Home / Blogs

Questioning the Illusion of Internet Governance

I confess, I don’t get it. Much has been written about the apparent desire by the United Nations, spurred by China, Cuba, and other informationally repressive regimes, to “take control of the Internet.” Oddly, the concrete focus of this battle—now the topic of a Senate resolution!—is a comparatively trivial if basic part of Net architecture: the domain name system. The spotlight on domain name management is largely a combination of historical accident and the unfortunate assignment of country code domains like .uk and .eu, geographically-grounded codes that give the illusion of government outposts and control in cyberspace.

The most important parts of the domain name system are naturally resistant to unwanted control: if Dr. Evil (or the UN, whichever is thought worse) hijacked the precious “root zone” file of the domain name system, the Internet Service Providers of the world wouldn’t bat an eye—any more than the United States would be without its Constitution if the original copy at the National Archives were destroyed, or a 28th Amendment scrawled onto its parchment by a vandal with the expectation that it would thereby become law.

Is there a threat of governments, particular repressive ones, ruining the Internet? Absolutely. Controlling the Internet for real means controlling its fundamental protocols—which is to say, controlling Internet Service Providers around the world, or the manufacturers like Cisco and Juniper who make the hardware that such providers use to bring the Internet to their subscribers. China is hard at work on doing just that, with mixed results, and even the most liberal democracies have digital content or activities that they would like to constrain. The best thing that could come out of something like the World Summit is a commitment to the free exchange of bits, something to be disallowed only on narrowly constrained circumstances. Providers of services on the Internet could benefit from a set of best practices modeled after the Sullivan Principles by which many companies sought to engage with South Africa during Apartheid: principles that would say what limits would be appropriate on Western assistance to Chinese Internet censorship.

But as for the cries that the US must maintain control of the domain name system root or face a “digital Munich”—they are better directed to the many ways, large and small, in which Internet freedom is threatened one access point at a time. Seems to me that it’s a benefit when the diplomats and politicians are busy arguing about such an unimportant corner of the digital sand box—exactly, I think, what some of the technical crew intended when they peeled off domain name management and made ICANN a lightning rod to draw attention away from the real work.

This post originally submitted to Declan McCullugh’s Politech by the author.

By Jonathan Zittrain, Professor of Law at Harvard Law School

Filed Under


Randy Bush  –  Nov 10, 2005 4:48 AM

Given the RIAA, MPA, DRM, arrests of what’s his face from Moscow, porn busts, lies about WMDs, coverups of torture and war crimes, ... we should be careful of what we call “information repressive regimes.”

The Famous Brett Watson  –  Nov 10, 2005 12:05 PM

Randy, for what it’s worth, the Russian guy is “Dmitry Skylarov”.

Without going into a “cynic’s digest” of this article, I’d summarise it as having two main points: first, that the argument over the DNS root is largely a side-show; and second, that there are aspects of Internet control substantially unrelated to DNS which deserve our attention. (There is some incidental posturing on the matter of DNS that I choose to ignore: specifically, the exasperating suggestion that country codes are “unfortunate”.)

On the first point, the DNS issue is a serious one, but it is persistently (and incorrectly) framed as a matter of controlling or governing the whole Internet. This is one of those oversimplifications that the popular press is obliged to perpetuate simply because their target audience doesn’t have the specialist knowledge to understand the role the DNS plays in the overall scheme of things. But we don’t have to take such a simplistic view of the matter here; CircleID is a specialist forum, intended for those who have (or hope to gain) some expertise in the field.

By and large, the Internet is not centrally governed, and that’s just as well. In my view (which I expect many here share), the more we can design technology to simply not require “governance”, the better. The main parts which do require a certain degree of central control (thus “governance”) at the moment are the allocation of IP address chunks to Regional Internet Registries, and the top level of the DNS. But there’s only so much leverage that control of these resources can offer, because control is maintained only by the willingness of other parties to let the governing body exercise that control. As Jonathan points out, hijacking the DNS root won’t let you hold the DNS hostage.

