JUNE 14, 2011 INET NEW YORK ****** 13.00 Keynote and Q&A : Vint Cerf >> DAVID SOLOMONOFF: We're back, and as I introduce Vint Cerf, I asked him if there was anthing particular to say and he said "Make it brief." So - Vint Cerf - Father of the Internet - here he is. (Applause) >> VINT CERF: I always get nervous when people clap before you've said anything because the quick reaction is you should sit down because it won't get any better than that. (laughter) First of all thank you very much for organizing this, these topics are very important to all of us. and we'll take advantage of this time to have some good and substantive discussion. I wanted to remind you that June 1991 was when it was announced that the Internet Society would be formed in January the following year. It was in Copenhagen and it was a rainy day, but the host assured me that statistically it was a nice day. (laughter) So the organization is approaching its 20th year. I also wanted to acknowledge Lynn St. Amour's leadership. The organization has changed in dramatic ways - in terms of scope, ability, it's visibility, and I think (indistinguishable) due to Lynn St. Amour - so i want to pose a thank you for all the work you do. (applause) Well I appreciate the opportunity to try to bring some additional substance to the discussion. The question was "What sort of Internet do you want?" So I'd like to talk a little bit about the kind of Internet I'd want and look for. One thing is that it is Open - as it has been, and so much so in the past. The standards have been open. There are minimal constraints on the use of those standards. Open source has become an important part of that whole process. It's expandable, and of course I have to remind everyone here that it's time implement IPv6 - if you haven't already done that you need to do so, so that we can keep growing the network. It's not going to stop working but it won't grow if we don't have enough address space. So it's just completely obvious that we have to implemnet v6 - in parallel with v4. And, by the way, for those of you that have in mind a sort of a switch to be flipped to move from v4 to v6, (indistinguishable) to say we don't have that opportunity any more. When we switched from the NCP to TCP there were only 400 computers on the net - then. (laughter) And we had a lot of leverage to get people to switch to the Internet protocols by telling them that if they didn't switch we wouldn't fund their research the following year. It was very persuasive. (laughter) There are over 800 million machines on the visible public Internet right now so we can't do that again. So what happens when you build devices that are intended to be Internet capable, they have to be able to do either v4 or v6 - or both at the same time, meaning especially if this device moves around. Now this could be a mobile - this is a device that could be carried. It could end up in a location where there is only v4 is available or only v6 is available or both are available and operate just the same. Another element of open which has come up repeatedly today is the idea of being able to access data and services that are available on the global Internet without discrimination. This is a very important principle to try to maintain. We have the expectation that when we get onto the Internet we can reach virtually any termination point permanently. Though we have to accept that there might be some exceptions. for example the case of some enterprise who might not want to have all their facilties equally available. And that's not an unreasonable position to take - that's what firewalls are all about. But in principle all those termination points that wish to reachable - should be reachable, put it that way. Users should have competitive choice where that's possible, if economics are with us. Having more than one option - either for getting access to the Internet or for acquiring equipment to use the Internet. This is a very important part of that story. The freedom to speak and the freedom to hear, and I'd suggest to you that those are not the same, are very important. The fact that you can speak doesn't necessarily mean that anybody can hear you, and so it's necessary that we have both of those freedoms properly accounted for. Of course I want an Internet that is affordable. And this turns out to be very important because as the capability extends further into the world - we are only about 28 percent penetrated now - it is reaching places with very different economic conditions, than the places where the Internet started, where economic conditions were conducive to its implementation. So as we reach further and further in the world, it is more and more important to get the costs down. One of the reasons that mobile has been so effective at penetrating in the world is the costs actually have been substantially less than wireline costs would have been in order to provide connectivity, and of course the equipment itself is getting less and less expensive over time. The Internet also, the one I want, has to be accessible. What I mean by this in part is that language should not be a barrier, internationalized domain names are an example of the kind of accessibility that I hope we will see more of. But those who have various disabilities like I have, I'm hearing-impaired, would like an Internet that is accommodating in that regard whether disability is vision or hearing or mobility or other difficulty, we would like an Internet that accommodates this kind of accessibility. I'd like it to be a broadband