the network would grow into what it is today.
“We were all in uncharted water, and certainly nobody at ARPA or any of its contractors, including BBN, in 1969 thought that what we were building was going to basically turn into a worldwide commercial thing,” McKenzie says. “We were building the prototype. Surely, another one would come along later that would learn from our mistakes and do things differently.”
He adds: “We might have thought about the bad guys who were trying to break things, but mostly we were just working with a bunch of people who were friendly and not trying to break anything.”
Fork in the Road
There’s ample evidence that security was never a high priority for the pioneers of the modern internet because their network was a closed, though growing, community of trusted users. But that alone doesn’t tell the whole story of how the internet grew and grew without a built-in way to secure the information that passes through it, according to Bradley Fidler, a professor at Stevens Institute of Technology in New Jersey and a historian of the early internet.
“That major dominant narrative that people use to answer this question—it’s not wrong, but it’s incomplete,” Fidler says.
Yes, the ARPANET was a test network that was unexpectedly pushed to be an operational network. But the history that doesn’t get talked about as much, he says, is a parallel networking project underway at the Defense Department that built upon the foundational work done by BBN and others, Fidler notes. The network was designed for the defense and intelligence communities, and as such, it was built to be encrypted.
“For them, the only way it would be useful is if it was secure,” Fidler says.
Design work on an encryption system began in 1973, and it was operational by 1976, according to Fidler. In 1983, the same year the TCP and IP standards were being applied to the civilian internet, the military saw the growing size of the network as a security risk, and it pulled its nodes off the ARPANET. The separate Defense Data Network consisted of unclassified communications on a network called MILNET, plus other networks for classified communications.
Fidler says timing never aligned for the classified advances in network encryption to influence the structure of the soon-to-be-booming civilian internet.
“You had a lot of people doing security work,” he says, “but it wasn’t being applied to the nascent civilian internet.”
Another line of reasoning for why the internet developed without security baked into the protocols comes from the people and politics of its era.
Despite the early internet being a closed community, a major hallmark of the internet’s architecture is openness. That was notably in contrast to the anti-competitive AT&T (NYSE: [[ticker:T]]) telephone system at that time that forcefully forbade innovation and tinkering, says Virginia Tech professor and internet historian Janet Abbate. The tech standards of the emerging internet were collaborative, not commercial or proprietary, she says.
“The phone system ran on centralized control, and they didn’t want you attaching anything to the phone,” Abbate says.
For example, AT&T in the 1940s and 1950s fought to end sales of a device called the Hush-A-Phone that provided some privacy to people using phones, by attaching it to the telephone’s receiver. (One interesting connection: The Hush-A-Phone company in the 1940s turned to a couple of specialists at MIT and Harvard for advice about design improvements and later defending the invention against AT&T. They were Leo Beranek, who would found BBN, and J. C. R. Licklider, who later was a leader at ARPA and helped lay the groundwork for the launch of the ARPANET.)
“A lot of the pre-antitrust history of AT&T is them trying to prevent people from attaching computers or plastic Hush-A-Phones to the phone. The internet is the opposite: Stick whatever you want at the end points, and we’ll move the packets around,” Abbate says. “The internet was responsible for thinking about openness being a default. [It was] the only non-proprietary thing that was going to run on all different systems. That was an important positive legacy.”
To Fidler, the philosophies underpinning the internet come across as a “snapshot of the late 1970s,” with all these elements from the ’90s and early 2000s grafted on. For example, he says the internet protocols that took hold in the US could have been a lot more efficient if access requests were addressed to files, not locations on the web. But using addresses rather than files meant everyone on the network could query any other person on the network, rather than only files they knew existed.
“It became a system where you got free association and free speech,” Fidler says. “The problem is when you take that idealistic liberal approach and inject it into national security and capitalism. It doesn’t always line up the way you want. There are power politics and security concerns that weren’t necessarily reflected in that original vision.”
Building a Smarter Network
Fast forward to the present, and the internet’s stakeholders—from its architects and caretakers, to powerful corporations and individual users around the globe—are faced with tough questions. Does the internet need to be scrapped and replaced? Can it be re-engineered or upgraded? Are we doomed to keep spending billions of dollars each year on information security to continue business as usual? The “arms race” to bolt on more powerful defenses that can keep out the most aggressive and increasingly sophisticated hackers seems like it will never end.
But there’s reason to be optimistic, says Michael Daly, Raytheon’s chief technology officer for cybersecurity and special missions. (If the internet world didn’t seem small already, defense contractor Raytheon (NYSE: [[ticker:RTN]]) bought BBN Technologies in 2009.)
Daly sits on a subcommittee of the National Security Telecommunications Advisory Committee, a mouthful of a governmental body that in 2018 set a 10-year “moonshot” goal to make the internet “safe and secure” for the government and the American people.
“Back when it was the ARPANET, it was a different community of people who built a network for their needs, and we’ve evolved since,” he says. He talks about “relaunching and reinventing” the internet to meet the demands being placed on it today.
The best idea Daly has put forward is an internet that’s sliced up rather than wide open.
“You can’t have everything talking to everything else,” he says. “But in order to do that in the real world, the network is going to have to be a lot smarter than it is now.”
For example, the “smart” thermostat in your home shouldn’t have complete access to the internet, Daly argues. The home’s internet router should restrict the thermostat’s access to the specific cloud server it needs. Much like the University of Colorado conversation about caller ID, the internet should be infused with tools that focus on verification and identification, he says.
Daly’s vision for the internet would transform its activity into a series of authentications that scale based on the situation. For example, I log into a bank’s website; the website certifies that it, in fact, is the website I’m seeking; and I certify that I am the user and account holder I claim to be.
He offers another example: “If I’m surfing the web and posting political ideas, you want that right of assembly and freedom of speech without the repercussions of someone tracing it back to you. It’s not quite anonymity, but it’s close to that.”
Some in tech are considering the potential for blockchain-based systems to enable more secure digital identities and data protection. Others, such as World Wide Web inventor and MIT professor Tim Berners-Lee, have focused on wrestling back control of personal data from tech giants that have amassed immense power and wealth by aggregating and selling user information to advertisers. Berners-Lee co-founded a Boston-area startup, Inrupt, to commercialize applications and services intended to give individual web users more privacy and authority over their data.
For his part, Daly sees 5G mobile internet technology as the best path to enabling some of that transactional security online. The technology is still early and has a lot to prove. But if it works as envisioned, it promises the data transfer speed and low latency needed, as well as built-in capabilities for “network slicing” that Daly sees as essential. He expects 5G’s changes to kick in over the next five years.
“There’s no reason,” he says, “why we couldn’t be significantly stronger in 10 years.”
[Top photo of first Internet Message Processor (IMP) by Flickr user Andrew “FastLizard4” Adams, published via a Creative Commons license. Photo cropped to fit Xconomy publishing system standards.]
