Thinking

We left off last week with the idea of connecting time-sharing networks. To make a very long story short: the Arpanet and subsequent development of today's internet protocols (TCP/IP) connected those networks together as part of a project of the US Advanced Research Projects Agency (hence: ARPAnet) to share computing resources.

The design of the original Arpanet protocols, and later TCP/IP, did not include encryption at any layer of the network and precluded the possibility of encrypting metadata. This is often attributed to the nature of the original Arpanet: connecting highly-restricted networks at prestigious universities and other research sites. The threat model simply did not include consideration for someone eavesdropping, and messaging was not the network's primary use.

Last week's newsletter talked about how early computer privacy concerns emphasized encryption data banks, not data as it traveled. Network engineers, from telephones to computers, didn't worry about encryption, and scholars followed suit. As historians Bradley Fidler and Quinn DuPont put it: "histories of computer networks tended to neglect cryptography, and histories of cryptography tended to neglect computer networks." Even Janet Abbate's groundbreaking history of the creation of Internet protocols, in which she took a science studies approach to see how military priorities and political negotiations shaped technical decisions, downplayed decisions about network security. This separation between modern network engineering and cryptography is particularly strange because both fields trace their origins to Claude Shannon's work during WWII, and wartime communications considered encryption, of course.

The first plans for a national computer network, written in 1964 by Paul Baran at RAND, in fact did include encryption in its design. Baran proposed a distributed network with built-in redundancy to hedge against nuclear strikes and ubiquitous encryption to protect against spying. His plan would encrypt all data regardless of sensitivity, adding a layer of noise to make it difficult to identify valuable messages just by way of being encrypted. He favored a system that would encrypt the contents of messages at the origin and only decrypt them at the intended recipient's end, staying encrypted throughout transit, a design known as end-to-end encryption. Message metadata would be more weakly and cheaply encrypted for each hop through the network, a design known as link encryption. Baran intended to maintain the network under unreliable conditions, such as in the event of a nuclear strike or when communicating via the unstable medium of the ionosphere, and to maintain military-grade security. You'll sometimes hear that the internet was created to withstand a nuclear attack--this report is the origin of that story.

But the Arpanet was not actually a direct manifestation of Baran's plan. Negotiation between the military funders of the project, who promoted Baran's design, and the civilian participants, who were actually implementing the network and using the computers, meant that some of Baran's ideas weren't included. Encryption wasn't important to the civilians, wasn't crucial to some of the major goals of the project, and added complexity, so it was left out of the core protocols.

Early in the life of the Arpanet, the Defense Communication Agency conducted experiments in what Fidler and DuPont call "edge cryptography," to contrast it with end-to-end cryptograph. Devices called Private Line Interfaces (PLIs) were connected to the Arpanet as a sort of interior network that did encryption and decryption of sensitive messages before they reached the main computers on the network (the "ends"). This structure allowed defense groups to take advantage of the civilian backbone of the Arpanet without either sacrificing their own needs for protecting classified data or imposing excessive security on the rest of the network, but exposed that last network hop from the "edge" PLI to the "end" machine.

The PLI system was also similar to traditional military cryptosystems in its general design: it relied on centralized management to distribute keys and decide how and when to encrypt messages. This was enough for the defense communities who needed it, and was enough to shape the place for security within future network protocols. Crucially, this doesn't work outside of a centralized organization like the military, especially not within a decentralized network like the internet.

So the Arpanet, and its direct descendant the internet, was designed specifically to deal with unencrypted messages and unencrypted metadata, for better or for worse.

It's always been insecure!

Reading

I won't lie; I haven't read much this week. But of course there's still a Tweet of the Week:

Doing

I have finally hung two whole things on the walls of our new house, which we moved into in June. Turns out our living room, which has its original plaster walls, also has its original picture rail! I was skeptical of the idea of a picture rail when I thought we'd have to install it, but now I can say I'm embracing the historical charm of our house. At least, that's what I'm telling myself while I wait for the quote for dealing with our cracking lead paint and asbestos tiles 🙃