Internet. Broadband is something which is defined in various sundry ways, but usually it means faster than whatever you can get now. (laughter). Really, that does seem to be the case, because there was a time when broadband was thought of as 200,000 bits per second. I honestly remember when the first 1200 baud modem came out, I thought, My God, it won't need anything faster than that - I can't read faster than that! It didn't take long to realize it wasn't just human beings reading text that was important on the net. It was imagery, and video, and eventually machines talking to machines. So broadband is important, both wired and wireless. Our appetites for the use of bandwidth, simply increase over time. I want an Internet that preserves privacy. I want an Internet that is capable of providing confidentiality. I want an Internet that allows anonymity, but I won't argue necessarily that it has to be absolute, and we will come back to that when we talk about safety on the Internet. But there are plenty of instances in which anonymity should be possible. You should be able to get to and are often offered access to the Internet in public facilities like the libraries, where you don't necessarily have to identify yourself. It was already mentioned several times in the early proceedings today there are cases where anonymity is in fact vital to life, that loss of anonymity could be equated to potential loss of life or at least imprisonment or other kinds of serious consequences. And yet, there are times when those anonymous voices need to be heard. I will also admit to you that speaking anonymously, sometimes invites a lot of harmful speech as well, and so somehow or another, we have to find an appropriate balance to deal with the extremes of anonymity. I would think also that I want an Internet which is transparent, and gives me some control over that which I want to keep private. I don't want to feel that I, in order to keep things private, I have to completely avoid using the Internet. That would be a disappointing outcome. So understanding what is, what methods are available to me to keep things private, what things are being tracked, for example, can I tell what is known about my use of the network, do I have any control over that, are questions that I hope that I would have the ability to answer. But I want to focus on the remaining time here about an Internet that is safe, and I think that here we have a real challenge. Freedom from harm is not an easy thing to implement, and yet I think most people who use the Internet would like to think that it's safe to do so. So how can we achieve that? There might be some specific technical methods that would be helpful. For example, using strong authenticity, using cryptographic methods for authentication can be a powerful tool. But I want to emphasize very strongly that there is a difference between identifiers and identity. I want to distinguish between those two concepts. An identifier is simply a string of characters, it doesn't, that do not necessarily mean anything. Identity is what you and I are, it's our names, it's our birthdays, it's our domiciles, it's where we work, and so on. It's a complex of information about us as individuals. I think it would be very powerful if we could assume that in the Internet, could you strongly authenticate an identifier and simply say, hi, my name is Vint, you don't know who Vint is, you have no idea who Vint is but here is my identifier - and I can strongly authenticate that. The party on the other end should be able to say ok please execute your strong authenticity, and I will say well, here's my public key. And they'll say if that is your public key, I should be able to encrypt a message to you in the public key. You should be able to decrypt it. That party sends me a random number, encrypted in my public key. I decrypt it. That party might say please send the response, that random number, encrypted in my public key. So you can do an exchange which simply assures both parties that you both have operating public and private key pairs. That is all you have done. But what that allows you to do is the next time this individual approaches you or the next time you approach them, say hi, I'm Vint, they will say if you're Vint, you still have the functioning public and private key pair, please decrypt this new challenge. I can establish that I'm the same Vint that communicated before. This is assuming I haven't had my private key compromised. Why am I going through all this detail? It's to persuade you that you can build on top of this notion of strong identifier, strongly authenticated identifier, to build up to but not necessarily require the notion of strong identity. I could then associate an identity with that identifier, if I choose to do so. So I want an Internet that allows for anonymity, that allows for strong authenticity of identifiers and, if on demand, allows for strong identity. So let me give you an example. Suppose that I come to you after we have had these exchanges, you know me as Vint. You know I can repeatedly authenticate myself as Vint. I say I'd like to borrow $50,000. The natural response might either be buzz off or I need to know you as a person, I need to know your finances. Do you have a job, do you have any collateral? I might respond, and all of this could be encrypted so it would be confidential. I might respond and say, I work here. This is my income. And so on. Of course, this party whom I've asked for $50,000 from, doesn't necessarily know whether I'm telling