Brussels / 3 & 4 February 2018


Interview with Michiel Leenaars
Next Generation Internet Initiative. An opportunity to fix the internet

Photo of Michiel Leenaars

Michiel Leenaars will give a talk about Next Generation Internet Initiative. An opportunity to fix the internet at FOSDEM 2018.

Q: Could you briefly introduce yourself?

My name is Michiel Leenaars. I’m director of strategy at NLnet foundation, a public benefit organisation set up by pioneers of the European Internet. We are a tiny private organisation that pools together money to fund the development of open source and open standards. We give grants to independent developers and researchers that work on creating a better internet, and we help them to scale up their efforts. In addition I’m director of an association called Internet Society Netherlands.

Previously I worked at the Netherlands science foundation. I coordinated the academic computer science research programme for a while, was the co-editor of the first e-infrastructure roadmaps for Europe and as a side project helped design an academic search engine for scientific publications together with the Royal Academy of Sciences.

I’ve always spent a lot of time on public policy and social awareness. I’m currently leading a study for the European Commission on the Next Generation Internet initiative. And I’m on the Netherlands national education council, which is the highest advisory body of our government on education. It was established 99 years ago, but it is actually very forward looking when it comes to open educational resources. Last year we published a report pleading for a shared open source infrastructure. I co-organise the ODF Plugfest series, worked with the UK Cabinet Office on creating their guidance on OpenDocument Format, have some advisory and board roles - and try hard to have a regular life on the side.

Q: What will your talk be about, exactly? Why this topic?

The internet is really something unique. It is redefining who we are as human in a very literal and Darwinian sense. It is reorganising and moulding the world to its image, and together with software it is eating the world. And there is a very dark and sinister veil over it. The people that designed and created the early internet were told early on by the NSA that it was not safe enough, but they were instructed to leave it like that. At that point the internet turned into the largest and most dangerous Trojan horse in history. And we give it to our kids, our politicians, our friends. We allow it to influence our elections, and to record and probe intimate parts of our lives.

After Snowden came forward almost five years ago with his utterly shocking revelations, many expected a rapid change. And sure we have made some progress - but really minor, nowhere near enough. In other areas we’ve lost more than we gained, arguably. Of course even if all people had woken up and not just a few, it would still have been a huge challenge. The internet has accrued a huge technical debt. Some call it ossified, with which it is meant that we are actually incapable of upgrading its core technologies at internet scale anymore. Newly proposed protocols take ages to achieve unspectacular adoption, or even fail straight away. The internet is impotent.

We are easily fooled into believing things are not that bad when we see a few big vendors joining up to serve something tasty. That gives quick volumetric adoption, but if you look closely it almost invariably stops. The internet simply does not have anything that could serve reliably as an update mechanism. There are glass barriers everywhere for new technologies to smash into. So far it hasn’t really mattered who tried and what amount they brought to the table. Governments, big tech, small tech, open source: none have really succeeded in overcoming the ossification.

So that is where this notion of a ‘next generation internet’ comes from. Fixing the internet can only happen when we take on the whole challenge. The internet is probably the largest and most complex human artefact ever engineered, and so changing that while it is in use is insane. Then again, what choice do we have?

The next question is: given that internet is not going to upgrade itself, who will do the investment? It is relatively easy to get funding for stuff that creates unfair advantages to some. However, the internet is a commons. So by definition fixing the internet means that everyone benefits, and oddly enough that is a negative characteristic rather than a positive when it comes to funding. In addition, in some areas legislation will be necessary to curb the worst excesses. Obviously, there are many divergent interests. Technology alone will not always make people behave by itself.

Enter the European Commission. It certainly has major issues. In fact, often I feel rather embarrassed about the EC. For those that have dealt with it, it has become virtually synonymous with technocratic inefficiency and theatre. There was a point where I myself promised myself to never ever have to waste my time and energy with the bureaucratic beast again, to protect my own sanity. But the Next Generation Internet initiative has some very interesting characteristsics and could actually be something different. It has the potential to kickstart the changes we need. And we should help it to fulfil that potential, because we don’t actually have that many great opportunities. If we don’t, the money will still be spent, there is a whole army of professional vampires ready to suck the EC dry. And that army of vampires will be out there producing crap technology and confusing people.

Q: What do you hope to accomplish by giving this talk? What do you expect?

The internet may currently not be what we thought it was, but I believe it can become what we need it to be. The creed we hold at NLnet is: “today we create the internet of tomorrow”. I’ve spent almost my entire working life in not-for-profit environments with a strong technical edge, and I’m from a small country without any geopolitical power. So my brain is hard-wired for collaboration and shared solutions. And I know how much a little money means in the hands of the right people. With the right parameters, the self-sustaining and self-organising nature of open source can do the rest.

