FIRST PRINCIPLES

I was never present at the founding of the Internet, but I did work with someone who was.   

In the 1980s I was a graduate student in a Strategic Studies program at the Massachusetts Institute of Technology.   While there I worked with Dr. Jack Ruina.    Dr. Ruina had been the Director of the Pentagon's Advanced Research Projects Agency, or ARPA.    While Director there Dr. Ruina oversaw construction of the first Internet, which was ARPANET, from which the modern Internet or World Wide Web was built.

 

My work with Dr.Ruina was focused on the communications systems of the military's nuclear forces.    We believed that the more redundant these systems were the less anyone would think that they could attack and destroy the nuclear forces of the other side.   At that time there was thought in strategic circles that either the United States or the Soviet Union might be able to launch a surprise nuclear attack and win a nuclear war by destroying the communications systems of the other side.    I studied all the potential means by which nuclear forces in the field could be communicated with in a nuclear war.   One of these possible means, which was introduced to me by Dr. Ruina, was ARPANET.

 

ARPANET connected military computers to each other so that they could function outside of standard communications channels.    Computers comprising ARPANET formed a web of computers in which every computer was totally open to every other computer.   It was a way of joining different computers so that they formed one machine, combining their memories and files so that every computer on the ARPANET Web could access all the resources of every other computer.

 

That was the way it was designed, and it could be designed no other way.    Joining computers to each other in this manner necessarily means that each computer is open to every other computer in the network.     It was never intended that some computers would be connected to the network but have any part of their memory or hard drives walled off from other computers on the network.   This was never imagined.   It was understood that the particular computers assigned to the network were only those computers which the users intended to be open to every other computer on the network.    No one would have imagined putting a computer on the network which contained data which was intended not to be accessible to every other user on the net.

 

The structure and similar protocals to ARPANET were adopted later by select Departments of different Universities in and outside of the United States.   Once again, those participants understood that each computer on their network was open to every other computer, and that they were gaining a unique instrument for sending and sharing files and other forms of communications otherwise not possible through electronic means.

 

Then, strangely, came the change.

 

Strangely, a few profit seeking corporations sought to offer services to the public using this network.    Salesmanship is what this was about.

 

By the late 1980s several corporations existed providing computer users various services over the telephone companies' systems.   In the United States telephone companies were regulated by the Federal Communications Commission [FCC].   The FCC held that the lines used by different telephone companies were public utilities and existed for the necessary use of all the public, not just the subscribers of each telephone company.    Telephone companies had the status of "common carriers," meaning that they had to make their lines and distribution networks available to other company's users and could not discriminate between other companies' subscribers and their own. 

 

 

These computer service companies offerred limited products because of the very limited data which could be sent over telephone company lines connecting homes and businesses and intended to handle only the data stream necessary for voice communications or fax communications.   However these companies wanted to provide more services.    They wanted to provide their subscribers with messsage boards and chat rooms.    There was a security issue to this however.    Until the addition of message boards these companies' subscribers were accessing resources only with the computer company and there was no way other subscribers could penetrate the computers of others.   Only the computer company could do that, and as long as the computer company was not hacked the computers of their subscribers were safe.   However once message boards were added everyone's computers became unsafe.    By using message boards subscribers for the first time opened their computers up to hackers from the outside.   This vulnerability was not disclosed by the computer companies to their subscribers however.    They chose instead to set a precident which would be followed by all other similar companies of offerring enticing services which users would not choose if they knew the risks.    This set a pattern which continues today and upon which all Internet safety problems have arisen.

 

These companies imagined all kinds of other services they could sell to attract new subscribers, but these required more data capacity than the telephone companies currently had.    Furthermore these computer companies had to rely on the telephone companies' infrastructure.   Then they had the idea that they could use this alternative system, the World Wide Web, which the government and Universities were using.   They would push to have this Web commercialized, privatized, and regulated by the FCC as though it were a new kind of telecommunications company.    The FCC agreed, and soon the infrastructure for the Internet was borne, consisting of switches and nodes constructed by the computer companies themselves, and the FCC would treat these new Web companies as common carriers and as a utility just as telephone companies were regulated.    As such the FCC ruled that each Web company had to allow their subscribers access data and services from other companies and users without favoritism or prejudice, meaning that each data source would be treated neutrally instead of each company favoring data it created itself.  

