- Email: [email protected]
Open or closed?
THE DARK SIDE Right from the beginning, the internet has had its shadowlands: parts of the network deliberately hidden from public view. The original “dark net” comprised nodes on ARPANET that received messages but didn’t appear in network lists, or acknowledge or respond to messages. Today, perhaps the most prominent example of the dark net is the Tor network, which enables users to disguise their identities and communicate anonymously. An acronym for “the onion router”, Tor involves layers of encryption, analogous to the layers of an onion, that let someone send data without their computer’s unique IP address being revealed. Just as the internet is often confused with the web, the dark net is often muddled with the deep web, the parts of the web that aren’t typically indexed by search engines such as Google. That has many legitimate uses. Indeed, most of us are part of the deep web if we use webmail, a company intranet or a restricted-access social-media profile. The dark net and Tor are most often associated in people’s minds with illicit trading in commodities like drugs and arms on online markets such as the now-shuttered Silk Road. But the anonymity the dark net affords can also facilitate whistle-blowing and protect users living under authoritarian regimes from censorship – a not inconsiderable boon, given the pressures the internet is under today (see “Open or closed”, right). Donna Lu
4.8 trillion gigabytes of data will pass between IP addresses in 2022, three times the amount in 2017 SOURCE: CISCO
Open or closed? The idea of one, unified, global internet is under threat. How much should we care, asks Douglas Heaven
O
NE sure sign of a mature technology is that you only ever think about it when it doesn’t work. You don’t consider the pipes beneath your feet until your drain gets blocked. Similarly, you don’t reflect on the internet until your video call dies. The internet’s foundational organisational principle – that it has no organising principle – has given it an unprecedented reach into our lives. At least in theory, anyone can join it, extend it, write software for it, make money from it. As a result, today’s internet isn’t just about emails, Facebook updates and hours and hours of Netflix. Information exchange through it has come to underpin essential everyday services from power grids to public transport. Without it, the world we know would stop. Today, the internet is continuing to grow apace, as gaps in its global coverage are closed and ever more devices are connected to it, from smartwatches to cars and even refrigerators. Yet at the same time, the very principles of openness that underpin it are under threat from an unholy coalition of government, commercial and other interests. The question is whether that is necessarily all a bad thing. Might a more closed, better regulated internet actually be in all our interests? An example of the threats the internet currently faces came with a message on 12 June this year on the Twitter account of internet messaging app Telegram. It announced that “GADZILLIONS of garbage requests” had knocked out its network. Telegram’s end-to-end encryption makes it popular with privacy-minded users. This huge “distributed denial of service” attack came at the height of street protests in Hong Kong against mainland China’s attempt to gain greater control. The company later said that the attack appeared to have been orchestrated from China. If so, it wouldn’t have been the first time: in 2015, a similar attack on a US website hosting anti-censorship software seems to have come from the same location. The possibility of
waging this sort of cyberwarfare is a consequence of the internet’s open, borderless structure. Ransomware like NotPetya or WannaCry, which took computer systems around the world hostage in 2017, is another favoured tool. Once released, such software can spread like wildfire in open grassland through the internet’s distributed nodes. Cyberwarfare is the stated reason why Vladimir Putin’s government wants to follow China’s lead and erect borders around Russia’s portion of the internet. A “sovereign internet” bill, passed earlier this year, requires telecoms companies to monitor and filter all internet traffic passing into Russia, and proposes an off switch to separate the country from the rest of the world during a cyberattack. The details are still hazy. China has been building barriers since the internet arrived there, but Russia’s internet is well-connected. Cutting itself off will probably involve the state taking over Russia’s internet service providers – a power with obvious potential for abuse.
