The Internet Was Never Meant to Be Secure!
The Late Dan Kaminsky, believed that the internet was never meant to be secure. This is what he said in an interview in 2016.
“The Internet was never designed to be secure. The Internet was designed to move pictures of cats. We are very good at moving pictures of cats.”
Mr. Kaminsky believed that the internet world had from the start “fallen far short of expectations” as far as security is concerned.
While pitching a cyber-equivalent of the Manhattan project, he said, ““Everybody looks busy, but the house still burns.”
The added, “we didn’t think you’d be moving trillions of dollars onto this. What are we going to do? And here’s the answer: Some of us got to go out and fix it.”
Mr. Kaminsky was right about the need to fix things. Remember this MIT Technology Review cover story?
This MIT Technology Review cover story called attention to the fact that the internet was broken, and something needed to be done about it.
However, both Kaminsky and MIT, and everyone else who believes the internet needs fixing are wrong. It is not the internet that needs fixing.
Mr. Kaminsky started well the first quote. That the internet was never designed to be secure. Maybe what we should be asking ourselves is, what was the internet designed for?
We’ll come back to that a bit later.
What’s the biggest issue with the internet right now? What is it with the internet that makes everyone feel that it needs fixing? Those trying to fix the internet right now are fixated on fixing human behavior.
That can’t be fixed either!
Let me explain.
The internet used to be called the information highway – and the name still fits.
In our physical world, highways are outdoor public transport systems. Recall Kaminsky’s remark about moving pictures of cats.
That’s what the internet was designed for. It has not failed one bit in that purpose.
How do we use highways? Typically, we use them to move from on building to the other.
So, what are buildings?
Buildings are our safe havens. They keep the rain off our heads. However, that’s not the main value of a building. The main function of a building is to provide bounded spaces of accountability. We tend to know who’s in a room with us. We tend to know who has keys to rooms with filing cabinets.
Accountability solves all those problems that Dan and MIT were referring to. And accountability means buildings.
So, if the internet is a digital information highway, where are the digital building buildings?
Do you thing you can control human behavior on a public highway to an extent that you can leave your valuables there and not have to worry?
That’s why controlling human behavior is not a solution.
What’s the solution?
Learn About PKIDR
When learning about something new it’s natural for you to try to put it into the context of things you already understand. Learning about PKIDR is no different. So let’s put it into the context of what you know.
First, PKIDR is a digital thing. Normally the next step is to put it into the context of websites, social media, apps, software, phones, computers, tablets and such.
If you first get into that context, it is nearly impossible for you to understand PKIDR. You need to see a bigger picture here.
Try to first forget about everything you know what how we use the internet today, and everything that’s supposed to be done to make it secure. In fact, forget you ever heard of computers and software and the internet.
Instead, think about buildings. Picture some buildings. Picture an office, retail and residential complex such as may exist near where you live.
Now let’s think about what buildings are for. Partly, it’s about comfort – keeping the rain off the heads of the occupants and keeping the space heated and air conditioned, a respite from the heat and cold of the outdoor space that surrounds the building.
But of course there are lots more reasons for having buildings besides providing comfort.
We’re going to suggest that the main reason is accountability. Buildings provide bounded spaces where certain people are accountable for what goes on inside them. An accounting department room with filing cabinets is for those who work in the accounting department. It’s certainly not for the general public to walk in and poke around those filing cabinets – right? In a building you tend to know who is in the room with you and what they’re doing there.
(A type of space in a building called a “public accommodation” is partway between indoors and outdoors in terms of accountability. Accountability is relaxed in public accommodations, which include retail shops, bars, bank lobbies, building lobbies, etc.)
Now let’s turn our attention to what goes into those buildings to make them habitable.
First there are construction materials. Bricks, concrete, glass, pipes, wires, wood or metal framing materials, Sheetrock, etc. It must all meet building codes of course. Those building codes themselves can also be considered part of the structure.
There are the drawings that were produced by the architect, used by the contractor, and made part of the application for the occupancy permit. All were signed by professionally licensed individuals: an architect, a contractor, a building inspector.
Often a professionally licensed structural engineer also needs to sign off on that occupancy permit. Imagine a world where anyone can get a structural engineer’s license for a couple hundred dollars and sign off on the structural integrity of a fifty story building? Imagine a world where the occupancy permit itself could be purchased for the same fee, not signed by anyone with any professional liability? That would be the perfect recipe for chaos.
Now carry that understand of the physical buildings world into today’s internet world. Anyone can build anything on the internet today. Why are we surprised that things have become chaotic?
PKI is an excellent, superbly strong construction material that was developed in the seventies by a British government team. You use PKI construction materials every day.
But you use only the construction materials, without any of the other things that make a building habitable. The main evidence that a building is habitable, that is, that it is secure (for instance it has no secret passageways that the owners and tenants know nothing about), and that is structurally sound, is embodied in the occupancy permit. Without an occupancy permit, a building cannot legally be occupied.
If we are going to build spaces where we can keep our valuable and conduct our business on the internet, we should ensure we have assurance that those spaces are secure and reliable. We need to stop conducting our business on the public information highway that is the internet, because we have little to no control over what goes on there.
The people who build our internet buildings should assume professional liability just like architects and structural engineers do.
PKI provides the materials we need to build these internet buildings, but we need AUTHENTICITY. PKI with authenticity is what we call PKIDR (PKI Done Right). PKIDR brings along accountability.
As mentioned earlier, we have to stop trying to fix the internet. We have to stop trying to anticipate the character and intention of a stream of bits on the internet. We have to start attaching measurably reliable digital identities to people on the internet.
Digital identity certificates will bring along accountable anonymity. Everyone can remain anonymous as long as they are doing the right thing. When someone does something wrong, their identity can be uncovered so that they are held accountable.