Saturday, May 3, 2014

Good, bad & ugly - Your password

I have already been ranting about passwords several times. They might be there to protect your digital assets but are also a liability. There are a lot of articles about user passwords being easily guessable. Usually they blame the user and his/her stupidity, the inability to select and remember a password. I consider this plain wrong. Most of those errors are enforced by anachronistic and bad password policies.

Password requirements


A good password must have two properties:

1) It has been memorized by the user
2) It is difficult to guess for a third person (even if he/she knows the user well)


But in most cases another requirement is thrown into the mix:

3) The password shell be complex (have a high entropy)
Usually the requirements take the form of a password policy like this:

  • The password must be at least 8 characters long
  • The password must contain upper- and lower-case letters
  • The password must contain a number
  • The password must contain a non-alphanumeric character

You notice anything? Yep, this policy only focuses on the third requirement. And it does so at the expense of the first requirement and (knowing human psychology) it also has a negative impact on the second requirement.


Threats to passwords


Let us take look at how the security of password can be compromised:
  1. The input of the password has been observed (by eavesdropping, key-loggers or by the ordinary Mark 1 Eyeball)
  2. The password has been re-used by the user in a different context where the attacker has access to it
  3. The attacker gained access to the encrypted storage of password and managed to extract it from there
  4. The password has been guessed by the attacker
How does having a complex password help you against these attacks?
  • In case of an attacker observing the user entering the password, no complexity will help. Rather the contrary, a password with mixed upper/lower-case, numbers and special characters is entered at a significantly slower pace. This helps an attacker observing the password by good old-fashioned peeking.
  • If the password is known to the attacker from the use in a different context, the complexity is no help either. Knowing the psychological side, cryptic passwords are rather compound the problem. Once a user has found a password that fits the typical policy, he tends to use it wherever such a password policy is in place and therefor increases the chances of an attacker to use a known password of the user in a different context.
  • In case of access to the encrypted password store, the complexity clearly helps to hamper the attacker (if the password is encrypted properly).
  • One would expect that password policy should help making a password un-guessable for a third person. From my personal observation the contrary is true. Under the watchful eye of a password policy they tend to stick to first names, upper-casing the first or last letter, replacing characters by similar looking special characters or numbers and/or adding numbers at the end (like birthdays).
Summary: Only in one attack scenario choosing a complex password helps, in all other scenarios it does not have any or even a negative impact. So let us look at this scenario a bit more detailed.

Decrypting passwords


To decrypt the password of a user, the attacker has first to have access to the password storage. At which point the first and most critical security failure has already occurred. And the user had nothing to do with it.

When it comes to decrypting a password, the algorithm used is a more important than the complexity of the password. If the service provider has not done his home work, complex passwords offer only little protection. This is another critical point, where the user has no influence whatsoever.

But in case of the service provider having botched the safety of his password file but made everything correct when choosing the algorithm the complexity of the user passwords can offer extra protection against the attacker. 

Does this case justify all the negative impact?

I want to point out, that the safety of the encrypted password is not the responsibility of the user. So would say: Don't make him part of the process here. Don't shift the responsibility to to him where the service provider is responsible.

Remark: I did not specifically address the issue of an attacker trying out all passwords by automatically entering them one after another. It falls into the same category since it starts with a critical error on the service provider side by allowing this.

What shell we teach users about passwords?


I think we should focus on the first two requirements i started this blog post with:
  • Choose a password you can remember
  • Use a password someone else does not associate with you
and (which is more important than complexity):
  • Use distinct passwords, at least for the most critical uses (Work, Banking, Apple, Facebook, Google, Paypal, Amazon) and never use those somewhere else.
If the user follows those three advice only, his security would be greatly improved. It is much better to use several (cryptographically) weak passwords than one good one for everything.

What about password complexity?


I am not opposed to complex passwords, as long as it has no negative impact on the more important issues. There is nothing bad about advising the user about his password being weak or strong as information.

But if you do so, please do it right. Do not just look for which kind of characters are used. Don't care about the source of entropy as long at it is there.

"Test1234!" is not safer then  "mucho danke shopping magazzini", rather the opposite. Let the user find his way to create a memorable complex password. If you force him into a scheme you think best, you will weaken passwords.

And: Except for the most critical uses, 40 bits of entropy are enough. If it is not enough, you need to rethink the way you store your passwords. 

That is why i think XKCD has it right, no matter what Bruce Schneier says (i never thought i would agree on a security topic rather with a comic author than one of my most respected security experts).

Are there exceptions?


Yes, of course. There are always exceptions. But in those cases you should rather look into using two factor authentication than trying to get the users brain work in a way that evolution did not intend it to. 

Password Managers


It seems to have become a fashion to prohibit the use of password managers, either by written policies or enforcing it in web application. I consider this a bad idea. If a user tells me, that he has problems memorizing passwords of sufficient complexity, i tend to believe him. Password managers are a great help, but personally i want to be able to recite my critical passwords (Amazon, Google, Apple, Paypal) directly.

Wednesday, February 19, 2014

Review: Influx by Daniel Suarez

The nobel prize seems to be within the grasp of Jon Grady.  Being an academic dropout seems to be no longer a real obstacle since he just implemented his first prototype of a gravity reflection device. While the Wall Street bankers bankrolling his startup don't seem too happy about being misled about the direction of his research, their expert confirms the validity of his claims.


But when something seems to be to good to be true, it usually isn't. The visiting "expert" makes a telephone call and the bomb goes off, quite literally. A neo-luddite terror organisation storms the lab, knocks out everyone and blows it all up.

To his own surprise Jon Grady survives the experience and finds himself in the clutches of the Bureau for Technology Control (BTC). As it turns out, they are having both feet on the breaks concerning the deployment of new technology (of course purely due to concern for mankind). Scientists and Developers who threaten to disturb the status quo too profoundly are offered a choice: join, disappear and play with the good stuff or just disappear.  

So Jon has to consider the gravity of his situation. As he soon finds out, the governmental oversight of the Bureau has been slightly neglected.

After his novel "Kill Decision" was published, some complained to Daniel Suarez that he has written more a blueprint than a novel.  Like his works "Daemon" and "Freedom (TM)" it gave the technology-versed reader quite a chill. Since John Brunner passed away, no other author has managed to radiate such feeling of frightening authenticity in his books. Together with the author we can only sincerely hope  that he is further off the mark this time. 

His past as system consultant and software developer gives him his ability to describe just-around-the-corner technology. But the real hitter are his credible predictions on how and where those will be used. While the apparent technology in 2016 (where "Influx" is set in) does not differ too much from today (thanks to the untiring efforts of the BTC), he takes a lot more liberties on the "suppressed" technologies.

His previous books were not short on humor, but he has given it a lot more leash here. One can't do other than appreciate the irony of US intelligence and law enforcement agencies being spied upon by superior technology. There are several of such hidden gems inside the book. Furthermore the clones of the top BTC operative have some QA issues and regularly provide comic relief.

When reading the previous books, my professional personality was never completely switched off.  The job-me was permanently looking myself over the shoulder and doing some appraisal. With "Influx" the entertainment nearly does a solo performance. But Daniel Suarez can't completely get rid of his habits and there are still some very sobering parts. The gulag for scientists comes straight from the worst nightmares.

