Internet Freedom Fighters Build a Shadow Web
Saturday February 25, 2012 17:44 by Pleb
Governments and corporations have more control over the Internet than ever. Now digital activists want to build an alternative network that can never be blocked, filtered or shut down
(original article is in Scientific American, re-published here in the public interest)
By Julian Dibbell
• The Internet was designed to be a decentralized system: every node should connect to many others. This design helped to make the system resistant to censorship or outside attack.
• Yet in practice, most individual users exist at the edges of the network, connected to others only through their Internet service provider (ISP). Block this link, and Internet access disappears.
• An alternative option is beginning to emerge in the form of wireless mesh networks, simple systems that connect end users to one another and automatically route around blocks and censors.
• Yet any mesh network needs to hit a critical mass of users before it functions well; developers must convince potential users to trade off ease of use for added freedom and privacy.
Just after midnight on January 28, 2011, the government of Egypt, rocked by three straight days of massive antiregime protests organized in part through Facebook and other online social networks, did something unprecedented in the history of 21st-century telecommunications: it turned off the Internet. Exactly how it did this remains unclear, but the evidence suggests that five well-placed phone calls—one to each of the country’s biggest Internet service providers (ISPs)—may have been all it took. At 12:12 a.m. Cairo time, network routing records show, the leading ISP, Telecom Egypt, began shutting down its customers’ connections to the rest of the Internet, and in the course of the next 13 minutes, four other providers followed suit. By 12:40 a.m. the operation was complete. An estimated 93 percent of the Egyptian Internet was now unreachable. When the sun rose the next morning, the protesters made their way to Tahrir Square in almost total digital darkness.
Both strategically and tactically, the Internet blackout accomplished little—the crowds that day were the biggest yet, and in the end, the demonstrators prevailed. But as an object lesson in the Internet’s vulnerability to top-down control, the shutdown was alarmingly instructive and perhaps long overdue.
Much has been made of the Internet’s ability to resist such control. The network’s technological origins, we are sometimes told, lie in the cold war–era quest for a communications infrastructure so robust that even a nuclear attack could not shut it down. Although that is only partly true, it conveys something of the strength inherent in the Internet’s elegantly decentralized design. With its multiple, redundant pathways between any two network nodes and its ability to accommodate new nodes on the fly, the TCP/IP protocol that defines the Internet should ensure that it can keep on carrying data no matter how many nodes are blocked and whether it’s an atom bomb or a repressive regime that does it. As digital-rights activist John Gilmore once famously said, “The Internet interprets censorship as damage and routes around it.”
That is what it was designed to do anyway. And yet if five phone calls can cut off the Internet access of 80 million Egyptians, things have not worked quite that way in practice. The Egyptian cutoff was only the starkest of a growing list of examples that demonstrate how susceptible the Internet can be to top-down control. During the Tunisian revolution the month before, authorities had taken a more targeted approach, blocking only some sites from the national Internet. In the Iranian postelection protests of 2009, Iran’s government slowed nationwide Internet traffic rather than stopping it altogether. And for years China’s “great firewall” has given the government the ability to block whatever sites it chooses. In Western democracies, consolidation of Internet service providers has put a shrinking number of corporate entities in control of growing shares of Internet traffic, giving companies such as Comcast and AT&T both the incentive and the power to speed traffic served by their own media partners at the expense of competitors.
What happened, and can it be fixed? Can an Internet as dynamically resilient as the one Gilmore idealized—an Internet that structurally resists government and corporate throttles and kill switches—be recovered? A small but dedicated community of digital activists are working on it. Here is what it might look like.
It’s a dazzling summer afternoon at the wien-semmering power plant in Vienna, Austria. Aaron Kaplan has spent the past seven minutes caged inside a dark, cramped utility elevator headed for the top of the plant’s 200-meter-high exhaust stack, the tallest structure in the city. When Kaplan finally steps out onto the platform at its summit, the surrounding view is a panorama that takes in Alpine foothills to the west, green Slovakian borderlands in the east and the glittering Danube straight below. But Kaplan did not come here for the view. He walks straight to the platform’s edge to look instead at four small, weatherized Wi-Fi routers bolted to the guardrail.
These routers form one node in a nonprofit community network called FunkFeuer, of which Kaplan is a co-founder and lead developer. The signals that the routers beam and pick up link them, directly or indirectly, to some 200 similar nodes on rooftops all over greater Vienna, each one owned and maintained by the user who installed it and each contributing its bandwidth to a communal, high-speed Internet connection shared almost as far and wide as Kaplan, from the top of the smokestack, can see.
