Safeguarding the Internet and Defending Civil Rights
We don’t often think about what happens when we hit “Send,” but the internet’s architecture determines whether our emails end up where we want them to go. And it’s easier than you might think to mess with that architecture.
The internet is made up of tens of thousands of independently operated networks (a large employer might be one network; Verizon, another) interconnected via the Border Gateway Protocol (BGP). Every computer in every network has a unique Internet Protocol (IP) address, like every phone has a number. In the absence of a central internet authority, the system functions on trust: there’s no way to prevent networks from lying about the addresses they own, so one network can hijack another’s traffic just by claiming its addresses—it’s almost as if you told the post office you owned your neighbor’s house and asked it to deliver all the mail for that address to you. Developing fixes for insecurities like this one can be like patching a dam—plug one hole and the pressure shifts, forcing water out of a new one.
Sharon Goldberg specializes in anticipating and resolving the negative side effects of these fixes. With funding from the NSF, Cisco Systems, and Verisign Labs, she recently partnered with Leonid Reyzin, a CAS professor of computer science, to write a paper revealing how a flaw in one proposed solution to routing insecurity—the Resource Public Key Infrastructure (RPKI)—would challenge the fundamental openness of the internet.
RPKI is a certification system that would prevent one network from masquerading as another to hijack its traffic. If the owner of a network—ranging from internet service providers to universities to medium-size companies—does not have the right certificate, the network would not be able to connect to the internet. The trouble, Reyzin and Goldberg found, is that this system would put a lot of power in the hands of large multinational and national network owners, like governments, and would create a new avenue for censorship. The controlling organizations would have the power to disconnect portions of the internet they found objectionable. A government would be able to take networks—for example, those hosting content it doesn’t like, such as a journalist’s blog—off-line. Reyzin and Goldberg have suggested modifications to the proposal that would alert networks to suspicious structural changes that could affect routing.
Although these structural maneuverings enable the routing of our communications, “it’s unlikely the end user will even know this is happening,” Goldberg says. We typically notice structural issues only when there is an internet outage, when the internet connection fails, or when traffic is hijacked. “This is like internet plumbing,” she says. “You don’t think about the plumbing until it stops working.”