A system created to link researchers has grown into part of everyday life. But are its foundations still secure?
By John Naughton | The Guardian
ON THE WEB, 12 January 2013
The strange thing about the Internet is that it went from being something exotic to something mundane almost without us noticing it. As a consequence, our societies have become frighteningly dependent on a system that almost nobody understands, and that nobody — except for techie types — thinks about very much. It has become the electronic plumbing of our world, with the difference that we pay far more attention to our actual plumbing than we do to its virtual counterpart.
In fact we take it for granted. We regard the Internet as having almost magical properties and as essentially limitless. Someone comes up with a bright idea — for example Internet telephony or VoIP, as it’s called — and adds it to the things that the network is expected to do. And the network obliges, with the result that many voice calls are now handled by the network. Same story with e-commerce, streaming media, file-sharing, social networking, web mail, and all the other online services that we now assume to be among the appurtenances of civilised life. We assume that we can continue to add tasks of greater and greater complexity to what the network already does and that it will continue to deliver.
It is extraordinary to think that a network designed to facilitate communication between a few hundred research laboratories and a few hundred researchers could have scaled up to the point where two billion people now use it, and where large swathes of our commercial life depend upon it. In large measure, this is a tribute to the ingenuity of its original architecture. Its designers were faced with a tricky problem: how to design a network that was as future-proof as possible? Their solution was based on two core principles: there should be no central ownership or control; and the network should not be optimised for any particular application. It should be a simple-minded system that essentially did only one thing — take in data packets at one end and do its best to deliver them to their destinations at the other. “Dumb network, smart applications” was the mantra that they used to express the philosophy that all of the ingenuity should be left to those people developing applications at the edges of the network.
These turned out to be very good ideas. They enabled the “organic” growth of the network to happen. And they triggered an explosion of creativity as smart people thought up clever applications that the network could be used for. Some of these applications (for example the web) were beneficial; some (viruses, worms, and malware generally) were destructive. And many (file-sharing) were somewhere in between. The consequence was that, over time, a network that was originally seamless and uncluttered came to be overlaid with a grotesque accumulation of add-ons and patches, to the point where it begins to resemble a baroque excrescence rather than a classical design.
This is beginning to concern some people whose job it is to worry about these things. Some find the baroque complexity of the contemporary Internet offensive on geeky-aesthetic grounds, much as modernists detest the excesses of Victorian architecture. But others — notably one of the original Internet architects, David Clark of MIT — worry that the higgledy-piggledy evolution of the network means that it is now intrinsically fragile and may therefore be prone to catastrophic failure. Sometimes, Clark says, the worst disasters are caused not by sudden events but by slow, incremental processes that humans are good at ignoring. “Things get worse slowly. People adjust. The problem is assigning the correct degree of fear to distant elephants.”
Clark’s fear is that some of those distant elephants are closer than we think. He sees evidence in things like “plunging security” and the network’s decreasing ability to accommodate new technologies. And he thinks that the only way forward is to rethink the architecture of the network from the ground up.
A good many computer scientists have been worrying about this for at least a decade, funded by bodies like the US National Science Foundation, which has put upwards of $300m into the quest for a “new” Internet design incorporating some of the things — such as security and authentication — that the original architects didn’t worry about (partly because they were designing a system for researchers who knew and trusted one another).
It all sounds eminently reasonable, but there are two bluebottles in the ointment. The first is whether or not we are already in too deep — that we are too dependent on the network in its current form to be able to do a root-and-branch reconstruction of it. The second is the concern that a new network architecture, with all its desirable “security” features, might stifle the creativity that the old, open and uncontrolled, network enabled. And if that happened, we really would have thrown out the baby with the bathwater.