
IN JANUARY 1989, two engineers 鈥 Cisco鈥檚 Kirk Lougheed and IBM鈥檚 Yakov Rekhter 鈥 sat down in the cafeteria at a technology conference in Austin, Texas.
The two men were looking to work out a short-term fix to help address problems with the way data flowed across the fledgling internet, which at the time connected about 100,000 computers across the world.
Advertisement
In the spirit of finding a fudge, they scribbled a new protocol across either two or three napkins. (They can鈥檛 recall how many and didn鈥檛 keep the originals.) This protocol was adopted as the new standard for determining which physical routes data would take to traverse the network.
More than 25 years later, the 鈥渢hree-napkin protocol鈥 is still in place. But in the meantime, the internet has become critical global infrastructure 鈥 central to the business operations of many of the world鈥檚 largest companies, the planet鈥檚 information ecosystem and the daily behaviour of about half the people on Earth.
The protocol that Lougheed and Rekhter devised 鈥 known as Border Gateway Protocol (BGP) 鈥 in their lunch break was far better than either realised, but it isn鈥檛 what you would design for a secure global network that we all rely on.
The process works a little like transponders to guide aeroplanes: computers on the network can tell you whether you are heading in the right direction to get to, for example, Paris. But there is nothing stopping someone from lying.
In one famous example, Pakistani authorities looked to block a YouTube video they had deemed offensive and ordered their internet providers to do this. One company did so by using BGP to direct anyone looking for YouTube in Pakistan to a dead end.
No one had hacked or damaged YouTube, but no one was directed towards it. Unfortunately, this new 鈥渞oute鈥 to YouTube wasn鈥檛 restricted only to this firm鈥檚 users. Thanks to human error, the Pakistani internet provider recommended its new route across the world, taking down YouTube for millions of users.
This is just a single example of what happened with one protocol. Users can be misdirected, intercepted, blocked and put at risk by numerous vulnerabilities built into the creaking infrastructure of the internet, and efforts to fix it are painfully and dangerously slow.
The internet was born as a US-funded collaboration between universities, with rules agreed by common consent between the academics involved. To this day, the operation of the protocols to make it work are set out not in a rulebook, but in a collection of 鈥淩equests For Comment鈥, a passive-aggressive title chosen to avoid conflict, and one that has stuck for five decades.
The internet turned 50 last year. For its first two decades, it grew slowly between institutions that already knew and trusted each other, then exploded through the 1990s and beyond to what we have today. The opportunity to retool the network, if it ever existed, wasn鈥檛 taken. We can鈥檛 rebuild from scratch; we have to fix what we have.
One of the biggest challenges in doing so is that the internet is largely operated by consent and by slow, grinding consensus. There is no overseeing authority, no one setting global laws.
This has happened not least because, for most governments, the only thing worse than no one controlling the internet is someone else controlling it. Yet this lack of authority is a worry, because our lives, our data, our communications and our physical infrastructure are moving online.
None of these issues will get easier. The best time to decide who runs the internet was decades ago. The second-best time is now.