The pacing of the book is high right from the start and it is hard to lay aside once you begin flying through the 380 pages (hardcover). The story mostly flies straight as an arrow, the supposedly good cause of the bad guys is threadbare right away. With the roles clearly assigned early on, "Influx" makes an relaxing and enjoyable read.

Of course there is another possible alternative explanation for this book: Daniel Suarez got snatched by the Bureau for Literary Control since he was getting close to the reality prediction and was forced to write more freewheeling stuff. If the results remain that entertaining, that is fine with me.

In any case, you find his book on Amazon.

Saturday, February 8, 2014

Review: Directive 51 by John Barnes

Directive 51 is the first book of the Daybreak series with currently three novels. The title is derived from from the "Executive Directive 51", a Presidential Directive which claims power to execute procedures for continuity of the federal government in the event of a "catastrophic emergency". This may give you a "slight hint" about the direction this book is going.

The novel takes place in the near future of the United States of America. Technology has advanced especially in the area of nanotechnology, where even students become capable of creating nanites (nanobots) in their home lab.

The "Daybreak" is a terrorist organisation devoted to bring down the "Big System". It consists of several groups (from radical ecological to radical islamists) which only share their disgust for the status quo. 

It is introduced as a meme that has reached a critical mass. But the author also casts some doubts on that assumption. 

The Daybreak is surprisingly effective in creating a nanoplague (self-replicating nanites) devouring petroleum-based fuels, rubber, plastics and several metals. But it also has a new type of nuclear bomb at its disposal. 

This and some other facts create the impression that "Daybreak" is not what it seems. The riddle is not resolved in this book.

The larger part of the novel is about the executive power trying to fight back and within itself. As one may assume from the title, the original president and his vice-president are not around for long. And even with the end of the world close by, there are enough remains to squabble for. The failure of the leaderships encourages other to claim power for themselves. Only a few, the heroes of the book, are trying hard to hold it all together.

The book starts with a fast, gripping pace, a doomsday plot at its best. When it comes to the political side and dealing with the fallout, the novel remains more interesting than senate proceedings but requires some stamina on the reader side. The amount of characters is confusing (we go through four presidents alone) and even at the end, the purpose of some characters remain unclear. 

I have the followup novels on my reading list, but they are not as high prioritized as they would have been after the first third. 

You find this novel on Amazon,

Wednesday, January 22, 2014

Review: Bone Season by Smantha Shannon

I seem to be in for debut novels currently. Here is another one of a new author. At 22 years, Samantha Shannon is one of the youngest writers i have in my current portfolio (aka Kindle) and it does not require much scrying to see a lot of read-worthy books coming from her in the next years.

It is 2059 and not a good type to be magically gifted (or voyant as it is called here). The use of your talent is highly illegal and if you are caught, death will be your fate. So better keep your abilities hidden from everyone, even your only close family member. The best way to make a living is to join the syndicate and pursue a life of crime.

Paige Mahoney is not a happy but a content person when she is introduced. She feels safe within her environment. Her boss sees a lot of potential in her, more than she thinks she has. Her talent is a rare one as she can enter the minds of other people.

Her talent is put to a test when she is cornered by hunters of the Scion, the fascist, anti-voyant regime that has taken over England. While she manages to escape at first by using her power to kill, she is caught soon after. 

To her own surprise, she is not executed but shipped to the Gulag of her 21st century: Oxford (or "Sheol I" as it is now called.) The prison is not run by professors but near-human creatures called Rephaim. The rules of her life change dramatically.

Until that point the reader has not even finished half the book. Samantha not only fervently builds a world but also a huge vocabulary. Dreamwalker, floxy, rotties, mime-crime, flux, NVD are just a few examples of (i would guess) a low three digit number. 

It takes quite some learning from the reader and the complexity sometimes does not help but hinder the story development. On the other hand there are sequences where you are literally fleeing at her side over the roofs of London and really feel the breath of her pursuers in your own neck. In those action packed sequences she is at her best.

Another, easily forgiven, weakness is the language which feels to be stuck between the young adult and adult style. I expect this point to solve itself automagically during the sequels.

The overall construction of the story is solid and she even plays the reader by what seems to be plot device at first glance and turns out to be an important story element later in the book. I awarded bonus points for cheekiness here.

The book came to me highly praised through one of my wife's many magazines. While it did not fully live up to the (admittedly high) expectations, i am still impressed by an early work like this. You'll find it on Amazon.

Sunday, January 19, 2014

Review: Ancillary Justice by Ann Lackie

Devilish complex main character: Check! Non-linear storytelling: Present and accounted for! World building: Massive! New author: Yes! A combination that would challenge any experienced writer makes up the stunning debut of Ann Leckie. She is an author on which you will want to keep an eye on.

Let's start with a few highlights of the main character Breq: about 2.000 years old, once part of a hive mind and an excellent fighter inflicted with the disability to discern the gender of most dialog partners.

He started of as an Ancillary "One Esk Nineteen" of the starship "Justice of Torren". Ancillaries are former criminals who were mind-wiped and became (with boosted physical properties and reflexes) part of a hive minded ship AI. They have been a strong weapon in the expansion of the Radch Empire.

But the expansion has slowed down, ancillaries are being slowly replaced by humans, Beq has become alienated with his empire and is separated from his hive mind. How all of this is connected to each other is told in cutbacks that span a millennium.

Other authors manage to confuse their readers with a story a tenth as complex as this one. But this seems to be Ann Leckies talent: to never lose her audience throughout the story. Though some concentration is required and some quirks of Breqs perspective (per default everyone is a "she", memories are always plural) are challenging at the beginning, one is rewarded with insights into a very fascinating character, society and universe. The book really covers an alien perspective quite thoroughly.

While the aspect of the hive mind is clearly a central one (covering among other things: moral responsibility of single a part of the hive mind, split brain situations, synchronization), one will find a lot more to think about. Calling the novel a space opera does not do it justice. There are more aspects to it than i want to cover in this review. It would take too much pleasure away from the reader when (s)he discovers a lot of reminiscences to other classics of Science Fiction within.

While the novel does not end on a cliffhanger, it clearly calls for a sequel which i will eagerly wait for.

You can get this book on Amazon. I stumbled upon it in John Scalzi's blog, which has been a source of several reading inspirations for me.

Saturday, January 11, 2014

The German Science Fiction & Fantasy Book Market - A Guide For Foreign Authors

The German book market seems to be very interesting at first glance. With a volume of 13 billion US$ in 2011, the average revenue per capita is nearly twice that of the US market. Books have a very long tradition here. But for foreign authors, especially Science Fiction & Fantasy authors, there are some, ahem, let's call them "mitigating factors".

0 Disclaimer


Though i have successfully published a book, contributed to some and read several thousands of them, i don't claim to know every aspect of the market. This text is my highly subjective view on it. Though i would bet to be not far off the mark.

Even if this text has become longer than intended, i have simplified things.

If i say "Foreign Author", i am referring to those who are primarily publishing in English. The equations i put forth will look very different if you're writing in French or Japanese.