 

The modern Internet was borne, however it had a crucial flaw.    The original design and intent of this system was never intended for public use.

 

The designers of ARPANET and the subsequent networks involving Universities and the government never intended that commercial companies would solicit the public to join in such networks.    Or if they imagined it they assumed of course that whoever offered such services to the public would disclose the way it works -- that each computer joined to it is open to every other computer on it.    It is not possible to wall off one computer from another.    If you want to participate in a network like that it's fine, but you have to only use particular computers you want to be totally open to others on the network.    You have to dedicate a separate computer for that purpose.   And you can never take the computer you do your normal work on, which possesses private files and data, and connect it to such a network.

 

This, however, the new Internet companies did not disclose.   If they had few if anyone would have subscribed to them. 

 

The first substantial use of the new World Wide Web available globally was by pornographers.   For the first few years of it's existence at least 90 percent of content on the Internet was sharing and selling of pornography.    Slowly Internet companies began to offer other services to the public, but these early uses were constrained by limited data carrying capacity of the system making for crude images and graphics, the limited number of websites the public could access for any use, and a concern within the public to use a technology so predominantly used by pornographers and the safety of which was not understood.

 

To counter this Internet companies advertised to promote an alleged safety which didn't really exist.    They offered filters to keep pornography off their subscribers' computers.    And to keep out unwanted malicious code they invented "Firewalls," which are packages of code which alleges to wall off the user's computer from threats.    These "Firewalls" have an impressive sounding name, but in reality they are perhaps nothing more than flimsy fences of code.    Computers are machines instructed to do what they do by code, and any set of instructions like a "Firewall" consisting of code can be subverted by other code introduced into it if you know how.    Then the threat of malicious "viruses" arose, when vandalizing, malicious hackers spread coded instructions packaged in emails or other online devices which embedded in the user's system and destroyed or damaged it's files or ability to operate.    New "anti-virus" companies emerged, promising to immunize the user's computer against known virus threats.    But like real, pathogenic viruses in biology these "anti-virus" products were effective only against known and past viruses and were of little use for new ones as yet unknown to the "anti-virus" company.    In 2012 Impervia, a security research company, ran a large scale test of standard anti-virus software.    They used eighty-two new viruses, employing them against the virus detection engines of over forty of the largest anti-virus companies, including Kaspersky Labs, Symantec, Microsoft and McAfee.   Impervia found that only five percent of the new viruses they used were even detected.   95% of the viruses passed through the "anti-virus" screens and into the user's computers.    So much for "anti-virus."

 

In the late 1990s a wave of new Internet companies were launched, and changes in the Federal Securities laws allowed these new companies to sell stock to the public on markets although they were new companies with no history of profitability.    In fact few if any of these new companies had even a plan for profitability anytime in the near (or distant) future.    However emotion and enthusiasm for new technologies led the stock prices of these companies to soar if only temporarily.    In 2000 most of these companies crashed as the market woke up suddenly and realized that without any hope of profitability that soon no one would want to own these stocks, and the race was on to unload them before that happened.    Many fortunes were made, and many lost, overnight, all in an enterprise based purely on emotion and misconceptions of technology as well as the specific businesses involved in each of these failed companies.   But what lay at the heart of all of it was bad faith, and a suspension of normal standards in order to perpetrate financial schemes to enrich their operators.    This would set a pattern for later, more profitable Internet pioneers.    In subsequent Internet companies profitability would be achieved, but only by mining personal data from unwitting users and then selling it to advertisers.   This destroyed the heretofore value of privacy in Western culture.    If those corporate founders who destroyed it had not become billionaires by doing so they never would have tolerated it.   However they each became billionaires ONLY through destroying it, and would never have become billionaires otherwise.    Therefore they advocated for the destruction of all personal privacy in bizarre and outrageous statements such as these.   "Privacy is no longer a social norm," as stated by Facebook founder Mark Zuckerberg, the strange man otherwise so obsessed with his own privacy that he purchased the four houses surrounding his own home so he wouldn't have any neighbors.   Only absurdities can seek to make the insult of such blunt statements palitable.    Zuckerberg's CEO Sheryl Sandberg cooked up her own tortured philosophy that peoples' identities are not really "authentic" anyway and that by losing all privacy that each person can take on a new identity in society which will be better or more "authentic."    Sheryl Sandberg states that, "expressing authentic identity will become even more pervasive in the coming years," and that, "this shift to authenticity will take some getting used to and it will elicit cries of lost privacy."    Funny how humans cry when what they've always found vital is suddenly snatched from them, particularly when it involves not only their security but their abilities to express themselves away from the criticism of others, the most necessary function of privacy upon which all Western ideals of freedom and individuality are based.    Strange how thrusting a dagger into that just because you want to sell advertising has caused dismay.

