Today, CNN reports that “Hundreds of personal Gmail accounts, including those of some senior U.S. government officials, were hacked as a result of a massive phishing scheme originating from China, Google said Wednesday.”
In an 2009 interview, the director of the Center for Strategic and International Studies, said “In 2007 we probably had our electronic Pearl Harbor. It was an espionage Pearl Harbor. Some unknown foreign power, and honestly, we don’t know who it is, broke into the Department of Defense, to the Department of State, the Department of Commerce, probably the Department of Energy, probably NASA. They broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information.”
Given the structure of the Internet, it is virtually inevitable that someone, either a genius in a garage, or a government sponsored cyber-attack group, is going to shut down millions of computers at once. Or, worse, shut down airports or the power grid. We know it can be done and we know how to do it. All of our designs—all of them—for thermonuclear weapons have already been stolen.
In addition to these sorts of headline events, millions of Internet users experience a daily barrage of spam and pop-ups. Their computers are invaded by viruses and worms. Their identities are hacked and stolen. If you run a server, as I do, it is like the scene in The Matrix where the Sentinel squids attack the Nebuchadnezzar hovercraft. With the right tracking software you can see a continual barrage of bots trying to drill into the server by guessing passwords, scanning for open ports, and looking for bits of code on pages that can be exploited.
The problems with the present structure of the Internet go beyond security. The current architecture makes it difficult and awkward for users to pay for content or for email. Even just a 1¢ charge per email would put almost all spammers out of business. Spammers rely on it being virtually costless to send out several million emails. More importantly, the lack of a micro-payment system makes it extremely difficult for those who create content—especially written content and images—to receive any payments for their work. The result has been the evolution of an advertising-based Internet with “successful” firms being the ones who can capture and exploit the most private information about their “customers.”
It is not unusual to rebuild infrastructure as times change. With greater urban densities, and the consequent risk of fire, wood frame houses were replaced by brick. In the first round of railroad building during the 1840s and 50s, most lines went from west to east, linking towns with seaports along the coast. Because the lines didn’t connect, track standards varied. But, after the US Civil War, north-south trade grew rapidly and the infrastructure was rebuilt with standardized track widths (4′ 8.5″).
Our present Internet was constructed by computer scientists to connect labs and universities together. They were appalled when the opening up of the Internet in 1994-95 led to discussion boards being filled with advertisements for pornography and other off-topic blandishments. The word “spam” was coined to describe this unexpected flood of anonymous communication.The Internet’s designers had no idea it would be used by billions of people all over the world.
The basic architectural error in the Internet is anonymity. It is a mistake of epic proportions. The key problems of the Internet—piracy, viruses, hacking, spam, systematic attacks—can all be traced to anonymity. It makes no more sense for serious people to prefer an anonymous Internet than to prefer that automobile drivers remain anonymous, or that airline passengers travel under false names.
One way to look at the explosive growth of social networking sites is people’s desire to be identified and to interact with others who are identified. And to not be constantly spammed and attacked by anonymous sociopaths. To the extent that companies like Facebook and LinkedIn lose control of this, and subject their users to spam, spurious advertising, and cyber attacks, their utility will shrink sharply.
The second architectural error in the Internet is the lack of a micro-payment system. The use of credit-cards makes each transaction complex and leads companies to work to bind users into monthly-dues arrangements, breaking the open character of the Web. Imagine if there were a simple way to stuff money into an online account and to make small payments of, say 5¢, by pressing the Alt-F12 key. Then a magazine or newspaper could offer a few free pages but ask you to pay a nickel to see more. By keeping the payment small and easy, browsing freedom is maintained. But, by having a payment, the print publishing industry might actually flourish.
Many people will dislike these proposals, seeing free access and anonymity as basic values delivered by the Internet. Free access is a fine thing, but anonymous use of other people’s copyright material is more simply described as theft. The desire for anonymity seems rooted in a fear of Big Brother, the ever-watching figure of the tyranny described in George Orwell’s 1984. My own view is that the protection against tyranny is political vigilance, not anonymity. And, more importantly, the threats against my person and my property are not emanating from “Big Brother.” They are coming from the anonymous sociopaths among us.
Via Email
I think the public has become so used to the Internet being “free” that it may be too late to put the toothpaste back in the tube.
I, for one, think that anonymity is a good thing. The people who are organizing against tyrants in the Middle East could not do it so easily without Internet anonymity.
It might be possible to have a two-mode Internet. The main mode would reject connections except from certified sources. The second mode would be the wild-west where anonymity is preserved. Of course, as Rumelt points out, this comes at the cost of hacking, viruses, and worse.
The architecture of the web is shifting as apps begin to take over from the “open” Internet. A complex ecology of more-or-less walled gardens and free zones is likely to result.
The micro-payment system is pretty doable. Just as GMAIL, Amazon, Apple and a bunch of other companies keep my login information, there could be a basic “content” middleman to allow you to make these very small payments for news content. It sounds like a natural extension of PayPal.
In my view it’s not anonymity per se, but anonymity and privacy together. On the Internet, with appropriate technology, one can be reasonably assured of both anonymity and privacy. Combining anonymity and privacy is always dangerous. When you drive a car, you have privacy in your car (protected in some countries) but not anonymity (license plates). On a city bus you are anonymous but have no privacy. The postal service offers a level of both anonymity (you don’t have to put a return address on a letter) and privacy (protected by law) and a set of rules for what you can and cannot do with the mail. Whenever we see both anonymity and privacy, we usually also see a set of rules. The air travel in the US had too much anonymity and privacy. TSA is working very hard right now to reduce both. The Internet has lots of anonymity and privacy but no rules.
The usefulness of this observation is that we might attack the problem of designing a better internet from two directions: decreasing anonymity and decreasing privacy. Example: if you get an online email account without sufficient documentation, you cannot password protect your email account, but with a higher level of documentation you are allowed private email. Or, like the TSA, we may want to work on both anonymity and privacy at the same time.
In my view, the root cause of the Internet anonymity problem arises from the adoption of NAT in the 1990s to address the exhaustion of Internet (IPv4) addresses coupled with the inherent design assumption of trust by core Internet protocols such as DNS, ICMP, BGP and SMTP . The widespread use of NAT with IPv4 across the Internet today and resultant inability to identify the endpoints of a packet of data traversing the Internet with a person provides impunity for hackers and other cybercriminals. The new Internet addressing protocol known as IPv6 could potentially replace IPv4 and eliminate the need for NAT. Whether it will do so has more to do with socioeconomic barriers to change and leadership than the technology involved.
- Curt Dodds