system that takes all providers down at once; instead, the incumbent leads and other providers follow meekly one by one until Egypt is silenced.”

How did this happen? Every large ISP participates in a cooperative system called the Border Gateway Protocol, or BGP. BGP allows them to discover how traffic destined to a remote network should be directed. Simply put, each ISP announces which address blocks it supports. These blocks can represent tens or even hundreds of thousands of individual machine addresses.

Designed for simpler times, BGP is a trust-based protocol. It relies implicitly of the good faith of all participants to continue working. This makes it remarkably vulnerable to the machinations of states or organisations whose interests don’t align with others’. Back in 2008, Pakistan Telecom caused a furore when, for a little over 2 hours, their bungled attempt to use BGP to block YouTube domestically resulted in the site disappearing from much of the Internet.

Just last year, a change to BGP traffic announcements resulted in about 15% of all Internet traffic being routed through networks in China for a brief period. This resulted in breathless speculation that the disruption was not accidental. Some claimed that it amounted to a reconnaissance in force, as it were, a probing of the global Internet to determine its resilience in the face of attack.

Intentional or not, these disruptions to the BGP apparatus make it abundantly clear that choke points exist on the Internet and that they are remarkably easy to subvert.

Debate continues to rage in technical circles about what can be done to mitigate BGP’s innate deficiencies. Changes will doubtless be necessary. But the liability wouldn’t be so grave if our physical communications networks weren’t so hopelessly centralised.

Egypt offers us a particularly vivid example of this. A country of over 80 million people, it has only a half a dozen or so large Internet providers. Only one of them, the Noor Group, initially resisted the demand to drop services. Some have speculated that its continued online presence was due to its extensive list of blue chip clients, including many banks and the Egyptian Stock Exchange.

Ultimately, though, it was a limited victory. Noor advertised only 83 of the roughly 3500 data routes in and out of Egypt. They were eventually forced off the air a week after their IT confrères.

In Iran, population 72 million, there are only 5 significant international links, all of which flow through a single Government-run office. Such centralisation makes it easy for the state to exert its influence.

(One European-owned company, Vodaphone, washed its hands of the decision to cut service to its Egyptian customers, claiming that the Mubarak regime had the legal right to issue the order. This rhetorical line apes the rationale provided by Nokia-Siemens when it was discovered that their equipment enabled Iranian authorities to block most traffic and eavesdrop on the rest.)

The Internet as a principle –that is, the idea of an open network allowing free communication regardless of source or sender– is not as popular as some might believe. It made its way into the commercial world more by stealth than by deliberation. Telcos didn’t really understand the Internet as a service; they just knew they had to offer it in order to compete.

One thing was clear to them: The sum of all services across a global network was clearly more valuable than those offered by a single provider. Equally attractive was the perception that these services came more or less for free with the connection.

But the seductive power of the Net hasn’t changed attitudes entirely.

Telecommunications companies, with a long legacy of market-controlling behaviour, still build and deploy their infrastructure using centralised models. Recently, some of them have begun lobbying for the right to exert control over the data that passes over their networks, potentially penalising services that compete with their own. Comcast, one of the largest ISPs in the US, recently got approval to acquire NBC Universal and its content-creation ecosystem, giving rise to fears that they might leverage their control over the information pipeline to dictate what passes through it.

Put simply, carriers would love nothing better than to go back to the telephone service model, where fees are based on where you are and who you talk to, with no conversation possible unless you’ve paid your toll.

The principle of an end-to-end network –that is, one that allows direct, unmediated connections between two parties– militates strongly in the opposite direction. Its appeal is remarkably seductive, leading most Internet users to view with displeasure the telcos’ (or governments’) desire to mediate communications.

Renesys quite rightly remarks that if cuts to Egypt’s Internet had lasted much longer, the reduction in commercial activity could have been catastrophic for the nation.

Furthermore, Cowie remarks, it wasn’t only Egypt’s pipelines that were at risk:

“[T]he majority of Internet connectivity between Europe and Asia actually passes through Egypt. The Gulf States, in particular, depend critically on the Egyptian fiber-optic corridor for their connectivity to world markets.

“Are the folks at Davos thinking about this? They should be.”

In a perfect world, consumer choice and basic business commonsense would always win. But the problem is that centralised networks not only cost a lot of money (placing their design and construction into the hands of the most powerful), they make a lot of money, too.

In monetary and political terms, the wealth of the network itself tends to pool rather than to flow.

A fundamental change has already overtaken the public’s perception about the value and nature of digital communications. Passive consumption of news through the television is considered passé, or at least diminished in relation to the sharing of photos, videos and words across the Internet.

As individual control over the flow of information rises, central control wanes. And this, obviously, is the crux of the dilemma facing businesses and governments across North Africa and throughout the world. They are belatedly coming to realise that they are fighting a many-headed hydra. As they cut off one avenue of communication, another rears its head.

But that hydra has a body, and the body is the network itself.

As this column goes to press, it appears that Egypt’s decision to cut off the Internet failed in every important regard. One protester is reported to have said, “F*** the internet! I have not seen it since Thursday and I am not missing it.… Go tell Mubarak that the people’s revolution does not need his damn internet!

I would be amazed, however, if this fact led other governments to act differently, should they find themselves in a similar situation. Indeed, the US Congress is currently considering legislation that would provide the President with an ‘Internet Kill Switch’ for use in case of emergency.

Likewise, I see no evidence that the ultimate futility of attempting to control the flow of information will change attitudes in the board rooms and offices where our increasingly centralised networks are planned. For telcos, the challenge is merely technical.

For the Internet –as it was originally intended– to become fully realised and fully resistant to coercion, the devices and infrastructure through which our data travels will need to reflect the same principle of decentralisation as the software and protocols we use today. That implies the construction of communications devices that are very different from the locked-in, network-centric phones, tablets and computers we’re familiar with. I can think of no short-term scenario in which the development of such products will take place in any significant way.

For some time to come, we will continue to live in a world in which the powerful continue to load silver bullets and take aim squarely at their own feet.