- Use Signals. Traffic signals and signage establish the rules for using a local road infrastructure segment. They explain what drivers should expect from the road and from other drivers, alert us to potential hazards, and announce upcoming road conditions. When using the Internet, users have very limited access to this type of infrastructure use information, essentially forcing us to go from place to place blind.
- Education. To be allowed to drive, we are required to demonstrate that we have a basic level of experience in using the road infrastructure well. To attain that, we have to be able to read road signs, obey traffic signals, and use a vehicle in a safe and predictable manner. For the Internet, we don't need to know anything about how to conduct ourselves safely and respect each other.
- Monitoring. Municipalities accept responsibility for the road infrastructure, routinely and constantly watch roads to identify threats, target inappropriate usage, and detour traffic around hazards. This monitoring can take many forms that are often aggregated to determine abnormal behavior. The Internet Infrastructure has no such monitoring, depending instead on service providers and users to perform similar functions. The resulting flexibility comes at the expense of visibility, leaving the Internet in a perpetual "fog of war" state for most organizations and forcing them to individually invest where shared investment would be much more cost-efficient and effective.
- Enforcement. If we're caught violating standard driving principles, then we receive warnings, pay fines, lose the authorization to continue driving, or get arrested for flagrant actions (even those that may due more to ignorance than intent). Without any similar authority accepted on the Internet, users are forced to depend on a "honor system" utopia.
Wednesday, July 11, 2012
Tackling the Untrustworthy Internet
Imagine that each of us would need a tank to safely drive on the road. We would be well protected from any obstacles that could come our way, but at the expense of speed, agility, and cost. We could also blow each other up, forcing us to buy bigger and better tanks all of the time to retain a consistent state of security. That's the kind of environment that companies face when using the Internet. Rather than being able to invest in economical transport, each has to regularly procure stronger individual protection to defend themselves. What went wrong? When we drive an automobile, motorcycle, truck, or other vehicle, we can safely assume that there are common standards that govern the road and a basic set of rules that promote a common, predictable behavior. While specifics may vary around the world, the basics remain the same and help ensure that the roads are safe for private use, to conduct commercial activities, and to move people consistently over great distances. We trust the infrastructure and (generally) trust others to all abide by common rules of use. Unfortunately, we are so far failing to realize the same success for instilling trust in the Internet infrastructure. According to Wikipedia, the basis for the road infrastructure trust developed rapidly. Laws requiring that drivers be tested to receive a license to drive began in the United States during the 1910s. The installation of the first electronic traffic signals and stop signs came shortly thereafter. Given that Henry Ford hadn't even begun mass producing the Model T until 1914, history shows that societies around the world recognized the need for establishing consistent road behavior before automobiles became too prominent. By the 1950s, consistent standards and behaviors resulted in a fairly trustworthy infrastructure and nations had begun establishing safety standards for the vehicles that used it. Assuming that the founding of the first Internet Service Providers (ISPs) around 1990 represents the Model-T moment for the Internet infrastructure, then I submit that we've missed every key milestone in developing a trustworthy infrastructure in over 20 years that we were able to achieve for the road infrastructure in less than 10 years. What's worse is that we aren't even close to achieving any of the major milestones. Here's a brief look at each of the key functions that I argue we need to meet to establish a trustworthy Internet infrastructure.