November 29, 2024

Posts Comments

Virtual Worlds: Only a Game?

October 12, 2005 by

I wrote yesterday about virtual worlds, and the inevitability of government intervention in them. One objection to government intervention is that virtual worlds are only games; and it doesn’t make sense for government to intervene in games.

Indeed, many members of virtual worlds want the worlds to be games that operate at some remove from the real world. Games are more fun, they say, when what happens in the game doesn’t have real-world consequences. This was a common topic of discussion at State of Play.

The crux of this issue is the status of the in-world (i.e., in the virtual world) economy. Players can accumulate in-world stuff, including in-world currency, and they can trade in-world stuff for in-world currency. (A world might be designed without an identified currency, but it’s fairly certain that one in-world commodity would emerge as a consensus currency anyway.) Is in-world money just Monopoly money, or is it in some sense real money?

The only sensible answer is that it’s real money if it’s readily exchangeable for real-world currency. If you can trade in-world gold pieces for U.S. dollars (or Euros, etc.), and vice versa, then in-world gold is real money, and the in-world economy is a real economy.

If the world-designer wants to keep the world’s economy from becoming real, then, the designer must stop members from exchanging in-world currency for real currency. And this seems pretty much impossible, because there is no way to stop players from making side payments in the real world. Suppose Alice has gold pieces and Bob has dollars, and they want to trade. Bob transfers the dollars to Alice via a real-world channel (perhaps PayPal); virtual Alice gives virtual Bob the gold pieces. In-world, all that happens is a gift of gold from Alice to Bob. The dollar transfer isn’t visible to the world’s management. The world-designer can ban gifts of gold, but Alice and Bob can work around that ban by having Alice “lose” the gold in a private place where Bob will find it, or by cooking up a sham transaction where Alice buys a virtual toothpick from Bob at an inflated price.

Experience seems to show that any sufficiently popular in-world currency will become exchangeable for real money, whether the world-designer likes it or not.

There’s a useful lesson here about the limitations of code as a law-enforcement mechanism. One might think that code is law in a virtual world, in the sense that the world-designer writes the software code that defines what is possible in the world. It would be hard to think of a situation where code had more power to control behavior than in a virtual world. And yet the code can’t separate the virtual world from the real world. The reason it fails to do so is that the code doesn’t define the whole domain of human action; and people can defeat the code’s would-be restrictions by acting outside the code’s domain of control.

Once a virtual world gets big enough, and people value in-world stuff highly enough, it can no longer be just a game. The virtual world will touch the real world, along a sort of border through which money and communication flow.

Filed Under: Uncategorized Tagged With:

Virtual World, Meet Terrestrial Government

October 11, 2005 by

Something remarkable is happening in virtual worlds. These are online virtual “spaces” where you can play a virtual character, and interact with countless other characters in a rich environment. It sounds like a harmless game, but there’s more to it than that. Much more.

When you put so many people into a place where they can talk to each other, where there are scarce but desirable objects, where they can create new “things” and share them, civilization grows. Complex social structures appear. Governance emerges. A sophisticated economy blooms. All of these things are happening in virtual worlds.

Consider the economy of Norrath, the virtual world of Sony Online Entertainment’s EverQuest service. Norrath has a currency, which trades on exchange markets against the U.S. dollar. So if you run a profitable business in Norrath, you can trade your Norrath profits for real dollars, and then use the dollars to pay your rent here in the terrestrial world. Indeed, a growing number of people are making their livings in virtual worlds. Some are barely paying their earth rent; but some are doing very well indeed. In 2003, Norrath was reportedly the 79th richest country in the world, as measured by GDP. Richer than Bulgaria.

(Want to try out a virtual world? SecondLife is a smaller but interesting world that offers free membership. They even have a promotional video made by members.)

Virtual worlds have businesses. They have stock markets where you can buy stock in virtual corporations. They have banks. People have jobs. And none of this is regulated by any terrestrial government.

This can’t last.

Last weekend at the State of Play conference, the “great debate” was over whether virtual worlds should be subject to terrestrial laws, or whether they are private domains that should determine their own laws. But regardless of whether terrestrial regulators should step in, they certainly will. Stock market regulators will object to the trading of virtual stocks worth real money. Employment regulators will object to the unconstrained labor markets, where people are paid virtual currency redeemable for dollars, in exchange for doing tasks specified by an employer. Banking regulators will object to unlicensed virtual banks that hold currency of significant value. Law enforcement will discover or suspect that virtual worlds are being used to launder money. And tax authorities will discover that things are being bought and sold, income is being earned, and wealth is being accumulated, all without taxation.

