Internet's personality is its Achilles' heel
By Greg Lefevre
CNN San Francisco Bureau Chief
This news analysis was written for CNN Interactive.
The FBI is investigating recent hacking that led to denial of service problems for several sites, including CNN.com
SAN FRANCISCO (CNN) -- The recent "denial of service" problems that plagued major Web sites, including CNN.com, eBay and Yahoo, were reminders of how much the Internet has become part of our lives -- and of the dangers of relying on a technology still in its infancy.
The Internet is everywhere. It connects our pharmacies with our doctors. It sells us our gasoline, as orders get zoomed back and forth from the station to the wholesaler to the refiner and back again. It connects us with our families.
"The Internet economy's exploding. I think there is some risk in that kind of change," says Chris Erickson of Brightware Inc., which makes software for e-companies.
"When we went through the Industrial Revolution, there was lots of turmoil that was created, and I don't see that there is a lot of difference between that and what we are going through right now."
We have come to think of the computer as a bright young student, learning from each task, who is expected to do better each time. In fact, it is a moron, doing only what it is told, and sometimes not even doing that task well.
Defining expectations of the unknown
Paul Saffo of the Institute for the Future blames what he says are expectations of technology and the Internet that are too high, and have come too early.
"We tend to live in the future," Saffo says. "We tend to live on our expectations of these networks. And we always think they're more robust than they are."
Just when we expect a new technology to solve everything, hacks and crashes show there's more work to be done.
"Technology advances. In the process we get a little lax about security. Hackers come in and remind us about the problem. Companies respond appropriately and the system gets tighter," Saffo says, describing the "safety cycle" that becomes the Internet's learning curve.
Some commercial Internet companies could get hit harder before the industry gets wiser, says Elinor Abreau of The Industry Standard, a trade magazine.
"Often times they're going for the money maker, that's getting the product out there, getting the site up. And security is often an afterthought," Abreau says.
But the focus on denial of service attacks, she says, diverts attention from an issue potentially more serious to the individual: theft and destruction through hacking.
"There are other issues, actually, that pose greater risk to the consumer: the use of viruses that can take over my system when I execute, or launch a macro-virus in an email attachment. Cookies are another one."
Denial of service attack programs can be found on the Internet
Catching up to cyber-criminals
So far, there have been no arrests in the recent major incident of denial of service attacks. The FBI and the Justice Department reported this week they "are making progress" in finding the suspects, but said the job of analyzing the amount of information involved was "substantial."
Federal and state investigators' attention to cyber-crime is greeted positively by many in the e-commerce community. Practically, it lets them focus more on their business than law enforcement.
Many in the industry are extremely wary of involvement by lawmakers, however. They claim Congress tends to over-regulate, and prefer to be left to solve their own problems.
But the Internet's personality may remain its biggest challenge to success: a system originally intended for the free flow of information is, by nature, difficult to restrict. And those in the industry don't want many of the restrictions being considered by Washington.
The Internet is the nearest thing to libertarian in a modern society.
To many in the Web world, there is a distinct difference between regulation and enforcement: Regulation, even if it prevents bad things from happening, would restrict the Internet. Web libertarians -- and they are legion -- would rather have a freer society in which a few things go wrong occasionally than a strictly regulated Internet that would be, as they see it, stifled and dulled by heavy prohibitions.
And there are even some who are not sure the denial of service attacks should be the subject of law enforcement actions. Web watchers have known for months that denial of service attack programs were circulating actively on the Internet. Bulletins about Trinoo and Tribal Flood, two of the best known denial of service programs, have circulated since last year.
Computer security experts knew the attacks were coming. They just did not know when. Some feel a share of the blame for not being ready when the attacks hit. "It's partly our fault. We should have been smarter," goes this line of thinking.
But it is hard work being smarter.
CNN Interactive: Analysis
CNN Interactive: Technology
U.S. Department of Justice
Federal Bureau of Investigation
Institute for the Future
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.