It’s Time to Build a More Secure Internet

January 8, 2015  • Walter Isaacson

The Internet was designed in a way that would allow it to withstand missile attacks. That was cool, but it resulted in an unintended side effect: it made it more vulnerable to cyberattacks. So now it may be time for a little renovation.

The roots of the Internet’s design come from the network built by the Pentagon’s Advanced Research Projects Agency to enable research centers to share computer resources. The ARPANET, as it was called, was packet-switched and looked like a fishnet. Messages were broken into small chunks, known as packets, that could scurry along different paths through the network and be reassembled when they got to their destination. There were no centralized hubs to control the switching and routing. Instead, each and every node had the power to route packets. If a node were destroyed, then traffic would be routed along other paths.

These ideas were conceived in the early 1960s by a researcher at the Rand Corp. named Paul Baran, whose motive was to create a network that could survive a nuclear attack. But the engineers who actually devised the traffic rules for the ARPANET, many of whom were graduate students avoiding the draft during the Vietnam War, were not focused on the military uses of the Net. Nuclear survivability was not one of their goals.

Antiauthoritarian to the core, they took a very collaborative approach to determining how the packets would be addressed, routed and switched. Their coordinator was a UCLA student named Steve Crocker. He had a feel for how to harmonize a group without centralizing authority, a style that was mirrored in the distributed network architecture they were inventing. To emphasize the collaborative nature of their endeavor, Crocker hit upon the idea of calling their proposals Requests for Comments (RFCs), so everyone would feel as if they were equal nodes. It was a way to distribute control. The Internet is still being designed this way; by the end of 2014, there were 7,435 approved RFCs.

So was the Internet intentionally designed to survive a nuclear attack? When TIME wrote this in the 1990s, one of the original designers, Bob Taylor, sent a letter objecting. TIME’s editors were a bit arrogant back then (I know, because I was one) and refused to print it because they said they had a better source. That source was Stephen Lukasik, who was deputy director and then director of ARPA from 1967 to 1974. The designers may not have known it, Lukasik said, but the way he got funding for the ARPANET was by emphasizing its military utility. “Packet switching would be more survivable, more robust under damage to a network,” he said.

Perspective depends on vantage point. As Lukasik explained to Crocker, “I was on top and you were on the bottom, so you really had no idea of what was going on.” To which Crocker replied, with a dab of humor masking a dollop of wisdom, “I was on the bottom and you were on the top, so you had no idea of what was going on.”

Either way, the Net’s architecture makes it difficult to control or even trace the packets that dart through its nodes. A decade of escalating hacks raises the question of whether it’s now desirable to create mechanisms that would permit users to choose to be part of a parallel Internet that offers less anonymity and greater verification of user identity and message origin.

The venerable requests-for-comments process is already plugging away at this. RFCs 5585 and 6376, for example, spell out what is known as DomainKeys Identified Mail, a service that, along with other authentication technologies, aims to validate the origin of data and verify the sender’s digital signature. Many of these techniques are already in use, and they could become a foundation for a more robust system of tracking and authenticating Internet traffic.

Such a parallel Internet would not be foolproof. Nor would it be completely beneficial. Part of what makes the Internet so empowering is that it permits anonymity, so it would be important to keep the current system for those who don’t want the option of being authenticated.

Nevertheless, building a better system for verifying communications is both doable and, for most users, desirable. It would not thwart all hackers, perhaps not even the ones who crippled Sony. But it could tip the balance in the daily struggle against the hordes of spammers, phishers and ordinary hackers who spread malware, scarf up credit-card data and attempt to lure people into sending their bank-account information to obscure addresses in Nigeria.