A Secure Internet?

Back in 2001 I was the Vice Chairman of the Presidential Commission on the Internet and we published a report entitled The Internet's Coming of Age. Today there is an article in the NY Times bemoaning the lack of security in the Internet.

Having been involved in what the Internet was from 1972 onwards I can say at least until the present that the intent was to have an open network with all of then intelligence on the periphery. This would be totally unlike the old telephone networks with dumb devices on the end and complexity in the middle.

Inherent in this hourglass principle was that the Internet would be simple and the burden would be on the end users to seek whatever services they sought.

The article states:

But while such vulnerabilities are worrisome, equally important — and because of their technical nature, far less widely understood — are the weaknesses that the N.S.A. seems to have built into the very infrastructure of the Internet. The agency’s “upstream collection” capabilities, programs with names like Fairview and Blarney, monitor Internet traffic as it passes through the guts of the system: the cables and routers and switches. 

The concern is that even if consumer software companies like Microsoft and telecommunications companies like AT&T and Verizon stop cooperating with the N.S.A., your online security will remain compromised as long as the agency can still take advantage of weaknesses in the Internet itself. Fortunately, there is something we can do: encourage the development of an “open hardware” movement — an extension of the open-source movement that has led to software products like the Mozilla browser and the Linux operating system. 

Just what this means is confusing. The Internet is open, by definition, design and deployment. The problem is that the service providers are in collusion with others often to use that openness to third party advantages.

The IETF had established various open support options to allow enhancements at the edge. These RFC, Requests for Comments, were the ultimate in open source. There is very little proprietary "stuff" unless one adds it deliberately in a proprietary network.

Frankly the piece in the Times makes no sense. The threats to privacy can be controlled by end to end secure encryption and authentication. They can be made, or at least for a short while. Using a Government approved encryption is an oxymoron, it is not secure, at least not between the sender and the Government. But anyone who knows anything knows that.

One suspects that anyone desiring to be secure may seek secure ways to be secure! They still exist but get more complex in today's world. But creating open source stuff just does not make any sense.