“Father of the Internet” wasn’t thinking about attacks

Last Wednesday night I had the pleasure of attending a live interview with Vinton Cerf, one of the people credited as the “Father of the Internet” for his part in co-designing the networking protocol TCP/IP and the basic architecture of the Internet. He was speaking at City Arts and Lectures in San Francisco, in conjunction with the California Academy of Sciences. Cerf is currently Chief Internet Evangelist for Google and as part of that role he’s an advocate for enabling new applications and devices on the Internet.

Vinton Cert  (Photo by Вени Марковски Veni Markovski)

The evening started with a history lesson as Cerf described the early network ideas in the 1960s. Networks for computers to communicate already existed at this time, but required dedicated circuits. The new idea packet switching - finding  a way to break the information up into small “postcards” of information so that the network connection could be shared among multiple computers. The resulting system was called ARPANet because it was sponsored by the Advanced Research Projects Agency.  But ARPANet still required cables, and the Defense department’s next request was for a network that could also communicate via radio and satellite with ships at sea where a physical cable would not be feasible. Thus work began on TCP/IP, although it took over 10 years from initial design to publication as a standard. The research was sponsored by the Department of Defense in the midst of the Cold War, but was performed in universities, so the researchers wanted to find applications that were civilian-focused and would motivate students to participate in the design. Around 1971, networked electronic mail proved to be a successful application that achieved this goal, and mailing lists such as “Sci Fi lovers” to share science fiction discussions and the “yum yum” restaurant review list soon became popular. However, Cerf pointed out that before the Internet, in the 1860’s the Telegraph performed a similar role and suggested that everyone in the audience read the book “The Victorian Internet” by Tom Standage. During the Q&A at the end of the interview, one of the audience members asked “When you were working on TCP, were you thinking about how it could be attacked?” And Cerf honestly admitted that he wasn’t thinking about it being attacked at all. He said that they thought of lots of failure cases and designed and tested for robustness in the face of all the failure cases. But when it came to being attacked, he admitted that he assumed that because it was being designed for the Defense Department, that it would only be used when all the links were encrypted. By the time that the protocol was being standardized around 1978, it was too late for crypto to be added to the standard. TLS and IPSec were developed later to help address this weakness in TCP/IP. Cerf said that if he could go back in time and convince his younger self to change things about the initial standard, the two things that he’d change were including public key cryptography and using 128 bit addresses for the IPs. As we design systems for the future, Cerf emphasized that the companies designing these applications, devices and systems absolutely have to be concerned about three key areas that matter to the consumers and enterprises that use their products and services: privacy, safety and security.