Could Cyberwar Cause a Library of Alexandria Event?
Depends on what you mean by "cyberwar."
"The Burning of the Library at Alexandria in 391 AD." Image: Ambrose Dudley
Alexandria, a new blockchain-based startup, is building a decentralized—and, its founders hope, uncensorable—storehouse of knowledge. The goal? To prevent a Library of Alexandria event, in which a critical mass of human knowledge is destroyed in one fell swoop.
"We chose the name...as an homage to the ancient library of Alexandria, because it is known to most people for two reasons," Alexandria founder Devon Read explained. "First, it was a great historical example of a monumental effort to collect as much recorded knowledge and history as possible for the benefit of its people and future generations, and second most of its contents were unfortunately destroyed, a failure made possible by the fact that it was centralized."
But is this really a concern? We don't store information on papyrus scrolls or vellum parchment anymore. Could a Library of Alexandria event happen in our time?
One librarian is worried. Alison Macrina of the Library Freedom Project wrote in an email, "This is ABSOLUTELY a possibility, given how print books are on the decline and ebooks, locked with DRM, have begun to replace them. This presents a whole host of problems: the destruction of digital archiving, as well as censorship, surveillance, and threats to the very existence of libraries."
Unlike the ancient world, she explained, modern libraries exist only because of the first sale doctrine, which permits libraries to buy one copy of a book and lend it as many times as they like, to whomever they like, into perpetuity.
But "this is completely eradicated with ebooks, because not only does it destroy the ownership rights (you're only purchasing a license, you don't own the title), the DRM handcuffs prevent libraries from lending the title as they wish," she wrote.
Ebook borrowing rates in libraries continue to grow, and librarians are increasingly spending their collections budgets on digital copies, not print. But since most library patrons now access these ebooks through one proxy—in the case of libraries, the centralized servers of OverDrive, which holds a near-monopoly on the library ebook market—any data loss or government-compelled censorship would affect all ebooks in question.
"Maybe this kind of mass censorship seems implausible," Macrina wrote, "but what's important is that it's possible in a way that it never has been."
More mundane, but more probable, outcomes worry her as well. "What's more likely… is that the vendor goes out of business," she said. "Or the library could one day no longer afford to pay the yearly fees associated with OverDrive and with the titles themselves. Since these titles are all centralized with OverDrive, that's it; no legacy. The Library of Alexandria, destroyed all over again."
The Alexandria project, Read argues, will be resistant to such pressures, because it is built using a Bitcoin-like decentralized blockchain. By eliminating a central point of failure or control, the risk of a catastrophic failure will be much lower.
But is this a problem that even needs solving? Others aren't convinced the apocalypse is nigh. "Information [in antiquity] was scarce and hard to copy, the opposite of today," security expert Bruce Schneier pointed out in a phone call. "It's a different sort of animal."
"Like ideas, knowledge is tough to kill," Jeremy Gillula, staff technologist at EFF, wrote in an email. "That's especially true on the internet, which seems like it never forgets *anything.* A cyberwar could definitely make knowledge hard to find and distribute, but I don't think it would result in a Library of Alexandria event where a large swath of culturally or scientifically important knowledge is lost for all eternity."
The real threat, he argued, could be overwhelming the signal-to-noise ratio to the point where real knowledge becomes invisible. Information that doesn't appear on the first few pages of Google search results might as well not exist. "With enough resources a nation could ... amplify propaganda and disinformation in order to drown out the truth (or at least make it confusing to figure out what is true and what isn't)," Gillula said.
The Alexandria project hopes to defend against these kind of attacks—plus discourage spam—by using a tiered cost publishing model. "There is no 'approval' process for content to get published to the library," Read wrote in an email, "but there is an actual cost, which we expect will reduce a great deal of spam content. This is a pretty low cost (less than $1, perhaps as low as $0.01), so we don't expect it will get in the way when someone legitimately wants to share a piece of content."
It seems unlikely this would deter a nation-state attacker with a nation-state budget intent on overwhelming Alexandria, however.
UC Berkeley security researcher Nicholas Weaver identified another threat to human knowledge: Preventing a Library of Alexandria event does no good if it becomes impossible to consume that knowledge without political consequence.
"Where I think the danger is lies in the application of censorship and monitoring against internal dissent," he wrote in an email. "NSA style monitoring tools are actually rather easy to buy or construct...It is remarkably easy to pick out the dissenters or (more importantly) the soon-to-be dissenters by their web traffic, know their identity, and then arrange a 'friendly' visit from the local police force for their thoughtcrime."
Macrina made the same point. The ebook vendors, she wrote, "have total access to your library ebook checkout histories, plus where you left off reading in a book, how long you remained on a page, whatever you highlighted or bookmarked—as well as a whole host of other personally identifying information."
In the past, we merely read books, but now, it seems, our books read us in turn.
"DRM ebooks," she warned, "have become part of the surveillant assemblage—the constellation of agencies, tools, and services that spy on all of our digital activities. It threatens our civil liberties, the existence of our libraries, and our intellectual heritage."
Gillula agreed. "In order for DRM to work (on ebooks, video games, or anything), you have to give up control of your computer to another entity, and they can abuse that trust to not only deny you access to certain content, but to spy on you as well."
"What's worse," he added, is that some "providers try to collect data on ebooks that don't have DRM. Last October, Adobe's DRM software (Digital Editions) was caught sending data about ebooks people had on their ereaders back to Adobe—including data about ebooks which had no DRM and which had never even been opened in Digital Editions."
Read is aware of this problem, and said that helping users circumvent monitoring tools to read ebooks—and enjoy other digital media—anonymously is an important part of the Alexandria project, but the specific functionality is still on their todo list. "Multiple coins already exist that integrate Tor," he wrote, "and there are other routes being explored for anonymity, so there are a few options available to pursue when we get there."
But Alexandria's design may possess fundamental security flaws. The project's blockchain stores only a distributed hash table (DHT) that points to the location elsewhere of the published content. "The blockchain is essentially the library index," Read explained.
The problem is, Weaver, "If the original data is tampered with, you can detect it because it no longer matches the hash recorded in the blockchain, but you can't recover the original data using the blockchain."
Which means you'd know your library just burned down, but wouldn't be able to salvage the charred remains.
What mechanism(s) will Alexandria put in place to prevent a determined attacker from censoring content in this manner, or corrupting the blockchain?
"We are working on a process that we think will let us essentially co-opt the activity of Alexandria's user base to do a variety of things designed to lead to a more robust, resilient and very expensive to attack blockchain, but it's in too early of a stage right now to talk about just yet :)," Read wrote.
While Alexandria's goals are noble, it seems more likely the project will be yet another thorn in Hollywood's side. "We want Alexandria to be the decentralized YouTube/iTunes/Spotify," Read wrote. "We'll do what we can to prevent users from sharing pirated material over Alexandria, but underlying censorship resistance is much more important to us."