ICANN Has Control?
Is the United States giving up control of the Internet? The answer is, "No."
In October 2016, federal oversight of the Internet Corporation for Assigned Names and Numbers (ICANN) will end, the culmination of a nearly 20-year-old plan to fully privatize the organization. As the date draws nearer for the California nonprofit to cut ties with the U.S. government, some conservative lawmakers have voiced concern that ICANN’s transition to a more global, “multi-stakeholder” model of governance will result in countries like Russia, China and Iran having greater control over the Internet, giving them another avenue to suppress free speech. Texas Senator Ted Cruz, for example, has said that “[i]f Congress fails to act, the Obama administration intends to give away control of the Internet to an international body akin to the United Nations,” and has called on Congress to “stop the Obama administration from relinquishing U.S. control of the Internet.” While conservatives have no shortage of reasons to distrust the Obama administration regarding … well, anything, there are also reasons to be wary of claims that the U.S. is giving up control over the Internet. To understand why the sky probably isn’t falling, it’s helpful to know what the Internet actually is, and what ICANN does and doesn’t do.
Contrary to popular misconception, the Internet isn’t owned or operated by the U.S. government. The Internet as we know it today is made up of tens of thousands of privately owned, interconnected networks, which neither the federal government nor ICANN control. Because it is unrealistic for a single network operator to have a network in every geographic location, network operators establish agreements to carry each other’s Internet traffic if the intended destination requires it. When Internet traffic between an origin and a destination takes a path across multiple networks, this process is called routing, and the hardware devices that facilitate routing are called routers. Without routing, the Internet simply wouldn’t work. However, it is important to remember that, like the thousands of networks that comprise the Internet, the routers on the edges of these networks are primarily operated by the private sector, not the U.S. government or ICANN.
Although routers use IP addresses like 220.127.116.11, humans don’t like having to type them into their Web browsers. Instead, people prefer readable domain names like patriotpost.us, but routers don’t inherently know what to do with them. To remedy this problem and create harmony between man and machine, we use a system that turns human-readable domain names into router-usable IP addresses, which is called the Domain Name System (DNS). DNS can be thought of as a convenience layer on top of the Internet’s routing layer. When a domain name is typed into a Web browser, a DNS lookup is performed, which is really just a simple question: “What is the IP address associated with the domain name patriotpost.us?” for example. “The answer is 18.104.22.168,” the DNS server responds. The Web browser then takes that answer and makes it the destination, at which point it is up to the Internet’s routers — not DNS — to get you there. However, there is a potential wrinkle in this system: Anybody with a little technical know-how can set up their own DNS server, so how do we ensure that we get the right answer when we ask DNS a question? How do we know that patriotpost.us (or any other domain) is globally unique, with only one DNS server providing an authoritative answer about its IP address? That’s where ICANN enters the picture, which offers this concise explanation of the organization’s role:
To reach another person on the Internet you have to type an address into your computer — a name or a number. That address has to be unique so computers know where to find each other. ICANN coordinates these unique identifiers across the world. Without that coordination we wouldn’t have one global Internet.
Among ICANN’s primary responsibilities is the management of several important databases. The most famous of these databases is the root zone file, which is like a phone book in which the names are top-level domains like .com and the phone numbers are server addresses like a.gtld-servers.net. This root zone file is literally a simple text file viewable by anyone. Because ICANN tries to ensure that the DNS servers responsible for each top-level domain are listed correctly in the root zone file, third parties can be reasonably confident that when they consult a DNS server on the list, the lookup will yield the correct answer. In practice, the Internet’s 13 highest-level DNS server operators consider ICANN’s root zone file to be an authoritative list of which DNS servers answer questions for which top-level domains, which in turn contributes to a consistent DNS experience across the globe and allows the Internet’s thousands of network operators to be on the same page. In other words, ICANN doesn’t own the Domain Name System, but rather stewards a list that is trusted by DNS server operators to ensure that lookups are reliable, globally consistent and correct. And while DNS plays a crucial role in making the Internet easier to use for humans, it works at a higher level than the more fundamental routing level where Internet traffic actually transits.
Understanding what DNS does (match domains with IP addresses) and doesn’t do (route Internet traffic) helps illustrate why governments like China, Iran, Egypt and Pakistan have already had great success censoring the Internet in their countries, despite the lack of any cooperation from ICANN. The creation of China’s “Great Firewall” and the shutdown of Egypt’s Internet during the Arab Spring were possible because those countries took control of the routers within their borders. This was and continues to be the most effective method of censoring free speech on the Web, because whoever has control of the routers controls their corner of the Internet. It doesn’t matter whether a DNS lookup for a website recounting the Tiananmen Square Massacre succeeds or fails if China’s routers are configured to block IP traffic to that destination. The fact that such Internet censorship already occurs also belies the argument that the U.S. controls the Internet. If it did, why do we allow China to censor it, or Egypt to shut it down? The truth is that ICANN is unable to stop the suppression of free speech on the Internet, because the means of that suppression is beyond ICANN’s ability to control or influence. However, the corollary is that it is difficult to imagine a scenario in which ICANN could suppress free speech on the Internet in a way that is more effective than current methods. Some might say that’s meager consolation, since all the aforementioned human rights abusers have a seat at the ICANN table. Without direct U.S. government oversight, won’t China and Iran attempt to use those seats to somehow undermine ICANN?
