After fifty years, the internet is in need of reform

When we send an e-mail, post on Instagram, visit a website, or stream music or a film, most of us barely stop to think about the technology making it possible. Yet, without us being aware of it, data packets are racing back and forth at lightning speed between our device and a data server, which might be almost anywhere in the world. All made possible by the infrastructure of the internet, which consists not only of hardware, such as cables, antennas and servers, but also of an invisible intermediate layer of software. That intermediate layer is actually the true internet: a network of interconnected computer networks, which exchange information on the basis of agreed protocols. We often hear about problems associated with the internet, such as the erosion of privacy and the dissemination of fake news. However, most of those issues are not problems with the internet itself, but with services that make use of the internet, such as social media platforms. It is therefore to those services we must look for solutions. We hear far less about the problems that affect the internet infrastructure. Yet that vital intermediate layer is itself in need of reform to bring it in line with the needs of modern society, such as the need for greater digital autonomy.

Runaway growth

The internet's original design dates back to the 1970s, explains Cristian Hesselman, Director of SIDN Labs. "In those days, the internet was used mainly by universities, for communication and to enable hardware sharing, for example. Security wasn't an issue, because the users all knew each other." In the half century since, the internet has grown from a handful of computers in science and technology departments to a global grid linking more than 70,000 distinct networks – including Dutch networks operated by companies such as KPN, T-Mobile and VodafoneZiggo. Yet the internet's basic design has barely changed. And that's increasingly problematic, because more and more critical applications now rely on the internet. Energy grids, cars, medical equipment, factories, drinking water production plants and bridges are just a few examples. For such applications, a reliable internet infrastructure that gives service providers more control over data in transit is vital.

"The basic design has barely changed, and that's increasingly problematic."

However, the internet's design leaves the routing of data packets through the various networks to the infrastructure itself. The internet selects the shortest route, involving as few intermediate networks as possible, and automatically reroutes the data in the event of a fault. That capability is very useful, but the set-up means that routing and intermediate networks selection is a black box. And that is a fundamental drawback, according to Hesselman. "The networks are constantly changing. You may get a security vulnerability arising in the network software along the line, or your data may unexpectedly be routed via another jurisdiction, which the data sender doesn't trust. International tensions can be significant in that context. For example, there's a lot of discussion going on about apparent vulnerabilities and espionage risks created by European telecoms companies installing 5G equipment made by Chinese manufacturers."

Problematic lacuna

Hesselman therefore believes that critical application operators should have more insight into and control over the internet's infrastructure to increase their digital autonomy. Just as you can track and trace a physical parcel, the route taken by a data packet could be followed if a system of certificates or tokens were adopted. Service operators would then be able to use that information to route their traffic away from routes they don't trust. "If you know who is handling your data, you can decide whether their security provisions, geographical location, jurisdiction and software are to your liking. Do they use open-source software, for example? [That is software whose source code is open for anyone to inspect, ed.] Are there any 'back doors' in the security?" With a view to enabling traceable and controllable data flows, SIDN Labs is connected to SCION, an experimental internet infrastructure created by ETH Zurich, a Swiss university of technology. ETH has developed open-source software that gives internet users more control over the networks used to route their data. The software is already being used in test environments operated by network operator Swisscom and by various banks and embassies. The new network is at a very early stage of development, however. "In Europe, there's very little interest in the internet's infrastructure," says Hesselman. "That's a problematic lacuna. Responsible AI, where people have more insight into the decisions made by algorithms, has become a topical concept in recent times. I'd like to see the concept of a Responsible Internet on the agenda as well."

Inherently secure

Improved traceability isn't the only thing the internet needs. Present-day encryption technologies are not future-proof, because of the rise of quantum computers. Such super computers don't yet exist, but scientists are working hard on their development, and the expectation is that they'll come on line in ten to fifteen years. Quantum computers work with quantum bits (qubits), which can have multiple statuses and simultaneous values of 0 and 1. As a result, they will have far more computational power than conventional computers, and consequently the ability to crack present-day encryption. That's a major concern. Not only for the future, but also for the here and now, argues Jesse Robbers, CEO of QuantumDelta NL. "It's already possible to intercept encrypted data sent and received by governments and banks. If an interceptor retains that data, even though they can't currently access it, they will be able to read it in the future using a quantum computer. The potential therefore exists for state secrets or banking data to fall into the wrong hands." Developers are therefore working hard on Quantum Key Distribution, a technology that involves sender and recipient both having a unique key, made up of qubits that become unstable if intercepted. As a result, it's inherently secure.

"Security and speed are the two big pluses of a quantum internet."

After the quantum computer, the next step will be an entire network running on qubits: a quantum internet. An important step in that direction has already been taken in Delft, where scientists realised the first quantum network linking three locations. Security and speed are the two big pluses of a quantum internet. Additional speed will allow far greater volumes of information to be exchanged than is currently possible. "Because quantum bits are entangled, the status of any pair is always the same," says Robbers. "That'll probably mean that complete datasets don't need to be transmitted, just parts of them." For security reasons, Robbers expects governments and banks to be amongst the first users. Closely followed by researchers and companies that work with complex data models. "Quantum computers will be hugely beneficial to the development of climate models, pharmaceuticals or chemical formulas. Applications like that require huge computational power." Development is likely to take place largely in the background, Robbers expects, since physical changes to the connecting infrastructure won't be needed: existing fibre-optic cables should be capable of carrying qubits. Robbers anticipates the first quantum networks being up and running within a few years.

Invisible

For the time being, most of us are unlikely to notice any evidence of the developments propelling us towards a traceable, more secure and faster (quantum) internet. But Hesselman and Robbers both believe it's only a matter of time before we do begin to notice the effects of those developments. "Quantum technology will ultimately filter through to everyday life," predicts Robbers. "Quantum encryption of data from smart thermostats, and self-driving cars connected to the internet are a couple of possibilities that spring to mind. That kind of thing may be ten or twenty years away yet, though." Hesselman believes that internet users ought to have more control of their data. They should be able to see not only who is transporting their data, but also where the data is and what's happening to it. "If you buy a smart device from an electronics store, it should come with an information sheet, like an over-the-counter medicine. But, instead of telling you about side-effects, it would tell you what information the device sends, where it sends it, and why. That's important because smart devices are increasingly invisible, and the time will come when you're no longer aware of where they all are. There may be smart technology in your doorlatch or your bathroom floor, for example. Giving users more control of their data is vital if we want the retain the trust of organisations, governments and private citizens in our digital infrastructure."