We still don’t know how to construct institutions to guide the evolution of the internet
THE YEAR is 1992. The internet, while still largely unknown outside its core user base, is already close to hosting a million computers. David Clark, one of the engineers who helped design the system, is giving a talk to the Internet Engineering Task Force (IETF), a loose confederation of technologists who informally compose its co-ordinating body.
He’s proud, but worried. While most of the audience have spent the past decade worrying about how to make the internet scale – that is, work just as well with 10 million hosts as it did with 10,000 – Clark has another concern. He’s worried that the organisations that created and designed the internet won’t be able to scale.
His talk is called A Cloudy Crystal Ball,but he's given it the subtitle Apocalypse Now, and his big fear is that the internet will collapse because it can't be secured. Clark was not the first to worry about this, and he was certainly not the last.
His most stark prediction, that the 1990s would turn into the “decade of the cyberterrorist”, did not come true. But it’s still unclear that the 2010s might not gain that as a catchy subtitle. And all of the problems that he outlined about the security of the net persist.
Clark’s prediction came about because of his worries about what the engineers of the internet were good at, and not good at. The IETF was, and remains, an organisation with no coercive powers and little hierarchy. It operated on the basis of what Clark called “rough consensus and running code”.
The creators of the internet, he said, in words that were to become famous, “reject kings, presidents and voting”.
What did that mean? It meant they were quick to respond to changing conditions, and able to “build stuff that works” and criticise poor decisions among themselves and others. But, he pointed out, the consensus-driven IETF had its limits. In particular, it was hard for it to make long-term decisions about the internet, and that included managing security problems.
Clark’s crystal ball was not so cloudy. Twenty years on, his predictions regarding online security seem eerily accurate. He said internet engineers would advocate for security at the end points (which is to say, on your personal computer and phone), but that would be seen as too fragile, and that most would opt instead for erecting defences in the network itself.
That is exactly what happened: we now live in a world where home and work networks are fenced off from the wider internet with filters and firewalls.
Clark made that announcement, I suspect, to shock the internet engineers out of complacency. A Balkanised network is exactly what they had spent their time working to prevent. In the end, though, businesses and individuals chose to sacrifice the internet holy grail of “addressability” – that your computer and mine can communicate directly – for a safer world, with online roadblocks and cordoned-off computers.
The real horror, though, is that most net engineers from 1992 to the present day strongly suspect we are hardly safer. Firewalls and closed-off networks are a band-aid over vulnerable operating systems and a lack of network-wide security. All-too-hackable computers are not the fault of the designers of the internet: blame Microsoft and a distributed ignorance of security issues.
Clark’s point was that he and his peers were the only ones who might have been able to settle on network-wide security protocols before it was too late.
But how? With a reticence to bow before kings and presidents, he pondered on other ways of co-ordinating the herds of technologists that built the net: a “house of lords” or “supreme court”, he suggested – some band of elder experts to guide the way?
Subsequent events have confirmed Clark’s suspicions – that such institutions could hardly survive the rise of a network that was as hierarchy-free as its founders. These days, even kings and presidents struggle to place controls on the modern net. And when they do, improving network security is more of a flimsy excuse than a genuine priority.
Every time someone, be it the US government or the UN, puts someone or some group in charge of the future of the net, the net has snuck away and found its own future. But the problem Clark raised remains, and his question is still unanswered.
What kinds of institutions can we build to guide the long-term evolution of the network? Clark finished his talk with a question: “What is the community meta-process that will create the acceptable process?”
Twenty years into the rise of the net, we know how big it can grow, but we still don’t know how to construct institutions that can tame or steer it. Perhaps it is better that we do not. Or perhaps that is the next leap we need to take. After all, if we can build a safe network without kings and presidents, maybe we can build a safer world without them too?
