Vint Cerf: Net faces three crises

The internet faces three major crises which, if left unsolved, will lead to the net stalling as a communications medium and an engine for economic growth, according to internet founder and Google's internet evangelist Vint Cerf.

The internet faces three major crises which, if left unsolved, will lead to the net stalling as a communications medium and an engine for economic growth, according to internet founder and Google's internet evangelist Vint Cerf.

Vint Cerf was speaking to Computer Weekly's Ian Grant in an exclusive, wide-ranging review of the future of the net at the launch of 6UK, a non-profit body dedicated to speeding up the use of the IPv6 internet addressing scheme.

Cerf notes that the net has only been in public operation since about 1994. "Sixteen years is not very much time to understand what kind of societal, administrative and jurisdictional response we should have to the problems we are encountering," he says.

The first crisis is that the world is running out of IPv4 addresses, and the internet authorities will probably issue the last tranche of them around June 2011, Cerf says.

This makes the switch to IPv6 addressing mandatory if the internet is to continue to grow and enable grand sensor-based schemes such as smart grids and automatic traffic scheduling, he says.

Most edge devices, such as laptops and mobile phones, now support IPv6. The router systems have the software, but the internet service providers (ISPs) just haven't turned it on, he says.

The second problem is security and reliability on the network. "If people don't trust the applications on the net the network won't be as widely used or be the basis for growing GDP, creating new jobs and businesses," he says.

The third issue is to cope with mobility in the network. Cerf admits the original design of the internet did not anticipate the degree to which mobile access would be required. As a result, it doesn't do it very well, he says.

"That's another protocol and technical thing that needs to be done to improve the internet's ability to deal with mobile access," he says.

Asked if the growing tendency for government to lock down the net was having an effect, Cerf says the internet has enabled communication where it didn't exist before, including previously closed societies such as communist China. It has also given individuals the ability to publish whatever they want on websites, blogs and the like, and to have it read by a global audience.

"People have become their own publishers, in a way. Some regimes feel threatened by that exchange of information," he says.

"Other countries are reacting to hazards or abuses that are undertaken on the net, whether it's stalking or capture of personal information. Their reaction to this is that, if we force everyone to identify themselves, or if we filter everything, we will stop these bad things from happening.

"I am not persuaded it is possible to lock down the net in this way. Even if it were possible, I'm not sure that is a world in which we would all want to live," he says.

"On the other hand, if we insist on anonymity at all levels so that nothing is known, society itself may be at risk. Things like terrorism come to mind. So there must be some balance in between.

"My sense right now is that we can and shall make changes to the network's technical architecture to improve its safety, but we also need legal agreements that cross international boundaries to enforce laws that either protect citizens or law to improve our ability to conduct electronic commerce."

Cerf says digital signatures that authenticate the documents and the persons on the net were now possible. The issue is whether different jurisdictions give the same weight to them, he says. "We need legal structures that cross those boundaries that help us to resolve those problems," he says.

Cerf says there is already a lot of international trade on the net, but much of it is inadequately protected by existing legislation. The controversial new Anti-Counterfeiting Trade Agreement (Acta), just finalised and awaiting legal review and ratification, could go some way to guide future international agreements on net-mediated trade, he says.

"I am at least persuaded that more of the governments are recognising the importance of this, but I think we are still some distance from knowing what kind of legal structures ought to be adopted," he says.

Cerf says some quarters treat internet security issues as if they were a national crisis, or as if they were a form of warfare.

"That metaphor is probably overdrawn, and in some ways dangerous to adopt," he says. "Adopting the weapons of war in the internet environment may turn out to be the wrong choice."

This was due to the problem of correctly identifying the source of the attack. Since many smart criminals use zombie botnets to hide the source of their attacks, defenders might find themselves destroying the assets of their own citizens, he says.

"Botnet generals don't want to disclose the source of the attack, but nor do they want to break the internet because they have a business to run," Cerf says.

"If you chose the typical warfare stance, you (as the target) would launch a counterattack, and you'd be attacking the assets of the general public or the private sector, and there might be a lot of collateral damage. That might have a direct impact on the rest of the economy," he says.

"This does not mean that there should not be a response, only that we should be very careful how we address this problem."

Cerf also worries that some might choose to use conventional or "non-cyberspace" weapons to respond.

"Failure to get the correct attribution would lead to very severe problems, attacking the wrong country, for example," he says.

Other metaphors that might help deal more effectively with cybercriminals are "public health" immunisation and restoration of computer wellness, "fire brigade" intervention in an attack, or even the "police department", for when you are under attack or you think a law has been broken.

"We need the cyber equivalents of those departments," he says.

Read more on IT risk management