Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

The Council of Elrond

The Council of Elrond

  • Comments 5

A couple of weeks ago, the Financial Times ran an article entitled "Secret War on Web Crooks Revealed."  Here's an excerpt:

The people who run the world's internet systems are a rather secretive bunch.  Three times a year, senior technical officers from companies such as Google, Yahoo, AT&T, Comcast and Verizon meet to discuss ways of stopping the internet from being swamped by rising levels of spam, viruses and hacking attacks by organised criminals. They do not generally like discussing these meetings.  "Some people might get nervous if they knew all the things we talked about," said Michael O'Reirdan, chairman of the Messaging Anti-Abuse Working Group (MAAWG). "It’s our job to make the internet safe, but we don't want to put people off using the web."  They are also worried about being targeted by the cyber-criminals they are trying to thwart.

Indeed, it is a secretive group.  It's kind of like the Stonecutters.  Things are discussed there and the idea is to come to a consensus and make recommendations about how to make the Internet safer and less a haven for (un)common criminals.

Now, not having been to these latest meetings, I don't know for certain what goes on.  But I have been to other, non-MAAWG meetings and I certainly know what goes on there.  I have also been to a lot of cross-group meetings at Microsoft and I'm fairly certain that the types of meetings at Microsoft probably are not too much different than MAAWG.  So allow me to speculate a bit.

MAAWG is attended by hundreds of well-intentioned and well-meaning people.  They want to get rid of the dark evil that are spammers, malvertisers, virus writers, and all of their ilk.  Yet, coming to a consensus on all these things is very difficult.  People from industry have competing interests from people in research groups, or people in government, or people in the IETF or ARIN.  And when people with competing interests try to come to a resolution about how best to proceed, sometimes it can take a while to make any progress.  Of course, MAAWG has made very great strides in mitigating email abuse.

And that brings me to another point.  This past weekend I was watching The Fellowship of the Ring.  I got to the scene in Rivendell after Frodo has brought the ring there, and Elrond calls a meeting with representatives from Gondor, the Elves and the Dwarves.  The Ring is presented to everyone in attendance and there is a general agreement that the Ring must be destroyed because it is so evil.  I view this like MAAWG - everyone in attendance there agrees that spammers are evil and must be stopped (maybe not destroyed).

But at the Council of Elrond, everyone disagrees about the best way to dispose of the ring.  Dwarves don't want Elves to carry the Ring, Elves don't trust Dwarves and the race of Men want to use it as a weapon against the forces of Mordor.  I kind of see this as anti-spam fighters engaging in dubious tactics to shut down spammers (such as breaking into their servers and stealing data or deliberately inflicting sabotage).  Arguments ensue and nobody gets anywhere.  This is kind of like competing solutions and standards fighting it out in the real world, and in the meantime spammers are still sending their payload.

Eventually, Frodo speaks up and announces he will take the ring, though he does not know the way.  Everyone looks at him and though in disbelief, they agree that the ring should go with the Hobbit.  An agreement has been reached.  This is like MAAWG, or CAUCE, or whoever finally agreeing to some standard way of doing things (like DKIM or SPF, or ARF format for reporting abusive mail, and so forth).  Progress is being made and the enemy's progress has been impeded.

Maybe it's not the best analogy, but it's the one that floated into my mind when I watched that scene.

BTW, I'm no Frodo.  I think I identify more with Boromir.

Leave a Comment
  • Please add 3 and 1 and type the answer here:
  • Post
  • No, no, it's a very good analogy, really.  I'm the IETF DKIM working group chair, am about to be the IETF liaison to MAAWG, and have attended MAAWG before... and as I read what you were saying about the LotR stuff I was chuckling and nodding.

    The difference is that not only are <i>you</i> no Frodo, there <i>is</i> no Frodo.  So it's all the council of Elrond without the innocent, likable, believable Hobbits to go with it.

    The good part is that even though at first, every argument starts as you describe, after a bit of chipping away, some side discussions, some mediation and some rumination... these organizations do usually come to consensus on something useful.

  • Thanks, Barry.  I'm glad you can relate.

  • Yep, very apt indeed.  You may be invited to give the next keynote.  *grin*

    In MAAWG's case, when agreement is reached it usually results in a document published on maawg.org; though hard to find in the current site design (boring-looking text links on the lower right), we try to make sure they're easier to understand than the Silmarillion.

  • MAAWG is actually quite well funded and organized as these things go. Your analogy to lotr is insightful. But I think it would be sad if we were to win the battle because then where would us Antispam geeks go for a good time?

  • Very amusing, I have just spent a few minutes trying to associate Board Members with the LOTR characters, I know who I would like to be, but am not sure anyone would agree :) Seriously though, we do achieve results and it is because intelligent, helpful and thoughtful people put in a great deal of work and effort and one thing I always got out of LOTR was that you had to work as a team.

Page 1 of 1 (5 items)