<?xml encoding="utf-8"?>
<A HREF="Content077#b" NOPUSH><</A>
our fallback and oversight systems are slow, understaffed, and unresponsive. It takes a millionth of a second for the Transportation Security Administration’s body-cavity-search roulette wheel to decide that you’re a potential terrorist and stick you on a no-fly list, but getting un-Tuttle-Buttled is a nightmarish, months-long procedure that makes Orwell look like an optimist.  

The tripwire that locks you out was fired-and-forgotten two years ago by an anonymous sysadmin with root access on the whole network. The outsourced help-desk schlub who unlocks your account can’t even spell \"tripwire.\" The same goes for the algorithm that cut off your credit card because you got on an airplane to a different part of the world and then had the audacity to spend your money. (I’ve resigned myself to spending $50 on long-distance calls with Citibank every time I cross a border if I want to use my debit card while abroad.)

This problem exists in macro- and microcosm across the whole of our technologically mediated society. The “spamigation bots” run by the Business Software Alliance and the Music and Film Industry Association of America (MAFIAA) entertainment groups send out tens of thousands of automated copyright takedown notices to ISPs at a cost of pennies, with little or no human oversight. The people who get erroneously fingered as pirates (as a Recording Industry Association of America (RIAA) spokesperson charmingly puts it, “When you go fishing with a dragnet, sometimes you catch a dolphin.”) spend days or weeks convincing their ISPs that they had the right to post their videos, music, and text-files.  

We need an immune system. There are plenty of bad guys out there, and technology gives them force-multipliers (like the hackers who run 250,000-PC botnets). Still, there’s a terrible asymmetry in a world where defensive takedowns are automatic, but correcting mistaken takedowns is done by hand. 

$$$$

All Complex Ecosystems Have Parasites 

(Paper delivered at the O\'Reilly Emerging Technology Conference, San Diego, California, 16 March 2005)

AOL hates spam. AOL could eliminate nearly 100 percent of its subscribers\' spam with one easy change: it could simply shut off its internet gateway. Then, as of yore, the only email an AOL subscriber could receive would come from another AOL subscriber. If an AOL subscriber sent a spam to another AOL subscriber and AOL found out about it, they could terminate the spammer\'s account. Spam costs AOL millions, and represents a substantial disincentive for AOL customers to remain with the service, and yet AOL chooses to permit virtually anyone who can connect to the Internet, anywhere in the world, to send email to its customers, with any software at all. 

Email is a sloppy, complicated ecosystem. It has organisms of sufficient diversity and sheer number as to beggar the imagination: thousands of SMTP agents, millions of mail-servers, hundreds of millions of users. That richness and diversity lets all kinds of innovative stuff happen: if you go to nytimes.com and \"send a story to a friend,\" the NYT can convincingly spoof your return address on the email it sends to your friend, so that it appears that the email originated on your computer. Also: a spammer can harvest your email and use it as a fake return address on the spam he sends to your friend. Sysadmins have server processes that send them mail to secret pager-addresses when something goes wrong, and GPLed mailing-list software gets used by spammers and people running high-volume mailing lists alike. 

You could stop spam by simplifying email: centralize functions like identity verification, limit the number of authorized mail agents and refuse service to unauthorized agents, even set up tollbooths where small sums of money are collected for every email, ensuring that sending ten million messages was too expensive to contemplate without a damned high expectation of return on
<A HREF="Content079" NOPUSH>></A>