The idea that the US would maintain a strategic position in the Internet was always a pipe dream. Allowing the US to pick the DNS contractors is one thing, allowing the US the power to arbitrarily shut countries off the net is quite another. And that is what deployment of DNSSEC and the rPKI under the current models would do.
The idea that some US congressman would promote a bill to force ICANN to drop Cuba, Palestine or the enemy of the moment off the Internet is really not far fetched. The US government was just shut down for over two weeks in a bizarre act of political theater. Such an action today would be futile since ICANN only runs the Internet by consent of the various operators. Any attempt to exploit that position for strategic leverage in a trade or political dispute would mean the end of ICANN and the US role within a few weeks.
But in a world where DNSSEC and the rPKI are deployed and the verification keys are embedded in billions of devices, the switching costs for replacing ICANN are vastly higher. And as long as ICANN remains a US corporation incorporated in California it is under US jurisdiction. And no matter how comfortable US citizens are with this situation, non-citizens can see an obvious and unacceptable strategic risk.
The US position was unsustainable before the Snowden document dump but the maneuvers took place far from the public eye. What held the system together was the fact that the proposed alternatives were equally unsustainable. Whatever decisions diplomats made at the UN or ITU, no European government was going to move to the Russian or Chinese model of Internet regulation.
Snowden has damaged the US position but he has completely destroyed the alternative models. World leaders who have largely been content to leave 'technical issues' to mid level bureaucrats have suddenly been forced to come out for Internet privacy. In the case of Angela Merkel it might well become a personal crusade. Merkel has lived in the type of state the NSA generals have been busy trying to create: she grew up in East Germany where a network of Stasi informers tried to intimidate the whole population.
Making comparisons between the NSA and the Stasi will of course send Americans into the usual paroxysms of self righteous patriotic indignation. Didn't Ronald Reagan give some sort of speech at the Berlin Wall? Well yes he did but as deputy spokesperson for the transitional government, Merkel is aware of a rather fuller history of the collapse of the East German state and the fact that what the Western powers did in private was rather different than their public speeches. Margaret Thatcher claimed to be speaking for all the Western leaders when she begged Gorbachev to send in the tanks and suppress the demonstrations — a fact that can be confirmed in the transcript of the meeting on the Thatcher foundation Web Site.
Latin American leaders have observed first hand an even clearer demonstration of the fact that US influence has not always been benign. NSA wiretaps powered the coups that suppressed democracies across South America and replaced them with convenient military juntas who murdered tens of thousands of opposition leaders. The history of abuse of covert power is something 'we do not discuss with outsiders' in US policy circles. So American policy advisors puzzle of the fact that foreign governments just don't 'understand the importance of preventing terrorism' rather than admit that attempts to strip or curtail US control of the Internet might be driven by rational motives.
The US is not alone in having a shameful imperialist past. Being British means that there is no country on earth that I can visit that my own people haven't fought a war against or with or over. While Viceroy of India Lord Curzon let five and a half million people starve to death lest famine relief efforts encourage the poor to become lazy. As for Germany, nothing need be said.
Interpreting all criticism of America's cold war activities as mere 'anti-Americanism' results in two failures of analysis. First it encourages the belief that the foreign complaints are driven by an irrational animus of the ignorant masses rather than serious concerns of the sophisticated elites and that all that is necessary to put matters right is to allow the elites time to calm the fears of the plebeian masses. Second, it creates a frame in which those who are not for us must be against us. If Merkel, Rousseff et. al. have left the US side in the Internet governance debate they must become supporters of the Russian and Chinese led proposal to require governments to stamp out what they term 'information terrorism' and what we call freedom of speech.
The idea that there can only be two sides comes from an age where power was established by the power of armies rather than the power of ideas. It might be comforting for US analysts to imagine that only the US, China and Russia can be players in the future of the Internet but the three countries combined account for less than a quarter of the world's population. Brazil's objective is in any case to become a power broker in the new world order which it cannot achieve by merely choosing between the proposals made by the 'great' powers.
The power grabs by Russia and China have failed because the complaints about US control are merely a pretext for even greater government control. That alternatives are even less sustainable than what they would replace. All that Germany or Brazil need to do to change the equation is to propose an alternative model that is sustainable, a task that is much easier than those with a vested interest in the status quo will admit.
Don't call Germany and Brazil anti-American, that is a misleading simplification and asserts that the only option is to oppose them. Instead consider the possibility that they represent the reform block and that their objectives might be compatible with those of the Internet community in general, including US citizens.
Internet governance is a difficult problem because of a small number of technical defects in the Internet architecture that create control points that might be exploited for strategic leverage. The reform block does not need to build a parallel IETF to correct those defects, all they need to do is to establish an acceptable technical alternative and require that their local ISPs etc. employ it.
Pervasive monitoring? What would be the effect on NSA intercept capabilities if the reform block required all email exchanges to be protected using strong TLS encryption with a 1024 bit ephemeral key exchange by the start of 2015 and further security enhancements to be phased in over the following years? It is likely most US email providers would quickly finding themselves following the reform block standard whether it was acknowledged as an IETF standard or not.
IPv6 Addresses? There is absolutely no reason that these should be allocated by the RIRs alone. The current scheme and in particular the design of the rPKI gives the US the ability to impose an electronic blockade. There are many technical solutions that could prevent this and governments should insist that one be deployed regardless of the 'complexity' this results in. In addition every government should demand (and take by eminent domain if necessary) a sufficiently large block of addresses for use as a sovereign reserve in case a future US administration would seek to use allocation of addresses as strategic leverage.
DNSSEC? Any DNS security mechanism that increases the switching cost of changing the administration of the DNS root has to be considered unacceptable. The reform block should deploy their own DNS signing roots and require that embedded devices sold with DNSSEC support default to a quorate validation model.
The list of technical control points is surprisingly short and eliminating them is well within the capabilities of the reform block. Take away the technical control points and the other Internet governance issues don't matter very much.
|Data Center||Policy & Regulation|
|DNS Security||Regional Registries|
|Domain Names||Registry Services|
|Intellectual Property||Top-Level Domains|
|Internet of Things||Web|
|Internet Protocol||White Space|
Afilias - Mobile & Web Services
.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»