Putting the life back in science fiction

Gen. Alexander and the Legacy System from Hell

Here I am venturing into something I know nothing about: the Internet. Recently, I read a 1999 quote from Steward Brand, in The Clock of the Long Now (BigRiver Link), that the internet could “easily become the Legacy System from Hell that holds civilization hostage. The system doesn’t really work, it can’t be fixed, no one understands it, no one is in charge of it, it can’t be lived without, and it gets worse every year.”

Horrible thought, isn’t it? What I don’t know about are the legions of selfless hackers, programmers, techies, and nerds who are valiantly struggling to keep all the internets working. What I do know some tiny bit about are the concerted efforts of the NSA, under General Keith Alexander (who’s due to retire this spring), to install effectively undocumented features throughout the Internets and everything connected to them, so that they can spy at will. Perhaps I’m paranoid, but I’m pretty sure that every large government has been doing the same thing. If someone wants to hack us, they can.

So what?

Well, what I’m thinking about is the question of trust, rather than danger. The idea that cyberspace is dangerous goes well back before the birth of the World Wide Web. Remember Neuromancer? Still, for the first decade of online life, especially with the birth of social media, there was this trust that it was all for the greater good. Yes, of course we knew about spam and viruses, we knew the megacorps wanted our data as a product, and anyone who did some poking or prodding knew that spy agencies were going online too, that cyberwarfare was a thing. Still, there was a greater good, and it was more or less American, and it pointed at greater freedom and opportunity for everyone who linked in.

Is that still true? We’ve seen Stuxnet, which may well have had something to do with General Alexander’s NSA , and we’ve seen some small fraction of Edward Snowden’s revelations, about how the NSA has made every internet-connected device capable of spying on us. Does anyone still trust the US to be the good guys who run the Internet for the world? Even as an American, I’m not sure I do.

This lost trust may be the start of the Internets evolving into the Legacy System from Hell. Instead of international cooperation to maintain and upgrade the internet with something resembling uniform standards, we may well see a proliferation of diverse standards, all in the name of cyber security. It’s a trick that life learned aeons ago, that diversity collectively keeps everything from dying from the same cause. Armies of computer geeks (engineers by the acre in 1950s parlance) will be employed creating work-arounds across all the systems, to keep systems talking with each other. Countries that fall on hard times will patch their servers, unable or unwilling to afford expensive upgrades that have all sorts of unpleasant political issues attached. Cables and satellites will fail and not be replaced, not because we can’t afford to, but because we don’t trust the people on the other end of the link to deal fairly with us and not hack the systems they connect to.

I hope this doesn’t happen, of course, but I wonder. Once trust is lost, it’s difficult to regain. On a global level, can we regain enough trust to have someone run the internet as an international commons? A good place? Or is it too late for that? I’m quite sure that US, Chinese, and Russian cyberwarfare experts all will say that their expertise is defensive, designed to minimize damage, and they may even believe it. Still, in the face of so many soldiers and spies amassing online, why trust our lives to this battlefield? Anything we put online might be wiped out or compromised, victim to a battle we neither wanted nor approved of.

Even though I don’t have a reason to like him, it would be sad if General Alexander’s legacy was starting the conversion of the internet into a legacy system. It will also be instructive too, a lesson in how the buildup of military power can backfire (something I think even Lao Tzu commented on). Fortunately or unfortunately, any history written on a legacy system will most likely vanish when the last expert walks away and the owners pull the plug. That’s the problem with legacy systems, you see. Their data can vanish very, very quickly.


6 Comments so far
Leave a comment

Another worry about an information dark age. I agree with what you are saying. Some solutions are appearing: – walled internets around nations, rejection of existing crypto for open versions that aren’t broken, independent nets, providers looking to ensure full end to end security. The internet may be changing or evolving to meet the trust needs of the users. The solutions may well not be optimal compared to the early, more open era, which I find sad. In the end, the systems we have may be more controllable by the end user, especially for sensitive information. The proliferation of solutions that nature has provided as examples may be reflected in the systems we end up with – not perfect, but good enough to keep us reasonably safe.

Comment by alexandertolley

The Internet protocols were originally designed to enable interoperability (inter-networking) in a world that had a much greater diversity of localized networking protocols. If there’s more local diversity introduced in hardware and software to guard against hacking/spying it’s just a reversion to historical norms, and shouldn’t affect the operation of the Internet. I think it’s important to recognize that nobody runs the Internet, just as nobody runs global telephony. A lot of somebodies run different parts of it.

It’s an interesting question whether in the long run improved security will come more from adaptation and chance — an evolutionary approach — or from real, honest to goodness intelligent design. So far most software has gone for evolution. Release a product full of security bugs, react with a patch every time a new vulnerability is reported. We know processes to design much more reliable software. With formal methods you can implement software that is provably defect-free (still won’t help if the NSA has covertly installed a hardware implant on your system). There is no logical reason that e.g. viewing a TIFF image should be an opportunity for someone to install an arbitrary spy program on your computer. The problem is that formal methods, or even security best practices that are recommended for developers who can’t use formal methods, are slower. End users always prefer more features to more security right up until the day after they have a big security incident.

Pretty much the only people who currently don’t rely on the reactive patching model of software integrity are those designing regulated software (like control systems for medical devices and commercial aircraft) or those who know in advance that a single glitch can be catastrophically costly to their own organization (like JPL’s space probe software team). 25 years ago we had about the same miserable state in commercial encryption software. Most of it was developed ad-hoc and not really secure. Today we have pretty decent standards and standard implementations, RSA RNG scandal notwithstanding. Most of the NSA’s spying is focused on bypassing encryption, which is encouraging; it implies that it is impossible or difficult to break arbitrary encrypted traffic. It is possible that software integrity in general can improve in a parallel fashion, especially as more security is provided at a platform level as opposed to delegating the responsiblity to individual application developers.

Comment by Matt

H – this has nothing whatsoever to do with the above post, but I figured I’d put it where you might notice it.
You had an earlier post about long necks in plesiosaurs and electromuscular organs. In light of that, you might find the following (http://link.springer.com/article/10.1007%2Fs00114-014-1173-3/fulltext.html) of interest.

Cheers – Lars

Comment by Lars

Thanks Lars.

Comment by Heteromeles

It doesn’t seem I’m able to email you; I just wanted to say your comments on Charles Stross’s blog stand out in the way of mindfulness and are a pleasure to read. This blog seems great too, I will have to check it out more!

Comment by a scruffian

Thank you, I appreciate it.

Comment by Heteromeles

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: