Third Time Lucky for EU and Internet Governance

by Maria on February 12, 2014

This morning, European Commissioner Neelie Kroes released the EU’s long anticipated response to the seismic changes in Internet governance caused by the Snowden revelations. In six hundred words, it throws down the gauntlet at United States over control of the Internet for the third time in fifteen years. This time it just might work.

Last October, the technical bodies that coordinate the Internet released the Montevideo Statement. Implying that trust in the Internet’s American stewardship had been fatally damaged by the Snowden revelations, the I*s (‘i-stars; Internet organisations) called for “the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing” and for the overall improvement of global multi-stakeholder Internet governance.

It was an astonishing development. For the US-born ICANN, ISOC, ARIN and IETF to say the US government’s monopoly of control over the Internet root must end was a break few of us saw coming. It didn’t stop there. Within days, ICANN’s CEO, Fadi Chehade, announced that ICANN and the Brazilian government would organize a meeting in early 2014 to start figuring out how this transfer of control might work.

ICANN and Brazil are a union put together by a very canny matchmaker. For Brazil, it was a chance for Delma Rousseff, still smarting over NSA surveillance of her personal communications and with a presidential election coming up in late 2014, to poke a stick in America’s eye (practically a national pastime). Alone amongst its global peers, the Brazilian government spotted and grabbed the chance to look iconoclastic and courageous, seizing the initiative in what had quickly become a global Internet power vacuum. (Why a vacuum? The US and UK’s fatal refusal to respond publicly to the rest of the world’s anger and fear of their pervasive monitoring: CT)

For ICANN, although the story of its arranged marriage with Brazil has changed as many times as Fadi has told it, the partnership is a way to grab some autonomy and symbolic distance from its smothering and dysfunctional relationship with the US Department of Commerce. It also bigs up ICANN’s status as two hundred person California nonprofit that just happens to be best buddies with one of the biggest economies in the world.

Before the Montevideo statement, Internet governance had rumbled on in the same way for a decade: the US and its allies staunchly defendied the status quo; Russia, China and a bunch of countries they’d bullied or paid off made noise and occasionally accumulated victories at the International Telecommunication Union; and the large swathe of middling and middle income countries in between batted haplessly back and forward between them. Once a year, everyone would gather and complain at the Internet Governance Forum, a toothless talking shop tolerated and attended by everyone precisely because it has no power.

Europe had tried twice before to move the US away from its controlling grip on the domain name system. First, before the creation of ICANN, when the EU’s late 1990s suggestion that the United Nations get involved was slapped down. Later, just before the 2005 World Summit on the Information Society in Tunis, the EU suggested a purely intergovernmental cooperation model to replace the Department of Commerce’s contractual control of the root. That didn’t fly, either.

Nonetheless, the EU went on thinking of itself as the honest broker between the US – which brooked no challenge to its historic dominance – and Russia et al – who reflexively disliked the open Internet and spotted a chance to hobble it with the added benefit of curbing America’s global influence. What the EU achieved with its stance is hard to pin down; basically more of the same.

The only thing that’s changed in Brussels is a largely rhetorical shift from inter-governmentalism to multi-stakeholderism. The EU started off saying government should sit down around the table and sort things out, and more recently has shifted to saying the private sector, civil society and the technical community should be invited, too. But, as Kevin Murphy points out, the Commission’s true love for the ICANN multi-stakeholder model only goes so far as liking the decisions it agrees with and insisting on a right of veto over everything else. For the Commission, government stakeholders are still an awful lot more equal than the other ones. And so it would have continued, if those pesky Brazilians hadn’t stuck their nose in.

The EU wasn’t just caught on the back foot by the I* Montevideo statement and the subsequent Brazil meeting announcement. Europe’s raison d’etre in Internet governance as the diplomatic force maintaining an ideological balance between Internet extremes was destroyed. Being an honest broker in a struggle between a dominant power that just wants to keep the status quo versus a host of multi-hued malcontents basically just means upholding a flawed balance. There’s no future in it.

