Via boingboing and smartmobs comes this gem on bluejacking. In a nutshell, this is a perversion of Bluetooth, spamming people in your physical proximity with random unsolicited messages. Read it. It's quite funny, in a juvenile way.
This shows a lack of forethought and insight by the developers of Bluetooth. As I wrote last week, identity collateral is an important part of any open communication system that is going to socially scale. You need to be at risk of losing something if you abuse the system. Bluetooth lacks that.
I can imagine an evil business opportunity. I set up my PC with a Bluetooth card in an office above the entrance to a heavily-trafficed Tube station in London, for example. Every passer-by with a Bluetooth phone gets a spam - thousands of them. Might just be a simple message, might have a URL of a website to visit. As Bluetooth becomes pervasive, so does my spam - and you can't avoid it without turning your phone off.
How could you have built identity collateral into Bluetooth? Well, it's tricky, because you have no guarantee that the device is attached to any sort of service contract or provider -- so there's nobody to complain to to de-provision the device if it is abused. Blacklisting the device after being spammed isn't going to help you, particularly if there's no trusted serial number to rely on (just a user-assigned device name) and no means of sharing your blocking preferences with the as-yet unspammed.
(I've skimmed the Bluetooth spec and there's nothing I can see in the link layer spec that helps; the Universally Unique Identifiers don't cut it either. If I'm committing a gross libel of the Bluetooth authors, please let me know.)
One approach would be the "end-to-end" distributed way: just like with email, put a Bayesian filter into every handset to guess whether to accept incoming messages. Not the obvious way of best using limited memory capacity on a handset. Some form of identity collateral by proxy is possible: the sender must send a digitally signed (by a service provider) phone number or handset ID in the message. If you get spam, then someone's phone service gets cut off. (Without the certification, you could give anyone's number.)
In fact, this highlights a non-obvious feature of telephone numbers. Unlike domain names, only registered service providers can ask for one. The artificial scarcity means that they are only rented out as part of a commercial relationship. The minimum cost of getting such an identifier is buying a pre-paid handset. (Post-paid handsets require a credit check and thus verified personal identity, limiting abuse to one per person per service provider.) Abuse isn't economically worth it.
The telco business model lesson? There is potentially money in making communications systems socially scale. Handset vendors don't even think about the operational abuses that their technology can be put to, whereas for telcos dealing with these customer care issues is (or ought to be) second nature. As with the Liberty Alliance spec, the operational issues of trust and identity have turned out to be much more complex than the technology issues. There's a danger of throwing the baby out with the bath water if we try to build naive replacements for the PSTN on open networks - be they the Internet or the Sidewalknet.
Appeal to readership: I know the concept of identity collateral is not an original Martin thought -- but I can't remember whose blog I found the idea on, and can't discover it in Google. Post me the reference, I'll update the entry.
Posted by Martin Geddes at 4:51 PMTrackBack URL for this entry:
http://www.telepocalypse.net/cgi-sys/cgiwrap/mgeddes/MT/mt-tb.cgi/42