Governance & Risk Management , Privacy
The Future of the Internet and Privacy
Dr. Paul Vixie Offers a 10-Year ForecastThe Internet as we know it may be heading toward fundamental changes in the coming decade as a result of an intense privacy debate, says Internet pioneer and DNS guru, Dr. Paul Vixie.
See Also: Netskope FERPA Mapping Guide
"The sense that the world's governments have, that they have the right and duty to know everything that their citizens do, in order that they can detect crime, or sedition, is not shared by the rest of the world's citizens," Dr. Vixie says.
When the Internet became all-pervasive, both civil liberties advocates and government believed that it would benefit their respective interests. Neither were right, Vixie says. The Snowden and WikiLeaks disclosures reveal that privacy and transparency have suffered. On the other hand, governments are dealing with extremely complex problems when it comes to encryption, surveillance and protecting critical information infrastructure.
Dr. Vixie believes that this debate is going to come to a head in the next 10 years, when we will see a cycle where both sides will swing to extremes and back before any resolution on privacy issues is reached.
In part one on of this exclusive interview with Information Security Media Group, Dr. Vixie spoke about the impact of DNS on the security landscape. In part two, he shares insights on the fundamental changes he expects in the coming decade and discusses his journey as one of the pioneers who built protocols that support the Internet. He also discusses:
- How the Internet's evolution has made crime easier;
- Some milestones in his journey as an Internet pioneer.
Dr. Vixie, CEO of Farsight Security, previously served as president, chairman and founder of the Internet Systems Consortium. He has served on the ARIN board of trustees since 2005, where he served as chairman in 2008 and 2009, and is a founding member of the ICANN Root Server System Advisory Committee and the ICANN Security and Stability Advisory Committee. He has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. He wrote Cron (for BSD and Linux), and is considered the primary author and technical architect of BIND 4.9 and BIND 8. He has authored or co-authored about a dozen Request for Comments, a publication of the principal technical development and standards-setting body for the Internet, the Internet Engineering Task Force - mostly on DNS and related topics. And he was named to the Internet Hall of Fame in 2014.
Edited excerpts of part two of the interview follow:
Making Crime Easier
Varun Haran: You have said that the Internet ecosystem has evolved to make crime easier. Can you elaborate?
Dr. Paul Vixie: When I was growing up in San Francisco, it would happen, once or twice a month that some little old lady got mugged. This was somewhat predictable because Social Security checks were delivered on a certain day of the month, and the criminal in that case is putting himself at personal risk. They have to put their body at the scene of the crime, which means there were a number of different risks that criminal would take.
Those risks placed an upper bound on how many such crimes would be attempted. In that sense, there was an equilibrium based on the risk to the attacker. On the Internet, we don't have any of these things. The attacker will often be an underage person in Eastern Europe, who just needs to infect the old lady's computer with a key-logger or other such malware to essentially steal the same money.
So we have removed the equilibrium involving risk to the attacker, making it possible to attack people from half a world away, with the likelihood of any recovery remote. The attacker could possibly be in a country having poor police cooperation with the country the victim is in, lightly regulated banking or a large organized crime footprint in the government.
In that sense, the Internet has given us a lot of new risk to accompany the value that it has brought.
A Long Journey
Haran: You've been involved in the development of Internet protocols for a long time and in different ways - you've done RFPs, authored BIND, you were a part of ICANN's early days. Can you chronicle what you have seen on your journey so far?
Dr. Vixie: One can argue that my journey began in 1980 when I dropped out of high school. I worked in the business computing world for a computer equipment manufacturer, Digital Equipment Corporation, for five years. It went out of business in 1998, but they used to be No. 2 after IBM. There I learned how to build computers and operating systems. I have tried my hand at consulting, but you can't really make a career out of it.
In the mid-nineties, I finally started two companies. One was a non-profit, the Internet Systems Consortium or ISC. It was that company that I used as my vehicle to contain BIND. I am not the original author of BIND, but I took it over at some point and rewrote it. BIND v8 is my work. Later, I found I couldn't do it all myself and I hired the people who wrote BIND v9, which is the current default implementation - BIND 9 has the single largest market share of any DNS implementation.