When terrestrial governments notice this, and decide to step in, things will get mighty interesting. If I ran a virtual world, or if I were a rich or powerful resident of one, I would start planning for this eventuality, right away.

Filed Under: Uncategorized Tagged With:

Cost Tradeoffs of P2P

October 10, 2005 by

On Thursday, I jumped in to a bloggic discussion of the tradeoffs between centrally-controlled and peer-to-peer design strategies in distributed systems. (See posts by Randy Picker (with comments from Tim Wu and others), Lior Strahilevitz, me, and Randy Picker again.)

We’ve agreed, I think, that large-scale online services will be designed as distributed systems, and the basic design choice is between a centrally-controlled design, where most of the work is done by machines owned by a single entity, and a peer-to-peer design, where most of the work is done by end users’ machines. Google is a typical centrally-controlled design. BitTorrent is a typical P2P design.

The question in play at this point is when the P2P design strategy has a legitimate justification. Which justifications are “legitimate”? This is a deep question in general, but for our purposes it’s enough to say that improving technical or economic efficiency is a legitimate justification, but frustrating enforcement of copyright is not. Actions that have legitimate justifications may also have harmful side-effects. For now I’ll leave aside the question of how to account for such side-effects, focusing instead on the more basic question of when there is a legitimate justification at all.

Which design is more efficient? Compared to central control, P2P has both disadvantages and advantages. The main disadvantage is that in a P2P design, the computers participating in the system are owned by people who have differing incentives, so they cannot necessarily be trusted to work toward the common good of the system. For example, users may disconnect their machines when they’re not using the system, or they may “leech” off the system by using the services of others but refusing to provide services. It’s generally harder to design a protocol when you don’t trust the participants to play by the protocol’s rules.

On the other hand, P2P designs have three main efficiency advantages. First, they use cheaper resources. Users pay about the same price per unit of computing and storage as a central provider would pay. But the users’ machines a sunk cost – they’re already bought and paid for, and they’re mostly sitting idle. The incremental cost of assigning work to one of these machines is nearly zero. But in a centrally controlled system, new machines must be bought, and reserved for use in providing the service.

Second, P2P deals more efficiently with fluctuations in workload. The traffic in an online system varies a lot, and sometimes unpredictably. If you’re building a centrally-controlled system, you have to make sure that extra resources are available to handle surges in traffic; and that costs money. P2P, on the other hand, has the useful property that whenever you have more users, you have more users’ computers (and network connections) to put to work. The system’s capacity grows automatically whenever more capacity is needed, so you don’t have to pay extra for surge-handling capacity.

Third, P2P allows users to subsidize the cost of running the system, by having their computers do some of the work. In theory, users could subsidize a centrally-controlled system by paying money to the system operator. But in practice, monetary transfers can bring significant transaction costs. It can be cheaper for users to provide the subsidy in the form of computing cycles than in the form of cash. (A full discussion of this transaction cost issue would require more space – maybe I’ll blog about it someday – but it should be clear that P2P can reduce transaction costs at least sometimes.)

Of course, this doesn’t prove that P2P is always better, or that any particular P2P design in use today is motivated only by efficiency considerations. What it does show, I think, is that the relative efficiency of centrally-controlled and P2P designs is a complex and case-specific question, so that P2P designs should not be reflexively labeled as illegitimate.

Filed Under: Uncategorized Tagged With:

"Centralized" Sites Not So Centralized After All

October 6, 2005 by

There’s an conversation among Randy Picker, Tim Wu, and Lior Strahilevitz over the U. Chicago Law School Blog about the relative merits of centralized and peer-to-peer designs for file distribution. (Picker post with Wu comments; Strahilevitz post) Picker started the discussion by noting that photo sharing sites like Flickr use a centralized design, rather than peer-to-peer. He questioned whether P2P design made sense, except as a way to dodge copyright enforcement. Wu pointed out that P2P designs can distribute large files more efficiently, as in BitTorrent. Strahilevitz pointed out that P2P designs resist censorship more effectively than centralized ones.

