I received a Bachelor of Science Degree in Mathematics from Villanova University in 1974, with a strong minor in Philosophy. Disenchanted with real analysis and metric space, I decided to pursue graduate work in philosophy. To pay for graduate school, I accepted a programming position with Burroughs Corporation. I assembly- and micro-coded my way through several semesters of graduate work at Villanova. Teaching existentialism was not the sort of vocation to pay a mortgage – this was, after all, the Carter era, and interest rates were in the upper teens – so I set aside my Masters aspirations. I stayed at Burroughs where I supported compilers and assemblers, taught micro-assembly programming, played a great deal of softball and tennis, seized the day, and invested very little time thinking about a career.
The Early Years
I accepted an opportunity to rewrite remote job entry software that Burroughs had developed to connect its minicomputers to IBM mainframes using binary synchronous communications, BSC. The existing code had no documentation and was riddled with bugs. Worse, it was the proverbial “ten pounds of…” Adding code was impossible because it barely fit into the available RAM. So I found a paper on BSC, designed from scratch, and discovered that while data comm and especially BSC weren’t quite as interesting as existentialism, they were way more fun and trickier than compiler support and satisfied the “pay the mortgage” requirement.
I next had an opportunity to work on a proprietary version of HDLC, and during this time I became involved with transport and networking protocols for Open Systems Interconnection, OSI. I quickly became excited about helping to develop something international and new. I eventually transferred within Burroughs to a network architecture group, and became involved in defining network layer and routing protocols that we could use for both OSI and Burroughs Network Architecture, BNA.
I began attending ANSI and ISO meetings on OSI NL protocols. Dave Oran (DEC), Lyman Chapin (then at Data General), Ross Callon (then at BBN) and I met one day in a conference room at a DEC location and cobbled up ISO 8473 (ISO IP, ISO CLNP).
We were developing yet another datagram internet protocol because we needed longer (and extensible) fields to accommodate various and future address or numbering plans, we needed something “not controlled by the USG” and to be fair, not invented here played a role. OSI CLNP was the first but not last ISO standard I wrote/edited: I had a role in so many of the datagram protocols and service definitions I earned the nickname “Mr. Connectionless”.
I received my first exposure to the IETF in Boston in the mid-eighties, when both an IETF and an ANSI meeting were held at BBN. At the time, I was a proponent of distance vector routing, in particular a routing protocol called BIAS (Burroughs Interactive Adaptive routing System, go figure how anyone can leave the “R” out of an acronym for a routing protocol!); later, along with Jeff Rosenberg and Steve Gruchevsky of Burroughs (by this time, we were Unisys), I was to introduce BIAS as a candidate for OSI IS-IS routing in what I’ve called the “late, great, OSI Routing debate”. Radia Perlman and Dave Oran introduced what eventually became OSI IS-IS, a link-state/SPF routing system. The routing debate was probably the high water mark of my standards participation, even being on the losing side, since each meeting was filled with good discussions, challenging technical issues and little political chicanery.
In the late 1980s, OSI stalled and Michael Blumenthal’s “power of two” merger of Burroughs and Sperry to form Unisys tanked badly. I left Unisys with thousands of fellow “power of $2” impoverished employees to take on what seemed to be yet another Quijotian task: help Christine Hemrick at Bellcore bring high speed datagram services to telco networks, in the form of Switched Multi-megabit Data Service, SMDS. This time, I was the one asking, “Why are we inventing another datagram protocol? Choose CLNP or IP!” The decision was not so obvious at the time as it is today, and it was further encumbered by a telco obsession with fixed length, cell-switching technologies – asynchronous transfer mode ATM and its equally ungainly sister, IEEE 802.6, DQDB – and these proved to be SMDS’s ultimate undoing. The projects I found most rewarding during my time at Bellcore were (i) an extensive white paper that explained why wide area networks had to evolve to support bursty data characteristics of LAN applications (high demand for short periods with low latency) and (ii) the design of SNMP agent support for SMDS. The nearly book length white paper explained the features, functionality, and traffic characteristics of LAN distributed computing, distributed operating systems, network file systems.
While at Bellcore, I served on the IESG, first as OSI area director with Erik Huizer for OSI application and later with Stev Knowles in Transport area. My time on the IESG proved to be rewarding and frustrating. I met and worked with remarkable people who actually cared about the implementation and deployment of OSI applications and transport stacks but had to deal with not invented here and irrational anti-OSI sentiment from Internet fundamentalists that (remarkably) persists nearly 3 decades later.
Dave’s “Middle Ages”
In 1992, I decided to write a book, Open Systems Interconnection, with Lyman Chapin. The book was well-received and provided as even handed a comparative analysis of OSI and TCP/IP as I believe could have been written. It sold well enough, especially internationally, and was even translated into Japanese. You can’t really appreciate how difficult this translation must have been for the translators, because Lyman is notorious for having a writing style suitable for consumption by PhD’s, and I wrote dozens of humorous and hopefully insightful anecdotes or barbs in, well, a vernacular that probably didn’t translate well at all. The evidence is present throughout the book, as translators often surrendered and simply left certain passages “as is”, presumably as translation exercises for the undoubtedly equally perplexed Japanese readers.
Shortly after Open Systems Interconnection was published, the U.S. government made a correct choice to yield to the power of the installed base of IP, which at this time was nurturing an exciting new application, the World Wide Web. How new? When we published Open Systems Interconnection in 1993, there were fewer than 700 web sites worldwide; in fact, the web was so new that we barely thought to write more than a few paragraphs about it.
