openpolitics.com

Net of Insecurity: A flaw in the design

“It’s not that we didn’t think about security,” Clark recalled. “We knew that there were untrustworthy people out there, and we thought we could exclude them.”

.. When they thought about security, they foresaw the need to protect the network against potential intruders or military threats, but they didn’t anticipate that the Internet’s own users would someday use the network to attack one another.

“We didn’t focus on how you could wreck this system intentionally,” said Vinton G. Cerf, a dapper, ebullient Google vice president who in the 1970s and ’80s designed key building blocks of the Internet. “You could argue with hindsight that we should have, but getting this thing to work at all was non-trivial.”

.. Computers in that era were huge, costly behemoths that could fill a room and needed to serve multiple users at the same time. But logging on to them often required keeping expensive telephone lines open continuously even though there were long periods of silence between individual transmissions.

Davies began proposing in the mid-1960s that it would be better to slice data into pieces that could be sent back and forth almost continuously, allowing several users to share the same telephone line while gaining access to a remote computer.

.. As the ARPANET developed in its first years, soon connecting computers in 15 locations across the country, the key barriers were neither technological nor AT&T’s lack of interest. It simply wasn’t clear what the network’s practical purpose was. There was only so much file sharing that needed to be done, and accessing computers remotely in that era was cumbersome.

.. Debate remains, however, about whether widespread use of encryption was feasible in the early days of the Internet. The heavy computing demands, some experts say, could have made TCP/IP too difficult to implement, leading to some other protocol — and some network other than the Internet — becoming dominant.

“I don’t think the Internet would have succeeded as it did if they had the [encryption] requirements from the beginning,” Johns Hopkins cryptologist Matthew Green said. “I think they made the right call.”