On the home stretch to a vic­tory that could prove Pyrrhic

Last week, Pres­i­dent Barack Obama announced his sup­port for Sen­a­tor Joe Lieberman’s (I-​​CT) Cyber­se­cu­rity Act of 2012. His sup­port comes from a recog­ni­tion that the United States is par­tic­u­larly vul­ner­a­ble to cyber­at­tacks. I agree with him that we are par­tic­u­larly vul­ner­a­ble, and need to do some­thing about it. But we have a del­i­cate bal­ance to con­sider when exam­in­ing our options. The ful­crum of that bal­ance is the Inter­net Cor­po­ra­tion for Assigned Names and Num­bers (ICANN).

Before we look at ICANN, let’s look at Lieberman’s bill.

The Cyber­se­cu­rity Act of 2012 would estab­lish a set of per­for­mance stan­dards for var­i­ous com­pa­nies and orga­ni­za­tions who are respon­si­ble for “crit­i­cal infra­struc­ture”, a term defined in the Unit­ing (and) Strength­en­ing Amer­ica (by) Pro­vid­ing Appro­pri­ate Tools Required (to) Inter­cept (and) Obstruct Ter­ror­ism Act of 2001 (more com­monly known by its acronym: USA PATRIOT Act). Those who meet those per­for­mance stan­dards are exempted from lia­bil­ity for vio­lat­ing pri­vacy laws in cases of dis­clos­ing pri­vate infor­ma­tion to law enforcement.

In a gen­eral sense, the bill is pretty well con­ceived. Dis­clo­sures must accom­pany a belief that it is related to a sus­pected cyber­se­cu­rity attack. It may give a lit­tle too much lee­way to Inter­net Ser­vice Providers (ISPs) to exam­ine the con­tents of people’s Inter­net traf­fic, but it’s unclear that they have much free­dom in that regard.

Where the Act falls short is in a way that many bills in the past (such as SOPA, PIPA, and DMCA) have also fallen short, in rec­og­niz­ing that the Inter­net is inter­na­tional. To under­stand what I mean requires us to look a bit at how the Inter­net works.

When you type “www​.log​a​rchism​.com” into your browser, your com­puter has to find the inter­net pro­to­col (IP) address of this site, which it does by con­tact­ing your domain name ser­vice (DNS) server. It’s akin to look­ing in the phone book for the tele­phone num­ber cor­re­spond­ing to a person’s name. There are tens of thou­sands of DNS servers out there, and odds are that the one you use is run by your ISP. But there are so many domains in exis­tence that your ISP’s DNS server isn’t nec­es­sar­ily going to have in its data­base the list­ing your com­puter is look­ing for. If it doesn’t, it can look fur­ther up the chain as illus­trated in the tree here (i.e., if it doesn’t have “www​.log​a​rchism​.com”, it may have “log​a​rchism​.com”, or merely “com”), and ask the DNS server that owns that por­tion of the Internet’s domains for the infor­ma­tion. Every DNS server must have in its data­base all of the list­ings of the next level (i.e., the owner of “com” [Net­work Solu­tions] has every sin­gle “.com” domain in its data­base). At the very root of the Inter­net is a series of servers, run by ICANN, that han­dle the top-​​level domains (TLDs) such as “com”, “net”, “org”, “edu”, “mil”, and all of the two-​​letter coun­try domains.

ICANN, then, is at the root of all domains.

And where is ICANN? They’re in Marina del Rey, a dis­trict of Los Ange­les, California…in the United States. And that means that the United States Con­gress thinks they can con­trol the Inter­net by assert­ing juris­dic­tion over ICANN. In the very short run, they’re right. But in the long run, they’re very, very wrong.

The office tower in Marina Del Rey which is ho...

The office tower in Marina Del Rey which is home to the Uni­ver­sity of South­ern California’s Infor­ma­tion Sci­ences Insti­tute and ICANN

There’s a rea­son that ICANN resides in the United States. The Inter­net is the evo­lu­tion of DARPAnet, cre­ated by the Defense Advanced Research Project Agency as a net­work archi­tec­ture to be resilient to nuclear attacks on the United States tak­ing out large por­tions of the nation’s infra­struc­ture. The orig­i­nal DNS infra­struc­ture con­sisted of Jon Pos­tel, one man at the Uni­ver­sity of South­ern Cal­i­for­nia, who main­tained a list of all domain names which he peri­od­i­cally pub­lished to peo­ple who could then install the data­base on their own local servers. Aston­ish­ingly, he main­tained this list until his death in 1998. ICANN was set up to replace Pos­tel (who, had he not met an untimely demise, would have been ICANN’s first chief tech­nol­ogy offi­cer) with an orga­ni­za­tion and infra­struc­ture to be far more resilient than a sin­gle person.

But in shift­ing con­trol of the Inter­net from one man to an orga­ni­za­tion, cou­pled with the rapid growth of the Inter­net all over the world, the coun­tries that hap­pen not to be called “The United States of Amer­ica” were con­cerned about con­trol of the Inter­net belong­ing to the United States gov­ern­ment, who would have the power to shut off Inter­net access to other nations at will. At that time, gov­ern­ments out­side the US were push­ing for con­trol of IP addresses and domain names to be han­dled by the United Nations. As you might imag­ine, the prospect of UN con­trol over the Inter­net did not appeal to Con­gres­sional Repub­li­cans, who on prin­ci­ple have long opposed the very exis­tence of the UN.

In order to keep con­trol of the Inter­net geo­graph­i­cally within the United States, ICANN was formed with bylaws that are designed to pre­vent the US gov­ern­ment from exert­ing juris­dic­tional con­trol over the Inter­net. In other words, as long as the US gov­ern­ment remains a benign host, con­trol over the Inter­net can remain in Marina del Rey.

Which brings us back to these cyber­se­cu­rity bills. The more power the United States gov­ern­ment exerts over the Inter­net, par­tic­u­larly ICANN, and espe­cially under the jus­ti­fi­ca­tion of national secu­rity, the greater the like­li­hood that the func­tions cur­rently han­dled by ICANN will move to the United Nations. If it goes to the UN, Rus­sia and China will have sig­nif­i­cantly more influ­ence over issues such as pri­vacy, national secu­rity, and cen­sor­ship. And that would result in the US hav­ing less, rather than more, con­trol over the over­all secu­rity of the Inter­net and our national secu­rity, to say noth­ing of the free expres­sion of ideas that we take for granted today on the Internet.

It’s hard at times for Amer­i­cans to real­ize just how much we take for granted. We must be aware of the del­i­cate bal­ance between the US and the rest of the world in con­trol over the Inter­net. And we must, then, tread lightly in attempt­ing to push our ideals onto the Inter­net over the objec­tions of the rest of the world.