Published March 19, 2014
Is our created-in-America communications revolution about to go the way of IBM PCs? Is the U.S. really going to hand authority over the Internet to....someone else?
The hubbub began with last week's confirmation of a longstanding plan to shift responsibility for basic Internet chores out of U.S. government hands. The people currently riding shotgun over the naming system for the Internet--the U.S. National Telecommunications and Information Administration (NTIA)--wants to hand the job over to the organization for which it currently does the work--the Internet Corporation for Assigned Names and Numbers, better known as ICANN. It would essentially let its contract with ICANN expire, cutting the group loose from its American apron strings and letting the not-for-profit firm form a global "multistakeholder" organization to do the job.
The NTIA has been in the name game since 1999, and the Web has grown exponentially since then. From the beginning, privatization was on the digital road map, and now it may be time to let a younger international group take it over.
So is the U.S. government really "giving up control of the Internet"?
Not exactly. But there are good reasons to be concerned.
The role that the NTIA plays right now is not of gatekeeper or the defender of Internet liberty. What the NTIA does is manage changes to the database of names and addresses of all top-level domains (all those .com and .org names), essentially looking after the mechanism that matches the URL you type to a number and a computer server halfway around the world. Indeed, other organizations, such as VeriSign and regional operators handle much of the nitty gritty of this process. Many researchers have said for years that the U.S. government's role has been largely that of an avuncular benefactor: We nod approvingly but don't get out of our rocking chair much.
True, there's a lot of symbolism involved here. Some foreign governments, for example, have whined about Uncle Sam's influence on the Web, and the change would mollify some critics. But any changes should be very carefully considered.
Roughly two years ago, it was revealed that VeriSign had been hacked. By breaking into VeriSign someone could have redirected addresses to point people to malicious sites or brought down sections of the Internet. The breech happened under the U.S. stewardship, so would handing off oversight of this system improve or worsen security? It's difficult to assess since proposals for replacing NTIA aren't complete, but other hacking examples may give one pause.
Digital certificates used to authenticate web sites are managed by a variety of companies that act as certificate authorities around the world. Back in 2011, several of these international authorities were compromised, allowing for the issuance of fake certificates, thus undermining the whole concept of security certificates. The problem has since been addressed (in part), but it underscores the real danger that when a multiplicity of organizations are responsible for security, the potential vulnerabilities are also multiplied.
Others might argue that that having wider participation in governing the naming system should entail resiliency and the ability to withstand more attacks. Nevertheless, the potential for digital hijacking is real, and a benefactor with deep pockets and extra resources shouldn't be dismissed lightly.
Furthermore, there's the issue of increased global reliance on the Internet, which is either more fragile than a robin's egg or more impregnable than a Sherman tank, depending on which analyst you believe. The truth is somewhere in between, but the important point is that an explosion of technologies is making the Net critical to our collective future.
The so-called Internet of things means that everything from wrist watches to washing machines will be online. Add to this the revolution in automotive technology with semi-autonomous vehicles that communicate with each other online, and one immediately sees how stewardship of the DNS, with its necessary expansion of names, addressing, and protocols is going to be essential.
On the other hand, it's not "our" Internet any more. Yes, a politicized ICANN could in the future block certain registrations but as far as such actual Internet freedoms go, countries already control their own digital borders. China blocks some of the most popular sites in the world; it's no friend of Facebook. Other countries in the Mideast habitually shut down Internet access at the hint of a protest. Whoever manages the database for the DNS isn't going to change that.
Some people have wondered if the decision to relinquish management of the database was due to revelations about U.S. surveillance efforts from Edward Snowden. But this transfer of stewardship won't hinder--or help--the National Security Agency unless, of course, they're applying for domain names like wedontspyonanybodyhonest.com and some kid in Wisconsin already owns it.
The role that ICANN currently plays has no real effect on cyber espionage or spying. It cannot singlehandedly prevent it. (Heck, it can't even prevent spam.) That is not to say that at some distant point in the future the role and power of ICANN might change. It certainly could become unduly politicized or unduly controlled by commercial interests and sponsorship money. However, that's a prognostication that's difficult to make today.
What one can say today is that ICANN is not ready yet to take over. In fact, there were some provisos in the announcement last week from the U.S. Commerce Department that hinted at the difficultly of making a transfer. Specifically, the U.S. won't back out if it means that another governmental agency or quasi governmental body (like a computer nerd version of the U.N.) is going to take over. Members are gathering in Singapore later this month to start the discussion, but don't expect a resolution by September of 2015 when the NTIA contract expires.
In other words, the contract will probably be extended, and the Internet by any other name will still be the Internet for some time to come.