I happened to be listening to a segment from On The Media yesterday titled “The Net’s Mid-Life Crisis.” Having been accused of having similar crises, I was intrigued. It was entertaining to hear Richard Clarke talk about the ways in which Russia and China had infiltrated US Government networks. For example, he said:

Well, that’s exactly what happened two months ago. The people working in the Pentagon on the real unclassified Internet were downloading things and putting them on their thumb drives and then moving their thumb drives over to classified computers.

Well, guess what? The Russians figured that out. And the Russians came up with a virus that looked for Pentagon Internet addresses, and then looked for computers that had thumb drives on them, and downloaded a virus onto those thumb drives, and the virus then walked across the room and got into the top secret network of the Pentagon.

I’m pleased to report that the US Government now fixed that problem! According to Clarke, all USB slots on classified computers have been “cemented” to prevent soldiers from inserting thumb drives in classified computers. That’s the kind of pragmatic, idiot-proof design that only the US Military can think up.

On The Media did a great job of rounding up a group of people who really should know what to do about securing the Internet. Sadly, none of them had far-reaching and realistic proposals. Oh sure, the perennial favorites like “let’s build an entirely new Internet” and “let’s issue better, stronger IDs” and “let’s build more secure software” were among the suggestions. I’d like to defer to a Bruce Willis character to offer my response to these schemes (Since On The Media quoted a Bruce Willis character, I think I will too):

HARRY: And this is the best that you—that the government, the U.S. government could come up with? I mean, you’re NASA for crying out loud, you put a man on the moon, you’re geniuses! You’re the guys that’re thinking shit up! I’m sure you got a team of men sitting around somewhere right now just thinking shit up and somebody backing them up! You’re telling me you don’t have a backup plan, that these eight boy scouts right here [gestures to USAF pilots], that is the world’s hope, that’s what you’re telling me?

TRUMAN: Yeah.

Just when I thought the show might slide into a futile discussion on the merits of world peace, two amazing things happened. The first was a quote from Stefan Savage:

The question I like to ask people is, what are you going to do to the highway system to reduce crime. And when you put it that way, it sounds absolutely ridiculous, because while criminals do use the highway, no rational person is suggesting that if only we could change the transportation architecture that crime would go away.

That, my friends, is the awesome quote of the day. It’s a ray of hope that says people are beginning to understand that the problem of Internet security has little to do with bits and bites.

The punch line belongs to Clay Shirky (whose name is unfortunately misspelled in the transcripts). Clay phrases the problem this way: “How do two people who want to do business with each other come to trust each other?” From the transcript:

BROOKE GLADSTONE: The answer, says Sherkey, actually comes from a professor of political science named Robert Axelrod.

CLAY SHERKEY: And Axelrod’s answer was, only the shadow of the future. Right? I won’t rook you in a transaction today because you and I might do business again tomorrow. And so, successful regimes create the shadow of the future and then they can actually set up cooperating networks, even inside incredibly hostile environments.

If only everyone could come to see Internet security dilemmas in that light!

However, I’d like to add that Axelrod’s work is only a starting point—a portal into the discipline of what I now refer to as “social trust online.” Some of my “Laws of Relation” hark back to Axelrod. But Axelrod’s work on reciprocity isn’t sufficient for developing new pathways to trust on the Internet. In fact, filling in all the other applicable research on trust is the entire purpose of my contributions to this site.

Still, I’m very encouraged to see some of the thinkers in Internet security becoming much more comfortable with the social sciences, since the field has been dominated by computer science for so long.