Back in 1996, Bob Metcalfe, inventor if Ethernet, founder of 3COM, predicted,
“The Internet is collapsing; the question is who’s going to be caught in the fall The Internet might possibly escape a “gigalapse” this year. If so, I’ll be eating columns at the World Wide Web Conference in April. Even so, Scott Bradner should still be concerned about the Internet’s coming catastrophic collapses.”
Bob Metcalfe, From the Ether, November 18, 1996 InfoWorld
Bob got a lot of press and ongoing discussion out of that prediction.
As it happened, he didn’t have any longterm data when he made it. He came to me and I supplied him some. Partly because of that data, he changed his prediction from a gigalapse to lots of little catastrophes, and ate his prediction.
It’s that time again: Internet collapse predicted. Several people have pointed me at the PFIR conference on Preventing the Internet Meltdown, which is taking place now at a hotel near LAX.
Lauren Weinstein announced this conference back in March, in conjunction with Peter G. Neumann (his usual collaborator) and Dave Farber. Farber has long been active in Internet forward thinking, and posted it on his Interesting People mailing list (which is like a blog, but in mail, and has been going on longer than any blog).
It looks like an interesting lineup, with many of the usual suspects who have been active in organizations from IETF to EFF to DHS. The first speaker listed is the same person Bob named: Scott Bradner of Harvard, long influential in IETF.
So how is this 2004’s prediction any different from 1996’s? The concerns are different. Bob said:
“Let’s be concerned that large portions of the Internet might be brought down not by nuclear war but by power failures, telephone outages, overloaded domain name servers, bugs in stressed router software, human errors in maintaining routing tables, and sabotage, to name a few weak spots.”
In other words, mostly failures in the basic routing fabric of the Internet, or in its underlying physical infrastructure.
“A continuing and rapidly escalating series of alarming events suggest that immediate cooperative, specific planning is necessary if we are to have any chance of avoiding the meltdown. “Red flag” warning signs are many. A merely partial list includes attempts to manipulate key network infrastructures such as the domain name system; lawsuits over Internet regulatory issues (e.g. VeriSign and domain registrars vs. ICANN); serious issues of privacy and security; and ever-increasing spam, virus, and related problems, along with largely ad hoc or non-coordinated “anti-spam” systems that may do more harm than good and may cause serious collateral damage.”
In other words, mostly problems external to the technical infrastructure of the Internet, most of them either attacks on parts of the Internet or reactions to such attacks. A lot has changed in 8 years. Basically, use of the Internet has skyrocketed since 2000, making it an attractive target for all sorts of nuisances and attacks.
Back in 1996, Bob Metcalfe described the problem:
“Because the Internet’s builders believed that it defies management — it’s alive, they say — they punted, leaving no organized process for managing Internet operations. Where are circuits inventoried, traffic forecasts consolidated, outages reported, upgrades analyzed and coordinated? As my programming friends would say, the Internet Engineering and Planning Group and the North American Network Operators’ Group are by most accounts no-ops — they exist, but they don’t do anything.
“But the Internet is not alive. It’s actually a network of computers. And somebody, hopefully cooperating ISPs, should be managing its operations.”
In 2004, Lauren Weinstein’s description of the root cause is essentially the same:
“Most of these problems are either directly or indirectly the result of the Internet’s lack of responsible and fair planning related to Internet operations and oversight. A perceived historical desire for a “hands off” attitude regarding Internet “governance” has now resulted not only in commercial abuses, and the specter of lawsuits and courts dictating key technical issues relating to the Net, but has also invited unilateral actions by organizations such as the United Nations (UN) and International Telecommunications Union (ITU) that could profoundly affect the Internet and its users in unpredictable ways.”
Bob’s specter back in 1996 was telephone companies taking over from traditional ISPs. That one happened.
Lauren’s specter of the UN and ITU is currently in progress. It may happen, too.
However, the telcos didn’t solve the problem. Will the UN or the ITU?
Maybe they’re trying to solve the wrong problem. Maybe what the Internet needs is not, as Bob put it sometimes, to be run like AOL. Maybe what the Internet needs is more cooperative decentralization, and new means to achieve it.
According to the conference program, Lauren’s conference is dealing with many of the usual approaches, from IETF operational coordination to copyright law to government cybersecurity policies. These are all important issues, and the speakers all appear to be knowledgeable experts in their fields.
Yet there are more things that could be done. What about software vendor liability, such as Hal Varian has been calling for since 2000.
Or software diversity, such as Dan Geer and Scott Charney recently debated at USENIX, and that Geer wrote about last fall (I was one of his co-signers), and that I wrote about the year before that.
What about financial risk instruments, such as insurance, catastrophe bonds, or performance bonds, even though Wally Baer of Rand, who has written about importing such instruments from the electrical utility industry to the Internet works down the street from the conference hotel.
Or capital withholding, e.g., as in Basel II; if big international banks, which tend to be rather competitive, can get their act together, it might be worth seeing if the Internet can use any of their risk management techniques.
What about reputation systems, or the risk management plans that Lord Levene, Chairman of Lloyds, recommended back in April that every board should have at the top of its agenda?
The problem goes beyond technology or even the law, into society, politics, and finance. No single organization can run all that. Or at least I hope not.