 

 

The worldwide surveillance net of the National Security Agency is mirrored to lesser extents by bureaus of other nations. Every country with the will and ability came to use the Internet as an unparalleled tool for surveillance and espionage.   Surveillance is often bulk, meaning directed at whole populations, or targeted, meaning focused only on one person or organization.   Espionage almost always involves targeting a foreign government, non-government organization abroad, or the companies, associations or individuals of other nations.   Governments other than the U.S. in particular discovered that espionage was taken to another, all-encompassing level by hacking into the computers of foreign companies, governments and their statesmen, political parties, law and financial firms, banks and anyone else, once all these entities connected their working computers to the Internet.   The great age of espionage went hand in hand with the golden age of population surveillance, both enabled by the insecure nature of the technologies everyone worldwide were persuaded to adopt, without ever being informed by the persuaders what the nature or risks of these technologies actually were.    Particularly adept were the Chinese and Russians.   These colossal former absolutist planned economies turned capitalist tyrannies which never dispensed with their predilections for spying on a massive scale directed at other nations and their own discontented peoples.   Soon American oil companies found all their expensively obtained geology studies pilfered.  Defense contractors working on next generation weaponry and control systems had their technologies plundered.   Attorneys had their clients' confidential files stolen, and on rare occasion posted on the Internet.   Espionage is after all espionage, and every great power does it on friend and foe alike.   When the Chinese steal billions of worth of intellectual property from American firms the United States government can not complain.   American companies losing billions in property in this game is a price borne by them so their government can maintain the international norm that anything goes when it comes to government espionage, the dictum upon which the actions of all American intelligence bureaus exist.

 

And then of course came the criminals.   Vast, vast hoards of criminals.   From Brazil and Romania and Ukraine and China, India and Pakistan and Russia, and the Bulgarians too to name a few.   Hackers trained in government bureaus plucked out of low wage civil service to the lucrative underworld of organized crime from five continents.  Extortion petty and grand, fraud against insurance companies, health care providers, banks and lenders, direct theft from accounts, identity theft on enormous scales.   Tally the monies lost to criminals, and combine it with the value of intellectual property stolen, and add the hundred billion spent by 2016 worldwide to pay for "cyber security" services of dubious merit, and together the cost of the world's use of the Internet for doing things it used to do cost-free in other ways is a staggering 3 trillion dollars a year.   Three trillion dollars is the number pegged by the firm Cybersecurity Ventures for the total cost worldwide, this including of course the problem of losses due to reputation from various things including loudmouths on the Internet taking advantage of the "democratizing" aspect of the babel called "social media."

 

This three trillion dollars for 2015 is of course growing, not shrinking, despite the fact that "cyber security" firms have ballooned in their revenues (and their promises) in the past few years to a whopping one hundred billion dollars a year and climbing, prompted by scandal after scandal and case after case of the world's best known brands having had their entrails penetrated and purloined.   Law firms' clients, political parties, and Yahoo account holders all secreted by hackers operating in a world of undisclosed risks to the public in which no one is safe and anyone can be targeted by anyone on the globe with the skills to do it.

