V1.1 – 19 Oct 2018
Vinton G. Cerf
The Pacification of Cyberspace
Computers have been a part of our environment for about 80 years, emerging in the late 1930s and early 1940s in relatively modern form. Networks of time-shared computers began forming in the 1960s and 1970s, accelerating during the 1980s and 1990s in the form of the Internet, and then exploding as the World Wide Web took shape over the Internet substrate in the 1990s.
Concurrently, programmable devices got smaller, cheaper, and more portable, leading to desktop, laptop, tablet, and smartphone products. We now anticipate the arrival of billions of additional programmable and networked devices variously labeled as the “Internet of Things” or “Cyber-Physical Systems.” The aggregation of all of these devices is often referred to as “cyberspace”, a term borrowed from William Gibson’s 1982 short story, Burning Chrome. In an age of instant access to information, and our ability to propagate information globally with the click of a mouse, we are experiencing a global, digital Wild West. Everyone equipped can fire their .45 caliber digital weapons at any target with very little consequence. The metaphorical equivalent of digital Stage Coaches can be hijacked at will and digital gangs roam with impunity. The question before us is how to pacify this relatively lawless environment while preserving the utility of its openness to creative innovation and technological revolution. The global scope of the Internet highlights the need for international cooperation to achieve safety, security, privacy, reliability, and utility for the billions of users now online (about 3.8 billion) and the billions still to come. This is the topic of this Romanes Lecture.
Computers have been a part of our environment for about 80 years, emerging in the late 1930s and early 1940s in relatively modern form. Calculating engines of various kinds have a much longer history, going back to the abacus, slide rule, mechanical calculators, Charles Babbage’s Difference and Analytical Engines and analog computers. I find it useful, however, to associate the term “cyberspace” with networks of computers. We borrowed this term from William Gibson’s 1982 short story, Burning Chrome [it was also used in his more well-known 1984 Neuromancer novel]. Automatic message switching (AUTODIN) was introduced for U.S. military use in the mid-late 1950s along with the Semi-Automated Ground Environment (SAGE)
computer network used for radar target tracking. Time-sharing of mainframe computers arrived in the early 1960s and networking of these emerged in the mid-late 1960s with the development of packet switching and the arrival of the ARPANET in the US and the National Physical Laboratory Network in the UK. There ensued subsequent rapid proliferation in the 1970s and 1980s with networks and services such as TELENET, TYMNET, COMPUSERVE, GENIE, PRODIGY, UK Packet Stream Service (PSS), Canada’s DATAPAC, France’s TRANSPAC among others.
In the early 1980s, the Internet was put into operation after a decade of research. Its technology was rapidly adopted by the research and academic community. In the US, the National Science Foundation built the NSFNET. The Department of Energy built the Energy Sciences Network (ESNET) and NASA built the NASA Science Internet. University campuses were quickly networked using the Ethernet technology developed in 1973 at Xerox PARC and connected to the NSFNET through intermediate level networks implementing the Internet protocols. In the 1980s, The European academic and research communities variously implemented the competing Open Systems Interconnection (OSI) network protocols and the Internet’s Transmission Control and Internet Protocols (TCP/IP), eventually settling on the latter. At CERN in Geneva, the World Wide Web emerged in 1991 to become one of the most popular applications and platforms on the Internet.
During the 1990s, we experienced the enormous impact of the World Wide Web. Hundreds of millions of users suddenly found it easy to share their information with other Internet users by means of the World Wide Web’s standard formats and protocols – and share they did! Millions of websites were created. Browsers were built to “surf the Web” including MOSAIC, Netscape Navigator, Internet Explorer, Chrome, Spyglass, Opera, and Mozilla. So much information flowed into the Internet that search engines were invented to find content. Building on the concepts of pre-WWW search tools such as ARCHIE, VERONICA, JUGHEAD, GOPHER, and WAIS, Web-based search engines soon arrived such as Alta-Vista, YAHOO!, Google, and later, Baidu, Yandex, and Bing. Over time, new user applications came and some went, including MYSPACE, Geocities, weblogs (“blogs”), Facebook, Google+, Google Earth, Instagram, Snapchat, Twitter, WeChat, Amazon, Alibaba, PayPal, eBay, Skype, FaceTime, Webex, GoToMeeting, Hangouts, and Meetup. Apologies if I missed your favorite application. Underlying many of these systems are so-called “Cloud Services” such as the Google Cloud Platform, Amazon Web Services, Microsoft Azure, among others.
