WASHINGTON—If there was a common thread to Vint Cerf’s wide-ranging remarks at the National Press Club on May 4, it was that pretty much everyone involved in the Internet needs to get better at security.
But Cerf, who is frequently called the “Father of the Internet” and who invented the TCP/IP network protocol, said the world needs to move faster to version 6 of that protocol. Furthermore, he said that governments in general and the U.S. government in particular have to change their thinking about the Internet.
“I’m really proud of the Internet,” Cerf said. “It intrigues me that it continues to evolve.” But he noted that while he and his colleagues got a lot right when they created ARPANet, the predecessor of the Internet that was created by the Defense Advanced Research Projects Agency, he misjudged a few things. “One of the things we didn’t get right was the number of addresses needed. We got it wrong and we ran out of addresses in 2011.”
Cerf said that it was critical for the Internet, including all ISPs, to fully support IPv6 as soon as possible. Currently, Cerf said, only 4 to 6 percent of Internet traffic uses IPv6. “Every appliance is shifting to programmatic control,” he said. “The good news is everything is connected, and the bad news is everything is connected.” He said that already even the most mundane devices such as light bulbs have IP addresses.
But it was security that drew most of Cerf’s attention, starting with encryption. While he acknowledged that encryption doesn’t solve everything, it should be one of the first things that Internet users make sure they’re doing, he said.
“Use HTTPS where you can,” Cerf said, because this helps ensure a secure connection between remote users and the servers they’re using. “All traffic should be encrypted,” he said, and he added that such encryption should start on individual computers, including encrypting files on the hard disk.
Cerf also said that while he doesn’t think passwords are going away anytime soon, he suggested that they needed to be supplemented with two-factor authentication. Cerf, who works as Google’s Chief Internet Evangelist, said that some companies including Google and Apple, are making it possible to encrypt entire devices.
He said that current efforts by the FBI and the Justice Department to mandate back doors into encryption methods were very dangerous. He said that if such back doors exist, the bad guys will find them and exploit them.
However, Cerf said that law enforcement has a legitimate need to some information, and suggested that what’s really needed is legislation that enables some necessary means of access where needed, but that doesn’t include a back door.
Internet Pioneer Vint Cerf Calls for Rapid Web Security Enhancements
Cerf said that better security needs to be widely available in the Internet’s infrastructure as well. He called for DNSSEC (security extensions to the domain name service) to be implemented widely. This allows digital signatures for DNS servers that in turn eliminate spoofing of the domain name system, he said.
Cerf also called for the ubiquitous deployment of BCP-38 (Best Current Practices for ingress filtering), which helps certify that the source address in a data packet is real, and among other things helps thwart Denial of Service attacks as well as certain forms of spoofing.
In response to several questions about the FCC’s recent decision to put ISPs under Title II of the Communications Act, Cerf said it was probably necessary. “Wheeler didn’t have a lot of choice,” he said. But he also said that using Title II as a way to ensure net neutrality was a short term solution at best.
The problem with Title II, he said, was the fact that it depends on forbearances as a way to regulate access to the Internet. He pointed out (as have many others) that a new Commission could change that whenever it wished. “At some point Title II has to be readdressed,” he said.
Despite his significant role in how the Internet has developed (for which he is justifiably proud), it’s clear that Cerf isn’t totally thrilled at some of what’s become of his project from long ago. He’s disappointed at some obvious things, such as the amount of spam that’s showing up. But it would appear that he’s also disappointed at the government’s lack of vision in how it interacts with the Internet.
During his discussion of the Internet he listed several points that he thought needed improvement, including some way to ensure freedom of expression everywhere on the Internet, equal access to everything on the Internet that’s legal, including performance features. Furthermore, he said he thinks that everyone, everywhere should have equal access to the Internet.
Cerf issued a warning to nations that attempt to stand in the way of free access, saying “The countries seeking authoritarian control over the Internet are shooting themselves in the foot. They are cutting off creativity and their access to global markets.”
If there is any person with the clout to say these things to the U.S. Congress and the presidential administration it is Cerf. The Father of the Internet is deeply respected and his thoughts carry great weight, but it’s a powerful voice only if someone listens.