1 The German Book Market


There are about 90 to 98 million people with German as first language. Of those, more than half "like" or "like very much" to read. 66% of all woman and 52% of all men purchased books in 2012. So the overall demand for books is high.

But let us look at some details...


1.1 The German Language


Translating books into German is difficult. While it is a perfect language to create laws in or for writing a scientific paper, it is less suited to the entertaining style most SF&F is written in. The high precision reduces ambiguity and makes some kind of humor more difficult.

The pool of translators had no large overlap with the SF&F scene. Furthermore they had few card carrying members in the Geek and  Nerd squad which would have helped understanding a lot of allusions and jargon in the books. Translators were already considered to have a Fantasy background if they read "The Hobbit". This is improving due to a new generation coming up.

Overall, even a bad translation into German is expensive, a good one even more so. I have seen excellent translations in the past years (Patrick Rothfuss has been very lucky) and less excelling ones (i was not impressed with the German version of George R. R. Martin's Game of Thrones).

Be aware that a translation may heavily change style and targeting of a book or movie. If the translator thinks that the book is a topic for children, their translation will reflect that attitude. This can practically re-brand you.

For a foreign author, a German translation is very much like a raffle. Unless you, your agent or your publisher spend a lot of time on this,the result is dominated by random chance.

The costs for the translation reduce the revenue for the author (AFAIK by about 60-70% for non-celebrities) and increase the risk from the publishers point of view. So on the German language book market, you will always be in a competitive disadvantage.

Furthermore: translating a book takes time. Months at least, though years are not uncommon. Thanks to the Internet, fans know the next part of a series is already out in the U.S. or UK and begin to suffer. When the choice is between waiting years or improving your English, the results may surprise you.


1.2 Non language-related translation issues


Being translated contains more dangers for an author than just the German language. If you are considering a German translation, you should be aware of:


  • Large books are regularly broken up and published as two books in German. Often the reader is not made aware of the fact and ends up disappointed at some unintended (by the author) cliffhanger in the middle of your novel.
     
  • Do you mention Nazis? Or do you make allusions to them? Be prepared for some political correct translator to change things for you. Suddenly the "System Security" you gave those initials intentionally is abbreviated quite differently.
     
  • Sometimes translators decide not to stop with translating the language but also are germanizing personal, non-descriptive names. In Alan Dean Foster's Spellsinger, the translator (of a fantasy novel) even insisted on translating the name "Dungeon & Dragons" (which is brand in Germany as well) and "Kerker und Drachen Spieler" sounds really, really ridiculous in German.
     
  • The worst thing i ever experienced was that the characters in the middle of a novel suddenly started praising some canned soup. The ad was set in a different font, but when he was told, the author (Terry Pratchett) reacted truly shocked (as were his readers).

I am pretty sure that i only remembered only a small part of the things i have seen getting done to good innocent English literature. I can only recommend you to get some QA in Germany whom you trust.


1.2 The English language in Germany

English is non-optional if you want to achieve any educational level in Germany. So nearly everyone had at least a rudimentary knowledge already in the past.

The Internet has put the language on afterburner especially for geeks and nerds. So unless the author is using heavy slang, 30-50% of the potential German readers can read a novel in English nowadays if they put their mind to it.

The German language in comparison has become less important today. 

In 1980, without a German translation, a book stood no chance. And the only way to get an English book was to pay twice the list price and wait for weeks or months for it to arrive. With the easy availability (thanks to Amazon) and the increased proficiency (thanks to the Internet), the English language is now an important player on the German book market. But due to some issues (see below) the sales are not always attributed to the German market.


1.3 Selling Books in Germany


The book market was traditionally ruled by small book stores. In some areas, there were more book stores than bakeries. The shop clerks would know their customers. Their recommendations and disposition determined the fate of books. They were mostly biased toward "high literature" and against Science Fiction and Fantasy.

Their margin and market was protected by the special pricing in Germany (see next chapter). Only a few large book chains existed. Outside the book stores, nobody sold books in large amounts.

But this was about to change.

During the nineties there was a strong market concentration. Large bookstore chains started to rule the inner cities and small book stores started dying since they lost their bread-and-butter business. On the other hand, the large chains were not as close to their customers as the small bookstores which they were driving out of business.

Then came the Internet and Amazon.

With the rise of the Internet, English language proficiency increased, German readers learned of U.S. or UK release dates (which were years ahead of the German translation) and English books (even when printed) became cheaper than German books.  Especially Amazon was a cheap source for the next (English) sequel of the series you were burning to read.

The only reason the German book chains did not go the way of the Dodo and their brethren in other countries (yet) lies in some anti-competitive measures applied (e.g. see the chapter about ebooks).

Amazon is despised by German publishers. The market approach of Jeff Bezos conflicts strongly with the self image of publishers. They are loosing their filter function they had for a long time on the market. Amazon is showing them daily, that they don't know the market and readers as well as they think and state they do. This is not appreciated by them.

Amazon is a hot button issue in Germany currently. There are several social groups which are fighting them toes and nails. For them, Amazon represents the all they despise about the Internet and the Americanization of the culture. My personal guess is that Amazon will win that fight without breaking sweat.


1.4 Pricing


One important specialty of the German market is the fixing of book prices. When a book is published in Germany, the publisher has to set a price. It then becomes illegal to sell a new undamaged book to an end customer at any price other than that (in Germany).

This has two consequences:

  • There is not price competition for books published here. A retail chain cannot outbid a regular bookstore by just concentrating on bestsellers. The usual seller margin is at about 40%.
     
  • Any book not published here is much cheaper than their German pendant. Patricks "Name of the Wind" was at some time costing only 25% of its translation.

The idea is to protect the cultural value of books from the brutal market economics. The result was a golden age for publishers and book stores and they lobbied hard for it. It gave them a rather secure and highly profitable niche for decades but also made them vulnerable, once real competition appeared. 

Furthermore it gave their customers a high incentive to migrate to foreign markets. The price fixing does not apply to books published outside Germany. So a UK bestseller costs with shipping and handling significantly less than a German one.

1.5 ebooks


When the ebook market took off in the U.S. it caught German publishers and bookstores flatfooted (as did the Internet, as did Amazon). While they were busy to reproduce any error the music industry had already made, Amazon soon showed the world a working model.

To prevent Amazon from taking over the German ebook market, the publishers devised a simple scheme: They just refused to sell rights on German language books to Amazon at conditions it could accept. For 2-3 years, it was practically impossible to purchase a German language bestseller as an ebook.

Publishers developed their own ebook platforms which were DRM-heavy and were sold in e-stores which offered only a small fraction of the available books. Over the time their model approached Amazon at which point they were willing to deal with them again.

The publishers lobbied and sued to extend the price fixing on ebooks as well. They were and are completely unwilling to offer any kind on discount for customers that are not demanding to ship dead wood across the country. This also encouraged German readers to get their ebooks in English and elsewhere. 

Advanced SF&F readers have their Kindle account with Amazon.com instead of Amazon.de. Due to some SNAFUs regularly happening, German publishers are able to prevent the release of some English ebooks on the German market until the translation is released. Therefore the German readers register themselves under a U.S. address and they will count in any statistic as U.S. buyer.


