StopBadware Manifesto

Posted on January 27, 2006 - 10:30 by zittrain

I study the future of the Internet from the perspective of wanting to maintain its “generativityâ€â€”its capacity to produce extraordinary change for the good of the world. A profoundly fortuitous set of historical circumstances has led to an “open†Internet and PC, open in the sense of allowing anyone, anywhere, to produce code— software—and to distribute it costlessly and instantly to the world. Instant messaging, Web browsing, email, Skype—all of these features that are now so embedded in the Net’s fabric started from modest, amateur tinkering. The institutions of .com, .org, and .edu have been engaged in a multi-year free-for-all where cool code is imitated, improved upon, and offered to the far corners of the world. This process even spawns non-PC innovation—like mobile phones that look for Internet connections to lessen the price of a phone call—and non-techie innovation—like the explosion of blogs and wikis that are letting the general citizenry express itself in new and collaborative ways without needing an engineering degree.So while I’m not particularly obsessed with “badware†for its own sake—I manage to keep my computer pretty clean—I am very concerned about a consumer backlash: something that will push the general public into the camp of wanting “locked down†PCs that don’t just run any code from anywhere. is a long-term project designed to (1) explore ways to solve the badware problem, both as a matter of policy (what is and isn’t badware?) and as a matter of tech (how do we avoid it once we know we don’t like it?) and (2) to have the solutions be such that they don’t allow for a new gatekeeper—a single firm that has a “missile battery†that’s so successful at shooting down badware that everyone subscribes, allowing that firm to become a gatekeeper for what will run and what won’t.

Over the long term, I think this means developing tools for the general Internet public to use to give them simple but powerful information they can use about the code they encounter so that they can make an informed decision about it. Imagine a dashboard whose gauges had information such as how many other computers in the world were running the candidate software—and whether their users are on average more or less satisfied with their computers than those who don’t run it. A gauge that showed that a piece of software that was non-existent last week but is now all the rage—that might signal to a cautious computer user that it’s time to wait a bit before running it.

In short, we are a consortium of nonprofit and educational entities supported by a broad base of institutions, including .coms that see the dimension of this problem and realize they can’t take it on alone, chartered to bring to bear legal, policy, and technical analysis, along with common sense, to figure out how to bring this problem under control in a long-term way. We’ll begin by examining some suspect software as a way of trying to produce consensus guidelines, best practices, to clarify just what factors make badware bad. Existing efforts against spyware are nicely complementary to this—and we hope to engage with whomever is eager to work collaboratively on the problem.