truth. That party needs to be able to take the information that I provided and go to some other trusted third party to validate the information I have offered. I could have voluntarily gone to such a trusted third party and provided that information, and asked them to validate my information, if they are requested to do so. I realize there is a kind of infinite regression here. Do I trust the trusted third party and so on? I submit to you that we have faced this problem before in other domains, and we've succeeded in finding people who are trusted to vouch for, your bona fides, sometimes there is more than one, there are credit companies and so on. The idea here is we should be able to build up a system of authentication and trust, and identity, but only invoked as it's needed. I certainly don't think it's necessary to have a driver's license so to speak, an Internet driver's license and to identify yourself every time you use the Internet. I think that would be remarkably inhibiting. What we are on the subject here of safety, and strong authenticity, I'm a big believer in two factor identification. I'm not a big believer in reusable passwords. These have been easily compromised. We see the results of that every day. Having the ability to use cryptographic means to strongly authenticate yourself, two factors, something that is so important to me, that we use it at Google all the time internally, and we make this capability available to our users as well. I want to now speak a little bit more on the safety side. But with regard to protections, technical initiatives that we can take to protect people. One thing which we might want to be protected from is spam. For the moment, most of our protections are in the form of filtering. So Google, gMail and others try to figure out what is spam and what isn't and try to filter it out if you ask that it be done. I wonder whether we will get to the point where we can have authenticated E-mail. If we could achieve the objective of having strong authentication for an E- mail source, then you might decide to say, I don't want to see anything except strongly authenticated E-mails. And anything else I'll consider spam. Or I'll consider second class material. Filter everything that you believe is spam, put everything that is strongly authenticated over here and the stuff in the middle I will look at and on occasion, but we should be working towards tools that will allow us to ask for those kinds of services. We worry about viruses and worms and Trojan horses, things like that. These are all examples of some of the harms, some of the bad behaviors that we see in the Internet. It wasn't in the original Internet because it was a very homogeneous collection of engineers. They didn't have motivation for doing any of the things we see today. Once the general public is part of the Internet environment, all of the good things and all of the bad things about the general public, about us, show up on the network, and we have to do something about that. We can't ignore it. So being able to detect that viruses are present, or worms are present, or Trojan horses are present or detecting an intrusion has taken place, that someone is using the network in a way that wasn't intended, are all important tools for protecting us, whether we are in an enterprise context, or residential setting. Moreover, some of the tools that we use, to use the network that have operating systems in them or have browsers running, are also sources of weakness and vulnerability. We have a responsibility if we are going to build a safe network to improve those operating systems, to improve the browsers. Most of the infections that occur, are machines that become infected, are infected through browsers that ingest software that it shouldn't ingest and cause changes to the operating systems and create zombie machines which become part of the botnets or are used to generate spam or attacks. We need to work on better quality and maybe more paranoid operating systems and browsers. There is a recent development which I find quite attractive in this domain. When your machine first boots up, it runs something called bios which is a basic IO system that boots in the operating system. That's a very vulnerable moment for any piece of computing equipment because it is pulling in the operational software. The National Security Agency in partnership with industry has now proposed, and the industry is responding, to have cryptographically validated bios software, which is firmware, and so before that program which boots in the operating system actually runs, the hardware checks to see whether it is digitally signed properly and it won't run that boot program unless the digital checksum works out. Moreover, if you are going to update that bios program, it checks first to see whether the update is digitally signed properly and if it isn't, it won't do the update. These are really combinations of hardware and software in order to improve, reduce let's say, the vulnerability of a machine, to be coming infected. Having instituted this what I will call sharing of hardware and software protections, I think is a very powerful extremely general purpose idea. This is operating at a very low level, in the infrastructure of devices that use the Internet. There are ways of detecting sites, websites that have become infected. When Google does the index of the World Wide Web it sends crawlers out to download every single home page that it can find. As the software is downloading those pages, it's looking to see whether