The argument over the DNS root is not a side-show: it’s an important political issue. But we must stop confusing the matter by framing it as “controlling the Internet”. So what if “repressive regimes” like China and Saudi Arabia have a say in the non-country-code elements of the DNS root? What’s the worst they can do? Vote against (or for) “.xxx”? Actually, the worst they can do is have a fair shot at obtaining some of the economic benefits (think dot-com registry-envy), but that’s the cynical side of me rearing its ugly head. Down, boy!

As to the second point, I don’t see any practical possibility of “a commitment to the free exchange of bits”. That would be a political position contrary to that of every major player. The details differ from culture to culture, but the theme is constant: if it’s not protection from seditious material, it’s protecting the children or some other cultural taboo. What one calls “repression” or “censorship”, the other calls “protection”. By sufficient application of brute force and arrogance, one culture might be able to impose its norms on all others, but that solution is not one that will be adopted willingly by anyone but the brute: it would be an ironic exercise in tyranny.

Might the corporations take up the slack? I doubt it. The best players in the field earn profits for their shareholders without doing evil, but they aren’t going to sacrifice profits in a dubious attempt to effect political change. And in the specific case of China, have you considered how economically dependent most corporations are on that country as a source of cheap goods and labour?

If we are going to make a stand for freedom of communication and association, I think we’d best do it at the technical level. Design protocols that do not require “governance”; protocols that give each party only what they need to know, and deprive the middle-men of the ability to discriminate between “good” and “bad” packets. But stand prepared to be accused of aiding and abetting terrorists and child-pornographers if you do so. Sacrificing freedom in the name of protection is in vogue all over the place right now.

By all means let the fight over the DNS act as a smokescreen while you are engaging in such subversion, but let’s keep CircleID a smoke-free environment.

Suresh Ramasubramanian  –  Nov 10, 2005 4:03 PM

Thanks for expanding on what i wrote in reply to Bruce Levinson at http://www.circleid.com/posts/the_un…


#    By Suresh Ramasubramanian | Nov 09, 2005, 04:57 am PST | Link

Virtually all free speech is a crime in some of the countries that are closely involved in the WSIS and WGIG. Do we really want Americans or the residents of any country to be internationally prosecuted for activities that are considered a crime in Cuba, Iran or Saudi Arabia?

Not that strawman again?

Since when or where has the internet conferred jurisdiction?  Even if all the doomsday scenarios come into place and the ITU forms a committee with China, Iran, Saudi Arabia and Cuba controlling the root servers or whatever, that still doesnt change the situation

Cross border enforcement is, and has been, a fairly tough issue even with the current Internet.

Like Germany prosecuting Yahoo for hosting white supremacist neo nazi sites in the USA, and Yahoo declining to take the sites down as people ARE entitled to their first amendment rights to free speech if they’re not doing anything else illegal - whether they are rednecks with white supremacist pages or leftwing bloggers with a “F*ck Bush” theme

Or there’s that other case of China subpoenaing that journalist’s name from Yahoo China (which is actually a Chinese portal called Alibaba.com, that uses the Yahoo brandname but is completely different from Yahoo USA, say)—


In case #1 - the German court could order German ISPs to block the racist sites from German users

In case #2 - the Chinese police could subpoena a Chinese citizen’s data from a Chinese portal headquartered in Beijing, China, one that is using the Yahoo brandname, admittedly, but completely different.

Do you start to see a pattern here?  A country’s jurisdiction within its physical borders is absolute. Law enforcement across borders is the subject of lots of complex treaties and agreements, with Interpol serving as an information clearing house and a place where agencies can meet to cooperate.

NOTHING about what the WSIS / WGIG / ITU / ICANN or whoever else is doing is going to change this situation one bit, or allow Fidel Castro to send a cuban beat cop over to DC to arrest Bush because the State Department designates Cuba as a state sponsor of terrorism.

So, please find one of several other, more valid reasons, to criticize the process.


