Interview: Garth Bruen and KnujOn
Posted November 10th, 2008
Garth Bruen is a man on a mission. His crusade: make the internet a safe, orderly place for businesses and consumers. Some might say he has a better chance tilting at windmills. But the man is determined. Touting three degrees – one in criminal justice from Northeastern University College of Criminal Justice, a Masters in public administration from the Suffolk University Sawyer School of Management and a software engineering certificate, also from Northeastern – Garth sees things from a vantage point that few can share. As purveyor of the website KnujOn.com (that’s “no junk” spelled backwards), he has taken up the unenviable task of filtering through all the spam you can send his way. Garth actually wants you to forward spam to his site. From there, he analyzes it and tries to figure out who’s behind it – and how policy can be used to stop it. Garth’s a very passionate man, and he has some pretty strong opinions. But keep your eye on him beyond this interview…he may just represent the future of enforcement on the web.
Namsmash: How would you define Knujon in a nutshell?
Garth Bruen: I would say that Knujon represents the new face of what is missing in the compliance structure on the internet. The internet is a new piece of technology that society is still adapting to and what’s missing from it that seems to exist in every other industry is a compliance structure.
NS: On one hand [Knujon is] sort of journalism, but on the other you’re running your own reports.
GB: Right.
NS: Do you see yourself as an evolving institution or do you intend to take a more journalistic approach? How do view your role exactly?
GB: Well, I mean, the public sends us spam that we process and then we take that and we use it to paint a picture and then we give that information back. We give the filtered information back. People are asking us, the core question is, “Why am I still getting spam?” And to define that question – the question isn’t, “Why is it getting through my filter?” or “Why does my ISP allow it?” but rather, “Why is it there in the first place?” What’s motivating it?” What’s generating it?” People want to know the answer to this. So we take what they send us and then we try and figure it out. And then we try and give them the best answer that we can.
NS: It sounds like you’re a think tank..
GB: I think so. I feel like that we fulfill several roles that are not being met elsewhere. The first one is the fact that people get to send us their junk mail, no questions asked. And they get something back from it. They get information back from it that they’re not getting. If they send it to the Federal Trade Commission – they don’t get anything back. They send it to the SEC, the FBI, their banks – they don’t get anything back. There’s no feedback, it doesn’t exist. The second thing that we’re doing is that we’re actually providing enforcement. We’re actually going after the people who benefit from the junk mail traffic. And that’s not something they’re really getting, except for a few other places, they’re not getting that.
NS: You say ‘enforcement’, yet you’re not sanctioned by any government agency. You’re not like a police department where you have a mandate to enforce rules.
GB: You don’t have to be, because if you read the terms of use policies for most ISP’s and registrars, their own policies dictate that they’re supposed to take sites down that have certain illegal content. ICANN is a quasi-public body. They’re not a police department. They’re not even really a US government agency even though they do have a mandate from the US government. They’re really kind of autonomous. And lots of policies in the public sphere can be handled without being an official government official. For example, if you buy a house, you have to have the house inspected. The inspector does not work for the government. The inspector works for a private contract company. You’re required as a homeowner to find one of these contractors to inspect your house. But the inspector is not a cop.
NS: But is the inspector licensed? In other words, his job would be on the line if he did it wrong, can he lose a license?
GB: Oh, absolutely and you’re getting right to the point. I would love for an internet body to step up to the plate and say, “These particular people have authority to enforce policies on the internet,” and allow me to get a license.
NS: Do you want to evolve into being a fully sanctioned, legitimized, authoritative enforcement agency? It sounds like that’s what your biggest hope would be.
GB: Yeah. And the thing is I don’t want it to be a monopoly. I want there to be competition in this market. I want other people to be able to do this. For example, one of our proposals that we sent off to ICANN last year was to create a registrar certification where they would have to be annually reaccredited. Basically like how you have to have your car inspected every certain number of years. You have to get a new driver’s license every certain number of years. The registrars have been given a lot of power and responsibility. It shouldn’t just be a one-shot deal. You should be able to take a second look at them every once in a while.
NS: So you want to get licensed by – I guess ICANN, right?
GB: Right. As far as the registrars are concerned, that’s where we would probably have to get that from.
NS: Is it your hope that it would create an industry?
GB: Absolutely.
NS: So at the end of the day, how would it work? Let’s say that you do your job, as a housing inspector and you turn in a bad report. You say these guys are not fulfilling their obligations. Who’s actually going to pull the plug? Are you going to expect that ICANN is going to suddenly take action where they haven’t before? Is that the way you foresee the structure?
GB: Basically, we’re kind of doing that now in an unofficial capacity. What we did was rate the worst registrars. ICANN turned around and they sent out enforcement notices to those ten, and they sent breach notices to two of them. [Editor’s note: Garth refers here to Knujon’s recently compiled list of the 10 registrars who have the most spammers as clients] So we’re kind of doing that anyway.
NS: So you’re compelling them to act. You’re making it hard for them to say, “We don’t need to do anything”.
