Giving in to a sudden impulse of vanity, this is what I believe to be the first selfie I've ever posted online.

To be fair, we share responsibility for posting this picture on the Internet. My part of the responsibility is the posting; the gentleman on the left is largely responsible for there being an Internet in the first place.

In the early 1970s, Vint Cerf, together with Bob Kahn and their students, developed the Transmission Control Protocol (TCP) and the Internet Protocol (IP), that is, the collection of rules by which computers and computer networks can be connected to form a larger network, with data packets finding their way from any node to any other without having to worry about the networks' physical implementation.

The first network to implement TCP/IP was, of course, ARPANET, run by the US Department of Defense.

Since 2005, Cerf has been working for Google. His official job description there appears to be Internet Evangelist.

In the age of Facebook and PRISM, it is unavoidable that we talk about privacy. But it's hard to argue with Cerf's statement that, surveillance apart, the greatest danger to our privacy today is the information all of us put online voluntarily - and the fact that it is getting ever easier for third parties to share information about us.

Of course, with Google being one of the companies that collect huge amounts of person-specific information, is that not a threat to privacy in and of itself? Cerf is very insistent that Google's business model does not involve sharing, or selling, person-specific information - on the contrary he argues that, if they were to do that, no-one would use Google any more. I must confess to some skepticism on that count, seeing that Facebook's evolving data use policies apparently have not triggered a massive exodus from that social network, either.

When it comes to managing ones own privacy, such as when using Facebook, Cerf bemoans the fact that such privacy management is getting ever more difficult. Asked about the complicated user policies read by very few, but clicked as "I agree" by all, he mentions that there was a law against obfuscation by insurance companies in the US - 20 years ago, he guesses - requiring those companies to write in very simple terms what was covered and what was not.

We agree that it should be made similarly clear and simple for everyone to understand and to control what they share online. But do companies really want that? Cerf, rightly, claims that he cannot "speak for [Facebook's] Mark [Zuckerberg, who's] a young kid who has a different view of privacy than many of the rest of us." For Google, he says, that's what Circles in Google+ were/are all about - "may be not totally successfully". Even with Circles, you have no control over what those other people then do with the data you've handed them.

So to prevent unwanted surprises - the 20-year-old self embarrassing its 40-year-old counterpart comes to mind - should there be an "expiration date protocol" for every information that is out there? Cerf mentions that this is a practice recommended (if not implemented automatically) by the legal teams of most companies, in particular since e-mail is now "discoverable" under US law, meaning that it can be obtained as evidence by a party opposing the company in a lawsuit. He believes the Google policy is that "e-mail goes away after 18 months or something". But then, of course, there is the problem: What if information gets lost that you had intended to keep?

Then there is the question of eavesdropping, by governments or others. For Google specifically, Cerf states his belief that, as Google builds all of its own equipments and software for the data centers, including the internal networks, he does not believe that there is likely to be a back door allowing the NSA or other agencies direct access to Google data. (He does admit that they assemble their equipment using commercially available chips - if the chips should be modified, that might change matters.)

Knowing what he knows now, if he were going back in time, would he include stronger cryptography to protect Internet transmissions? He did, in fact - in 1975, he started working with the NSA to design a secure internet. But the only equipment available to build such a thing, and encrypt the data packet sent back and forth, was classified. The secure publicly available Internet, in what Cerf calls "a sad story", appears to have missed its chance by bad timing. When Cerf's Stanford colleagues Marty Hellman and Whitfield Diffie published public key encryption in 1976 that was what Cerf calls a "speculative mathematical paper." (The British intelligence agency GCHQ had in fact developed the same algorithm some years earlier, but kept it classified.) By the time Cerf and colleagues standardized the Internet in 1978, there had not yet been a practical (non-classified) implementation - that, the RSA algorithm, came out just a tad later. [I haven't traced the details of the history, but everything appears to have been really close.]

At the end, the interview takes a turn to the lighter side.

Cerf's take on Internet humor? He is, after all, the author of RFC 968 (one of the memoranda of the Internet Engineering Task Force - only this one is in the shape of a poem).

He's never posted an image of a cat of any kind online.

But he does have a geek joke for us: What's the good thing about UDP jokes? It doesn't matter if you don't get them.

[And no, I for one didn't get that at first. Turns out the User Datagram Protocol, one of the core elements of the Internet Protocol, provides no guarantee that a particular message will reach its destination.]



This blog post originates from the official blog of the 1st Heidelberg Laureate Forum (HLF) which takes place September 22 - 27, 2013 in Heidelberg, Germany. 40 Abel, Fields, and Turing Laureates will gather to meet a select group of 200 young researchers. Markus Pössel is a member of the HLF blog team. Please find all his postings on the HLF blog.