Thirty years ago I had a small hand in the design of the Internet. Since then I’ve become a senior member of the informal collegium that maintains key pieces of it. You rely on my code every time you use a browser or a smartphone or an ATM. If you ever ride in a driverless car, the nav system will critically depend on code I wrote, and Google Maps already does. Today I’m deeply involved in fixing Internet time service.
I write to endorse the filings by Dave Taht and Bruce Perens (I gave Dave Taht a bit of editorial help). I’m submitting an independent comment because while I agree with the general thrust of their recommendations I think they may not go far enough.
The present state of router and wireless-access-point firmware is nothing short of a disaster with grave national-security implications. I know of people who say that could use firmware exploits to take down targeted and arbitrarily large swathes of the public Internet. I believe them because I’m pretty sure I could figure out how to do that myself in three weeks or so if I wanted to.
So far we have been lucky. The specialized technical knowledge required for Internet disruption on a massive scale is mostly confined to a small cadre of old hands like Vint Cerf and Dave Taht and myself. *We* don’t want to disrupt the internet; we created it and we love it. But the threat from others not so benign is a real and present danger.
Cyberwarfare and cyberterrorism are on the rise, with no shortage of malefactors ready to employ them. The Communist Chinese are not just a theoretical threat, they have already run major operations like the OPM crack. Add the North Koreans, the Russians, and the Iranians to a minimum list of those who might plausibly acquire the know-how to turn our own infrastructure against us in disastrous ways.
The effect of locking down router and WiFi firmware as these rules contemplate would be to lock irreparably in place the bugs and security vulnerabilities we now have. To those like myself who know or can guess the true extent of those vulnerabilities, this is a terrifying possibility.
I believe there is only one way to avoid a debacle: mandated device upgradeability and mandated open-source licensing for device firmware so that the security and reliability problems can be swarmed over by all the volunteer hands we can recruit. This is an approach proven to work by the Internet ubiquity and high reliability of the Linux operating system.
In these recommendations I go a bit beyond where Taht and Perens are willing to push. Dave Taht is willing to settle for a mandate of *inspectable* source without a guarantee of permission to modify and redistribute; experience with such arrangements warns me that they scale poorly and are usually insufficient. Bruce Perens is willing to settle for permitting/licensing requirements which I believe would be both ineffective and suppressive of large-scale cooperation.
The device vendors aren’t going to solve the security and reliability problem, because they can’t profit from solving it and they’re generally running on thin margins as it is. Thus, volunteer hackers like myself (and thousands of others) are the only alternative.
We have the skill. We have the desire. We have a proud tradition of public service and mutual help. But you have to *let us do it* – and, to the extent it is in your remit, you have to make the device vendors let us do it.
There is precedent. Consider the vital role of radio hams in coordinating disaster relief. The FCC understands that it is in the public interest to support their and enable their voluntarism. In an Internetted age, enabling our voluntarism is arguably even more important.
Mandated device upgradeability. Mandated open source for firmware. It’s not just a good idea, it should be the law.