European Union Wants a Cut of the Internet
Nobody really controls the Internet — untold numbers of servers located in hundreds of jurisdictions simply can't be policed by any one individual, organization, or government. What is controlled, however, is the assignment of IP addresses and domain names — a function that is carried out by the Internet Corporation for Assigned Names and Numbers through the Internet Assigned Numbers Authority. That control is set to expire later this year, and ideas on who should take it from there are already beginning to circulate.
Most users of the Internet are probably blissfully unaware that ICANN/IANA exists — even many of those operating websites would likely be unable to give the full name of either or explain what they do. They are, however, extremely important to the smooth operation of the Internet, as demonstrated by more than a decade's supervision of explosive Internet growth. What even fewer are likely to know is that ICANN is not a private group or an international association: It is a quasi-governmental non-profit corporation that derives its authority from the United States Department of Commerce.
How this came to be delves a bit into the history of the Internet. Before there was The Internet™ and the World Wide Web — started/created/invented by Sir Tim Berners-Lee while working at CERN, the same group responsible for the Large Hadron Collider — there was ARPANET. While many predecessor, concurrent, and future systems were important in the eventual development of The Internet™, ARPANET provided the technical core. As ARPANET was originally a product of the U.S. Department of Defense, the DOD originally held ultimate control — elements of the DOD's control split between the Stanford Research Institute/SRI International and the Defense Data Network—Network Information Center, the University of Southern California's Information Sciences Institute and the (pre-ICANN) IANA, the National Science Foundation and InterNIC, and a number of subcontractors at various points over thirty-plus years. In 1998, ICANN was created, under the auspices of the U.S. Department of Commerce, once again providing a central authority; ICANN's mandate has been extended and clarified a number of times since.
The last formal extension/clarification took place in September 2006, with the adoption of modifications to the Memorandum of Understanding/Joint Project Agreement[PDF] between the Department of Commerce and ICANN — per the modified terms, the agreement terminates on September 30, 2009. The most likely response to the termination will be an extension/renewal or a new MOU/JPA between the parties — if the DOC was displeased enough with ICANN to cause it to not renew the agreement, it would surely have exercised the option to terminate the agreement early rather than wait it out.
That hasn't stopped speculation and suggestion, however; ideas have been floated to transfer control to everyone from the U.S. government directly to the UN to abandoning control all together and letting it all take care of itself. The European Union has been vocal for some time with criticism of the unilateral control exercised over such a global function, and earlier this month, the European Commissioner for Information Society and Media, Viviane Reding, proposed her own successor body. Under Reding's plan, control would be transitioned from the U.S. government via ICANN to an informal body, based on the G12, that would oversee a new, completely-independent authority, also to be named ICANN, and an independent judiciary would be established, presumably to undertake the dispute resolution functions now performed by ICANN.
Though it would only meet a minimum of twice each year, Reding expects it to provide "swift reaction in case of threats to the stability, security and openness of the Internet." Representatives would be apportioned to maintain geographic balance, with Africa, Europe, North America, and South America each dispatching two, Asia providing three, and Australia one, with the head of ICANN attending but not voting. The European Commission is holding hearings into the matter of governing the Internet, with the first scheduled for just days after Reding's comments.
The Commission has been on the receiving end of questions from at least one member of the European Parliament for some time, centering on Europe's free trade laws and whether various ICANN regulations are in violation of them. Such a determination would likely create an international incident, as the presumable sanctions available would either be to prohibit ICANN from doing business in Europe — the fate bestowed upon companies based outside the European Union jurisdiction's but who do business within the Union if they undertake a merger or acquisition without the approval of EU antitrust regulators — or to levy a fine.
Barring ICANN from doing business in Europe would likely serve to prevent European registrars from becoming ICANN-accredited at a minimum and, in an extreme scenario, even prevent the registration of domain names period, as ICANN controls the process — and all registrations require payment of an ICANN registration fee. The ICANN-controlled IANA is responsible for creating and delegating not just top-level domains like .com and .net, but also country code TLDs — in an even more extreme scenario, preventing business with ICANN could mean preventing the Union's member nations from using the ICANN-controlled country code TLDS. On the other hand, ICANN is a quasi-governmental body — private, but not quite, and with special status and privileges, much like the U.S. Postal Service — and imposing a fine on such a body would ultimately mean imposing it upon the United States itself, something Washington isn't likely to take lightly.
As far as actual control goes, the Department of Commerce has stated on a number of occasions, in no uncertain terms, that it "has no plans to transition management of the authoritative root zone file to ICANN," a task currently performed by VeriSign under a similar contract. (IANA processes requests to change the authoritative root zone file, but VeriSign is responsible for actually implementing the changes.) As long as VeriSign retains that authority, the real governance of the Internet will stay with the U.S. government, irrespective of who sorts through the registrations.
That aside, transitioning control of ICANN outside the U.S. government is likely outside the Department of Commerce's remit, something Reding seems to acknowledge. She had the following to say on the subject in a videotaped statement for her website: "I trust that President Obama will have the courage, the wisdom and the respect for the global nature of the Internet to pave the way in September for a new, more accountable, more transparent, more democratic and more multilateral form of Internet governance." While any move to do so would undoubtedly require the President's involvement, it is a matter for serious debate whether even he has the authority to unilaterally divest a portion of the U.S. government, quasi-governmental non-profit or not. Doing so would presumably fall under the purview of Congress, either by passing an act transferring control directly, or, since an international organization is one proposal, if done by treaty, through the Senate's exclusive power to ratify treaties.
For now, the matter remains one for intense debate, and no doubt will be intensely debated in forums worldwide up to and after September 30.
Justin Ryan is a Contributing Editor for Linux Journal.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- The Humble Hacker?
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- The US Government and Open-Source Software
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide