Nathaniel Borenstein
by

Why Wasn’t the Internet Designed to Be More Secure?

I wasn’t there myself, but I heard from colleagues that Tim Berners-Lee (the originator of the WWW) keynoted at London’s IP EXPO Europe show earlier this month. He was asked why security wasn’t considered more in the beginning of the Internet.

This got me thinking back to those days and asking the same question. Why didn’t we early Internet guys predict the need or put the hours in on security from the start? After all, today there’s a whole industry now dedicated to the challenges of securing the Internet, as well as the data and communications carried over the network. Today, companies like Mimecast fight a never-ending struggle to keep the Internet reasonably secure.

Why didn’t we early Internet guys predict the need or put the hours in on security from the start? The good news is that the world runs on the Internet and there are thousands of smart people and companies working hard and fast to secure it and our data.

Why didn’t we early Internet guys predict the need or put the hours in on security from the start? The good news is that the world runs on the Internet and there are thousands of smart people and companies working hard and fast to secure it and our data.

But many decades ago, there were so few people on the Internet that most of them knew each other by name. My late mentor, Einar Stefferud used to tell people his address was ‘stef @ any machine on the net.’ We mostly just trusted each other, as research colleagues. Besides, doing never-before-done amazing things is a lot more fun than preventing bad things that were, at the time, completely hypothetical.

For me, that’s all the explanation you should need. But I’ve plenty of other explanations and here are some of them:

1.  They didn’t know how. When you’ve just built something new, by definition no one will know how to secure it. The people building them were specialists in all sorts of things, but not, with a few exceptions, security. They hoped that the security people could come in later and fix things up.

2.  They didn’t want to. The early Internet pioneers tended to have a very egalitarian vision of the Internet. They wanted to open possibilities for everyone, not close them off from some people.  While they would have readily said that some security would be needed, it just wasn’t what they wanted to work on. The vision of an Internet open to everyone tended to work against any efforts to secure it. Also, there was a lot of belief that anonymity should be possible on the net, so there was substantial resistance to requiring strong authentication of identity.

3. For most people, security was boring. Those who found it interesting generally wanted to work on something heavily used. Even security researchers — and there were some — generally trusted one another.

4.  They feared it might be impossible. It was clear that Internet security would be very complex, and less clear that it would ever be truly possible. For that matter, they weren’t entirely sure that what they were trying to build with the Internet was even possible. Nearly all the protocol designers worried about security, and tried to make wise decisions when they could. But it’s hard to secure something before you’ve designed it.

The good news is that we now know the world loves (even runs) on the Internet and there are thousands of smart people and companies working hard and fast to secure it and our data. Nowadays there are university programs and whole careers to be made in various aspects of the Internet security industry.

It’s still an open question whether we can do so completely. The bad guys are constantly innovating so companies like Mimecast have to be relentless and in it for the long haul. This is a constant battle of cat vs. mouse between the Internet good guys protecting all of us from the bad guys out to steal our data, corrupt our systems or rob us plain and simple.

This is a worthy pursuit for any company, computer science graduate or expert. The world needs more smart, well-educated people worrying about security.

That’s why I’m particularly passionate about the need to get more young people, particularly women, interested in engineering at an early age. It may seem like an uphill battle. But there’s an encouraging shift visible in the emergence of targeted technology clubs and engineering toys designed to appeal to them from companies like Goldieblox, Roominate. Oh, and for the record, I’ve no financial interests in these firms or the toy industry. It’s just clear to me from my own experience as a parent and now grandparent, that if we inspire early, we can create the talent we need tomorrow.

by

Feeling Insecure About Security

Earlier this month, as you’ve no doubt heard, a batch of private pictures of celebrities were circulated widely on the Internet, having been either leaked or stolen from a storage medium the celebrities considered private and trustworthy.

One security breach doesn't prove that the cloud is unsafe. It’s still safer than the alternatives.

One security breach doesn’t prove that the cloud is unsafe. It’s still safer than the alternatives.

On the theory that one person’s misfortune is another’s teachable moment, the Internet has been flooded, not by the pictures, but by well-meaning explanations of how users can protect themselves from such privacy violations. Most of them give advice that is mostly good; it’s certainly true that most people take far too few precautions with their most sensitive information. But some of it’s misleading, perhaps even betraying an ulterior motive and a hidden agenda.

