A reprint of a recent interview of kc claffy posted by the San Diego Supercomputer Center regarding the future of the Internet:

kc claffy has played a leading role in Internet research for more than a decade. She is the principal investigator for the Cooperative Association for Internet Data Analysis (CAIDA) which is based at SDSC and provides tools and analyses to promote a robust, scalable global Internet infrastructure. As a research scientist at SDSC her research interests include the collection, analysis, and visualization of workload, routing, topology, performance, and economic data on the Internet. She has been at SDSC since 1991 and holds a Ph.D. in Computer Science from UC San Diego.

Q: You co-founded the Cooperative Association for Internet Data Analysis, CAIDA, a little over 10 years ago. Can you tell us how CAIDA has evolved, and what you’re focusing on today?

I founded CAIDA to address a problem that began the year I earned my Ph.D., and which has now grown into a crisis, despite our and others’ best efforts — the lack of available empirical data on the public Internet as the infrastructure has privatized.

I finished my Ph.D. in computer science and engineering at UCSD in 1994, with a thesis that relied on network traffic and performance measurements from the NSFNET Backbone network, the general purpose backbone supporting the U.S. research and education community at the time. (SDSC was a transit node on NSFNET, and Hans-Werner Braun, an architect of the NSFNET, had just arrived at SDSC, so we had access to a lot of data and knowledge about the infrastructure). Under the terms of their cooperative agreement to provide the backbone, the operator Merit made certain measurements available by ftp every month, and we also took packet header trace measurements at SDSC, UCSD, and NCSA, which gave my thesis, “Internet traffic characterization,” strong empirical grounding.

The year after my graduation, the NSFNET backbone was decommissioned as commercial provisioning of Internet service by private sector players took off. Publicly available traffic data on or about large-scale IP networks also went away that year, which made me fear for the future of Internet research. I started CAIDA to try to narrow the already growing gap between the Internet research community and the Internet providers and users.

Together we managed to grow and maintain a research group through increasingly difficult science funding periods, but over the last decade our ability to get data from commercial Internet providers gradually diminished, as did the quality of science in the field.

Q: Can you explain why the ability to get data diminished?

The data that exists within commercial ISPs (Internet Service Providers) is considered proprietary. Providers worry that competitors could use it to steal customers or otherwise harm their business. Other important data is not collected at all, because there is no economic incentive to do so or any regulations requiring it. Metrics that are currently grounded in dangerously insubstantial measurement include the amounts and patterns of data traffic, the structure and evolution of Internet topology, the extent and locations of congestion, the amount or number of sources of spam, phishing, or DOS (Denial of Service) attacks, patterns and distribution of ISP interconnectivity, and other metrics that are critical to analyzing the security, stability, scalability, and sustainability of the Internet.

With mixed success, CAIDA and many others in the research community have navigated the many obstacles to collection and analysis of traffic data on the commercial Internet — not only the technical and engineering challenges but also the more daunting legal (privacy), logistical, and proprietary considerations. But the unfortunate reality is that while the Internet has already become critical communications infrastructure for business, education, public safety, health care, and civil society, there is amazingly little rigorous empirical inquiry to inform opinion, much less policy, on how to solve problems of the Internet that have persistently resisted solution for the last decade.

Q: What have we learned from and about Internet measurement, or the lack thereof?

Over time it became clear to me that there are a common set of operational problems across the Internet industry which can be classified into four dimensions of the Internet as emerging critical infrastructure, these are safety, scalability, sustainability, and stewardship. The bad news is that making progress on all of these operational problems, even those that seem technical in nature, is blocked on non-technical issues of economics, ownership, and trust. For ten years CAIDA sought to tackle one problem — measurement — whose biggest obstacles had long clearly been economic (cost of instrumentation and data management), ownership (legal access to data), and trust (privacy and security obstacles to measurement). A more recent, and more painful, insight was that measurement is not unique in this regard, and that all persistently unsolved operational problems of the Internet are similarly blocked on issues of economics, ownership, and trust.

The economic forces of the industry are a key factor because they drive the policy conversations in Washington right now. Without directly confronting the economic constraints that network infrastructure providers face, the integrity of network science, communications policy, or indeed, our own national information infrastructure will always be suspect. Although emerging as the essential communications fabric of our professional and personal lives, the Internet has not yet stabilized from the tremendous privatization and commercialization of infrastructure that began in the early to mid-1990s. After a decade of boom and bust, consolidation continues, with the largest of the remaining providers publicly insisting that they will not be able to make the required investment to build out broadband infrastructure unless they can have more flexible pricing strategies to recover costs, that is, they want to implement differential pricing by type of traffic. Legal scholars have long argued that this development is a constitutional threat to the First Amendment, since providers would thus have a lever to control how users of their infrastructure communicate.

While such dramatic developments are occurring inside the policy realm of Washington and around the world, the network science community has to sit by, frustrated at being unable to engage in empirical network investigations that would support not only the scientific and engineering community but also the policymaking community, where lack of data now carries with it ominous Constitutional implications. The recent controversy over the NSA’s access to commercial Internet links only heightened the already well-established paranoia about traffic data collection, further hampering this already stunted field. At this rate, by the end of the decade the network research community will be one of the few groups of people who do not have access to Internet data!