2 Science Fiction & Fantasy


On top of all of this, there are some issues specific to Science Fiction & Fantasy.


2.1 The Image


The early image of Science Fiction was created by the "Perry Rhodan" series, which is published weekly since 1961 in (by now) more than 2700 booklets. Perry Rhodan is the name of the main character and the plot now covers several thousand years with him. It was considered  pulp (at least in the beginning deservedly) and branded Science Fiction 
for decades.

When you purchased Science Fiction in the 80s in a typical bookstore (well, it had to be untypical a bit: in a real typical one, there would have been no SF&F at all) the sales clerk looked pitifully upon you. You expected them to offer you some porn to wrap your SF&F purchases in, so you won't have to be ashamed to be seen with it.

The image of Fantasy was slightly better, mostly thanks to Tolkien. But overall it was not taken seriously either. The world-building, the theoretical sociology, the prognosis on human development under different circumstances was utterly disregarded. On the shelf you found your Asimov or Brunner right next to the space western dime novel.

This has improved over the years. But Science Fiction & Fantasy is still invariably found farthest from the book store entrance. The shelf (usually a plural is not appropriate) is mostly filled with serial novels relating to movies or computer games (Warhammer 4K, WoW).

Computer games are also not considered to be cultural assets by the political and cultural establishment neither.

Perhaps the best way to illustrate the attitude towards Science Fiction and Fantasy is, that this genre does not rate hardcover releases. They are a very rare exception.


2.2 Community and Author outreach 


You will notice that German fans react to fan communities or author outreaches (live or via social media) differently. They are just not used to that. German authors usually do not interact this way with their fans.

"Serious" authors (which by definition excludes SF&F) often despise the Internet. When they grudgingly agree to interact with fans upon nudging from their publishers, they can produce strange results.

A few years ago, i noticed the acclaimed author Urs Widmer giving a reading in Hannover. A fried of mine (who was a big fan) drove 200 miles to participate and see him in person once. After the reading, some people approached the author with books and asked (very politely) for signings. At that point the author answered brusquely "This is a reading not a signing!" and left.

If you ask a classic German author about a presence on Facebook or a blog and (god forbid) spending some time on it, be prepared to get a look as if you were suggesting to sacrifice his firstborn to some ancient Egyptian god. I know this is unjust towards quite a lot younger authors, but it describes the vast bulk. SF&F authors tend to be more approachable, but are not immune to the general attitude.

So German readers discovering an author actually interacting may react in a strange way. I was really, really surprised when "pterry" answered on my questions in person via email in 1994. 


2.3 Movies


If your novel is made into a movie or a well known TV series, everything changes. By some magic transformation, it is no longer Fantasy or Science Fiction but a classic. You are serious literature now. At this point, book stores will barricade the entrance to their stores with your work. People outside the "scene" will ask for and purchase your books (but only if in German).


2.4 Competition


The most successful German Fantasy author is Wolfgang Hohlbein with 43 million sold books. You will have difficulties to find English translations from him, those are very rare. He has sold more books in Korean language than in English. I hope none of both is insulted when i say that he is like a German version of Stephen King.

Another author who is praised in my circles is Andreas Eschbach. But he also has only few books translated into English.

Beside them, i am very hard pressed to come up with more names. But since i turned away from that market in disappointment 15 years ago, i am not current development. But we have no Isaac Asimov, no John Brunner, no John Scalzi, no Patrick Rothfuss here. But we have a lot of authors who turn out one novel after another which are hard to distinguish from their previous one.


3 Summary and Recommendations


To sum it up:

  • While the German language book market seems attractive at first glance, it is highly dysfunctional. This will make it hard for a foreign SF&F author to earn money on it.
     
  • Being a successful SF&F author on your market, will not give you a lot of prestige with publishers here.
     
  • A good translation of your book is expensive. The costs will be cut from your side of the deal. A bad translation will damage your brand.
     
  • The English language is no longer the barrier it used to be. German Publishers have spent the last two decades converting especially SF&F readers to the English language. If there is a society out there to promote the English language, they should consider giving a lifetime award to those Publishers. The lifetime of some of them may come to an end soon.

So, if you are a Science Fiction or Fantasy author publishing in English, what do i recommend you:
  1. You don't need a German translation urgently as you will sell to German readers anyway. You will have problems to know, what your success in Germany is. Profiling your fans on Google+, Facebook or in your blog will tell you more about it than any sales figure will ever do. Any sales figure you will get for the German market will be more fantasy than your book.
     
  2. If you want or are asked to be present with a German version of your book, pay attention on the translation. The revenue from a license deal may not compensate the brand damage of a bad translation. You should see a German translation more as a marketing effort than revenue source. Get some QA on the translation from someone you trust.
     
  3. A German version of your book becomes important, when you just sell it to 20th Century Fox or HBO and Peter Dinklage will be starring. Then the book reaches outside the SF&F community. But in  that case you will not have any problems finding a publisher and a good translator. You would be rather sorry then (in terms of quality and revenue) to have sold the licensing rights cheaply early on.
I hope this has helped you a bit understanding the German market and or at least entertained you a bit.

Tuesday, December 24, 2013

Blocking of Material on the Internet

This article had been lost in Hyperspace for some time now, so i decided to revive it. As the current discussion about the porn filters in the UK shows, centralized approaches to blocking content don't work. This here is my way of saying "Told you so". Though many technologies have changed in those years and many of those site mentioned ceased to exist, the basic mechanisms and therefor the problems of central censorship are still the same. -- Martin Seeger, 24th December 2013


Blocking Material on the Internet

A systematic analysis of the "censorship debate"

Kristian Köhntopp
Marit Hansen
Martin Seeger

Kiel, 14 May 1997

Summary


Like any other communication medium, the Internet is used also for the dissemination of radical right-wing information, child pornography, etc. Such misuse has recently led to calls for state intervention to enforce centralized blocking of certain materials.


The authors take the view that such action would be inappropriate. All technological approaches for implementing such blocking have so far failed, and it can be assumed that, with the Internet structure being what it is, future approaches will fail as well. Secondly, blocking will always affect material that is not intended to be blocked. The more effective the blocking action, the more serious the undesired side effects.

Decentralized blocking approaches would enable users to filter content themselves. If rating of content is performed by private organizations therating mechanism could be used to promote questionable interests. To avoid the risk of misuse, it is absolutely necessary that all rating criteria and all ratings are disclosed.

State regulation of any kind will increase costs. The effort to rate Internet material is expected to involve high payroll costs. But even today the cost of communication is substantially higher in Germany than in competing countries like the United States. Regulation would hence be a competitive disadvantage.

What is the objective of blocking?


