Internet Pioneer Vint Cerf Calls for Rapid Web Security Enhancements

NEWS ANALYSIS: Cerf said Web administrators need to quickly implement IP Version 6 and all Web users should broadly implement encryption to bolster data privacy.

Vint Cert

WASHINGTON—If there was a common thread to Vint Cerf's wide-ranging remarks at the National Press Club on May 4, it was that pretty much everyone involved in the Internet needs to get better at security.

But Cerf, who is frequently called the "Father of the Internet" and who invented the TCP/IP network protocol, said the world needs to move faster to version 6 of that protocol. Furthermore, he said that governments in general and the U.S. government in particular have to change their thinking about the Internet.

"I'm really proud of the Internet," Cerf said. "It intrigues me that it continues to evolve." But he noted that while he and his colleagues got a lot right when they created ARPANet, the predecessor of the Internet that was created by the Defense Advanced Research Projects Agency, he misjudged a few things. "One of the things we didn't get right was the number of addresses needed. We got it wrong and we ran out of addresses in 2011."

Cerf said that it was critical for the Internet, including all ISPs, to fully support IPv6 as soon as possible. Currently, Cerf said, only 4 to 6 percent of Internet traffic uses IPv6. "Every appliance is shifting to programmatic control," he said. "The good news is everything is connected, and the bad news is everything is connected." He said that already even the most mundane devices such as light bulbs have IP addresses.

But it was security that drew most of Cerf's attention, starting with encryption. While he acknowledged that encryption doesn't solve everything, it should be one of the first things that Internet users make sure they're doing, he said.

"Use HTTPS where you can," Cerf said, because this helps ensure a secure connection between remote users and the servers they're using. "All traffic should be encrypted," he said, and he added that such encryption should start on individual computers, including encrypting files on the hard disk.

Cerf also said that while he doesn't think passwords are going away anytime soon, he suggested that they needed to be supplemented with two-factor authentication. Cerf, who works as Google's Chief Internet Evangelist, said that some companies including Google and Apple, are making it possible to encrypt entire devices.

He said that current efforts by the FBI and the Justice Department to mandate back doors into encryption methods were very dangerous. He said that if such back doors exist, the bad guys will find them and exploit them.

However, Cerf said that law enforcement has a legitimate need to some information, and suggested that what's really needed is legislation that enables some necessary means of access where needed, but that doesn't include a back door.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...