Vint Cerf, known as one of the fathers of the internet, acknowledges that he and co-founder Bob Kahn did not think enough about security when they built the framework for the web. He shares a view held by a growing number of experts that the best way to defend against cyberattacks might be to simply start again.
“I would have put a much stronger focus on authenticity or authentication – where did this email come from, what device I am talking to … those things are elements that would make a big difference,” Mr Cerf says.
The fight to secure the current internet is unwinnable, says Ori Eisen, founder of a security company called 41st Parameter, which defends banks against online crime.
A faulty initial design – with net protocols that rely on trust and freely allow anonymity – has been compounded by the slow rollout of security gear, he says.
“I can do a very good job,” says Mr Eisen, whose company tries to keep pace with advancements in the cybercrime underworld. “But in the long run, it is essentially hopeless.”
So, what would a secure internet look like? Mr Eisen has set out plans for Internet 2 in a document called Project Phoenix. Included in his blueprint are biometric identification, encryption of all keystrokes and virtual machines created for every transaction.
His plan has drawn praise from the security industry, including Michael Barrett, PayPal’s head of security, who calls it a “very helpful scenario”.
“There are a number of people in the community who have been arguing for a while that we need to press the proverbial reset button and start again,” Mr Barrett said.
The US government has made some tentative steps in that direction. Military contractors funded by the Pentagon’s defence advanced research projects agency – which sponsored the first version of the internet – are also contemplating redesigns. But these efforts are aiming mainly at isolated government locations and not broad adoption in the civilian world.
A new internet, along the lines of Project Phoenix, seems destined to remain a plan on paper only – at least for now. A company based on Project Phoenix would be doomed without a government mandate or a consortium of banks or telecommunications companies stepping in, says Ted Schlein of Kleiner Perkins, 41st Parameter’s prominent venture capital investor.
“The concept of a more secure network that customers or vendors are willing to pay for is probably the only way to provide the security that people want to have,” Mr Schlein says.
Mr Cerf said the ubiquity of the present internet need not block the adoption of a new version.
“I’m actually quite interested in the clean-slate ideas,” Mr Cerf said. “People will say, ‘Oh you can never do that, it’s already too deeply embedded in everything else.’ But you could have said that of the telephone system in 1973, and the internet is replacing the telephone system.”
Additional reporting by Tim Bradshaw in London