Challenges for law enforcement and
content regulation. The Internet’s vital
role in cross-border commerce means
it contends with diverse national and
international policies regulating publication and use of content. Content
produced by illegal activities may be restricted (for example, bans on the sale
of Nazi memorabilia in France have
led to restrictions on content listed in
online marketplaces); other forms of
content may have use restrictions designed to guarantee a profit to content
creators. Enforcing publication and
use regulations on content across the
global Internet is a challenging task
in today’s IP Internet. Corporate interests often use the where of IP source
addresses to enforce market-based restrictions on content access via IP geolocation heuristics. Law enforcement
uses a range of tactics—ranging from
IP address tracing to deep packet inspection—to track and prosecute both
producers and consumers of illegal or
pirated content. A transition to NDN
will change the tools needed for tracing individuals and monitoring and
restricting communications, making
current forms of content regulation
more challenging, but also potentially
more equitable.
Complications for law enforcement.
NDN’s emphasis on semantic names
and data signatures may make certain
types of law enforcement easier. For ex-
ample, keys used to sign data provide
strong provenance. In the Io T scenario,
the publisher of critical content might
be traced by matching the key to iden-
tifiable (perhaps registered) devices.
And if clear-text data names reflect
actual content (for example, data pre-
fixed with /local/PIR was known to be
generated by passive infrared security
sensors), network-level packet-sniff-
ing and therefore, network regulation
could become less computationally in-
tensive. On the other hand, encryption
of both NDN names and packet content
could mitigate the risk of packet-sniff-
ing. A social shift toward widespread
data encryption would raise new chal-
lenges for law enforcement. Police
and regulatory regimes have long been
wary of widespread use of encryption,
while developers have resisted provid-
ing back doors for law enforcement to
inspect or wiretap communications.
Encryption would limit the capabili-
users—might not accept comments
sent in packets without verified, real-
world signatures. Namespace owner-
ship records may also reveal publisher
identities, similar to today’s WHOIS
database. Thus, another important
area of NDN research is trust schemes
that provide alternatives to real-world
identity for content authentication.
NDN researchers have explored special routing approaches to preserve
content source anonymity.
17 Content
producers might desire anonymity to
participate in free speech, evade censorship, and experiment with multiple online identities.
25 Unfortunately,
anonymity is also used to evade prosecution for criminal behavior or support mob behavior and hate crimes.
10
Though designing a network architecture to prevent all criminal behavior is
an impossible (and, we believe, undesirable) goal, it is worthwhile to consider the benefits and costs of measures to
increase content producer anonymity
as the project goes forward.
Improvements for content access
control. As mentioned earlier, the NDN
architecture encourages applications
to secure data by encrypting it rather
than relying on channel-based security over which the data flows, as is
currently done through secure sockets layer/transport layer security, (SSL/
TLS), virtual private networks (VPN)s,
and similar schemes on IP networks.
In the IoT example, there is no need
to set up secure connection between
two communicating devices, because
any potentially sensitive data is encrypted by the application. Securing
the data directly should reduce the
impact of now-common perimeter
and channel security compromises,
while still leveraging NDN caching
for group communication.
Once published, encrypted data can
be replicated and hosted in many (po-
tentially hostile) locations, although
only those with access to the right
keys can decrypt the information. In
this way, NDN makes explicit what is
already implicit in schemes like SSL/
TLS: encrypted data in transit can be
sniffed and stored by others. NDN
makes it easier to request a chunk of
someone’s encrypted data (for exam-
ple, by sending Interests for common
namespaces like /local/appliance),
and that encrypted data might be
cached anywhere. Encrypted data may
be widely available for extended peri-
ods of time, increasing the long-term
potential for unauthorized decryp-
tion. Content access control will thus
require careful design and integration
of modern encryption mechanisms
and techniques, such as forwarding
secrecy and long-term encrypted stor-
age. Further, NDN’s integrated use of
cryptography also will require navigat-
ing open challenges such as the com-
putational burden of encryption in
resource-constrained environments
(like the Io T) and the challenges of key
distribution and revocation.
9
Challenges for the right to be forgotten.
As personal data proliferates on the Internet, there is increasing concern that
such data cannot be erased or forgotten. The specter of total accountability
for our past actions is considered unpleasant at best and potentially limiting to social interaction and democracy at worst.
7, 23 International privacy
scholars as well as policymakers in Europe have been paying increased attention to data retention and disposal, or
the “right to be forgotten.”
7, 23, 27 More
recently, California adopted Senate
Bill 568, which requires websites to enable minors to easily remove their own
posts from websites.
IP routers purge data from buffers
as soon as it leaves the routers. That is,
they default toward “forgetting” at the
infrastructure level, with substantial
data retention occurring at the application layer, to support targeted advertising and other purposes. In contrast,
NDN routers default toward remembering at the infrastructure level, via content stores and repos. In IP, parties can
request that publishers remove data
from hosting sites at the edges of the
network. Although copies may proliferate elsewhere on user machines, any
new request to the hosting site will go
unsatisfied. Returning to the Io T example, in NDN, cached copies of data from
baby monitors or mobile devices may
proliferate on routers, repositories, as
well as application-specific stores, and
thus remain accessible to Interests. Architectural support for “forgetting” in
an NDN world will require mitigation
measures, such as time-to-live information in packets, protocols that respect
those limits, and further research into
self-destructing data.