Those who’ve followed the Internet’s history knows that its management has always been, at best, troubled. At worst, it’s been downright controversial. Recent moves by the Bush administration and Congress have attempted to derail an international effort to put management of the world’s largest network in the hands of people who represent more than a small fraction of the world. The consequences of this could range from further erosion of the US’s foreign influence to network fragmentation to a major blow to the Bush administration’s credibility and authority.
Back in the Good Old Days, the Internet (and the ARPANet before it) were basically run by one man: Jon Postel. He defined many of the protocols we still use today, including the TCP and IP networking protocols, and the SMTP mail protocol.
He also created and ran IANA, the Internet Assigned Numbers Authority by himself for many years. IANA was, until September 1998, the sole agency responsible for assigning IP address ranges. IP addresses are how computers identify each other on the Internet, and route messages to their appropriate destinations. So, in an even stronger sense than the DNS services, IANA was responsible for keeping the whole thing running smoothly.
The DNS root zone, the top-level servers responsible for deciding who’s allowed to assign what domain names, was not directly controlled by Postel, but by the US Department of Commerce. When his health failed, ultimately leading to his death in October 1998, the Department of Commerce used this authority to turn control of the IANA over to ICANN. Theoretically an open, democratic non-profit at it’s time of founding, ICANN quickly changed. Their initial board was relatively evenly split between community and industry representation. The industry representatives assumed that the community representatives would passively follow their dictates, and not ask any inconvenient questions about finances.
This wasn’t the case. One member in particular, Karl Auerbach, was very insistent that he be allowed to exercise the privileges the organization’s charter afforded to him. He had to sue ICANN in California court to get access to financial records, and a small handful were finally released in August 2002. ICANN responded by eliminating the “at large” representatives, and severely curtailing the roles of the remaining community representatives.
Since then, things have only gotten worse. In 2004, ICANN introduced proposals that included doubling the organization’s spending. Many national domain registrars objected to the proposal. Among other things, they voiced strong opposition to the “Internet tax” being raised by ICANN on all domain name transactions – creation, alteration, and transfer, among others. Originally proposed as $0.25, with a mandatory $0.20 tax for country-code domains, ICANN has made noises about raising it as high as $2. (For new, recently-introduced top-level domains) Also tabled recently was a proposal to transform ICANN into a private body, accountable to no-one save those that fund it. Namely, the US government and an elite club of American corporations.
Matters came to a head recently, when the US DoC declared that it would retain control of the root servers even after its contract with ICANN expired in 2006. While they claim that individual national governments will always be allowed to administer their own domains, it places control over recognition of said national governments squarely in the hands of the United States. This claim was made in response to a request for administration of the servers to be turned over to a neutral UN-governed body.
Just this Friday, a congressional resolution supporting the DoC’s policy was introduced by two Republicans and everyone’s favourite Democrat, Rick “douche-bag” Boucher. The logic put forth in defence of their position is simply absurd. The “excessive bureaucracy” of a UN-based solution is a centrepiece of their reasoning, yet it’s hard to see how one could have a bureaucracy more excessive than that established by ICANN, the DoC, and VeriSign in the years since Postel’s death. And as for repressive regimes curtailing free expression online… Guess what? It’s already happening.
American companies – Microsoft, Google, and Cisco among them – are building custom software and hardware for the “great Firewall of China”, the software and hardware that allow the Chinese government to control what travels across the country’s network links. And, more importantly, to allow the government to track who’s doing what. Similar pieces of technology are being developed and sold to other repressive regimes around the world, again by American corporations. Never mind the increasingly corporate-friendly policies of ICANN, which threaten to stifle innovation and free exchange of information in the name of protecting the profits of the “content cartel”.
So, what are the possible outcomes of this situation?
If neither the rest of the world nor the Bush administration back down, we could see a “network split”. Network links going in to and out of the United States could be cut, and the Internet divided in two: one Internet for America, one for everyone else. It’s easy to see who comes out the loser in this scenario, especially since it’s primarily American corporations that have been seeking to cripple the Internet to protect their profits.