One country, two systems China is certainly clear in its antiglobalist internet vision. In 2015, it hosted what it billed as the second World Internet Conference. In an opening address, president Xi Jinping said: “We should respect the right of individual countries to independently choose their own path of cyber development.” In fact more or less everyone is begining to do this in their different ways. The European Union’s General Data Protection Regulation, or the GDPR, came into effect in May 2018 to strengthen the privacy rights of internet users and limit the power of tech companies over EU citizens’ data. Rather than comply with the stipulations, certain websites have instead just blocked access to European visitors. In the US, the central principle of net neutrality – that no data is privileged over any other as it passes through the internet – is under threat. Rules adopted in 2015 mandating the > 26 October 2019 | New Scientist | 37
SKY NET
Federal Communications Commission to ensure net neutrality were repealed again in 2018, allowing telecoms firms to offer faster, higher-bandwidth connections to customers who pay for them. That is a potential win for big companies such as Facebook and Netflix, but bad news for small businesses and local news sites. Twenty states are challenging the repeal in the courts, and California has passed its own net neutrality laws, effectively asking internet traffic to obey different rules when it enters the state. Other states look likely to follow. In a way, all these developments are symptoms of a technology that has outgrown itself. “The internet was not meant to be used in the ways we are using it today,” says computer scientist Konstantinos Gkoutzis at Imperial College London. One person’s openness is another’s borderline anarchy, after all. Whether through concern for national security or user privacy, a desire for control or to protect commercial interests, there are many reasons why countries might want to regulate internet traffic. In some cases that might be good, says Gkoutzis. The power of big tech firms and telecoms companies has made the future of the internet precarious. “If nothing changes, it could soon become borderline unusable, where companies the size of small countries control what you see,” he says. Regulations such as the GDPR aim to counter that power. These problems, and questions of how to regulate them, are only set to become more pressing as the internet continues to evolve. New infrastructures to carry internet traffic are accelerating the rate at which the unconnected half of the world’s population
Even as the internet threatens to break apart (see main story), people continue to sign up apace, with a few hundred million new users joining every year. Many are in developing nations such as India and those in Africa, and most do so via smartphones connecting to cell towers or by visiting internet cafes. Coverage in remote areas far from the internet’s modern fibre-optic backbone remains patchy though, mainly supplied by a network of a few dozen satellites operated by companies such as O3b Networks and Iridium. A handful of more pie-in-thesky schemes have aimed to accelerate uptake. Loon, owned by Google’s parent company Alphabet, is developing a network of high-altitude balloons to beam the internet down to the ground. It recently started working with telecoms companies in Kenya to test the technology. In 2018, Facebook cancelled a similar project involving a fleet of large, solar-powered drones that could shoot the internet down from the sky with lasers. The ambition of both these initiatives could be dwarfed by plans for a space-based internet such as billionaire Elon Musk’s Starlink. This network of thousands of satellites would provide an alternative spacebased route for high-speed internet traffic and offer coverage to every part of Earth’s surface. The first few test satellites have already been launched. Douglas Heaven
devices are expected to be online by 2022, more than three for every person on the planet SOURCE: CISCO
can join up (see “Sky net”, left). A truly global internet will undoubtedly bring huge social benefits. In other respects – not least economically – the case is less clear-cut. As internet connections improve, remote working and virtual commuting are set to become more common. Companies could employ people anywhere in the world, with machines in US factories, for example, operated by workers in Bangladesh or Botswana. With a positive spin, the gig economy, based on internet apps such as Uber that connect those wanting to buy goods or services more efficiently with those willing to supply them, could increase employment, economic output and prosperity. That’s certainly the view of many in places like South Africa, where unemployment is high, says Anri van der Spuy at Research ICT Africa, a think tank in Cape Town. The reality could be more nuanced: the global digital economy often works to drive down worker protections and pay in favour of big business, says van der Spuy. “We tend to neglect the fact that internet access could exacerbate inequalities rather than alleviate them.”
The internet is becoming ubiquitous, but what does that mean for privacy?
BLOOMBERG/GETTY IMAGES
40 | New Scientist | 26 October 2019
28.5 billion
surveillance cameras by wearing masks. They have stopped using public transport cards, which record every trip in a central database. And they use encrypted messaging apps to prevent eavesdropping on their conversations – until they get switched off. In 50 years, Bernal thinks we will still both care about privacy and be able to protect it when we need to. “All technological developments will be accompanied by parallel disruptive technology,” he says. There will be make-up and clothes that thwart biometric recognition, spoofers that disguise our location or fake our identity, and signal blockers that disrupt Wi-Fi or its successors.
Haters gonna hate
It isn’t just inequality. The balance between personal privacy and public security is only likely to become more delicate as digital connectivity increases. Again, that raises questions of what sort of internet we want, how it should be regulated and by whom. Take the internet of things. This evolution of the internet, in which it isn’t just computers and smartphones beaming data to and fro, but also objects from household refrigerators to autonomous vehicles, is now in train. “We already have smart hairbrushes, noodle forks and fish tanks,” says internet privacy researcher Paul Bernal at the University of East Anglia, UK. “In 50 years, it will be a very rare thing that isn’t online.” The advantages could be big: homes or offices automatically adapting themselves to your preferences when you arrived, or cars drawing up to meet you when you left. The security risks, however, are also significant. Hooking up cars or home appliances to the internet exposes them to the same kind of malicious cyberattacks phones and laptops face. Yet where a hacked phone probably can’t kill you, a hacked car or oven perhaps could. Again, maintaining an open internet in an era of universal connectivity brings risks.
One response could be more personalised security to regulate our access to the internet. A few people have already inserted RFID chips in their hands or fingers – similar to the microchip injected into the scruff of a pet’s neck – that let them open car doors or turn on coffee machines with a gesture. But even without going to such extremes, systems such as face recognition are likely to become more widespread, essentially bringing us online too, like it or not. “We will be recognisable by who and what we are,” says Bernal. “Faces, retinas, fingerprints, voice recognition are just the start. How we move our hands, how we use a touchscreen, pretty much anything we do will be recognisable.” Protesters in Hong Kong already hide their identities from internet-connected
7.5 million distributed denial of service (DDoS) attacks worldwide in 2017 SOURCE: CISCO
Of course, hackers will still hack, scammers will still scam and trolls will still troll. There will still be viral memes and pornography. The trend towards filter bubbles and walled gardens will hardly stop. There will still be hate speech and extremism. “These are not dependent on tech but on human nature,” says Bernal. “It won’t be possible to clean up the internet, whatever our governments think.” However we are actually wired up, everyone and everything will be connected. We will probably think about the internet even less than we do now. Being a node in a non-stop, two-way flow of information will be the norm, for most humans and objects alike. Whether we will all be seeing the same thing is less certain. In September, an international working group met at the United Nations headquarters in New York to discuss the future of the internet. The meeting made few headlines, but China again took the opportunity to push its vision of an internet broken into statecontrolled zones. Others are starting to take notice, drawn by the desire for greater control and protection from outside influence and attack. Besides Russia’s plans, Vietnam and Tanzania have also adopted Chinese-style internet restrictions in the past few years. The open internet is no longer a given. It may well be that an internet without borders, allowing free movement of information, enabling commerce and spreading innovation, is better. But as we come to appreciate the significant downsides – cyberattacks, misinformation and big business running amok – it is a case that must now be made, rather than simply taken for granted. The internet has changed the world immeasurably in its first 50 years; its next 50 years depend crucially on how that argument plays out. ❚ 26 October 2019 | New Scientist | 41
4.8 trillion gigabytes of data will pass between IP addresses in 2022, three times the amount in 2017 SOURCE: CISCO
Open or closed? The idea of one, unified, global internet is under threat. How much should we care, asks Douglas Heaven
O
NE sure sign of a mature technology is that you only ever think about it when it doesn’t work. You don’t consider the pipes beneath your feet until your drain gets blocked. Similarly, you don’t reflect on the internet until your video call dies. The internet’s foundational organisational principle – that it has no organising principle – has given it an unprecedented reach into our lives. At least in theory, anyone can join it, extend it, write software for it, make money from it. As a result, today’s internet isn’t just about emails, Facebook updates and hours and hours of Netflix. Information exchange through it has come to underpin essential everyday services from power grids to public transport. Without it, the world we know would stop. Today, the internet is continuing to grow apace, as gaps in its global coverage are closed and ever more devices are connected to it, from smartwatches to cars and even refrigerators. Yet at the same time, the very principles of openness that underpin it are under threat from an unholy coalition of government, commercial and other interests. The question is whether that is necessarily all a bad thing. Might a more closed, better regulated internet actually be in all our interests? An example of the threats the internet currently faces came with a message on 12 June this year on the Twitter account of internet messaging app Telegram. It announced that “GADZILLIONS of garbage requests” had knocked out its network. Telegram’s end-to-end encryption makes it popular with privacy-minded users. This huge “distributed denial of service” attack came at the height of street protests in Hong Kong against mainland China’s attempt to gain greater control. The company later said that the attack appeared to have been orchestrated from China. If so, it wouldn’t have been the first time: in 2015, a similar attack on a US website hosting anti-censorship software seems to have come from the same location. The possibility of
waging this sort of cyberwarfare is a consequence of the internet’s open, borderless structure. Ransomware like NotPetya or WannaCry, which took computer systems around the world hostage in 2017, is another favoured tool. Once released, such software can spread like wildfire in open grassland through the internet’s distributed nodes. Cyberwarfare is the stated reason why Vladimir Putin’s government wants to follow China’s lead and erect borders around Russia’s portion of the internet. A “sovereign internet” bill, passed earlier this year, requires telecoms companies to monitor and filter all internet traffic passing into Russia, and proposes an off switch to separate the country from the rest of the world during a cyberattack. The details are still hazy. China has been building barriers since the internet arrived there, but Russia’s internet is well-connected. Cutting itself off will probably involve the state taking over Russia’s internet service providers – a power with obvious potential for abuse.
