|
Over the past couple of years I have had the opportunity to talk to US policy makers and have seen how ITU and ICANN have emerged as proxies for a much wider diplomatic dispute over who is going to control cyberspace.
The Internet is now the engine of the new global economy. It is a communication infrastructure. Both have been correctly regarded as national security interests of the very highest level of priority. Some of the participants in the ICANN/ITU world are former participants in arms limitation circles. Their mode of thinking is illustrated by the frequent use of phrases such as ‘why would we give up…’.
Behind the scenes there are others who argue that the US won the cold war through communications strategy, not military power. I am also led to believe that this is a common belief in Russian military circles. Only there the fall of the Soviet Union is seen as a catastrophe rather than the end of one of the most brutal and worthless regimes in history.
The stakes are high and he stakes matter. Which is why the oppressive regimes of the world must on no account be allowed to gain control of the Internet. Today they have two choices, they can try to cut themselves off from the net and watch their regime die quickly as the economy goes the way of North Korea or they can attempt to control the net and watch their power slowly drain away. They must on no account be allowed to create a third option for themselves.
All of which provides a pretty good explanation for what we currently observe in ITU politics. The oppressive powers would like to gain control and the ITU is far more susceptible to their influence than ICANN. The ITU is formed around the notion that nation-states are the primary actors in governance for a start. They will use terms such as ‘security’ and purport to be countering ‘crime’ and ‘terrorism’. Here it is interesting to note that in a recent treaty, Russia and China defined information terrorism to include any form of speech that might lead be detrimental to the interests of government. The claims with regard to crime are equally insincere, if the Russian government wants to act against Internet crime we have a list of a couple of hundred criminals that their police would very much like to prosecute if they were allowed to.
Backing ICANN appears to be the only sensible course for the US. But the problem with this approach is that the US cannot risk ICANN itself being captured by hostile powers, and that in turn means that the US cannot ever release its de facto control of ICANN. The status quo prevails, but as with original status quo, the division of responsibility for the Church of the Holy Sepulchre in Jerusalem, it is an inherently unstable situation that is only maintained through constant vigilance on all sides.
The weakness in the present approach is that many countries that should be natural US allies have to be equally concerned about possible defection by the US. Let us consider for a moment what the policy of a Palin government might be, it is not an unreasonable hypothetical since this time two years ago she had a non-negligible chance of being a heartbeat of a septuagenarian cancer survivor away.
My belief is that the US has incorrectly analyzed its interests with respect to ICANN and control of the Internet. The core interest of the US is not to gain control, the core interest is to prevent any other party from gaining control.
I do not see it as being in any parties interest to maintain the current ITU/ICANN standoff. I think it would be much better to end it as soon as possible by forcing a draw. Rather than attempting to maintain its position as the sole control entity for the Internet, ICANN should parcel off a chunk of DNS space and a chunk of IPv6 space for ITU to manage as it sees fit.
For example ICANN creates a new TLD .ITU and a /16 of IPv6 space that the ITU will manage in whatever way it considers best. Neither would have the slightest impact on the technical administration of the Internet. There is no possibility of such an assignment being used for malice as ICANN and the RIRs would still be assigning address space from their pools.
The main positive for ICANN is that it would essentially forestall any ITU takeover maneuver. If you have a monopoly it is pretty easy for various parties to dispute who should be in control of it. Once the monopoly is broken up into a duopoly it is practically impossible to reverse the process. Ceding a small amount of territory in the right way makes it much harder for the ITU to acquire more. they would as a minimum have had to had done something of consequence with their existing assignment. And in the unlikely event that they had, that would itself create barriers to their acquiring more.
Whether you agree with my analysis or not, I hope that I have at least persuaded you to think about the possibility that there might be better approaches here than confrontation.
Sponsored byCSC
Sponsored byDNIB.com
Sponsored byWhoisXML API
Sponsored byRadix
Sponsored byVerisign
Sponsored byVerisign
Sponsored byIPv4.Global
That statement is incorrect, as address allocations made by any registry have significant impact on global routing for everyone. While it is possible that an additional registry might not have adverse impact, it is certain that a per-country scheme would have impact. For more details, please refer to the submissions to the ITU IPv6 study group on this matter. As the open working group doesn’t provide for public document access, I will provide this link to ARIN’s contribution: http://www.scribd.com/doc/29487289/ARIN-Contribution-to-ITU-T-IPv6-Study-Group
Thanks,
/John
What impact does it have on the routing table if an ISP receives its allocation from source X or source Y? Provided that the two sources do not offer conflicting allocations there is no difference at all. It would certainly have an impact on ARIN's commercial interests and those of the other RIRs. Which is of course precisely the issue that leads to the ITU demand. I read the paper, but I really don't see where you justify the assertions being made about Country IRs. While there certainly could be impact on routing tables if we had an infinite number of allocation authorities to choose from, two sources is not the same as infinite sources. What could cause considerably greater impact on the Internet would be if the governments who are behind this proposal make a unilateral move and declare themselves to be the controllers of a chunk of IPv6 space. The question then becomes who would route it. If the faction is led by Andora and Belize then the answer is going to be absolutely nobody. If the faction is led by China, Russia and the other SCO countries then there is absolutely nothing that can be done to stop them.