There’s a subtlety hiding here, and in most cases where people compare centralized services to distributed ones: from a technology standpoint, the “centralized” designs aren’t really centralized.

A standard example is Google. It’s presented to users as a single website, but if you look under the hood you’ll see that it’s really implemented by a network of hundreds of thousands of computers, distributed in data centers around the world. If you direct your browser to www.google.com, and I direct my browser to the same URL, we’ll almost certainly interact with entirely different sets of computers. The unitary appearance of the Google site is an illusion maintained by technical trickery.

The same is almost certainly true of Flickr, though on a smaller scale. Any big service will have to use a distributed architecture of some sort.

So what distinguishes “centralized” sites from P2P designs? I see two main differences.

(1) In a “centralized” site, all of the nodes in the distributed system are controlled by the same entity; in a P2P design, most nodes are controlled by end users. There is a technical tradeoff here. Centralized control offers some advantages, but they sacrifice the potential scalability that can come from enlisting the multitude of end user machines. (Users own most of the machines in the world, and those machines are idle most of the time – that’s a big untapped resource.) Depending on the specific application, one strategy or the other might offer better reliability.

(2) In a “centralized” site, the system interacts with the user through browser technologies; in a P2P design, the user downloads a program that offers a more customized user interface. There is another technical tradeoff here. Browsers are standardized and visiting a website is less risky for the user than downloading software, but a custom user interface sometimes serves users better.

The Wu and Strahilevitz argument focused on the first difference, which does seem the more important one these days. The bottom line, I think, is that P2P-style designs that involve end users’ machines make the most sense when scalability is at a premium, or when such designs are more robust.

But it’s important to remember that the issue isn’t whether the services uses lots of distributed computers. The issue is who controls those computers.

Filed Under: Uncategorized Tagged With:

Cellphone Denial of Service

October 5, 2005 by

A new paper by Enck, Traynor, McDaniel, and La Porta argues that cellphone networks that support SMS, a technology for sending short text messages to phones, are subject to denial of service attacks. The researchers claim that a clever person with a fast home broadband connection could potentially block cell phone calling in Manhattan or Washington, DC.

A mobile phone network divides up the world up into cells. A phone connects to the radio tower that serves the cell it is currently in. Within each cell, the system uses a set of radio channels to carry voice conversations, and one radio channel for control. The control channel is used to initiate calls; but once initiated, a call switches over to one of the voice channels.

It turns out that the control channels are also used to deliver SMS messages to phones in the cell. If too many SMS messages show up in the same cell all at once, they can monopolize that cell’s control channel, leaving no openings on the control channel left over for initiating calls. The result is that a large enough burst of SMS messages effectively blocks call initiation in a cell.

The paper discusses how an attacker create a large enough flurry of SMS messages, including how he might figure out which phones are likely to be active in the target area. (An SMS message only uses a cell’s control channel if the message is direct to a phone that is currently in the cell.)

Today’s New York Times makes a big deal out of this, but I don’t think it’s as important as the Times implies. For one thing, it’s relatively easy to fix, for example by reserving a certain fraction of each cell’s control channel for call initiation.

Others have speculated that this problem must already have been fixed, because it seems implausible that such a simple flaw would exist in an advanced network run by a large, highly competent provider. I wouldn’t draw that conclusion, though. It’s in the nature of security that there are a great many mistakes a system designer can make, each of which seems obvious once you think of it. A big part of securing a complicated system is simply thinking up all of the straightforward mistakes you might have made, and verifying that you haven’t made them. Big systems built by competent designers have seemingly obvious flaws all the time.

(Putting on my professor’s hat, I’m obliged to point out that systems that are small and easily modeled are best handled by building formal proofs of security; but that’s a nonstarter for anything as complex as a cell network. (In case you’re wondering what my professor’s hat looks like, it’s purple and eight-sided, with a little gold tassel.))

The biggest surprise to me is how few SMS messages it takes to clog the system. The paper estimates that hundreds of SMS messages per second, sent in the right way, are probably enough to block cell calling in a major provider’s network in all of Manhattan, or all of Washington, DC. Given those numbers, I’m surprised that the networks aren’t congested all the time, just based on ordinary traffic. I guess people use SMS less than one might have thought.

Filed Under: Uncategorized Tagged With: