insight 

The misbehaviour of some users of the Internet has wrought a change that is probably going to end up being far wider than is currently perceived. It is likely to mean the reconsideration of some of the fundamental principles, whether those were defined or just assumed, that are believed to have been key contributors to the success of the Internet to date.

A spectrum of misbehaviour

To understand this we need to begin with a model of the mindset of the misbehaving parties. Rather than give one single model, which would be unrealistic, it is possible to define a spectrum of behaviours into which the majority of these parties fit and from that spectrum to derive a set of common indicators that identify such parties.

• At one end of the spectrum we have those who can be harshly characterised as the ’selfish’. These are the people who use their home connection to the maximum downloading videos over bittorrent, with no regard for the impact on the other users of what is still essentially a shared medium.
• In the middle of the spectrum we have a group that can be less contentiously characterised as the ‘carpetbaggers’. These are those who see the Internet as a source of profit driven by mass action. This is where the business model behind spam originates.
• At the other end of the spectrum we have those who are fairly characterised as ‘crooks’. These are the people who create botnets by taking advantage of the weaknesses in security both technical and social that protect home desktops.

Common mindset

The most obvious common indicator derived from this spectrum, is that these people see the Internet as a natural resource just waiting to be exploited. If we analyse this indicator further we get the following attributes:

• Anything that is not explicitly forbidden (or more accurately - prevented by the technology) is allowed.
• There are things out there on the Internet that are not ‘owned’ by anyone.
• What they want to do is more important that any other considerations.

It is remarkable just how many otherwise sensible parties fall into the trap of believing some of these things. For example the rampant theft of WHOIS data by security companies.

Explicit control

The technical response to this misbehaviour, from which the majority of success in this struggle has originated, has been focused on explicit control that either prevents or permits certain activity. A whole industry has built up around this.

There are varying degrees of success with that approach. For example the response is less than perfect when it is difficult to precisely identify the behaviour to combat, as is the case with spam. Furthermore the exploitative mindset continues to search and probe for new avenues to exploit.

Emerging from this response is the recognition that misbehaviour will only be controlled by securing each and every part of the Internet that can be exploited.

This is not to deny the impact of after-the-fact enforcement and economic mechanisms for controlling behaviour, but prevention is always better than cure.

End-to-end principle

One principle that has defined the Internet until now is the end-to-end principle, which can be summarised as the intelligent choices being made by the end devices with the core of the Internet being relatively simple.

However this principle cannot prevent the exploitation of the core which is just as much a target as anything else. If we try to maintain this principle then it will continue to allow the development of end services that try to grab as much of the core as possible. This is inevitable given the mindset above. Efforts might be made to regularise access to the core at the end devices, but then that is just a semantic trick to make it appear the end-to-end principle is still in place.

The conclusion then is that the only way we can prevent the misbehaviour that impacts the core is to allow the core to defend itself. That means the end-to-end principle has to give. There may well be other principles that have to give before this is all over.