 

This is a $3 trillion dollar loss to the legitimate world of producers and creators.   It represents wealth passed to criminals from everyone else, as well as the fat paychecks of cyber security geeks who create nothing and at best merely maintain property already created by others.    Aside from those selling houses and cars to these criminals it is a colossal loss of wealth to the world, and a tax on every human being, all because these functions which used to be done in secure ways are now performed on the Internet which was never designed or intended to be used in such ways.

 

So the first principle remains unchanged.   The Internet was never designed to be used by the public.   If the public is going to use it, for whatever purpose they are told they might, then they must adopt an awareness of how it works and what is safe to do and what is not.   Call it "hygiene" or safe practices for lack of a better term.   It's easy enough to keep all computers with anything sensitive on them off the Internet altogether.   It's what the National Security Agency does.   That solves the problem of crime and espionage.   Government surveillance is another matter.    Denying access to data to criminals and intelligence spooks can be achieved by never connecting your working computer to the Internet, and then using a separate computer containing only cooking recipes and the like for Internet browsing and streaming of old George Raft movies.  When it comes to government surveillance and the intrusions of Facebook, Google, and other robber barons of the gilded early 21st century, that will require more than individual actions and choices.  Cyber techie geeks like Bruce Schneier. (whose valuable Youtube lectures litter the Internet) and others preach that the answer lies in yet more technology.  "The problem is we've made surveillance too cheap, and the answer is to make it costly again," Bruce is fond of saying.   He and his ilk seek only to "make it costlier for the government to collect bulk data," by users adopting an array of technical counter measures including (but not limited to) encryption.   But encryption can be defeated.   It might be costly but who ever said the National Security Agency doesn't have money?   Their budget is perhaps as big as all the budgets of all the other intelligence agencies of the world combined.    It certainly dwarfs the C.I.A. and all other American bureaus combined.   Where does all the money go?   Well try payments to private communications companies the world over to buy their compliance.   That's an easy way to spend a mountain of money every day.

 

Technical solutions are of course the remedy preferred by techies.   It continues their priest-like elite status in this absurd game, and is a "force that gives them meaning" in their egotistical contest pitting themselves against whichever color hat they are opposed to at the moment.   But technology is not the answer here.    The answer is to insist on re-gaining the status of citizens which our fathers and grandparents took for granted.   The gentry who founded this country thought a lot of status, and the insults and injuries which an honored one was meant to prevent.    It was the birthright of all Americans until this present generation that they not be made into a transparent creature of society and it's institutions.   It was taken for granted that the basis of meaningful liberty is the ability to think and act away from the potential disapproval of a majority.    When and if the public becomes aware of what has been lost will there be the same kind of organizing which routinely reshapes statutes and standards.   Most Americans today are employees somewhere, working in some kind of absolutist tyranny if to do nothing but pay their bills.  So they may, or may not, cherish privacy and independence which was bedrock to the self worth of their more self-employed forefathers and foremothers.   Time will tell, but it's our choice.   We get to choose.    It's time however to put this evil and obnoxious genie back in the bottle. 

 

Any standard definition of "hacking" describes it as involving the hijacking of someone else's computer by introducing coded instructions in it so it does things it was not intended by it's user to do.    This may be accurate.    But by first principles isn't it the user who is using the Internet to do things it wasn't intended to do?   Of course the user doesn't want the Internet to open his computer up to anyone else on it also, but it does.  That's the way it was designed.   He may wish to wall off his hard drive and memory from access by others.   He may lobby the government to criminalize hackers who penetrate those data defenses.   But in the end he will always be up against an unchangeable, basic reality which no amount of counter-measures and ideals can reform.    I submit it is really the hackers who are those keeping faith with the meaning of the Internet.   It is they alone who inform the rest of us of the Internet's true nature, and like all things natural we do ourselves harm when we pursue the folly of denial.

 

--- Michael Froelich,

 

founder, Armordata Secure Computing

HOME