TED2013
Danny Hillis: The Internet could crash. We need a Plan B
Filmed:
Readability: 3.8
1,375,608 views
The Internet connects billions of people and machines; it's the backbone of modern life. But tech pioneer Danny Hillis thinks the Internet just wasn't designed to grow this big -- and he fears that one big cyber-attack or glitch could shut it down and take civilization with it. To head off a digital dark age, he sounds a clarion call to develop a Plan B: a parallel system to fall back on if -- or when -- the Internet crashes.
Danny Hillis - Computer theorist
Inventor, scientist, author, engineer -- over his broad career, Danny Hillis has turned his ever-searching brain on an array of subjects, with surprising results. Full bio
Inventor, scientist, author, engineer -- over his broad career, Danny Hillis has turned his ever-searching brain on an array of subjects, with surprising results. Full bio
Double-click the English transcript below to play the video.
00:16
So, this book that I have in my hand
0
603
3066
00:19
is a directory of everybody who had an email address
1
3669
3934
00:23
in 1982. (Laughter)
2
7603
3519
00:27
Actually, it's deceptively large.
3
11122
3685
00:30
There's actually only about 20 people on each page,
4
14807
3437
00:34
because we have the name, address
5
18244
1890
00:36
and telephone number of every single person.
6
20134
3093
00:39
And, in fact, everybody's listed twice,
7
23227
2183
00:41
because it's sorted once by name and once by email address.
8
25410
4558
00:45
Obviously a very small community.
9
29968
2901
00:48
There were only two other Dannys on the Internet then.
10
32869
3431
00:52
I knew them both.
11
36300
1600
00:53
We didn't all know each other,
12
37900
1756
00:55
but we all kind of trusted each other,
13
39656
3113
00:58
and that basic feeling of trust
14
42769
3798
01:02
permeated the whole network,
15
46567
2587
01:05
and there was a real sense that
16
49154
2357
01:07
we could depend on each other to do things.
17
51511
3006
01:10
So just to give you an idea of the level of trust in this community,
18
54517
3575
01:13
let me tell you what it was like
19
58092
1625
01:15
to register a domain name in the early days.
20
59717
4105
01:19
Now, it just so happened that I got to register
21
63822
2630
01:22
the third domain name on the Internet.
22
66452
2460
01:24
So I could have anything I wanted
23
68912
1648
01:26
other than bbn.com and symbolics.com.
24
70560
4445
01:30
So I picked think.com, but then I thought,
25
75005
3414
01:34
you know, there's a lot of really interesting names out there.
26
78419
2986
01:37
Maybe I should register a few extras just in case.
27
81405
4209
01:41
And then I thought, "Nah, that wouldn't be very nice."
28
85614
3284
01:44
(Laughter)
29
88898
5695
01:50
That attitude of only taking what you need
30
94593
3629
01:54
was really what everybody had on the network in those days,
31
98222
4044
01:58
and in fact, it wasn't just the people on the network,
32
102266
3297
02:01
but it was actually kind of built into the protocols
33
105563
2720
02:04
of the Internet itself.
34
108283
1944
02:06
So the basic idea of I.P., or Internet protocol,
35
110227
3859
02:09
and the way that the -- the routing algorithm that used it,
36
114086
3729
02:13
were fundamentally "from each according to their ability,
37
117815
4129
02:17
to each according to their need."
38
121944
2118
02:19
And so, if you had some extra bandwidth,
39
124062
3013
02:22
you'd deliver a message for someone.
40
127075
1443
02:24
If they had some extra bandwidth, they would deliver a message for you.
41
128518
2993
02:27
You'd kind of depend on people to do that,
42
131511
2014
02:29
and that was the building block.
43
133525
2664
02:32
It was actually interesting that such a communist principle
44
136189
2627
02:34
was the basis of a system developed during the Cold War
45
138816
2436
02:37
by the Defense Department,
46
141252
2431
02:39
but it obviously worked really well,
47
143683
3070
02:42
and we all saw what happened with the Internet.
48
146753
3443
02:46
It was incredibly successful.
49
150196
2272
02:48
In fact, it was so successful that there's no way
50
152468
3297
02:51
that these days you could make a book like this.
51
155765
3588
02:55
My rough calculation is it would be about 25 miles thick.
52
159353
6166
03:01
But, of course, you couldn't do it,
53
165519
1174
03:02
because we don't know the names of all the people
54
166693
1790
03:04
with Internet or email addresses,
55
168483
3074
03:07
and even if we did know their names,
56
171557
1532
03:08
I'm pretty sure that they would not want their name,
57
173089
2433
03:11
address and telephone number published to everyone.
