Abstract: Recently, Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud, and The New York Times were knocked out by a botnet driven by the Mirai malware. Mirai is a contemporary case of a more general phenomenon: the illegitimate appropriation of online resources for prestige, economic, and/or political gain. Historically participants in the anti-abuse regime have used reputation indicators to characterize subsets of this illegitimate activity as abuse: any traffic---spam, malware communications, DDOS traffic---that is not explicitly consensual, is abusive. Participants in this regime use decentralized, transnational monitoring to aggregate and vet credible reputation indicators, then redistribute these indicators to participants enforcing anti-abuse norms. This work explains how these reputation indicators have functioned over the course of their evolution within this regime, from products of supposedly “vigilante blacklists” into credible mechanisms based on graduated sanction as a remediative signaling mechanism rather than a punitive sanction. Returning to Mirai, this work concludes by evaluating the potential for this regime to tackle contemporary IoT security challenges. In particular, can the anti-abuse regime discipline a market projected to grow from $900M in 2015 to $3.7B in 2020, or will it need help from conventional authorities?
About the Speaker: Jesse is the 2016-2017 Cybersecurity Fellow at the Center for International Security and Cooperation and holds a PhD in Technology, Management, and Policy from MIT. Jesse focuses on understanding the institutions and political economy of Internet operations vis a vis conventional modes of domestic and inter-state governance mechanisms. This work includes studies on infrastructure resource management and policy, infrastructure security, credible knowledge assessment, and operational epistemic communities’ role informing public policy. Jesse’s dissertation evaluates the common resource management institutions that sustain the integrity and security of the Internet’s numbers and routing system. The dissertation documents how the roles of these institutions, comprising diverse transnational operator communities, managing the complex of physical and information resources supporting the integrity of global Internet connectivity. Concluding analyses narrow the focus from operational authority to the character of political authority in these communities, rooted in the family of consensus processes used to adapt resource policy and institutions apace with Internet growth and development. Jesse is currently working on a number of papers from his dissertation: reputation and security in the numbers and routing system, contrasting consensus as a decision-making process with conventional mechanisms for credible knowledge assessment, and the challenges in comity between substantive-purposive authority in operational institutions with governments’ conventional, formal-legalistic modes of authority. Ongoing work is developing a theory of epistemic constructivism and case work on developing joint capabilities between operational security regimes and law enforcement/national security actors.