Turning Tides


The Significance of the Hotmail Hack.

Two stories landed at the top of the technology news recently. One was the massive security breach at Hotmail, the other was Sun Microsystem's acquisition of Star Division, a small developer of office software. Both events are deeply connected, even though this escaped the editors who put them on the same page.

Sun has been pushing for a long time the "network computer". According to this vision, applications which right now reside on our PC, e.g. word processors, are envisioned to be located remotely on powerful networks server and accessed (and paid for?) on demand. Not coincidentally Sun produces powerful network servers. This shift from the PC to the network is often portrayed as the logical next step after the shift from mainframe to the PC. However, it's a shift which turns the tide exactly in the opposite direction. PCs, which function by and large as autonomous units, brought a decentralization of computing power, and arguably an empowerment of the average user. The move to the network reverses this trend. The term "network" sounds innocently enough it means in the context of Sun's initiative in fact a few central computers that distribute applications to relatively dumb peripheral network computers, glorified monitors. With sounds almost like mainframes all over!

Acquiring Star Sun plans to release its office suite as a network application to be accessed over the web whenever needed. While this cosmological drama is directed against Microsoft's dominance over the desktop, it's ironically Microsoft itself that owns the only net-based application that really holds mass appeal: Hotmail's web-based e-mail. 40 million people (give or take a few millions) are using Hotmail. This is an unprecedented centralization of the most important Internet application in one system.

And why does that matter?

All systems are vulnerable to attacks. In huge centralized system the effects of such attacks are greatly magnified because one single line of code can suddenly open millions of mailboxes. Furthermore, along with such a centralization comes as shift in the power balance between the provider and user of the service. Contrary to what many of the optimistic net futurist predict, the power shifts, at least in this case, towards the provider and away the user. Virtually all analysts agreed in their seemingly paradox assessment of the Hotmail hack. It is the most significant security breach on the web so far and, at the same time, it does not matter for Microsoft. The balance between the behemoth corporation and potentially damaged users is just too skewed for Microsoft to care. Yes, it's a bit an embarrassing itch, but as one analyst put it aptly "There are many flees in a 500 pound gorilla." Unfortunately, the flee is you! Or as the service agreement states: "the services is provided without warranty of any kind." There are commitments, to be sure, expressed in all kinds of privacy statements, but these are very different from obligations, as one can see now that something went wrong. In effect, this means that using the system, you do not only sign-off all rights, but given the imbalance between the two parties, protest is almost useless.

We shouldn't be forced to become nerds just to use computers.

But the imbalance runs deeper, it's not only in numbers but also in knowledge. The classic argument goes that if the service is too bad, then the users will go somewhere else. Unfortunately, given the nature of the computing problem, its pretty difficult to even find out when the service is bad. You have no way of knowing if someone read your e-mail. And the Microsoft statement posted is so opaque that it sounds like a Kremlin release in the late 1980s. You have to be an insider to understand it. However, to expect that every user is highly "computer literate," thus the informed consumer of the neo-liberal theory, is a) unrealistic and b) not desirable. We shouldn't be forced to become nerds just to use computers, as much as we do not have to become mechanics to drive cars.

Self-regulation doesn't work anymore

What this the Hotmail hack shows is that the Internet's self-regulation doesn't work anymore because it relies on the assumption of more or less equal participants. This is clearly no longer the case. There is not much guessing about what happens when you and Microsoft (or Sun, for that matter) regulate one another. You invariably end up with no rights what so ever, and you are likely not even to know it because you would have to be a computer scientist and a lawyer at the same time. Both of which are at ample supply on the side of Microsoft. What the Sun acquisition shows is that the trend which causes this imbalance is only getting stronger.

But there are ways to reverse this trend. One is to develop and spread technologies which put control back into the hands of the individuals users. The open source movement is doing a lot in this direction. Cryptography is on top of the list. Free, easy to use, public domain cryptographic tools are a necessity. And with a few targeted public research grants they could become a reality rather sooner than later. An other way is to create mechanism of accountability, which replace fancy worded "commitments" with "binding obligations" so that screwing up really hurts. Like in most other areas of life.

Les faits sont faits.Felix Stalder

Fehler melden
Telepolis zitieren
Vielen Dank!
Kommentare lesen (3 Beiträge) mehr...

Programmierte Ethik

Brauchen Roboter Regeln oder Moral?

Weit weg mit Telepolis
Auf nach Brasilien
Leben im Regenwald, Nationalpark Iguacu, Rio de Janeiro

Leben im Gehäuse

Wohnen als Prozess der Zivilisation

Schinkel, Speer und die Französische Revolution

Was kann der klassizistische Architekt für den Nazi-Architekten?



Mit dem Schalter am linken Rand des Suchfelds lässt sich zwischen der klassischen Suche mit der Heise-Suchmaschine und einer voreingestellten Suche bei Google wählen.


Zum Wechseln zwischen Heise- und Google-Suche

Verlassen und Zurücksetzen des Eingabe-Felds

Buchstaben-Taste F
Direkt zur Suche springen


Mit dem Schalter am linken Rand des Suchfelds lässt sich zwischen der klassischen Suche mit der Heise-Suchmaschine und einer voreingestellten Suche bei Google wählen.