Happy birthday, email – the world’s first internet service
What this greybeard can teach us about cybersecurity
Don’t look now, but email as we know it just turned 50. In 1971, MIT graduate Ray Tomlinson sent the first-ever email between two computers, using the @ symbol to identify a recipient.
What was the content? Nothing much, really. Ray said whatever he sent was “entirely forgettable and I have, therefore, forgotten them.” It’s commonly accepted that it would have been a keyboard mashed QWERTYUIOP.
The email was a side project, too – Ray was supposed to be building software to allow people to send messages back and forth on the same computer. This was, of course, during a time when many computers were shared. When he showed a colleague his successful email, he reportedly said: “Don’t tell anyone! This isn’t what we’re supposed to be working on.”
This was the surprisingly humble beginning of what has become our most ubiquitous communications tool.
Email started cybersecurity
Email is, in digital terms, old technology. Much of our modern-day cybersecurity language and concepts were originally deployed to protect email users.
The sad irony is that email often doesn’t benefit from those modern security techniques – not because you can’t apply two-factor authentication to email, for example, but because people simply don’t think to.
On the flip side, its longevity means we have five decades of failures and successes to learn from – we can spot the cybersecurity pitfalls email has gone through to help us understand what to avoid with new technologies.
The biggest risk was, and still is, people.
While cybersecurity has technical solutions, it was and will always remain about the fallibility of humans. Almost from the minute email had users, it also had cyberattackers, most of them moving tried-and-true scam techniques from the analogue to the digital world. Take, for example, the Nigerian prince scam-emails, also known as advance-fee fraud or 419. This began life as hard-copy letters sent through the post, itself a variation on a centuries-old swindle.
“The con’s healthy persistence suggests that everything comes back to human nature: to the greed and credulity of us.” - Finn Brunton, Boston Globe
The lesson: design around humans
Accepting and expecting that humans are easily fooled is the key to exceptional cybersecurity. It means cybersecurity systems can be designed away from relying on user vigilance or scepticism, to work with our flaws instead of expecting us to overcome them.
So, join us in raising a glass to the grandparent of internet services, which has so much still to teach us if we’re just willing to listen.