 We're back. We're here at MIT in Cambridge, Massachusetts. I'm here with Jeff Kelly. This is Dave Vellante. David Clark is here. He's a senior research scientist at MIT. Inventor of TCPIP or the Computer Science and Artificial Intelligence Lab. Welcome to theCUBE. And thank you for having me. A.I. is making a comeback. I'm happy to see you. Well, you know, our lab is Computer Science and A.I., but no, A.I., it never went away. Well, you know, I mean, I guess not, not in your world, but, you know, in our world where we talk to a lot of, go to a lot of events in the big data world that's coming back with a storm in the analytics space. I mean, people are actually beginning to make money off of A.I., so that maybe that's what's true. A.I. is whatever we don't know how to do it. Yeah, as soon as you learn how to do it, it spins off as its own discipline. They used to do vision, but now that's just called vision. Okay, so they have monetized A.I. It's like philosophy. It's whatever we don't know how to do yet. But that's not what I do. I do networking. Right, so, well anyway, we were talking, you were one of the cousins or grandparents of TCPIP, but. Yeah, one of, that's right, one of. So, we're talking about off camera, what an amazing journey that has been. And you said, you're gonna have a bumper sticker, this is not a test. So did you foresee the massive potential of TCPIP, you and your team? Well, you know, in the 1970s, we thought we were gonna hook every computer in the world together, and we thought there were gonna be 100,000. And the thing that really shook us up was the personal computer, because when that happened, all of a sudden we had this exploitative deleted moment, where we realized we weren't hooking up hundreds of thousands of computers, we were hooking up hundreds of millions of computers. And if you look at what we did during the 1980s, it was all about scale. We had to redo the routing to make it scale. We had to redo the domain names to make them scale. We had to redo the standards organization to make it scale. And so the real shocker was when we realized every person in the world could have a computer. And now of course, the last time, every time I've estimated how big the internet is gonna be, I undershoot. So the last time somebody asked me, I said a trillion devices. Yeah, that's probably about right. That's probably about right. You know, that's only about 100 per person. But redoing things to make it scale, that's not trivial. I mean, in fact, there are very few examples in this industry of successfully redoing things to make them scale. And usually something else replaces it and disrupts it. That's right, that's right. And we've lived through a whole bunch of orders of magnitude of scale here. So we were, I think, both lucky. And in some respects, clever. You got it right. Yeah, not that we exactly know what we were doing back in 1975, but you know. Gut instinct goes a long way, I guess, with smart people. So we're here at this cyber politics, international relations conference, pretty eye-opening. I call it a conference. It's really a workshop, about 100 folks here. We heard this morning, when we sat in the sessions about this sort of gap between the development in cyberspace and the ability of international relations to keep up. And that has a lot of ramifications of the future of the internet, the adjudication mechanisms. But what are your thoughts on what you've heard today? And maybe you could summarize the day for us. Well, one of the framings of this conference was internet security and the governance gap. And I think what we were getting at with that title was that security is one of the major issues that's gonna shape the future of the internet. Are we going to have a network that breaks into parts? Are we gonna have a network that greatly restricts what you can do? A lot of the security problems we have today we have known about for a long time. We've been addressing for a long time. But there's nobody in charge. And that's probably a good thing most of the time. And so the question is what does it take to make some of these problems, to mitigate some of these problems? And what are the organizations that can do it? If you look at the organizations that are actively dealing with security today, many of them are groups of 100 people that meet each other because they trust each other and they don't scale because they're built on trust. Large state organizations like the ITU can say, look, we represent the collective sovereignty of the states but it's not clear that that organization understands how to get down and dirty when it comes to dealing with specific security problems. So I asked a challenge today, I said, for several of the specific security issues that people identified, cyber crime or espionage, name me the active organizations that claim I am playing a leadership role and I believe I have both competence and legitimacy to be resolving these problems and the answer is a big silence arises. And so one of the things you could say is well a lot of the attention today is about ICANN. What does ICANN do about the future of the internet? Two things, addresses, that's really critical because we ain't got enough. And the other is they manage domain names but okay they just created a whole bunch of new top level domain names. Here's a really simple question. Five years from now will the internet be materially different if they did or did not create those names? No, okay. So what's really important and who's dealing with it? And that to me is what the gap is about. So one of the reasons we're really excited to be here is John Furrier, my partner and often co-host of the cubes out in Silicon Valley. When he created Silicon Angle, he created the tagline where computer science meets social science. So we're thrilled to be at an event like this where it's just not all about the technology. It's about that type of intersection. So can computer science successfully coexist with social science? Well yes, but each has to learn how to speak the other guy's language. And this has been a five year project and I think we spent the first year or maybe a year and a half just learning how to talk. Now my roots are sort of geeky here and so