It's been a brutal year for our favorite worldwide network. We've all heard the Internet described as the Information Superhighway. (I've never liked the term; there are a lot of shops on the Net, so isn't it more of a main street than a highway?) And like modern highway systems, the Internet has changed over time. Once, there weren't really any rules of the road—which didn't matter, because there wasn't but a handful of cars. One idiot driving a heap of junk or driving on the wrong side of the road inconvenienced no one. But when more than a few must share a public asset—such as a highway—you inevitably need rules. And, just as inevitably, rules need enforcers. The metaphor isn't perfect, but maybe we can use it to help keep the Internet running smoothly.
First, consider a driver's license. Imagine letting people get behind the wheel of a car with no training. The increase in the rate of auto accidents would be insane! Yet anyone can connect to the Internet, either through an employer's Internet connection or by paying an ISP a few dollars each month. Once connected, every user is free to open—and spread—every virulent email attachment they receive. That's just plain crazy; the Internet's too important a place for the unaware to blithely go about getting carjacked and sideswiping oncoming traffic for miles. As I've said before (see "Is it Time for a Driver's License for the Information Superhighway?," September 2003, InstantDoc ID 40401), we'd all benefit by the creation of some sort of email certificate awarded to informed users (i.e., users that have been educated about the caveats and consequences of opening attachments) so that we could all know whether the email we receive is from someone who's had basic email training. We wouldn't bar the clueless from the Internet, but we could use such "licenses" as a means of avoiding the messes that those users tend to make.
Second, how about a border patrol? One of the reasons that countries guard their borders is to reduce the inflow of contraband. I'm not talking about putting up walls between countries' Internets; I'm talking about stationing guards between Internet networks. Worms such as SoBig have distinctive signatures. Large ISPs have big routers that shunt traffic around the Net. Would it be so hard to teach those routers to identify particularly heinous SMTP blocks (e.g., ILOVEYOU, Klez, SoBig) and to drop those packets?
Third, we don't let people take just any old vehicle out on the highway anymore. If a car can't maintain highway speeds, breaks down and causes traffic congestion, or emits unacceptable levels of toxins, we don't let it on the road at all. Yet it's perfectly fine for someone to fire up a Windows 2000 system without the patches that protect against Code Red or MSBlaster or Nimda, or use a Microsoft SQL Server 2000 system without Service Pack 3 (SP3), then put that system out on the Internet, completely unprotected no less. Such a system is soon infected and becomes a broadcasting station for one of the aforementioned worms or whatever new beast springs up. Perhaps we need a technology that examines how up-to-date a system is before allowing that system's packets out on the Internet. Sure, you can drive your 1949 Studebaker on our highway … but first, you need to retrofit it with seat belts.
The Internet has seemed such a bastion of freedom for so long that these notions will, I'm sure, infuriate some people. No, I haven't come up with specifics for implementing any of these safeguards—I'm just throwing out ideas. And yes, my libertarian nature makes me unhappy to be suggesting restrictions of Internet access. But the fact is that the Internet is a public good, and public goods need to be defended. Nothing that I've suggested would deny anyone access to the Internet unless their systems were so horribly behind the times (patch-wise) that they could act as a vector for the most virulent worms; even the email-certificate concept wouldn't deny anyone access to email. My suggestions do create more than one "class" of Internet users, though, dividing those with and without a basic knowledge of how to use this shared resource in such a way as to keep the Internet sustainable. Without that basic knowledge, the Information Superhighway will continue to be plagued by accidents and gridlock.