New Scientist
Saturday, March 10, 2001

Free speech, liberty, pornography

Cyber-revolutionaries are abandoning the Web to build
an anarchic, censorship-free alternative

by Kurt Kleiner

Napster's vision of free music for the masses may be dead and buried, but its spirit lives on, and not just in copycat song swapping services. When the dust settles, Napster will likely be remembered not so much for enabling music piracy as for starting a revolution that changed the way the Internet worked.

Napster is the pioneer of a technology known as peer-to-peer networking, or P2P for short. The core idea of P2P is to allow individual computers to communicate directly over the Internet. By bypassing central servers, the technology promises to transform the way people use the Net. In the process, it could destroy the ability of anyone -- including corporations and governments -- to control what happens in cyberspace.

"The only reason the Internet until now has been relatively censorship-free is that people who would censor the Internet haven't considered it worthwhile", says Ian Clarke, the inventor of a P2P system called Freenet. He and a group of like-minded programmers envision networks that are totally decentralized, impossible to censor, and completely anonymous. In other words, cyber-anarchies.

In technical terms, P2P networks are nothing new. The Internet itself started life as a peer-to-peer system in which university and government mainframes swapped information as equals. Only when the masses began to demand access did the P2P ethos crumble. Private companies started hooking in their big computers and offering connections and online services to modest little PCs. Thus was born the client-server model. Big servers with fast connections and lots of memory hosted the information. Little computers accessed it.

Napster's winning idea was to give P2P to the masses. It figured out that it didn't have to store everything itself. Instead, it acted like a dating agency, bringing music fans -- and their MP3 collections -- together. Napster provided members with an index of all the music stored on other members' computers, and software that enabled them to hook into each other's hard drives. Members could then swap files without the direct involvement of Napster.

Napster was thus able to give its members access to massive amounts of music without having to store a single note itself. That turned out to be hugely popular -- at the last count Napster had 61 million users -- and was also a big legal advantage. It's clear that most of the recordings were being distributed in violation of copyright laws. If Napster had been storing pirated music on its site, it would have been shut down in days. The reason it lasted so long was that it could quite credibly argue that it was an innocent intermediary. If users happened to be trading pirated music it was no more Napster's fault than it's the fault of the postal service if people mail home-taped cassettes to one another.

Napster hadn't just found a way of dodging the copyright lawyers, it had solved a problem plaguing many large networks, especially the Internet. The client-server models they are built on are hierarchies, and like all hierarchies they're great as long as you are near the top. But most small-time users are near the bottom, shackled to an Internet service provider and its rules.

Among the most irksome are those rules imposed by third parties, often backed by lawsuits. Consider the successful campaign the Church of Scientology has waged against its online critics. The tactic is to accuse critics' ISPs of hosting materials copyrighted by the Church. Scientologists have taken ISPs to court and managed to have many of the critical websites removed.

Napster's Achilles' heel was that it retained a trace of the client-server model. Because members were dependent on Napster for software and indexes, record companies had a target to go after. And go after it they did. In December 1999, EMI, BMG, Sony, Warner, Universal, and the Recording Industry Association of America sued Napster for copyright infringement. Although the suit is not yet settled, Napster suffered a terminal blow last month when a US court of appeal ordered it to stop enabling the exchange of copyrighted material. Napster has effectively thrown in the towel and is now trying to find a way of charging for its services so it can pay royalties.

But the P2P pirates aren't about to go away. Napster's success has inspired others, and they're determined to learn from its mistakes.

One such system is Gnutella. Originally developed by a company called Nullsoft, the software was released in March 2000 only to be withdrawn the same day under pressure from Nullsoft's parent, America Online, which was in the process of merging with music and media giant Time Warner. But the cat was out of the bag. Enthusiastic hackers unpicked Nullsoft's code and used it to write versions of their own. Within weeks there were several different but mutually compatible Gnutella knock-offs on the Web. The Gnutella commonwealth was born.

Unlike Napster, Gnutella has no central authority. No one keeps track of users and nobody indexes the files they exchange. Anyone can write software to access the network, and most of what has been written is open source, so anyone can add to it and improve on it. There are now more than a dozen versions available for free, with names like Gnotella, Newtella, Gnut, LimeWire, and ToadNode.

To join the network, you simply download one of these software packages from the Web. This turns your computer into a "servent" -- both a client and a server. Once you've done that you're ready to find some other servents -- their locations are widely publicized on websites and chat rooms -- and make contact with them. The connections are made over the Internet, and all the computers are identified by their Internet Protocol (IP) addresses, the basic numeric addresses that identify computers on the Internet. But Gnutella is not the World Wide Web. Your computer communicates directly with the servents it knows about, and those servents pass messages back and forth to yet more servents, which do the same in an ever-expanding net.

To search for a file, you type in keywords and send them to your immediate neighbours. They search the contents of their hard drives, return the hits to you and forward your request to yet more servents, which repeat the process. A single request can quickly reach thousands of computers.

Gnutella is designed to share any kind of file: images, text, and software, as well as MP3s. Each user decides which files to make available. A lot of pirated material gets passed around, but the decentralized nature of the network means that there's no obvious legal target.

In any case, Gnutella's difficulties right now aren't legal, they're technical. Napster's courtroom problems sent a wave of new file sharers onto the Gnutella network -- suddenly upping the number of people logging on each day by 50,000, according to some estimates -- and the surge in traffic brought the whole thing grinding to a halt. It turned out the network simply didn't "scale" well. The number of requests increased exponentially until it exceeded the capacity of a standard 56K modem. Suddenly, thousands of servents turned into dead ends. The network fragmented into dozens of small, disconnected networks, none of them bigger than about 1200 computers.

