It's Like Déjà Vu All Over Again
"You could probably waste an entire day on the preceding links alone. But why take chances? We also give you Paul Snively..." — John Wiseman, lemonodor
The posse dogging an online auction seller seized control of his e-mail account, grilled his mother and even assumed his identity in a nationwide hunt for a man they believe swindled as much as $125,000 from buyers through fraudulent Internet auctions.
The members of this squad are not federal agents, police detectives or even private investigators. They are salespeople and investment advisors and registered nurses who say they were bilked online by the 35-year-old Arizona man and used the Internet to track him down.
Like a modern vigilance committee, the 50 or so people from Florida to Alaska seized the community-building power of the World Wide Web both to prompt and to preempt investigation by legitimate law enforcement agencies. Although most have never met, members of the group swapped information daily on a Web site and divided up investigative duties -- most of which also were carried out online.
Such a rapid, wide-ranging response by ordinary people would have been virtually impossible just a decade ago, before the Internet gave anyone with a cheap dial-up account instant access to e-mail and massive public databases. They are growing increasingly common, particularly in the realm of online gaming, where players gang up to mete out punishment to miscreants.
But like vigilante gangs of the American frontier, ad hoc communities seeking justice on the electronic frontier sometimes trample the very laws they seek to enforce, as their quest for justice warps into a plot for revenge.
"You just end up with might makes right," said Jonathan Zittrain, co-director of the Berkman Center for Internet and Society at Harvard Law School.
No, Mr. Zittrain. That's only the case while some have more might than others. But the nice thing about personal computers and the Internet is that they're great levelers: if you can afford a television and stereo, you can afford a computer and Internet access. The issue, then, is ensuring that everyone is empowered to aid in the construction of a self-regulated society, which is becoming increasingly important as technology accelerates the pace of exchange far beyond the rate at which centralized enforcement implementations can be effective.
What's needed is a persistent , secure reputation management system so that someone's identity can be associated with a set of metrics about people's feelings about their interaction with the holder of that identity. An excellent essay, in the form of a final examination with questions about the future of the Internet, can be found at <http://www.skyhunter.com/marcs/finalexam.html>. It posits a set of technologies, then challenges the reader to apply them to a series of increasingly-vexing issues, some of which are hypothetical, others of which have actually arisen.
People are really building the technology, too. Some of the more foundational work is occurring under the auspices of the ERights project, which is developing a programming language and suite of applications that implement capability-based security and smart contracts. As of this writing, none of the E applications implement persistent reputation management, however.
In a similar vein to E, the Extremely Reliable Operating System project is building a strongly secure operating system. The expectation is that E will become EROS' scripting language. This will be a powerhouse system with respect to building the infrastructure for trustworthy electronic interaction. Like E as of this writing, however, it does not directly address reputation management.
The Mozart-Oz project presents another programming language, wholly new, that integrates many seemingly-disparate paradigms. Its approach to security is based on the same principles as E. However, as of this writing, it has not undergone the top-to-bottom security architecting that E has, let alone implemented reputation management. Such security auditing is forthcoming.
Finally, The Open Privacy project is crafting specifications and building implementations of secure pseudonymous reputation management systems. The data and message formats are based on open standards such as XML and SOAP; the communication protocols are based on open standards such as HTTP and SMTP. The open source reference implementation is written in Java.
It's not necessary to leave electronic contract enforcement either to traditional law enforcement or vigilantes with technical "might." We only need to be aware that better systems exist, and to use them. It's not even necessary for everyone to begin using such a system all at once; as even a handful of people do, however, the benefits will become clear, an increasing number of people will insist on being able to audit your digital reputation, and eventually individual adoption will have spread to the point that doing business electronically without such a system will be unsuccessful.
So let's leave the vigilante scare stories behind and start building the self-regulating society.
1:26:06 PM
