Building a Hidden City - a first skirmish in the War on General Computation

My friend Cory Doctorow (@doctorow) gave a barnstorming talk to this year's Chaos Computer Congress in Berlin, #28c3, "The Coming War on General Computation". It's available to watch online at  and there's a transcript for those who prefer to read such things at https://github.com/jwise/28c3-doctorow/blob/master/transcript.md

The core of his argument is that the arguments over copyright that have taken so much of our energy over the last two decades merely prefigure a much more fundamental conflict between those who would allow free expression to extend to the ability to run any code on any processor, and those who would regulate the use of Turing machines. As Cory puts it

"we don't know how to build the general purpose computer that is capable of running any program we can compile except for some program that we don't like, or that we prohibit by law, or that loses us money. The closest approximation that we have to this is a computer with spyware -- a computer on which remote parties set policies without the computer user's knowledge, over the objection of the computer's owner. And so it is that digital rights management always converges on malware"

So far this has been done to serve rights holders, but as every technology converges on being controlled in some ways by microprocessors that could, in principle, execute any program, the stakes will get much much higher:

"it doesn't take a science fiction writer to understand why regulators might be nervous about the user-modifiable firmware on self-driving cars, or limiting interoperability for aviation controllers, or the kind of thing you could do with bio-scale assemblers and sequencers. Imagine what will happen the day that Monsanto determines that it's really... really... important to make sure that computers can't execute programs that cause specialized peripherals to output organisms that eat their lunch... literally"

And in this world, we will have a genuine problem, because some of the things that people will do will really be nasty, horrible, dangerous and limiting of the freedoms of others. This is not a simple question, and not a simple issue.

Almost ten years ago, when there was a lot of talk about 'trusted computing' and concern over a system called Palladium, I wrote about the importance of the coders, likening them to the proles in Orwell's Nineteen Eighty-Four as part of a talk I gave at the ICA on the question 'Is Big Business Killing the Net?'.

I argued that while we would inevitably have a controlled, regulated and managed network - and that this was not, in itself, unwelcome - we also needed to ensure that we retained the darker spaces and the unregulated areas. 

Here's what I wrote at the end of the talk (you can read the whole thing at http://www.andfinally.com/talks/older/bigbiz.html  - it's not as dated as I thought it would be!). It's interesting that it anticipates the ideas that Cory himself put into his SF novel Little Brother (http://sfbook.com/little-brother.htm ), where the protagonist uses a heavily shielded Linux distro, 'Paranoid Linux'

"It is necessary to ensure that, whatever the architectures of control on tomorrow's network, there is space for subversion, for activism, for stuff that is not approved, not countenanced by the state, not strictly legal.

And even if we accept that trusted processors, Palladium-style operating systems, signed code and authorised content will define the online experience for most people, most of the time - and that they will accept and even benefit from that - there needs to be more.

If the Net is a city then let it have its office blocks, children's parks, schools, tourist areas and suburbia. But I want seedy dives, places to buy recreational drugs, smoky meeting rooms in which to plot the overthrow of the state, and hotels that rent rooms by the hour too.

Let me end my jaunt through the history of tomorrow's network by telling you how we can have them.

On tomorrow's network every processor will have a hardware security function that allows it to check the digital signature on every piece of code it runs.

Every signed application will enforce a system of control that permits it to check the digital identifier on every piece of content it is given.

Every physical device will advertise its real-world location.

Every router will filter traffic according to type, content and jurisdiction.

This network will have borders and boundaries. It will be controllable - and controlled.  It will benefit billions of people by giving them simple, safe access to services, content and tools that will help them live longer, healthier and happier lives.  It will support filtering, censorship and regulation just as the printing industry or broadcasting supports it.

It will be subject to political control - and will suffer as a function of that control. In repressive regimes like China, Saudi Arabia and the United States of America it will be monitored and subject to state interference. In the liberal states of Europe then government surveillance will be limited by statute, freedom of speech will be protected and personal privacy guaranteed.

It will not be today's network, but inside it we can, if we wish, construct another net, one which looks and acts like today's Internet.

First, any sufficiently complicated system can be subverted.

For example, my ISP is NTL - I have a cable modem - and I am not allowed to run a server from my network as it uses their precious bandwidth.

However a friend with a corporate leased line for his small business will let me use his network, and I can run a Linux box at home which uses SSH to tunnel IP over my cable modem to one of his routers and out onto the network.

Suppose that all code that runs on trusted processors has to be signed. Why not write a program which does for Linux what the Java Virtual Machine does for Java programs - creates a safe and restricted execution environment for the code.

This Linux Virtual Machine (LVM) would be certified and safe: it would have limited and controlled access to the hardware, storage and network interface of the system running it.

It would read and write only from 'files' of the registered type 'Linux File System'.

It would have access to the display through a terminal window or through an X server.

It would talk to the network but only be able to send traffic via a specified port to other machines which were willing to accept incoming traffic on that port.

And when it ran it would read a specified LFS file - and then treat that file as a Linux filesystem, look for a kernel, load it and execute it. It would be Linux within a sandbox.

Communications across the 'approved' channel would be to other sandboxed Linux systems, and the traffic sent would be IP datagrams, tunnelled over whatever text-based protocol was deemed safest or simplest.

The result would be that all the currently executing LVM-hosted systems would form a virtual network, hosted within the trusted, controlled and regulated network but outside the sphere of control.

Within this network there would be the same freedoms we see on today's Internet - it would be using IPv4, our existing routing protocols and our existing tools and applications.

The network would be open, and even if it initially required a degree of technical sophistication to get an LVM running and register it with the virtual DNS which ran on the newNet, it would not take long before the tools became simpler and usable by non-geeks.

The community would be open to all. Of course, the agents of the state would be there too, but they would find it remarkably hard to monitor, control or close down - and unless particularly draconian laws on the use of the network were passed by an authoritarian government, it would not be illegal.

It would be a hidden city, created in the gaps between the packets on the corporate network."

Since we can see the attack coming, we’ve got time to prepare our ground and to anticipate what those who would take away our freedom to run code will try to do. Preparing somewhere to retreat to – or somewhere safe from which we can plan our campaign – seems like a good investment at the moment.