there are any possible viruses or worms or Trojan horses. It's this piece of software that is doing this, os it is not perfect, but if it detects what it believes is an infected website it will mark that website as having potentially malicious software. If you use the Google search tool, and it happens to pull up one of the websites that has this infection indication, if you try to go there by clicking on the link, a big red interstitial page comes up saying you may not want to go there, we think there is software that would infect your machine. We are not always correct. Some website holders are quite unhappy when they realize that they are being, that their access to their websites are being intervened by this bright red warning page, and they often will complain. We send them to an organization called stop badware which is spun out of the Harvard Center. They do job of analyzing websites, and helping the website holder or responsible party to debug and remove any infecting software. Sometimes they will say I didn't put anything in there, why are you pointing the finger at me? The answer is you didn't put anything there. But somebody else did, because the security of your website wasn't sufficient to prevent someone from infecting that website. So this is another example of the protective move to make the network safer. There are other things that are happening in the technical space, the Domain Name System Security Extensions which digitally sign entries in the domain name system have been instituted for some time now. The Internet Corporation for Assigned Names and Numbers is now signing the root zone of the domain name system and that propagates downward into the secondary and tertiary and so on zones of the domain name system. That is actually a very important tool. You can ask for a digitally signed response when you do a hookup in the domain name system. That gives you increasing confidence that the Internet address that it's pointed to is in fact the same as the one that was put in there by the party who is responsible for that domain name. This may be extended in many other ways to allow installation of certificates in the domain name system as well, as opposed to relying solely on certificate authority to identify a party, using cryptographic means. There is more detail there, but I don't have time to go into that. I want to shift now, remember we are in the space that is talking about a safe Internet. What else could we do to make it safer? Well, there are legal protections that might also be needed in order to make the network safe. If you can't inhibit through technical means bad behavior and abuse of the net, you don't have a lot of other options. The other options tend to fall in the category of saying, we have agreed that these things are socially unacceptable. These behaviors are unacceptable. If we catch you, if we catch you, there will be consequences. This is how we deal with a lot of abusive behavior. People drink and drive, and we say don't do that. They do it anyway. They run into each other. They harm themselves and they harm property. We say, if we catch you, there will be consequences. One could make the same argument for abusive behavior on the Internet. Part of the problem is that the Internet is global in scope. The harms that might be visited upon a victim could come from anywhere in the Internet which means it could come from anywhere in the world which means it could come across a national boundary. The implication of that is that if we are going to do anything about what we might collectively agree is unacceptable behavior on the net, then we are going to have to have some kind of international reciprocity. We are going to have to have treaty agreements about which behaviors we collectively believe are unacceptable and what we are willing to do about them. But in order to make this effective it has to be a cooperative effort in the same way the Internet doesn't work without the cooperation of all the various Internet service providers that are interconnected with each other. On a more positive note, with regard to legal protections, imagine that we decide that the digital signatures are an important element to have in place for eCommerce, so that people can essentially conclude contracts online. The question will be, if we use all the tools for digital signatures, and two parties agree on the contract, and they each digitally sign this contract, the question then will be when one of the parties breaks the contract, breaches the agreement, how does the other party respond and what recourse does that party have? If a digital signature does not have the same strength, legal strength as a wet one does, when you try to remediate this breach, you may discover there is no legal support for it. Here again we would need reciprocity. We need to have agreements, for example, about what it means to issue a digital certificate, what actions have you taken to validate the party's identities before you issue the certificate, so that the party can use the public and private key for digital signatures. What are the legal frameworks in which you can bring complaint and under which conditions will that complaint be heard and given credibility on the basis of the signed digital contract? Here would be something that we can do that is constructive, because the intent is to improve our ability to perform electronic commerce. One thing that I worry a lot about any kind of discussion of legal protections in the Internet, is that there be due process associated