Brazil grabbed the ball when no one else even realized it was in play. (Probably via a sneaky pass from ICANN with a hand-off in Uruguay) Then everyone else rushed home to celebrate victory, drown defeat and train for the next match, while Neelie and co. stood muddy and alone in the empty stadium whining that the winners were offside.

So today’s announcement can be read as an attempt by the EU to look like it’s still driving the agenda, even though it never really was. It’s the concluding act of a lame duck commissioner who has disappointed in both her terms. And it’s raddled with the customary non-sequiturs that cast pet Commission projects as ‘concrete actions’ that will drive brave reforms. Put it this way, if you have to put out a press release saying you are the honest broker – the kind that work silently but manically behind the scenes to stitch the last-minute, life-saving deal together – then you’re almost certainly not one.

None of this means we should discount what the EU has to say. The things it asks for now seem sensible and even necessary; a timeline for globalizing ICANN/IANA, strengthening the IGF, keeping the Internet open and unfragmented and its decision-making accountable, transparent and inclusive.

Although Europe is speaking from a position of weakness, these proposals are powerful, and shared by more people every day.

{ 38 comments }

1

Straightwood 02.12.14 at 5:01 pm

We are approaching an historic battle between trust and deceit. Trust will eventually prevail, because the engineering of deceit is a fundamentally contradictory endeavor. A global Internet engineered to favor the spying activities of a single nation state is not a viable construct. The management of the Internet will ultimately be supra-national, and that arrangement will be a harbinger of global government.

2

Bruce Wilder 02.12.14 at 5:02 pm

keeping the Internet open and unfragmented and its decision-making accountable, transparent and inclusive.

Not likely.

The U.S. has to go, because it is no longer trustworthy or competent, but that does not make me optimistic about the multi whatever to follow. The forces involved — by their plural and diverse nature — create pressure for particularity. We are witnessing the collapse of empire, with no good model to guide the oligarchy of giants to follow; this may work to promote many worthwhile values, but universalism is not likely to be among them.

3

Straightwood 02.12.14 at 6:55 pm

I am baffled by the reluctance to accept that the evolutioin of Internet engineering protocols will not foster a superstructure of global commercial and political conventions. The learned men who expound on the epochal significance of Gutenberg seem to have lost their tongues when it comes to contemplating the political consequences of Berners-Lee.

4

Maria 02.12.14 at 7:11 pm

Hi Straightwood, I’m afraid we’re a long, long way from that golden era.

Bruce, I agree it’s a moment of massive risk, but also an opportunity. I go back and forward on being pessimistic or not. There is a fairly good model – the multi stakeholder one – but in practice it’s messy, flawed and all to easy to game or route around, and many espousing it do so for geopolitical reasons. Then again we said that about democracy which is similarly dreadful, but for all the alternatives.

5

DaveL 02.12.14 at 7:51 pm

I don’t think any of the other players in this are any more trustworthy than the US, much less more competent. The difference is that Snowden exposed the US’s activities (and those of the UK and several other countries). Had he exposed those of China, or Russia, or even Brazil, it would have been just as bad for them, but just on (one supposes) a smaller scale.

So what we are seeing is an attempt to push a change that is likely to make the internet worse (standards thrashing, sneaking in pro-censorship stuff the way DRM is being sneaked into HTML5 as we speak) and further fragment it (as it is currently being fragmented by some countries like China, Russia and Iran). The push has been going on for some time, and is making more headway because of Snowden, but the underlying realities of the internet have not changed.

Moving to more widespread use of SSL (“https:”) for communication will do more to fix the “NSA” problem than making the internet even more political. If you read the Snowden documents, you find a lot of worry on the NSA’s part about how vulnerable their methods are to technical fixes. Many of them depend on bad implementations of protocols or unpatched attacks. The NSA is not God.