Before discussing the technical means of blocking material accessible on the Internet and the prospects of achieving such blocking, it is necessary to identify the goals to be achieved by blocking. Potential goals include: 

  • Law enforcement: preventing the subjects of a national or regional legal system from accessing or publishing material which is illegal as measured by the criteria of such legal system, even if the place of publication is outside the jurisdiction of the legal system concerned. Using technical means to render such offences impossible would be the perfect solution.
  • Prohibiting the provision of indecent material: Various parts of the US Communication Decency Act (CDA) tried to establish an even stricter rule: the Act prohibited the provision, via data networks, of material which is indecent, obscene or in some other way offensive as measured by contemporary moral standards (for "free speech" see for instance The Electronic Frontier Foundation (EFF).
  • Protection of minors: Access by minors (children and adolescents) to harmful material is to be prevented while adults would continue to be able to access the complete range of material offered on the Internet.
  • Rating: All users of the Net would continue to be free to choose the material they wish to receive, but a rating mechanism would be established enabling consumers to indicate their own preferences ("no sexual material" /"a lot of sexual material", /"no violent material" /"blood and splatter", "politically left-wing"/ "politically right-wing material", "content that is in conformity with the moral standards of the Catholic Church" /"correct in accordance with Muslim moral standards"); consequently consumers only receive that portion of Internet material which passes the filter chosen by them.
  • Non-regulation: Every user would have free access to all information offered. Even the existence of rating criteria applied by third parties is considered detrimental, and the establishment of a rating infrastructure is not encouraged or even discouraged..

Which services are discussed in this paper?


"Material provided on the Internet" is understood to mean content accessible through a number of services which use completely different technologies and many of which have separate administrative structures. The only common feature of all these services is the data transmission protocol TCP/IP, which serves as a joint basis.
There are at least two services to be distinguished:
  • WWW, World Wide Web: The World Wide Web is the graphically most appealing service of the Internet. This service is rendered by a network of servers which, on request, furnish the user with "pages" containing the requested material by delivering them to the browser of the user's computer. As a rule, access to these pages is provided by means of the HyperText Transport Protocol (HTTP). For this protocol no identification or authentication of the user and the provider is necessary; the data transmitted are plaintext and not tamperproof.
  • An optional modification of HTTP communicates requests and replies by using the encryption technique called Secure Socket Layer (SSL). At least providers using this system have to inform the person making the request of their identity. Furthermore the SSL system prevents monitoring of the plaintext of the communication (third parties cannot find out what requests were made and what the subject matter of the pages provided is) and ensures that the material concerned cannot be falsified undetected by third parties during transmission.

    The pages provided contain formatting instructions in the HyperText Markup Language (HTML) and, if requested, further visual, sound or video data. Small servers often can provide the pages requested only as a pre-produced database supplied unchanged from their hard disks. Big servers, by contrast, frequently produce the requested pages on an individual basis, i.e. depending on the user's identity, his or her Net address, the national language preferred (can be configured in the browser), the type of browser employed by the user, the exact time of request or other programmable criteria. This means that two successive requests of the same page will not always result in identical replies.

    If pages from the database are produced dynamically, the data of the Web server may be subject to constant change as a result of the updates of the database. This is what happens for instance in the case of catalogue systems for online commerce (price and product updates, changed inventory affecting delivery, etc.), news agencies connected to press release and ticker services and in the case of Web inventories and search engines which generate a full-text index for pages and permit searches by subjects.

    In general the Web database is highly dynamic: new versions of pages can be produced and marketed at very low cost. The electronic nature of the medium and its centralized data storage (no distributed copies of a page have to be updated) are clear advantages for producing a very large number of copies.
  • USENET news: USENET is a distributed system of newsgroups. It is a partially interconnected network of servers, each of which stores a selection of articles ready to be supplied on request. As a rule, the articles are filed in accordance with thematically arranged newsgroups and time of receipt. Users can establish a link to the most favourably located server and request articles selected by news group and date of receipt.
  • Users can follow up on any article read or can post their own articles to the server. The server will then inform its neighboring servers that it has a new article available and, where appropriate, will feed this article to its neighboring servers. These, in turn, will communicate the article to their neighboring servers, etc. (flood fill algorithm of USENET). Within a few hours' time there are hundreds or thousands of copies of this article available throughout the world. The cross-linking of servers is highly redundant; interruptions on the server routes usually have no or only local effects on the availability or transport speed of the articles.

    To gain space, the longest held articles are deleted after a certain period of time, which is determined by the configuration of the individual server and by the space needed. As a rule, it does not exceed a period of two weeks. Some news archives, however, store news group discussions for several years and make this database accessible via ample search capabilities (e.g. Dejanews, AltaVista in the news mode).

    As every user reading such articles can reply to any of these articles directly and without any pre-editing or post-editing, the results are unmoderated public discussions about a wide range of topics. A large part of these news group discussions are conducted globally. Hence the participants in newsgroup discussions come from all over the world and group membership is constantly changing.

    Communication between user and server as well as communication among servers are usually not encrypted and take place without identification or authentification of the users or authors of articles. Falsifying the address of the sender or the path of an article is very easy and even common practice with some newsgroups. There are converters from e-mail to USENET news as well as anonymous and pseudonymous servers which use cryptographic methods, some of them very effective, to try to conceal the sender's identity and location within the Net. Some news servers allow any user or author access without requiring authentication (open servers): it is up to the authors to decide whether or not they wish to disclose their identity in the article provided.

    It is the operator of a server who decides which newsgroups can be accessed via its server. There are some lists of "official" newsgroups, but usually they are neither complete nor binding for anyone. Names or headings of newsgroups have the nature of recommendations only. Off-topic postings or spam make up a fixed percentage of all articles.
The IRC service (Internet Relay Chat) and e-mail (private electronic mail and semi-public mailing lists as discussion forums) could also be discussed in this paper. However, to make this analysis compact, we do not wish to discuss them here, since they are not at the centre of public debate. A discussion would lead to similar results as in the case of the World Wide Web and USENET news. There are other services most of which are of less importance for public communication (telnet) or the discussion of which would not reveal any new aspects (ftp, see http).


How can the material to be blocked be identified?