with any actions that are taken. One should anticipate, expect, equal treatment under the law. This is a complex matter because it's international in its character. But the idea that actions cannot be taken or will not be taken without due process, without proper notice, and without proper authority, seems to me a very important element in any expectation of the safe network. We are all familiar I think with the U.N. declaration of human rights. We have heard from time to time about access to the Internet being characterized as a human right. I have to admit to you that I find that an odd formulation in a way, to pick a particular technology and bind a human right to it. If the Internet changes, which it almost assuredly will, one would wonder whether you have to rewrite human rights, and here I think Internet is simply a manifestation of a set of more fundamental human rights about the ability to speak and be heard, the ability to be kept safe from harm. My tendency would be not to point at the Internet and claim access to it as a human right, but rather say the human rights of expression and freedom to hear and the like are manifest in the Internet, and whatever it turns into. I do want to mention that there are a couple of other possibility constructive things that we can do, to make the Internet safer. Some of you I'm sure have, know about the fire department, and you know if there is a building on fire that you have the ability to call the fire department and say there is a building on fire. The fire department has authority to do some fairly extreme things. If the building is on fire, it can break in the doors and windows and the roof, it can pour water into the building, it can do quite a bit of damage in the process of putting out the fire. Yet we accept that, because the danger of that building on fire is that other buildings nearby might also catch fire, and people's property and lives might be at risk. We don't have a cyber fire department. But it occurs to me that something like that might be an interesting concept to pursue. Many of us are not in a position to put the fire out in the house. Can you imagine standing in front of the house with your garden hose realizing you want somebody there with a bigger hose and more water. In the cyber fire, if you are under attack, your company is under attack, and you don't have the skills or the personnel or the equipment to respond, you might want somebody else to do that. The question is, if we create such a notion of cyber fire department, what authorities will it have? What is it permitted to do in the course of trying to defend against a cyber attack? One question of course is, can a competitor call the cyber fire department and have it attack its competing customer? I'm sorry, his competitor. We have to have some kind of rules that say when you can invoke the cyber fire department. But having access to better expertise, to protect yourself, seems like it would be an interesting idea. This also leads to the notion of forensics and improving of tools for forensics. If we are going to have an Internet that is safer, then those who would abuse it, and abuse its users, need to be discoverable. In order for that to happen, we need better forensic tools than we have today. Once again, I'd be very concerned about the question of privacy, confidentiality and other rights that, and due process and so on. But we still need to accept that there are people who cause harm on the net who have to be found, and that we should be mindful of creating tools and methods and a legal framework in which that can be done. Let me stop there, and simply say one more time, that we say that the Internet is for everyone. But it isn't yet. We say that it should be for everyone, I say it must be for everyone. And I hope it will be for everyone. Thank you very much. (Applause.) So, we are going to do Q and A. But given the fact that I'm hearing- impaired, you are going to have to put up with the Geraldo style Q and A session. I have this microphone which I have and if you raise your hand, I'll come rushing down the aisle and in the hopes I'll read your lips if I need to. Is this working? Yes. >> Hi, this is Sarah from (inaudible) we were talking, you were talking about privacy, calling for protection, and safer Internet. Are you concerned at all that this might change with the new GTLD? >> VINTON CERF: That is an interesting question. First of all, let me distinguish between the internationalized domain names, and the Latin domain names. I hope that the new GTLDs accommodate both, because I think people whose languages are not naturally expressible in Latin characters would appreciate the ability to express domain names in something other than Latin characters. I don't think that the new GTLDs are necessarily any more risky than the collection of domain names that we have today, because there are 147 million domain names apparently, and that is just at the second level I think. So the believe ability or the, how do you know what that domain name means, is no more and no less risky in the new GTLD world than it is in the existing domain name world. It's just some of these are now at the top level of the domain, at the top level as opposed to second level. Once again we are back to something that I bet every one of us should be mindful of, and that we should be thinking more critically about our use of the Internet than we sometimes do. If we believe that everything on the Internet we hear and see is true, that is a mistake. If we are raising