In the 1990s, the publicly accessible Internet was largely a dial-up environment with capacities measured in tens of kilobits per second. In the US there were over 8,000 dial-up Internet access providers. As the turn of the century arrived, broadband technology, in the form of cable modems, digital subscriber loops, and optical fiber modems, led to increasing use of the Internet for real-time streaming of audio and video and interactive video conferencing. Online gaming replaced local video and arcade games allowing millions to participate in multi-party extravaganzas. Access speeds up to a gigabit per second have become commonplace. In this same timeframe, but especially after the introduction of Apple’s iPhone in 2007, mobile bandwidths have also increased to many megabits per second with more to come. In just a decade or so, smartphones have become nearly ubiquitous, with more smartphones in use than people on the planet. While the penetration is not 100% (many people have more than one), it is fair to say that smartphones have led to 50% penetration of Internet access worldwide this year. A similar acceleration in the number and speed of Wireless Fidelity (“Wi-Fi”) access points around the world is making Internet access practically unavoidable!
Consequences of Internet Ubiquity
The Internet and the World Wide Web application form an open and innovation rich environment. New applications for mobiles, tablets, laptops, and desktop computers arrive with daunting frequency. For the most part, these applications are created without needing permission from the Internet Service Providers (ISPs). This permissionless innovation has driven much of the growth of Internet services since the early days of the ARPANET and subsequent Internet. With the arrival of cloud services, application makers did not need their own data centers to implement and operate applications. They could – and do – write applications for portable or mobile platforms that interact with Internet-based cloud systems to implement their services.
In this environment, freedom of expression flourished. Anyone and everyone who was online was free to blog, create web pages, send emails to individuals and distribution lists, add comments to web sites, and to search the WWW for content of interest. As streaming of video and audio became more feasible, Content Distribution systems such as AKAMAI contributed new capabilities to the growing Internet infrastructure. Web and mobile-based payment systems were devised to provide new ways for users to move money around.
This open platform also became an environment in which online devices of all kinds were attacked by so-called hackers intent on disrupting service, stealing personal information, including financial account data, user names and passwords, and intellectual property, for example. Moreover, these bad actors also became adept at sending billions of unwanted emails to target users. Often these emails promoted scams of all kinds or attempted to get recipients to click on harmful malware attachments or on hyperlinks taking them to websites infected with malware. This behavior was not new. In fact, various kinds of hacking had been going on even before the arrival of widespread networking.
With the arrival of personal computers in the late 1970s and early 1980s, hackers would infect magnetic diskettes with malware and try to induce users to “boot up” their computers, so as to ingest harmful code that might wipe out computer memory and disk files. As networking became more widely available and used, the malware attacks migrated to the network, making it even easier to attack hundreds of millions of machines at once. Many operating systems fell afoul of such attacks, lacking adequate protection to fend them off or even detect they were happening. Co-opted computers were used to form so-called botnets which could then be controlled by a botnet herder to launch further Denial of Service (DOS) attacks, generate spam email, spread malware, launch more penetration attacks, and otherwise cause trouble.
These behaviors constitute a significant operational and financial threat. Ransomware is used to encrypt user’s data and payment is demanded to unlock the information. Direct hacking against financial systems often yields enormous sums by straightforward theft via electronic funds transfer or Automated Teller Machine withdrawals. Theft of intellectual property is another favorite practice, in some cases aided and abetted by nation states interested in business intelligence, core product software and designs, or military intelligence. Disruption of infrastructure including power generation and distribution has been documented. With the arrival of the Internet of Things, we have even more to worry about, including buggy code in devices to which we have ceded autonomous operation.
There is now solid evidence for a somewhat more subtle threat to the users of the Internet. With the widespread use of so-called “social networking” applications (think: Facebook, YouTube Linked-In, etc.), it has become possible to generate misinformation and disinformation intended to disrupt the social fabric of societies around the globe. These exploits range from personal bullying, sometimes with tragic and fatal outcomes, to significant intervention in elections by injecting divisive content intended to incite friction, hatred and violence. Using Machine Learning (ML) techniques, it is possible to create imagery, voice, and video of known parties that is indistinguishable from accurate and true renderings. One can readily imagine the damage that can be done to national, corporate, and personal reputations by means of such deep fakes.
Moreover, these anti-social behaviors are exacerbated by the feedback loops generated in social networking applications. The metrics displayed by these services such as likes in Facebook pages, views in YouTube videos, followers in Twitter, or collections of comments generated by the content, promote extremism. So-called trolls produce argumentative and insulting comments for the purpose of evoking a response. The more responses, the better the troll likes it. Extreme statements, extreme images and video all garner increased attention, and that is the reward sought by those who produce them. The longer users of these systems stay online viewing or commenting on content, the more opportunity the advertising-driven system has to generate revenue. In some ways, we can see similar effects with television and print news. The bigger and more shocking the headline, the more attention and more advertising revenue the vehicle can produce.
It is well known in propaganda circles that repetition of false information can make it more believable. This phenomenon has interesting consequences. If X and Y are opposing statements, the repetition of the assertion: “X is not true” is like to drive more belief in X. The better tactic, according to researcher Herb Lin, is to say “Y is true” so as to avoid repeating X.
