http://www.nocat.net
A conversation with Free Networker Vortex, introduction by Saul Albert.
The Georgian terraces on the corner of Hackney Road and Cambridge Heath Road house the usual run-down collection of cheap supermarkets, betting shops and kebab houses that you can find anywhere on the frayed edge of East London gentrification.
The tall antenna protruding from the end flat could easily be mistaken for another taxi radio mast. In fact, the only clue that the air is humming with data, transmitted over a mesh of homebrewed Free Network nodes, is an innocuous sticker on the window of the upstairs flat that reads 'free2air'.
This is the headquarters of the 'free2air' prject, and home of its founder Vortex (a.k.a. Adam Burns). free2air is one of a global movement of Free Networks; networks that are built, maintained and grown by the labour of participants. From the kitchen window overlooking the gas works, Vortex points out five or six antennae as far a kilometre away: neighbouring nodes that are connected to free2air by radio link. The network is fast and unmetered, so locals within line of sight use it to distribute audio/video streams, test software and share files amongst themselves.
This is not to say that the network is entirely non-commercial. In his sitting room Vortex shows me some exotic equipment. A small grey box connected a router spreads out a network signal over the mains power lines reaching several houses along the street. The cheap Internet/call shop downstairs uses a twin grey box to share (as a comercial arrangement) the Internet connectivity of free2air, which helps subsidise maintenance and growth of the free network.
Vortex picks up his bicycle and spins the wheels. Multicoloured LED lights spring to life drawing fantastic patterns like an electronic catherine wheel. 'The *ultimate* geek toy', he says, grinning. 'I've got to get more batteries for the for the next Warpeddling session'.
WarPeddling is the cyclists version of WarDriving: taking a wireless networked computer out in a car, and observing the presence and activities of any wireless nodes in the area. Although he uses the term, Vortex is quick to distance himself from the hype surrounding it. The word 'War' prepended to almost any motile activity has become a source of endless mass-media hysteria, in which Free Networking with the gadget appeal of wifi are paraded as 'edgy' or even avant-guarde. Although this has been useful for the propogation of the Free Network idea, it has also been a flashback to the early 90's net hype, and how the 'hacker' myth was used to scare people into letting government and big business administrate the Internet.
'Warchalking', for example entails drawing symbols in chalk (based on a depression-era 'hobo language') to represent the presence and state of a wireless network in an area. Not only was this 2002's greatest tech-hype media story, but the spectacle of the laptop-wielding technocrats territorialising the city was also a frank demonstration of the digital divide between the high-tech office and the street. This is not to say that the street is any less privileged a place than the network. In the wake of 'zero tolerance' inner city schemes, and the suspension of Habeas Corpus in proposed 'anti-terror' legislation, the inner citys are beginning to look as regulated, exclusive and as surveilled as the Internet.
However, the Free Network is not simply an extension of the Internet, but aspires to superceed it on some levels. This local information network to which access is geographically and socially determined is a formal inversion of McLuhan's much-abused idea of the 'Global Village': the utopian promise of 'online identity' and 'virtual community' that was used to sell the corporate Internet, and then hijacked for profit.
Although the technical infrastructure of the Free Network is built from the same routers, switches and software as the Internet, its origin has more in common with traditional independent media networks such as the Italian 'Free Radio' movement, New York's 'Paper Tiger' community TV station, and the rich history of activist publishing and local distribution.
The terminology of 'community' that many Free Networks use is difficult. This is clearly a community of sorts, but not in the sense understood by 'community media'. The multiple modes of computer network usage preclude a unified experience of the network felt by listeners to the same radio station. One person might be sending email, another listening to an audio stream. They are both using the Free Network, but are experiencing it very differently, so what does 'community' mean in this context? 'Community' also suggests some level of communal ownership of resources. However, if each participant owns their own node, and regulates use of resources such as electricity supply and roof access, what is communally owned?
Last year when Vortex was in hospital recovering from an operation, a gang of locals from the free2air network mobilised to clamber onto nearby roofs, finding friendly network connections to try to get wireless net access for him while he recovered. So while the experience of the network may well be alienated from any traditional sense of 'community', there is clearly a sense of belonging and a mutual generosity.
Vortex has also been helping to create a 'Pico Peering Agreement'; drafted during an international meeting of Free Networkers in Berlin in October 2002, the agreement outlines the shared responsibilities and resources of the Free Network while trying not to limit its potential uses. The concept is taken from the way that huge 'backbone' Internet providers such as Linx in London or MAE West in the US use 'peering agreements' to barter rights to transit data across each other's networks. This process applied on the lowest level of peers, that of individual, privately owned computers becomes a 'pico' or 'tiny' peering agreement.
