Geoff Huston is an Internet Hall of Fame global connector, an honour which acknowledges his “critical role” in bringing the internet to Australia in the 1990s.
“While the Internet was still in its infancy in the US, he was able to complete the construction of a new and rapidly growing network within a few months,” the organisation wrote.
On Thursday, Huston apologised for that.
“The internet is now busted, and to be perfectly frank, it’s totally unclear how we can fix it. We can’t make it better,” said Huston, now chief scientist with the Asia Pacific Network Information Centre (APNIC).
“I’m sorry, I’m really sorry,” he said.
“I actually want to apologise for my small part in this mess we find ourselves in, because it all turned out so horrendously badly.”
Huston is well-known in Australian internet technical circles for his cheerfully pessimistic presentations.
He has, for example, called the internet’s traffic routing system, the Border Gateway Protocol (BGP), a screaming car wreck. Failing to secure the domain name system is savage ignorance.
But during his opening presentation to the NetThing internet governance conference, he cast his net of doom far wider.
In Huston’s eyes, the internet’s collective failures include shoddy programming, haste, lack of regulation, and expensive cybersecurity organisations that are tackling the wrong problems.
“The world of programmers and code generators is actually a world of really, really shocking work,” Huston said, singling out the agile methodology for particular blame.
“[Agile is] the incentive to write even shittier code, even faster, and more of it, because obviously, that’s what we need,” he said with considerable sarcasm.
“With no desire to actually build truly secure systems, in the rush to digitise our world of services, we’re taking extraordinary risks … We cut corners and built fast, shitty code. Maybe we should have said no and walked away from the keyboard. But I didn’t. I’m sorry.”
All the “shiny, bright cyber defence bodies” spend millions and trillions trying to defend internet users, Huston said, while reiterating that they are currently tackling the wrong problems.
“The problem isn’t the folk who are driving all those trucks through these gaping holes. The problem is that it was the people like me who produced insanely shitty code in the first place that made all these holes,” he said.
“The term ‘web security’ is the punchline to some demented sick joke.”
“We had a lot of really wonderful expectations in the late 80s when we thought computers and communication were going to do wonderful things,” he said.
“Where we’ve ended up is rigged elections, fake news, the destruction of livelihoods, the creation of an entirely new global economy based only on surveillance capitalism.”
Huston noted that humans are social animals and that internet pioneers had recognised their ability to change the way society communicated. In doing so, they also recognised that this could change the nature of human society, but they simply didn’t take this to heart, he said.
“None of us envisioned that perversion of our nobly motivated ambition into the sewage of Twitter, the deluge of waste products from the Facebook factory,” he said.
“We only choose to listen to what we agree with these days. The internet’s a gigantic vanity-reinforcing distorted TikTok selfie. And for my part in all this, I am sorry.”
Geoff Huston is an optimist
Malcolm Crompton, once Australia’s first privacy commissioner, now a privacy adviser, was even more pessimistic.
“I think that Geoff was actually being an optimist. I really worry for where we’re at,” Compton told the conference.
“We’re not dealing with a data problem. We’re not dealing with a privacy problem. We’re dealing with a social issue. We’re dealing with people issues,” he said.
“If we forget people, humanity, dignity, respect, freedom, all those other wonderful words, then we’re not heading in the right direction.”
We’ll use technology to get there, but technology itself isn’t the solution, he said.
Crompton agrees with some parts of the final report [PDF] of the recent Digital Platforms Inquiry by the Australian Competition and Consumer Commission (ACCC), particularly the need to address the power imbalance between consumers and the major digital platforms.
“The ACCC’s view is that few consumers are fully informed of, fully understand, or effectively control, the scope of data collected and the bargain they are entering into with digital platforms when they sign up for, or use, their services,” the organisation wrote.
The ACCC also said people should be told more so that they can take control, and should be told in a succinct way so that they can understand.
Crompton disagreed with this, however.
“Don’t expect people to be able to take control by being told more or better,” he said.
“It doesn’t work like that way in the world around us, guys.”
What does work, he said, is things being made safe thanks to a third party writing safety rules or standards that specify how things should be done. Think building codes, automative and aviation safety standards, accounting rules, and so on.
“And unless there are significant market forces that deliver against those rules, there is usually another third party body that makes sure that those rules, frameworks, guidelines, laws are in fact respected and obeyed,” Crompton said.
“Almost everything in the world around us has been made safe for us by third parties we’ve never met who make sure that we can live our lives safely and that we don’t get killed,” he said.
“For some reason we’re stuck in this anomaly with data; that the only way we’re supposed to control the data around us is for us to understand what’s going on.”
Due to this, the ACCC’s recommendation of a modified Privacy Act isn’t the solution, according to Crompton.
“Quite frankly, again to offer another contradiction, the General Data Protection Regulation from Europe is the best privacy law ever written — for the 20th century. It’s not fit for purpose for the 21st century.”
Cybersecurity needs to address network fundamentals first
BGP is fundamental to the security and reliability of the internet, but as Huston has previously noted, it’s a “system that relies on the propagation of rumours”. That can be fixed by deploying the so-called Resource Public Key Infrastructure (RPKI) Route Origin Authorisations (ROAs) to certify the truth of routing messages.
In Australia, for example, Telstra started rolling out RPKI in June, completing that work on its domestic network in July. But these technologies aren’t as widely deployed as they could be.
“If you look at Australia as a whole, less than 20% of the addresses are signed,” said Aftab Siddiqui, senior internet technology manager at the Internet Society.
This means that, even in 2020, more than 80% of Australia’s network operators cannot be bothered.
“Even though it is for free, you don’t have to do anything. It’s just go on a portal supported by APNIC; just go there and just click,” Siddiqui said.
“Yet still, you’re not willing to do that.”
It may seem that we’ve already got so many things to worry about, but Huston added another 14 in his penultimate slide.
They were: digital privacy and anonymity; web security; encryption; quantum computing; AI; advertising models; digital markets and subsidies; cyber warfare; IoT; (any kind of) security; ubiquitous crap software; monopolies; a corrupted political sector driven by lobby interests; and an eviscerated public sector.
If you want to sleep tonight, Huston said, try to forget about all of them.