This recognition has led to a change in strategy for CAIDA. It is no longer appropriate to pursue solutions to the Internet’s problems without tackling the related economic, ownership, and trust issues. CAIDA’s activities have always spanned the four Ss — security, scalability, sustainability, and stewardship — but we have begun to refocus current projects and pursue new ones that openly navigate links between technology, economics, and policy.

Q: You’ve pointed out that the lack of available measurement data on the public Internet as the infrastructure has privatized makes it hard to understand the complexities of the Internet or develop informed policy. Can you tell us why this is important?

Well, we should recognize the reality: the United States is facing a worsening information infrastructure crisis — over the past half-decade the U.S. has fallen behind a growing list of industrialized nations in delivery speeds, price per megabit, broadband penetration rates, and other facets of broadband service provision. Our personal and national security realities are even more disturbing, since the best (but not good) available data shows a formidable profusion in the number and extent of unwanted and malicious traffic, things like DOS attacks, identity theft, spam, phishing, viruses, and worms. The more of our lives we migrate over to this digital realm, the more risk we assume. A targeted attack, relying on technology as well as social capabilities that have already been demonstrated, could cut off, for some period of time, not only our channels of personal communication and entertainment but also our banking, financial services, e-commerce, and supply chain infrastructure, creating devastating economic impacts.

Emphasizing my earlier point, regulatory, political, and market constraints on providers have rendered Internet researchers incapable of studying mission-critical aspects of the Internet and the state of its current robustness, capacity, usage, and vulnerabilities. Potential solutions to persistently unsolved problems thus remain an area of uninformed conjecture rather than rigorous, empirically grounded analysis.

Q: There’s a lot of concern about the future of the Internet and whether it will be turned into a private toll road or remain an open public information highway. What do you see as the principal opportunities, and the main challenges, that lie ahead, and how can CAIDA help?

The good news is that there’s a growing realization in society that the Internet is critical infrastructure for our nation and the world. Historically, new transport infrastructure such as railroads, telegraphs, the electric grid, started out like the Internet did — “in the wild” and largely unregulated. Once everyone — especially voters — considers Internet access critical to their lives, their elected representatives will take an interest in ensuring stability and universal access as essential services. In fact, our broader reliance on the Internet has already led to discussion in the U.S. Congress and elsewhere about how the Internet should develop. For example, what requirements and incentives should there be to ensure connectivity for the significant still-unconnected segment of our own country’s population? The discussion is healthy, but the dearth of empirical data hinders informed debate.

And there are lots of policy issues at stake now. In contrast to other countries, the U.S. recently removed the policy that required open access for competitors to the pipes into people’s homes and businesses. There is no clear path to competition without open access requirements; facilities-based competition (assuming sufficient competition will emerge across entirely independent physical facilities such as DSL, cable, and satellite) has failed to fulfill its promise of recapturing U.S. leadership in the Internet industry — on the contrary, since removal of open access the best available data suggests a drop in competition as well as — arguably related — in our international ranking in broadband penetration. We hope, and try to help, governments base public policy strategies on the best available empirical data, and to quantitatively measure the performance of those strategies against intended results. Having good data is essential to good policy.

Q. What do you enjoy doing outside of work?

I enjoy spending time with my family, who mostly live on the East coast unfortunately, and I enjoy music and cycling, reading, writing, playing on the Internet, and anything with my sweetheart.

IEEE published this announcement of a new series of papers related to Internet economics in its may issue:
http://www.caida.org/publications/papers/2007/ieeecon/
MAY - JUNE 2007 1089-7801/07/$25.00 c 2007 IEEE Published by the IEEE Computer Society 53 Internet Economics Track Editors: Scott Bradner - sob@harvard.edu kc claffy - kc@caida.org kc claffy and Sascha D. Meinrath Cooperative Association for Internet Data Analysis Scott O. Bradner Harvard University

The (un)Economic Internet?

The Internet Economics track will address how economic and policy issues relate to the emergence of the Internet as critical infrastructure. Here, the authors provide a historical overview of internetworking, identifying key transitions that have contributed to the Internet’s development and penetration. Its core architecture wasn’t designed to serve as critical communications infrastructure for society; rather, the infrastructure developed far beyond the expectations of the original funding agencies, architects, developers, and early users. The incongruence between the Internet’s underlying architecture and society’s current use and expectations of it means we can no longer study Internet technology in isolation from the political and economic context in which it is deployed.

This article kicks off IC’s new series on policy, regulatory, and business-model issues relating to the Internet and its economic viability. These articles will explore a range of topics shaping both today’s Internet and the discourse in legislatures and deliberative bodies at the local, state, national, and international levels in pursuit of enlightened stewardship of the Internet in the future.

Mindful of Internet connectivity’s fundamental import for advanced as well as emerging economies and its day-to- day irrelevance for the unconnected vast majority of human beings, pieces for this series will cover technology as well as political, economic, social, and historical issues relevant to IC’s international readership. In this inaugural article, we provide a historical overview of internetworking and identify topics that need further exploration - topics we particularly encourage authors to cover in future articles in this series.