FunkFeuer is what is known as a wireless mesh network. No fees are charged for connecting to it; all you need is a $150 hardware setup (“a Linksys router in a Tupperware box, basically,” Kaplan says), a roof to put your equipment on and a line-of-sight connection to at least one other node. Direct radio contact with more than a few other nodes isn’t necessary, because each node relies on its immediate neighbors to pass along any data meant for nodes it cannot directly reach. In the network’s early months, soon after Kaplan and his friend Michael Bauer started it in 2003, the total number of nodes was only about a dozen, and this bucket brigade transmission scheme was a sometimes spotty affair: if even one node went down, there was a good chance the remainder could be cut off from one another or, crucially, from the network’s uplink, the one node connecting it to the Internet at large. Keeping the network viable around the clock back then “was a battle,” Kaplan recalls. He and Bauer made frequent house calls to help fix ailing user nodes, including one 2 a.m. rooftop session in the middle of a –15 degree Celsius snowstorm, made bearable only by the mugs of hot wine ferried over by Kaplan’s wife.
As the local do-it-yourself tech scene learned what FunkFeuer offered, however, the network grew. At somewhere between 30 and 40 nodes, it became self-sustaining. The network’s topology was rich enough that if any one node dropped out, any others that had been relying on it could always find a new path. The network had reached that critical density at which, as Kaplan puts it, “the magic of mesh networking kicks in.”
Mesh networking is a relatively young technology, but the “magic” Kaplan talks about is nothing new: it is the same principle that has long underpinned the Internet’s reputation for infrastructural resilience. Packet-switched store-and-forward routing—in which every computer connected to the network is capable not just of sending and receiving information but of relaying it on behalf of other connected computers—has been a defining architectural feature of the Internet since its conception. It is what creates the profusion of available transmission routes that lets the network simply “route around damage.” It is what makes the Internet, theoretically at least, so hard to kill.
If the reality of the Internet today more closely matched the theory, mesh networks would be superfluous. But in the two decades since the Internet outgrew its academic origins and started becoming the ubiquitous commercial service it is now, the store-and-forward principle has come to play a steadily less meaningful role. The vast majority of new nodes added to the network in this period have been the home and business computers brought online by Internet service providers. And in the ISP’s connection model, the customer’s machine is never a relay point; it’s an end point, a terminal node, configured only to send and receive and only to do so via machines owned by the ISP. The Internet’s explosive growth, in other words, has not added new routes to the network map so much as it has added cul-de-sacs, turning ISPs and other traffic aggregators into focal points of control over the hundreds of millions of nodes they serve. For those nodes there is no routing around the damage if their ISP goes down or shuts them off. Far from keeping the Internet tough to kill, the ISP, in effect, becomes the kill switch.
What mesh networks do, on the other hand, is precisely what an ISP does not: they let the end user’s machine act as a data relay. In less technical terms, they let users stop being merely Internet consumers and start being their own Internet providers. If you want a better sense of what that means, consider how things might have happened on January 28 if Egypt’s citizens communicated not through a few ISPs but by way of mesh networks. At the very least, it would have taken a lot more than five phone calls to shut that network down. Because each user of a mesh network owns and controls his or her own small piece of the network infrastructure, it might have taken as many phone calls as there were users—and much more persuading, for most of those users, than the ISPs’ executives needed.
At 37 years old, sascha meinrath has been a key player in the community mesh-networking scene for about as long as there has been a scene. As a graduate student at the University of Illinois, he helped to start the Champaign-Urbana Community Wireless Network (CUWiN), one of the first such networks in the U.S. Later, he co-organized a post-Katrina volunteer response team that set up an ad hoc mesh network that spanned 60 kilometers of the disaster area, restoring telecommunications in the first weeks after the hurricane. Along the way, he moved to Washington, D.C., intent on starting a community wireless business but instead ending up being “headhunted,” as he puts it, by the New America Foundation, a high-powered think tank that hired Meinrath to generate and oversee technology initiatives. It was there, early last year, that he launched the Commotion wireless project, an open-source wireless mesh-networking venture backed by a $2-million grant from the U.S. State Department.