In order to block material reliably it is necessary first to identify such material in some way. The resolution of such identification may vary.
An individual computer can be identified on the basis of IP addresses. However, the identified computer usually performs a large number of services for several providers. Some Web servers of IP providers feed the material of thousands of information content providers into the Net under one single IP address; computers of small providers in some cases offer all the provider's services under one single IP number. The blocking of IP numbers consequently affects not only the material to be blocked but also a large amount of material and services that were not intended to be blocked.
By expending more cost and effort, it is possible to identify service-specific characteristics of individual units of the material provided. In the World Wide Web, a page is characterized by its "name" (its Universal Resource Locator - URL), while the USENET news uses message ID of an individual news item or the name of a news group as means of identification. For newly emerging services it is necessary to devise new service-specific methods for identifying individual units.
The amount of data to be identified and rated is huge: In May 1996, 30 million Web pages were stored in the full-text database of the Altavista search engine; in April 1997 the amount of data recorded exceeded 72 gigabyte for some 5.4 million articles (statistics supplied by Eunet Deutschland GmbH taken from de.admin.lists of 1 May 1997).
There is still the problem of isolating the material to be blocked from all other material. There are two completely different ways to do this:
  • automatic rating of material by looking for formal characteristics such as whether the text contains certain key words,
  • manual rating of material by providers or third parties using a set of criteria (rating).
Automatic rating of material by using key words is a complete failure when applied to components containing no text (audio files, images or animations). Several online services (Prodigy, AOL) tried to have discussions rated in chat rooms similar to the IRC service by using certain key words, but the results have been hardly satisfactory. One result was that normal discussions on certain topics were no longer possible: blocking of the word "suck" made it difficult to exchange views and experience concerning vacuum-cleaners in a housekeeping news group; blocking of the word "breast" was a handicap in discussions on breast cancer and cooking recipes ("chicken breast"); and the pages fed into the Web by Mrs Cindy Tittle Moore (tittle@netcom.com) were blocked by the Cybersitter program on account of her name.
Another result of blocking was that the group whose material was blocked simply changed its vocabulary so that blocking had only negligible effects on the group's material. There are other automatic rating methods, but they are unable, too, to recognize the meaning of the material to be rated. Knowledge of these formal blocking criteria enables newsgroups to re-formulate their information without changing its meaning so as to avoid the words that would "trigger" blocking. The Cybersitter program designed to protect children is able, for example, to cut from the Web pages those passages containing words rated offensive. Ingenious formulation of a statement will ensure that its meaning is reversed when the statement is viewed under control of the Cybersitter filter program (information and example by Bennett Haselton on the mailing list fight-censorship@vorlon.mit.edu, message ID: <01IAZF6R8I0I8XKGCV@ctrvax.vanderbilt.edu>).
Procedures and standards for the rating of material by providers or third parties have already been developed for the World Wide Web, with PICS currently being the leading system (Platform for Internet Content Selection). With PICS it is possible to install rating criteria of any definition and any desired resolution. URLs can be rated by the information content providers themselves or by third parties. Common rating criteria include violence, sex or indecent language, with rating systems ranging from digital 0 to 1 scales to systems with very fine ratings. The PICS ratings can be evaluated either by the user's client program (currently supported by the Microsoft Internet Explorer) or on routers while the material is being transferred to the user (this procedure is not being used as yet).
The main problem with manual rating of content is coping with the large number of new or modified pages generated. The operator of the news server www.msnbc.com (a joint venture by NBC and Microsoft) has discontinued the rating of its content by means of the RSACi rating system supported by Microsoft, because the rating of individual contributions was too costly and laborious and PICS rating of all material offered by the server would have prevented minors to access the server (see exchange of letters between Irene Graham, Michael Sims, Stephen Balkam (RSAC rating supervision) and Danielle Bachelder (MSNBC system operation) quoted in <3339dd1a.500215@mail.thehub.com.au> and <199703191314.IAA03203@arutam.inch.com> on the same mailing list).
Another difficulty is that a Web page may differ depending on the characteristics of its request so that rating by means of the PICS system would cause problems. Precisely the pages making use of the interactive component of the Internet could, due to their dynamic generation, remain unrated and would hence no longer be displayed by browsers and search engines of appropriate configuration.
The rating of material by using the PICS system is currently performed by private organizations. The possibilities of raising objections to a certain rating are limited: It is difficult for a netizen to demand correct rating, in particular if the rating organization is located abroad. This difficulty is similar to that encountered by prosecutors trying to punish providers of illegal content originating in a foreign country, but it is completely different in terms of availability of resources and burden of proof. In case of incorrect rating, content providers have to prove that their material is not illegal and they have to overcome the difficulty of asserting their claims outside their own country. Compared with prosecutors, providers of Web pages are on average less well trained and have fewer resources at their disposal.
Rating organizations make their judgements in accordance with the values and cultural criteria common in their own countries. The adoption of foreign ratings for German users therefore causes problems. But since there is no German access software, it is very common to support only foreign rating systems (in particular US systems).
Most rating organizations do not disclose their rating criteria or are very reluctant to do so. Some of them do not even inform content providers about the rating of the material they provided. Complete inventories of all ratings awarded are usually kept secret because it is argued that these lists might be used as catalogues of trash and obscene material. In the case of programs which receive ratings of the Web pages produced by third parties not through online means but have the ratings included as a database installed on the local hard disk, this list is always encrypted and, more often than not, outdated. This means that the users of such software are not aware of the material which they are prevented from accessing.
Meanwhile there are (illegally) decrypted versions of the blocking lists of all producers of rating programs with a static blocking list supplied as a database. An evaluation of blockings has shown that all producers act in line with clear political attitudes or out of personal enmity. Content frequently censored included material provided by women's organizations, information provided on abortion as well as content provided by gay and lesbian groups. It is also common to include in the blocking lists those Web pages which contain criticisms of the producer of the blocking program, disclose the blocking list or oppose any rating. The producers of the Cybersitter program have even adopted a practice which means that people having installed the Cybersitter program can no longer access those pages which mention the names of critics of the Cybersitter program.

How can blocking be achieved?


Blocking can be effected at different levels of Internet communication:
In order to be able to communicate with each other, the two partners communicating need some physical link such as a dedicated line, a telephone line or a radio relay link. One way of blocking such a link, which is normally not practicable, would be to prevent physical communication from taking place, for instance by barring a telephone line or making certain telephone numbers inaccessible, by disconnecting a dedicated line or by inserting a jamming transmitter into a radio relay link. As a result, the victim of blocking is usually deprived of all its means of telecommunication.
Communication within the Internet usually does not use a homogeneous physical link but a link consisting of various elements of different technologies. At the connection points between these elements, there is a router that transfers IP packets from one element to the next. For this process, the operations of the router are controlled by the adresses in the individual IP packets and by its routing tables. The routing tables indicate the direction into which the router has to transmit the packets labeled with a certain destination. The typical service of a provider is selling international connectivity via one or more leased lines to locations abroad for dial-up customers (private customers) or customers with a leased line (business customers). The service provider is not aware of the type of services used by the customer or the requested data.
Blocking can be achieved by interfering with the routing tables of the routers. It is easy, for instance, to discard all packet bound for certain destinations when they arrive at the router ("grounding the route"). This is done by grounding the route. In this way entire computers are made inaccessible: when the DFN-Verein (DFN = Deutsches Forschungsnetz - German Research Network Association) blocked the computer named www.xs4all.nl, the Web pages of more than 6,000 information content providers could no longer be obtained, no mail could be fed into the computer www.xs4all.nl, and all other communication between the DFN-Verein and the computer was interrupted.
In accordance with the TCP/IP protocol, a service is usually selected by indicating a TCP port number. By using this port number, a more selective blocking of a service would be possible. If being given the appropriate configuration, some routers are, for instance, able to prevent TCP traffic for port 80 (HTTP) from reaching a certain destination while permitting traffic on port 25 (mail) destined for the same address.
By using a proxy or other firewall software which have access to the higher levels of the network structure, selective blocking at the level of individual pages or news items can be achieved. For this purpose, however, the firewall software has to be adapted to each service concerned (WWW, news, mail, IRC, etc.). As a rule, the operation of such systems is very cumbersome and costly, because, for the clients using them, they have to simulate full rendering of all services used by the client. It is very difficult to scale up these systems when the number of clients increases. Nevertheless they are being employed by several totalitarian governments, which hope to make it difficult for undesired material to enter their countries: In China, Singapore and the Gulf countries all communication with abroad has to pass through government-operated firewalls.
The blocking of IP addresses and the use of firewalls can, under certain conditions, be combined to reduce the workload of the firewall computer. Rather than grounding the route to a computer that is to be blocked, all routes to the computer to be blocked are directed to a firewall which monitors the services provided by the computer to be blocked. For this combined approach, which has to be adapted to each type of service to be blocked and simulated, technically complex and costly configurations and maintenance are required. First of all there must be a central connection point between the German network to be monitored and the rest of the world. In addition, this technique is a typical "man-in-the-middle" attack: it will fail in the case of highly encrypted communication which is not vulnerable to such attacks.
The adverse effect of filtering mechanisms on computer performance increases as the resolution of blockings is raised and the list of the information sources to be blocked is extended. Systems such as PICS cannot be established efficiently at central points of the network but can only function as decentralized systems.
All blocking procedures discussed so far involve third-party computers to be inserted between the provider of the information to be blocked and the user. The blocking of material either at the information provider's end or at the user's end are also conceivable; this would, however, require cooperation of the provider or the user.
Blocking at the provider's end would mean that the provider does not offer the material to be blocked to anyone or that he offers it to certain persons only. Even if providers are ready to cooperate, offering material only to selected persons will be possible only if providers can reliably identify the user of a piece of information and have decision tables which are flawless and watertight from a legal point of view, enabling them to automatically decide which material to deliver to whom. Today there is not even a rudimentary identification mechanism which would achieve that goal, and no such mechanism is expected to be developed and produced in the foreseeable future. It is impossible in particular to infer the sender's identity or physical residence from the IP address and the computer name: German customers of US online services are identified on the Net as residents of the United States. Almost the same is true of staff members of multinational companies.
Blocking at the user's end would mean that the material offered would have to be rated by using well-defined criteria (e.g. by those of the PICS system) and that users themselves configurate their software in such a way that pages given certain ratings can no longer be requested and received. Cooperation by the provider would be desirable, but is not necessary since rating can be carried out by servers of third parties.