This marks a potential turning point for Free Networks. As the corporate model of Internet infrastructure is crumbling along with the Nasdaq index, and media giants enforce draconian copyright laws internationally, these alternative models of network provision seem increasingly viable. The careful, legal formalisation of relationships between these 'pico peers' might pave the way for a much more widespread peer network, that operates independently of large providers or telcos.
While there is still a lot of work to be done, both technical and social, free2air operates between the private and the public; articulating a communal space without falling into the adjacent traps of technocratic exclusivity, and top-down patronage.
Saul Albert: What does the word 'community' mean in the context of free2air and the Pico Peering Agreement?
Vortex: We're not constructing a community, communities self-form through our actions. I think it's very hard to say that a community is there because someone puts up a wireless gateway. That's one of the problems I had with the title of Rob Flickinger's book, 'Building Community Wireless Networks'[1]. I thought, well why is the 'C' word in that book title at all? Just because a wireless gateway may be 'non-commercial' in some traditional sense we're all bagged and boxed into the word 'community' that can be easily dismissed. Well, no thanks.
S.A.: There's nothing in that book that really deals with what is actually meant by the word community
V.: That's right, and I think this [Pico Peering] document starts to define the boundaries of communal participation, participation with each other, forming at least some structure, and the real community would form itself around that and everything else that we're doing.
S.A.: So rather than communal ownership, it's communal participation, communal sweat,
V.: Absolutely. The participation forms the community.
S.A.: Where do the roots of ownership in wireless networks come from? We're talking about spectrum rather than land for example, but if you work on the land, you own it after a while. What is owned and what is communal? The activity?
V.: At the level of this planned document what is common is the peering, the Pico peering, the carriage of traffic for the greater good. In a sense it is a common wealth of information transfer, and that can be nothing less and, at least to begin with, maybe nothing more. It might be as clinical and as technical as that.
S.A.: It is probably useful that it's so basic.
V.: Yes, but even so, there are many surrounding issues, as we tried to flesh out in Berlin; what the implications are for your local legal environment etc. I still get frustrated when [communal ownership of] services[2] are mentioned, because I just don't see a useful way around that yet. At the moment Pico Peering should be about shunting data traffic. That's what a network, or a network of networks is all about. Personally, although I don't know what political nuance this would have in various parts of the world, I'm still thinking of words like 'Federation'. That's the word I like to use, and I'd like to keep [this network] a non entity, fluid, but defined by documents like this Pico Peering Agreement.
S.A.: For me 'Federation' is quite a libertine term.
V.: Yes, it is soaked with other contexts. Umbrella groups like freenetworks.org[3] could be a entity or banner that we all rally around, but I don't really want one banner. For a network of networks, or a community of communities if you like, decentralisation is the way to maintain a 'peer to peer' structure with no central organisation.
S.A.: Do you think the word 'free' is a good one to use.
V.: As we said in Berlin, I prefer the word 'Open', but even that is laden with problems. On the whole I do like 'free'. There are worse abusers of the word than us.
S.A.: I liked it because it does have this double meaning, there is always a discourse about it, maybe it is useful in that sense, it does not have one fixed meaning.
S.A.: I've heard you raise objections to the idea of authentication, of identifying someone in the network before you allow them access. Why is that?
V.: Well, Why? What does authentication mitigate against? And How do you know the form of identity you have is accurate? There are whole procedures for people who are really paranoid about this. They don't swap PGP[4] keys without a face to face meeting and accepted ID. You present your passport, then you hand deliver a *written* PGP public key, and only then can you communicate with these people. Without that, some people won't accept PGP as a strong form of identification, because it can't be verified as being accurate, so how far do you take authentication? In the end there are technical measures to identify a machine that is abusing your network in some way, and there are the tools there to manage that abuse. You might be able to, for instance, block the machine, or you may even go to the strange extent of monitoring the traffic to determine an email address to communicate with them. You may do lots of things, or you may decide to use regulatory software such as Nocat[5] on that abuser's IP address and say 'Hi, you're taking up way too much of this bandwidth, this is an automated message asking you to be a responsible member of this community, please tone it down a bit'. It all depends what policy of management you want to impose on your network, but the actual true identity of someone is immaterial.
Even if you ask people to register under a pseudonym, Why?. Maybe, as James Stevens[6] advocates, it would help with building trust and social communication, if you had some sort of 'handle', but that's like every Joe schmuck website which asks you to register a username and password... another one? I'm not convinced of how 'community building' that would be.
