Can the Internet Get “Walled”?

What’s the Suez Canal of the Internet?

The Ever Given blocking the Suez Canal
Ever Given

Over the last few days we bore witness to a minor economic disaster, thanks to the Ever Given having firmly planted itself into both walls of the Suez Canal. The Financial Times gives a very good overview of the factors that to this mishap. In that article, Brendan Greeley describes how the Ever Given got “walled” more so than just grounded, because it implanted itself into the canal walls.

For those of us whose life is about providing resilient services, one has to ask: where was the failure? Mr. Greeley goes into some depth about how the sheer height (beam), weight, and width of the ship, the shape of the canal, the water forces and wind all contributed to this mishap. He also pointed out that the economics favor larger vessels. This is an externality- there is no chance that the owners will ever pay for the amount of damage the blocked canal has caused, which is estimated to have been up to $10 billion. Syria was reportedly rationing fuel because of the blockage, and fuel prices across the globe ticked up. Several ships rerouted to go around the horn of Africa, risking hijackings.

The other far bigger failure here is that there is but one canal through which upon which large portions of the world economy depends. One big anything doesn’t make for good resilience. That canal could fail again. Knowing this, Iran has offered to create an alternate shipping lane, adding at least a bit of redundancy into the system. Ultimately, manufacturers throughout the supply chain can re-evaluate how to manage this sort of delivery delay. Should new lanes be formed? Should more production be closer to the end consumer? A new canal would surely cost tens of billions of dollars, and may offer only limited resilience. After all, why wouldn’t the same failure happen in both canals? In all likelihood it won’t be this precise “walling”, the hope being that canal operators and pilots will update their procedures to limit the risk.

We Internet geeks understand this class of problem in great detail, in many dimensions. A major benefit of cloud computing is to spread load across multiple CPUs in multiple locations, so that no single failure would cause disruption.

Taken individually and impacting individual customers, it’s a sure bet that cloud services are far more reliable than people rolling their own, just as it is safer to use a container vessel than trying to carry one’s products across in a dingy. However, the flip side of that coin is the impact those services have when they fail. Some examples:

WhenWhatImpact
2016Mirai BOTNET / DYN attackTwitter, other services out for a day
2020GMail, YouTube, Google DocsServices disrupted for an hour
2020Amazon Web Services East Coast Data CenterLarge numbers of application services failed
2020Cloudflare DNS outageClient resolvers failed for 27 minutes
2021Microsoft Teams and Office 365Services to their customers unavailable for four hours

Can an Internet-wide failure happen? Where’s that “Internet canal” bottleneck? I wrote about that for Cisco not long ago. It could very well be cloud-based DNS resolvers, such as Cloudflare’s 1.1.1.1. What we know is that these services can fail because they have done so in the past. Last year, MIT sage Dan Geer looked at market concentration effects on cybersecurity risk, which opens up a bigger question. This time, The Ever Given failed without any malice. Geer’s major point is that there is an asymmetric attack on large targets, like popular cloud services. The same perhaps can be said about the Suez Canal.

Note that large cloud services are not the only aggregate risk we face. Geer’s earlier work looked at software monocultures. When a large number of systems all use the same software, a single attack can affect all, or at least a great many, of them. This is just another example of a Suez Canal.

The economic drivers are always toward economies of scale, whether that’s a large cloud service or a single supplier, but at the often hidden price of aggregate resiliency. The cost generally amounts to an externality because of the size and scope of the service as well as the impact of an outage on others are not understood until an event happens. Having not considered it a week ago, some producers are considering this question today.


Courtesy of Copernicus Sentinel data 2021, https://commons.wikimedia.org/w/index.php?curid=102251045

Pas Parler?

Will the real Internet government please stand up?

Parler in Prison

This weekend, Google, Apple, and Amazon all took steps to remove the right wing conspiracy web site Parler from their services, steps that will cripple the social media site for some some period of time. In many ways, Parler had it coming to them. Amazon in particular alleged that Parler refused to take prompt action to remove abusive content that violated their terms of service.

In response, my right wing friends have gone nearly indiscriminately crazy, complaining that their 1st Amendment rights have been violated. Let’s review that amendment of the U.S. Constitution:

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

Amendment I of the U.S. Constitution.

In other words, Congress cannot stop someone from speaking. But these companies are not Congress, nor an arm of the U.S. government. We could, however, say that they are a form of government, in as much as these companies, along with a small number of other ones, such as TikTok control societal discourse. What rules would govern them if they decided that moveon.org was also not to their liking? Could these services exclude content that criticizes them?

