The Australian spoke to Sachs at the AusCERT cyber-security conference last month, just weeks after his appointment as cyber-program director at the new Department of Homeland Security.

You say the internet was created on open protocols to connect universities and governments, but it was not designed to protect information from malicious users. Today the internet connects everybody everywhere - how do we begin to get international agreement over securing such a structure?

I don't think any of us, in the history of humankind, have ever seen anything like this, other than perhaps the law of the sea where we agreed aeons ago to an international law for merchant shipping and such.

I don't know of any other phenomenon, or technology, or cultural change as big as this, and we've only created it in the past 10 years. Look how far we've come in less than half a generation.

It is a huge challenge, but we built the internet, so we ought to be able to defend it.

How will the Department of Homeland Security and other US agencies address the problem, given the enormous diversity of people linked to the network?

We are conscious there are other people out there - that the US doesn't own the internet. We have a big problem at home, of course, with homeland security, so that has to be our number-one focus.

But we can never forget that it's a global network and a global culture.

So, at the same time we're pushing the domestic agenda, we push the international agenda - but not on the world stage. We push the international agenda at home, so that others recognise this is not just a US issue; this also affects Mexico and Canada because they're directly connected to us, and then people on other continents who are connected to us by undersea cables or satellites.

We also host thousands of servers that belong to other nations - entire countries have their online presence electrically in the US.

So we are stewards, essentially, of those countries' presence in cyberspace, their commerce - they depend on us.

US authorities haven't even been able to curb all the spam that originates in the US.

Yes, and the spam that comes from small Pacific islands or Caribbean islands or African countries.

Most of it comes from the States.

Unfortunately, a lot of it now has moved offshore, into smaller countries with high-speed connections. It may say dot.com and may say it's registered in the US, but electrically it sits someplace else - again, they are also trying to get out of Europe.

So even spammers are trying to go for a low-cost, offshore option.

That's exactly right, it's no different from banks or gamblers who go outside territorial waters.

So where do we start if we are going to make the internet more secure?

Initially we're pushing for accountability. Many people want to be anonymous on the internet as individuals, and that's fine. There's nothing wrong with that - you can maintain your anonymity.

But your computer - the actual device connected to the network - needs to be accountable. We need to know where that address is, so that if a piece of silicon and copper starts misbehaving we can mark it as unsafe and quickly take it off the network.

As a human being, you can still be anonymous - it's just the electrons - the piece of hardware - that we need to identify.

That's where there's a new protocol coming, called IPv6, that will enable us to positively identify all the machines that are out there.

That would open up a brand-new world of connectivity.

Yes, it does. If you can uniquely identify every device on the network, you can start doing many new things.

There's a remarkable experiment going on in Japan, for example, where they have connected little sensors to the windshield wipers on taxi cabs and set up a wireless network throughout Tokyo - and they know that wherever the wipers are running, it's raining. That provides a far more accurate rain map than any radar system could provide.

You can't do that with existing networks, but you can with IPv6. Now, if a set of wipers started misbehaving, I could take it off the network - to save the network - because I can account for that device.

That would include every PDA or mobile phone?

Everything. Everything will be uniquely addressed - your refrigerator, your microwave oven, your wristwatch, anything that can be connected to the network.

So by having an accountable network, we can then start realising some of the security we want, because we know where every little piece is.

Again, that's separate from the humans that are on the network, where we want to maintain some privacy.

But how can you achieve that separation and preserve that personal anonymity?

Well, we don't know yet. This is a brand new protocol; research and development are going to drive this for us.

Some countries have already declared that by 2005-6 they're going to have IPv6 - a couple of European countries, Japan and China have stood up and said they're going to have it by this date. The US has not committed to a date yet.

I can't see how you can have half a dozen items broadcasting your every move and still say you can maintain your personal privacy.

Again, it depends on the link between you as a person and the devices that you connect to the internet. That's a technical challenge, and that is beyond the scope of what we're doing right now.

We just want to enable it, make it possible, and then let the scientists figure out how to secure the privacy.

You've flagged a need for new routing and naming mechanisms to deliver truly dependable network services.

Routing protocols today are already reaching their limits. They were not designed for a network as big as the internet, they were designed for smaller networks. If we go to even larger networks, we need to have new types of routing protocols, and we need new naming protocols - ones that are much more adaptive to rapidly changing networks.

I'm looking at the networks of the future because, remember, we're only 10 years into the web - what the general public understands as the internet.

There were 20 years of development before that, of course, that most people aren't aware of, but we're still only talking 30 years. We're building networks that may last for the next 1000 years or more.

Now, are we going to do that with today's protocols, and who is going to come up with new ones?

For example, do we want spam email to go away? Probably. When we come back 100 years from now, do we think spam will still be a problem? At some point, hopefully, we will have taken care of spam. But when is that point - is it next year, is it 10 years from now?

We're arguing that this generation - us - we're the ones who are responsible for building the networks that everybody else will have to live with, pretty much forever. It's much like the Romans building their roads in Europe.

In every country, the width of today's roads is largely based on the original Roman roads, and the original Roman war chariots. Those standards are still around.

Assuming we don't blow the planet up, standards being established today may still be in communications and information networks in 1000, 2000 years from now.

You also talk about trusted software, and resilient services that don't fail.

Trusted or trustworthy software refers to software that actually does what it is supposed to do. If I have graphics software like PowerPoint, all it really does is graphics - it has nothing else built into it.

A classic example years ago was Microsoft's Excel spreadsheet. One version had a flight simulator built into it - you went to a certain cell, pushed keys in the right order, the screen would change and you would get flight simulator.

That's not trustworthy software, because I paid for a spreadsheet, I didn't pay for a flight simulator. How do we know what else is in commercially available software? We need to have software engineers and companies thinking in terms of writing code that only does what it's supposed to do, and not adding things that people may not know about.

Well, maybe that's something for legislators to address?

No, why does that need a legal response?

It's a question of ethics, a cultural change that says software writers need to create software that does what it is supposed to do, versus software that has unknown built-in features.

But surely there's a commercial impetus for a company such as Microsoft to cultivate its interests in various ways, including extra features?

Part of this is also about consumer awareness, in the sense that you have a choice in what you buy. Microsoft is very dominant, but you don't have to buy its products - there's competition out there.

We recently saw an example of consumer power in relation to the planned introduction of radio frequency ID tags. There was a huge backlash over the potential for monitoring.

Sure, if a store wants to tag a box of corn chips that's okay - until I buy it. When I've paid, the tag needs to be erased - nobody needs to know that bag of corn chips is in my car and where I go when I leave the store.

What about when a smartchip is embedded in clothing?

The technology makes it possible to embed a smart chip, which the maker can use to track the garment from the warehouse to the store. But if the tag is not turned off when you walk out of the store it can be used to track you, so the tag needs to be killed at the point of purchase.

You think consumer pressure will achieve that?

Absolutely. Consumers have a lot of control if they work together.

Are you talking about measures like encryption, public key infrastructure?

People have been trying to figure out how to set up cryptographic exchanges so information can be transferred in a secure manner - as an encrypted message that only you can open. But how do we exchange the keys, how do I give you the key to unlock the file I'm going to send without somebody in between intercepting that key?

This is a huge challenge, and there's a lot of solutions out there but none of them really scale to the entire internet.

That's the challenge.

How do we get something that scales to the entire planet and, ultimately, into the solar system? Well, there's no stopping it, right? We can just keep going and going.