Meet the new 'Net, same as the old 'Net
- By William Jackson
- Jun 25, 2007
Speaking at a telecommunications trade show in Chicago last week, AT&T Chairman and Chief Executive Officer Randall Stephenson said the evolution of communications from fixed voice service to a suite of mobile IP-enabled services represents more than a rebirth of a moribund telecom industry; it is, he said, the next phase of the Internet.
Funny thing about this next phase: Its creators appear to be making the same mistake that was made with the first Internet. Everyone is rushing headlong toward new functionality and leaving security as an afterthought. We know where that got us the first time around, and with the Internet becoming more deeply embedded in our lives and in our business, it looks like it is going to get worse before it gets better.
The driver for the new Internet appears to be consumer demand for more and better ways to watch video. AT&T is beginning a limited rollout of its Video Share service, which allows cell phone users to stream live video to each other. At the same show, Motorola CEO Ed Zander said his company's newest phone will be capable of storing 16 hours of high definition, 30-frames-per-second video. But it isn't just about video; it's about many-to-many collaboration over any kind of link to any kind of device, and wireless connectivity is becoming ubiquitous and embedded in more computing devices.
Yet for all the talk of building out new broadband networks and the great new services they will carry, there was no talk at the show of security. There were frequent references to YouTube, the darling of the next phase, but none to security. There were predictions that the Internet would become integral to all aspects of our lives but no discussion of how to do this securely.
It is understandable that the Internet originally was developed without much thought to security. The developers were building from scratch, trying to see if they could get it to work. No one knew at the time what its capabilities would be or that it would become a utility in everyday use by businesses and individuals. Who knew we needed to secure it?
Now we know. Security companies, systems administrators and legislators are playing a high-stakes game of cat and mouse with hackers and criminals in a desperate effort to close vulnerabilities before they are exploited. As the Internet becomes more mobile and more functional, things are only going to get worse.
'Mobile spam has the potential to explode as spam-Trojan authors develop mobile malware,' Craig Schmugar, a researcher at McAfee Avert Labs, wrote recently. And voice communications are vulnerable to something called SPIT ' Spam over Internet Telephony ' he wrote. 'Spoofed VOIP phishing attacks will likely be more successful than their e-mail counterparts because anti-SPIT technology is far behind that of anti-spam, and many VOIP users will not expect attacks to come from numbers that match those of their banks.'
Stephenson called the Apple iPhone 'the embodiment of innovation.' Security researchers see it as a new and particularly rich vector for malicious software. 'It is likely that researchers are going to investigate what its possibilities are,' Schmugar said recently.
The news is not all bad. IPv6, the next generation of Internet Protocols expected to enable many new mobile technologies, should also enable better security at the network layer. And Microsoft's new Windows Vista operating system is a step toward better security, Schmugar said. But he also said that in applications and services, 'in Web 2.0 there is still a lot of room for improvement.'
Maybe the network carriers, service providers, equipment manufacturers and application developers really are paying attention to security. Maybe they just don't trumpet it at trade shows because security doesn't sell cell phones any more than seat belts sell cars. But I, for one, would be glad to know that the device I am expected to use for everything from telephone calls to financial transactions ' and will carry all the details of my life ' was built with security in mind.
William Jackson is a Maryland-based freelance writer.