All the “collapse of empire” talk will not change the facts on the ground: every government does widespread hacking and surveillance, and giving “all governments” a role in the I*’s is not going to change that. What will change it is facts on the ground from implementations and design patterns motivated by the confirmation of what everyone (governments and companies) believed but had shoved in their faces by Snowden.

“Trust” will not prevail; what will prevail is systems and protocols that make communications more secure. Part of that is trust, but there was a lot of trust out there before Snowden that turned out to be misplaced (or maybe more accurately, “whistling in the dark”).

6

JG 02.12.14 at 8:18 pm

Maria, messy and flawed (sort of like democracy) would be real progress after what has gone on for the last few years. Messy and flawed requires compromise, and means that no one any more has the power to impose a solution. And nothing could be more messy and flawed than the early days of the IETF and ISOC, and that was really good until it wasn’t.

JG

7

Sebastian H 02.12.14 at 9:35 pm

Ugh. The US has been exposed as non-trustworthy, but the other major players are all actively worse whenever they can be. Both Russia and China censor their internets and the EU spies as much as it can. Perhaps control can be wrested from the US, but that isn’t a victory unless it gets put into the hands of someone more trustworthy. That doesn’t look likely at all. Governments like to control you. Controlling the internet is too powerful not to tempt that unless there is huge pushback. I’m not seeing that right now.

8

fivegreenleafs 02.12.14 at 11:15 pm

@DaveL, at 7:51 pm

I don’t think any of the other players in this are any more trustworthy than the US, much less more competent. The difference is that Snowden exposed the US’s activities (and those of the UK and several other countries). Had he exposed those of China, or Russia, or even Brazil, it would have been just as bad for them, but just on (one supposes) a smaller scale.

I think there are several problems with the above section, and the assumptions that underpins it, not to mention that when a representative for the USA in a conversation tried to excuse the spying on Dilma with the line “everybody does it”, I think it was the Brazilian Foreign Minister who simply returned, “we don’t”, and the same happened when the Australian government tried to excuse its behaviour Vis-à-vis the Indonesian President.

I.) I would say that the issue is not primarily that other countries are better or worse, but, that so much trust was invested into the USA, and that that trust now has been shown to have been seriously misplaced.

II.) The implicit statement that ‘all other countries are doing the same thing’ is (I think) in its trivial form simple wrong, and in a more nuanced sense misleading.

If you believe that for example countries like Rwanda, Burundi or Honduras have ongoing surveillance programs to eavesdrop on the worlds leading statesmen, or that Iceland have installed listening posts on all the under-seas communication cables, and sucks up and stores all the worlds internet traffic (excluding netflix, youtube and the piratebay), I think you are wrong.

And as the famous Finnish Security expert Mikko Hypponen pointed out at a TEDex event last year, how many CEOs in for example Sweden uses gmail, iPhones, or windows products each and every day, and how many American CEOs use Swedish mail or cloud services, or mail and cloud services from Benin or Togo for that matter?

Any such statement need several conditions and definitions, such as opportunity, impact, technical capabilities, and level of motivation to be in any way relevant and meaningful.

Every country has (in a civilized society) a (I believe) legitimate right and desire to gather (more or less) public available information, but there is a huge difference between collecting gossips at parties about ones neighbours and observing them from the porch, and, installing bugs in their bedroom and concealed remote cameras in their bathroom, just because you work for the CIA and have the technology and know-how available to do so.

While the former is accepted practise, the latter will in all probability make you highly unpopular on your street.

9

lupita 02.13.14 at 12:25 am

Russia, China and a bunch of countries they’d bullied or paid off made noise and occasionally accumulated victories at the International Telecommunication Union

This would mean that Germany, Italy, Spain, Holland, Sweden, and the Czech Republic “made noise” because they were either bullied or bought. Who is to say that the EU is not now “making noise” because it was bought by Germany or the IMF? And if it is so easy to buy or bully European countries, why not the European I*? Maybe they are being corrupted by Google and Microsoft. Why even go to Sao Paolo if everything is so pointless?