The near-term goal of the project is to develop technology that “circumvents any kill switch and any sort of central surveillance,” Meinrath says. To illustrate the idea, he and other core Commotion developers put together what has been called a prototype “Internet in a suitcase”: a small, integrated package of wireless communications hardware, suitable for smuggling into a repressive government’s territory. From there, dissidents and activists could provide unblockable Internet coverage. The suitcase system is really just a rough-and-ready assemblage of technologies already well known to mesh-networking enthusiasts. Any sufficiently motivated geek could set one up and keep it working.
The long-term question for Meinrath and his colleagues is, “How do you make it so easy to configure that the other 99.9 percent of nongeek humanity can do it?” Because the more people use a mesh network, the harder it is to kill.
In one way, this is numerically self-evident: a mesh network of 100 nodes takes less effort to shut down, node by node, than a mesh of 1,000 nodes. Perhaps more important, a larger mesh network will tend to contain more links to the broader Internet. These uplinks—the sparsely distributed portal nodes standing as choke points between the mesh and the rest of the Internet—become less of a vulnerability as the mesh gets bigger. With more uplinks safely inside the local mesh, fewer everyday communications face disruption should any one link to the global network get cut. And because any node in the mesh could in principle become an uplink using any external Internet connection it can find (dial-up ISP, tethered mobile phone), more mesh nodes also mean a greater likelihood of quickly restoring contact with the outside world.
Size matters, in a word. Thus, in mesh-networking circles, the open question of mesh networks’ scalability—of just what size they can grow to—has tended to be a pressing one. Whether it is even theoretically possible for mesh networks to absorb significant numbers of nodes without significantly bogging down remains controversial, depending on what kind of numbers count as significant. Just a few years ago some network engineers were arguing that mesh sizes could never grow past the low hundreds of nodes. Yet currently the largest pure-mesh networks have node counts in the low four digits, and dozens of community networks thrive, with the biggest of them using hybrid mesh-and-backbone infrastructures to reach node counts as high as 5,000 (like the Athens Wireless Metropolitan Network in Greece) and even 15,000 (like Guifi.net in and around Barcelona). The doubt that lingers is whether it is humanly possible for mesh networks to grow much bigger, given how most humans feel about dealing with technologies as finicky and complicated as mesh networks.
Unlike most open-source technologies, which tend to downplay the importance of a user-friendly interface, the mesh movement is beginning to realize how critical it is for its equipment to be simple. But if Commotion is not alone in seeking to make mesh networks simpler to use, the key simplification it proposes is a uniquely radical one: instead of making it easier to install and run mesh-node equipment in the user’s home or business, Commotion aims to make it unnecessary. “The notion is that you can repurpose cell phones, laptops, existing wireless routers, et cetera,” Meinrath explains, “and build a network out of what’s already in people’s pockets and book bags.” He calls it a “device as infrastructure” network, and in the version he envisions, adding one more node to the mesh would require all the effort of flipping a switch. “So in essence, on your iPhone or your Android phone, you would push a button and say, yes, join this network,” he says. “It needs to be that level of ease.”
Imagine a world, then, in which mesh networks have finally reached that level—finally cleared the hurdle of mass usability to become, more or less, just another app running in the background. What happens next? Does the low cost of do-it-yourself Internet service squeeze the commercial options out of the market until the last of the ISPs’ hub-and-spoke fiefdoms give way to a single, world-blanketing mesh?
Even the most committed supporters of network decentralization aren’t betting on it. “This type of system, I think, will always be a poor man’s Internet,” says Jonathan Zittrain, a Harvard Law School professor and author of The Future of the Internet: And How to Stop It. Zittrain would be happy to see the mesh approach succeed, but he recognizes it may never match some of the efficiencies of more centrally controlled networks. “There are real benefits to centralization,” he says, “including ease of use.” Ramon Roca, founder of Guifi.net, likewise doubts mesh networks will ever put the ISPs out of business—and for that matter, doubts such networks will ever take much more than 15 percent of the market from them. Even at that low a rate of penetration, however, mesh networks can serve to “sanitize the market,” Roca argues, opening up the Internet to lower-income households that otherwise could not afford it and spurring the dominant ISPs to bring down prices for everybody else.
As welcome as those economic effects might be, the far more important civic effects—mesh networking’s built-in resistances to censorship and surveillance—need a lot more than a 15 percent market share to thrive. And if it is clear that market forces alone are not going to get that number up much higher, then the question is, What will?