Another possibility is that the rest of the world will back down and go along with the Bush administration’s policies. This would also be damaging, as it would result in increased resentment towards America, further eroding the nation’s influence.
Finally, the Bush administration could be forced to back down by the threat of a network split. This would be utterly devastating for the Bush administration. Not only would a very public initiative have failed, but control of ICANN and the DNS root servers would likely land in the hands of a UN body. I’m sure I don’t have to elaborate on how this would go over with Bush’s base.
I wish I understood the technological issues more. This is the most important issue for the middle distance future, 20-50 years, in my opinion: can governments control the internet? If not, then we might be in for a real transformation of human life. If they can, then it will be business as usual, i.e. capitalism run amok.
The technological issues are pretty simple, but I’m also working on a masters in computer science. So I’ll try and explain ’em succinctly.
Computers talk to each other using IP addresses. Every machine on the network has one, every machine that talks to it knows it. Assigning these addresses is a tricky business, because the Internet isn’t just a bunch of machines plugged into each other. A lot of the machines do nothing but forward traffic for other machines. This means that IP addresses have to be assigned in blocks so that, at a given level, this forwarding can be accomplished with something resembling efficiency. That’s why regulation is necessary.
The problem here is that IP addresses aren’t particularly useful for humans. I mean, which is easier to remember? 66.135.37.6 or boomantribune.com?
DNS gives human beings an easy way of referring to computers. But, for a variety of reasons, you can’t just have one big, central DNS server. So each ISP runs their own, which provides DNS resolution to their customers, and these pull updates from the DNS root servers to ensure that domain names are consistent. It’d really suck if boomantribune.com pointed somewhere different if you were using AOL, wouldn’t it?
So we have two potential network splits here; one serious, one not as serious.
The not as serious one would be two different sets of DNS root servers. In this case, machines in the two halves of the network would still be able to talk; you just wouldn’t be able to use any domain names on whichever root servers your ISP wasn’t pulling from. This makes life difficult, but not impossible.
The “absolute catastrophe” scenario would be to have two different IP address assignment bodies. This would basically completely partition the Internet in two, as machines on the two networks would not be able to meaningfully talk to each other. Given the trade deficit documented by Bonddad, this would be really bad news for everyone on both sides, but worse for America.
Things are a little more complex than that inside, but those are the basic concepts involved.
I dropped this comment in one of Catnips recent diaries (How did they get here?) But it works here too! lol
Just seemed to fit nicely in here as a repeat comment… lol
Having control of the root DNS servers doesn’t help much with monitoring information. You can’t even really see who’s doing what DNS lookups. It is, however, great for controlling access to the Internet, as you effectively control the policy of organizations selling domain names. They start selling to people you don’t like, you ban them. Government starts doing something you don’t like, give control of their country domain to their opposition.
Monitoring most Internet traffic is actually fairly difficult due to the sheer volume. There’s a reason why the FBI’s Carnivore program a few years back was high-profile, controversial, and perceived as necessary by the agency. Though the FBI’s always had a bee in its bonnet about controlling the Internet. I seem to remember that they called for a domestic ban on encryption in the mid-90s, for example.
They didn’t ban encryption. But they did force the programmer that made it near impossible to break the encryption of his original version to add a backdoor to his subsequent “versions” of encryption.
If you have the original version of encryption it is so secure that it would take any intel agency a hell of a long time to get through it, and they would need a super computer to do it.
Now they just use their backdoor “Key”.
There are a lot of people that got a hold of the original version of encryption, and for obvious reasons they will not change to the newer versions. If you search around you can still get copies of it, but it is hard to get a hold of. It isn’t just out there on net to download for free anymore… lol
Personally? I don’t have any need for that much security. If someone wanted to get into my Email, the most valueable thing they might find is an essay sent to one of my profs. I can tell them in advance that it isn’t worth their efforts! lmao
Not true; while I seem to remember that they did demand that such a backdoor be added to PGP, no-one uses PGP anymore, and they haven’t for years. GPG is a much better solution in almost every respect.