if you ask me to explain the internet I might if I wasn't paying attention begin by saying the word layers, okay? And when you're dealing with policy makers layers don't matter unless you can explain to them why they do. Stacks are pancakes. That's right. And so you have to find a way of taking the structure of the internet and not, oh let me lovingly tell you about all the layers. You have to do something different which is let me tell you the things that matter to you. Where are the points where we are contending over control? And just telling you the internet is a layer doesn't help you bring out the points of control. So we know what we fight over, right? We fight over addresses, we fight over names. We fight over other things too. We fight over who controls the software in your computer. We fight over whether you have the right to control the software in your computer. So if you think about a simple task like reading a webpage and you say what are all the things you have to do before you can look at a webpage where step one, and I'm not being ridiculous here, is buy a computer. From step one you're making decisions about what parties you've vested control in. Would I rather have Apple software or Microsoft software? And people say, well, when has one of these people ever screwed me over? Well, you know, you buy an iPad you can't look at flash, right? That's not a security, well maybe it is a security problem but you vested control in somebody and you said okay fine, whatever they say that's what I have to put up with. So once you begin to think about it in terms of control, oh, I say the magic word, computer science thinks about layers. Political science talks about control and power and contending over power. So all of a sudden you've got a language they can speak. So if I can take the structure of the internet and turn it into a conversation about power and control, I can talk to them. That was beautiful. In five minutes we've just boiled down a year and a half. Well, the time-sight is 20, 20, 20, 20. The beauty of the queue, right? Our policy makers are starting to make progress in understanding this, are you making progress in applying this language so that in a way that policy makers can truly understand it? I think so. And the reason I say that is very simple. I wrote a paper with a bunch of slides and a bunch of people that come up to me and said I'm teaching this class and I used your slides and my non-technical students can really understand your slides. Got it, okay. So the answer is maybe we're educating people and you know, and it's not just us but yes, I think we're building ways of a common vocabulary. And that's, to me, that's just a big accomplishment. Well, that's certainly- Plus we have to bottle it. Right, that's at least step one but we've heard a lot in this conference about the need for a multilateral, multi-stakeholder approach to governance and security where we've got a very US-centric approach right now. If we, you could even call it an approach because it's so kind of a flip-shot but what do you think about that model? Does it need to be broadened to include other stakeholders beyond the US? Well, first of all, it has to be multi-stakeholder in the sense that it's not just governmental because so much of the internet is being defined by the private sector, it's being shaped by private sector investment. You can't imagine a state organization getting a hold of this in an effective way. So the first thing these states collectively have to do is to figure out how to do multi-stakeholder because governments are pretty good at listening to other people provided they still think they're in charge at the end of the day. If they actually don't think they're in charge, they don't know what to do and so they tend to run away and I've actually had conversations with people in the government it was like why don't you engage the standards process and well they do it to some extent so I don't want to deprecate that but I've actually had people say to me if at the end of the day I'm not in charge I don't know how to be in the room, I just viscerally don't know how to do it so the second question is how does the United States protect its interests and at the same time really help us go to a global internet and that's troubling because there are countries who clearly have a vision of the internet that's not the one that our country have and what I particularly like. How respectful should we be of the sovereign laws of states where we don't actually like the consequence of the laws? Well right and getting stakeholders, the current stakeholders who have the control to cede some of that control in any endeavor is going to be a challenge. Oh it's scary, it's helpful then. Right, by definition right. And then when you've got not only other states, entities to take into consideration you've got corporations but then you've got non-state actors, you've got threats coming from, we talked about anonymous and other groups out there. It's a pretty scary world and if you've got that control now you might be inclined to kind of hold onto that as much as you can. Absolutely, absolutely. But notice what, for example, the US government is actually holding control over with respect to ICANN. See ability to create top level domain names, right? Again, as I said, that's not where the action is. It's not where the excitement around the future is nor is it where the excitement around malicious behavior is. So where do they need to focus their attention to? Well, by the way they are focusing a lot of their attention on cyber crime. I don't mean to imply there's nothing going on there. There's a lot of attention, in fact, multinational attention to cyber crime. I think that there's, one of the forks in the road really has to do with the division between things that look like issues of national interest, espionage, is the ongoing one and sort of what I call fear of low probability events like major destruction of physical infrastructure or something. But I think the future of the internet is going to be shaped as much by whether the individual citizen, the individual user has a sense of confidence about the environment. Are they, can they tell when they're going to a bad