1. For a sketch of such a machine, see Butler Lampson, Microsoft, Powerpoint on Accountability and Freedom 17–18 (Sept. 26, 2005), http://research.microsoft.com/ lampson/slides/accountabilityAndFreedomAbstract.htm.
2. See Dan Griffin, Create Custom Login Experiences with Credential Providers for Windows Vista, MSDN Mag., Jan. 2007, http://msdn.microsoft.com/msdnmag/issues/07/01/ CredentialProviders/?topics /msdnmag/issues/07/01/CredentialProviders (detailing ways in which an organization can customize the Windows Vista logon screen and implement various authentication methods).
3. Some have suggested that the Internet ought to be zoned in a parallel fashion, thereby distinguishing it in an analogous fashion to the scenario involving Red and Green PCs. See Riva Richmond, Software to Spot ‘Phishers’ Irks Small Concerns,Wall St. J., Dec. 19, 2006, at B1, available at http://online.wsj.com/public/article/SB116649577602354 120-5U4Afb0JPeyiOy1H_j3fVTUmfG8_20071218.html (describing a feature in Internet Explorer 7 that turns the Internet address bar green when entering an e-commerce site that Microsoft has certified as legitimate); see also David S. Isenberg, The Internet Experiment Is Not Finished, Von Mag., Mar. 2006, at 64, available at http://www .vonmag-digital.com/vonmag/200603/?pg 66 (suggesting that the red-green divide I outline in this book will be exploited by “control-freak incumbents” seeking to wall off generativity).
4. Cf. David Talbot, The Internet Is Broken—Part 2, Tech. Rev., Dec. 20, 2005, available at http://www.technologyreview.com/printer_friendly_article.aspx?id 16055 (describing “middleman” technologies that authenticate Internet communications by receiving identification information from senders and routing certain attributes of this information on to recipients).
5. See, e.g., Granma’s Rules of POLA, http://www.skyhunter.com/marcs/granmaRules Pola.html (last visited June 1, 2007) (outlining six rules for desktop security based on the Principle of Least Authority); Sudhakar Govindavajhala & Andrew W. Appel, Windows Access Control Demystified 2 ( Jan. 31, 2006) (unpublished manuscript under submission), available at http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf (detailing how the “fine-grained and expressive” character of Windows access control makes it difficult to evaluate the consequences of commercial access-control configurations, which leads to misconfigurations and “privilege-escalation vulnerabilities”); Introduction to Capability Based Security, http://www.skyhunter.com/marcs/capabilityIntro/ index.html (last visited June 1, 2007).
6. See Wikipedia Qatar Ban ‘Temporary,’ BBCNews, Jan. 2, 2007, http://news.bbc.co.uk/ 1/hi/technology/6224677.stm; see also Wikipedia User Page, User talk:82.148.97.69, http://en.wikipedia.org/wiki/User_talk:82.148.97.69 (as of Mar. 23, 2007, 00:10 GMT) (explaining, on the user talk page of an IP address used by many people in Qatar, why the IP address was blocked).
7. SeeWeb Users to ‘Patrol’ US Border, BBCNews, June 2, 2006, http://news.bbc.co.uk/1/ hi/world/americas/5040372.stm.
8. I am a principal investigator of StopBadware.
9. This distributed approach to resolving generative social problems has begun to see greater use and experimentation. One example is the U.S. Department of Homeland Security’s proposed Cell-All program, which would outfit cell phones with sensors for biological and chemical weapons and report “hits” to a central database. See Mimi Hall, Phones Studied as Attack Detector, USA Today, May 3, 2007, http://www.usa today.com / tech / news / techpolicy / 2007-05-03-cellphone-attack-detector_ N.htm?csp 34.
10. See L. Jean Camp & Allan Friedman, Good Neighbors Can Make Good Fences: A Peerto- Peer User Security System (Sept. 24, 2005) (conference paper, presented at Research Conference on Comm’cn, Info. and Internet Pol’y), http://web.si.umich.edu/tprc/ papers /2005/453/tprc_GoodNeighbors.pdf.
11. See Yochai Benkler, The Wealth of Networks 285–87 (2006).
12. Cf. Alasdair MacIntyre, Seven Traits for the Future, 9 Hastings Ctr. Rep. 5, 6–7 (1979) (discussing the importance of “cooperative and rational” planning, celebrating “nonmanipulative relationships,” and describing the ideal society as one in which citizens do not “fence around unpredictability wherever it is to be found”).
