Danny Hillis – TRANSCRIPT
So, this book that I have in my hand is a directory of everybody who had an email address in 1982. Actually, it’s deceptively large. There’s actually only about 20 people on each page, because we have the name, address and telephone number of every single person. And, in fact, everybody’s listed twice, because it’s sorted once by name and once by email address. Obviously a very small community. There were only two other Dannys on the Internet then; I knew them both.
We didn’t all know each other, but we all kind of trusted each other, and that basic feeling of trust permeated the whole network, and there was a real sense that we could depend on each other to do things. So just to give you an idea of the level of trust in this community, let me tell you what it was like to register a domain name in the early days. Now, it just so happened that I got to register the third domain name on the Internet. So I could have anything I wanted other than bbn.com and symbolics.com. So I picked think.com, but then I thought, you know, there’s a lot of really interesting names out there. Maybe I should register a few extras just in case. And then I thought, “Nah, that wouldn’t be very nice.”
That attitude of only taking what you need was really what everybody had on the network in those days, and in fact, it wasn’t just the people on the network, but it was actually kind of built into the protocols of the Internet itself. So the basic idea of IP, or Internet protocol, and the way that the — the routing algorithm that used it, were fundamentally “from each according to their ability, to each according to their need.” And so, if you had some extra bandwidth, you’d deliver a message for someone.
If they had some extra bandwidth, they would deliver a message for you. You’d kind of depend on people to do that, and that was the building block. It was actually interesting that such a communist principle was the basis of a system developed during the Cold War by the Defense Department, but it obviously worked really well, and we all saw what happened with the Internet. It was incredibly successful. In fact, it was so successful that there’s no way that these days you could make a book like this.
My rough calculation is it would be about 25 miles thick. But, of course, you couldn’t do it, because we don’t know the names of all the people with Internet or email addresses, and even if we did know their names, I’m pretty sure that they would not want their name, address and telephone number published to everyone. So the fact is that there’s a lot of bad guys on the Internet these days, and so we dealt with that by making walled communities, secure subnetworks, VPNs, little things that aren’t really the Internet but are made out of the same building blocks, but we’re still basically building it out of those same building blocks with those same assumptions of trust. And that means that it’s vulnerable to certain kinds of mistakes that can happen, or certain kinds of deliberate attacks, but even the mistakes can be bad.
So, for instance, in all of Asia recently, it was impossible to get YouTube for a little while because Pakistan made some mistakes in how it was censoring YouTube in its internal network. They didn’t intend to screw up Asia, but they did because of the way that the protocols work. Another example that may have affected many of you in this audience is, you may remember a couple of years ago, all the planes west of the Mississippi were grounded because a single routing card in Salt Lake City had a bug in it. Now, you don’t really think that our airplane system depends on the Internet, and in some sense it doesn’t. I’ll come back to that later. But the fact is that people couldn’t take off because something was going wrong on the Internet, and the router card was down.
And so, there are many of those things that start to happen. Now, there was an interesting thing that happened last April. All of a sudden, a very large percentage of the traffic on the whole Internet, including a lot of the traffic between US military installations, started getting re-routed through China.
So for a few hours, it all passed through China. Now, China Telecom says it was just an honest mistake, and it is actually possible that it was, the way things work, but certainly somebody could make a dishonest mistake of that sort if they wanted to, and it shows you how vulnerable the system is even to mistakes. Imagine how vulnerable the system is to deliberate attacks. So if somebody really wanted to attack the United States or Western civilization these days, they’re not going to do it with tanks. That will not succeed.
What they’ll probably do is something very much like the attack that happened on the Iranian nuclear facility. Nobody has claimed credit for that. There was basically a factory of industrial machines. It didn’t think of itself as being on the Internet. It thought of itself as being disconnected from the Internet, but it was possible for somebody to smuggle a USB drive in there, or something like that, and software got in there that causes the centrifuges, in that case, to actually destroy themselves.
Now that same kind of software could destroy an oil refinery or a pharmaceutical factory or a semiconductor plant. And so there’s a lot of — I’m sure you’ve read a lot in papers, about worries about cyber attacks and defenses against those. But the fact is, people are mostly focused on defending the computers on the Internet, and there’s been surprisingly little attention to defending the Internet itself as a communications medium. And I think we probably do need to pay some more attention to that, because it’s actually kind of fragile. So actually, in the early days, back when it was the ARPANET, there were actually times — there was a particular time it failed completely because one single message processor actually got a bug in it.
And the way the Internet works is the routers are basically exchanging information about how they can get messages to places, and this one processor, because of a broken card, decided it could actually get a message to some place in negative time. So, in other words, it claimed it could deliver a message before you sent it. So of course, the fastest way to get a message anywhere was to send it to this guy, who would send it back in time and get it there super early, so every message in the Internet started getting switched through this one node, and of course that clogged everything up. Everything started breaking. The interesting thing was, though, that the sysadmins were able to fix it, but they had to basically turn every single thing on the Internet off.