children, probably the best tool that we can teach them is critical thinking. They should be thinking about all the information they get. The Internet is just sort of these stark examples of the full range of the content and misinformation and mistakes and so on, and maybe even deliberate errors. We should, but we want our kids not only to be thoughtful about what they see on the Internet, but we want them to be thoughtful about what they read in the newspapers if they still read newspapers or watch on television or hear on the radio, or what they get from their friends or from their parents and their teachers. They should be thinking critically about all of that, including Internet. I think it's not any worse than it is now. But we can do ourselves, do better by thinking. Let me get this gentleman over here. Then I'll come back. >> My name is Eric. I would like to point out to the filter bubble that recently came out, pointed out some of Google's new tactics or strategies with regards to when someone does a search, that the results are tailored to that person, and the data that has been gathered on that person. How much further can (inaudible) someone using video chat feature, for example, and image recognition of brand that they are wearing or analysis of the facial expression, what do you foresee as to how far this kind of recording can be done? >> VINTON CERF: Good question. So Google has actually been very cautious about any kind of facial recognition and other kinds of practices, although I gather that Facebook just announced something along those lines. The technology is there to do a lot of the things that you have described. So as a society, I think we have a responsibility to try to say something about what those limits should be, and I'm taking it from your question that you are engaged in that. Good for you. Keep doing, keep working it. There are obvious situations where these techniques could be very useful. We are back into the question of harm, not just on the Internet, but harm in the world we live in. But the question about when those tools get applied and under what conditions, and with whom that information is shared, is a very big question for me. It's not very different in some ways to the question about who should have access to medical information, just to pick another analogy. There are times when, let me give you a scenario, let's suppose you are in a strange city, never been in before, and you have a medical emergency. At the moment this emergency occurs, and you are in the emergency room, probably assuming you are still conscious, the last thought in your mind is keeping from the people who are trying to help you through this crisis, hiding medical information from them. You basically want them to know as much as possible so they can do the right thing for you to get through this medical emergency. On the other hand, you probably would not want it to be the case that the parties who had access to all of that information during the emergency, now have access to your medical files forever after that. What you would want is to have some sort of a finite time limit after which that access is no longer available. Credit cards have a similar element to them. They expire. The idea of expiring privileges for access to certain kinds of information strikes me as being a pretty powerful notion that we might want to apply also to the things that you were talking about, about facial recognition or other kinds of recognition things. I have to admit to you that privacy is becoming pretty hard to come by. I have one other personal anecdote that surprised me, maybe it shouldn't have but it did. There was a meeting in Sao Paulo, Brazil. And the security team said to me, I'm sorry, please don't take the car to get from the airport to Sao Paulo because there is only one road, and if there is a problem, you can't get off the road. I said, what is your suggestion? They said take a helicopter. I said that is okay with me, it only takes 12 minutes by helicopter instead of two hours in the car. We took the helicopter from the airport. We landed in front of the hotel. 20 minutes later someone came up, tapped me on the shoulder and said, you are on YouTube. I said what do you mean? Somebody saw you landing in the helicopter, took a video of it and put it up on YouTube. It was amusing because the person had no idea I was on the helicopter. He thought it was cool, the helicopter was landing. He videoed the whole thing down, helicopter lands. I get out. You hear him say, that's Vint Cerf! Then he put it up on YouTube. Only 20 minutes or something. So what that tells me, told me anyway, is that here we are walking around with our cameras and our video recorders and our audio recorders and our radios and our texting capability and everything else. The ability to remain anonymous has almost evaporated at this point. Thank you. Yes, right here. >> June Klein, and I do some collaborative research with the Oxford Internet Institute specifically on the fifth estate. I have two questions about that. I'm June Klein and I -- okay, anyway , I have two questions related to the fifth estate. First, I find it curious that with all the type of people who are here and at other conferences like this in the United States that nobody has mentioned the fifth estate; whereas, when you go abroad, everybody seems to understand what it is. And I find that very very curious. Second thing, if you take clear-cut examples of the fifth estate such as ipaidabribe.com in India, and which was just, it was showcase, yes, it