Origins of Vulnerability
Heavy dependence on any infrastructure leads to great hardship in its absence. Think how dependent our societies are on electricity. When the power goes out, appliances stop working. Telephone, television, lights, computers, the Internet and vast swaths of other conveniences become inconveniences and, in some cases, fatal hazards. When our roads congest, their purpose is defeated. Think about large scale evacuations from major storms or simply daily rush hour in the work week. We often have no convenient or ready alternatives to our dependencies. Deliberate sabotage of things and systems we depend upon can disrupt our societies in dramatic ways.
Major natural disasters provide many examples. I was caught in a so-called 100 year snow storm in Boston in 1978. Roads were impassable. It was illegal to be on the road for anything other than emergency purposes. Stores were shuttered. By the third day, people were breaking into grocery stores for food, not because they were thieves but because they were out of food and even if they could pay, the stores were closed. The thin veneer of civilization peeled away rapidly. The 18th Airborne Corps was flown in to clear the streets of abandoned cars and to help restore order.
One can readily see how deliberate sabotaging of computer-based systems can wreak havoc. Communication fails, online services cease, the stock market shuts down, and banks can no longer perform their important functions. In more subtle cases, systems continue to work but reveal personal or vital information that can be used in identity theft, or to log into accounts to steal valuables, or cause other serious trouble. While the term hacking was once a compliment at MIT, it has become a label for harmful efforts to break into computer-based systems. Once this was just to show that the hacker could break into the system, but in more recent years, it has become a source of serious harm for individuals, corporations, institutions, and governments. One has only to turn to relatively recent events in Estonia and the Ukraine for examples in which Russian hacking has caused considerable damage and disruption.
A similar scenario has been playing out in elections in the US and Europe again with apparent origin in Russian skulduggery . Using all the tools of propaganda and social networking, exercising their worst effects, evidence is mounting that state-initiated actions have been taken to deliberately interfere with normal electoral processes.
Weaknesses in computer-based systems are primarily the consequence of mistakes made by software programmers that are undetected by testing. In some cases, the vulnerabilities are the consequence of deliberate negligence. Large scale botnets have been created by finding online appliances, such as webcams, that have no provision for access control or have well-known and fixed passwords. The so-called Mirai virus exploited this to create a 500,000 device botnet that was used in a massive denial-of-service attack. There are countless other documented examples of exploitation. Increased dependence on the Internet of Things leads to negative side-effects when we cede autonomy to these appliances and services and they fail to operate properly because of bugs in the software.
Better software development tools to help programmers avoid simple but damaging mistakes are needed, if indeed they can be developed, improved, and used. The latter point is a key issue because it is not often the case that such tools are applied, either because they require too much effort or are ineffective. For decades, researchers have struggled to define better programming languages to reduce the likelihood of oversights and mistakes in logic, but without very much success. Some tools expose errors but are prone to so many false alarms that they become an impediment to effective progress. Others simply do not catch the subtle timing and race-condition errors that arise in the highly distributed and concurrent software systems of our time.
The Internet was designed to be relatively insensitive to national boundaries. Its addressing structure (i.e. Internet Protocol addresses) are based on the topology of the interconnected networks and not their geographical span. Networks have identifying numbers that are used for addressing and routing but these are not in any way bound to the physical location of their equipment. This was a deliberate design feature because the system was originally intended for use by the US Defense Department for command and control. It had to work globally and could not be dependent on cooperative assignment of addresses using, for example, country codes associated with the telephone and telegraph systems. The side effect of this design is that the packets of the Internet are unaware of crossing national borders.
Harmful actions on the Internet can be initiated in one country or jurisdiction and the victim, or victims, may be in different ones. This is also true of the telephone and postal systems that do use country codes, incidentally, and has the same consequence: the need for cross-jurisdictional cooperation to identify and apprehend bad actors. Worked examples of the importance of cooperative, cross-jurisdiction law enforcement can be found in Interpol or Europol for example.
The Secretary-General of the United Nations has recently authorized the formation of a High Level Panel on Digital Cooperation. The term is evocative because it has a kind of all encompassing connotation about anything digital, and I believe this was intended to allow the panel considerable latitude in focusing its work. Given only nine months to produce its report, focus will be a critical requirement.
There are many other organizations, some long-standing and some very new, that are pursuing ways in which various forms of cooperation can lead to improvement in safety, security, and privacy in the digital world. Among these is the Global Commission on the Stability of Cyberspace (GCSC) , which has adopted a very effective tactic for exploring cooperation. Rather than thinking in international treaty terms, the Commission has formulated norms that can be adopted at all levels of government, the private sector, and civil society. Among several examples a particularly attractive one is the call to protect the public core of the Internet . By public core refers to the elements of the Internet that allow it to function as a global distributed system and that include inter alia, the backbone networks, their routers, and other components, the Domain Name System, and its name servers and resolvers. This concept is similar to the convention that, even in wartime, combatants should not attack hospitals and schools. The Commission has developed a number of proposed norms and notes that can form a body of informal agreements that might lead to more formal treatment in the future.