58
175522
4296
03:15
So the fact is that there's a lot of bad guys on the Internet these days,
59
179818
3702
03:19
and so we dealt with that by making
60
183520
4171
03:23
walled communities,
61
187691
1899
03:25
secure subnetworks, VPNs,
62
189590
4737
03:30
little things that aren't really the Internet
63
194327
1596
03:31
but are made out of the same building blocks,
64
195923
1971
03:33
but we're still basically building it out of those
65
197894
2240
03:36
same building blocks with those same assumptions of trust.
66
200134
4267
03:40
And that means that it's vulnerable
67
204401
2722
03:43
to certain kinds of mistakes that can happen,
68
207123
2396
03:45
or certain kinds of deliberate attacks,
69
209519
1861
03:47
but even the mistakes can be bad.
70
211380
3105
03:50
So, for instance,
71
214485
2949
03:53
in all of Asia recently,
72
217434
1953
03:55
it was impossible to get YouTube for a little while
73
219387
3433
03:58
because Pakistan made some mistakes
74
222820
2280
04:01
in how it was censoring YouTube in its internal network.
75
225100
3735
04:04
They didn't intend to screw up Asia, but they did
76
228835
3094
04:07
because of the way that the protocols work.
77
231929
2904
04:10
Another example that may have affected many of you in this audience is,
78
234833
3224
04:13
you may remember a couple of years ago,
79
238057
2591
04:16
all the planes west of the Mississippi were grounded
80
240648
2813
04:19
because a single routing card in Salt Lake City
81
243461
2892
04:22
had a bug in it.
82
246353
2362
04:24
Now, you don't really think
83
248715
2273
04:26
that our airplane system depends on the Internet,
84
250988
3026
04:29
and in some sense it doesn't.
85
254014
1006
04:30
I'll come back to that later.
86
255020
1616
04:32
But the fact is that people couldn't take off
87
256636
2250
04:34
because something was going wrong on the Internet,
88
258886
2275
04:37
and the router card was down.
89
261161
2575
04:39
And so, there are many of those things that start to happen.
90
263736
3779
04:43
Now, there was an interesting thing that happened last April.
91
267515
3139
04:46
All of a sudden,
92
270654
1526
04:48
a very large percentage of the traffic on the whole Internet,
93
272180
3332
04:51
including a lot of the traffic between U.S. military installations,
94
275512
4131
04:55
started getting re-routed through China.
95
279643
2768
04:58
So for a few hours, it all passed through China.
96
282411
2722
05:01
Now, China Telecom says it was just an honest mistake,
97
285133
4574
05:05
and it is actually possible that it was, the way things work,
98
289707
3857
05:09
but certainly somebody could make
99
293564
2035
05:11
a dishonest mistake of that sort if they wanted to,
100
295599
3273
05:14
and it shows you how vulnerable the system is even to mistakes.
101
298872
3358
05:18
Imagine how vulnerable the system is to deliberate attacks.
102
302230
4921
05:23
So if somebody really wanted to attack the United States
103
307151
3398
05:26
or Western civilization these days,
104
310549
2092
05:28
they're not going to do it with tanks.
105
312641
2189
05:30
That will not succeed.
106
314830
2413
05:33
What they'll probably do is something
107
317243
2003
05:35
very much like the attack that happened
108
319246
3291
05:38
on the Iranian nuclear facility.
109
322537
2707
05:41
Nobody has claimed credit for that.
110
325244
2274
05:43
There was basically a factory of industrial machines.
111
327518
3507
05:46
It didn't think of itself as being on the Internet.
112
331025
2577
05:49
It thought of itself as being disconnected from the Internet,
113
333602
2587
05:52
but it was possible for somebody to smuggle
114
336189
1947
05:54
a USB drive in there, or something like that,
115
338136
2532
05:56
and software got in there that causes the centrifuges,
116
340668
3396
05:59
in that case, to actually destroy themselves.
117
344064
2993
06:02
Now that same kind of software could destroy an oil refinery
118
347057
2666
06:05
or a pharmaceutical factory or a semiconductor plant.
119
349723
4422
06:10
And so there's a lot of -- I'm sure you've read a lot in papers,
120
354145
3266
06:13
about worries about cyberattacks
121
357411
2191
06:15
and defenses against those.
122
359602
2610
06:18
But the fact is, people are mostly focused on
123
362212
1980
06:20
defending the computers on the Internet,
124
364192
2283
06:22
and there's been surprisingly little attention
125
366475
2386
06:24
to defending the Internet itself as a communications medium.
126
368861
4365
06:29
And I think we probably do need to pay
127
373226
1863
06:30
some more attention to that, because it's actually kind of fragile.