Parler is a relative newcomer. Much in the same way that Fox News has lost its conservative gleam to NewsMax, Facebook and Twitter lost their gleam when they started applying editorial control to posts. They did this because they gauged societal harm against whatever short term revenue they were collecting from the likes of Donald Trump. There was seemingly no reason they had to, at least in the United States. U.S. Law says this:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

47 USC § 230

Meddle with this rule at your peril. If we shift the burden of policing to online services, social media sites as we know them will cease to be, GMail and Yahoo! mail would be imperiled, and Amazon could no longer offer customer reviews. If there is a middle ground to be found, then scale factors must be considered. Any middle ground may well increase the risks of starting up new services. If the price of entry for a new Facebook or Twitter competitor is fancy artificial intelligence systems and patents, then we may have done ourselves no service in the long run.

The United Social Networks Nations
The United Social Networks Nations

There are other consequences to Apple and Google removing Parler from their respective phone and tablet stores: I saw one conversation in which someone was describing to her friends how to turn off automatic software updates. Software updates are the means by which developers correct vulnerabilities they have created. By disabling those updates, people leave themselves vulnerable to attack.

Today Parler is losing its voice, arguably for very deserved reasons. Tomorrow, some other site might lose its access. Will those reasons be just as good and who will decide?

I have hope and gratitude, thanks to medical research and the Internet.

I am grateful to medical researchers, those on the front line, and those who are keeping us from going crazy in our homes.

I write this to you today from my house, and you probably read this note from your house or apartment. Our lives are disrupted. We cannot go to the movies or restaurants, we cannot get our hair cut, we cannot go to weddings or baby showers, and many of us cannot go to our offices or to visit our customers or partners. We cannot go to conferences, and our kids cannot go to schools.

We are doing all of this for fear that we or people we love will die of this awful illness. We are reading horror stories from Italy of their healthcare system being overwhelmed. As I write this to you I worry that the same thing will happen in Switzerland and elsewhere. I worry for my family.

This disease spread so quickly across the planet because of the ability of humanity to scale its transportation systems to efficiently move anyone from anywhere to anywhere, whether that’s by train, plain, ship, or automobile. This was largely not the case during the Spanish Flu of 1917. We need to practice “social distancing” even more so now than then, because the world is a lot smaller and more social place than it was, thanks to all of this capability.

That same human desire to innovate is what is going to save us now. It started early on in the medical community, who have been our first responders in this crisis. They have worked to identify the genetic sequence of the virus itself, to understand its transmission vectors, and to provide the world with initial advice on how to cope with this threat. Even as early as January, researchers across the globe were attempting to develop a vaccine. In the last few days, researchers have reported four types of immunity response cells to look for as people begin to recover. There are two studies that detail how Malaria medication may both improve recoveries and reduce the virus’ infectiousness.

By dint of necessity, we are virtualizing a great many of our activities. We are all learning how to use WebEx Teams or Microsoft Teams or Zoom or Google Hangouts. We are using FaceTime and other remote collaboration tools like never before. One of my friends is planning to virtualize his Passover Seder, and asked for advice on how to do this with Webex. He dubbed this SederEx. We are planning a virtual baby shower with a cousin. I have encouraged my old Kabuki-West crowd to have a virtual Wednesday night dinner together.

The first uses of the Internet were envisioned by its funders to have been military. That’s why the Advanced Research Project Agency (ARPA) funded the activity. It was clear from those early days and even before then that electronic communication would continue to reshape how we socialize in the world.

That’s because remote communication didn’t start with the Internet. The invention of the telephone let us “reach out and touch someone”. And that worked great for one-on-one communications. EMail gave us the ability to communicate in near real time with those around us. Instant messaging meant that people could hold several disconnected real time text conversations at once.

Today, however, we can all see each other, present to each other for work, not only hear but also see people’s reactions. In the face of this plague, people are having virtual baby showers, virtual drinks, and even virtual Passover Seders. You have to provide the non-virtual parts yourself, of course, but we are able to still be together, even when circumstances dictate that we be apart.

For those of us who have family who are a great distance away, this also represents a rare opportunity to participate in these sorts of events on an equal footing, without having the phone passed around for brief moments, simply to say hello. We are all in the same boat, this time.

