Peer to peer technologies, often referred to by geeks and specialists as P2P, are an excellent use of the intersection of a mass-market, low-cost communications system (the internet), the reaching of critical levels of people needed for a wide and common interest in specific content, and small-worlds theory (also known, lovingly by some, as the "Six Degrees of Kevin Bacon" theory). We're heading up to our third generation now - and here's the story so far...
The First Generation
The solution, as most of you know and have seen from the likes of Kazaa, Morpheus, the Gnutella protocol, and the like, is a peer-to-peer system - a decentralised mechanism for any given arbitrary person on the network to request and offer a set of files to the whole of the rest of the network, with some common mechanism for me to know that a file here is the same file as a file there.
The first generation enabled me to download from you, without you knowing me, and without me knowing you, a specific file discovered from the network. Peer-to-peer was point-to-point.
The Second Generation
The second generation improved upon the 'shared identity' of a given file on the network, and offered what is now commonly referred to as 'swarm' downloading - any one given file could be downloaded from any number of offering hosts simultaneously. Each person serving the file can be asked for a part of that file being sent; the person doing the downloading can ensure that he requests all of the pieces of the file necessary to fully reassemble it, and can verify that each piece, as well as the whole, has been downloaded successfully. A great deal of research went into how to represent both a file and all of its possible pieces - thanks to cryptography, we have the fundamental research - all it needed was for a new way to use some existing knowledge from the 80's public key cryptography scene (an area which, rather often, is a study in the mathematics of uniqueness).
Extinction Events: On RIAA Lawsuits
What will differentiate the third generation, coming now, from the previous? Well, I still know who I'm downloading from, it seems, is the answer to that question. We would have all liked, from a pure 'flight of fancy' perspective, for the third generation of peer-to-peer to be something far more robust, far more flashy, more cool. Something spectacular. Instead, the next generation of peer-to-peer is a direct response to the abuse of the RIAA of information gleaned through peer to peer networks.
That's a controversial statement - I accuse, in it, the RIAA of abusing information gleaned through those networks, networks they claim are infringing on their copyrighted information. However, copyright infringement is not criminal - it's infringement. One could argue that the violation of rights going on in P2P networks today show us just how easy it would be for people to develop - and use for marketing or other purposes - knowledge gained through these P2P networks to assist these companies in doing legitimate business... information which, nevertheless, we had intended to be private.
People who use store cards know that everything they purchase through it is being analysed, examined, forecast, speculated, and marketed on. People who use their Tesco card knows that for tesco, every little bit of knowledge helps them eke out more profits out of that bushel of strawberries. (I've just had the sudden realization that nobody here in the UK knows what a bushel is.)
That information you essentially agreed to give them when you accepted the card and began to use it. There was no agreement made for any third party to gain access to and use this information - that's protected by privacy laws.
Now log into Kazaa. Not only does Kazaa get the information, as you agreed to, but in theory, so can every other user of the network. Over time, I can build a profile of systems and users - I can identify people based on how they answer queries, and predict what they will say about other queries if I can figure out exactly what kinds of things you're likely to be sharing. You become, in essence, a bag of information. Obscurity does not make that information any less valuable - and the rise in popularity of the networks brings the value of that information up. When the information becomes valuable enough to spend the money researching, the information is all there for the taking.
Ask the RIAA. They're the first.
Your Internet Service Provider, or ISP, provides you with your Internet address, much in the same way that your phone company provides you with your phone number. And, like a phone company, an ISP knows who is using each Internet address that it gives out. In general, your ISP will keep your identity private. So, though the person sharing Metallica might contact your ISP and ask, "Who is using 113.18.92.15?", your ISP will likely keep its lips sealed. Your ISP will keep its lips sealed unless it is scared, an nothing scares an ISP more than the RIAA (except maybe the FBI and NSA, but so far, these organizations have yet to jump on the anti-file-sharing bandwagon).
Suppose that you are sharing a large collection of your favorite music, and assume that your collection contains more than 1000 songs. Also, suppose that most of the songs in this collection are "owned" by record labels that are represented by the RIAA. When someone searches for "mp3" in your file sharing network, your node returns a lot of results. Now suppose that one of the nodes in the network happens to be owned by the RIAA:
The RIAA performs a search in the network for songs that it cares about. Since RIAA record labels "own" the vast majority of music that is published in throughout the world, we can simplify things by assuming that the RIAA cares about most songs. Thus, the RIAA performs a search for "mp3", and your node returns over 1000 results...
