Home / Blogs

Is There Such a Thing as Technical Internet Governance?

In ICANN's "President & CEO Goals for Fiscal Year 2021”, Göran Marby went out to make a curious distinction in the document's second stated goal, according to which he intends to "Implement a common strategy for Internet governance (IG) and technical Internet governance (TIG)". Proceeding to state that "we will begin by identifying the most important issues we need to address, followed by an assessment of where and how we can intervene, the venues we should use, and the resources required to be effective".

While it is common to separate technical and content matters within Internet Governance, the term Technical Internet Governance and particularly the acronym TIG are not widespread, finding little usage in relevant IG literature. This raises the question of what Marby intends to accomplish by making that distinction and how the broader community should understand this in terms of ICANN's position in the ecosystem?

According to the same document, the background for this objective is that "over the last few years, we have seen an increase in legislative proposals that affect ICANN's ability to form policies and make decisions. We are also seeing proposals through standardization forums that can have absolute effects on how the Internet is technically operated".

It can be surmised that the situations being referred to here are the EU General Data Protection Regulation (GDPR) and its effects on ICANN's data governance; and the deployment of DNS over HTTPS (DoH, RFC 8484) and its impacts on ICANN's capability to remain the sole authority in the supervision of the root name servers' operation.

While the impact of the GDPR over WHOIS has been widely discussed, DoH (as well as the similar DNS over TLS) is a potentially more relevant question that has been lurking in the background without any process being started by the organization to formally discuss or interact with it. Under DoH, authoritative name servers are not queried directly, with DNS queries being sent and receiving responses over HTTP, obfuscating the user's queries. This feature is rapidly moving towards becoming enabled by default in most, if not all, browsers.

While this has very clear privacy and security advantages, it also means that the DoH provider becomes the de facto gatekeeper of the DNS, being able to override decisions made by ICANN and maintain a spin-off version of the DNS if they so desire. I, as well as other researchers have argued that this direct control, this policy through gatekeeping, is exactly what sets ICANN apart from other institutions within this ecosystem and gives it teeth. Losing grip over that final authority would mean a significant loss of enforcement capability.

With such concerns looming over the horizon, Marby's second goal seems clearer, albeit the reaction is quite belated. Both situations have already slipped past ICANN's influence sphere and all that is left for the community is to react rather than preempt, a posture that has been required for the past several years. It makes a lot of sense to look towards the future and anticipate issues, but this should have been a top concern in the least since the IANA stewardship transition.

This distinction between IG and TIG could be derived from the fact that the organization's strict stated mission grows blurrier by the day, whether it wants that to happen or not. The "DNS Abuse Framework”, an industry-organized initiative that started in 2019, already includes clear cases where specific webpage content should result in a takedown from the DNS, such as is the case with human trafficking. With the increase in pressure for Trusted Notifier programs, this tendency is bound to only grow.

ICANN exerts a disproportionate amount of influence over the Internet in relation to its size exactly due to the fine line it walks between acting as a technical body and, at the same time, having quite a direct impact over what content is reachable over the global network. Other technical bodies have more subtle ways to affect content and policies, such as in the case of HTML5's incorporation of DRM in its standards or even DoH itself, but only ICANN can literally flip a switch and make a website disappear.

Let us not forget that this comes almost a year after ICANN applied to the International Telecommunications Union (ITU) for ITU-D Sector membership, which was already a signal of its intention to have more formal representation within other transnational bodies. This approach, taken as a whole, points towards an admission that ICANN cannot exist in a bubble, needing to be present within both what it considers to be IG and what it considers to be TIG to thrive.

However, the TIG distinction itself puts ICANN in a bind. What is ICANN: IG or TIG? No matter what answer one is inclined to give, there are so many holes that can be poked at each option that the most sensical answer has to be "IG in the traditional sense" or simply that it is both. By making this distinction, ICANN itself might be failing to assert its role within the ecosystem, creating a division that only serves to further complicate its own claim to legitimacy. While in rhetoric, it has to maintain that it is strictly technical in every sense, the reality points towards a more mixed role.

It remains to be seen whether this term will be used consistently going forward or if it is an artifact of this specific document, but it certainly requires a more transparent definition for it to make sense and possibly find some sort of adoption. As it is, it raises more questions than it answers, perhaps even weakening ICANN's position within an area in which everything is inherently interconnected. This, fortunately, or unfortunately, leaves open the inquiry of whether there is such a thing as a Technical Internet Governance.

By Mark Datysgeld, Incoming GNSO Councilor at ICANN

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

Several serious technical errors By Stephane Bortzmeyer  –  Sep 03, 2020 4:06 am PDT

"Under DoH, authoritative name servers are not queried directly" Same thing with ordinary traditional DNS and it has always been that way.

"the DoH provider becomes the de facto gatekeeper of the DNS, being able to override decisions made by ICANN" Exactly the same thing for any DNS resolver operator, whether they provide DoH or not, and it is widely used, for instance for censorship.

"only ICANN can literally flip a switch and make a website disappear" You mean a registrar or a registry cannot delete a domain (at the request of relevant authorities, or from their own decision)? :-)

Seriously, this article should be withdrawn, while the author learns about DNS.