Maybe the 87 countries that voted with Russia and China at the ITU had a point? In any case, I do not think treating your opposition as corrupt cowards who have nothing to add to the discussion will lead to a system of global governance.

10

John Quiggin 02.13.14 at 12:44 am

Fivegreenleafs is right: the idea that “everybody does it” is false, particularly in relation to spying on friendly countries. This is a hostile act and, when it was detected during the Cold War, those caught doing it on either side were liable to get shot, or imprisoned indefinitely. Perhaps at some point, European countries will start arresting NSA staff who turn up on vacation, but for the moment we are seeing unpunished aggression.

It’s overwhelmingly the Five Eyes countries and the (current or succession) Communist states who’ve carried Cold War attitudes to spying into the 21st century. One side is backing US control, and the other the ITU.

11

Collin Street 02.13.14 at 1:24 am

Perhaps at some point, European countries will start arresting NSA staff who turn up on vacation, but for the moment we are seeing unpunished aggression.

Extinction burst.

http://en.wikipedia.org/wiki/Extinction_(psychology)#Extinction_burst

Much like a puppy that’s associated humping a visitor’s leg with attention from its owner [or a two-year-old that's associated throwing a tantrum with getting what it wants], the spy agencies have associated doing all cloak-and-dagger shit with getting praise from the public and their political masters.

12

Straightwood 02.13.14 at 2:23 am

For those who would like to see some rough justice administered by the invisible hand of the marketplace, check out what is happening to Cisco’s router sales:

http://www.zerohedge.com/news/2014-02-12/ciscos-disastrous-new-normal

It seems that Asian customers don’t want to buy routers equipped with NSA back doors.

13

hix 02.13.14 at 4:08 am

American CEOs use Ericsson equipement every day. They are just less aware of it. US technological supermacy is a helpfull wrong concept for those who want to keep going as before. That implies opposition to the surveilance practices is just based on tactics, on attempts to ban a playing field where one has a disadvantage. Thats sure not the case. Rather most nations have a disadvantage on that playing field because there is strong opposition to play that game in the first place. And right so. Even when the others do play, one is losing less by not participating active. A bit counter espionage focused on r&d theft, more does not make sense.

Angela Merkel isnt angry about here phone because she has a disadvantage now. Shes angry because it is a breach of basic privacy and cooperation norms.

14

Zamfir 02.13.14 at 6:07 am

What is the link between these Istars , and the potential for spying in the internet? As in, are there specific policies they could have implemented, that would have made spying harder?

It’s a honest question, I don’t know exactly what powers (or influence) these institutes have. I thought that ICANN for example managed the link between nonnational domains ending on .com etc, and IP addresses. It’s not obvious to me how that might be used to help or hinder NSA spying.

15

Watson Ladd 02.13.14 at 6:12 am

Anyone familiar with Ethiopia or Romania? A professor at my alma mater was shot dead in the restroom by a secret agent of the Romanian secret service. Ethiopia uses spyware to find and kill the sources of opposition journalists. Air France first class had bugs in the seat cushions not that long ago. And who can forget the Russian Sochi bathroom cameras?

Spies getting shot? Maybe in Russia the sources, but agents from the US would be repatriated in exchange for Russians. The US tried and convicted people, and they usually were traded back before their sentences were up. If they had diplomatic cover they were simply sent home.

As for engineered, the NSA did not design protocols to help them out. They exploited “features” like the sending of plaintext over wires, headers indicating language preferences, etc. Changing governance wouldn’t fix these issues or stop their exploitation by people who want to have their wicked way with others.

16

Theophylact 02.13.14 at 12:01 pm

If you think the US’s friends don’t spy on the US: Jonathan Pollard.

17

Walt 02.13.14 at 12:53 pm

And where is Jonathan Pollard now? Why, I do believe he is in a place known as “jail”.

18

SusanC 02.13.14 at 1:23 pm

@14

Here’s an example of a way in which control of the Domain Name Service could be used in targetted spying: when a web browser looks up the IP addesss of crookedtimber.org (say), have the DNS return the IP address of an NSA controlled machine instead. That NSA-controlled machine then either serves up altered content (if they’re trying to do that kind of active attack) or forwards requests on to the real crookedtimber.org while keeping a copy (if they’re just interesting in spying).