While experts can agree on the vast majority of things you should do to be safe — which I won’t reiterate here — sometimes their advice reflects unspoken assumptions or agendas. While there’s a great deal of consensus about how to protect data stored in a given manner, there’s much more debate about whether one type of storage is fundamentally more secure than another.

Consider the lowly flash drive. Some would tell you that the safest place to put your data is on such a drive. It’s true that the lack of networking on a storage card makes it immune to network-based attacks, but instead it’s vulnerable to physical ones — those tiny drives are easy to steal, or to lose. Is your security better overall with the flash drive? It’s not easy to say.

Similarly, in the recent disclosure of scandalous pictures, some have rushed to say that this shows the insecurity of the cloud. Leaving apart the fact that Apple ultimately concluded that the pictures were not stolen from their cloud service, there’s a legitimate (albeit misplaced) question here: Is cloud storage less secure than other forms of large-scale storage?

Obviously it depends on what you look at. As I’ve said, USB vs cloud strikes me as too close to call on the personal side. But for business users, the right comparison is to on-premises systems. Many executives feel safer knowing that the data doesn’t leave their site, where they believe they have complete control. However, while that control might be complete for a small number of businesses, the typical business is far from expert in matters of security, whereas for cloud providers it’s a live-or-die issue. With very few exceptions, I think business data is more secure with a good cloud provider than with on overextended, undertrained IT team on premises.

So, does that mean the cloud is more secure than on-premise storage? Again, the answer isn’t black and white. How do you know how good your cloud provider is? Do you trade off professional security in the cloud with perceived security in your organization? There’s room for disagreement and nuance, for sure.

However, we should all beware of self-interested pundits who draw overly broad conclusions.  Not only was the recent leak not a cloud leak after all, but even if it had been, we can’t read too much into an isolated event, remembering that nothing is perfect. One security breach doesn’t prove that the cloud is unsafe, any more than one accident with a change machine proves that change machines are a menace.

Life is dangerous. The only way to know how much a particular thing endangers us is to look at some longer-term statistics. An isolated event means nothing, but when someone uses such an event to broadly generalize, it can tell you a good deal about their own agenda.

by

Goodbye Facebook! We Barely Noticed You Were There!

A bit less than four years ago, Facebook decided to get into the email business. I wrote a blog entry at the time, warning it a bit about what it was getting into.

Facebook announced the closure of its email service earlier this year. Facebook emails will automatically be forwarded to whatever email address Facebook users have listed as their primary one.

Facebook announced the closure of its email service earlier this year. Facebook emails will automatically be forwarded to whatever email address Facebook users have listed as their primary one.

I warned it about the technical complexities of email, and the pitfalls that required email veterans on the team to avoid repeating. I really thought the biggest problem it faced might be technical. I figured that with its brand, it certainly had ‘market permission’ to enter the email space.

But we never got a chance, really, to find out how good Facebook mail was, because almost nobody used it. I didn’t see that coming, because I thought that there was potential value in integrating Facebook messaging with email. I should have known better, though, because I made a similar mistake back around 1982.

In 1982, I was developing and maintaining email clients for a couple of timesharing systems of the day, when I discovered that two future friends were developing a bulletin board system and a calendaring system for the same environment. We decided that what was really needed was to integrate all three into a single user interface that streamlined everyone’s communication.

We called the system BAGS, after our last names – the Borenstein Anderson Garlan System. It was modestly successful, and was maintained for many years after I moved on. But people didn’t use it as a single user interface. Some used it for both email and bulletin boards, but separately, as if the fact that they were all one program was something they needed to work around. Like Facebook, we found that users just weren’t drawn to the kind of ‘universal interface’ that draws computer scientists like moths to a flame.

It turns out there are good reasons why people have always had multiple communication mechanisms. The characteristics of a communication technology, coupled with the community rules, standards, and customs that develop around that technology, inevitably result in a mechanism that’s better for some things than others.

