The Internet is Beta

Beta is an engineering way of saying “almost done” – the product is good enough to use but it’s not quite finished yet. Google often releases their new products with a cute little “BETA” logo. Gmail, the Google email system used by millions, has been in beta for five years.

Like Gmail, the Internet’s core protocol should also have had a Beta tag on it for an extended time – for the past 41 years to be precise. Generally speaking, it works pretty well, but the founding fathers of the Internet could not have anticipated that the software they were building would ever become what it is now: The infrastructure for all of society.

So it appears today that some major features were left out…but not because the people behind the design made a mistake. When MIT first used packet switching in 1965 to communicate with a remote computer in California (confirming that packet switching works), the furthest thing from anyone’s mind was security, network neutrality, network education, privacy, cyber warfare, and the slurry of problems that challenge both business and individual users of the Internet today.

In 1969, with the original workings of the Internet (ARPANET), security was simple: the network was tiny and users on the computers that were connected to it were trusted researchers. It was an open community. As Vint Cerf, one of the most notable developers of the Internet, was quote in Fatal System Error as saying, “My thought at the time, thirty-five years ago, was not to build an ultra-secure system, because I could not tell if even the basic ideas would work…We never got to do the production engineering.” The focus at the time, sensibly, was on fault tolerance, not security.

Vint Cerf – Photo by Charles Haynes

Now, nearly 41 years later, we read about Internet security issues constantly. The lack of security features in IP (Internet Protocol) has spawned entire industries, with vendors and service providers that are happy to sell you the next generation protect-all, whiz-bang software. If one were to ask a roomful of people in the security industry what they think about the security products, including their own, on the market today – if they think there are real solutions to the problems we all face – their answer would be a unified “NO”. No one thinks we are at the point where we can all just stop worrying about security.

Barack Obama
Courtesy The White House

The disturbing fact is that the engine that enables our modern global economy is based on a really cool experiment that was not designed for security. Risks can be reduced, but the naughty truth is that the ‘Net is not a secure place for business or society.

The role that the Internet plays in our economy places it in the category of a critical resource that the government must protect – just as it does our water supply and the national power grid. A threat to Internet security is a threat to national security. In May 2009, President Obama spoke about this issue and the plan his administration has to address it. He stated that the US is “not as prepared as it should be” to defend against cyber threats and he proposed new “digital infrastructure” initiatives to “ensure that these networks are secure, trustworthy and resilient.”

But can the US Government, or any other governing authority, ever adequately protect and defend the Internet? How can that be done if the Internet Protocol itself was not designed to, in Obama’s words, “deter, prevent, detect, and defend against attacks”?

Given the world economy’s substantial dependence on the Internet, wouldn’t it make sense to create a well-funded think-tank with the brightest minds in society to design a new protocol with a new vision? This time when we start the process, we will have the benefit of 41 years of Internet beta testing and we can rethink the vision to also include things such as:

Security: Transmitting data safely but easily without special software.

Privacy: Balancing anonymity and accountability. Allowing people to communicate freely but ensuring accountability to protect against abuses and criminal activity.

Routing Intelligence: Routing data without neutrality issues and allowing the protocol itself to route traffic based on a myriad of metrics, conditions, agreements, and other factors.

Enculturation and Education: Bringing new people (children, emerging nations, etc) onto the network with a step approach to ensure that they learn about network culture and functionality before they make mistakes.

I don’t think any of us who are involved with cyber security on a professional level can see the Internet as it is today functioning successfully for the next 50 years. I can envision a world of networking much different than today’s. So why not start turning the ship now?