I say targetted attacks, because it would be hard to do this on a large scale for a long period of time without someone noticing and complaining.

Still, it shows that operational control of the DNS is likely to be important.
(A realistic attack would involve the NSA subverting both the DNS and the certification authorities — e.g. Verisign — that are used for cryptographic authentication).

19

Barry 02.13.14 at 2:12 pm

Straightwood 02.12.14 at 6:55 pm

” I am baffled by the reluctance to accept that the evolutioin of Internet engineering protocols will not foster a superstructure of global commercial and political conventions. The learned men who expound on the epochal significance of Gutenberg seem to have lost their tongues when it comes to contemplating the political consequences of Berners-Lee.”

Your paragraph is awesome; Gutenburg triggered a fracturing of the intellectual superstructure of his day.

20

Barry 02.13.14 at 2:14 pm

DaveL 02.12.14 at 7:51 pm

” Moving to more widespread use of SSL (“https:”) for communication will do more to fix the “NSA” problem than making the internet even more political. If you read the Snowden documents, you find a lot of worry on the NSA’s part about how vulnerable their methods are to technical fixes. Many of them depend on bad implementations of protocols or unpatched attacks. The NSA is not God.”

In other words, the black bag boys knew the standard techniques of entering without technically breaking (e.g., check the windows). However, we also know that the NSA was installing software at rather low levels, with the cooperation of many major software companies.

21

Straightwood 02.13.14 at 2:31 pm

@19

Anyone who has studied digital systems, even at a rudimentary level, is aware of the central concept of abstraction layers. Progress in making computing facilities more usable and ubiquitous generally results from building new layers of progressively more powerful capability on top of older ones. That’s why no command language mastery is required to operate an iPad.

The political science community stubbornly refuses to entertain the notion that the engineering-oriented protocols of the Internet can support new layers of global conventions that are explicitly political, such as a universal right to digital privacy. The Internet is already generating global trust systems that are clearly social phenomena grounded on consensual protocols. The eBay feedback system is one example, and similar conventions are used by Yelp, Uber, and AirBnB.

Yes, Virginia, the Internet is ENGINEERING TRUST, and this is just an early manifestation of a societal and political earthquake that will make the invention of moveable type look like a minor perturbation.

22

fivegreenleafs 02.13.14 at 2:53 pm

@Watson Ladd, at 6:12 am

”As for engineered, the NSA did not design protocols to help them out….”

I am quite astonish by that statement, since that is exactly what the documents supplied by Edward Snowden clearly seems to indicate has indeed happened, and lies at the very core of the indignation and accusations levelled at the NSA from among others the IETF.

And the NSA didn’t stop at introducing back-doors into encryption algorithms and subverting the development of internet communication protocols, it has been undermining and corrupting standards, procedures and companies on all levels, from the basic network infrastructure to the software and hardware we daily use to communicate.

Bruce Schneier in a memorable article last summer in the Guardian in a response to these revelations simply stated that: ‘the Internet is broken’, and that we now have to go back to the drawing board, and more or less start all over again.

I think the NSAs actions are compounded by the way the Internet was designed, since it in its current form depends on a high level of “trust” in regard to all participating parties.

You need to ‘trust’ the DNS operators, hardware manufacturers, ISPs, the basic infrastructure operators etc., it’s in many ways a very fragile system, and the race is now on to make it much more robust, and this will in all probability mean, completely new internet protocol standards, requirement of open (source) software and hardware, and, of course to remove the influence of the NSA (as much as possible) from the standardisation bodies and task forces that directs and governs these processes.

The question is (I believe) whether this will be sufficient, and the process fast enough to prevent a split up and segmentation of the www.