Mr. Bortzmeyer,In my view, not every article By Mark Datysgeld  –  Sep 03, 2020 8:10 am PDT

Mr. Bortzmeyer,

In my view, not every article about the DNS needs to contain a full explanation of how the DNS works. I understand that given your IETF background that makes sense to you, but I personally prefer to keep my writing accessible to a wider audience at the cost of assuming that the more technically minded people will be forced to fill some gaps as they read.

Regardless, my point stands. Of course, authoritative name servers are hardly ever queued directly, that would be slow, demanding and inefficient. They are there for a reason, though, and it's as much technical as it is political: they are authoritative, it's in their name. The point of the article is that there is more to technologies such as these than just the technical side.

Authority is a complex subject in International Relations, which often needs to be broken down in terms of an equation to be better understood. A technology such as DoH changes many parts of that equation. When a DNS resolver operator changes the results of a query, it is called, as you point out in your own reply, censorship. Why is that?

Probably because the change is State-sponsored and fundamentally political in nature. Here's where I will differentiate a DoH provider, not in terms of tech but in terms of politics: they are not a State actor, and they are, often, not held accountable for anything, as we have observed in the recent past in rulings over the actions of some companies in this field. They can easily cloak political decisions as "it's a feature, not a bug" and make the age-old claim that their implementation strives for efficiency and is not dogmatic in any sense. Have you ever watched/read 2001: A Space Odyssey? HAL was pretty efficient. :)

We, as a community, have absolutely no say over their policies. We cannot make a PDP to push for changes. The code is a black box and nobody can tell for sure if DoH is being used in the way that the RFC intends it to. When the query arrives at the DoH provider, the IG community ceases to matter and it then becomes the right/responsibility of a sole corporation to decide what is right or wrong.

Quote: "You mean a registrar or a registry cannot delete a domain (at the request of relevant authorities, or from their own decision)?"
No, I do not mean that. Sure, it's a little hyperbolic, but at the end of the day, ICANN can and has removed TLDs from existence for varied reasons. None of them malign or anything like that, but the power is there.

Anyway, in spite of you wanting my article withdrawn, I still appreciate your feedback. Discussing these matters with people from different backgrounds is what I set out ot do when I wrote this article in the first place.

No reply to my remarks By Stephane Bortzmeyer  –  Sep 04, 2020 7:25 am PDT

"to keep my writing accessible to a wider audience" Writing for a wide audience is not a reason for being incorrect. Quite the contrary: when you write for non-experts, you have to be *more* exact, not less, since the readers will not be able to fix problems by themselves.
Later, you don't reply to my remarks, you just say that the political problems are not technical. On that, we agree but, then, why adding in your article technical remarks if they are unecessary (and wrong)?
Regarding DoH, all your claims ("nobody can tell for sure if DoH is being used in the way that the RFC intends", "They can easily cloak political decisions") are exactly as true if you replace "DoH" with "traditional DNS" so I still don't see your point.
For the deletion of domain names, my remark was not about the fact that ICANN can delete TLD (the last one deleted was .RIGHTATHOME) but about your (erroneous) claim that only ICANN can delete a domain (remember Roja Directa?)

Diverging views By Mark Datysgeld  –  Sep 04, 2020 2:22 pm PDT

We will have to agree on disagreeing. I could have written the article you are asking for, I just don't think it's the right approach to deal with this theme.

Hi Mark,the "distinction" made by Göran goes By Wolfgang Kleinwächter  –  Sep 04, 2020 2:04 am PDT

Hi Mark,

the "distinction" made by Göran goes back to the Internet Governance Definition of the WSIS Tunis Agenda where para. 34 makes the distinction between "the evolution and use of the Internet." The "evolution" of the Internet is what Göran calls now "TIG", the "use" of the Internet was related to the so-called "Internet related public policy issues", what Göran calls now "IG". The problem was (in 2005) and is that the two spheres are interlinked. Technical decisions have political implications, legislation on Internet related public policy issues can have consequences for the technical functioning of the Internet. This is one reason why the UN Secretary General in his "Roadmap on Digital Cooperation" (2020) has proposed a "holistic approach". ICANN is not the UN. ICANN has a very limited technical mandate. But it operates in a political environment which determines to a certain degree the spaces for ICANNs activities. ICANN has to stick to its limited technical mandate, it is neither the "world government of the Internet" nor the "world Internet police". But ICANN should not only be aware what is happening in its "political environment", called today more "cyber" and "digital" and less "Internet Governance". It should contribute proactiveley with its technical expertise to global Internet policy development by promoting capacity and confidence building among stakeholders not only in the "TIG" but also in the "IG Ecosystem". An interesting example for such an enhanced approach within the limited technical mandate is IETF´s the new RFC 8890.

Wolfgang

Distinctions from the WSIS Tunis Agenda By Mark Datysgeld  –  Sep 04, 2020 8:01 am PDT

Professor Kleinwächter,

Thank you for your comments. Your point adds an important layer of context that allows for a better understanding of the situation from a historical perspective. When writing about this subject in the future, I will make sure to recall the WSIS Tunis Agenda's distinction.

Best regards,

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

Brand Protection

Sponsored byAppdetex

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

IP Addressing

Sponsored byIPv4.Global

Whois

Sponsored byWhoisXML API

Cybercrime

Sponsored byThreat Intelligence Platform