In 1993 I left Bellcore and started a consulting company, Core Competence. My early consulting focused on broadband, routing, and IP Next Generation. For several years, I worked almost exclusively for a short list of large clients: Cisco, Nortel, British Telecom, NIST, and MCI. Of these, the consulting time most cherished and best invested were at MCI, where I had the pleasure of working with Vint Cerf, David Clarke, and Peter Ford on MCI’s global IP network. We did some early and innovative work with Virtual Private Networking techniques, and it was through that I became more involved with Internet Security than broadband access and routing. The most unsatisfying activity during this time was participating in IP Next Generation work. My disappointment in the pettiness and lack of professionalism exhibited during the IPv6 “selection” process rankles me still, and was a principle reason for my decision to leave IETF and never returning.
During the “dot com” era, I had time and limitless opportunities to study commercial security systems, write product reviews for trade magazines, and conduct independent testing and evaluation. I convinced long time colleague and my dearest friend, Lisa Phifer, to join me in 1994. I had a zeal for writing, Lisa had amazing analytical skills, and we both a talent for breaking things and explaining how to repair or make them better. Most importantly, we complemented each other wonderfully in every aspect a partnership needs to succeed.
Also at this time, and through the uniquely talented Dan Lynch to whom I’m indebted for many opportunities and generous introductions, I became involved in first one technical advisory board (Covad Communications), and then, during the dotcom boom, several others (CoSine Communications, Aventail, Villa Montage, IntruVert, Foundstone, CoRadiant and WatchGuard Technologies). Dan also trusted me to first manage training and later develop program content for Interop conferences, the seed of what grew into a 20 involvement in networking and security conferences, from Networld+Interop, to The Internet Security Conference (TISC).
When the dot bubble burst, Lisa and I adjusted to a collapsed or consolidated consulting space and began investigated spyware, IDS/DDOS, VPNs, firewalls, application protection, web security, IdM, endpoint security, WLANs, mobility, malware, and “all things Internet”. I began a blog in 2003, The Security Skeptic and as its popularity grew, I complemented the blog with numerous resource pages for Window$, firewalls, spyware, viruses, phishing and more. Lisa became an authority on wireless and mobility and her WLAN Corner is a testimony to her authority and productivity.
The ICANN Years
In 2005, Dr. Stephen Crocker lured me to ICANN. I served for two years as a Fellow to the Security and Stability Advisory Committee, and then accepted a role as a Senior Security Technologist. My role expanded at ICANN gradually to the point where I work closely with policy, compliance, services, and a growing security team in nearly all matters of DNS and registration services security. I had a broad remit and relished the role of “free roaming linebacker”.
I became particularly curious about domain registration abuse, privacy issues, how e-evidence is gathered and preserved, and anticrime forensics. I threw in with the anti-spam, messaging anti-abuse and anti-phishing communities, botnet and abuse researchers, and first responders. I’d finally found the trust-based community I had been seeking for so many years.
In 2013, I became Vice President of Security and ICT Coordination. I work with a great team: irreverent, notoriously frank, dedicated, and eager to serve the public interest; i.e., to prevent or mitigate harm in cases where the DNS or registration services are misused for criminal purposes. Lots of the work we do is “positive disruptive”.
I spent much of my work and free time with people whom I trust and respect, and who share a passion for finding and disrupting malicious or criminal activity on the Internet. Over time, I and colleague Rod Rasmussen – with generous and insightful comments from many others – prepared a one-hour presentation on Abuse of DNS for a handful of law enforcement agents. Over time, I’ve turned it into a capability building program for the public safety community (law enforcement, prosecutors, attorneys general…). I’ve delivered this training in Europe, North and South America, and Asia-Pacific. I trained trainers for Latin America, Asia-Pacific, and I expanded to the Middle East, Africa and Eastern Europe from 2015-2018. The program has not gone unnoticed, and I’m proud that our Investigating DNS Abuse program was nominated for a WSIS Project Prize in the Building Confidence and Security in the use of ICTs category for 2015.
We also engaged with Europol, the European Commission, the OECD, Commonwealth Secretariat, OAS, and others to establish cybersecurity initiatives. These are frustratingly slow and since our capability building program addresses the often expressed needs of governments and law enforcement – which often conflicted with the business objectives of the highly competitive and self-serving ICANN contracted parties.
Parting Ways with ICANN
ICANN organization and community are business driven: the community by registrations and services revenues and the company by the fees the contracted parties pay to organization. Policy, while ostensibly consensus across many stakeholders, invariably favors the contracted parties. These parties work hard to ensure that measures to prevent abuse – from registrant data validation to support of public but non-revenue creating services like Whois – are marginalized and not included in contracts with any enforceable obligations. Year after year, I worked with a number of community and staff who sought protections not only for the contracted parties and their direct (registrant) customers, but for everyone who might be harmed through abuse of domain names. In 2018, I finally conceded that the organization was too risk averse and the contracted parties too influential for me and others to ever effect change from within.
ICANN organization and community are business driven: the community by registrations and services revenues and the company by the fees the contracted parties pay to organization. Policy, while ostensibly consensus across many stakeholders, invariably favors the contracted parties. These parties work hard to ensure that measures to prevent abuse – from registrant data validation to support of public but non-revenue creating services like Whois – are marginalized and not included in contracts with any enforceable obligations. Year after year, I worked with a number of community and staff who sought protections not only for the contracted parties and their direct (registrant) customers, but for everyone who might be harmed through abuse of domain names. In 2018, I finally conceded that the organization was too risk averse and the contracted parties too influential for me and others to ever effect change from within.
Interisle Consulting Group
I joined Interisle Consulting Group to work alongside long time friends and colleagues who share a common moral compass and enthusiasm to make things work. Primarily, I research and investigate how cybercriminals misuse the Internet’s name and numbering systems. You can follow that activity at the Cybercrime Information Center. We also write frequently at substack,