Security Concerns Miss the P2P Pointby Jon Orwant
In the March 19 issue of InfoWorld, columnist P.J. Connolly attacks peer-to-peer computing. He declares himself tired of hearing about it as the next big thing, and I can't fault him for that. I felt the same way about push technology, B2B, agents, and anything involving the word "groupware." I also felt that way about the web, open source, and XML -- three things that also have gotten obscene amounts of press coverage. The difference is that they deserved it, and so does P2P.
Connolly's column is called "Security Watch," and what security folks do is to find fault with technologies. We need more of that. There are so many marketers and journalists bathing technologies in the best light that it's refreshing to read critical analyses. Too often the marketplace doesn't hear -- or understand -- the full story, and we end up with things like hydrogen-filled zeppelins and Microsoft Outlook. Oh, the humanity.
And Connolly raises some excellent concerns about the security of some P2P systems. The problem is that his criticisms don't apply to all of them. Furthermore, Connolly ends up falling prey to the notion that P2P is a technology, a misconception that ends up framing P2P in a way that makes one ask the wrong questions. It makes you look for advantages and disadvantages: "If P2P is a technology," the reasoning goes, "is it good or bad? Do I want it or not? What are its competitors?" But P2P is really just an umbrella covering five areas: file sharing, distributed computing, web services, messaging, and gaming. P2P is not a technology; it is a mindset.
Which reminds me of one of my favorite aphorisms: "Security is a process, not a product." Crypto expert Bruce Schneier was pointing out that you shouldn't look for security in a chunk of software or hardware. Proper security means developing an understanding of how data flows through your organization so that you can enforce policies and enact safeguards to keep your data in the hands of Alice and Bob but not Eve. P2P is neither secure nor insecure; it all depends which particular P2P technology you use and how you use it. As usual, the onus is on software engineers to build security into their products; saying "P2P has lousy security" is like saying "Object-oriented programming has lousy security" or "Furniture is uncomfortable."
Very soon, good security will mean understanding how -- not if -- P2P systems are used in your organization. See Clay Shirky's column on the infiltration of P2P into IT for why P2P may already be prevalent in your company whether you know it or not.
|"P2P is not a technology; it is a mindset"|
P2P is inevitable. If it were merely a technology, it would be completely evitable. But P2P just means using the computers at the fringe of the network to their full potential. Go ahead, I dare you: argue against that. P2P is being enabled by new techniques for circumventing NAT and DNS to allow the PCs on your desk to exchange files, cycles, messages, and services directly with one another when appropriate.
Note well those last two words: "when appropriate." P2P does not mean pure decentralization, with every peer an equal. Some systems are like that, but as they've scaled up into the tens and hundreds of thousands, a curious thing often happens: superpeers -- peers that are first among equals -- tend to emerge, little pockets of centralization to speed things along in your network's neighborhood. What P2P often means is choice: being able to pick your balance between centralization and decentralization, and to choose it dynamically depending on current conditions. Sure would be nice if government worked that way.
Speaking of government, Connolly points out the threat to intellectual property posed by P2P: "I want to say that Napster, Gnutella, and their ilk are vehicles for theft." Cars are vehicles for theft too; like any tool, they can be used for right or wrong. Yes, OK, I admit it: there are a thousand copyright infringements occurring on Napster and Gnutella as you read this. I've written a few programs to track Gnutella downloads, and not 24 hours after the Oscars I found several winning movies spread across the network.
I also hear that someone is developing wireless technology that will broadcast music for free 24 hours a day. Oh, wait, that happened already: in 1895, when Marconi invented radio. The RIAA managed to turn radio into a hugely successful marketing channel for their artists; maybe if they tried to work with us computer geeks instead of suing us, they wouldn't be about to get turfed by the upcoming wave of Internet radio stations.
Connolly goes on to cast suspicion on distributed computing: "Even the idea of glomming onto spare CPU cycles for number-crunching tasks is one that leaves me skeptical ... vampiring creates a surefire back door into a computer." Wrong. Are there dangers? Absolutely. Are they "surefire"? Nope. These are the same dangers that exist whenever your computer runs a program with unsigned code from a remote source, just like it does when you visit a web site with a Java applet. The developers at Sun built a secure sandbox, and others can, too. (Hey, it's a lot easier than guarding against denial-of-service attacks.) I have to admit that I haven't heard distributed computing described as "vampiring" before, and it does conjure up wonderful images of shadowy computers with Gothic temperament -- perhaps fitting given the glowering many-beady-eyed evil of the Connection Machine, a famous parallel processing computer of yesteryear.
Connolly adds that "we'll see a number of attempts to add necessary features to peer networking that will make corporate security managers sleep better. ... Peering definitely needs the credibility that a commodity-trusted system can deliver." And he's on target. What goes unsaid is that these systems exist now: consider Groove, NextPage, Softwax and the dozens of other systems that were designed from the ground up with security in mind. Napster and Gnutella may get all the press, but they were never meant for companies. The P2P companies targeting the corporate world recognize the need for the credibility that Connolly mentions, and they provide it. They just don't get as much press, because let's face it: Ripping off Lars Ulrich makes a much better story than sharing Excel spreadsheets to avoid the email data skew plaguing so many companies today.
He goes on to talk about the next step in the acceptance of P2P being "digital reputations." I agree that digital reputations are coming, and I agree with Connolly about the risks: If you're worried about someone sabotaging your credit report, just wait until someone writes a Perl bot to autocomplain a thousand times to the Reputation Root Server about your lewd comments in alt.big.mouth.billy.bass.lovers. But digital reputations will only be in a small minority of P2P systems, where you a) need assurances about your peers, and b) can't otherwise verify the integrity of whatever you're using that peer for. I don't need to verify the reputation of people inside O'Reilly. That's what the water cooler is for; intracompany P2P computing doesn't require digital reputations. And I don't need to authenticate the MP3s I download over Gnutella or the text messages I receive over Groove or Jabber. Styx and Stones can break my headphones, but words will never hurt me.
At the end of his column, Connolly says, "You'll note that I haven't said anything about peering being a jim-dandy way to spread viruses; it is, but that's outside this column's scope." A deft rhetorical jeté, and very similar to Reagan's parrying the question about his age with a promise "not to exploit, for political purposes, my opponent's youth and inexperience." You're calling attention to something by pointing out how you're not calling attention to it. Tweet. Ten-yard penalty.
So let's be blunt: yeah, a virus ran through Gnutella on February 27. If a Gnutella search (say, for tubthumper.mp3) reached an infected computer, it replied with an executable program: tubthumper.exe. And if you downloaded it, and then you executed it on a Windows box, your computer became infected too.
The virus was unfortunate, but it wasn't Gnutella's fault, and it certainly wasn't the fault of the P2P mindset. It was the fault of users who don't understand what opening a file can do on Windows -- and the fault of Windows for not providing proper sandboxing.
Of course, there are P2P solutions for this security problem in Windows, but that's outside this column's scope.
Am I biased? Darn tootin'. I write about the current state of the P2P industry in the upcoming O'Reilly P2P 2001 Industry Overview, where I and other O'Reilly researchers profile the 150+ companies constituting the P2P space, explain the technologies, make some predictions, calculate mindshares, and cut through the hype surrounding P2P. For a cheaper read, I recommend our Peer to Peer book. For the cheapest read of all, check out openp2p.com if you're not there already.