Vint Cerf: Why everyone has a role in internet safety


When Computer Weekly spoke to Vint Cerf, father of the internet, in 2013 at the 40th anniversary of TCP/IP, the protocol he co-wrote with Robert Kahn, he spoke about the challenges facing users arising from the globalisation of the internet.

Today is the age of sharing and, as Cerf points out, sharing tools are now very common. But his concern is that social media amplifies everything, both good and bad. He says: “Now we have to tame cyber space.”

The internet has become a global collaboration platform, and it was designed that way, says Cerf. “The whole story is all about sharing – look at Tim Berners-Lee and the worldwide web.”

Cerf says the origins of the internet lie in Arpanet in 1969, motivated by a desire by the US Defense Advanced Research Project Agency to stimulate collaboration between artificial intelligence and computer science researchers across universities. Sharing information broadly and collaboration motivated the development of the internet and, by the1980s, Cerf recalls that 3,000 universities were connected. The US Department of Energy and Nasa wanted connectivity and sponsored the research, he adds.

But although it has been rooted in collaboration, the founding principles of the internet are now under threat. There are ongoing trade disputes between countries such as the spat between China and the US, which, if taken to an extreme, could result in one state closing off internet access. Cerf says: “People are surprised that the internet can be turned off, but if you shut down the underlying transport mechanisms, the net simply does not work.”

The internet may have been born as a platform for global collaboration, but Cerf is worried that it risks being fragmented. Some states, such as Russia and China, are monitoring their internet borders with country firewalls; others, including India, have thrown a switch to turn off the internet, which happened at the end of last year in the Kashmir region, when the state intervened in a bid to curb public unrest.

A need for legislation

In 2019, Cerf spoke about the pacification of cyber space when he gave a talk at Oxford University. He argues that fraud, malware and misinformation are now far too commonplace on the internet. “Immeasurable harm is happening,” he warns. “Many people don’t feel very safe right now. People may not want to use the net at all for fear of harm, and the net will simply collapse.”

Like the major pieces of infrastructure that evolved during the 19th and 20th century, Cerf believes that a legislative framework is now needed. He says: “When roads were improved to carry cars, there were very few rules, but eventually it  became apparent that people need rules.”

He says this tends to happen when policy-makers start to appreciate that people’s behaviour requires management, which leads to legislation. “At some point, there will have to be consequences for bad behaviour on the net,” he says.

But to succeed, Cerf argues that such legislation will require cooperation across international boundaries, in order to track down people who are exhibiting harmful behaviour – and this is not going to be easy.

“It will lead to extremes,” he says. “If you look at the Chinese mechanisms for limiting bad behaviours, they are way off in a direction most US and UK citizens would not want to go. Total anarchy is not very attractive, either. There must be some place in between where behaviour is adequately regulated, so we can feel we are safe.”

Openness and standards

Today, with the internet of things (IoT), Cerf says: “You have many billions of devices interacting with other devices. We are doing billions of experiments with pieces of software that have never seen each other before.”

For Cerf, the only reason these things actually work is thanks to internet standards, which is another form of collaboration. “Standards really help,” he says. “They allow interoperability, even if you haven’t tested a particular combination.”

The architecture of the internet is open, he says, which means that if people don’t like how it works, it can be changed. The protocols are also open, so people can see how they work.

Open encompasses open protocols, open data and open source, and when asked about the significance of open source, Cerf admits he has mixed views. “Open source implementations are open,” he says. “I like that you can see code, and ingest the code. But I worry that people grab open source code and think there are no bugs. Your eyes should be wide open when you use open source. We find bugs that are 20 to 25 years old. People assume they have all been erased already.”

Such bugs lead to security flaws such as Heartbleed, the 2014 bug in the OpenSSL library that wreaked havoc across the internet.

Securing the internet

Looking at how to make the internet safe, Cerf says: “Transparency is our friend – it creates common sense. Safety is a shared responsibility. People have to recognise they are part of the solution to the problem.”

For instance, he says, no one should ever click on an attachment that claims to have come from a friend. Instead, they should email the attachment to the friend directly, asking whether it is legitimate.

For Cerf,  the HTTPS protocol is a very important mechanism for securing communications. He is also a fan of two-factor authentication for securing online banking and is happy to use an authentication device, even if it is not convenient, because it adds a layer of security against fraudsters. But he adds: “I have 300 online accounts and so I need the equivalent of one two-factor authentication device to handle all accounts.”

Cerf doesn’t trust the use of mobile phone as the second factor of authentication. He says: “Mobiles are hackable. The SIM chip can be conned. I have seen server hijacking [attacks] use that technique.”

Security of the internet and web is built on layers, but, as Cerf points out, achieving this is hard because it requires third-party trust. He says that third-party trust is a really tough problem to solve, because there are many certificate authorities, some of which have been compromised.

Cerf is also extremely concerned about IoT security. “They are cheap devices and the manufacturers don’t spend a lot of time on security,” he says. To improve IoT security, Cerf says he would like to see public/private key authentication implemented in IoT connectivity.

Today, internet connectivity involves transmitting photons in optical cables at the speed of light between one point on the planet and another. Looking towards the future of internet technology, one of the most compelling areas of research to emerge is the use of quantum mechanics in data communications.

“The classic use is in quantum key distribution,” says Cerf. “The hottest topic is the quantum relay. The idea is to build a network that allows you to transmit photons that are entangled, so that two different quantum machines that are separate from each other can become entangled, so that the computation can happen concurrently.”

Cerf says the benefit of a quantum relay is that it gets around the difficulties of building bigger quantum machines reliably, which use more qubits. A quantum relay effectively enables quantum computers to scale horizontally, as Cerf explains: “If you can build one quantum machine with enough qubits to do something, what would happen if you then have replicas and pass the quantum state to the other machines, so that you can run them in parallel?”

This is the goal of a quantum relay, he says.

Source link