A History of Internet (un)Economics

The modern Internet began as a relatively restricted US government-funded research network. One of the most revolutionary incarnations of this network, the early ARPANET, was limited in scope - at its peak, it provided data connectivity for roughly 100 universities and government research sites. In the decades since, a few key transitions have been critical in radically transforming this communications medium. One of the most important of these critical junctures occurred in 1983, when the ARPANET switched from the Network Control Program (NCP) to the (now ubiquitous) Transmission Control Protocol and Internet Protocol (TCP/IP). This switch helped change the ARPANET’s basic architectural concept from a single specialized infrastructure built and operated by a single organization to the “network of networks” we know today. Dave Clark discusses this architectural shift in his 1988 Computer Communications Review paper, “The Design Philosophy of the DARPA Internet Protocols.” He wrote that the top-level goal for TCP/IP was “to develop an effective technique for multiplexed utilization of existing interconnected networks.”

During this same period, network developers chose to support data connectivity across multiple diverse networks using gateways (now called routers) as the network-interconnection points. Preceding communications networks, such as the telephone system, used circuit switching, allocating an exclusive path or circuit with a predefined capacity across the network for the duration of its use, regardless of whether it efficiently used the circuit capacity. Breaking with traditional circuitswitching network design, early internetworking focused on packet switching as the core transport mechanism, facilitating far more economically as well as technically efficient multiplexing of existing networking resources. In packet-switching networks, nonexclusive access to circuits is normative (although companies still sometimes buy dedicated lines to run the packet traffic over); thus, no specific capacity is granted for specific applications or users. Instead, data is commingled with packet delivery occurring on a “best effort” basis. Each carrier is expected to do its best to ensure that packets get delivered to their designated recipients, but no guarantee exists that a particular user will be able to achieve any particular end-to-end capacity. In packet-switching networks, capacity is more probability-based than statically guaranteed. Internet data transport’s best-effort nature has caused growing tension in regulatory and traditional telephony circles. Likewise, as the Internet becomes an increasingly critical communications infrastructure for business, education, democratic discourse, and civil society in general, the need to systematically analyze core functionality and potential problem areas becomes progressively more important.

Early developers couldn’t have foreseen the level to which the Internet and private networks using Internet technologies have displaced other telecommunications infrastructures. It wasn’t until the mid 1990s that visionaries such as Hans- Werner Braun started warning protocol developers that they needed to view the future Internet as a global telecommunications system that would support essentially all computer-mediated communications. This view was eerily prescient, yet core Internet protocols haven’t evolved to meet increasing demands and are essentially the same as they were in the late 1980s.

A growing number of researchers are convinced that without significant improvements and upgrades, the Internet might be facing serious challenges that could undermine its future viability. Features such as network-based security, detailed accounting, and reliable quality-of-service (QoS) control mechanisms are all under exploration to help alleviate perceived problems. In response to these concerns, the International Telecommunication Union-Telecommunication Standardization Sector (ITU-T) Next Generation Networks study group (NGN; www.itu.int/ITU-T/ngn/) is working to define a very different set of protocols that would include these and other features.

Security: Not the Network’s Job

Various people have offered explanations regarding the lack of security protocols in the Internet’s initial design. Clark’s seminal paper doesn’t mention security, nor does the protocol specification for IP. Because the network itself doesn’t contain security support, the onus has fallen to those who manage individual computers connected to the Internet, to network operators to protect Internet-connected hosts and servers, and to ISP operators to protect their routers and other infrastructure services. Services such as user or end-system authentication, data-integrity verification, and encryption weren’t built into the core Internet protocols, so they’re now layered on an infrastructure that isn’t intrinsically secure. Currently, few existing studies examine the potential economic rationale for this current and continuing state of affairs and the ramifications for the infrastructure’s efficiency, performance, and sustainability.

QoS:Too Easy to Go Without

The original IP packet header included a type of service field to be used as “an indication of the abstract parameters of the quality of service desired.” This field, later updated by Differentiated Services, can define priority or special handling of some traffic in some enterprise networks and within some ISP networks, but it’s never seen significant deployment as a way to provide QoS across the public Internet. Thus, the QoS a user gets from the Internet is typically the result of ISP design and provisioning decisions rather than any differential handling of different traffic types. Thus far, “throwing bandwidth at the problem” has proven to be a far more cost-effective method for achieving good quality than introducing QoS controls.

Yet, what happens if conditions change so that overprovisioning is no longer a panacea? The dayto- day quality most users experience from their broadband Internet service is good enough, for example, to enable voice-over-IP (VoIP) services such as Skype and Vonage, which compete favorably with plain old telephone services. However, the projected explosive growth of video and other high-bandwidth applications might increase congestion on parts of the current infrastructure to the point that special QoS mechanisms could be required to maintain usable performance of even the most basic services.

To read the rest of the paper, “The (un)Economic Internet” view:
http://www.caida.org/publications/papers/2007/ieeecon/ieeecon.xml