13. When done well, community initiatives can serve to mitigate the less egalitarian outcomes which the move toward private policing has caused. See, e.g., Clifford Shearing & Jennifer Wood, Governing Security for Common Goods, 31 Int. J. Soc. L. 205 (2003). However, there are criticisms of such community initiatives. In this view, there need to be structures in place to protect minority views within the communities, otherwise their rights can be trampled.
14. John Perry Barlow, A Declaration of Independence of Cyberspace (Feb. 8, 1996), http:// homes.eff.org/~barlow/Declaration-Final.html.
15. See, e.g., Kevin R. Pinkney, Putting Blame Where Blame Is Due: Software Manufacturer and Customer Liability for Security-Related Software Failure, 13 Alb. L.J. Sci. & Tech. 43, 46 (2002) (arguing that software makers should be liable for exploited security vulnerabilities).
16. In the American legal system, the main reason for this is because the harm from bad software is usually only economic, and liability for a defective product requires some form of physical harm arising from the defect. See Raymond T. Nimmer, The Law of Com- puter Technology § 10:32 (3d ed. 2006).
17. That might be the only remedy owed the consumer, rather than, for example, emotional damages from missing one’s favorite shows. This arises from the difference between damages in contract and tort. See generallyW. Page Keeton, Prosser and Keeton on the Law of Torts 962 (1984).
18. See Wikipedia, Blue Screen of Death, http://en.wikipedia.org/wiki/Blue_screen_of_ death (as of June 1, 2007, 09:30 GMT).
19. See supra Ch. 5, at 119.
20. See Jonathan Zittrain, A History of Online Gatekeeping, 19 Harv. J.L. & Tech. 253 (2006).
21. See David P. Reed et al., Active Networking and End-to-End Arguments, IEEE Network, May/June 1998, at 69–71, available at http://web.mit.edu/Saltzer/www/publications/ endtoend/ANe2ecomment.html.
22. See Marjory S. Blumenthal, End-to-End and Subsequent Paradigms, 2002 L. Rev. M.S.U.-D.C.L. 709, 717 (2002) (remarking that end-to-end arguments “interact with economics, public policy, and advocacy dynamically to shape access to communication and information and to influence innovation”).
23. See infra Ch. 8, note 8.
24. See Jonathan Zittrain, The Generative Internet, 119 Harv. L. Rev. 1974, 1988–89 (2006).
25. See Saul Hansell, Spam Fighters Turn to Identifying Legitimate E-Mail, N.Y. Times, Oct. 6, 2003, at C1 (discussing authentication and other possible solutions for limiting spam); Yakov Shafranovich, 2004: The Year That Promised Email Authentication, Cir- cleID, Dec. 27, 2004, http://www.circleid.com/posts/2004_the_year_that_promised_ email_authentication (discussing various e-mail authentication proposals to limit spam on the receiving end); see also Saul Hansell, 4 Rivals Near Agreement on Ways to Fight Spam, N.Y. Times, June 23, 2004, at C1 (discussing approaches toward authentication proposed by major ISPs).
26. See, e.g., Johannes Ullrich, Internet Service Providers: The Little Man’s Fire- wall (2003), http://www.sans.org/reading_room/special/index.php?id=isp_blocking (providing a case study of traffic filtering by ISPs).
27. See John Markoff, Attack of the Zombie Computers Is a Growing Threat, Experts Say, N.Y. Times, Jan. 7, 2007, § 1, at 1.
28. See Ryan Naraine, Microsoft Says Recovery from Malware Becoming Impossible, eWeek .com, Apr. 4, 2006, http://www.eweek.com/article2/0,1895,1945808,00.asp.
29. See, e.g., StopBadware.org Identifies Companies Hosting Large Numbers of Websites That Can Infect Internet Users with Badware, StopBadware.org, May 3, 2007, http:// stopbadware.org/home/pr_050307 (discussing the top five hosting providers in their clearinghouse and pointing out that while providers were often quick to help Web site owners clean the code, they were unprepared to answer customers’ questions about vulnerabilities that permitted hacks in the first place).
