<p id="ctl03_KicketText" class="kicker">GCN INTERVIEW <a href="http://gcn.com/Articles/2009/02/09/GCN-Interview-Vinton-Cerf.aspx?Page=4&p=1">http://gcn.com/Articles/2009/02/09/GCN-Interview-Vinton-Cerf.aspx?Page=4&p=1</a><br>
</p>
<h3 id="ctl03_MainHeading" class="title">Vinton Cerf | Internet forecast calls for clouds</h3>
<ul id="ctl03_ByAuthor"><li class="author">By <a href="http://gcn.com/forms/emailtoauthor.aspx?AuthorItem=%7B8E95E0F9-84E0-4C8E-91D7-B02B960544CC%7D&ArticleItem=%7BBEE01F75-5ADE-4210-92DF-4C57AD3E471D%7D">Wyatt Kash</a></li>
<li class="date">Feb 04, 2009</li></ul>
<p>
<img alt="Vinton Cerf 150x150" src="http://gcn.com/Articles/2009/02/09/%7E/media/GIG/GCN/Magazine%20images/2009/020909/0209_VCerf_150.ashx" width="150" height="150">It's been a little more than three years since <strong>Vinton Cerf</strong>
joined Google, and he still looks upon his title as Google's chief
Internet evangelist with a certain amusement. His title
notwithstanding, Cerf continues to play an active role in helping to
advance the Internet. With Robert Kahn, he co-designed TCP, which was
instrumental in enabling the transfer of files and e-mail messages, 35
years ago. </p>
<p>
</p><p>GCN Editor-in-Chief Wyatt Kash caught up with Cerf recently at Google's new offices in Reston, Va. An <a href="http://gcn.com/articles/2009/01/12/top-it-issues-vinton-cerf.aspx">excerpt</a> from this interview appeared in the <a href="http://gcn.com/articles/2009/01/12/5-it-priorities-for-2009.aspx">IT Agenda 2009</a> report in GCN's <a href="http://gcn.com/Issues/2009/01/January-12-2009.aspx" target="_blank">Jan. 12 issue</a>.</p>
<p>
</p><p><b>GCN: What do you see as some of the chief challenges facing government IT officials in the year ahead?</b></p>
<p>
</p><p><b>Vinton Cerf:</b> First, we need to evaluate our current
position within government to get some idea of the scope of what is
[currently] in use -- a soup-to-nuts assessment of where are we in
government in terms of networks and technology.</p>
<p>
</p><p>Second, there's no question that our dependence on computer
communications in the government and outside dictate that we do a
better job of security. So in the course of evaluating what we have, we
also have to ask what to do about improving the security of the system.</p>
<p>
</p><p>A third thing, which is only beginning to become clear: This
interest in cloud computing is appropriate. But the question is, what
happens if there's more than one cloud? And how do clouds interact with
each other?</p>
<p>
</p><p>In a very funny way, I feel like this is déjà vu all over again.
I'm thinking about all of the questions that arise when I'm using the
facilities of two clouds and I want to initiate a computation in one
cloud, have another cloud supply the data, or vice versa, or share data
back and forth. If there are access controls associated with
information within this cloud, how do I reinstantiate those access
controls if the data moves to a new cloud? What's my vocabulary? In
fact, some clouds have no idea if there's any other cloud in existence.