was showcased on BBC radio, and apparently they have been pretty successful at it as well, they have made some changes. And then you look at WikiLeaks and you look at Arab Spring, and the question is, what do you think the reaction will be in terms of Internet public policy? Are you going to see more kill switches? Or are you going to see more of a backlash that I want a bigger role of the Internet? >> VINTON CERF: That is a very interesting question. Remember you have asked an engineer a political question. So you deserve the answer that you get. (Chuckles). First of all, any regime that believes that it can only survive by hiding information from the population is going to be threatened, by the technology that we have been talking about today. And so there will be certain places where there will be very strong negative reactions to freedom of speech and everything else. There is no surprise. You understand that. I also, at least hope, I won't say I know, but I will say I hope, that we are able to retain an Internet that does keep this freedom and openness and ability to create transparency from evaporating. The kill switch, let's refer specifically to the Egyptian case for a concrete example, the kill there was to kill the underlying transport. The Internet packets are not magic. They have to be carried on something. The fact that they don't care what they are carried on is important, because it allows us to use lots of different technology to implement the motion of Internet packets from one place to another. But if there is nothing to carry them, they won't go anywhere. So shutting down the underlying transport is one way of killing the Internet. What I believe would happen, however, if that were to go on for any appreciable period of time, that people would bring in radios, they would do mesh networking. There would be a variety of inventions for implementations to overcome that. These are not new technologies. This is entirely doable today. I have a mesh network running in my house, it's an IPV6 sensor network. And it keeps track of the temperature and humidity and so on. Every five minutes, I get a report that goes into a server down in the rack in the basement, and twice a day I get a note saying what is the status of my house. Unless the temperature goes above 60 degrees in the wine cellar in which case I get an SMS emergency (chuckles) so this is a mesh technology. I think population whose ability to speak and hear is being suppressed will find ways to bring technology in, in order to redress that weakness. I hope that the Internet will, I like to say that IP runs over everything, including you if you are not paying attention to what is going on. Let me get this gentleman, here and then over there. >> Hi. Jeremy Pesner, health affiliated. There has been a lot of to-do about IPV4 versus IPV6. That is a clear example of how the Internet needs to evolve to survive today. What I'm curious is, having seen both the (inaudible) Internet, what other sorts of shortcomings and issues and pitfalls need to be addressed in order to keep it evolving and vibrant for how it's being used today and in the future. >> VINTON CERF: Plainly, the address space is one limitation, and that is what the V6 is all about. Another one is, I talked about earlier, strong authentication, two factor authentication, things like that. What we want, what I want anyway, is the ability to ask for you to strongly identify yourself when I ask you to do that. You have the freedom to say no, I won't, in which case I'll say this conversation is over. But the idea that we have tools available for that purpose is absolutely essential. I think that for Internet to continue to grow, we are going to see another dimension, expanding in Europe, you hear the term Internet of things. Here in the United States you hear about the smart grid. I believe that there are going to be billions of devices on the network and getting those devices fully interconnected with everything else on the net is a very important step in the direction of making the net more useful. At the same time, that poses risks, because if every appliance in your house is accessible on the Internet, what happens if the 15-year-old next door reprograms your house while you are away? Once again we are back to strong authentication being a very important element in making this expanding Internet a safe place in which to build new applications. Apart from that, there are, we have not made very good use of broadcast media in the Internet. If you are looking for another technical avenue for expansion, I can hardly wait to start getting services in satellites that literally broadcast Internet packets to hundreds of millions of receivers all at the same time. We have been doing that for years with television. But what I want is the ability to carry any form of digital information in packet form from the satellite down to hundreds of millions of receivers. It's a very efficient way of delivering a large amount of the same information. I don't want to be limited anymore to simply delivering audio or video. I want the ability to deliver anything that I can digitize and packetize. That is a step which I hope is taken, because it would be another platform on top of which you can build very interesting applications. There is more, but I'll stop there. I'm trying to, I had this gentleman back here and then I'll get to Julie. >> My name is John Gilberg, with Group.media. You have spoken eloquently about the future of the web. If you can put yourself back in