Jonathan Zittrain is a Professor of Law at Harvard Law School, Professor of Computer Science at the Harvard School of Engineering and Applied Sciences, Vice Dean for Library and Information Resources for the Harvard Law School Library, and Co-Founder of the Berkman Center for Internet & Society. Previously, he was the Chair in Internet Governance and Regulation at Oxford University and a principal of the Oxford Internet Institute. He was also a visiting professor at the New York University School of Law and Stanford Law School.
Zittrain’s research interests include battles for control of digital property and content, cryptography, electronic privacy, the roles of intermediaries within Internet architecture, and the useful and unobtrusive deployment of technology in education.
He is also the author of The Future of the Internet and How to Stop It, as well as co-editor of the books, Access Denied (MIT Press, 2008), Access Controlled (MIT Press, 2010), and Access Contested (MIT Press, 2011).
Jonathan Zittrain: Governments can protect themselves just fine, as can big corporations. You can bunker-ize your operations to an arbitrary degree, so that you're using best practices. If there's a denial of service attack against you, you can deploy the resources to absorb it or to deflect it. If you think about it, Google suffers continuous distributed denial of service attacks, because they're so damned popular. How many Google searches are happening this second? I don’t care how many zombies you're going to send to attack Google. It's like, there's so many people already zombified, going to Google, because they're desperate for a search, that it's just a drop in the ocean. The real problem is if smaller to medium sized businesses find themselves clogged, or personal connections are clogged, and then you can't get to the government sites that are so well defended. But you can't reach them, because of the traffic that you're competing against on your end of things. For that, I do think we need to start taking zombie and malware problems pretty seriously. I sometimes ask very good hackers, who don't agree that there's a big problem. I say, "Look, if you were in a 24-like situation, where the bad guy has a gun to your head and you're not as brave as Kiefer Sutherland, and he says, 'You have a week to bring down a quarter of the machines on the net,' could you do it?" Generally, their answer is yes. Felton's answer was, "Can I have two weeks?" He's a computer scientist at Princeton. I think their thought, though, is that if they had to, they could wreak great havoc. And why hasn't it happened yet? In part, because the people capable of doing it have business models that depend not on havoc getting wreaked, but on leeching: taking a little of your bandwidth, a little of your processing cycles, and sending some spam with your machine, but not having you notice. Being more of a chronic illness than something that's going to kill you outright. Somebody wanted to do cyber warfare and kill it outright? They wouldn't have those limits.
Recorded on: 3/8/08