Communications of the ACM

data via NDN by leveraging storage on their devices and intermittent connectivity to pass content around, without leaving traces of where the data originated. Any NDN node with access to multiple networks, for example, wireless and wired connections, can bridge those networks by forwarding and/or satisfying Interests, increasing the number of paths data can take to a consumer. 31 Moreover, namespaces can be locally scoped or encrypted, which can render NDN’s data exchange mechanisms and decentralized communication capabilities even more tolerant of disrupted connectivity than IP.

Today, blocking a small number of well-known websites is an effective censorship scheme. 6 Enabling decentralized communication at the lowest layers of the network can allow users to route around censorship, creating positive impacts for free speech. For example, NDN would enable a group of phones at a protest to use data muling—a combination of data storage and direct device-to-device communication in which the phones carry data (and keys) from place to place rather than relying on infrastructure that might be subject to global surveillance. Individually signed packets of a sensitive video, or the keys to verify that video, can be reassembled by any device based on common naming conventions, and verified as being from the same publisher using data signatures. Such peer-to-peer muling can occur in IP networks, but is more complicated at the network and application layers. In addition, NDN content producers could encapsulate or encrypt data names to hide traffic and thwart attempts to block content based on its name.

NDN’s emphasis on data signatures could complicate a social mechanism often relied upon to protect free speech: anonymous content production. Therefore, NDN’s improvements for free speech must be weighed against its challenges to anonymous speech.

Improvements for trust and secur-
ity. NDN requires all data be signed so
that applications can verify the pub-
lisher of received content. In the Io T
scenario, each networked device in a
home would sign content, enabling
applications such as lighting control
or energy monitoring services to ver-
response data exchange. Stored named
data can serve future requests, unlike
destination-specific IP packets. And
because data can be served from any-
where, it must be signed to protect its
provenance and integrity.

An NDN Scenario:
The Internet of Things

A use case that illustrates the possibilities of NDN is the Internet of Things (IoT). The IoT concept envisions every device, and many objects, as network-enabled, context-aware (to varying extents), and often integrated with Web and mobile applications. We introduce this case, which we will draw on throughout the article, to orient readers to the ways in which NDN’s technical changes shape a wide variety of social issues in a realistic application environment.

In an NDN IoT, names provide a richer and more versatile approach to addressing potentially billions of devices across the world, and the architecture’s use of cryptographic signatures for each packet provide a valuable security building block not present in IP. NDN enables the Internet-connected “things,” and the data they create and consume, to be addressed by one or more application-specific names at the network layer, often without requiring further middleware or gateways. 3, 8, 28 For example, a manufacturer-assigned name, such as /local/appliance/ kitchen/toaster/Black&Decker/<serial_ number>, might be used to address a kitchen appliance from another device in the same smart home. That appliance would be configured in this namespace at the factory and respond to Interests in its prefix /local/appliance using a power line or wireless interface. In a simple scenario, other devices in a home (for example, a user’s phone) could issue Interests on a regular basis. Interests for /local/appliance would be used to discover the device when first plugged in; then, its more specific name could be used for direct communication. In this case, NDN enables applications to use the network layer directly to discover nearby devices in these well-known namespaces (for example, /local/appliance), without needing the devices to be connected to the global Internet.

At the same time, they share the same
network layer protocol as all other
NDN Internet applications, providing
opportunities for straightforward in-
tegration with local or global Web ap-
plications, using data signatures and
encryption-based access control for se-
curity. This example in the Io T domain
illustrates that semantic classification
can facilitate discovery of new devices
on a network—from a new lightbulb to a
digital television—using names.

Policy and Social Implications
Of NDN’s Components

By fundamentally altering the concepts used to design networked applications and the components available to build them, a transition from IP to NDN could impact policy issues including free speech, security, privacy, content regulation, and network neutrality. Some changes are difficult to predict because Internet infrastructure purposefully provides adaptable mechanisms and interpretive flexibility. 12 But even during the design stage, we can articulate a few important ways NDN would likely change the nature of Internet interactions. Here, we explore how the NDN architecture could improve free speech; improve trust and security; both improve and challenge privacy; complicate content regulation by governments and industry; and introduce open questions for network neutrality.

Improvements to free speech. As the IoT example illustrates, NDN facilitates the development of environments where local devices can transmit content without reliance upon global infrastructure providers. Data packets can be stored and republished by anyone using any device, expanding the options for data dissemination and enhancing and expanding opportunities for communication and free speech.

Consider a regime with authoritarian tendencies that allows Internet access but constrains what is published. NDN makes it easier than IP to share data via alternative communications paths and opportunistic connectivity (toasters and phones as well as laptops and routers), without global infrastructure or complex intermediate services providing indirection or ano-nymization. Users moving in cars or planes or people with ad hoc wireless on their mobile devices can exchange