All Complex Ecosystems Have Parasites Cory Doctorow doctorow@craphound.com For the O'Reilly Emerging Technology Conference San Diego, California 16 March 2005 -- This text is dedicated to the public domain, using a Creative Commons public domain dedication: > Copyright-Only Dedication (based on United States law) > > The person or persons who have associated their work with this > document (the "Dedicator") hereby dedicate the entire copyright > in the work of authorship identified below (the "Work") to the > public domain. > > Dedicator makes this dedication for the benefit of the public at > large and to the detriment of Dedicator's heirs and successors. > Dedicator intends this dedication to be an overt act of > relinquishment in perpetuity of all present and future rights > under copyright law, whether vested or contingent, in the Work. > Dedicator understands that such relinquishment of all rights > includes the relinquishment of all rights to enforce (by lawsuit > or otherwise) those copyrights in the Work. > > Dedicator recognizes that, once placed in the public domain, the > Work may be freely reproduced, distributed, transmitted, used, > modified, built upon, or otherwise exploited by anyone for any > purpose, commercial or non-commercial, and in any way, including > by methods that have not yet been invented or conceived. -- AOL hates spam. AOL could eliminate nearly 100 percent of its subscribers' spam with one easy change: it could simply shut off its internet gateway. Then, as of yore, the only email an AOL subscriber could receive would come from another AOL subscriber. If an AOL subscriber sent a spam to another AOL subscriber and AOL found out about it, they could terminate the spammer's account. Spam costs AOL millions, and represents a substantial disincentive for AOL customers to remain with the service, and yet AOL chooses to permit virtually anyone who can connect to the Internet, anywhere in the world, to send email to its customers, with any software at all. Email is a sloppy, complicated ecosystem. It has organisms of sufficient diversity and sheer number as to beggar the imagination: thousands of SMTP agents, millions of mail-servers, hundreds of millions of users. That richness and diversity lets all kinds of innovative stuff happen: if you go to nytimes.com and "send a story to a friend," the NYT can convincingly spoof your return address on the email it sends to your friend, so that it appears that the email originated on your computer. Also: a spammer can harvest your email and use it as a fake return address on the spam he sends to your friend. Sysadmins have server processes that send them mail to secret pager-addresses when something goes wrong, and GPLed mailing-list software gets used by spammers and people running high-volume mailing lists alike. You could stop spam by simplifying email: centralize functions like identity verification, limit the number of authorized mail agents and refuse service to unauthorized agents, even set up tollbooths where small sums of money are collected for every email, ensuring that sending ten million messages was too expensive to contemplate without a damned high expectation of return on investment. If you did all these things, you'd solve spam. By breaking email. Small server processes that mail a logfile to five sysadmins every hour just in case would be prohibitively expensive. Convincing the soviet that your bulk-mailer was only useful to legit mailing lists and not spammers could take months, and there's no guarantee that it would get their stamp of approval at all. With verified identity, the NYTimes couldn't impersonate you when it forwarded stories on your behalf -- and Chinese dissidents couldn't send out their samizdata via disposable gmail accounts. An email system that can be controlled is an email system without complexity. Complex ecosystems are influenced, not controlled. The Hollywood studios are conniving to create a global network of regulatory mandates over entertainment devices. Here they call it the Broadcast Flag; in Europe, Asia, Australia and Latinamerica it's called DVB Copy Protection Content Management. These systems purport to solve the problem of indiscriminate redistribution of broadcast programming via the Internet, but their answer to the problem, such as it is, is to require that everyone who wants to build a device that touches video has to first get permission. If you want to make a TV, a screen, a video-card, a high-speed bus, an analog-to-digital converter, a tuner card, a DVD burner -- any tool that you hope to be lawful for use in connection with digital TV signals -- you'll have to go on bended knee to get permission to deploy it. You'll have to convince FCC bureaucrats or a panel of Hollywood companies and their sellout IT and consumer electronics toadies that the thing you're going to bring to market will not disrupt their business models. That's how DVD works today: if you want to make a DVD player, you need to ask permission from a shadowy organization called the DVD-CCA. They don't give permission if you plan on adding new features -- that's why they're suing Kaleidascape for building a DVD jukebox that can play back your movies from a hard-drive archive instead of the original discs. CD has a rich ecosystem, filled with parasites -- entrepreneurial organisms that move to fill every available niche. If you spent a thousand bucks on CDs ten years ago, the ecosystem for CDs would reward you handsomely. In the intervening decade, parasites who have found an opportunity to suck value out of the products on offer from the labels and the dupe houses by offering you the tools to convert your CDs to ring-tones, karaoke, MP3s, MP3s on iPods and other players, MP3s on CDs that hold a thousand percent more music -- and on and on. DVDs live in a simpler, slower ecosystem, like a terrarium in a bottle where a million species have been pared away to a manageable handful. DVDs pay no such dividend. A thousand dollars' worth of ten-year old DVDs are good for just what they were good for ten years ago: watching. You can't put your kid into her favorite cartoon, you can't downsample the video to something that plays on your phone, and you certainly can't lawfully make a hard-drive-based jukebox from your discs. The yearning for simple ecosystems is endemic among people who want to "fix" some problem of bad actors on the networks. Take interoperability: you might sell me a database in the expectation that I'll only communicate with it using your authorized database agents. That way you can charge vendors a license fee in exchange for permission to make a client, and you can ensure that the clients are well-behaved and don't trigger any of your nasty bugs. But you can't meaningfully enforce that. EDS and other titanic software companies earn their bread and butter by producing fake database clients that impersonate