30. See Reinier H. Kraakman, Gatekeepers: The Anatomy of a Third-Party Enforcement Strategy, 2 J.L. Econ. & Org. 61 (1986) (identifying four criteria for the appropriateness of legal intervention: “(1) serious misconduct that practicable penalties cannot deter; (2) missing or inadequate private gatekeeping incentives; (3) gatekeepers who can and will prevent misconduct reliably, regardless of the preferences and market alternatives of wrongdoers; and (4) gatekeepers whom legal rules can induce to detect misconduct at reasonable cost”).
31. Paul Festa, Hotmail Uses Controversial Filter to Fight Spam, CNET News.com, Nov. 9, 1999, http://news.com.com/Hotmail uses controversial filter to fight spam/ 2100-1040_3-232706.html.
32. Id. (“MAPS has used the RBL primarily to pressure server administrators to mend their policies, according to supporters. ‘The RBL is an educational tool for applying pressure more than a technical tool,’ said John Mozena, vice president of CAUCE, which has ties to both Hotmail and MAPS. ‘The wider implementation it has, the more important it becomes, because that increases the number of people your users can’t reach if you’re not playing well with others.’”).
33. See Kieren McCarthy, Anti-Spammers Turn Guns on Each Other,The Register, July 19, 2000, http://www.theregister.co.uk/2000/07/19/antispammers_turn_guns_on_each/.
34. See Class Notes from Matt Anestis, Internet & Society 1999, Class 10: Barbed Wire on the Electronic Frontier: Private Armies & Their Private Weapons, available at http:// cyber.law.harvard.edu/is99/scribes10.html.
35. See Kiri Blakeley, Spam Warfare, Forbes, Sept. 18, 2000, at 230.
36. See Laura Frieder & Jonathan Zittrain, Spam Works: Evidence from Stock Touts, 2007, Berkman Center Research Publication No. 2006-11, available at http://ssrn.com/abstract 920553.
37. The same problem arises when states attempt to compel Internet Service Providers to block faraway content such as child abuse images. The blocks are usually permanently implemented using tools developed in the fight against hackers, and they block IP addresses that can later belong to an entirely innocent party. See Jonathan Zittrain, Internet Points of Control., 44 B.C. L. Rev. 653 (2003).
38. See supra Ch. 3, & text accompanying note 101.
39. For example, one iframe exploit was: [iframe src ”http://isecurepages.net/out.php?s _id 11” width 0 height 0] [/iframe].
40. See Stopbadware.org, Frequently Asked Questions, Questions About Websites That Are the Subject of Google Warnings, http://www.stopbadware.org/home/faq#partnerwarnings- search.
41. Per Chapter 3: Google and StopBadware.org, which collaborate on tracking and eliminating Web server exploits, report hundredfold increases in exploits between August of 2006 and March of 2007. In February of 2007 alone, Google reported that 11,125 servers believed to be infected.
42. By visiting a site like www.webtong.com, which searches WHOIS records lodged by domain name registrants, and typing in a domain name, one can find the contact information a domain owner provided. For example, a search for google.com provided the e-mail address “contact-admin@google.com.” See Search Domain Name Data, http:// www.webtong.com/services/domain/whois.html (last visited May 11, 2007).
43. In an e-mail, the Web site owner stated, “I believe the problem that brought this issue up was on . . . [a] bulletin board that was in .php. . . . We turned off the bulletin board. Someone had hacked us and then installed something that ran an ‘Active X’ something or rather. It would be caught with any standard security software like McAfee. What is unfortunate is that the bulletin board is rarely used at all, no one uses it actually. So we turned it off and killed the links from our website and saved the database of posts for the future. It was fixed within 20 minutes of noticing the Search Engine link re-direct.” E-mail from Web site owner to StopBadware ( Jan. 14, 2007) (on file with the author).
44. A snapshot of the dialog box can be found at Steps for Installing Microsoft AntiSpyware, http://support.moonpoint.com/security/spyware/MS-Antispyware/ms-antispywareinstall. html (last visited Nov. 23, 2007).
45. See, e.g., Sarah Percy, Mercenaries: The History of a Norm in International Re- lations (2007).
46. SeeMarsh v. Ala., 326 U.S. 501 (1946).
47. See, e.g.,Molly Shaffer Van Houweling, Sidewalks, Sewers, and State Action in Cyberspace, http://cyber.law.harvard.edu/is02/readings/stateaction-shaffer-van-houweling.html (last visited Nov. 18, 2007).
48. See FIND, http://www.nets-find.net (last visited Nov, 23, 2007).