Brian W. Kernighan - Understanding the Digital World: What You Need to Know about Computers, the Internet, Privacy, and Security

Understanding the Digital World

Also by Brian W. Kernighan

The Elements of Programming Style (with P. J. Plauger)

Software Tools (with P. J. Plauger)

Software Tools in Pascal (with P. J. Plauger)

The C Programming Language (with Dennis Ritchie)

The AWK Programming Language (with Al Aho and Peter Weinberger)

The Unix Programming Environment (with Rob Pike)

AMPL: A Modeling Language for Mathematical Programming (with Robert Fourer and David Gay)

The Practice of Programming (with Rob Pike)

Hello, World: Opinion columns from the Daily Princetonian

The Go Programming Language (with Alan Donovan)

Understanding the Digital World

What You Need to Know about Computers, the Internet, Privacy, and Security

Brian W. Kernighan

Princeton University Press

Princeton and Oxford

Copyright 2017 by Princeton University Press

Published by Princeton University Press

41 William Street, Princeton, New Jersey 08540

In the United Kingdom: Princeton University Press

6 Oxford Street, Woodstock, Oxfordshire OX20 1TR

press.princeton.edu

All Rights Reserved

ISBN 978-0-691-17654-3

British Library Cataloging-in-Publication Data is available

This book has been composed in Times, Courier and Helvetica using groff, ghostscript, and other open source Unix tools.

The publisher would like to acknowledge the author of this volume for providing the print-ready files from which this book was printed.

Printed on acid-free paper.

Printed in the United States of America

10 9 8 7 6 5 4 3 2 1

For Meg

Contents

Preface

Since the fall of 1999, I have been teaching a Princeton course called Computers in Our World. The course title is embarrassingly vague, but I had to invent it in less than five minutes one day and then it became too hard to change. Teaching the course itself, however, has proven to be the most fun thing that I do, in a job that is almost all enjoyable.

The course is based on the observation that computers and computing are all around us. Some computing is highly visible: every student has a computer that is far more powerful than the single IBM 7094 computer that cost several million dollars, occupied a very large air-conditioned room, and served the whole Princeton campus when I was a graduate student there in 1964. Every student has a cell phone too, also with much more computing power than that 1964 computer. Every student has high-speed Internet access, as does a significant fraction of the worlds population. Everyone searches and shops online, and uses email, texting and social networks to keep in touch with friends and family.

But this is only part of a computing iceberg, much of which lies hidden below the surface. We dont see and usually dont think about the computers that lurk within appliances, cars, airplanes and the pervasive electronic gadgets that we take for grantedcameras, DVD players, tablets, GPS navigators, games. Nor do we think much about the degree to which infrastructure depends on computing: the telephone network, cable television, air traffic control, the power grid, and banking and financial services.

Most people will not be directly involved in creating such systems, but everyone is strongly affected by them, and some will have to make important decisions about them. Wouldnt it be better if people had a better understanding of computers? An educated person ought to know at least the rudiments of computing: what computers can do and how they do it; what they cant do at all and whats merely extremely hard right now; how they talk to each other and what happens when they do; and the many ways that computing and communications influence the world around us.

The pervasive nature of computing affects us in unexpected ways. Although we are from time to time reminded of the growth of surveillance systems, incursions into our privacy, and the perils of identity theft, we perhaps do not realize the extent to which they are enabled by computing and communications.

In June 2013, Edward Snowden, a contractor at the United States National Security Agency (NSA), provided journalists with documents which revealed that the NSA had been routinely monitoring and collecting the electronic communicationsphone calls, email, Internet useof pretty much everyone in the world, but notably of American citizens living in the US who were no threat whatsoever to their country. The Snowden documents also showed that other countries were spying on their citizens, for instance the Government Communications Headquarters (GCHQ), the United Kingdoms equivalent of the NSA. Intelligence agencies routinely share information with each other, but not all of it, so it was probably a bit of a surprise in the German intelligence community to learn that the NSA was eavesdropping on the cell phone of Germanys chancellor, Angela Merkel.

Corporations also track and monitor what we do online and in the real world, and have made it hard for anyone to be anonymous. The availability of voluminous data has enabled great progress in speech understanding, image recognition and language translation, but it has come at a cost to our privacy.

Criminals have become sophisticated in their attacks on data repositories. Electronic break-ins at businesses and government agencies are frequent; information about customers and employees is stolen in large quantities, often to be used for fraud and identity theft. Attacks on individuals are common as well. It used to be that one could be fairly safe from online scams by simply ignoring mail from putative Nigerian princes or their relatives, but targeted attacks are now far more subtle and have become one of the most common ways in which corporate computers are breached.

Jurisdictional issues are difficult too. The European Union has required major search engines to provide a right to be forgotten mechanism so that ordinary people can have their online history excluded from search engine results. The EU also established rules that require companies that store data about EU citizens to do so on servers in the EU, not in the US. Of course these rules apply only in the EU and are different in other parts of the world.

The rapid adoption of cloud computing, where individuals and companies store their data and do their computing on servers owned by Amazon, Google, Microsoft and any number of others, adds another layer of complexity. Data is no longer held directly by its owners but rather by third parties that have different agendas, responsibilities and vulnerabilities, and may face jurisdictional requirements.

Theres a rapidly growing Internet of Things in which all kinds of devices connect to the Internet. Cell phones are an obvious instance, of course, but its also cars, security cameras, home appliances and controls, medical equipment, and a great deal of infrastructure like air traffic control and power grids. This trend towards connecting everything in sight to the Internet will continue, because the benefits of connection are compelling. Unfortunately, there are many risks, since security for such devices is much weaker than for more mature systems.

Cryptography is one of the few effective defenses against all of this, since it provides ways to keep communications and data storage private. But strong cryptography is under continuous attack. Governments dont like the idea that individuals or companies or terrorists could have truly private communications, so there are frequent proposals to require backdoors into cryptographic mechanisms that would allow government agencies to break the encryption, though of course with proper safeguards and only in the interests of national security. However well-intentioned, this is a bad idea, because weak cryptography helps your adversaries as well as your friends.