The answer is “almost certainly,” though there are reasons to be optimistic that they won’t get very far. The first mitigating factor is that ICANN’s Government Advisory Committee (GAC) is made up of about 170 countries, all of which have to agree on any recommendations it makes to ICANN. The key word is “recommendation.” The GAC does not have governing authority over ICANN. When the GAC does make unanimous recommendations, ICANN’s directors will vote on those recommendations. Already, we can see problems for GAC members engaging in shenanigans: China, for example, would have to convince 170 nations (including the United States and the rest of the free world) that it’s a good idea to start picking winners and losers in the DNS phone book by removing Taiwan’s .tw top-level domain. The difficulties don’t stop there, however, because ICANN will be governed under a multi-stakeholder model in which the private sector, represented by the Generic Names Supporting Organization (GNSO), will have even more power than the GAC to suggest policies to ICANN. It is precisely these private sector stakeholders that operate the majority of the DNS servers listed in ICANN’s root zone file, and China would have to somehow convince them that being meddled with by an oppressive regime is preferable to the relative autonomy they enjoy. Assuming that the communists in Beijing managed to pull off this amazing feat, ICANN’s directors would still be able to vote against their recommendations.
A second factor working against the Chinas and Irans on the GAC is that ICANN is only legitimate to the extent that the Internet’s network operators agree on its legitimacy. We have made the case that ICANN doesn’t control the Internet, but rather stewards certain databases that help ensure the stability and global consistency of the Internet. While ICANN is somewhat entrenched in this role on account of its original charter and successful stewardship thus far, this by no means guarantees ICANN’s future standing if the organization were to become unduly influenced by totalitarian regimes. Recall that the Internet’s 13 highest-level DNS servers serve the root zone file maintained by ICANN. Only one of those 13 servers is actually operated by ICANN, while the rest are run by organizations like the NASA Ames Research Center, the U.S. Army Research Lab, the University of Maryland, and Verisign (a U.S. corporation). If ICANN manipulated the root zone file in a way that harmed U.S. business interests or national security, it is unlikely that all of the highest-level DNS servers would continue to treat ICANN’s root zone file as authoritative, and an opportunity would be created for another entity to maintain a database trustworthy enough to be designated authoritative. Even if all 13 of the highest-level DNS server operators did go along with ICANN’s theoretical mismanagement of the root zone file, the Internet’s tens of thousands of network operators would have the choice of either continuing to accept the legitimacy of those 13 DNS servers, or pointing their own, lower-level DNS servers at newly created root DNS servers they deem trustworthy. While this scenario wouldn’t be desirable, as it could potentially shard the Internet into two or more regional internets, it does illustrate that there would be serious limitations on the ability of a state actor to adversely influence the functionality of the Internet through ICANN.
So is the United States giving up control of the Internet? The answer is, “No.” The United States can’t give up control it doesn’t have. Rather, the U.S. is giving up direct oversight of ICANN, and will instead assume an advisory role. What does this mean for Internet freedom? In the short term, probably not much, if anything. We expect the Internet will remain uncensored in countries where it is currently uncensored, and censored in countries where it is already censored, because ICANN’s function neither helps nor hinders the censorship schemes of oppressive regimes.
The long term is more difficult to assess, because just as the technology underlying the Internet continues to evolve, organizations and governments aren’t static — they change and take on new roles. But one of the great strengths of the Internet’s fundamental structure is that absent centralized control, it can only function based on trust and mutual agreement. Because the Internet is comprised of thousands of independently owned networks, it is difficult for bad policies to win out over good policies, since most network operators will favor policies that benefit the greatest number of users.
Despite its important role in the reliable operation of the Internet, even ICANN cannot impose its will on unwilling network owners. Rather, ICANN has succeeded thus far because network operators have not yet been given a reason not to trust it. One of the stated objectives of ICANN’s transition to a fully privatized organization without direct government oversight is to further solidify that trust and ensure that the Internet remains global, rather than devolving into numerous fractured regional internets. Whether ICANN will deliver on that commitment remains to be seen. Their track record is good, but at the intersection of technology and international politics, the future can never be certain. Fortunately, the distributed nature of the Internet means that if the new ICANN fails to live up to its stated principles, there are escape hatches.
Jonathan Connor has been The Patriot Post’s technical director since 2008. This is an expanded version of what was published in the Sept. 29 Digest.