Peter Bachman  –  Nov 13, 2005 1:13 PM

According to my sources in the State department, at the WSIS the country of Elbonia is planning to take over the “gopher” protocol! This could spell potential disaster in Minnesota, whose IT infrastructure barely survived a tremendous whack on the head from evil scientists at a high energy physics lab in Switzerland who planned on taking over the previously calm text based internet with html code using the particularly insidious blink tag.

The economic hardship suffered by those who were seduced by this hypnotic tag into creating multi-billion dollar companies that seemingly “vanished” after the superbowl is a testament to the powerful animal magnetism and illusion of the deadly combination of a DNS TLD, images, and text delivered over the network directly into our computers.

Just because a few CEOs managed to line their pockets during this time of “irrational domain name exuberance” and transfer our money to their bank accounts just goes to show how much this illusion got out of hand.

It even infected otherwise normal fund managers and CEOs and caused our streets to be torn up repeatedly for the insertion of more and more glass fibers whose purpose is at yet unknown, but rumor has it there will not only be images, but “moving images” one right after another so much that the brain can’t process it effectively, and it makes the blink tag seem even tame in comparison in it’s illusory effects. Therefore to control these moving images we should snoop everyone’s hard drive connected to the net, and sue them immediately if they have the “wrong ones”.

The “finger” protocol may prove to be especially dangerous if it falls into the wrong hands and the U.S. can no longer control it for the benefit of all humanity. Offshore finger attacks may expose all
our .plans to keep the world safe.

But seriously, there are some good points that are coming up vis a vis the “illusion of internet governance” in regards to DNS.  The fact is that are agreed upon minimum standards for the exchange of information, which various people have argued should “not” be affected by various poltical pressure groups related to domestic U.S. policies. Right now various pressure groups are content to eye the low lying fruit, which are the TLDs. We might take solace in their ignorance rather than trying to educate them.

The larger issue is whether is fundamentally legitimate in a country where the power is reserved by its people (demo kratos) to create
any specific national network policy at all, even if that policy is to allow the flow of information in an unrestricted manner.

But in fact there are already several sorts of restrictions to the flow of information, especially information which contains high degrees of entropy, and is thus has been legally considered a munition which in turn requires regulation and permits. Or music and video, I might add.

In fact national network policy seems inevitable, but DNS wont be the container for it. This is because the net instead of being “out there” in cyberspace, has become, embedded in just about everything. We now
depend on it more than in the past. A national network policy container will have to relate individuals and groups and assign them roles within that container with attributes, schema, and so on. In fact, it will look a lot like what we already have, just connected with subclassing of local containers for your state, your community and your home. If you restrict free speech in your home over the phone, your teenagers will probably just go on IM’ing each other, Plus ca change.

That brings it much closer to individuals than in early decades. That closeness implies acceptance that your toaster has an IP stack, or your microwave, or your phone, and thus makes everything more connected, but also creates risks related to DOS zombie attacks so that you might not get your morning coffee on time, or a cd inserts a root kit into your computer, which in turn, makes your computer another zombie controlled by your toaster.

The internet is not the only network, there are more secure networks if people need them, (hence NAT, Firewalls, SIPRNET, and private address space and local split DNS) however, it is the most widely distributed, and in regards to being able to continue its value as a global resource there is nothing that the U.N. has stated about keeping its global status that seems to be very controversial. We need to be concerned when something gets in the way of free speech or making a living. Or making coffee.


Christopher Parente  –  Nov 17, 2005 5:09 PM

I’m a little confused by your confusion. Of course the international community wants more control—that’s what sovreignty is all about. Add to that the Internet was invented in the U.S., has rapidly grown in importance as a communication and commercial channel, and the Commerce Department announced ‘hey guess what, we won’t allow ICANN to become independent after all.’

As a cherry on top, throw in some aggressively unilateral comments from Gallagher and the gang at NTIA. Why wouldn’t there be a furor?