Maybe it can have some good, for instance, one of the issues with the East End Net lists[7] at the moment is that people that we don't personally know are joining the lists, thinking they're a purely operational forum for the organisation of the network. That is a good indication of success, but at the same time we'd like to communicate the idea of East End Net as an informal cultural and community notice board. But I'm still wary of the collection of identities that could be used later for marketing purposes.
S.A.: Do you have people popping up on the network that you don't know?
V.: Yes, all the time.
S.A.: And it doesn't bother you?
V.: Not at all.
S.A.: Do you use any security products?
V.: I don't use the wireless component of this network unless I need to. All traffic out there is 'caveat emptor'. That's up to the people who use it. If they're transiting super-secret information they have to take the necessary steps. We're just offering a service. We're not responsible for the way they treat their own data. Maybe it needs a 10 page disclaimer.. 'use of this product is not guaranteed to fry your dinner for you'. That's my attitude. With regards to Nocat, I'm still not 100% convinced either way. I can see where James Stevens is coming from, that it is collecting information is useful, but how far do you take it? I don't know yet. I did plan to put a trial Nocat up, and I will consider using it as a incident management tool as I mentioned.. If I wanted to use it to get in touch with someone using the wireless net, who passes traffic through our network, I can do it. I can ask Nocat to intercept this person's web traffic and talk to them. However, most abuse so far has come from peer to peer which just slams through the network, people leave their machines on, sucking up bandwidth.
S.A.: Do you have bandwidth trouble yet?
V.: No. There have been moments, but as a rule, no.
S.A.: I also wanted to ask you about privacy. It seems like another word that crops up in conversation and writing about wireless networks a lot, but what does it mean in this context?
V.: From an IT security standpoint, I'd define privacy as a control measure or a way of limiting access to information. Privacy therefore means, that if information is only destined for a known group of people, you can use technologies such as encryption to control information access in that manner. If you want to control access to data, encryption can be used. That's data in transit, but the same applies to data in storage.
S.A.: So it falls to each person in the network to secure their own data?
V.: Again, with ownership comes responsibility, once you've got a piece of data it is up to you how you treat it, how you disseminate it etc. I'm not one of these hardcore crypto junkies, because it is not worth my time to set up the network to do that, and it is severely limiting on the extension of the network, because then you have to show people how to set up IPsec, and then there's the problem of NATing[8] through it and a whole minefield. If you want to run secure systems that pass through our network, fine, but I'm not going to do the work. It is implemented in corporate environments because they have legal and best practice requirements to do so, but this is a different environment. ISPs like authentication for example, so they can have some level of surety that their services are used by the person who pays for them. Commercial operations have far more interest in having these controls imposed because there is money at stake.
S.A.: That was the idea I got from looking at ownership in the network, that privacy is a mechanism for controlling property, either transit as property, or intellectual property as property in a traditional sense.
V.: I can see why, within this structure, encryption and/or some form of strong authentication may be required. And when the network grows in an ad-hoc way, and we start having dynamic routing, it might just be too easy for people to inject false routes and bring the network down. That is not a risk we want to deal with all the time. To stop that we may have to swap cryptographic keys between major sections of network, to minimise that damage. I can see that in the future, but not yet. It's like any kind of abuse, you have to identify it and then talk to people in the network around you to resolve the issue.
S.A.: So privacy isn't a big issue in the general design of the network?
V.: No because it's far more dangerous for you to collect your email via POP[9] server on the Internet than it is to have an unencrypted wireless network around, you're sending your password in cleartext through networks over which you have no control. I've never lost any email. But then again, none of my email is really that important. If it was I'd secure it or hire someone to set it up for me if it was worth that much. It's a practical philosophy of being lazy, and wanting to keep things as open and as easy as possible. The KISS principle[10].
S.A.: I think it is going to be much easier to motivate people to be lazy.
V.: Yes. You can't anticipate all the problems until they occur. When you do, iron them out. That's part of standard IT security incident procedures. Once something happens, you fix it, then you go through a review cycle and incident forensics, and work out how to prevent it happening again. There's no point wasting your time trying to predict everything that's going to happen beyond the obvious.
S.A.: The nice thing about reactive security is that the Pico Peering Agreement (PPA) may be able to pare the basic responsibilities of node owners down to a few sentences, but with an ever expanding set of footnotes that might become quite technical, and can be constantly updated.
V.: That's probably why I started [the PPA] with definitions of things I thought were needed, just to make sure that the terminology is understood. Do you know about the triple A?
S.A.: No.
V.: Ok. Authentication, Authorization, and Access Control are the 3 A's that define some different dimensions of IT security controls. Authentication is a satisfactory level of identification of who or what you're dealing with. Iris scanning, fingerprinting, pin numbers, all ways of identifying an entity. Authorization is what you allow that entity to do. Access Control is regulating access to resources, firewall rulesets and such.