your 1990 shoes, is the web of 2011 anything like you could have imagined or any parts of it like you might have imagined? >> VINTON CERF: Of course. Everything is happening exactly the way we imagined it would. (Chuckles). Really, let's go all the way back. Let's go to 1973. Bob Khan and I are sitting here, he comes to Stanford and says I have a problem. What is your problem? He says I got three different kinds of packets of SMS, and I have to hook them together somehow. That is what we worked on. And that is what we worked on for six months, and what the TCP/IP protocols are all about. Did you do that in a vacuum? No. Did you understand how powerful this technology would be? The answer is yes. Did we know all the applications that people would invent? No. But 1973 is an interesting year. I want you to appreciate the context. 1973, in 1973, I was at Stanford University, Bob was at DARPA. Xerox was around the corner from my lab at Stanford. In May of 1973, Bob Metcalfe invents the Ethernet. In 1971 or '72 E-mail gets invented. In 1972 Doug is talking about knowledge society, and builds a one node system which you could characterize as a single computer worldwide web. I don't mean to do any disservice to my friend Tim over there. But the idea of being, groups of people sharing information in a common environment is what Doug is so excited about, but he invented the mouse, the mode display, way of linking things, on-line system, all of this available to Bob and me as we are thinking about how do he build this Internet piece. In some sense we had a strong sense of the power of all this. Even social networking became visible as a consequence of the network E-mails. The first E-mail distribution list, with sci-fi lovers, engineers, what do you expect, a bunch of geeks. The next one was yum-yum, if I remember right, which was distribution list of restaurant reviews coming out of Stanford, so engineers are interested in science fiction and they like food. It's not a surprise that you would see those two things. But you could see the power of the distribution list. So honestly, we had a sense of a lot of power. But I don't think we knew what would happen when 2 billion people got on-line. The particular thing which astonished me more than anything is when Tim's capability became widely available, the willingness of people to pour a huge amount of information into the net, simply for the joy of knowing it might be useful to somebody else. There wasn't any, the obvious remunerative mechanism. They wanted to know what they were doing was interesting to somebody else. They would get to know them and get to work together. The astonishing thing about the web is this outpouring of content. Of course it continues today. >> Thank you. Julie, and I'm a member of the D.C. chapter of the Internet Society and a lawyer. I'm wondering, your thought about authentication, you cited credit card companies of being an example of how that would achieve in different context. Do you have any recommendations as to who would pay for this, or how that would be achieved? Looking at the potential of the cost/benefit, but would the businesses pay for that? Would end users? Would it be a collaboration? Or have you given that some thought? >> VINTON CERF: Strong authentication involves the ability to generate, to use cryptographic pairs and to both sign things and encrypt or decrypt them. The scenario that I wish I could persuade the banks to undertake goes the following. Today we use credit cards with magnetic strips on them. They are not very secure. It's possible to actually fabricate a card by using a hot iron and some more (inaudible) tape. Ideally, what have I just done? (Chuckles.) It's okay. It's just geeks, right? And besides, if you Google it, you will find it on the net anyway. Okay. So my proposition is, that if the banks said, look, we want you to have this smart card, that has the ability to generate cryptographic authenticity, because it will allow us not only to protect the use of the card, but also offer services that we would not be willing to offer on the basis of the magnetic strip card, because of the stronger authentication, and if people, if they said, you can't get any money out of the ATM if you don't have one of these cards, everybody would get one of the cards. 90 percent of all the cash that is dispensed in the U.S. anyway is through an ATM machine now, not the tellers. If everybody has such a card, and the teller machines had readers in order to implement the proposition, that would form an infrastructure, that would make it of interest to people building devices, whether it's personal computers or laptops or notebooks, to be able to sense those cards. Maybe you use in your field communication or might use a physical contact on the card, but the point here is that once that infrastructure is in place, you begin to use it for a variety of other applications. The problem is getting to the point where there is a rationale, a motivation for getting smart card-like capabilities in place. I submit to you that we are not very far away from there, given the set of risks that we are all starting to see. I'm hoping, the bank scenario doesn't hold up, maybe another one will. I know I'm not wearing it now, but I carry around a two factor cryptographic generator as part of my I.D. at Google. I can't use the internal systems at Google without it. If we all begin to think in those terms, maybe we will create the incentive to do that. I have to stop here. I turn this over to Sally again. (Applause.)