Phillip - It's not one getting an allocation from Internet Registry versus another; it's getting one allocation verses having to obtain dozens of allocations. The most likely outcome of the ITU getting involved is them in turn breaking up the allocation into 150+ per-country Internet Registries, which would create dramatic increases in routing growth since multinationals would need to participate in each country's CIR in which they operate... Please familiarize yourself with the CIR documents for more details on what has been proposed in the past by the ITU in this area. /John
Many of us in the community are trying to work with the ITU to deal with those that aspects of Internet governance to which they are well suited, and that includes many areas which are distinct from ICANN’s mission. For example, Internet name and number resource coordination clearly falls within the scope of ICANN, whereas it is not as clear that Internet trade & taxation disputes, transnational law enforcement, or similar activities would ever be suited for an ICANN venue (as opposed to the IGF, or another UN sponsored venue).
The solution of dividing out name and numberspace to put under alternative administration is akin to advocating for separate laws for cyberspace simply because we can’t readily reconcile our present Internet administration and legal governance frameworks… you create a worse problem by avoidance.
/John
OK, so I am shamelessly promoting my new book, which comes out in September and deals with precisely this issue, the clash between the need for global governance of the internet and the traditional regime of nation-state governance.
Hallam-Baker has hit onto one of the central problems facing Internet governance today. I have some supportive and some critical comments to make in response to his post.
First, Hans Klein and I made a very similar suggestion way back in 2005, at the peak of WSIS. We thought it might defuse some of the tensions if we let the ITU have a little slice of the ip address space of its own, and even let them be the registration authority for the ccTLD space. This might, we thought, promote institutional competition and diversity, which could benefit end users by allowing one regime to put pressure on the shortcomings of the other by offering more attractive policies. (It would be nice if PH-B had shown some awareness of that work and the debate it generated).
I can’t speak for Hans, but since then I’ve backed off from that idea. First, after watching ICANN’s GAC evolve for the last ten years, it’s become increasingly clear that governments are not satisfied with small concession; once they get their nose under the tent (think of camels) they have a very strong tendency to want all the governance authority. (And the U.S. is not immune from this, indeed it is currently the chief culprit - this is one of the main flaws in Hallam-Baker’s argument, but more about that later).
Second, there is more than a passing chance that authoritarian states would refuse to compete and play nice with their slice of the CIRs, but instead attempt to make them compulsory and exclusive.
Third, I believe that we need to institutionalize a buffer between states and critical internet resources, by keeping authority over CIRs in the hands of private sector-based, transnational - but ACCOUNTABLE - institutions. Insofar as institutions like ICANN fail to become accountable, they are playing into the hands of traditional states and intergovernmental institutions. And yet, ICANN repeatedly resists accountability.
This is what is wrong with John Curran’s response, by the way. The arguments against these interventions are not really technical ones - PH-B is correct that it doesn’t make a big difference technically and a more heterogeneous system could work. One might succeed in scaring people with that kind of argument in the short term, but the real reasons to fear intergovernmental incursions are political not technical.
I love it when PH-B says: “the US has incorrectly analyzed its interests with respect to ICANN and control of the Internet. The core interest of the US is not to gain control, the core interest is to prevent any other party from gaining control.” Oh, how I wish the USG also perceived things this way! But in effect, this view rests on a fallacy: the fallacy that the USG is somehow not a state, like any other state, and does not behave like a state but instead responds to some higher calling. It doesn’t. I entered the ICANN wars with that same expectation in 1997, and was thoroughly disabused of it by 2002. For the latest evidence, look at the USG maneuvers over the censorship of top level domains. http://blog.internetgovernance.org/blog/_archives/2010/7/19/4579939.html
For more evidence, take a look at the cybersecurity legislation and teh way the cyber security debate plays out in Washington.