How can blocking be evaded?


For users, the blocking of material is an operating problem. They will try to restore full working power, which means they will try to overcome blocking. Their efforts will be the greater, the more they feel hampered as a result of the blocking.
If the physical communication link is interrupted through blocking, the only solution will be to use a different means of communication: if, for example, a jamming transmitter interrupts the radio relay link, it is still possible to use the telephone network and if a telephone line is barred, a radio relay link will be used..
If certain IP addresses are blocked, there are several possibilities for the user to solve the problem: all of them are aimed at completely avoiding the blocking router (see Ulf Möller: "Internet-Zensur: Routingsperren umgehen"):
  • The user changes his Internet provider; if necessary, he becomes a customer of a provider located abroad. He establishes a telephone connection or a dedicated line to this provider and handles all his communication via this non-blocking provider. He no longer uses the blocking router of the local provider, and consequently blocking no longer bars his way to obtaining the information desired.

    This change of provider in case of blockings takes place automatically if the user is a staff member of a (multinational) company with its own Intranet, which is linked to the Internet at several locations (abroad).
  • The user becomes a customer of a second, non-blocking Internet provider, if necessary a foreign provider. The user establishes a TCP/IP connection to this provider and has his applications handled by the distant computer, if necessary a computer located abroad.

    There are now a number of providers offering such services as a routine matter. The services provided range from individual services (e-mail boxes, e.g. pobox.com, Web services, e.g. geocities.com etc.) to complete exile log-ins (e.g.c2.org.acm.org.xs4all.nl).

    The blocking router of the local provider does not register any communication with the blocked address but only communication with the distant provider. Access to the blocked addresses is effected via the distant provider, that is from behind the blocking router. The blocking caused by the router ceases to have effect.
  • The user becomes a customer of a second, non-blocking Internet provider, if necessary a provider located abroad. The user establishes a mobile IP connection to this provider. This means that his IP packet are packed into other IP packet, are sent to the second Internet provider, are unpacked there and are fed into the Net. If desired, communication with the second provider can be encrypted.

    In Linux the following two commands have to be given for this procedure:
    1. Activating of the tunl0 interface to the distant provider myriad.ml.org
      > ifconfig tunl0 (your.ip.address) pointopoint myriad.ml.org
    2. Establishing a route to www.xs4all.nl via tunl0
      > route add www.xs4all.nl tunl0

      To an observer, the user appears to be a normal customer of the second IP provider. The blocking router of the local provider only registers a connection to the distant, second provider. Hence blocking is without effect: Mobile IP is a routine service for IP providers serving business customers.
The content provider of the information blocked can assist the user by trying himself to evade blocking. When the computer www.xs4all.nl was blocked, the blocked content provider changed the Internet address of his computer every other quarter of an hour. As a result, blockings of individual addresses had no effect; entire parts of networks had to be blocked now, which meant that blocking became even more unspecific, and another side effect was that even more content providers were blocked although they had nothing to do with the target to be blocked.
While the methods for evading blockings that have been discussed above can be applied to any service blocked, the following methods can be used for specific services:

WWW

  1. Automatically changing the address of the page on a server is an approach similar to that of modifying the IP number of a server computer. The automatic blocking of individual pages would thus be evaded, and again the entire computer would have to be blocked. Such general blocking could again be overcome by applying the methods for evading complete blocking.
  2. If there is a search engine for a service which can search all pages of the server material by using certain terms, then an individual page can be obtained virtually under any address, namely by using the terms which help to find a text in the database of the search engine. In this case blocking would have to prevent access to the search engine, too.
  3. The indirect access approach discussed in connection with the mobile IP method can, if modified, be used also for the WWW. By using a distant Web server providing access on behalf of third parties (proxy server), it is possible to request the page desired in an indirect way. Since proxy servers having an intermediate storage are a common tool used to speed up delivery, it is usually easy to find such a third server. The recent censorhip debate has led to the setting-up in Germany and abroad of proxy servers explicitly for evading blockings (there is a proxy server at MIT, for instance, for Chinese nationals wishing to avoid censorship in their own country).
  4. If communication is encrypted (for example by using the SSL support incorporated in all common browsers), a secure channel between the server and the user is created in which real-time understanding is not possible and falsification is not easy. Third parties are not able to identify the pages requested nor the information they contain.

News

  1. Numerous copies of articles posted to the USENET news are available on thousands of servers all over the world. Calls to cancel articles are meanwhile ignored by many of these servers since there have again and again been fake cancellation calls made by saboteurs. The large archives for USENET news (DejaNews and AltaVista) never make any cancellations. By sending a request to an archive, it is usually possible to get access to less recent texts and those which cannot be obtained locally. Like Web pages that can be located by means of search engines (see above), articles can be requested and found not only by indicating their message ID, but also by checking for any key word contained in the article.
  2. During an investigation conducted by prosecutors in Bavaria, Compuserve was called upon to no longer provide access to some newsgroups since the articles from these newsgroups had been found to mostly contain material which is considered illegal in Germany. Users who wish to access and read the articles of these groups now request them directly from other, non-blocking news servers. Also the authors of articles for poorly disseminated newsgroups increasingly tend to post their articles also to other groups that are well disseminated but deal with a completely different topic. For example, when the server www.xs4all.nl was blocked because it had offered the prohibited journal "Radikal, Ausgabe 154", the complete volume of "Radikal" was posted to the newsgroups "de.soc.zensur" (discussion on censorship and monitoring of content) and "de.org.politik.spd" (news group of the virtual local association of the SPD).
  3. Since new newsgroups can be established automatically, poorly disseminated groups are often re-established under new names or notorious newsgroups offer their services under aliases. This is illustrated by the following example: after a German university decided that groups whose name contained the word "sex" should no longer be offered, a group previously called de.talk.sex (a news group on sexuality) has been made available under the alias name de.talk.verkehr for several years.