One country, two systems China is certainly clear in its antiglobalist internet vision. In 2015, it hosted what it billed as the second World Internet Conference. In an opening address, president Xi Jinping said: “We should respect the right of individual countries to independently choose their own path of cyber development.” In fact more or less everyone is begining to do this in their different ways. The European Union’s General Data Protection Regulation, or the GDPR, came into effect in May 2018 to strengthen the privacy rights of internet users and limit the power of tech companies over EU citizens’ data. Rather than comply with the stipulations, certain websites have instead just blocked access to European visitors. In the US, the central principle of net neutrality – that no data is privileged over any other as it passes through the internet – is under threat. Rules adopted in 2015 mandating the > 26 October 2019 | New Scientist | 37
SKY NET
Federal Communications Commission to ensure net neutrality were repealed again in 2018, allowing telecoms firms to offer faster, higher-bandwidth connections to customers who pay for them. That is a potential win for big companies such as Facebook and Netflix, but bad news for small businesses and local news sites. Twenty states are challenging the repeal in the courts, and California has passed its own net neutrality laws, effectively asking internet traffic to obey different rules when it enters the state. Other states look likely to follow. In a way, all these developments are symptoms of a technology that has outgrown itself. “The internet was not meant to be used in the ways we are using it today,” says computer scientist Konstantinos Gkoutzis at Imperial College London. One person’s openness is another’s borderline anarchy, after all. Whether through concern for national security or user privacy, a desire for control or to protect commercial interests, there are many reasons why countries might want to regulate internet traffic. In some cases that might be good, says Gkoutzis. The power of big tech firms and telecoms companies has made the future of the internet precarious. “If nothing changes, it could soon become borderline unusable, where companies the size of small countries control what you see,” he says. Regulations such as the GDPR aim to counter that power. These problems, and questions of how to regulate them, are only set to become more pressing as the internet continues to evolve. New infrastructures to carry internet traffic are accelerating the rate at which the unconnected half of the world’s population
Even as the internet threatens to break apart (see main story), people continue to sign up apace, with a few hundred million new users joining every year. Many are in developing nations such as India and those in Africa, and most do so via smartphones connecting to cell towers or by visiting internet cafes. Coverage in remote areas far from the internet’s modern fibre-optic backbone remains patchy though, mainly supplied by a network of a few dozen satellites operated by companies such as O3b Networks and Iridium. A handful of more pie-in-thesky schemes have aimed to accelerate uptake. Loon, owned by Google’s parent company Alphabet, is developing a network of high-altitude balloons to beam the internet down to the ground. It recently started working with telecoms companies in Kenya to test the technology. In 2018, Facebook cancelled a similar project involving a fleet of large, solar-powered drones that could shoot the internet down from the sky with lasers. The ambition of both these initiatives could be dwarfed by plans for a space-based internet such as billionaire Elon Musk’s Starlink. This network of thousands of satellites would provide an alternative spacebased route for high-speed internet traffic and offer coverage to every part of Earth’s surface. The first few test satellites have already been launched. Douglas Heaven
devices are expected to be online by 2022, more than three for every person on the planet SOURCE: CISCO
can join up (see “Sky net”, left). A truly global internet will undoubtedly bring huge social benefits. In other respects – not least economically – the case is less clear-cut. As internet connections improve, remote working and virtual commuting are set to become more common. Companies could employ people anywhere in the world, with machines in US factories, for example, operated by workers in Bangladesh or Botswana. With a positive spin, the gig economy, based on internet apps such as Uber that connect those wanting to buy goods or services more efficiently with those willing to supply them, could increase employment, economic output and prosperity. That’s certainly the view of many in places like South Africa, where unemployment is high, says Anri van der Spuy at Research ICT Africa, a think tank in Cape Town. The reality could be more nuanced: the global digital economy often works to drive down worker protections and pay in favour of big business, says van der Spuy. “We tend to neglect the fact that internet access could exacerbate inequalities rather than alleviate them.”
