Home / Blogs

A Layered Approach to IG: Cooperation or Crisis!

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

In an Internet governance agenda that treats diversity of addressing issues as the ultimate end at any cost, technology and its end-users are mere means, and much of the work that sustains the Internet is ignored entirely. As a nation, you are free to initiate different regulations, but when you start getting into the world of infrastructure, you are legislating far beyond the nation-state borders.

The current political backlash against internet fragmentation at the international level may seem to disclose a “reciprocity” condition of internet governance regimes over the internet infrastructure. The major tendencies in state-led disruptions of users’ Internet experience have proved to be laid out from the advanced, substantially empowering, technologies of the Internet infrastructure by which Internet governance organizations and actors such as Internet Corporation for Assigned Names and Numbers (ICANN) introduced more secure and private connections to everyone. Now increasingly tampered with for infrastructure-based control of content by governments, the Domain Name System originally made it possible for different countries to access a universal experience of the Internet on an equal level.

Paradigm Shift: Iran’s Cyber-Nationalism

Things have changed. For example, what happened in the fall and winter of 2022 in Iran has brought about a paradigm shift toward cyber-nationalism and localization regarding internet governance. The policy adopted included DNS injection that has required Internet service providers (ISPs) to filter and redirect traffic locally from websites by altering the authoritative information they receive from registries.

Although the internet shutdown was ordered and recognized by the Iranian “National Security Council” instead of the Ministry, directly approached the network operators like in the case of the 2019 blackout, it was the recently issued regulation by the Iranian Communications Regulatory Commission regarding the management of Domain Name Servers that made significant changes in the 2022 shutdown1. By issuing a national Domain Name System and Servers (through local IXP sites) during the past year under the guise of privacy protection for users, the policy turned out to be an operationally feasible, even accessible, option for the government. Such disguised policies and practices, given that Iran is not the first nor the last, surely customize the users’ experience of the internet on a totally nation-state-based design.

If the DNS were the only issue, then, as several IG scholars and tech community experts previously proposed, some changes in the rules governing DNS and its resolution process would suffice. However, concern about the dual character of infra-specific technologies goes deeper. So far, the layer-less modular view of the Internet promoted at the Internet Governance Forum has not been much of a help in this regard. Relying upon a mix of hard and soft rules, this holistic IG agenda-setting approach has always insisted on achieving certain tasks and building appropriate capabilities in design whereby an acceptable level of responsibility is ensured. Instead, critics worry that this increasing infrastructure politicization would worsen the universal Internet experience along all of the layers and consequently give rise to nationally customized versions of the Internet. Subsequent policies under local internet governance regimes, with their underlying assumptions which take into account merely the local context, seem far more dangerous than temporary (usually nationwide) internet shutdowns. Moreover, coordination efforts by international standard-setting organizations will be undermined by at least significant uncertainties (mainly in the case of setting technical standards), all of which are seriously hampering the democratic potential of the Internet.

AI’s Impact: The Dark Side of Fragmentation

Meanwhile, artificial intelligence, as a disruptive technology, has proactively redefined the approach in recent years. The introduced generation of DPI engines, now widely used by authoritarian regimes2 to target and disrupt users’ lived experience of the Internet, have been enhanced and reinforced remarkably thanks to ML & AI algorithms. Surprisingly, in the world of encrypted packets in which it is not easy to decrypt the inside content of users’ online interactions, the latest advancements in machine-learning and data-mining, powered by AI, have introduced toolkits for detecting and extracting these patterns even for the unlabeled packets. Accordingly, this enables the Internet control forces at the national level to differentiate politically favorable from unfavorable interactions while screening the whole. There is enough supporting evidence to prove the problematic application of these AI-enhanced tools by governments on the frontline of censorship and/or cross-border information warfare relying on the capacity of private intermediaries. However, the policy has been exercised through different governance arrangements as it is not clear-cut to trace the trajectory of subtle state relations by expecting similar patterns in running the “black box” of governance over infrastructure. For example, in Russia, the current model requires operators to work directly with Roskomnadzor, a governmental regulatory body, while in Iran it has nothing to do with the Communications Regulatory Authority (CRA)3and network operators manage technical details to monitor and censor the public communications network through a commercial connection with private tech intermediaries.

In other words, AI can purportedly bring about another dark side of intentional fragmentation of users’ universal Internet experience while substituting it with a politicized one, just like what happened with disrupting the DNS lookup and resolution process. Circumvention of the essential standards and principles of encryption is the expected consequence of utilising AI-enhanced solutions which introduce use-cases ranging from passive monitoring to prescriptive intervention or even proactive process control. It seems pretty challenging to predict how this change might complicate the users’ security or, to some extent, this is going to act as a proxy for control over the Internet’s infrastructure.