23

Barry 02.13.14 at 3:07 pm

Straightwood: “The political science community stubbornly refuses to entertain the notion that the engineering-oriented protocols of the Internet can support new layers of global conventions that are explicitly political, such as a universal right to digital privacy.”

If you could support your assertions, maybe they would.

24

Straightwood 02.13.14 at 3:36 pm

@23

The concept of territorial sovereignty has such a strong hold on establishment thinkers that they can’t accept a medium that has no geographical boundaries. It is ludicrous to contemplate an EU standard for Internet privacy that coexists with a different US standard and a still different Chinese standard, when networked individuals in these countries have traffic bouncing all over the world. Privacy is a basic human right, and its universality will ultimately be asserted.

It takes extraordinary intellectual blindness to refuse to acknowledge the necessity of a unified global standard for human rights and ecological sustainability. The Internet is binding humanity together and clarifying its common causes. Nations states have stopped serving the interests of mankind and their antagonisms now threaten human survival. The notion that these squabbling entities are our only hope for progress is the current conventional wisdom, but it represents an enormous failure of political imagination.

25

Zamfir 02.13.14 at 4:16 pm

@SusanC, I thought VeriSign ran the actual physical servers that did that? Or at least, manages the servers that the other severs get their stuff from, something like that. I suppose that’s an interesting target for the NSA, have we heard anything about that?

So the potential chain here would be along the lines that US power over ICANN ensures that ICANN contract the important technical stuff to firms that the NSA knows how to snoop in or get cooperation from?

If so, should we see move from ICANN away from US suppliers?

26

Barry 02.13.14 at 4:37 pm

Straightwood: “It takes extraordinary intellectual blindness to refuse to acknowledge the necessity of a unified global standard for human rights and ecological sustainability. “

As I said earlier……………

27

Tom Slee 02.13.14 at 4:43 pm

Every single sentence of Straightwood #24 is wrong.

28

Straightwood 02.13.14 at 4:48 pm

@26

Does the assertion that a man’s rights should not differ according to where on the Earth he is standing really require “support?” Does the belief that there is only one planetary ecosystem require detailed proof? Does the performance of 200+ nation states in addressing global warming encourage any hope of a timely solution? Does the behavior of the American National Security State engender any confidence in that government’s willingness to safeguard privacy?

The powers that be, loyally supported by most of the business elite, are concentrating wealth in the hands of billionaires, vandalizing the Internet, and setting the planet on a collision course with ecological disaster. And the band plays on.

29

Bruce Wilder 02.13.14 at 5:37 pm

Straightwood @ 24 versus Straightwood @ 28

Is this going to be more like pro wrestling or the UFC?

30

lupita 02.13.14 at 5:47 pm

It takes extraordinary intellectual blindness to refuse to acknowledge the necessity of a unified global standard for human rights

At an internet convention? What is wrong with the Universal Declaration of Human Rights? Call me blind but I see it as changing the topic when the conversation is not leading to where you want it to.

Nations states have stopped serving the interests of mankind

You just say that because you live safely under the NATO nuclear umbrella. Out here, people get invaded, occupied, droned, rendered, tortured, and privatized and we greatly appreciate any assistance we can get from our states in ameliorating the onslaught, yes, by challenging US supremacy on every front, including control over the internet.

31

SusanC 02.13.14 at 6:16 pm

@25. Yes, you’re right that actually running the DNS root servers is contracted out. So the line of argument would have to be something along the lines of: to move to an Internet where the criticial infrastructure (e.g. DNS root servers) is less subject to US control, you need to get on board the IETF (to propose new communications protocols where necessary, e.g. revisions to DNSSEC) and ICANN (to make the political decision to roll out the technical changes).

It’s kind of interesting that the standards body most strongly implicated in putting deliberate vulnerabilities in protocols is NIST, which is US-specific. While in the case of the IETF, the usual accusation is that the NSA filibustered the development of security protocols (leaving systems insecure because the methods to make them secure never got standardized) rather than putting in deliberate back-doors. So there’s a tiny bit of hope that more international involvement might improve matters.