GB: Right.
NS: It seems like you wish it would be a little stronger than that. You’re putting pressure because you’re making it impossible to ignore the elephant in the room via your reports. But there’s a big difference between that and having an infrastructure set up where, here’s your report, somebody takes action. Or, even, you would be in some sort of position to take action.
GB: Right. Obviously there would be a review process and you would review each registrar once a year. And if they kept getting failing grades, let’s say after four years – enough’s enough, you know?
NS: It can be very frustrating to see all these ICANN rules just flouted left and right. Why do you think ICANN doesn’t do its job? What insight do you have on that?
GB: I believe that the folks who pull the strings at ICANN – they see their mission as one of expanding the global network as quickly as possible and reaching as many people as possible. That’s not necessarily a bad thing, but you want to be careful how it’s implemented. Every time that you have an expansion, you want to review it and stand back and see – did you meet all of these requirements? Is it meeting our needs? Is it a beast that we can’t control anymore? What can we do to make it better? ICANN started out with a lot of technicians, people who feel good about their work, feel good about expanding the network across the world, and those are good things. But really, if you’re going to impact the economy as much as the internet has, if you’re going to impact people’s lives, if you’re going to impact society and crime, the policy makers have to come into it.
NS: Do you think that there needs to be a new agency in place or perhaps a sub-agency? Like a police arm of ICANN?
GB: What they have now, it’s a newly created department – it’s called the Registrar Contractual Compliance department. That’s a step in the right direction. There was nobody in that role before, until two years ago. And for a while, it was just a couple of people. Now they’re actually expanding that department, so that’s actually the direction they’re going in.
NS: If ICANN does it for the whole planet, who would ultimately be the authority behind that?. Should United States be in charge when it’s an international thing? Do you have an idea for what the best way to structure that would be?
GB: I don’t necessarily think that the United States should control the whole thing. There is the very fundamental fact that American taxpayers paid for it, the US military sponsored it, and it was developed in US universities. Those are just facts you can’t escape. We’ve kind of loaned this technology to the rest of the world. Does that give us the right to completely and forever tell everybody how it’s supposed to be run? Not necessarily. I think that what we could see are regional or maybe national authorities that would control the internets (sic) beneath them, at least policy-wise.
NS: Do you think it could be handled by the UN?
GB: I’d really have to give it some thought. This would be something very, very complex and it would have to address a lot of critical needs. It would have to address the needs of the consumer not to be abused, the needs of businesses to be able to communicate, and the needs of underrepresented countries in terms of getting access to the internet. For example, most of sub-Saharan Africa has no internet.
NS: Do you think that people who abuse their URL’s should be facing stronger penalties? Do you see it as equating with more serious or traditional crimes?
GB: Well, I think that part of the problem we’re experiencing is that people think for some reason that because something happens on the internet, it’s different and that’s not the case. If I sell you cocaine on the sidewalk, it shouldn’t be any different than if I sell you cocaine across the internet. People think that because they’re doing something through a website, that they’re not subject to any kind of laws, and that’s simply not true. So I really don’t think that there has to be a different way of handling it. Violating my copyright across the street, or violating my copyright on the internet – it’s the same thing. We just have to make sure that the rules are applied consistently.
NS: But like you said, it would very complex to figure out the international aspect.
GB: Yeah, but people do it all the time. There are businesses that are open in many countries. There’s [fast food chains] in Eastern China. It’s not really something we’re not familiar with.
NS: What about the registrars? One of the most recent exceptions to the way ICANN has responded in the past was the Register Fly situation. They lost their license. Do you want to see more of that? Is that the direction we need to go in?
GB: I think that if you’re not complying with your contract, then your contract should be pulled. I don’t necessarily think it’s good for internet, good for the registrars or the consumers for registrars to get shut down all the time. That just disrupts the communication. What I would really like to see is these people making a commitment to clean up their act and a commitment to cooperate with the consumers and a commitment to cooperate with the brand owners.
NS: You’ve mentioned to me before that you think corporations need to enter the fray more forcibly in order to protect their own brands. Can you expand on that?
GB: First of all, there needs to be a serious education effort in the manufacturing world. Let’s say twenty years ago, if you were [a disposable razor company], and somebody was manufacturing fake razor blades in Vietnam, it really wouldn’t impact the market place, really wouldn’t impact the consumer in the United States. Now, it’s no problem – they can ship those razor blades anywhere in the world. And a lot of companies are seeing their market share affected, because of improvements in technology, because of certain international barriers dropping down because of the shipping world really becoming an industry unto itself. It’s different out there. And whereas people would chalk off counterfeiting, brand-jacking and even shrinkage and shoplifting as a loss – they had to accept every year, they had to eat it. They can’t do that anymore because that piece they have to eat is getting bigger. They really need to use the tools that are being developed out there to aggressively protect their brands.
NS: You talk of education. Have you had the opportunity to address this sort of thing, perhaps in seminars?
