Today’s New York Times features an article by John Markoff outlining the history of Internet security and plans to build a new, more secure global data network.
From the article:
[T]here is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over.
What a new Internet might look like is still widely debated, but one alternative would, in effect, create a “gated community” where users would give up their anonymity and certain freedoms in return for safety. Today that is already the case for many corporate and government Internet users. As a new and more secure network becomes widely adopted, the current Internet might end up as the bad neighborhood of cyberspace. You would enter at your own risk and keep an eye over your shoulder while you were there.
“Unless we’re willing to rethink today’s Internet,” says Nick McKeown, a Stanford engineer involved in building a new Internet, “we’re just waiting for a series of public catastrophes.”
Can we do it?
If by “do it” you mean create a more secure system, then the answer is probably “yes.” Markoff alludes to a network that would be more ’secure’ and ‘private’ while sacrificing ‘anonymity’ and ‘freedoms’ - an interesting, if not strictly consonant, combination of goals. Less anonymity, but more privacy? Explain that one to me. On the other hand, unless you really know what you’re doing anonymity isn’t possible anyway (just ask the kid who hacked Sarah Palin’s email account), so maybe this point is moot.
Should we do it?
Gruber says no. I say maybe. Clearly, security is a concern. Markoff’s piece makes this point effectively, so I won’t rehearse the facts here beyond saying that things like Conficker are out there and are difficult or impossible to deal with under the current paradigm through any mechanism more organized and proactive than panicked reaction and software updates.
I have two questions on this:
First, what makes us believe that it wouldn’t be just as possible to circumvent whatever the new system turns out to be? To be sure, this system will be ‘different from the ground up,’ but like any human system (digital or otherwise) it seems unlikely to be totally secure. Smart, unscrupulous people will figure out ways to do what they want to do, and though improved security might keep out most of the small-time players, the really catastrophic breaches will continue.
Second, at what price do we buy this (imperfect) security? Talk all you like about “anonymity” and all the rest of it, but at the end of the day I doubt there will be much improvement over the current state of affairs. Your usage information will be stored somewhere, and it will be available to people you don’t want to see it. Those with enough savvy and motivation will find workarounds, and most of the really damaging activity will be perpetrated by individuals like this in any case.
Will we do it?
I’m of two minds on this. Part of me wants to say we won’t do it, because the expense and inconvenience up front will be tremendous. At the very least, it will be tough to muster the political and financial will in the foreseeable future in the absence of a truly devastating malicious attack. As long as the current system is limping along (functioning fine, as most people will see it), why bother fixing it?
Another part of me realizes that tremendous financial incentives exist here for some very powerful parties. The opportunity to get in on the ground floor of a new global information network must be enormously tempting for a number of retailers, political groups, and others who would stand to profit from a properly (or rather, improperly) structured network. Faster data speeds or special information access for commercial transactions? For official government business? For law enforcement? The political wrangling over the shape of a new data infrastructure would be long and bitterly fought, indeed.
Ultimately, I suspect we’ll probably end up doing something, and mishandling it rather badly. The really interesting question will be whether the current system eventually gets disconnected and killed, or whether it remains Markoff’s “bad neighborhood” forever. If it does, it will most likely render impotent any attempts to curb Internet piracy and other undesirable activities.
Tagged: anonymity, data, freedoms, gruber, internet, john markoff, network, new york times, security
No Trackbacks
You can leave a trackback using this URL: http://www.evanmix.com/2009/02/15/ny-times-do-we-need-a-new-internet/trackback/
2 Comments
I read a tech report recently that basically attributed most security breaches to 25 programming errors. Maybe instead of starting over, programmers could begin correcting those mistakes and building better software. Just a thought.
Your point is well taken. Better programming can, and should, be a priority. On the other hand, by the nature of the process, there will probably always be more bad programmers out there releasing stuff than good ones. A lot of the biggest security problems arise from major companies like Microsoft, and if they can’t even release secure stuff, who else can? Not that I think a “new Internet” is the answer either.
For reference, the report in question (from the SANS Institute) is available here, and an interview with the guy behind it is available here.