Widely known as “the father of the internet” – a title he shares with US computer scientist Bob Kahn, Vinton Cerf currently works as Google’s 'chief internet evangelist'. He has received numerous awards, including the Turing Award, the Presidential Medal of Freedom and the Japan Prize.
Arriving in Brussels this week to meet with members of the European Parliaments and Commission, he spoke to reporters, including EurActiv's Jeremy Fleming.
What do you make of the current debate on cyber security?
There is a lot of use of terms such as 'cyber attack' and 'cyber-warfare', but I think the stress should rather be on safety for general and business users of the internet. Whilst security has a role to play, some of the safety measures also require the co-operation and understanding of users.
Take for example the use of re-usable, poorly constructed passwords for authenticating users online at multiple web sites. If any of those website entry points is cracked a hacker will get in and use your password.
There is a relatively straightforward technical solution to this problem, called one-time passwords. These are created by devices that generate random password numbers every 60 seconds.
They are currently a little cumbersome, and we need to make the technology easier to use. There is a version that can use a mobile phone to do this, so phones could start to be used to generate shifting passwords for you.
Are you comfortable with the approach being taken by governments to regulating the internet?
While governments have a role to play, it seems important to me that the other stakeholders have a role to play also, and you ignore that at your peril because you choose laws or agreements that cannot be implemented or harm the very benefits that we are all trying to retain: an open, creative, continually evolving system that invites GDP growth through opportunities. So I am suggesting they are very careful about the way policy evolves, and do not kill the goose that’s been laying the golden eggs these past 30 years.
Is there less cyber crime than has been suggested then?
What is a crime? These terms imply that there are known criminal incidents or attacks. There are, however, many accidents that happen online that are mistakes that can be interpreted as crimes. Crime does of course exist and fraud does happen on the net, so we do have to cope with that problem.
We need good forensic tools to know how to deal with these abuses. The problem is identifying the perpetrators. Many of these things are hard to stop, but you can try to detect the perpetrators more effectively, and there are other things we can do, such as the use of more effective double-authenticating passwords, for example.
I think that we would be smart to remember that responses to abuse may rely on private-sector co-operation, and that means engaging with the private sector. People may also need to change their behaviour patterns. Much innocent action is taken that causes harm: posting pictures on the web, for example. These innocent behaviours will cause trouble until people are educated not to behave like this online.
You are unhappy about the possible developments at the International Telecommunications Union conference that will take place in Dubai later this year, why?
We have seen an attempt to create new telecommunications rules that will have the effect of becoming trade barriers. The world conference on telecommunications that will take place in Dubai in December, has historically applied rules to the telecommunications sector. But they appear now to want to reach these rules into the internet sector. I am not persuaded by this, partly because I do not know what the plans are, what modifications are proposed exactly. But I worry that we will see non-tariff trade barriers, for example through decisions that only certain types of software are able to be used on networks. Or perhaps through assertions made that governments applying these new rules reserve the right to block access to the internet, which would be an implicit trade barrier.
Can you explain some more about how telecoms rules could affect the internet?
In the mobile telephony sector, for example, there has historically been a 'sender-pays' model, meaning that the subscriber pays for a call and all the intermediaries take a cut and these settlement rates can be high.
There has been resistance to that system, but imposing that pay model on the internet would be very counter-productive because the internet model is one in which parties pay 'at each end'. This means that the intermediaries of web content deal with each other in such a way that ensures that the user does not pay.
If you start imposing telephony models onto the internet you create huge potential for consumers to stop using the internet because they do not know what costs might arise.
It will undermine the free environment that has allowed the internet easily to explore new applications. If you do not know what bill you will get then you do not want to get involved.
Why do you think is motivating authorities to try and extend these regulations to cover the internet?
One possible motivation for drawing internet into these regulations would to preserve the old business models. Another would be telecommunications companies trying to introduce charging regimes. And the International Telecommunication Union itself may have some motivation, since many services it formerly offered are becoming part of the internet environment. For example through Skype and other services voice services are increasingly carried through the internet. So I can imagine they fear that the internet is subsuming all of their functionality. I do not see any reason for the rules of telephony to be imposed on the internet.
If you are going to make policy on the internet you need to know about the affected parties in this case civil society, governments, industry. That means a multi-stakeholder approach should be preserved. That is not happening in the ITU negotiations.
You may be aware of the recent problems introducing the Anti-Counterfeiting Trading Act (ACTA) in Europe. What did you make of the ACTA regime?
My view is that intellectual property is challenged by the digital universe. We must recognise digitisation changes economics and the way products are distributed. Now the interesting question is what business model makes sense for them. Some business models did not make for happy consumers. Music albums were less attractive than songs. I tunes demonstrated an alternative market, to download. The cost of delivery was much smaller.
The intellectual property world – when projected into this digital space – may need to be re-thought within the context of digital material. The world wide web is of its very nature a bit like a giant copying machine, insofar as every web page is a reproduction.
The reason for bad behaviour [piracy] is some suggest that the charging models are not acceptable. We believe that the best way of handling piracy and abuse is to cut off the money flow from those who are benefiting.
Regulations such as ACTA are blunt instruments that would have collateral damage. This is what caused the Stop Online Piracy Act (SOPA)to fail in the US. We interpreted SOPA as having a direct harm on the implementation of our security domain name system.
I have less direct understanding of ACTA but these ideas are so biased in favour of traditional IP and they take little cognisance of collective commons or of the collateral damage they could cause. If , under ACTA, you seize a domain name high up in the hierarchy, then innocent websites within falling under the same address cannot be reached.
The same tools that could be used to break the law could also be used for political reasons to go after people.