Discussion: (3 comments)
Comments are closed.
A public policy blog from AEI
An internet optimized for fast, open, and frictionless transactions allows commerce and communications to occur seamlessly, but allowing everyone to use the internet means that its power can be used for good and bad. As demonstrated in so many recent ransomware attacks, easily deployable email scams have allowed hacking to move to the edge — beyond the core critical infrastructure of internet networks. Cybercriminals can inflict damage on financial institutions, retail stores, consumers, hospitals, and as we’ve seen recently, Hollywood studios.
So it was a surprise to see the Electronic Frontier Foundation and internet engineers, pioneers, and technologists promoting the status quo of the internet in a recent filing in response to the Federal Communications Commission’s notice of proposed rulemaking that aims to repeal the Obama-era net neutrality rules. The filing and its “brief introduction to the internet” ignores the fact that today’s internet still lacks the level of cybersecurity that engineers considered the “fathers of the internet” wish they had put in place 40 years ago. Supporting the Open Internet Order means hindering creating security measures necessary for securing the next generation of internet technologies.
The internet’s architects didn’t deploy security in the design of the original system in part because of the high cost of network computing in the 1980s, and because systems sat on large corporate or academic servers. The network was useful, but cumbersome and expensive to operate — it had natural barriers to entry for criminals. Internet founder David D. Clark has said that: “It’s not that we didn’t think about security . . . We knew that there were untrustworthy people out there, and we thought we could exclude them.” The initial thinking of the internet’s first engineers was that nothing being transmitted was all that interesting or worth stealing, so they didn’t bother adding the weight of security to a technology designed to make data transmission easy. As Virginia Tech historian Janet Abbate put it, “They thought they were building a classroom, and it turned into a bank.” After several decades, three billion people are now putting their most sensitive information online.
As the internet evolved, it became clear that the missing security element was a gating process to keep good and bad traffic apart. Vint Cerf, one of the fathers of the internet, says he wishes encryption had been enabled in the first generation of the Transmission Control Protocol/Internet Protocol (TCP/IP), the basic communication protocol of the internet that he and Bob Kahn created in the 1970s. TCP/IP allows computer networks to connect with each other regardless of the hardware, software, or computer language used on each end. This invention created the baseline for the internet we have today. It also means anyone can push anything onto the network without much stopping it — the internet’s inventors didn’t foresee the malware that would one day move along its networks, nor the Nigerian prince of spam, in the future of e-mail.
The internet has also changed as technology has moved from the “dumb edge” — from the simple telephone that was a receiver of the information processed by a smart network — to a “smart edge” controlled by end users. The individual user now pushes data through a series of networks that were originally designed simply to transmit data between devices. We need to maximize their security potential of the next generation of connected technologies so that they are transmitting information as securely as they choose, rather than the always-in-the-open way of the “old” internet.
It’s important that regulators understand that what was considered to be blocking, throttling, or gating of traffic flow by a network operator in Tim Wu’s 2003 paper (that popularized the concept of net neutrality) may be interpreted differently today. The paper’s statement that “net neutrality requires that the internet be maintained as an open platform, on which network providers treat all content, applications and services equally, without discrimination,” may no longer apply in the same way given current challenges with cybercrime.
Allowing the virtual environment to filter for and block known and dangerous code can be an important part of modern network security. Some recent high-profile cyber incidents were facilitated by attacks on small third parties doing business with the networks of companies such as Home Depot, Target, and JPMorgan Chase. Ransomware is also hitting smaller companies that have few resources to defend their internal computer systems. If these companies can choose to have their computers be part of a larger network security operation run by internet service providers with an extended network security option, they can opt-in to a much stronger cyber shield to secure their data.
When asked about the overreaching goal of the kind of regulation that’s been formulated under the name “net neutrality,” Dave Farber, another key internet pioneer, noted in a recent interview about distinguishing between anticompetitive activities and innovation on the internet that “you don’t want to minimize the ability to innovate.” Consumers want their digital world protected, and should have access to the most efficient and sophisticated security technology available. No network provider should have to design their network security measures with the fear of running afoul of telecommunications regulations. These regulations may have been well-intended, but they no longer fit the realities of the internet of today, or the fast-approaching 5G internet of tomorrow.
Comments are closed.
1789 Massachusetts Avenue, NW, Washington, DC 20036
© 2017 American Enterprise Institute