net.wars: Running with scissors
by Wendy M Grossman | posted on 06 December 2013
What with one thing and another, net.wars failed to mark November 2, 2013 as the 25th anniversary of the Internet worm. Probably its author, Robert Tappan Morris, Jr, would have liked for the whole world to fail similarly. Instead, he got to be one of the first to discover what life is like in the Age of the Internet, when it's increasingly hard to lose your past mistakes in the mists of time. Especially when those mistakes represent a watershed moment in the development of a globally adopted technology.
I have no way of proving this, but it's long been my belief that the Morris worm was the first time many of us - at least, those who were sentient at the time - heard of the Internet. It was certainly the first time I did, though I already knew of electronic bulletin boards reached via phone and modem. My hazy recollection is of reading in the newspaper that there was this network that connected universities and research divisions of large companies and it, and consequently them, had been paralyzed when someone released this bit of software.
In retrospect, at the time I may have paid attention to exactly the wrong facets of the articles I read: communications network, computers, facilitating research and information sharing. Wow. Amazing. The bit I overlooked: not working, paralyzing those who depend on it. The people whose payment plans were disrupted this week because of RBS's IT systems failure could probably identify. As could myriad others. The Hotfile users whose service has vanished overnight after the site lost to the MPAA in court. The Bitcoin users, both witting and unwitting who have been under attack. And so on.
The problem isn't that we use these various technologies, or even that we rely on them. It's that technology deployment has three phases. In the first, people experiment. In the second, they use it for real. In the third, they tear down whatever the old system was that it has replaced. The current economic climate is arguably speeding up moving from stage two to stage three: for many businesses, continued growth depends on cost-cutting and improved efficiency. What could be more efficient than getting rid of duplicate systems? The rather optimistic talks last week at the Westminster eForum on digital payments (PDF) are a case in point. The first person I thought of when the RBS outage occurred was Dave Birch, who is intent on exterminating cash. Sure, you could say that those whose cards ceased to function in the RBS outage were no worse off than a person carrying cash who gets relieved of it in a mugging - either way, you can't get home - but the key to recovery in those situations is redundancy, the folded-up fiver in a back pocket, or the hidden emergency credit card. I keep cash around, not because I'm a criminal as Dave Birch likes to suggest cash hoarders all are, but for the same reason that I don't keep all my credit cards in the same wallet or all my money in just the one bank. I think of it as planning for failure.
The RISKS Forum, run by the veteran computer scientist Peter G. Neumann and which I've read for many years, tends to foster this kind of thinking. Over and over again you find RISKS posting stories of failure to think ahead, to plan for the need to recover, to imagine what might happen if a system failed due to malice, poor or unacceptable design, or user incompetence; often, sadly, these failures were explained and solved in papers written 40 years ago. An Android flashlight app that ignores user-set preferences and sends location and other data back to the mother ship does not have to be a permanent fixture in your life provided that you haven't thrown away all your flashlights and you can still buy or make more.
What I worry about is that we're throwing away the flashlights. One of the points about the continuing Snowden revelations is how few alternatives we've been left for avoiding NSA (and others') surveillance. Landlines, cell phone location data, Internet traffic, even - the thing that privacy advocates used to use as a way of describing how unacceptable these practices would be if translated into older ways of life - postal mail. Like the data collection in the flashlight app, all this surveillance is an unwanted bug in the systems we thought we were buying.
What's especially disturbing about these stories is the extent to which so many of the people in control of the technology we use seem able to think in only one way: we must have data. We need to rediscover other modes of thought: perhaps using older tools, like handwriting and doing mental arithmetic
In Pudd'nhead Wilson's Calendar, Mark Twain wrote: "...the wise man saith, 'Put all your eggs in the one basket - and then *watch that basket*!'" That was before computers. We need to learn the real lesson from the Morris worm: how to cope when they don't work.
Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.
Technorati tags: morris worm security spafford
Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, follow on Twitter or send email to netwars(at) skeptic.demon.co.uk (but please turn off HTML).