cyber neighborhood? Do they know when to be cautious? What do they understand really about identity theft, fraud, something horrible happening to them? All my wedding pictures being deleted. I bet you most people today have all their pictures online, right? I bet you most people don't know how to do backup. You know, imagine a horrible event in which 100 million people all of a sudden they discovered that all of their pictures have been magically encrypted and they have to pay $100 to get them back. But that's not national security, but it really is going to affect the future of the internet and what people can use it for. Because if people get nervous, people draw back, then in fact we're losing a lot of the potential and I think it's the transformative potential of the internet. So I think we need to clean up a lot of the mess that the individual is facing. And if I can just elaborate a little bit more in that space, when people say to me, I want a more secure internet, they're not technologies so they're not making the distinction I do. To me the internet is the thing that hauls packets around and the stuff on top, which is the exciting stuff is called applications. And they say I want a more secure internet. What they're actually talking about is the whole ball of wax rolled up because they don't say layer. And the trouble is internet architects, I'm not in charge of the applications. If you want to build the world's sloppiest application that is absolutely full of holes like Swiss Jews as far as security is concerned, I can't keep you from doing it. Nor can I police you at the packet level because I can't even see what's in the packets. So if Facebook is really secure or Facebook is insecure, I have no control over that. But people come to us and say, why don't you make the internet more secure? And the answer is that's saying, why don't you build me a highway that can do anything you want but would you please stop getaway cars? And the answer is no, it doesn't work. General outlet, one of the consequences of generality is that it permits bad behavior. And you just have to accept that. So we've got to move up. We've got to train application designers to create an internet experience which is safe or at least predictable. I'm sorry, some people like unsafe experiences. They need to know that's what they're doing, right? You know, if you want to go bungee jumping, that's fine, but you know you're about to jump also. So it's about educating people. So they at least understand the rules of the road and identify when there are potential risks. And it has to be done in terms they can understand. Right, right. David, you said off camera security is not monolithic, okay, and we know that risk by its very nature is distributed. Mark Hopkins, our managing editor, talks about reducing system complexity, reducing it down to a protocol, for example. He covers Bitcoin a lot and Bitcoin's been called the most cleverly concocted protocol since TCPIP, how ironic. So I wanted to ask you your thoughts on, and Bitcoin's decentralized. So I wanted to ask you your thoughts just on reducing complexity through a protocol. Amazon's turned the data center into a protocol. So what are your thoughts on that and its applicability to potentially solving the security challenge? I don't actually know that I have a coherent answer to that. I'll give you an answer, but I'm not sure it's coherent. I'd be shocked if you had a coherent answer. The point is, all things that we think of as specifiable or technically constrained very quickly end up embedded in a larger social ecosystem which in some sense defies the simplicity of the protocol. Right, that's very good. And so we think we have a technical solution and then you just get out there in the real world and you run into this, well, actually you didn't, you know. And so I don't know that you can actually, I don't know how far you can push that idea before you run into this sort of contextual reality where you know the multiple constraints out there are economic, they have to do with investment, they have to do with incentive, and even Bitcoin has run into some interesting larger context issues. Right, I'm not an expert on Bitcoin, but you know. No, but you're right. I mean, the Chinese government's basically signaling that it's not going to support it necessarily or that you see the dips. And so there are a lot of headwinds, a lot of headwinds in this world. Now you mentioned several, you know, Econov, let's talk about the cyberspace and security and governance gap. What do you see as the big headwinds there that we have to attack? Well, a lot of the problems cannot be solved by one actor moving alone. If you have a problem that one person can solve and they have an incentive to solve it, by and large, they sort of get on with it. It's done. But if you ask, well, what would it take to move us to a regime where all email is signed by default? Which I think would eliminate a lot of phishing. And phishing, of course, is the vector through which a lot of very sophisticated attacks are delivered. And phishing is such a stupid attack, but it works. Okay, well, okay, so signed email. Well, the first thing is we got two competing technical solutions. Okay, we've got S-MIME and we got PGP. And as long as nobody actually thinks they're gonna deploy anything, those guys will continue fighting with each other because it's fun to fight. And certainly if you're an academic, you're not paid to agree with somebody, right? You know, I can't get a grant from the NSF by saying, I think his work is great. I get a grant from the NSF by saying, well, I'm gonna improve on his work. I have an alternative. Okay, so I once counted up how many addressing schemes. I mean, internet has an addressing scheme in it. IP address 32, but I went through it through the literature and I counted up how many papers I could find that had been published in a conference which had an alternative naming and addressing scheme. And I think I stopped at 32. That's 32 grants, that's 32. Now, if somebody had come to us, Manhattan Project stylist said, no, I'm gonna pay you to agree. We can agree. We know it can be done, okay. It's gotta be some good, good activity within those 30s, right? That's