David Holtzman, who previously worked as chief scientist at IBM, is the designer of the global DNS registration system used by the Internet Corporation for Assigned Names and Numbers (ICANN), and now works as chief strategist at decentralised cyber security network Naoris Protocol.
Armed with a degree in philosophy, Holtzman began his career as a philosophy teacher. When he decided there wasn’t enough money in teaching, he got involved with the US military. He worked as a US intelligence agent during the Cold War, during which time he became a cryptographer and learnt Russian.
“I was a submariner and spent quite a few years travelling to unusual places on submarines, doing what you may think Russian-speaking cryptographers might do on a submarine,” he says.
After submarines, he joined the National Security Agency as a cosmonaut analyst.
Looking back on this stage in his career, Holtzman says: “The common element in all this was information and computers. It was the early 80s at this point, and I got fascinated with computers. I left everything I was doing and started working for computer companies in the Washington, DC area.”
Holtzman learned to program in a number of computer languages and worked as a systems analyst, before joining a research group at Booz Allen, where he designed and built a heterogeneous data access system on a NeXT computer. “It’s still the most beautiful computer I’ve ever used,” he says. “I was at a trade show and Steve Jobs walked by. He was impressed with what I had done and his guys grabbed my computer, brought it on the stage, and I became part of a televised keynote.”
Holtzman later joined Network Solutions, the world’s first domain registrar, as its chief technology officer. At the time, there were about 50,000 to 60,000 domain names, but this was set to explode. Holtzman’s job was to manage the internet’s master root server. By the time he left in 2001, there were already 10 million domain names.
During his time there, Network Solutions went public. “We were in the middle of the maelstrom of all the controversy involving the .com world. So I got a taste of all this, and I got to know a lot of the people, and I made a little bit of money,” he says.
“One of the things I got out of that experience was that the internet was about to become a bit of a scary place, and the scary part for me was the desire of people who didn’t know what they were doing to regulate something that they didn’t understand.”
He says there is a lack of privacy and understanding of what security means in the US. The fines imposed on companies for data losses are so insignificant that there is little incentive to improve security. For instance, pointing to Equifax, Holtzman says that one in every three Americans was affected by its data breach yet it received a minimal fine, so the downside of a data breach is trivial.
Holtzman says company executives simply do not want to spend that extra money needed to fix internet security. “Why would you spend half a billion dollars to improve your security? That’s actually an issue for the regulators.”
The other big challenge is that protocols last an awfully long time and there is a reluctance to make changes in case these changes break legacy code. For instance, he says, a quarter of a century ago, the people behind the internet agreed on an improved DNS – DNSSec – to carry cryptographic identification information at each node on the DNS tree.
“You know what? That’s still not being used. The DNS system has fundamentally no security whatsoever, even today. If you had even the remotest idea what you were doing, you could sit in a hotel room with a laptop and take an entire country off the internet,” says Holtzman.
The same, he says, is true of TCP/IP. In spite of efforts to migrate from IPv4 to IPv6, the majority of the internet is still running the older version of the protocol. There are also years of legacy protocols, which will still exist 50 years from now.
“Do I think we’re going to throw all this stuff out and start over? There’s not a chance in hell. We’re stuck with what we have, and people 50 years from now will have all kinds of weird protocols and they won’t understand where these things came from.”
For Holtzman, the internet requires innovators to push the boundaries with creativity. But these innovations risk being stifled or limited by backwards compatibility and by policymakers who lack even the most basic understanding of computer science.