I’ve recently written a book about the Future of the Internet. The argument it makes has a lot of moving pieces. One of the first is that the global network we use offers a fabulous (and by no means necessary) sort of openness, a “generative” quality that has allowed innovation from many corners and from people with nicely varying motivations.
So too does what has traditionally been the most common device attached to it: the personal computer. Give a PC code and it will run the code. This basic fact — so easy to take for granted — is part of what allowed the Internet revolution. It meant, for example, that academics could write the first Web browsers without having to persuade some skeptical gatekeeper of their virtues. (Compare with thinking of a new feature you think would work well on, say, an Amazon Kindle. Send in a comment card?)
But this openness also creates a special kind of vulnerability, especially as a generative system goes mainstream. Lots of people have PC’s without knowing the first thing about the code running on them. Run the wrong code and your machine is hijacked — a zombie that can attack others, disgorge its owner’s personal data, or self-destruct. And running code is as simple as a few clicks on or near an icon somewhere on a Web page.
Without a good defense strategy — one that tries to preserve the core openness of the Net while still meeting the threat — we’ll see bad defense strategies. This is especially so if a worm like the currently circulating “Conficker” decides to wreak havoc on the millions of machines it has compromised (and which silently await further instructions), and people panic. One of those bad (but still rational) strategies is to lock down the PC or abandon it entirely in favor of locked-down information appliances like Kindle, or hybrid devices like the iPhone, which allow outside code but only with the approval of the platform vendor. We see this in many corporate environments, K-12 computer labs, libraries, and cybercafes: PC’s that can only run the software pre-installed by the IT department. If Skype isn’t already there, you can’t get it up and running. Many places even have Internet or Web filters: Certain sites are placed off-limits.
So I’m curious: How much have university environments, normally more freewheeling, either thanks to ideological commitment or because a lack of money makes it hard to hire an obsessive-compulsive IT staff, started to lock themselves down? From where you stand (well, type), are you able to install whatever you want and answer to no one for it? —Jonathan Zittrain