right. So, the problem with trying to get signed email is first you have to take these guys who are busy fighting over SMIME versus PGP and say, okay, guys, it's time to have a conversation where I'm gonna reward you. I'm gonna incentivize you to see if we can agree. Can we harmonize? Can we come to a compromise? Then you have to get out there and solve the first mover problems. You have to modify the email software, the server software, human behavior, and multiple actors have to participate in doing that. And so I would say, well, why should I modify my email reader? If I modify my email reader, you can't read my email. So there's this horrible coordination problem. And that's why things go very slowly. If it's a simple problem that belongs to one person, you can get solved. But that's why I said words like leadership and governance, governance defined very broadly. I don't mean governments. I mean organizations that say, look, I have competence in standing. Let me suggest that there's a common direction. Why don't we go that way? Okay. And I like to remind people that if you're lost in the woods, there's sometimes more than one way out. You can go north and get out. You can go south and get out. But going in circles never works. And so we've got to pick a direction and say, let's go. And there will always be people that are unhappy. Is it, do you think we need a major event to focus people's attention? Oh, I hate it when you say need. Would that help? I understand what you're saying. In a strange kind of way. I mean, so we don't want to see a tragedy. So the problem is, if you look at 9-11, which of course was a horrible tragedy with real, you know, both human life and horrible. Consequences, you sort of quantum tunnel from not paying enough attention to paying too much. And so my view is there will be an event. I don't know what it is. And part of what we should be doing is having conversations in the background so that when there is an event and all of a sudden everybody wakes up and says, oh my God, what are we gonna do? You have an answer. So we'll have, here's an answer. It would be nice if we headed up our sleuth. Those things have short half-lives, you know, six months, a year later. You gotta be ready to seize that moment. So do we need it? I understand what you're asking. Do I want it? No. Should we be prepared to recognize that it might happen? Yes. But we should think about it in the larger social context. You remember Metcalfe used to run around and say the internet was gonna collapse by the end of next year. Wasn't he eat a hat at one point? Yeah, he ate a hat. I was working with him at the time at IDG. Is he more likely to be correct today or back then? Well, you know, honestly, I don't know what you said recently. So I have to punt on that. But I actually don't. Oh, no, no. I mean, the internet collapse, if you made that prediction today, would he be more correct today? No, I don't think so. I don't think so. But let's explain what is actually happening. As I said, the internet experience is defined by the applications. And what we are seeing today is a divergence in the experience that people choose to have. Now, when a country like China constrains the experience, they say, no, if you want to use Facebook, you can't. I think, I resist that. I resent that. But if you turned on Facebook in China, how many people would move to China, move to Facebook as opposed to the indigenous product that they have there, which has been nicely localized. You know, it may very well be that they're having a very effective, domestic internet experience, which is not ours. And if the internet is truly meant to be a general platform, then can I complain when I don't use Twitter and you do, gasp, I don't use Twitter? So, you know, I don't think you have a complaint if I don't use Twitter. So the point is we already see. I'm envious. We see a divergence of experience. And if that's collapsed, then that's gonna happen. As more and more people come on, they're gonna seek experiences that are more localized, that are tailored to their language, that are tailored to their culture. I'll tell you my image, it's entirely different than collapse. If you think about some of the financial bubbles we've had, starting with tulips and railroads and internet, and you ask people to actually study these bubbles, there's this period of exuberance, there's this period of collapse. And then afterwards, there's actually a growth at a perfectly reasonable slope. And I think we've had not a financial exuberance here, although we did with the dot com and the dot bomb, but we've actually had what I might call an exuberance of cosmopolitanism. Where everybody said, oh, this is gonna be a great global platform and everybody will do the same thing. But I think right now, we're seeing ongoing steady social change inside China among other things. And what we should do is understand that rates of change that run too fast scare people. And so we should actually be accepting of reasonable rates of change. How fast can things change in countries where we're really shaking up the culture with the internet? That's a great point. And oftentimes, though, the initial expectations are vastly exceeding at post bubble. Yeah, right. Yeah, I'm not saying I'm- Maybe not with tulips, but certainly with the internet. Maybe not with Bitcoin, we'll see. We'll see about Bitcoin, that's right. But I think we're sort of coming out of that period of dashed hopes. And we're actually on a slope where what is happening is more reasonable, is more stable, and we should actually look at this as the real vector of change. And compared to social time constants, it's actually going pretty fast. All right, David, we gotta let you go because I want to make sure that you get to your panel in plenty of time. I can see why they held you to the end in your good draw for the audience. But thanks very much for coming on theCUBE and sharing your ideas and really appreciate it. Well, and thank you for having me. It's a lot of fun to talk. All right, take care. Good enough. Okay, keep it right there, everybody. We'll be right back to wrap. This is Dave Vellante with Jeff Kelly. We're live at MIT in Cambridge. We're right back.