A Touch of Grey
When I was writing recently about people gaming your system, I was thinking a lot about how Internet marketers of many stripes rely upon “open systems” to fuel their efforts, such as the way affiliate marketing turns the collective creativity of groups into surprising examples of both the good and the bad. I was also thinking about Wayne Porter’s current meme of “Greynets” as a description of “network-enabled applications downloaded without IT permission” and coming to the conclusion that the Internet (because it is an open system) always has been, is currently and always will be a Greynet. Then I started reading Charles Stross’ new novel “Accelerando!” and started thinking the whole future might be a Greynet.
I’m reminded of Paul Graham’s excellent piece on business and “Open Source” (Open Source thinking keeps popping up with this line of thinking) with his remarks about “average quality” not being the point of blogs:
Those in the print media who dismiss the writing online because of its low average quality are missing an important point: no one reads the average blog. In the old world of channels, it meant something to talk about average quality, because that’s what you were getting whether you liked it or not. But now you can read any writer you want. So the average quality of writing online isn’t what the print media are competing against. They’re competing against the best writing online.
In the same way, networks aren’t worried about the “average user” (or the “average affiliate”) and their activities anymore: they are worried about the worst of what someone could do given the way the network exists (like the havoc of a stealth installer deployed via IM, or the CPA models those stealth installers exploit to make money from it.) This is no different from encrypting credit card transactions or put up shoplifting sensors at the doors of a physical store — not because your “average customer” is going snoop IP packets or shoplift a camcorder, you are doing it because someone can or might. Your company and its efforts (at least in a networked economy) live or die by the activities of 1% of your users or affiliates.
Which brings us back to that tinge of grey than any open network will always experience. My good buddy Wayne is probably confronted with a Herculean task if he hopes to “re-secure the Greynet” — the fact that applications can be downloaded without central authority is a trait of an open network. Trying to re-secure that infastructure is an arms race that produces evolutionary pressure on both sides, in the same way that computer virii and computer virii removers are driving each other’s evolution toward complexity. Wayne is getting caught in another one of those arm races (securing the open network), but at least he’s assaulting it with the tools of the open network — collaboration between people.
Warren Harrop & Grenville Armitages use “Greynet” in networking terms as “a region of IP address space that is sparsely populated with ‘darknet’ addresses interspersed with active (or ‘lit’) IP addresses.” If an IP address is unused in an “outbound” sense, then there is really no reason for anything to be poking from the outside “inbound” on that IP address — that footprint into the darknet is used by some sophisticated network administrators to watch for all kinds of malicious activity. Not everyone has a big block of unused IP address to play with, so Harrop & Armitages talk about instead using a “greynet” — a sparsely populated area of IP addresses — for the same kind of detection. It seems to work, even though there’s still scatter legitimate use through that same block of IP addresses.
While this is a very different definition that what Wayne is using when he writes about “Greynets,” I wonder if there isn’t some inspiration to be had from the network security vision of “greynets.” To benefit from the positives of an open system like the Internet, one has to accept a certain level of risk: people’s computers will never be 100% IT department sanctioned anymore than all drivers on the highway will obey the law. The risks associated with the actions of that 1% are high enough to be worth finding and enforcing solutions, but not worth taking the cars away from everybody.
If these battles between malware makers and malware vanquishers are like games of chess where both players are playing to win, we could be in for a very long arms race. Perhaps, instead, there’s a method of using the open network itself to play for a draw — something that seeks to perserve a certain shade of grey that’s still acceptable rather than securing the unsecurable.