Typically, when markets fail to deliver a social good, the first place that gets looked to for a fix is government. In this case particularly, that is not a bad place to start looking. The same mesh network that routes around censorship as if it were damage can just as effectively route around actual damage, which makes mesh networks an ideal communications channel in the face of hurricanes, earthquakes and other natural disasters of the kind that governments are charged with protecting against. Zittrain contends, therefore, that it would be good policy for governments to take an active hand in spreading mesh networks not just among foreign dissidents but among their own citizens. All it might take is a requirement that cell phones sold in the U.S. come equipped with emergency mesh-networking capabilities so that they are ready to turn themselves into relay-capable nodes at the press of a button. From a public policy perspective, Zittrain says, “it’s a no-brainer to build that. And the national security and law-enforcement establishments should generally cheer it on.”
The hitch, of course, is that it is just as easy to picture law-enforcement agencies denouncing any national mesh network as a place for criminals and terrorists to communicate out of earshot of the telephone and ISP companies that facilitate surveillance. Such are the complications of counting on government to support mesh networking when it is governments, often enough, that do the kind of damage mesh networks promise to help fix.
It is doubtful, then, that governments can be relied on to do the job any more than markets can. But Eben Moglen has some thoughts about what might. Moglen is a law professor at Columbia University and for many years has been the lawyer for the Free Software Foundation, a nonprofit group of digital activists. Last February, inspired partly by the news from Tunisia, he announced a project called FreedomBox. He also announced he was seeking start-up money for the project on the crowdsourced funding site Kickstarter, and he went on to raise $60,000 in five days.
As a project, FreedomBox has a number of similarities to Commotion, few of them entirely coincidental (Meinrath has a seat on the FreedomBox Foundation’s technical advisory committee). Like Commotion, the project broke ground with an illustrative prototype—in this case, the FreedomBox, a networking device about the size of a small brick that costs “$149, in small quantity, and will ultimately be replaced by a bunch of hardware that is half that cost or less,” Moglen says.
Again like Commotion, FreedomBox is not tied to the form of any specific gadget. Rather it’s a stack of code that can go into the increasing number of networked CPUs that are piling up in our homes and lives, like “dust bunnies under people’s couches,” as Moglen puts it. All of these can become the infrastructure of an Internet that “rebalances privacy” and restores the vision of “a decentralized network of peers.” There are IP addresses in television set-top boxes, in refrigerators—any of these, Moglen says, could be a FreedomBox. And it is not just about decentralizing the infrastructure. It is about decentralizing data, too. For Moglen, for example, the concentration of user data in cloud services such as Facebook and Google is just as much a threat to privacy and freedom of expression as the concentration of traffic in ISPs. To counteract this trend, FreedomBox will be optimized to run alternative social networks such as Diaspora that store your personal data on your machine, sharing it only with the people you choose via peer-to-peer networks.
Still, the key element in the project, Moglen says, is “the political will that is being displayed by a generation of young people who, because of their dependence on social networking, are increasingly aware of their and other people’s vulnerability online.” It is this earnestness he is counting on to motivate, in part, the many coders who are contributing labor to the project. It is also the one thing likeliest to push users to adopt the technology. Short of a sustained campaign of techno-activism, Moglen suggests, it’s not clear what will ever wake the average user to the broad costs in eroded freedom and privacy that we pay for ease of use and other, more immediately tangible benefits.
“People underestimate the harm being done by the death of privacy pretty much in the same way that they underestimate the extraordinary multiplicative consequences of other ecologically destructive acts,” such as littering and polluting, Moglen says. “It’s hard for human beings to calculate ecologically. It’s not a thing that the primate brain evolved to do.”
This suggests that the reinvention of the Internet can never be just a matter of tweaking the technologies. It may require a political movement as broad-based and long-ranged as the environmental movement. If neither government nor markets can lead us there, maybe only a collective change of awareness will do, like the kind of change that the green movement brought about by force of will. Nobody recycled before. Now we do. Nobody uses mesh infrastructure now. Someday we might.
Even then, no single technical measure would be enough to preserve the freedoms that the Internet both evokes and embodies. That’s because, ultimately, even the ideal, unkillable Internet can’t, on its own, resist the social and economic forces that push to recentralize it. Mesh networking is just one way to help push back. “These mesh networks are good for communities, and the bigger they are, the better,” Funkfeuer’s Kaplan says. But even a single, worldwide mesh would still be at risk of retracing the evolutionary steps that led to the compromised Internet we have now. “Mesh networking is not a replacement for the Internet. It’s just part of it,” he says. “There’s no place for utopia here.”