For people of a certain age in the technology industry, one of the ways of establishing a connection with someone is by asking some version of the following question: How long have you been online? Depending upon how you define “online”, the answer can vary from 15 to 25 or even 30 years. But simply replace the word “online” with the phrase “on the Web” and there is an upper bound on the possible answer.
The Web as we know it came stumbling and blinking out into the light 20 years ago today, and it was designed and defined at the time as an open network of free resources. What it’s become in the last two decades, however, is less a global collection of shared knowledge and conduit for the free flow of information and more a fragile tangle of smaller networks that at times is barely usable.

When CERN published the original “Statement Concerning  CERN W3 Software Into Public Domain” on April 30, 1993, the Internet was still a small enough thing that it could be defined and understood in normal terms. There were a few hundred Web servers online at the time, and most of the traffic on the Internet comprised email and remote-access services. Though people now use the terms Internet and Web interchangeably, they are two separate and distinct things. The Internet is the global network of computers and was in existence long before the Web emerged. The Web is built upon the Internet’s infrastructure and couldn’t exist without it. In the 1980s and early 1990s, while the U.S. government and universities still viewed the Internet as primarily a research tool, the folks at CERN in Switzerland were building the software that would eventually make the network usable for billions of people.

The researchers at CERN had developed client and server software for the Web designed to make the publication and retrieval of documents and information on any Web-connected computer easy and fast. There were other similar programs in use, but when CERN released its software into the public domain it marked the beginning of what can be seen now as the existence of the modern Web. One interesting thing in the CERN release document–apart from the awesomely anachronistic use of the term W3 to describe the Web–is the note of optimism in the writing, along with the prescient contemplation of potential problems arising from the release of the software.

“CERN’s intention in this is to further compatibility, common practices and standards in networking and computer supported collaboration,” the note says.

“CERN provides absolutely NO WARRANTY OF ANY KIND with respect to this software. The entire risk as to the quality and  performance of this software is with the user. IN NO EVENT WILL CERN BE LIABLE TO ANYONE FOR ANY DAMAGES ARISING OUT OF THE USE OF THE SOFTWARE INCLUDING, WITHOUT LIMITATION, DAMAGES RESULTING FROM LOST DATA OR LOST PROFITS, OR FOR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES.”

In language clearly written by a lawyer, CERN was telling future Web users that there were risks associated with the use of the Web, and the lab wanted people to know that up front. The risks that the CERN attorneys had in mind likely had more to do with potential damage to PCs and servers running the lab’s software than with damage to the companies and people who used the Web. But while the former has indeed been a large problem, it’s the latter that emerged as perhaps the biggest detriment to Web usage.

The security and reliability of the Web is a major issue and one that’s getting worse by the day. The open nature of the network, which makes it an invaluable resource for users, businesses, governments and everyone else, also makes it a playground for attackers, criminals and anyone else looking for a broad audience for their scams. If cybercrime were a legitimate industry, it would be one of the larger–and perhaps the most profitable–industries on earth. Untold billions of dollars disappear into the ether every year, winding their way through the wires before ending up as stacks of cash paying for criminals’ bottle service and Caribbean vacations.

But let’s be clear: Crime is a constant; it’s only the means and methods that vary.

The architects of the Internet and World Wide Web said from the beginning that the network was meant to be and should always remain open. You can interpret the word “open” in many different ways, but let’s think of it as meaning accessible and usable for anyone who wants to use it. Certainly the Web is accessible, now more than ever, with smartphones, tablets, TVs and even watches with Web access. There still are many communities around the world with limited or no access to the Web, but they are fewer in number each day.

The second part of the equation–usability–is where things get sticky. The Web is a fragile thing. Servers fall over, the DNS infrastructure comes under fire, DDoS attacks sink online banking systems and utilities fall at the hands of attackers using freely available toolkits. As easy as it is for a user to get online and buy a car on eBay and have it shipped to her house, it’s just as simple for a criminal to hijack that user’s account, ship the car to himself and drive off. And that’s the least of it. Remote attackers can infect and shut down nuclear power plants, financial trading platforms and whatever else they set their sights on. Fast, clean and little chance of detection. The open nature of the Web makes all of this possible.

And yet the openness and interoperability and accessibility that Tim Berners-Lee and Vint Cerf and the other architects of the Web and the Internet envisioned is alive and well. It’s also perhaps more important now than ever before. The Web has become a platform for social activism and change around the world and has given a voice to millions of people who may otherwise never have been heard. The security and crime problems on the Web are real and they’re not going away, but the benefits and value of the Web’s open nature are real as well. It’s those elements that users everywhere should keep in mind and for which they should thank CERN and its researchers.

 

 

Categories: Web Security