Danny Hillis has a book. It’s a directory of everyone in the world who had an internet address in 1982, including the names, addresses and telephone numbers. And it was a very thin phonebook. That was the community. It was a tight community where everyone knew and trusted each other.Danny Hillis: Back to the future (of 1994)
Hillis has been a fixture of the tech world (see his TED Talk from 1984 on DNA and its uses). He registered the third domain name in existence: think.com. But he only registered that one, thinking it wouldn’t be nice to take more than he needed. That was the norm of the community. And it wasn’t just a community norm, but something that was built into the protocols of the Internet itself. If you had some extra bandwidth, you would always deliver a message for someone else — From each according to their ability, to each according to their need. (Hillis notes the lovely irony of a communist principle for a system developed during the Cold War by the Defense Department.)
That approach has served very well. But today that sense of community is gone, though the protocols have remained, “as if everyone is a good guy.”
We’ve dealt with it by building firewalls, Virtual Private Networks, and the like. But they’re all built out of the same blocks. (He notes at one point that a modern rocket uses Internet Protocol, IP, to communicate from one end of itself to the other!) Those block assume trust, that each node will make best efforts on behalf of the rest. So if someone does something wrong, it can be catastrophic.
Attacks on the internet itself
There is, says Hillis, lots of talk about defending computers on the internet, but surprisingly little about defending the internet itself. Some recent examples of small-scale problems:
- YouTube was unavailable for all of Asia recently because of a mistake in the way Pakistan tried to censor it.
- All flights in west of the Mississippi were grounded because one router in Salt Lake City had a bug in it.
- Last April, a very large percentage of traffic on the whole internet, including lot of traffic for military installations, got rerouted through China. Hillis says, “China Telecom says it was an honest mistake, and it’s possible that it was. But certainly someone could make a dishonest mistake of that sort if they wanted to.”
- Stuxnet, which took out an Iranian nuclear facility. A facility that “didn’t think of itself as being connected to the internet.” But a virus could still make its way there.
Back in the day, ARPANET once failed completely. One processor thought it could deliver a message in negative time, because of a bug, so every message on the internet started going through that node. The sysadmins could fix it, but only by turning the entire internet off. The entire internet. You couldn’t do that today.
The number of things connected to the internet now is staggering. “When you take off from LAX,” says Hillis, “you don’t think you’re using the Internet. When you pump gas, you don’t think you’re using the Internet. But these systems are using the internet for service functions, for administrative functions.” It is becoming an emergent system. It’s a system we built, but “we’re using it in a very different way. No one really understands all the things it’s being used for right now.” If you hear experts talk about what’s going on, treat it with skepticism. They have an informed opinion, but no one really knows all the ways the internet is being used.
“We’re setting ourselves up for disaster, like we did with the financial system,” warns Hillis. What if there was an effective denial of service attack on the internet? We don’t know what would happen, and we don’t have a Plan B. We don’t have a plan for how to communicate when the Internet is in trouble.
The good news is that it isn’t hard to put in a backup. It can use a lot of the existing infrastructure, and doesn’t have the same performance requirements of the full internet. The trick is convincing people to make it. “It’s hard to get people focused on plan B when Plan A seems to be working so well,” says Hillis. Fortunately, “Of all the problems at this conference, this is probably the very easiest to fix.”
Danny Hillis’ talk is now available for viewing. Watch it here»