Around the same time, I started an anti-spam company because I could see that this [the Internet's] lack of admission control, and that this essentially academic, laboratory-grade network was going to be used for global commerce. The early indications were that it would be abused, more than it would be used. So I started a company called MAPS - The Mail Abuse Prevention System; it's spam spelled backwards.
We created the first network reputation service. That idea has obviously blossomed, and now there are hundreds of companies that offer similar reputation systems. But in 1995, we were the first. I'm not convinced we had the right approach, because we still have a lot of spam.
Nevertheless, it is those two companies that inform my work now. I have been trying to make DNS scale - because DNS as a protocol was essentially laboratory-grade like the rest of the Internet, and it has taken a lot of work to get it to fit the current Internet, which I think has more than 3 billion devices connected to it - mostly mobile, but that's still an awful lot of DNS transactions.
I have been creating new security technologies for DNS, such as I have done at my current company, Farsight Security. When I was inducted into the Internet Hall of Fame in Hong Kong last year, I said in my acceptance speech that I had spent the first half of my 30 years working in this field trying to make communications easier. I have spent the second half of that career trying to make communications harder.
Fundamental Change
Haran: Looking beyond DNS, what is the one fundamental change you expect will happen to the Internet in the next five years?
Dr. Vixie: I think there has been a bit of sleight of hand. The civil society movement around the world, which is by and large focused on democracy, transparency and human rights, has believed that the Internet would be a watershed breakthrough for them. Most of the people involved in the pro-democracy movement thought that the Internet was somehow going to make tyranny harder - it was going to free people by making accurate information more easily available.
I think that was naïve. I think the governments of the world - including the five eyes governments - rely on surveillance to do what they consider to be their duty in order to keep their citizens safe. And so they have always kind of subscribed to a double standard, where there is no fundamental right to privacy. This has really been a situation of two ships passing the night, where these two sides, each thought that the Internet would be better for them.
Turns out the people who thought that independence, freedom and privacy were good things, and transparency - especially transparency of government action - would be facilitated by the Internet, were wrong. Because it turned out that you can falsify or hide a great deal of traffic and you can intercept, decode and record an awful lot of traffic and so ultimately the Internet has approximately kept pace - things didn't get any better for the people who valued privacy. The fact that the Snowden disclosures reveal that things have gotten much worse, was a surprise to a lot of them.
On the government side it's a similar situation. They thought that all this information moving into electronic form would make it easier to then intercept and analyze. They also were wrong because there are many types of encryption that can't currently be broken - no matter how many trillions of tax dollars or megawatts of power you throw at it. Which means that any well-motivated criminal or spy is capable of eluding any and all types of surveillance a government might have on them.
And now, I think with the backlash from the Snowden disclosure, those technologies are going to become more prevalent, such as can be seen in Apple's recent move to make decryption of devices without passwords impossible.>
The sense that the world's governments have, that they have the right and duty to know everything that their citizens do, in order that they can detect crime, or sedition, is not shared by the rest of the world's citizens.
So if you ask me what's the biggest change coming in the next five years, it's perfect forward secrecy. Its where most of the tricks that the governments have been relying on are going to stop working. We're going to see both sides bending toward extremism and bouncing back, and I think we are at least 10 years away from discovering a happy medium. We have already heard the call for government key escrow, which you may recall from the clipper chip wars of the early 2000s, where there was a huge fight. That debate ended on party lines and not on merits, so it's still lurking out there.
I believe the next time that debate ends, it will be because the wrong things have been made into law and the results were disastrous and we then had to back away. It's going to be a little bit like the era of the 16th amendment and prohibition in the U.S. Prohibition ended as a gigantic black eye for the government, and we ended up with a society whose content was determined by its citizens and not by its most powerful speakers in government. I think we have a cycle like that that we are going to see play out in the next five to 10 years.