Sir Tim Berners-Lee defends lack of security in WWW

Sir Tim Berners-Lee speaking at IPExpo Europe 2014

Sir Tim Berners-Lee yesterday stated that he had no regrets about not including security in the early specifications for the world wide web.

In a keynote speech at IPExpo Europe at ExCel London, he gave a talk that ranged widely over current and future issues around the web, including some historical context as to how the web was first developed.

A key principle of the early web was that the server and the web browser didn’t need to know anything about each other – where they were located, who owned them or what communications infrastructure might exist between them. “I didn’t have to worry about how the internet worked and the internet didn’t have to worry about what I was doing with it,” he said. “It was because it was decentralised and designed so it didn’t have a central place where you had to go to ask for permission that I could just develop the web without asking permission – and it could just spread.”

Vint Cerf, another internet pioneer, recently said that he regretted that security hadn’t been built into basic internet protocols.

During the question and answer session at the end, I asked him, “Do you regret when setting up the web that security wasn’t built into it from the beginning?”

Berners-Lee replied, saying that had the system been too controlling it might have stifled its early development. “I’ve seen other systems where they tried to be much more draconian, where they said we’re going to set up this massive framework, including security,” he said.

He wanted to keep the specification for the web as simple as possible. HTML and URLs were designed to look like computer code and filenames with which developers at the time were already familiar, and in fact the first specification document was just one sheet of paper.

He suggested that it would have been interesting to think what would have happened if the first public protocol for email had included a requirement that the from address had to be verified, perhaps through a public-key cryptography system. “Then we wouldn’t have spam,” he said, “but then maybe mail wouldn’t have taken off, people would have found it too horribly complicated.”

He conceded that the current situation was difficult. “We do have to fit the stuff retrospectively,” he said. “There is enormous push for HTTPS everywhere, putting in transport layer security everywhere.”

“Some stuff is having to be re-fitted after the fact but I don’t think there could have been any other way. If we had started off the web as something very very – well, it would have been a complicated thing… We could never had thought up all the security threats in advance, all the security. It’s amazing how many loopholes crop up, weaknesses in protocols turn up where you would never imagine, so you have to be constantly revising systems to fix them.”

Another person asked if Berners-Lee had foreseen the dark side of the web, the trade in illegal goods and services?

He replied that the web was simply a medium which could be used for good or bad and in that respect it mirrored humanity. “The web is a vehicle, the web is not there to judge. It’s like a white sheet of paper,” he said. “It would be awful if we had an ethical web where you could only do nice things. It would be like having paper that you could only write cheques on, or something, and couldn’t write nasty thoughts on.

“The media has to be neutral – that’s key. Yes, you will find people using it for nasty things, and you will find people using it for wonderful things. When you look at humanity in general – which is what you see on the web – in general, I’m hopeful. We’re going to make it but it’s going to be tough.”

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Defensive AI safeguards against cyber threats

Defense Initiative to enhance global cybersecurity underscores the importance of defending against increasingly sophisticated and pervasive cyber threats…

Bridewell in Microsoft Security Copilot Partner Private Preview

Bridewell today announced its participation in the Microsoft Security Copilot Partner Private Preview. Bridewell was selected based…

Evanssion and ThreatQuotient Join Forces

A renowned cybersecurity and cloud-native security VAD in the Middle East, Evanssion, has just announced a strategic

Most cyber attacks in Middle East involve spyware

Positive Technologies has analysed the attacks carried out on individuals in Middle Eastern countries between 2022…
Neustar

New DNS detection from Neustar

Neustar Security Services, a provider of cloud-based security services that enable global businesses to thrive online, is introducing UltraDDR…
Acronis

Acronis seals partnership with Fulham FC

Acronis, a global cyber protection company, has announced a three-year partnership with London´s oldest professional football club, Fulham FC…
Acronis

Acronis Cyber Foundation celebrates five years

Acronis is proud to celebrate the fifth anniversary of the Acronis Cyber Foundation Programme, a set of philanthropic initiatives designed to engage…
NAKIVO

NAKIVO releases v10.8 with vSphere 8 Support, MSP Console and Hybrid Cloud Backup

NAKIVO Backup & Replication v10.8 marks another major milestone in NAKIVO’s drive toward more reliable data protection for today’s business…
Scroll to Top