There has been a lot of talk over the last couple days since John Markoff published his New York Times article asking the world if a new Internet is necessary. I read the article in its entirety a number of times, both backwards, forwards and sideways, and can not for the life of me can not find any compelling reason for architecting a new internet. It seems, Markoff is either smoking crack or has no true understanding of the Internet.
The underlying theme Markoff presents is that of a bleak, exploit-ridden Internet, where the virus writing crime syndicates rule all traffic. Where people are afraid to use the internet for fear of being caught up in the latest phishing scam because they are not educated enough or do not have the proper security tools.
The whole article is alarmist and almost reads like something out of a Philip K. Dick short story. Here is one quote which I almost choked on while reading:
Bad enough that there is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over.
Who are these engineers and security experts that believe Internet security and privacy is so maddeningly elusive that we must do what we preach to our children we should not do except in dire times – start over? I work in the security industry and while I do find the landscape quite precarious, starting over is a far worse prospect.
What a new Internet might look like is still widely debated, but one alternative would, in effect, create a “gated community” where users would give up their anonymity and certain freedoms in return for safety. Today that is already the case for many corporate and government Internet users. As a new and more secure network becomes widely adopted, the current Internet might end up as the bad neighborhood of cyberspace. You would enter at your own risk and keep an eye over your shoulder while you were there.
I do not know about you, but my experience with gated communities is they enact unnecessarily Orwellian policies in the pursuit of safety, ultimately creating avoidable conflict among inhabitants and generally offering a feeling of discomfort more than protection.
But look past the analogy to see what Markoff is suggesting – give up your right to privacy in the name of safety, as if we can not have one without the other. Let me be frank – pornography drives the Internet. Faced with a choice between the two, if people have to give up their privacy in the name of some higher calling of safety, you can rest assured people will not make that choice – pornography and privacy will win any day.
“If you’re looking for a digital Pearl Harbor, we now have the Japanese ships streaming toward us on the horizon,” Rick Wesson, the chief executive of Support Intelligence, a computer consulting firm, said recently.
Shame on Rick Wesson for appealing to our emotion rather than our intellect. As the chief executive of a consulting firm, I would expect him to offer an intelligent explanation rather than one which appeals to people to do something irrational based on a fear of the unknown.
There are plenty of tools available today which are more than capable of protecting the existing Internet. In fact, it is not really the Internet that is in need of protection – it is you and me – ordinary citizens.
Outside of everyday-use tools, education is the number one way to thwart malicious attacks. Just as we were taught to care for our cars to ensure they provide us with lengthy service, our computers need to be thoroughly cared for as well. If you do not periodically change the oil and filters, your car’s performance will dwindle until it no longer functions.
Similarly, our computers at home need to be properly patched with the latest operating system security updates to ensure basic vulnerabilities can not be taken advantage of in the pursuit of malicious attacks. Likewise, lazy system administrators who are unwilling to properly patch their exploit ridden Microsoft Windows servers and workstations need to be held accountable for their lack of actions. The latter is the threat, not the Internet’s existing architecture.
Anyhow, there seems to be a common misconception about the Internet’s architecture. The Internet is not one big network – by definition it is an inter-network, comprised of networks connected to networks, not machines connected to a single network. Just because a virus propagates in one network does not automatically mean it moves everywhere on the Internet. The last time you were infected with a virus, my network remained up and operational and was not impacted.
The idea is to build a new Internet with improved security and the capabilities to support a new generation of not-yet-invented Internet applications, as well as to do some things the current Internet does poorly – such as supporting mobile users.
We do not need to build a new Internet to improve security or add capabilities to support not-yet-invented Internet applications. We merely need to reengineer existing methods to support stronger security while allowing for the very anonymity which allows the Internet to thrive.
The Internet’s current design virtually guarantees anonymity to its users. (As a New Yorker cartoon noted some years ago, “On the Internet, nobody knows that you’re a dog.”) But that anonymity is now the most vexing challenge for law enforcement. An Internet attacker can route a connection through many countries to hide his location, which may be from an account in an Internet cafe purchased with a stolen credit card.
The Internet does not, and will not, continue to exist if our number one concern is law enforcement. Considering the Internet is the first truly cross-border, multi-national “state,” is it absolutely necessary for our concern to be focused on enforcing law? If so, the laws of what country? The United States? United Kingdom? Australia? China? Who?
The focus should be on fixing the broken parts of the operating systems which allow attacks like these to occur. Just as Ford is held accountable when a tire on their vehicle kills thousands of people a year due to bad design, operating system vendors should be held to the same standards.
Why are Microsoft, Apple, Cisco and other companies not held accountable for the huge vulnerabilities in their software which had led to the proliferation of many of the malicious attacks Markoff is discussing? If we held these companies accountable you can rest assured they would not be releasing bug-ridden, extremely exploitable software!
A more secure network is one that would almost certainly offer less anonymity and privacy. That is likely to be the great tradeoff for the designers of the next Internet. One idea, for example, would be to require the equivalent of drivers’ licenses to permit someone to connect to a public computer network. But that runs against the deeply held libertarian ethos of the Internet.
Holding a drivers license has never proven to be an effective means of determining whether someone is capable of driving. Similarly, just because a person may be able to pass an “Internet Licensing” test does not mean they will still adhere to said policies. It just reeks of short-sightedness designed to fix one problem, but which will most assuredly have unintended consequences leading to disaster.
We do not need a new Internet. Plain and simple. It is a stupid idea which should be shelved and never brought to see the light of day. Ever. Again.