GB: I haven’t really done a foray into the brand owner’s world. I started off working with the law enforcement folks. Now I’ve been getting more into the policy, the internet body area. The brands will be the next stop. They really do need some help.
NS: It’s very interesting. You’d think they’d be a little more on the ball as they’re losing share.
GB: A lot of these businesses have been running the same way for fifty or a hundred years and now somebody’s telling them, “We actually have to do something about counterfeiting.” And they’re a little slow to react.
NS: Beyond hurting businesses, what do you see as a danger in the lack of compliance?
GB: You could get sued. If somebody is mocking up your product or counterfeiting your product and it hurts somebody or kills somebody, guess who’s going to be liable: the person who owns the brand who didn’t enforce their brand.
NS: How did you get into this space? How did your education and experience drive you into this passion.?
GB: I have three degrees – criminal justice, software engineering and a Masters in public policy. This is really about using technology to automate policy. The criminal justice comes in because I feel the criminal underworld is really driving this problem. I’ve worked for Fleet bank, so I was drawn into that world. I also worked in the Massachusetts State Legislature, so I saw how policy gets started. I’ve worked in private business and I’ve been a professional work flow programmer for ten years. So I really understand how you can take a piece of paper that’s supposed to guide somebody to a process and turns into something that just runs fluidly.
NS: You have a very unique experience to see this issues from all the angles from which it needs to be seen. I don’t know how many people out there are going to be able to match your experience.
GB: I think you have to be in this because this problem has been approached purely form the technical aspects and the solution hasn’t been found yet. People want to deal with it through software and through network administration. There’s a lot more to the problem than technical aspects.
NS: Can you expand on what you said earlier, that this problem is somewhat driven by the underworld? Are you saying that spam is related to organized crime?
GB: Absolutely. If you look at what’s really the volume of spam out there, they’re selling drugs, they’re selling pirated software, they’re selling counterfeit goods. Spammers don’t have warehouses full of fake pills and handbags. They’re being hired, they’re mercenaries. They’re being hired to push a product that’s being built by somebody else.
NS: So I get my [prescription drug] spam, these guys don’t have a warehouse full of [drugs] for me?
GB: No. The person who sent you that and the person who put up the website that deals with it, they were hired by somebody who is the actual drug manufacturer, the counterfeit drug manufacturer.
NS: Are you suggesting that legitimate companies [are] in league with a criminal enterprise that’s basically there to push their names into our inboxes?
GB: No. What I’m telling you is that the middle level distributors and suppliers are the ones who are doing it because they have to buy a certain number of counts from [pharmaceutical manufacturers]. Sometimes they screw up, they buy too much. Or they buy too little, and then they have to fill their orders from somebody else. Sometimes they’ll fill their orders from the grey market.
NS: And on the grey market there are counterfeit pills?
GB; No, on the grey market they’re real pills that are expired and relabeled. They’re pills that were intended for a secondary market. For example, you can get [prescription drugs], or any other medication for much cheaper in certain foreign countries. Because their standard of living is lower, because their income is lower, the drug companies will lower the price. What certain hijackers and distributors will do is they reroute those pills back to the United States. So you’re buying the real thing, but it was intended for somebody in a foreign country.
NS: This sounds very serious. You’re talking about distributors engaging in questionable activities.
GB: Absolutely. There’s a big push of seniors going up to Canada to buy their pills up there because they’re cheaper. Well guess what happens? You get this flood of Americans going up there and there’s nothing left for the Canadians. And there have been cases where the shelves have been stocked with counterfeits. And in certain cases, those counterfeits were supplied by [terrorist groups].
NS: Where are agencies like Interpol or the FBI on this?
GB: Unfortunately, right now, it’s too fragmented. The policy control is driven at the local level. Most pharmacies are overseen by state boards. They’re not directly accountable to the federal government. I mean, the FDA has a lot of purview and pull, they control advertising for prescriptions and things like that. As far as what the local pharmacy is selling, that’s really up to the state board.
NS: This is a very real world connection here. I mean, spam seems to most people to be just annoying.
GB: I can send you article after article explaining how software pirates in Malaysia have placed bounties on counterfeit sniffing dogs in Malaysian ports. I can send you articles that show how [some] counterfeit [pharmaceuticals] – the opiate derivative in those pills come from conflict zones in Afghanistan, Pakistan and Kashmir.
NS: So you’re saying these spammers are helping all sorts of international crime.
GB: Absolutely. They start off in these dangerous third world factories. They get smuggled out. They’re tied to other types of crime to keep these things moving. It’s really a lot worse than people know.
NS: Any final statement?
GB: Keep your eyes open in 2009. Some people are starting to wake up and listen to new ideas on this problem. We may get some real solutions.
NS: What inspires you right now? What are you listening to and reading?
GB: I am half way through Atlas Shrugged by Ayn Rand and I’m listening to some Jazz form Mark Sherman.
Interested in learning more about some of the issues Gath sites above? You can link to the following stories:
Tags: Garth Bruen, Knujon
Posted in Anti-Counterfeiting, Internet Security, Interviews by Miguel Cima
