Vint Cerf's Internet Safety

At the Internet Society NY INET conference, there was a wide-ranging discussion on a variety of topics, from Net neutrality to privacy. A highlight was Vint Cerf’s keynote in the afternoon. He focused on the importance of safety mechanisms for those using the Internet--safety in terms of being protected from abusive behavior and safety in terms of the ability to speak freely and, where and when needed, remain anonymous. These are big issues in the international theater.

Cerf carefully balances anonymity and identification by making a clear distinction between an identifier, which is some unique blob of data, and identification, which relates to a specific person or computer. What hangs in the balance is the user's ability to determine to whom and when they want to identify themselves to someone else. If you are a corporate whistle blower or a rebel in an oppressive regime, you probably want to protect your identity lest you be fired, jailed or killed for your actions.

However, if you are using the Internet to buy shoes with a credit card, you want the shopping application to ensure that you are using your credit card and not someone who has stolen your identity. There are a number of examples where you want to share your identity--or not--and organizations like ISOC, standards groups, nations and concerned parties are trying to define policies and technologies that can address competing concerns.

Identity leakage is pervasive, and it exists up and down the application stack. For example, IPv6 nodes using Stateless Address Auto Configuration (SLAAC) will typically use a computer's NIC MAC address as the host portion of the IPv6 address. MAC addresses are globally unique and, when combined with network components from router advertisements, should enable globally unique IPv6 addresses. However, since MAC addresses don't change, the host identifier is a good way to track computers and therefore users, as they move from network to network, globally. IETF RFC 4941 "Privacy Extensions to Autoconf" defines "mechanisms that eliminate this issue in those situations where it is a concern."On the one hand, Cerf suggests we want to be protected from spam and viruses while we are interacting on the Internet, and filtering mechanisms are not as effective as we would like. He suggests that via strong authentication, we can be protected from spam or viruses because we can choose to accept email and files from only those people or services that we can authenticate and trust.

At the same time, we also want to identify those that are abusing the Internet and services so that spammers and those distributing malware can be stopped. Where there isn't a technical solution available to stop the bad behavior, we need some other mechanism, such as international treaties and legal agreements, to govern behavior in a way that is agreeable to all nations, including notions of due process and protections of human rights.

Many of the ideas that Cerf and others at the conference put forward are issues that are can be addressed in technical, social and geo-political arenas. Given the members that attended the event--including representatives from the United Nations, law firms, start-ups, vendors and carriers--it's clear that discussions are taking place that may impact the future of the Internet.

Cerf wrapped up with, "We say that the Internet is for everyone, but it isn't yet. We say that it should be for everyone, and I say it must be for everyone. And I hope it will be for everyone."