Ch4Part2
Version 7, changed by s3admin. 05/14/2005. Show version history
The state, as one regulator, thus depends on these features being as they are. Often the state will intervene, either to ensure that these credentials remain usable as credentials1 or to substitute new credentials when an earlier credential becomes useless. The state punishes counterfeiters of state documents as a way of increasing the reliability of state documents. The state issues other credentials (driver’s licenses) to increase the reliability of its verification.
This, then, is the nature of real-space regulation: much about who we are is revealed, and we have built institutions that can credential what cannot authentically be revealed. Both social life and state regulation depend on this mix. And both react as elements within this mix change.
Identity and Authentication: Cyberspace
Identity and authentication in cyberspace are different. The Internet is built on a simple suite of protocols—the basic TCP/IP suite. The TCP/IP suite includes protocols for exchanging packets of data between two machines “on” the Net.2 (I explore this idea in greater detail in chapter 8. For now, think of the packets as small packages of information wrapped in an envelope with an address stamped on the outside.) To exchange these packets, the system needs at least two bits of data—the address of the machine from which the data are being sent, and the address of the machine to which the data are being sent. These are called Internet protocol (IP) addresses. They look like this: 128.34.35.204. Simplified brutally, a packet of data is carried "to” and “from” these addresses as it works its way across the Internet. [REPLACEMENT NEEDED??: Because so much of Lessig ideas focus on IP as Intellectual Property, is there an alternate terminolgy for IP (Internet Protocol) addresses. Or, is it reasonable at this section to add some clarification on the use of IP in a legal sense vs. IP in a technical sense.]
These protocols, however, reveal nothing about the user of the Internet, and very little about the data being exchanged. Although the IP address is sufficient to move the data from one machine to another, it has no necessary connection to any physical unit in the world. IP addresses are virtual addresses; the virtual can change. Nor do the IP protocols tell us much about the data being sent. In particular, they do not tell us who sent the data, from where the data were sent, to where (geographically) the data are going, for what purpose the data are going there, or what kind of data they are. None of this is known by the system, or knowable by us simply by looking at the data. From the perspective of the network, this other information is unnecessary surplus. Like a daydreaming postal worker, the network simply moves the data and leaves interpretation of the data to the applications at either end.
[UPDATE POSSIBILITY: The above description of data movement, addresses, and users may be enough on its own with the analogy of the "daydreaming postal worker", but if visual aids such as graphics or animations are brought into to this book's revison, this section may be an appropriate example. Please comment on this idea in the "Discussion" are of this page or on the CodeBlog, i.e. this idea needs work]
This minimalism in design is intentional. It reflects both a political decision about disabling control and a technological decision about the optimal network design. The designers were not interested in advancing social control; they were concerned with network efficiency. Thus, this design pushes complexity out of the basic Internet protocols, leaving it to the applications, or ends, to incorporate any sophistication that a particular service may require.3
When this basic protocol is translated into Internet access—when, for instance, you are browsing a web page—this minimal identification means that the server delivering the web page knows nothing about you from the Internet protocol itself.(We will consider later how it does learn things about you from other applications that sit on top of the Internet protocol.) The web server simply knows that you are located on the Internet at an IP address, and that you are coming onto the Net with a TCP/IP-compliant protocol.
It is as if you were in a carnival funhouse, with the lights dimmed to darkness and voices coming from around you, but from people you do not know and from places you cannot identify. The system knows that there are entities out there interacting with it, but it knows nothing about who those entities are. Whereas in real space—and here is the important point—anonymity has to be created, in cyberspace anonymity is the given.
Identity and Authentication: Regulability
This difference between the architectures of identity in real space and in cyberspace has profound consequences for the regulability of behavior in cyberspace. If regulation hangs upon identity—that is, on knowing at least something about the person being regulated—then in cyberspace, under TCP/IP’s design, there is very little that the regulator would necessarily know. Unlike real space, cyberspace reveals no self-authenticating facts about identity. In real space you reveal your sex, your age, how you look, what language you speak, whether you can see, whether you can hear, how intelligent you are. In cyberspace you reveal only an address, and one that has no necessary relationship to anything else about you.
Footnotes
1 As in United States v O’Brien, 391 US 367 (1968), in which the Court upheld a statute that made burning a draft card a crime. The state interest was in preserving a usable credential. Edit Delete
2 See Ed Krol, The Whole Internet: User’s Guided Catalogue (Sebastopol, Calif.: O’Reilly & Associates, 1992), 23–25; Loshin, TCP/IP Clearly Explained, 3–83; Hunt, TCP/IP, 1–22; see also Ben M. Segal, “A Short History of Internet Protocols at CERN,” available at http://ben.home.cern.ch/ben/TCPHIST.html. Edit Delete
3 See Jerome H. Saltzer et al., “End-to-End Arguments in System Design,” in Integrated Broadband Networks, edited by Amit Bhargava (New York: Elsevier Science Publishing Co., 1991), 30. Edit Delete