Other effects of blocking attempts


Any blocking can be overcome by replicating the information blocked. Each copy of the information replicated has to be blocked separately. As a result, the undesired side effects of blocking are multiplied until the costs of blocking exceed its benefit. When www.xs4all.nl was blocked because it had offered the banned volume "Radikal 154", 40 copies of the information blocked appeared within a very short time. However, the pages of the 6,000 content providers which had unintendedly been blocked, too, because of technical reasons were not replicated. Blocking was counterproductive: instead of preventing dissemination, the blocking led to the replication of the blocked information. At the same time many content providers suffered losses as a result of the unintended side effects.
By means of the USENET news network, information can automatically be replicated thousandfold with a minimum effort. That is why the Web pages of the Radikal journal were disseminated in the news after the xs4all had been blocked (the Web pages of the other 6,000 customers of xs4all were not fed into the news).
Because of the protocol design, all communication using the TCP/IP protocol is an individual end-to-end communication between two partners. Even an observer monitoring a piece of information cannot find out whether the information requested is of a private nature (it is possible and - for many users also - necessary to read their private mail through WWW) or whether it is of a public nature. Private as well as public information can even appear together on a Web page. It is doubtful whether monitoring of such communication by unspecific interception (without a judicial decision having been sought) is legal, even if such monitoring is performed by a robot responding to keywords or ratings.
Disclosure of any and all blockings effected is absolutely necessary not only in order to supervise those awarding the ratings, but also in the interest of smooth technical operation of the network. If a huge number of computers or individual pages is blocked, neither the individual operator of a computer nor the individual user will know whether there is a technical defect that can be eliminated or whether some content has been blocked. Reliable error analysis by the operators of networks or individual computers is thus made totally impossible: from the fact that there is some operational problem no reliable conclusion can be drawn as to what action should be taken to solve the problem. On the other hand, blocking lists, if published, of course tend to be misused as catalogues of sexually explicit or violent materials. Blocking could thus be turned into a kind of "quality label". Moreover, disclosed blockings can be overcome automatically by means of programs modified for the purpose.

Modification of the Internet


It is obvious from the above that blocking of material on the Internet with its present characteristics can only be implemented at inacceptable costs and side effects. These findings lead on to the question of how the Internet would have to be modified to permit effective blocking of certain materials.
In principle, firewall systems (employed by companies to protect their network from unauthorized entry from the Internet) provide a suitable approach to achieve effective blocking. The philosophy of allowing through only those data which are explicitly allowed to cross the barrier helps to enforce certain guidelines or codes of conduct.
Similarly, a code of conduct would have to be established for the use of the Internet services, and adherence of users to this code be enforced. This can be ensured by employing the firewall technology as a barrier between users and the Internet or by using proprietary protocols. Some essential requirements of such a code would be: subscribers can only use the network if they identify themselves; services, protocols and data formats have to be authorized before they can be used; the use of cryptographic techniques is prohibited and all activities have to be logged. These rules would ensure that users cannot evade blockings by changing their identity, the protocol or by disguising data.
If we leave aside the question whether such a code of conduct would be compatible with a democracy based on the rule of law, there are still economic and technical reasons against enforcing this kind of guidelines. A network functioning in accordance with such rules would be under centralized control and could be not adapted to changing requirements without spending a tremendous amount of time and money. Pressured by their commercial users, all online services have given up this concept. The administrative overhead of such a solution at the national level would be enormous. Also, any restriction with regard to cryptographic techniques would prejudice the use of the Internet for transmitting sensitive information.
Altogether such a type of Internet could be disastrous for a country's competitiveness. Communication is an economic resource by no means less important than human capital or the transportation infrastructure. On the other hand, China's example has shown that even such a type of Internet would prevent the dissemination of unwanted material only to a limited extent because counter-measures have been devised for any of the measures mentioned above.

Conclusions


Centralized, selective blocking of material on the Internet without side effects cannot be implemented; it would be evaded by users, if necessary, and it would entail high costs (confer Heimo Ponnath: "Pornographie im Internet? Dichtung und Wahrheit (Pornography on the Internet? Facts and fiction)", inside online 2/3 1996). As a result of the operation of global data networks, changes take place with regard to government tasks in the information society. This has been described by Alexander Roßnagel in "Globale Datennetze: Ohnmacht des Staates - Selbstschutz der B=FCrger (Global data networks: Powerless government - self-protection by citizens)", ZRP 1977, Heft 1, 26-30). The "feeling of powerlessness" in our globalized world need not, however, lead governments to surrender in the face of the newly emerging dangers; modern information technologies provide numerous possibilities for citizens to protect themselves. Hence governments should accept the obligation to establish structures "which enable their citizens to safeguard their interests in today's world of networks on their own."
Decentralized control and filtering by users themselves provide a suitable approach for solving the problem. If this approach is to be successful, the ratings awarded by third parties (using the PICS system, for instance) and the rating criteria used must be made transparent. Exemplary filter configurations can be proposed by a large number of interest groups; but users must be in a position to design their own individual configurations or adapt other configurations to their own needs.
Universal rating by a system such as PICS involves more time effort and additional costs. Therefore, a number of providers will not offer universal rating. The rating organizations bear great responsibility because any preliminary rating will influence the opinions of potential users and because deliberately or unintentionally false ratings may cause great damage. For ensuring the protection of minors on the Internet, the approach of labelling material suitable for children by providers on a voluntary basis and displaying such material by means of special "child browsers" similar to the TV children's channel would be by far cheaper and less controversial (see "The Net Labeling Delusion: Protection or Oppression").
Experience in the United States has shown that organizations use the rating tool for pursuing their own political goals while pretending to aim at the protection of minors or to maintain decency standards. However, private organizations must not become responsible for defining moral, ethical and social values. The risk of ratings being misused for other purposes can be reduced by disclosing the rating criteria used as well as all ratings.

Acknowledgements


We are indebted to Hannes Federrath and Andreas Pfitzmann of Dresden Technical University for numerous suggestions and discussions that helped us to write this paper.


The authors


Kristian Köhntopp is a graduated computer scientist (Diplominformatiker) and worked as a free-lance consultant for heterogeneous data networks and computer security and nowadays works as Senior Scalability Engineer for Booking.com.
Marit Hansen is a graduated computer scientist (Diplominformatikerin) She works for the Privacy Commissioner for the state of Schleswig-Holstein and is responsible for new media and information technologies as well as technology assessment.
Martin Seeger is a graduated computer scientist (Diplominformatiker) and one founder of the NetUSE AG, a company dealing with Internet and Intranet technology and the security of heterogeneous computer networks.