the real thing as they iterate through every record and write it to a text file -- or simply provide a compatibility layer through systems provided by two different vendors. These companies produce software that lies -- parasite software that fills niches left behind by other organisms, sometimes to those organisms' detriment. So we have "Trusted Computing," a system that's supposed to let software detect other programs' lies and refuse to play with them if they get caught out fibbing. It's a system that's based on torching the rainforest with all its glorious anarchy of tools and systems and replacing it with neat rows of tame and planted trees, each one approved by The Man as safe for use with his products. For Trusted Computing to accomplish this, everyone who makes a video-card, keyboard, or logic-board must receive a key from some certifying body that will see to it that the key is stored in a way that prevents end-users from extracting it and using it to fake signatures. But if one keyboard vendor doesn't store his keys securely, the system will be useless for fighting keyloggers. If one video-card vendor lets a key leak, the system will be no good for stopping screenlogging. If one logic-board vendor lets a key slip, the whole thing goes out the window. That's how DVD DRM got hacked: one vendor, Xing, left its keys in a place where users could get at them, and then anyone could break the DRM on any DVD. Not only is the Trusted Computing advocates' goal -- producing a simpler software ecosystem -- wrongheaded, but the methodology is doomed. Fly-by-night keyboard vendors in distant free trade zones just won't be 100 percent compliant, and Trusted Computing requires no less than perfect compliance. The whole of DRM is a macrocosm for Trusted Computing. The DVB Copy Protection system relies on a set of rules for translating every one of its restriction states -- such as "copy once" and "copy never" -- to states in other DRM systems that are licensed to receive its output. That means that they're signing up to review, approve and write special rules for every single entertainment technology now invented and every technology that will be invented in the future. Madness: shrinking the ecosystem of everything you can plug into your TV down to the subset that these self-appointed arbiters of technology approve is a recipe for turning the electronics, IT and telecoms industries into something as small and unimportant as Hollywood. Hollywood -- which is a tenth the size of IT, itself a tenth the size of telecoms. In Hollywood, your ability to make a movie depends on the approval of a few power-brokers who have signing authority over the two-hundred-million-dollar budgets for making films. As far as Hollywood is concerned, this is a feature, not a bug. Two weeks ago, I heard the VP of Technology for Warners give a presentation in Dublin on the need to adopt DRM for digital TV, and his money-shot, his big convincer of a slide went like this: "With advances in processing power, storage capacity and broadband access... EVERYBODY BECOMES A BROADCASTER!" Heaven forfend. Simple ecosystems are the goal of proceedings like CARP, the panel that set out the ruinously high royalties for webcasters. The recording industry set the rates as high as they did so that the teeming millions of webcasters would be rendered economically extinct, leaving behind a tiny handful of giant companies that could be negotiated with around a board room table, rather than dealt with by blanket legislation. The razing of the rainforest has a cost. It's harder to send a legitimate email today than it ever was -- thanks to a world of closed SMTP relays. The cries for a mail-server monoculture grow more shrill with every passing moment. Just last week, it was a call for every mail-administrator to ban the "vacation" program that sends out automatic responses informing senders that the recipient is away from email for a few days, because mailboxes that run vacation can cause "spam blowback" where accounts send their vacation notices to the hapless individuals whose email addresses the spammers have substituted on the email's Reply-To line. And yet there is more spam than there ever was. All the costs we've paid for fighting spam have added up to no benefit: the network is still overrun and sometimes even overwhelmed by spam. We've let the network's neutrality and diversity be compromised, without receiving the promised benefit of spam-free inboxes. Likewise, DRM has exacted a punishing toll wherever it has come into play, costing us innovation, free speech, research and the public's rights in copyright. And likewise, DRM has not stopped infringement: today, infringement is more widespread than ever. All those costs borne by society in the name of protecting artists and stopping infringement, and not a penny put into an artist's pocket, not a single DRM-restricted file that can't be downloaded for free and without encumbrance from a P2P network. Everywhere we look, we find people who should know better calling for a parasite-free Internet. Science fiction writers are supposed to be forward looking, but they're wasting their time demanding that Amazon and Google make it harder to piece together whole books from the page-previews one can get via the look-inside-the-book programs. They're even cooking up programs to spoof deliberately corrupted ebooks into the P2P networks, presumably to assure the few readers the field has left that reading science fiction is a mug's game. The amazing thing about the failure of parasite-elimination programs is that their proponents have concluded that the problem is that they haven't tried hard enough -- with just a few more species eliminated, a few more policies imposed, paradise will spring into being. Their answer to an unsuccessful strategy for fixing the Internet is to try the same strategy, only moreso -- only fill those niches in the ecology that you can sanction. Hunt and kill more parasites, no matter what the cost. We are proud parasites, we Emerging Techers. We're engaged in perl whirling, pythoneering, lightweight javarey -- we hack our cars and we hack our PCs. We're the rich humus carpeting the jungle floor and the tiny frogs living in the bromeliads. The long tail -- Chris Anderson's name for the 95% of media that isn't top sellers, but which, in aggregate, accounts for more than half the money on the table for media vendors -- is the tail of bottom-feeders and improbable denizens of the ocean's thermal vents. We're unexpected guests at the dinner table and we have the nerve to demand a full helping. Your ideas are cool and you should go and make them real, even if they demand that the kind of ecological diversity that seems to be disappearing around us. You may succeed -- provided that your plans don't call for a simple ecosystem where only you get to provide value and no one else gets to play. eof