S.A.: So in community networks, or open networks or free networks, or whatever you want to call them....
V.: I call it THE NETWORK in capital letters, like in legal documents. THE NETWORK defines the one in question. Other networks have a small n. That was my solution in the end, I couldn't think of another way of describing it.
S.A.: Well, in THE NETWORK, authentication, authorization and access control seem to be unnecessary.
V.: No, access control will be necessary. If you're passing data through, you want to make sensible decisions on what data you allow into your network. For example, the firewall ruleset[11] on gateways here are as follows: transit traffic is totally open, outgoing traffic is totally open, but inbound traffic, and traffic into the dungeon downstairs (a proto-computer room with about 5 or 6 servers) is controlled. I don't mind passing of data or surfing the net or whatever, but access to the resources on my network, I want to keep separate, and have strong control over how that's used and who uses it.
S.A.: What resources are you talking about?
V.: Data, services, all sorts. I've got trial software running down there, and development stuff.
S.A.: So when we're talking about data, services, anything that's your property, suddenly access control becomes an issue. This is what I'm trying to find, where is the edge of what is communally owned, and why is authorization, privacy, and security not relevant to it?
V.: It's all relevant, but I'd say that for the people who want to get involved in Pico Peering, one fundamental is that we should have Free Transit of data across our network. That is the cornerstone of what is communal. Anything else such as data and services you should be free to, and must, manage, but it is not, strictly speaking, within the common wealth. That's part of education in this project, educating people to be aware of the side effect responsibilities of ownership of their network resources, both the parts they wish to share, as well as the parts they wish to keep to themselves. If transit traffic is taking up most of your available bandwidth you've got to start thinking about how you can take responsibility for your ownership of transit across your network.
S.A.: So the starting point is open, and controls are put in place by degrees as it becomes necessary.
V.: Yes, the same sort of thing as when we were talking about Nocat, you may find that due to a renegade host (maybe just a screwed up machine that's spitting out huge ICMP packets and is effecting your network) you need to put an access control on that host to prevent it disturbing other activities on your network. So it's this reactive approach again. How you deal with that, short of blocking the packets, is an interesting question. Sometimes it will be hard to communicate with the owner of that machine to tell them to turn it off. You may find it difficult to track that person down. That is where the benefits of authentication come into play, if you authenticate and relate a machine to a person then presumably you've got human contact somehow, probably via email. However, I still rail against authorization, because I think it is open to further appropriation. Users, databases, unless we're very careful they can be harvested and so on, I'm very suspicious of it. There's no highly distributed tool that would enable us to do it that I'm comfortable with.
S.A.: I still think it's a political standpoint. As much as is possible is put into a common, open or non-owned context. Ownership seems to be a key question in how we articulate the network, because once you've identified what is common and how to try and maintain the commonality of it, you can. Transit seems to be that commonality, obviously, a bit like the right to transit through physical space.
V.: Yes, you want to avoid the 'halt, who goes there' moment. It is that point, philosophically that we want to keep open. A packet passing through THE NETWORK is like a passenger passing through the transit lounge in an airport, it doesn't have to show a passport to get to the next destination. It is there at the hospitality of the owner of that part of THE NETWORK. However packets don't really wait very long, so maybe it's not the best metaphor, but it shows the difference between transit traffic (that just sits in the transit lounge and then passes on) and incoming traffic; a packet wanting to come into your little country which you then regulate with access control, authentication and authorization to your own set of standards whatever they may be.
The problem is that if you're not going to have an open transit lounge, and that you're not going to let everyone of every colour and flavour to sit in your transit lounge chairs, then put a sign up. If you don't want smoking, put up a sign saying no smoking, if you don't want 'peer to peer' across your network, put up a sign saying no peer to peer through this common ground. Then take a control mechanism to enforce that and that you're happy with. The problem will be that unless there are standard ways of declaring this, troubleshooting networks later might become a nightmare. You need to be able to say that you would like to be open, but due to external circumstances or the way things are in your physical or legal environment, you can't allow certain types of traffic across THE NETWORK. Then what needs to happen is that this declaration has to sync up with the reality of how your access control is implemented. Otherwise it might be very difficult to diagnose routing issues or access issues that hop over various networks. This is the dual meaning with the word open, you are being open and communicative about the things that you don't allow. it is a communal responsibility to communicate, to participate, to declare. You don't even have to be logical or give reasons, it doesn't have to make sense, it is openness as in transparency.
http://www.nocat.net
http://www.consume.net, a large Free Network group in London.
http://www.tuxedo.org/~esr/jargon/html/entry/KISS-Principle.html