And they're not just doing it through lawsuits - they've also paid people to distribute commercial music through the services, have seeded the networks on various occasions to gauge popularity and determine how propagation takes place, and have even used it to do the kind of marketing profiles which you thought people could only do with a store card.
Not many. Not often. But that's going to change. Or at least, it would have, if it weren't for the fact that the people using P2P every day don't want their technology to become extinct: if the RIAA wins, P2P vanishes tomorrow. Realistically, that's just an unavoidable truth. If every single file in the network is 'protected' via some kind of lock specific to a single user, then that file is, in effect, specific to that user. There IS no inherent benefit to peer-to-peer's second generation advances if the RIAA brings down the content shared on the network back to a first-generation distribution model. Your downloads go from using 100% of your high-speed ADSL bandwidth to the most bandwidth your single download partner can spare.
Generation one revolutionised the way we found things; generation two made it efficient. Generation three, it seems, will protect it, and us.
The Third Generation: Anonymous P2P
There are, at any moment, far more peer to peer networks in operation than you currently associate with P2P. Not just Kazaa. Or Shareazaa. And Morpheus. or BitTorrent. More than the popular ones you see every day - there are probably a hundred or more peer-to-peer networks in operation at any moment, each specialised to its specific tasks, and many of them research platforms on which new kinds of information distribution, new kinds of interconnection, and new models of communication are being developed.
MUTE: A Bug's Life
One of those is MUTE: a system designed in specific to the threat of the RIAA and other similar agencies on the peer-to-peer networks' survivability.
Like a Heisenberg Uncertainty principle for file transfers, it ensures, at all times, that there's never a way for 'the man in the middle' to know both what's in a given file and who that file is destined for at any given point in time. The man in the middle can know what's available on the network, but not who's got it. He can find out who his peers are, but not who, when he asked his peers for the file, actually gave it to him.
Inspired by the way that ants search for and locate food when leaving the colony, the system ensures that requests and data pass through a series of partners; at the internet level, a peer only ever sees the things he's directly connected to, and inside the protocol, the user's privacy is guaranteed by the peer-to-peer system.
Konspire: 'Boob tube' distribution for the 21st Century
The other model, one similarly protected, turns the distribution model on its head. Acknowledging that in certain, er, markets, a small number of people are responsible for the initial distribution of a large amount of content, the konspire[2b] project is, much like BitTorrent, designed to be a broadcast distribution mechanism.
The system works like this: An individual, somewhere, creates a channel; people subscribe to that channel, and the system automatically distributes all content on the channel to everyone who's listening to that channel. It continues to support protecting the identity, but takes a more passive role towards the selection of content - you get everything in the channel. The channel is 'owned', and if you trust the owner, you trust the channel. For everyone downloading... let's say... Smallville episodes, looking for particular series with particular filenames encoded by specific individuals, this essentially automates what you already do manually.
Is it much farther, Papa Smurf?
Not far now. Most of this technology is just around the corner; much of the core research into the how is done, and most of the scalability questions have either been answered already, or are in the process of being answered. These technologies may not be the ones that eventually rise up to usurp the protocols we invisibly use every day, but they're candidate ideas for how tomorrow's networks are going to offer features which are pretty much guaranteed to be identical to the ones you see here: privacy is, once again, the Next Big Thing. It seems to happen every few years to one technology or another, generally in response to abuse.
Stay tuned for another ten years of Catch Me If You Can, Mr. RIAA - the battle isn't over yet. And the more legitimate traffic gets pushed over these networks, the less likely it is that paying customers are going to be willing to use technology that allows the kind of unscrupulous snooping we've seen over the last year. Good riddance to bad rubbish, I say, and may your whole industry collapse around your ears if you can't figure out how to pull your finger out and rethink your distribution models.
We once all talked about how difficult it was to build businesses that depended on people changing their habits, practices, and culture. A great many people have done so - in a way that the RIAA never wanted, wished for, or predicted. It's too late to ask them to change back. How strange that, while most of the rest of any industries of note have been spending the last ten years wishing desperately that they could change people's habits, the only people to really have it happen to them have sat, dumbfounded, unprepared, and incapable.
Now that's what I call justice.