Politics of a Layered Approach to IG

To be viable, promoting a layered approach to internet governance might be a game changer concerning internet fragmentation forces, at least in the short term horizon. Ideally, Its core principles must include mutual respect for sovereignty and sovereign equality for all countries and non-interference in the internal policy-making agencies of states. But, it is necessary to figure out where the trade-off will be established.

On the one hand, governments are always looking for the easiest way to impose their cultural and political blueprints over the Internet as much as possible, and the infrastructure more often provides the governments with an effortless option relying upon a “libertarian paternalist nudge” in the best-case scenario. On the other hand, the fundamental values of the Internet strongly suggest an integral access and universal user experience along all three layers of infrastructure, access, and content that is to “Guarantee universal Digital Rights for All.” However, if the multi-stakeholder governance process is strengthened, ensuring a level of architectural integrity and integrated protocols in the infrastructure layer, while strategically passing over digital platforms, content, or similar controversial issues, will be more likely to succeed in reversing the current trend of fragmentation of the global internet (localization) around the world. That is not to prescribe a loose concept of international standard-setting on other layers. Instead, we call for governance (not policy) in response to issues of non-infrastructure layers because private initiatives and innovations by tech companies and civil society could more likely complement/modify local governments’ decisions on a collective action base. Then, even when problems arise, they may not scuttle opportunities under a “tragedy of commons” situation. Recall that this kind of “beggar-thy-neighbor” customization of users’ Internet experience is not limited only to authoritarian regimes of IG. In recent years, various examples of these approaches to manipulate the Internet infrastructure at the local level have also been proven to be effective in democratic countries for cross-national propaganda and information warfare.

Uncertain Future: AI, IG, and Digital Sovereignty

Though heterodox IG regimes are undeniably adaptive to these challenges—as witnessed in their complex censorship systems and various innovative propaganda tactics exercised—it is naive to assume this adaptability will maintain the current order of the things. The fight may erupt over these matters in the wake of political efforts to seek “digital sovereignty” and because certain players’ practical self-interests or political coalitions of certain players intervene. But, the more general problem with government-to-citizen internet experience guarantees is that governments hate to be pinned down on national security matters, so many countries tend to use infrastructure for digital surveillance.

But building on its long-time role in utilizing the army of bots and trolls, Generative AI systems seem to be more visible in determining the future of IG. In short, privacy concerns, DDoS attacks, fraudulent procedures, and other techniques to manipulate the infrastructure will be closer to us than ever. Together, the uncertainty and unknown nature and pathways of the AI and IG will soon make all the stakeholders of the Internet anxious. But uncertainty has not to leave us with fatalism; on a layered-based approach, countries would benefit from the legitimacy enabling them to subtly bar access to their own governance territory for certain periods while coping more compliantly with encryption standards within the infrastructure. Practical problem-solving can still be accessible by ensuring the universality-by-design. These yield “position-taking” politics highlighting specific policy stands rather than compromise for governance, which seemed to hit a brick wall. Yet, predictably, running a game for positional advantage or cooperative efforts needed to reach a public interest threatens the possibility of achieving workable cooperation4.

  1. According to the enactments of meeting No. 335 of the Iranian Communications Regulation Commission in July 2022, entitled “Regulations for the Management and Organization of Domain Name Servers,” firstly, all major licensees (SMPs) are required to set up independent domain name servers on governmental IXP sites. Secondly, the regulation forced them to manually set their domain name server address as the priority of the network on the equipment related to customers. If this server does not respond three times, they are allowed to make queries to external servers (Root Hints). 
  2. __See, for instance, Stadnik, I. (2021). Control by infrastructure: Political ambitions meet technical implementations in RuNet. First Monday. https://doi.org/10.5210/fm.v26i5.11693 and Master, A., & Garman, C. (2023). A Worldwide View of Nation-state Internet Censorship. Free and Open Communications on the Internet.___ 
  3. According to CRC approvals, CRA is only in charge of reimbursement of these expenses under the legal term of “governmental equipment” by considering it as a discount on the annual license fee calculations. 
  4. In the worst case, we may face the opponents wielding the kind of vicious tools that we eschewed. That is why Internet governance in the age of AI is best developed multilaterally, even if that is a tall order given today’s world politics. 

By Imad Payande, Internet Governance Researcher and Policy Analyst

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byRadix