If those guys were smart, they’d express support for things like the ORSN project. Simply put, ORSN creates another infrastructure that supports the zones (See recent post by Paul Vixie on topic, excerpt below)

Now, we come to ORSN. What they are doing is establishing an entirely separate set of *COPIES* of the root nameservers. Because this is a different and distinct set, the dependencies within the set of servers are different, and this technical fact makes the combined system of existing root nameserver plus ORSN nameservers, more robust than just the existing ones. Of course, in real world terms, there is only increased robustness if ORSN deploys root nameservers at least as widely as the existing operators and ORSN maintains similar or higher standards of operational excellence.

This would address the concerns of critics who complain about U.S. control of the roots b/c theoretically the goverment could delete a particular GTLD, while helping to isolate critics who are making this argument simply to exert greater governmental control over the Internet.

Suresh Ramasubramanian  –  Nov 17, 2005 5:21 PM

Ah. So you think DNS / root servers are the only thing at issue here? :)

Vixie’s support for ORSN is highly qualified and he has fairly sound reasons for it.

But even after reading a whole lot of discussions on circleid, I find myself wondering what happens when push comes to shove, worst case scenario etc etc and ORSN has to maintain its own copy of the root, distinct from the main root servers.

Personally I’m much more concerned about some wording that’s coming out of WSIS - see my comments in response to Michael Geist in http://www.circleid.com/posts/the_wsis_deal/

Christopher Parente  –  Nov 17, 2005 7:23 PM


Taken in order:

1. What I’m saying is different groups are using the discussion for their own purposes. For those who the biggest issue is protecting against unilateral US root decisions, supporting an effort like ORSN might begin to address the concern. IF…

2. It really could act as a substitute. I’m not an engineer, but I understand they are far from being able to do so today.

3. I read your post—not exactly clear what you’re saying. I had some contact with KRNIC and JPRS officials in the past re IDNs, so I do have something of an understanding of IP policy in those countries.

Suresh Ramasubramanian  –  Nov 19, 2005 7:52 AM

3. I read your post—not exactly clear what you’re saying. I had some contact with KRNIC and JPRS officials in the past re IDNs, so I do have something of an understanding of IP policy in those countries.

Well - you know that these nations currently have IP addresses allocated primarily by the NIR (national internet registry) - CNNIC, NIDA/KRNIC or whatever.

However these operate under the APNIC framework and follow standard APNIC (that is, RIR) provided policies on IP address allocation.  And they are active in the APNIC open policy meetings.

Now try to extend the concept of an NIR a bit more and see how close it can / cannot get to the country level IP address allocation, IPs as a valuable national resource concepts from the Houlin Zhao / ITU-T proposals that China was advocating.

The NIR framework works currently because the operators of the NIRs are perfectly willing to work within a larger RIR framework. But if new NIRs start getting formed, and for whatever reason, perhaps politics, perhaps other local considerations.

Now assume that these new NIRs get created with some amount of government participation, and proceed to become more than nominally independent in their own territories, so that RIR policies and regional level coordination of IP address allocation gets sidetracked. 

And assume that by one way or the other (government mandates, say) they get a monopoly on IP address allocation in the region so that local ISPs cannot exercise the current option they have of approaching the RIR directly for IP address allocation ..

Christopher Parente  –  Nov 21, 2005 10:26 PM

And assume that by one way or the other (government mandates, say) they get a monopoly on IP address allocation in the region so that local ISPs cannot exercise the current option they have of approaching the RIR directly for IP address allocation ..

Ah, I see. Each NIC jealously controls its IP allotment, doesn’t play nice with others, or allow any way to get other than through them. Thanks for explaining.

I’d agree this is a bigger danger by a long shot to the status quo than DoC jealously guarding ownership of the roots.

Suresh Ramasubramanian  –  Nov 22, 2005 1:59 AM

I know it is scary but it is quite possible, you’ll agree.

For a more detailed discussion on these please check out the articles by Geoff Huston / Paul Wilson / Tom Vest in the IP addressing and Internet Governance sections of circleid.

And yes, this paper - http://www.cisco.com/en/US/about/ac123… - by Tony Hain on when we’ll run out of ipv4 (a fact that gets dragged into this discussion quite often to justify IP address space as a scarce and diminishing natural resource)

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com


Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC