Jonathan Zittrain

Alex Curtis of Public Knowledge attended a panel about Internet filters at the DC “State of the Net” conference. He’s placed part of the session on YouTube in which RIAA president and former general counsel Cary Sherman conceded that trying to filter out unauthorized copyrighted material at the network level could be difficult. But the network isn’t the only place to filter. From Alex’s transcription:

Filters can be put in the applications for example. You know, one could have a filter on the end user’s computer that would actually eliminate any benefit from…encryption because if you want to hear it, you’d have to decrypt it, and at that point the filter could work.

Filtering at the network may seem more thorough, since it can block everyone at once from the filtered stuff. But so long as there are generative — user-reprogrammable — endpoint boxes, network filtering is vulnerable to the cat-and-mouse game of circumvention. Especially if the entity implementing the network block is only doing so sullenly, under pressure — as is essentially the case when intermediaries like ISPs or search engines are pushed to block content — network filtering can be simultaneously crude (and therefore overbroad) and leaky (and therefore ineffective).

Filters placed at or near the endpoint device — in the user’s box itself, or in the cable modem that mediates access to the larger network — can be much more refined. They do not contravene the “end-to-end argument” that has many network engineers leery about “smarts,” including filtering, placed within the network cloud or built into its fundamental protocols. And, if the box itself can be bolted down, they do not suffer the same cat-and-mouse problem as network filtering does. That’s one reason why the RIAA’s Sherman perceives that anti-virus software could be a vector for control over unauthorized copying: security software already has to be largely bolted down to prevent users from mistakenly disabling it and allowing in a virus, or to prevent a malicious script that imitates the user from shutting it down. Moreover, in many environments — corporate, library, educational, cyber cafe — the PC is already bolted down against installation of new software, in order to keep it from immediate compromise by a malicious or clueless user. So it’s not an unthinkable move from there to pressure the intermediaries of those environments to include such filtering.

Whether you’re for or against technical means to prevent unauthorized copying, our evolution away from generative endpoint boxes and towards “sterile” appliances like iPhones — highly useful devices that cannot be changed by their users, but that can be updated instantly by their vendors — is reworking the equation of what can be done to monitor and affect people’s online behavior.