Anyway, thanks for an incisive post PH-B
The US government is not a monolith. There are great variations in interest and approach. The voice that seems loudest outside the government is that of the Pentagon. The US military is pretty much unique in the manner in which it enters public debate so frequently and attempts to shape the formation of policy. A UK general who spoke in pubic as US generals routinely do would be cashiered Inside the government, the most powerful voice is not the pentagon but the state department. Or at least, that is the way it should be if a country is not going to avoid disaster. Within the state department there is a wide range of opinion and everyone I have talked to is fully aware that cyber is a new domain and that the old approaches may not apply. What I find to be weakest in US thinking on ICANN is the degree to which it is believed that ICANN is the trump card. I think that dangerously underestimates our opponents and the lengths to which they are prepared to go. Putin has his domestic opponents murdered. He has even ordered a murder carried out on the streets of London. And that murder carried out in a way that was clearly intended to leave no doubt as to who ordered it. People who are prepared to start wars are prepared to cut corners to get what they want. The issues here are political, not technical. It really does not help for people to claim that some form of arcane technical knowledge is required to understand the political tensions. Technology can constrain the range of feasible technical options, but anything that ICANN do, they can do better (as far as they are concerned). One of the things I find irritating about the whole ICANN/IETF/RIR world is the way that people try to use unspecified technical issues to trump consideration of the political issues. That does not help engage the policy world, it makes them conclude that the technical issues are being used as an excuse to control the agenda and encourages them to ignore them. I was not aware of Milton's specific efforts in this area, but I am aware that numerous people have suggested ways in which ICANN can be made less of a liability. As far as IPv6 goes, address space exhaustion is not a risk. So why not give each of the RIRs a /16 each and make them totally independent? If you think that the problem is that the RIRs need to be accountable to someone this does not make sense. But it does if you think that the problem is that ICANN is accountable to no-one. There are plenty of technical approaches that could be tried. But the response to every suggestion is to pick at the technical feasibility of it and find excuses to declare it 'impractical'. It is never admitted that the real objection is the proposal itself.
Phillip & Milton - Alas, gentleman, the problem was not running out of address space, but the routing implications of the ITU-funded country-internet-registry proposal which was problematic. This has been noted both at the IGF workshop and the ITU IPv6 study groups, both the RIRs and the operators who have to live with the consequences of any such change. If you want to propose other technical approaches, then do so and seek comments from the operator community. I'll note that the RIRs, ISOC, IETF, and ICANN have been willing to engage in consideration of nearly any proposal, and have done so by traveling to forums such as the ITU and IGF. I look forward to the day when others would extend similar courtesy and perhaps such proposals will actually be presented before the RIR or ICANN meetings which already exist to consider these matters of Internet identifier technical administration. /John
I think that it is important to note that one of the ways in which ICANN has survived is by making such accommodations. I believe it is still the case that many of the CC TLDs do not recognize any right of ICANN to control them or charge them fees. It would be most unwise for ICANN to threaten to press the issue.
At the end of the day, what matters is not how difficult backbone routing engineers find their job, or how much control the regulators have. What matters is whether governments are able to effectively control political speech. If we get to the point where the majority of Internet traffic is routinely encrypted, censorship becomes impractical no matter who controls the routing tables.
Not wanting to be facetious here, anyone who wants to change the political situation in Saudi Arabia or Iran could do a lot worse than to beam in porn by the terabyte. Early feminists such as Simone de Beauvoir were in favor of pornography precisely because they realized that it erases the then Western traditional concept in which the woman was placed on a pedestal so that she would stay in her place.
0) Although this article has been quite a few years old, I sense from current events that the issues may still be somewhat current. So, allow me to share some thoughts from a different angle.
1) A few years ago, we accidentally ventured into studying the IPv4 address pool exhaustion challenge, perhaps due to the curiosity from our telephony background. We now have submitted a proposal called EzIP (phonetic for Easy IPv4) to IETF. The EzIP utilizes the original IPv4 standard RFC791 and the long-reserved yet hardly-used 240/4 address block to expand the assignable public address pool by 256M (Million) fold:
https://tools.ietf.org/html/draft-chen-ati-adaptive-ipv4-address-space-03
2) Basically, the EzIP approach will not only resolve IPv4 address shortage issues, but also largely mitigate the root cause to cyber security vulnerabilities, plus open up new possibilities for the Internet, all within the confines of the IPv4 domain. A degenerated form of the EzIP may even be deployed “stealthily” for an isolated area where needed, forming a “sub-Internet”. These should relieve the urgency to deploy the IPv6 for an appreciable length of time, as well as to discourage the IPv4 address trading activities.
3) The sub-Internet aspect of the EzIP offers an interesting potential in addressing the conflict between ICANN and ITU. That is, it enables an RIR to assign one or more public IPv4 addresses to a CIR of a Country / nation / state to provide Internet services to an isolated area with up to 256M IoTs (Internet of Things), or a population of about 39M. While the sub-Internet operation is fully confined within the control of one government, it appears to the overall Internet just like another common IPv4 IoT. This configuration will enable the ICANN continue to be in charge of the entire Internet with its current operation mode, while the government gets her wish of offering a competing parallel service within a finite territory.
Feedback and comments will be much appreciated.
Abe (2018-07-27 15:40)
Dear Colleagues:
0) Here are two pieces of updated information for share:
1) The following is a discussion thread on the “state of IPv6”. The findings are quite surprising.
http://www.circleid.com/posts/20190529_digging_into_ipv6_traffic_to_google_is_28_percent_deployment_limit/
2) Then, you may like to have a look at the feasibility demonstration report below about our proposed architecture for expanding IPv4 address pool, addresses ITU’s CIR proposal, etc.:
https://www.avinta.com/phoenix-1/home/RegionalAreaNetworkArchitecture.pdf
These should provide some material for furthering the dialog.
Abe (2020-08-30 16:07 EDT)