The internet is becoming ubiquitous, but what does that mean for privacy?
BLOOMBERG/GETTY IMAGES
40 | New Scientist | 26 October 2019
28.5 billion
surveillance cameras by wearing masks. They have stopped using public transport cards, which record every trip in a central database. And they use encrypted messaging apps to prevent eavesdropping on their conversations – until they get switched off. In 50 years, Bernal thinks we will still both care about privacy and be able to protect it when we need to. “All technological developments will be accompanied by parallel disruptive technology,” he says. There will be make-up and clothes that thwart biometric recognition, spoofers that disguise our location or fake our identity, and signal blockers that disrupt Wi-Fi or its successors.
Haters gonna hate
It isn’t just inequality. The balance between personal privacy and public security is only likely to become more delicate as digital connectivity increases. Again, that raises questions of what sort of internet we want, how it should be regulated and by whom. Take the internet of things. This evolution of the internet, in which it isn’t just computers and smartphones beaming data to and fro, but also objects from household refrigerators to autonomous vehicles, is now in train. “We already have smart hairbrushes, noodle forks and fish tanks,” says internet privacy researcher Paul Bernal at the University of East Anglia, UK. “In 50 years, it will be a very rare thing that isn’t online.” The advantages could be big: homes or offices automatically adapting themselves to your preferences when you arrived, or cars drawing up to meet you when you left. The security risks, however, are also significant. Hooking up cars or home appliances to the internet exposes them to the same kind of malicious cyberattacks phones and laptops face. Yet where a hacked phone probably can’t kill you, a hacked car or oven perhaps could. Again, maintaining an open internet in an era of universal connectivity brings risks.
One response could be more personalised security to regulate our access to the internet. A few people have already inserted RFID chips in their hands or fingers – similar to the microchip injected into the scruff of a pet’s neck – that let them open car doors or turn on coffee machines with a gesture. But even without going to such extremes, systems such as face recognition are likely to become more widespread, essentially bringing us online too, like it or not. “We will be recognisable by who and what we are,” says Bernal. “Faces, retinas, fingerprints, voice recognition are just the start. How we move our hands, how we use a touchscreen, pretty much anything we do will be recognisable.” Protesters in Hong Kong already hide their identities from internet-connected
7.5 million distributed denial of service (DDoS) attacks worldwide in 2017 SOURCE: CISCO
Of course, hackers will still hack, scammers will still scam and trolls will still troll. There will still be viral memes and pornography. The trend towards filter bubbles and walled gardens will hardly stop. There will still be hate speech and extremism. “These are not dependent on tech but on human nature,” says Bernal. “It won’t be possible to clean up the internet, whatever our governments think.” However we are actually wired up, everyone and everything will be connected. We will probably think about the internet even less than we do now. Being a node in a non-stop, two-way flow of information will be the norm, for most humans and objects alike. Whether we will all be seeing the same thing is less certain. In September, an international working group met at the United Nations headquarters in New York to discuss the future of the internet. The meeting made few headlines, but China again took the opportunity to push its vision of an internet broken into statecontrolled zones. Others are starting to take notice, drawn by the desire for greater control and protection from outside influence and attack. Besides Russia’s plans, Vietnam and Tanzania have also adopted Chinese-style internet restrictions in the past few years. The open internet is no longer a given. It may well be that an internet without borders, allowing free movement of information, enabling commerce and spreading innovation, is better. But as we come to appreciate the significant downsides – cyberattacks, misinformation and big business running amok – it is a case that must now be made, rather than simply taken for granted. The internet has changed the world immeasurably in its first 50 years; its next 50 years depend crucially on how that argument plays out. ❚ 26 October 2019 | New Scientist | 41