128
375089
3088
06:34
So actually, in the early days,
129
378177
2927
06:37
back when it was the ARPANET,
130
381104
1724
06:38
there were actually times -- there was a particular time it failed completely
131
382828
3589
06:42
because one single message processor
132
386417
3285
06:45
actually got a bug in it.
133
389702
2476
06:48
And the way the Internet works is
134
392178
2272
06:50
the routers are basically exchanging information
135
394450
3567
06:53
about how they can get messages to places,
136
398017
2590
06:56
and this one processor, because of a broken card,
137
400607
3898
07:00
decided it could actually get a message
138
404505
2009
07:02
to some place in negative time.
139
406514
2688
07:05
So, in other words, it claimed it could deliver a message before you sent it.
140
409202
3983
07:09
So of course, the fastest way to get a message anywhere
141
413185
3150
07:12
was to send it to this guy,
142
416335
1876
07:14
who would send it back in time and get it there super early,
143
418211
3547
07:17
so every message in the Internet
144
421758
2856
07:20
started getting switched through this one node,
145
424614
3242
07:23
and of course that clogged everything up.
146
427856
1516
07:25
Everything started breaking.
147
429372
2155
07:27
The interesting thing was, though,
148
431527
2040
07:29
that the sysadmins were able to fix it,
149
433567
1840
07:31
but they had to basically turn every single thing on the Internet off.
150
435407
4782
07:36
Now, of course you couldn't do that today.
151
440189
1398
07:37
I mean, everything off, it's like
152
441587
2394
07:39
the service call you get from the cable company,
153
443981
2232
07:42
except for the whole world.
154
446213
3761
07:45
Now, in fact, they couldn't do it for a lot of reasons today.
155
449974
2059
07:47
One of the reasons is a lot of their telephones
156
452033
2622
07:50
use IP protocol and use things like Skype and so on
157
454655
2969
07:53
that go through the Internet right now,
158
457624
2069
07:55
and so in fact we're becoming dependent on it
159
459693
3282
07:58
for more and more different things,
160
462975
1792
08:00
like when you take off from LAX,
161
464767
2938
08:03
you're really not thinking you're using the Internet.
162
467705
1881
08:05
When you pump gas, you really don't think you're using the Internet.
163
469586
4116
08:09
What's happening increasingly, though, is these systems
164
473702
2125
08:11
are beginning to use the Internet.
165
475827
1867
08:13
Most of them aren't based on the Internet yet,
166
477694
3050
08:16
but they're starting to use the Internet for service functions,
167
480744
2536
08:19
for administrative functions,
168
483280
1905
08:21
and so if you take something like the cell phone system,
169
485185
3063
08:24
which is still relatively independent of the Internet for the most part,
170
488248
4320
08:28
Internet pieces are beginning to sneak into it
171
492568
2959
08:31
in terms of some of the control and administrative functions,
172
495527
3804
08:35
and it's so tempting to use these same building blocks
173
499331
2330
08:37
because they work so well, they're cheap,
174
501661
2264
08:39
they're repeated, and so on.
175
503925
1100
08:40
So all of our systems, more and more,
176
505025
2772
08:43
are starting to use the same technology
177
507797
1780
08:45
and starting to depend on this technology.
178
509577
2067
08:47
And so even a modern rocket ship these days
179
511644
2425
08:49
actually uses Internet protocol to talk
180
514069
2726
08:52
from one end of the rocket ship to the other.
181
516795
1816
08:54
That's crazy. It was never designed to do things like that.
182
518611
3186
08:57
So we've built this system
183
521797
3117
09:00
where we understand all the parts of it,
184
524914
3110
09:03
but we're using it in a very, very different way than we expected to use it,
185
528024
3698
09:07
and it's gotten a very, very different scale
186
531722
2439
09:10
than it was designed for.
187
534161
2171
09:12
And in fact, nobody really exactly understands
188
536332
2676
09:14
all the things it's being used for right now.
189
539008
2263
09:17
It's turning into one of these big emergent systems
190
541271
2503
09:19
like the financial system, where we've designed all the parts
191
543774
3481
09:23
but nobody really exactly understands
192
547255
2606
09:25
how it operates and all the little details of it
193
549861
3227
09:28
and what kinds of emergent behaviors it can have.
194
553088
2719
09:31
And so if you hear an expert talking about the Internet
195
555807
3133
09:34
and saying it can do this, or it does do this, or it will do that,
196
558940
2695
09:37
you should treat it with the same skepticism
197
561635
2461
09:39
that you might treat the comments of an economist about the economy
198
564096
4415
09:44
or a weatherman about the weather, or something like that.
