Ageism is never a good look
There is an argument that goes “the Internet is not secure because it was designed in the 60s (or 70s, or whenever) and back then security wasn’t part of the plan. Now we’ve inherited that legacy of no security, and it haunts us still.” For some reason this has never really sat right with me, but I’ve never really been able to articulate why. Until now…
I think my first intuition with not liking this theory is that the Internet was literally designed for security. They chose a packet switched network so that some parts could be obliterated in a nuclear war and the network itself would remain functional. That is a system designed for a security role.
The next big issue for me is that this theory of inherited insecurity made sense for a while, when TCP/IP was used “raw” even for sensitive data. This was rsh, rlogin, telnet, and the monster that outlived everything — HTTP. This was a legitimate complaint about the internet protocols: they don’t have encryption by default.
The lack of mandated encryption for TCP/IP et al. is actually probably really fortunate. These days we can use modern ciphers rather than everyone being stuck on 3DES because some vendors are so committed to their legacy install base.
The modularity of internet protocols is a good thing (they’re stackable!) and the historical lack of encryption for telnet and HTTP has long been rectified. We live in an age where toasters are perfectly capable of offering https and ssh access. Encryption at the network layer is a solved problem, not something we can blame on the original designers and their weak slow computers.
Which brings me to my real problem with the inherent inherited insecurity theory. The network has very little to do with Internet security, rather it is the software (and to some extent the hardware) on the end points. The software is what gets hacked. The software is where most of the vulnerabilities are. And the software is not from the 1960s. There is no way that Facebook has an account hijack bug, or whatever, because of some design decision made for the ARPAnet during some whacked out coding session in the Summer of Love.
Leave a Reply