February 24, 2019

DarkNet

Lots of buzz lately about the DarkNet paper written by four Microsoft Research people.

The paper makes a three-part argument. First, there is really no way to stop file sharing, as long as people want to share files. Second, in the presence of widespread file sharing, a copy-prevention technology must be perfect, for the presence in a file sharing environment of even a single uncontained copy of a work enables anyone who wants to infringe its copyright to do so. (This is what I call the “break once, infringe anywhere” model.) Finally, there is little if any hope that a copy-prevention (or “DRM”) technology can be strong enough to prevent the creation of single uncontained copies of works. So the conclusion is that the current DRM approach will not work.

This paper has gotten attention in the policy community because it is well written and makes a compelling argument. But its argument is far from new. Indeed, the paper’s claims have been the consensus of independent security experts for a few years already. You can see this, for instance, in Bruce Schneier’s writing on DRM.

So why has the DarkNet paper gotten this much attention? My guess is that there are two reasons. First, the paper was written by guys from Microsoft Research, and Microsoft has previously taken a pro-DRM position. The paper includes a standard disclaimer saying that it is the opinion of the authors and not of Microsoft. But still it reflects a change. In past years, conference presentations from industrial researchers, both at Microsoft and elsewhere, have shied away from anti-DRM statements, so as to keep their employers happy (although vigorous anti-DRM language could often be heard at dinner afterwards). So non-techies will put more weight on the paper because of its authors’ affiliation.

The second reason for the buzz around this paper is that the “DarkNet” terminology has a certain persuasive power, evoking a subterranean world of illicit activity, a sort of criminal underground of the Net. Although compelling, the “DarkNet” concept is misleading, if it is understood as implying that one can draw a neat line between the “legitimate Net” and the illegal “DarkNet”.

In practice, the same technologies are used to conceal both legal and illegal activity. You can use a safe to lock up either criminal plans or business data. You can use encryption to conceal either copyright infringement or love letters. You can use “sneakernet” (which is a DarkNet technology, according to the paper) to share software illegally with your neighbor, or to give baby pictures to grandparents. Attempts to regulate or ban the DarkNet often affect legitimate networking. Examples of this include both the Hollings CBDTPA, which would have regulate many innocuous devices (as documented in Fritz’s Hit List), and the Berman-Coble “P2P Hacking” bill, which would affect ordinary websites.

On balance, the DarkNet paper will be valuable not because it breaks new ground technically but because of its persuasive power. If it can move the policy debate forward, and onto sounder technical ground, that will be a major achievement.