If you need to send me a message, what’s the difference between email and instant messaging? It’s not just a matter of whether you’re using a laptop or a phone, because either can be used either way. But when you’re using a laptop, you’re likely to be in a more relaxed or serious environment, so it’s natural to compose an email, which is likely to be longer, more nuanced, funnier, or otherwise more complicated than seems right for an instant message. On the other hand, if you’re running across an airport, dashing off an instant message will be rather more appealing. And if you’re like me, you’ll sometimes dash off an instant message to yourself, reminding you about a more complex email you need to send.

Facebook was one of the pioneers of social networking, which as a communication medium is radically different than email. People use it to communicate with whole groups of friends or relatives at once, and they think of themselves, generally, as operating in a semi-public forum. Email feels (rightly or wrongly) more closely controlled and limited in distribution. Combining two media that differ in important aspects is a recipe for confusion, and users intuitively resist it.

The email world and the Facebook world often leak into each other, but that doesn’t mean users want them to merge. The best email programs have user interfaces that are highly evolved to what users expect from an email medium – features that make it well suited to complex threads of discussion, but less well suited to ad hoc group discussions with your friends’ friends. Merging the two doesn’t necessarily make things simpler – the features of one can actually get in the way of the other.

The bottom line is simple: email is very, very important to a lot of people, and they are wary of anything that might weaken its usefulness. If Facebook had set up its email service to be entirely independent of the social networking system, it might have been able to attract users, and then gradually introduce carefully selected features that connect the two in useful ways. Perhaps that’s how it’s planning to approach its acquisition of WhatsApp; if it’s sufficiently cautious in how it integrates the two services, it might well succeed.

So, while we are saying goodbye to Facebook mail, perhaps it’s not forever. There’s still plenty of room for innovation in email, in social networking and in the spaces in between. But it’ll take a more open, incremental and modest design to succeed.

by

Three Predictions for the Future of the Web

The World Wide Web (WWW) celebrated its 25th anniversary on March 12th. This event got me thinking: the Internet and the WWW have already transformed the world in many ways – some predictable, some not – but what’s in store for the next 25 years as Internet capabilities continue to grow? From my perspective, the future could bring either a better Internet or a worse Internet than what exists today.

The future could bring either a better Internet or a worse Internet than what exists today.

The future could bring either a better Internet or a worse Internet than what exists today.

As it stands, we’re lacking in cooperative international efforts when it comes to Internet governance. Such governance will be crucial, as the Web continues to evolve, if we want to maximize its benefits and minimize its unwanted side effects, particularly in three key areas that could have a big impact on society:

  1. Healthcare: The ever-growing power of our computing devices will have profound implications for healthcare. For instance, we could see implantable networked devices become commonplace. These devices will offer great benefits, such as detecting and preventing diseases by alerting individuals and their medical professionals of vitamin deficiencies, irregular cell counts, degrading organ functions, or even early-stage cancer. These same devices, however, could do more harm than good – from revealing personal medical information to triggering a heart attack – if they fall under the control of malicious actors.
  2. Crime Prevention: Surveillance technology and its regulation are already a hot topic today. But we’ll have much more to contend with in another quarter century, as Internet capabilities continue to advance. Continuing miniaturization will probably mean that we’ll have effectively invisible cameras nearly everywhere – even embedded in our clothing. On the one hand, recording the daily actions of citizens worldwide may bring a major decrease in crime, as visible crime becomes less likely to succeed. But on the other hand, uncontrolled surveillance may bring forth a flood of intrusive snooping from government agencies, corporations, and other entities. As such, we’ll need to continually and carefully consider how such surveillance technologies should be used, and to consider measures such as mandated transparency to allow us to ‘watch the watchers.’
  3. Technology’s Impact on Manufacturing: Technological advances over the next 25 years are likely to result in widespread adoption of 3D printing, allowing people to print things at home that would otherwise require whole industries. This could result in a boom for home invention, with things like new design innovations coming more quickly to market. It’s possible that the Internet will once again rewrite supply chains, likely to the detriment of traditional manufacturing. We could experience a further shift to an economy based not on the supply of physical objects, but digital ones.

Each new application of Internet technology seems to offer us the choice between a dream and a nightmare. Recent developments, notably the internationalization of ICANN, appear to be steps in the right direction, toward an Internet governed for the good of the many rather than the few and powerful. But the fight for a better Internet will continue, and constant vigilance is required.