Fixing the Internet
- 12 May, 2008 11:37
Long-time readers know that I often rant about how insecure the Internet is, and how few solutions will do anything to change that equation during the next 5 to 10 years. I've also recommended a handful of solutions over the years, and accepted the resulting criticism that goes along with proposing big ideas.
Privately, and not so privately in this column and other public forums, I've been proposing specific solutions to make the Internet significantly more secure during the next five years. If you know me personally, you would also know that other than my family, I think of nothing else but how to secure the Internet. I've been thinking about it since the early 1990s, every waking hour of every day. I think about it during my early morning workouts, in the shower, while stopped at stoplights, and while getting my haircut. It's no exaggeration, although it's more than a little embarrassing to admit that I spent my honeymoon thinking and writing about a possible solution. Thankfully, my lovely wife understands my quest. I truly think that, work-wise, I was put on this planet to make the Internet a more secure place to compute. Mentally, it defines who I think I am. If I fail to assist in this endeavor, in some measurable way, then I haven't met a major life goal.
Recently, two of my biggest ideas have independently ended up in other group's proposals and standards (neither group appears aware of my ideas). One was Microsoft's End-to-End Trust, announced a few weeks ago at the last RSA conference; and the other the recently announced Trusted Computing Group's IF-MAP standard. Although I've proposed very similar ideas, in this column and other online forums, only participating readers are aware of the early existence of my ideas (as compared to the newer initiatives).
It reinforced the notion that I'm not alone in my thinking, of course, and that many other individuals have the exact same ideas. What human good might happen if we shared and debated our ideas? In that spirit I've decided to release a formal whitepaper entitled Fixing the Internet: A Security Solution. It encompasses all my main ideas, including how to practically build on the ideas of End-to-End Trust and IF-MAP (which are both laudable solutions).
Here is a brief re-cap of the document: Any solution proposed to secure the Internet must be:
- Vendor Independent (Non-Proprietary)
- Using an Open and Transparent Process
- Voluntary Opt-In
- Performance Neutral
- With Least Service and End-User Interruption as Possible
- Driven by User and Vendor Self-Interests
As difficult and complex as this seems at first, it can be accomplished.
It will require two major Internet infrastructure changes. First, it will require a global, Internet security "dream team" to meet and solve the problems. Second, it will require a new global Internet security infrastructure service to handle the dream team's global initiatives.
That's it. The whitepaper covers each of these issues, along with the motivations and explanations behind the ideas. I hope you'll take the time to read it.
Not everyone will agree with what I have said, but I hope both sides, supporters and critics, will write back and participate. It's easier to tear down a barn than it is to build one, but I know that there are several ways to make a barn, many styles of barns, and mine isn't the only way. Even if I don't have all the solutions, I want to provoke a dialog that starts a discussion about the real solutions to the Internet's security problems. If you disagree with my ideas, I only ask that you propose your idea for fixing the Internet along with your criticism.
"Never doubt that a small group of thoughtful, committed citizens can change the world; indeed, it's the only thing that ever has." -Margaret Mead