32

Straightwood 02.13.14 at 6:17 pm

@29

I am genuinely interested in your opinion on the issue of the possibilities of political structure arising out of the Internet – specifically the rise of global conventions that gradually supplant the laws of nation states. I appreciate that the preferred mode of discourse on CT is the display of erudition in the nice discernment of fine points, but perhaps a brief departure into broad scale thinking would be constructive.

33

Straightwood 02.13.14 at 6:26 pm

@27

I eagerly await your rebuttal, particularly an explanation of the logical coexistence of multiple conflicting national laws governing the Internet.

34

bob mcmanus 02.13.14 at 6:38 pm

33: My impression of Maria’s post was that it was fairly cynical though with amusement. She is for the most part talking about political, economic, and technocratic elites using national and international structures for power profit or just plain fun.

“Differences” of which the nation-state is only one, are will be created and maintained as sources of leverage and arbitrage.

35

Andrew F. 02.13.14 at 7:25 pm

fivegreenleafs @22 – And the NSA didn’t stop at introducing back-doors into encryption algorithms and subverting the development of internet communication protocols, it has been undermining and corrupting standards, procedures and companies on all levels, from the basic network infrastructure to the software and hardware we daily use to communicate.

That’s all been the subject of speculation. Nothing I’ve seen (if I’m wrong, link me to the source showing it – and I could be, given the volume of reporting on this) confirms any of it.

Moreover, if the NSA had subverted encryption and network protocols, why bother with the elaborate, expensive operations they run when attempting to access or eavesdrop on a system or target they’re interested in? There’s no need to intercept a hardware shipment to a target if you’ve built a backdoor into everything; there’s no need for immense networks to enable operations like FOXACID and QUANTUM if you’ve already compromised the target’s systems (because you’ve compromised ALL systems).

I don’t really see what any of that has to do with ICANN, though. Can you shed any light on that question?

SusanC @18 – Here’s an example of a way in which control of the Domain Name Service could be used in targetted spying: when a web browser looks up the IP addesss of crookedtimber.org (say), have the DNS return the IP address of an NSA controlled machine instead. That NSA-controlled machine then either serves up altered content (if they’re trying to do that kind of active attack) or forwards requests on to the real crookedtimber.org while keeping a copy (if they’re just interesting in spying).

Here is a map of current locations of root servers. They’re pretty global, no?

It also seems to me, based on the reporting of the FOXACID system, that it doesn’t really matter where those servers are located. The only question is whether the NSA server can respond faster to the target computer than the website that the target is seeking can respond.

I’m frankly confused as to how altering ICANN will increase security for anyone. I mean that honestly. If someone has an answer, I’m all ears (or eyes).

As to some comments by others that “not everyone does it”… having a foreign espionage service is like having a military. Not every country has one, but all of the larger ones do. As to the idea that it was common to shoot or imprison for life anyone from an ally caught spying, that’s just false. I’d love to see some supporting material for that, beyond the unusual example or two that I can think of.

36

Sebastian H 02.14.14 at 1:08 am

On further reflection we seem to be mixing town different concepts: spying and censorship. Both are essential concerns with respect to the internet. The US has been exposed at tracking the hell out of everything on the internet. When people say that the US isn’t trustworthy, they are talking about that.

As to censorship, as far as I know the US hasn’t been censoring the internet (though I suppose DCMA complicates that).

Mty problem with the discussion seems to be that the response to the spying issue is to knee jerk over to groups that are much worse on the censorship issue and likely not even better on the spying issue once they get control. So I’m being asked to get excited about going from a nasty spying regime to a nasty spying plus censorship regime.

I’m not excited.

37

Tom Slee 02.14.14 at 1:26 am

Straightwood #33. I am not going to try to refute faith-based assertions. It’s a mug’s game.

38

Straightwood 02.14.14 at 3:24 am

@37

I am prepared to support my arguments. It is a pity that you do not feel the same obligation. Perhaps your sense of superiority is too important to risk.

Comments on this entry are closed.