A new way to run the internet would scupper ransomware and hacking, but its authoritarian backers could control everything we do online

Online freedom is not negotiable Getty

CYBERTERRORISM fears are through the roof. Ransomware is wreaking havoc on corporations, hospitals and individuals. Printers can be hacked to take down the world’s largest websites. Put simply, the internet is a mess.

You’re probably familiar with all this hand-wringing. What you might not know is that a solution has been around for decades, and in principle we could apply it tomorrow. Do so, and in one fell swoop we could get rid of ransomware, DDOS attacks and possibly nation state cyberattacks. You might even get rid of trolls.

How to keep your data secure online: Find out in our expert talk at New Scientist Live

Even now, this next-generation internet plan is being talked up in the obscure back rooms of internet governance. It is touted as a way of guarding against the potential apocalypse of putting your fridge, your toaster and a billion other gadgets online. There’s just one tiny problem: if it’s adopted globally, the new regime might just destroy the online world as we know it.


Breaking point

That’s a high price to pay, but it seems we have to do something. The existing internet was never meant to cope with billions of users and abusers – though its underlying technology, known as TCP/IP, was designed to survive cold war nuclear annihilation.

Rather than sending data across static network paths, which could be destroyed, TCP/IP will do everything it can to get packets of information from point A to point B via any viable route. It doesn’t care who you are, what you’re sending or who you’re sending it to: all that matters is the internet addresses that need connecting.

This attitude was fine in the 1970s when you could map the entire internet on a single sheet of paper. These days, it is a disaster, making it tough to figure out who people on the internet actually are and stop them doing bad things.

But what if you could assign a unique, permanent and traceable identifier to every phone, laptop, identity or document? Robert Kahn, co-developer of TCP/IP, created just such a system in the early 1990s. As the modern internet struggles, it is starting to get attention.

Rather than dealing with anonymous packets of data, Kahn’s system is based on digital objects – each a specific sequence of bits with its own unique identifier, or handle. This “handle system” is already in limited use on today’s internet. Academic journals use a form of handle called a digital object identifier, aka, DOI, to give research papers a citable and unchanging identity, even if it moves to a new website.

“It’s one identifier for the material that gets you to the material, no matter where it is,” says Kahn. Research papers are just one example. “It can be a movie, a book or chapters of a book,” he says. And using handles to identify parts of a digital object, like a chapter, would provide a massive online security update.

Take medical records, for example. You could tag individual lab results with their own identifier that determines who can look at each set. This would let you decide exactly what to disclose, so a doctor could treat your heart disease while being unable to access anything related to your sexual health.

As more information goes online, the need for such fine-grained protection grows. While putting your fridge on the internet could help you stock up on groceries, an explosion of insecure networked devices creates the potential for hackers to enlist a vast botnet army.

That’s why countries including Russia, China and Saudi Arabia banded together to ensure the UN adopted the handle system as the overarching standard for such devices, ostensibly to close these glaring security holes.

Greater control over data, better security and a way to trace troublemakers – so far the handle system sounds perfect. But there is a downside.

Authoritarian regime

“It has become a poster-child for more centralised control, something that many governments are attracted to,” says Maria Farrell, an internet policy consultant based in London. “It’s vulnerable to capture by governments who are likely to want it run in a way that solves political, not technical, problems.”

Robert McDowell, a former commissioner for the US Federal Communications Commission, has graver concerns. He has said the handle system could become an “authoritarian internet power grab“. That’s because it doesn’t just regulate devices and documents – anything can be a digital object, including people. McDowell warns that this could lead to “real-time surveillance and tracking of each device and individual connected to the web”. Just as a medical record would be subdivided, you too could become a “super identifier” whose various devices and internet activities all link back to you.

The handle system allows the creation of master databases where every digital object is uniquely tagged, and where information is added, tracked and queried. Anyone who controls this registry becomes the gatekeeper to all the information, resources and devices on their patch of the internet. As of last month, China, Saudi Arabia and Tunisia have created such registries.

So what happens when the gatekeeper shuts you out? The handle system lets them deny access to any device without a valid identifier. That doesn’t have to be a smart light bulb. It could also be your laptop, your smartphone, your twitter account – or even you. And who decides whether an identifier is valid? Your government, with all its potential authoritarian foibles.

Many governments have already demonstrated their desire to take down bits of the internet they don’t like. China’s “Great Firewall” heavily restricts what its citizens can do online. Russia, Turkey and Egypt have all temporarily switched off access to certain sites. Even in the UK, most ISPs block file-sharing sites ruled illegal by the High Court.

“Greater control over data, better security and a way to trace troublemakers. But there’s a downside”

At the moment this is done by blocking access to certain internet addresses at a national level – removing your online destination for everyone in a country. Under the handle system, a government could just single you out personally, revoking access to pages it didn’t want you seeing.

Kahn points out that it is already possible to control the internet. “Governments can do repressive things, and technology isn’t a stumbling block. Every government could cut off communications into its country through normal channels.”

But it’s the specificity of the handle system that has people worried. “Censorship regimes can rely on the handle system to more easily control the flow of information,” says Mehwish Ansari of online expression charity Article 19. “The ultimate effect would be to place greater control in the hands of states and corporations that seek to restrict the internet’s capacity as a space for discourse, protest and the free exchange of information.”

Right now, there’s a kind of internet-governance cold war over the handle system. After winning the fight for UN recognition as an international standard, some Arab states, Russia and China want to start rolling it out. On the other side, Western countries are generally against the handle system, happy to stick with plain TCP/IP, whether out of precedent or principle.

But this is a cold war that TCP/IP may not survive unscathed. If the handle system is widely adopted, we could see the lowering of a new, digital Iron Curtain, with geo-political blocs defined by the way it is used. If China, Russia and their allies crack down on super identifiers they don’t like, while the US, Europe and others do not, your smartphone may stop working at the border.

That’s not even the worst of it. How long before the handle system is discovered by UK prime minister Theresa May, who earlier in the summer called for the internet to be regulated? Or by Donald Trump, who suggested on the presidential campaign trail that Bill Gates should “close the internet“.

So yes, we could fix the internet, and do away with all the crooks, trolls and general troublemakers. But perhaps these malcontents are the price we pay for a free and open online society.

This article appeared in print under the headline “Weaving a new web”