Europe has more than a little money. It also has legislative powers to take care of the worst excesses. And it has enough scale to actually pull something like NGI off. There is money on the table for the first stage, and on the drawing table there are awesome and very realistic plans that we and others have contributed to. The next generation internet is not something unknown or exotic. It is not a pipe dream. There is a lot of engineering to meet the requirements we have. The plan is to make good use of every cent available to kickstart the transition to a Next Generation Internet, and work towards a technology commons that does take our social and democratic values into consideration. The internet we should have gotten in the first place.

Q: You talk about an opportunity to fix the internet. In what way is the internet broken today?

The global internet does not exist as such. In reality it is a dynamic sprawl of local infrastructures and resources that interact because of technology that was unconditionally shared. Each of these infrastructures is owned and operated by local companies, communities and governments. Without distributed autonomy, proven reliability and real trustworthiness, the global internet will break apart. And without the ability to upgrade itself, it will slowly suffocate in technical debt.

The overall lack of trustworthiness and resilience are the issues which are the most urgent. Snowden revealed decades of surreptitious global surveillance, backdoors and covert operations. And yet we find ourselves in the impossible situation that we were actually unable to halt that surveilance. We still lack the tools to properly do that at scale. The same goes for DDoS: the internet of zombie things is possible because the protocols are just too predictable. One flaw in a common codebase, and we all suffer. That kind of fragility really isn’t necessary. But we cannot change them in isolation. We tried for decades, and all efforts failed miserably. We are still stuck where we were two or even three decades ago in a sense. When you consider all the practical incremental changes you need to get in place, you are essentially talking about a next generation internet.

There is a vast amount of fundamental issues we need to tackle, from top to bottom and from left to right. There is no security or privacy by design at internet scale. Network traffic is way too friendly to introspection and manipulation. There was research presented last year that showed that about 10% of all DNS traffic is interfered with. Scalability is a major issue. The internet has a huge technical debt, and is built around assumptions which never really were true.

Even for the normal individual, the state of affairs is sad. When you go to the store, buy a new tablet and connect it to the internet at the library or the pub over wifi, you don’t stand a chance against an attacker. When you visit any website that uses JavaScript, you are at risk. Even if you manage to log in without a man-in-the-middle attack, you are still being fingerprinted and surveilled. This may be okay in a democratic western country, but is spells out huge trouble on most of the planet. The internet is bringing humanity closer to totalitarism than we have ever been.

We need an internet that is compatible with our human values and how we want our society to be. Irresponsible behaviour is the norm and will stay the norm, until people can have access to viable alternatives. It is the internet that has to do better. We need it to be resilient, trustworthy and sustainably open. Not just for some abstract reason, but it is really our democratic society and our personal freedom which is at stake.

Q: What’s the history of the Next Generation Internet initiative? When was it started and why?

The first time I got involved was as a participant in a ‘high level expert group’ workshop the EC Net Futures organised in March 2016. Ten experts from across Europe were invited to think about how to reach critical mass in investing in the next generation internet. The first paragraph of the invitation to that workshop summarised the rationale at that stage pretty well:

“Europe is lagging behind in digital and has to catch up. In spite of the openness of the internet transmission protocols and the availability of other open standards, some key elements of Internet are today dominated by commercial proprietary solutions that act as gatekeepers. The strong network effect that proprietary systems create impedes de facto the emergence of alternative EU solutions.”

I wrote a very critical paper about the absence of the post-Snowden conditions and the many problems with legacy EC approaches, having had some gruesome experience with that. The composition of the group was such that the discussion was not very effective. There was a severe underrepresentation of actual stakeholders that understood what the role of the internet is, and what needs to be done. That was sort of a shock to me, the fact that completely the wrong crowd had been involved all these years. But the good thing was, that this was also starting to get recognised by the EC itself. There was the willingness and ability to change the dynamics, where the researchers and developers are shielded from the heinous paperwork through sub-granting. Of course, getting the right organisation to run the subgranting is crucial, but that was actually an important step.

Directly following that workshop the EC organised a public consultation, and we reached out to the technical and operational internet community to engage with that. Obviously, you can fill out consulations all day long. Flagging this one as particularly relevant worked. There was an unexpected huge response. Together with the outcome of the workshop, that consultation was one of the major inspirations of the H2020 Work program 2018-20, and the first topics were decided upon. Later that year the EC reached out to ask who could help them write the vision and an overall plan for the NGI. We assembled a proposal involving what we considered the real actors and relevant communities - far outproposing what the EC was asking for. We put a lot of extra work on our shoulders, but you really can’t do it any other way.