The Internet is helping us remain social, as is in our nature to be. Social networks, which in the last few years could not be spoken of in public without some sort of derision, are a big part of the solution. When all of this is over, we will still need to sift through all of the negativity and nastiness that they engender, but let us give them their due as they help us stay connected to one another, as I am connecting to you today.

While we are not indebted in the same way to Internet engineers as we are to medical first responders and those who have to work through this crisis, like grocery store cashiers and police officers, let us also give Internet engineers a pat on the back for helping people self-isolate physically, without having to self-isolate socially.

And by the way, those medical research results I mentioned earlier are being shared by researchers with other researchers in a very timely fashion thanks to the Internet.

Should I have that IoT device on my home network?

Yesterday I wrote about my cousin’s smart oven, and the risks of having it networked. Does this mean that you should have no IoT devices in your house? If not, how should you decide which ones are worth connecting? Here are three questions you might want to ask.

Does connecting the device to your network offer you any perceptible value?

Sometimes the answer is going to clearly be “yes”. For example, if you are taking a vacation in the middle of the winter in some cold place, you might want to know that your home’s heater broke down before your pipes froze. Having a thermostat configured to alert you to this fact might prove very useful. On the other hand, if you are in a place where such a concern is unwarranted or you would have no reason to worry about such things, maybe that same device does not need connectivity.

Will the device function correctly without connectivity?

Don’t expect an Amazon Echo to function, for instance. There is a reason why a great many IoT manufacturers are requiring Internet connectivity for their devices: the more intelligence they can move into their servers, the less intelligence is needed in the device itself, making it cheaper to build. If you are going to have a function like this in your house, this is actually an environmentally friendly way to go. Fewer parts require fewer resources used to build and to later dispose. But if a device does function properly and fully without Internet connectivy, why plug it in?

Does that device need continuous Internet connectivity?

You are unlikely to connect and reconnect your television every time you want to watch a video, but maybe you only need that thermostat connected while you are on vacation, for instance, or maybe an appliance needs a firmware update via the Internet. Occasionally connecting a device may make sense. However, take care: if you only plug in devices while you are on vacation, someone may be able to notice that and choose that time to break into your home.

Some Internet routers have the ability to block devices at certain times. Typically this is used to limit children’s access. However, one can also use these filters for other purposes. The problem is that this is nearly as annoying as having to deconfigure devices themselves. I’ll discuss this more in the near future.

Think before you buy!

The risk to your home and your privacy is real. Realistically, however, you will have some IoT devices in your house. Think about what value you derive from them, and what can go wrong if they are attacked before you buy.

Would you want your cousin using a connected oven?

Recently my cousin installed a smart oven into her home. It is top of the line. She wrote on social media that it texted her to tell her that it needed to clean itself, which it did before her second cup of coffee. How cool is that?

I immediately feared for her safety. Here is a slightly edited version of what I wrote to her:

IoT is a nice convenience, but there are a few things you should know. First, I guarantee that there are vulnerabilities in the device, even if some have yet to discover them. This is true for *any* connected device. Those vulnerabilities may be exploited at some point. What will happen then?

First, it’s possible that attacker could simply disable the oven. They probably won’t do this unless they are able to communicate with you. But since the oven seems to be sending you messages, it’s possible that they will do this and ransom you to re-enable it. (If that happens, don’t pay.)

Whether or not you can control the oven from the app, don’t think for a moment that hackers won’t be able to gain that level of control. That presents a far more serious risk: a fire, especially if the hackers are able to detect that the cooking temp is supposed to be 350, and turn the thing up to broil or clean.

The other thing that will happen is that the oven will attack other Wifi-enabled devices in your house or elsewhere. If you have a Wifi-enabled thermostat, maybe it will attack that. Some of those devices have cameras and microphones. The attackers aren’t going to be nice about what information they collect. They’re out to make money or worse.

Will any of this happen? Yes – to many people. Am I being paranoid? Maybe a little. Appliance manufacturers may know how to make excellent oven mechanisms, refrigerator compressors, stove top elements, etc, but they generally know very little about Internet security and their risks. Even those who know a lot get it wrong all the time, simply because we’re human.

And so are you gaining any great convenience by having the Wifi turned on, apart from a 5:30am wake up call to let you know that it needs to clean itself? If yes, you have a trade off to make. If not, just disable its darn Wifi.

This is how I feel about technology and the ones I love. Presumably you have some of those. There are definitely times when IoT is necessary, and when convenience is probably worth the risk. But consumers really need to think about this long and hard, and we professionals need to provide them a decent decision framework. I’ll talk about that next.