Other encouraging examples of cooperation can be found. One such example is the Netmundial 2014 declaration on Internet Governance, in which open, multi-stakeholder processes were endorsed for the development of governance principles in support of an open Internet.
Anonymity, Pseudonymity and Privacy
It is commonly desired that the use of the Internet remain a private matter except when personal information is needed to fulfil a function such as delivery of goods to an address. Account information is needed to transact business but there is no rationale for sharing that information publicly. In general terms, many, if not most, users feel they should be able to use search engines, for example, without having to identify themselves to the providers of these services. The protection of privacy varies around the world. In Europe, a strong privacy protection regulation is found in the General Data Protection Regulation (GDPR), which has had a global impact because personal information about EU citizens is not permitted to cross EU borders without assurance that the recipients of this information will protect it in accordance with the GDPR.
Many online services require that users establish accounts to use their services. Even when the services are free, for example Google’s many services, accounts are used to personalize the service. These accounts are often pseudonymous in the sense that the identity of the user does not need to be revealed. Of course, that user’s personal information may well be present in the system if the user wants to have ways to re-establish access to an account after forgetting or losing the passwords. Some systems request mobile phone numbers to be associated with the account to provide confirmation and assistance for account recovery, for example.
One can readily conceive of bilateral and multilateral agreements among jurisdictions to share identifying information in the course of tracking down harmful actors in cyberspace. Of course, abuse of the privilege to identify individuals from their pseudonymous labels should also be a matter of concern.
Pacification of the Internet
The historically open and often rambunctious nature of the Internet has brought enormous benefits to billions of users but it has also brought substantial risks. Principles, tools, national and transnational agreements are needed to improve the safety and security of cyberspace and there are many initiatives around the world aimed at this objective. Some of these have already been mentioned. Progress will be challenging given the great diversity of national regimes, societal norms, cultural mores, and the perverse ability of humans to engage in behaviors harmful to others. It seems inescapable that multi-stakeholder cooperation, including among governments at all levels, will be needed. Moreover, users need to be provided with much better tools and knowledge for protecting themselves in cyberspace.
Such technologies as two-factor authentication can protect against the hijacking of accounts otherwise protected only by usernames and passwords. Training in critical thinking can go a long way towards dissipating the deleterious side-effects of social network manipulation. Of course, critical thinking takes work: “Is there corroborating evidence for this assertion? Who is making this claim? Is there a motive for misrepresentation?” These are all the kinds of questions one should learn to ask before accepting excessive claims. That extraordinary claims should be accompanied by extraordinary evidence seems to me an essential notion for survival in the ocean of content found on the Internet.
It is tempting to try to invent automated tools for detecting misinformation campaigns. Bots clicking likes on Facebook or “watching” videos on YouTube can lead to the mistaken belief that the associated content is popular and widely held as credible. It isn’t so easy to distinguish between a bot and a human. Among the more annoying practices for trying to achieve this objective is the so-called CAPTCHA  (“Completely Automated Public Turing test to tell Computers and Humans Apart”). Alan Turing once proposed a test in which a human interacted textually with another human and a computer. If the interrogator was unable to tell which was the computer and which was the human, the computer was said to have passed the Turing Test. In today’s Internet, programs are interacting with humans and computers on the network, and are trying to distinguish between humans and computers. If the program cannot do so, it has failed what I will call ‘Turing Test 2’.
Small and medium sized businesses are particularly at risk in online environments. These organizations rarely have adequate staffing to protect the organization from cyber-harm. One wonders whether we need to invent cyber-fire departments or a digital Red Cross to respond to emergencies in cyberspace. These metaphors are imperfect, of course, and should be treated with care. In the real world, anyone can call the fire department to put out a fire. The fire department breaks doors, windows, roofs and pours water on everything to put out the fire. But what if a company reported a cyber-fire as a competitor and the cyber-fire department arrives to disrupt the operation of the competitor, while the other company continues to operate? What if there wasn’t a cyber-fire after all? Of course, false alarms happen in the real world as well, but one doesn’t want to create incentives for such bad behavior.
The militarization of cyberspace is not an attractive prospect but it is a readily imagined as our dependence on cyberspace functionality increases and the need to defend its operation escalates.
The Universal Declaration of Human Rights was written about 70 years ago and its provisions should echo clearly in cyberspace as well as the physical world in which we live. It is an aspirational declaration, frequently not achieved in practice. We would do well to ask ourselves how the concepts articulated in this historic document might be translated into good practices in digital environments, where our global society now increasingly resides.