The EC went with that, and we have been working on this since March together with our partner Gartner Europe. Currently there are a number of other efforts ongoing. We are about to publish our final recommendations. The current research programme is just the start of the NGI initiative, the idea is to scale up a factor of ten or more in 2021 towards an NGI flagship that would be doing the real work. So it is really important to prove this alternative approach works and make sure that there is enough political support. Even if all of the EC funded R&D fails, this one cannot. It is just too important.

Q: There have been quite a few attempts to improve internet. Why would the Next Generation Internet initiative succeed where all other attempts failed?

Obviously, this is the big question. We tried to apply double loop learning as part of our study, analysing the flaws of the clean slate approaches and other efforts.

I think there are a number of aspects which are very different from any effort before. We have I believe a very comprehensive approach and at the same time a very strong focus on upgrading the actual internet. It is tempting from a political view to allow anything that uses the internet to be part of such an effort, because media friendly use cases are so much easier to understand for non-experts. The internet is not well understood. But mixing these endangers the whole effort. If you want hygiene in the OR during heart surgery, the cute puppies stay outside.

And surely any self-respecting pile of funding will attract hordes of people that will claim it for their own purposes. Everything is internet, or can be claimed to be internet these days. There are also lots of people wanting to boost their ego and status as tech visionaries pushing for all kinds of pipe dreams. And there are those that just play along whatever the topic just to be around. For the NGI initiative, this spielerei is not something we can afford, and should try hard to keep away. We need money to fix the real problems of the real internet, because the challenge is daunting enough. We have a clear vision: the NGI is about creating an internet that is resilient, trustworthy and sustainably open. Breaking that down into practical engineering steps is not rocket science. It is a lot of work that requires serious funding, though.

At NLnet we have been working in this spirit for decades, going back to even before the day the internet landed in Europe (30 years ago November of this year, actually). For us the NGI is very concrete, and very practical. If it isn’t, it should probably be considered out of scope or not a priority. We favour a mean and lean approach, which is context-sensitive and pragmatic. The cascading funding model (which is able to avoid a lot of the bureaucracy) is vastly superior to the traditional consortium based calls. So if the right intermediaries are selected, that gives good hope for NGI to succeed.

So far NGI has gone further than most if not all in engaging the right communities. You cannot breed a new generation of the internet without involving the people behind the current generation. People got away with dumping unvetted code or fragile patches over the wall at the end of a project, precisely because it was never designed with operations in mind. Committing code upstream has never been something required, and so pump and dump practices are common. Nobody is willing to pick up other people’s mess.

Another related thing that will make a huge difference is the level of professionalism when it comes to interoperability testing and operational practices. Consistent packaging guidelines, reproducible builds, continuous integration, good documentation etcetera. We believe a mature open source approach changes everything. Previously, efforts were scattered across teams that had no realistic way of using each other’s work. A code dump or a carefully prepped VM is in practical terms almost as opaque to a non-insider as closed source. The next “apt-get update” rips the whole thing apart. A next generation internet by definition means that is a need for all these things to work together, and reliably so.

Q: What is the role of free and open source software in the next generation internet?

Open source is at present the only mechanism to get anything adopted at internet scale. For the NGI initiative to shape the next generation of the internet, the technologies will need to become ubiquitously used in the context of the actual internet environment. We cannot afford any friction when it comes to cost and innovation. We need everyone to start using them, and anyone to be able to incrementally improve anything.

There is little chance of NGI succeeding without a converged, reliable path to deployment too. In order to scale such deployment needs to be automated. Keeping the internet safe, secure and up-to-date has asymmetric benefits and costs. The cost for maintenance has to be dealt with at the system level as an integral part of the process. The management of high volumes of updates/changes can only be efficiently handled in a collective manner, and will fail when relayed to each individual participant. Open source shines at that. So I’m confident that open source will have a central role. We will do our best to strenghten that, and make sure that the quality matches the needs.

Q: Have you enjoyed previous FOSDEM editions?

People who were at FOSDEM last year, may recall the presentation I gave on The Commons Conservancy. The Commons Conservancy is part of the new ‘wave’ of European software governance bodies. We call it a hypervisor for virtual open source foundation. It is really quite an interesting approach.

My first FOSDEM was 2008. A lot of the European projects we fund tend to attend FOSDEM, and so it is ideal for me to meet up with people. So I attend whenever I can, and try to bring the family as well. The atmosphere is laid back and very open. Consider me a fan.

Creative Commons License
Creative Commons License

This interview is licensed under a Creative Commons Attribution 2.0 Belgium License.