James Seng posts a reminder that Dewayne Hendricks had noted an interview with David D. Clark in which Clark asserts that the Internet’s lack of built-in security has become an increasingly serious problem. Clark phrases it as a classic case of risk management:
…he observes that sometimes the worst disasters are caused not by sudden events but by slow, incremental processes — and that humans are good at ignoring problems. "Things get worse slowly. People adjust," Clark noted in his presentation. "The problem is assigning the correct degree of fear to distant elephants."
The Internet is Broken, David D. Clark, Monday, December 19, 2005 Technology Review
No tsunami warning system in the Indian Ocean, no adequate levees in New Orleans, and no adequate built-in security in the Internet. Indeed, the distant elephants are upon us. Sometimes people can say they didn’t know, sometimes it’s hard to understand how those responsible couldn’t have known, and sometimes people just thought it was a distant enough problem that they didn’t need to deal with it yet. All these are ways that people don’t see the elephant. Denial, corruption, short-sightedness; whichever way, letting the elephants sneak up on you isn’t a good idea.
This isn’t the usual Internet Collapse Predicted sort of story, and Clark isn’t the usual predictor. For many years he was known officially as the Internet Architect, the person who was supposed to guide protocol designers and implementors in making the whole thing work. He’s one of the inventors of the Internet, and one of the key people who made it work and grow as fast as it has. And he’s been warning of this flaw since at least 1992. Furthermore, he’s proposing a redesign that might actually do some good. The article notes that NSF has a large project to do just that. More on that later.