They did attempt to regulate encryption, but were almost totally unsuccessful. Why? Because it’s a stupid idea! Modern encryption is a natural consequence of mathematics, and anyone with a half-decent education in mathematics and security measures can create a good implementation.
Taken from Wikipedia:
The reason it is no longer considered a weapon, and the government dropped all of the charges against Zimmerman?
Zimmerman added the back door “Key”…
Most people upgraded the old version without even thinking about it so their computers and, more importantly, their Emails were instantly hackable by American Intel agencies.
But a few people held on to the old program… And so it still circulates. And it is still damn near “un-hackable”.
Cryptographer Bruce Schneier characterized it as being “the closest you’re likely to get to military-grade encryption” (Applied Cryptography, 2nd ed., p587).
Now think of all of those servers as a gateway.
If you control the WWW servers you control the gateway through which all information must pass to reach it’s destination.
Yes, cutting off other countries access has it’s advantages. Serious tactical advantages when at war. But having control of the gateway through which all information must pass gives you the power of all of the knowledge of the world that flows through the Internet.
But they don’t. The only thing the DoC controls is the DNS root servers, which are just used to coordinate domain name lookups. They’re the easiest part of the infrastructure to replace by far, and they do the least real work. I don’t know if you’ve ever looked at a map of the Internet’s topology, but there is no such gateway. There are a few chokepoints, but they’re all controlled by different privately-held companies (in some cases, non-American companies).
Your knowledge of the technology involved is fundamentally inaccurate.
A root nameserver is a DNS server that answers requests for the root namespace domain, and redirects requests for a particular top-level domain (TLD) to that TLD’s nameservers.
All information must get to the server to be redirected to it’s destination. DNS servers give it the redirection.
It is the gateway.
Everything aims for the DNS servers and gets redirected.
I’m doing my Masters Thesis on network routing. I understand how these things work and the technical issues involved.
The DNS root servers only serve to co-ordinate the various DNS servers. ISP DNS servers (eventually) pull record updates from them; the DNS servers that domains are actually registered on (eventually) push updates to them. These records say what nameserver is “authoritative” for a given domain. Requests for subdomains of a domain (IE, http://www.boomantribune.com is a subdomain of boomantribue.com) get forwarded to the authoritative nameserver for that domain.
However, most DNS requests never touch the root server. Your ISP’s DNS server caches the vast majority of that information, and your computer fetches it from there. This means that the actual impact of the DNS root server is fairly low. Anyone can – and people have – set up alternate DNS root servers. The only problem is getting people to use them.
Any DNS server is only used for domain name lookup. None of the packets that make up a communication between two machines actually pass through them. That type of transmission is handled by dedicated network routers that do nothing but route packets. With the level of traffic an Internet backbone router gets, it’s virtually impossible to use it for anything else. They’re also under the control of private companies, national governments, and all sorts of other organizations. No-one really governs the interconnection between them either; that’s handled by “peering” arrangements between backbone ISPs.
Addendum to prior post…
So while this means it’s theoretically possible to use the root DNS servers to execute a man-in-the-middle attack, by returning a false IP address for a domain name… It’s really easy to spot, and not at all effective. Most secure communication tools – ssh, for example – can spot most forms of it automatically, and start screaming very loudly about it.
Thanks for a great diary, egarwaen. As the previous commenter noted, this is very important for all of us, and indeed the future of the internet as we know it.
With the controlling resources of the internet in the hands of a single government, the potential for mis-use is large. Funny how I didn’t feel that way until these past 5 years…. I used to think that keeping it in the hands of the U.S. governemnt was a good thing.
Yes. I’m not sure putting it in the hands of the UN would be better, but it definitely wouldn’t be worse.