199
568511
2267
09:46
They have an informed opinion,
200
570778
2648
09:49
but it's changing so quickly that even the experts
201
573426
2541
09:51
don't know exactly what's going on.
202
575967
1818
09:53
So if you see one of these maps of the Internet,
203
577785
2692
09:56
it's just somebody's guess.
204
580477
1666
09:58
Nobody really knows what the Internet is right now
205
582143
2198
10:00
because it's different than it was an hour ago.
206
584341
2741
10:02
It's constantly changing. It's constantly reconfiguring.
207
587082
2801
10:05
And the problem with it is,
208
589883
1514
10:07
I think we are setting ourselves up for a kind of disaster
209
591397
3341
10:10
like the disaster we had in the financial system,
210
594738
2795
10:13
where we take a system that's basically built on trust,
211
597533
5344
10:18
was basically built for a smaller-scale system,
212
602877
2621
10:21
and we've kind of expanded it way beyond the limits
213
605498
2909
10:24
of how it was meant to operate.
214
608407
1996
10:26
And so right now, I think it's literally true
215
610403
3268
10:29
that we don't know what the consequences
216
613671
3505
10:33
of an effective denial-of-service attack
217
617176
2434
10:35
on the Internet would be,
218
619610
1773
10:37
and whatever it would be is going to be worse next year,
219
621383
1874
10:39
and worse next year, and so on.
220
623257
1408
10:40
But so what we need is a plan B.
221
624665
2549
10:43
There is no plan B right now.
222
627214
1632
10:44
There's no clear backup system that we've very carefully kept
223
628846
3503
10:48
to be independent of the Internet,
224
632349
1946
10:50
made out of completely different sets of building blocks.
225
634295
3066
10:53
So what we need is something that doesn't necessarily
226
637361
3013
10:56
have to have the performance of the Internet,
227
640374
2734
10:59
but the police department has to be able
228
643108
1517
11:00
to call up the fire department even without the Internet,
229
644625
2523
11:03
or the hospitals have to order fuel oil.
230
647148
2565
11:05
This doesn't need to be a multi-billion-dollar government project.
231
649713
4614
11:10
It's actually relatively simple to do, technically,
232
654327
2748
11:12
because it can use existing fibers that are in the ground,
233
657075
3802
11:16
existing wireless infrastructure.
234
660877
1959
11:18
It's basically a matter of deciding to do it.
235
662836
2765
11:21
But people won't decide to do it
236
665601
2484
11:23
until they recognize the need for it,
237
668085
2379
11:26
and that's the problem that we have right now.
238
670464
1498
11:27
So there's been plenty of people,
239
671962
2783
11:30
plenty of us have been quietly arguing
240
674745
3044
11:33
that we should have this independent system for years,
241
677789
2918
11:36
but it's very hard to get people focused on plan B
242
680707
3009
11:39
when plan A seems to be working so well.
243
683716
3674
11:43
So I think that, if people understand
244
687390
3429
11:46
how much we're starting to depend on the Internet,
245
690819
3054
11:49
and how vulnerable it is,
246
693873
1977
11:51
we could get focused on
247
695850
2106
11:53
just wanting this other system to exist,
248
697956
3024
11:56
and I think if enough people say, "Yeah, I would like to use it,
249
700980
3077
11:59
I'd like to have such a system," then it will get built.
250
704057
3010
12:02
It's not that hard a problem.
251
707067
1423
12:04
It could definitely be done by people in this room.
252
708490
3235
12:07
And so I think that this is actually,
253
711725
4359
12:11
of all the problems you're going to hear about at the conference,
254
716084
3179
12:15
this is probably one of the very easiest to fix.
255
719263
2678
12:17
So I'm happy to get a chance to tell you about it.
256
721941
2767
12:20
Thank you very much.
257
724708
2611
12:23
(Applause)
258
727319
3854
ABOUT THE SPEAKER
Danny Hillis - Computer theoristInventor, scientist, author, engineer -- over his broad career, Danny Hillis has turned his ever-searching brain on an array of subjects, with surprising results.
Why you should listen
Danny Hillis is an inventor, scientist, author and engineer. While completing his doctorate at MIT, he pioneered the concept of parallel computers that is now the basis for graphics processors and cloud computing. He holds more than 300 US patents, covering parallel computers, disk arrays, forgery prevention methods, various electronic and mechanical devices, and the pinch-to-zoom display interface. He has recently been working on problems in medicine as well. He is also the designer of a 10,000-year mechanical clock, and he gave a TED Talk in 1994 that is practically prophetic. Throughout his career, Hillis has worked at places like Disney, and now MIT and Applied Invention, always looking for the next fascinating problem.
Danny Hillis | Speaker | TED.com