True to its roots, Gnutella is dealing with the problem in a decentralized way. Each group of programmers has its own favoured solution. Some push the slowest servents to the edge of the network. Others abandon ideological purity and revive the client-server model, making slow servents connect via a faster node. Whichever fix works best will out.

But even for Gnutella, legal problems are looming. It's true that the system is less centralized than Napster, but that doesn't mean there's nobody to go after. About half of all Gnutella files are provided by just 1 per cent of users, and that 1 per cent present a big, fat target to anyone who wants to start suing for copyright infringement.

See you in court

The organization most likely to start filing lawsuits is the Recording Industry Association of America. "We have not done any enforcement against Gnutella at this point. But that's not going to last long", says Frank Creighton, director of the RIAA's anti-piracy initiative. When the RIAA decides to move, he says, it will probably target that active 1 per cent. Finding out who they are shouldn't be hard because Gnutella servents need to know one another's IP addresses to communicate. Anyone can find out which ISP hosts a particular IP address, and after that a threatening letter or writ can have the user kicked off or force the ISP to reveal a name that can be pursued through the courts.

But there is a P2P network that looks capable of evading the lawyers. Called Freenet, it's a radical system created from the ground up to be anonymous and censorship-proof. Its creator, Ian Clarke, is a free-speech absolutist who feels that today's Internet, despite its freewheeling image, is vulnerable to censorship. And that's dangerous, he says. "If we look back through history we can see repeated examples where censorship and propaganda have been used to manipulate people into permitting, and even participating in, the most terrible acts of barbarism."

Like Gnutella, Freenet uses the Internet as a backbone to send and receive information, and identifies each computer by its IP address. But unlike Gnutella, it covers its tracks whenever information is transferred.

Hooking your computer up to Freenet is similar to joining Gnutella. First you download the software from the Web. Then you contact other Freenet computers, whereupon your computer becomes a Freenet "node". Freenet is made up of thousands of these nodes, and each one can make files available. When you "insert" a file -- say an MP3 -- into Freenet it is encrypted and then copied to several other nodes. Each node knows which documents it holds and also has information about documents stored on a few other nodes. Neighbouring nodes communicate routinely, updating one another on additions to the network. But no single node knows about more than a fraction of the entire network.

How do you get information out of a system like this? As Clarke explains it, the strategy is similar to the way people navigated before maps. Starting out, a group of travellers might have known only to go north. But the closer they got to their goal, the more detailed was the information they got from people they asked, until finally they found someone able to tell them that yes, the minstrel they were looking for lived right around the corner, second hovel on the right.

Before you start a Freenet search, you must know the title of the document you're looking for. How users will do this is still up in the air. One obvious possibility is an index within Freenet itself -- though that raises the question of how to find the index in the first place. Another idea is to post it on the Web, though this may create a juicy legal target. Each document also has a numeric key that is cryptographically linked to the title, and it's this you're actually looking for during a Freenet search.

Let's say you know the key is 123 -- though of course real keys will be a lot more complex than that. Each node, including yours, knows what documents it holds, and also has a list of documents held by a few other nodes. Your computer will look to see if it has document 123. If not, it will look up to see if it knows a node that has document 123. If it doesn't, it contacts the node with the document that comes closest -- maybe document 135. That node might not know where 123 is either, but it knows which node has document 119, so it sends the request there. The idea is that with each request you get closer to the document you really want. When the document is found, it's returned along the request chain (see Diagram, p 35). As the document is returned, each node along the chain makes a copy of it and stores it.

One consequence of this is that the more requests come in for a piece of information, the more copies there will be on the network, and the easier it will be to find. It also means there's no way of telling where the document originally came from. All you know is that you asked a neighbouring node for it, and it fetched the document from somewhere. Conversely, if you receive a request for a file, you have no idea who made it.

The result is a censorship-proof network. If the powers that be request a file from a node they'll get a copy. If they seize that node they'll definitely find a copy. But it would be impossible for them to prove that the file was there before they requested it, so the exercise amounts to entrapment, Clarke says. And because documents are stored in encrypted form, the node's owners can argue truthfully that they had no idea any particular document is held there. What's more, as the act of requesting a document generates new copies, censorship is self-defeating.

Freenet's developers insist that their network won't suffer the same scaling problems as Gnutella. Although they're not sure how many users there are -- the network, after all, is designed not to give away too much about itself -- about 20,000 people have downloaded the software. Simulations show that Freenet won't grind to a halt as it grows bigger.

Not everyone accepts that Freenet is as censorship-proof as Clarke thinks. Creighton reckons he can bring it down by getting the IP addresses of individual nodes, sending letters to ISPs, and taking some users to court, just as he wants to do with Gnutella.

But if Clarke turns out to be correct, Freenet will usher in a different world. No one will be able to stop you downloading free music files from the Internet. You'll be able to criticize the rich and powerful without fear of being silenced or punished. And you'll be able to read whichever spy memoir your government is trying to suppress at the moment.

By the same token, you'll be powerless to stop people from plagiarising your copyrighted work or telling lies about you. Nobody will be able to take down child pornography or stolen nuclear secrets.

Napster set out to give us free music, but it seems to have put us on the road to absolute freedom of speech. If so, the real challenge hasn't even begun.

Further Reading:

Copyright © 2001 by The New Scientist. All Rights Reserved. Reprinted with permission.