Analysis
Cerf’s claim is correct in that the early Internet (ARPANET) prioritized **resilience**—such as packet-switching to route around failures—over built-in security. However, labeling this a 'mistake' is subjective; security was deprioritized due to the network’s initial **trusted-user environment** (military/research institutions), not outright neglect. Later protocols (e.g., TCP/IP) retained this focus, but security flaws (e.g., lack of end-to-end encryption by default) emerged as the Internet scaled. Cerf himself has acknowledged this trade-off in later interviews, framing it as a **design limitation** rather than an error (*Wired*, 2014).
Background
The Internet’s foundations (1960s–1980s) emphasized **fault tolerance** to survive nuclear attacks or hardware failures, not adversarial threats. Early users were a small, vetted community where security relied on **physical access controls** rather than cryptographic measures. By the 1990s, commercialization exposed these vulnerabilities, leading to retrofitted solutions like SSL/TLS and firewalls.
Verdict summary
Vinton Cerf’s statement accurately reflects the Internet’s original design priorities but oversimplifies the historical context of security considerations.