They don't know how to even refer to another cloud.</p>
<p>
</p><p>This is actually a reprise of a lot of the questions that came
up in [the development of the] Internet. The Net didn't know there was
any other Net in the universe — it didn't have any way of saying, "Send
this to somebody who's not on my network." When you said, "Send
this"…the question is: "What's this?" and "How should I send it to the
other guy?" and "What should it look like when it arrives?" and "How
should it be interpreted when it arrives?"</p>
<p>
</p><p>It's kind of the same thing all over again at a rather higher
conceptual level. So intercloud stuff is going to be the next decade's
really interesting communications and networking challenge.</p>
<p>
</p><p>The next thing I'm concerned about is the government's need to
use computing to become more efficient internally. What I'd like to see
is sufficient standardization so that the only reason that you can't
exchange information among government systems is because you set a
policy not to do that. If the policy changes, I don't want the
technology to be the obstacle. I want the technology to be the
facilitator. </p>
<p>
</p><p><b>GCN: Do you think the Federal Desktop Core Configuration program is a step in the right direction? </b></p>
<p>
</p><p><b>Cerf:</b> I think so, although we have to be careful about
standardizing configuration [if it means that] we will only use this
particular software from this particular vendor. I don't buy that. </p>
<p>
</p><p>I'm a big fan of open standards, and I believe if we pick
standard interfaces, then we should permit multiple implementations of
things, as long as they meet those standards. That's how [the] Internet
works. Recently you have lots and lots of people able to build software
and hardware and plug it into the Internet as they all have agreed that
they would follow these particular standards, and that means that we
should expect things to interface successfully.</p>
<p>
</p><p>So I'm looking more for open government standards than I am for
standardizing a particular piece of software. The current chief
technology officer of the District of Columbia, [Vivek Kundra], has
demonstrated that open source…and cloud computing are a pretty
efficient way of spending government dollars. His success ought to be
factored into thinking in the larger government framework.</p>
<p>
</p><p><b>GCN: What are you focusing on these days with the Internet?</b></p>
<p>
</p><p><b>Cerf:</b> My belief right now is that we have a [highly]
globalized economy. We are sensing the effects of that globalization —
everything is connected to everything, so we need to reinforce our
ability to use information technology to interact with the rest of the
world. </p>
<p>
</p><p>Small example: When we carry out electronic commerce and I
conclude a contract with someone and maybe even digitally sign it,
there's a question about how a digital signature is interpreted in the
two jurisdictions we might be in. </p>
<p>
</p><p>If you're in Europe and I'm in the United States, it's not clear
to me whether the jurisdiction in Europe sees the same significance to
a digital signature that we do in the United States, or vice versa. </p>
<p>
</p><p>What happens if, after concluding this contract electronically,
one or the other party fails to meet [its] obligations in the contract,
and you seek recourse, and someone says, "Well, it wasn't a valid
contract because the digital signature doesn't count." That wouldn't be
a good outcome. So we have to look for probably multilateral agreements
around the world about what digital signatures mean.</p>
<p>
</p><p>To generalize that, it also means you have common agreements
about what is abuse on the Internet and how can we combat it. What do
we consider [to be] abuse that is actionable? What should we do about
privacy? It would be helpful if we had a uniform sense of what privacy
is supposed to mean in this online environment, so we could all
implement the same thing. </p>
<p>
</p><p>So, I see a whole lot of opportunities for multilateral
interaction — for multi-stakeholder discussions. And I use that word
deliberately, because multilateral usually means multiple governments.
Multi-stakeholder refers to the private sector, civil society,
governments and the technical community. It is what you see in ICANN —
the Internet Corporation for Assigned Names and Numbers — as a
multi-stakeholder structure, which pioneered this notion of multiple
stakeholders having common and equal say about policy. I'm convinced
that U.S. leadership will only be manifest if it is carried out in a
multi-stakeholder fashion.</p>
<p>
</p><p><b>GCN: What was your take on the vulnerabilities in the Domain
Name System that surfaced last year, and what needs to be done going
forward?</b></p>
<p>
</p><p><b>Cerf:</b> Yes, this was a fundamental design mistake in the
DNS implementation, and it got widely publicized. I know we scrambled
at Google to make corrections and changes to our software to make sure
we weren't vulnerable to that particular attack. There could be other
problems like that arising. </p>
<p>
</p><p>I've seen bugs that worked for 20 years and suddenly emerge in a
certain set of conditions, or somebody discovered how to exploit them,
which only reinforces my belief that strong authentication of
information that you rely on heavily is really important. </p>
<p>
</p><p>In the case of the Domain Name System, [DNS Security Extensions]
is the best step we can take in the near term to make that system more
resilient and less vulnerable to various forms of spoofing or phishing.</p>
<p>
</p><p>Some of the top-level domains are already being digitally
signed. Sweden, for example, Puerto Rico, Bulgaria and Brazil are all
signing their top-level domain zone files. There's ongoing discussion
about getting the root-zone file digitally signed. There are several
different alternative ways, and the [National Telecommunications and
Information Agency] put out a request for comments that closed on Nov.
24 about what general public opinion [is]. So that's an important step.</p>
<p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p><p>
</p>
<p id="ctl03_AuthorInfo_AboutAuthor" class="author">About the Author</p>
<strong></strong>
Wyatt Kash is editor in chief for Government Computer News.