Last week, President Barack Obama announced his support for Senator Joe Lieberman’s (I-CT) Cybersecurity Act of 2012. His support comes from a recognition that the United States is particularly vulnerable to cyberattacks. I agree with him that we are particularly vulnerable, and need to do something about it. But we have a delicate balance to consider when examining our options. The fulcrum of that balance is the Internet Corporation for Assigned Names and Numbers (ICANN).
Before we look at ICANN, let’s look at Lieberman’s bill.
The Cybersecurity Act of 2012 would establish a set of performance standards for various companies and organizations who are responsible for “critical infrastructure”, a term defined in the Uniting (and) Strengthening America (by) Providing Appropriate Tools Required (to) Intercept (and) Obstruct Terrorism Act of 2001 (more commonly known by its acronym: USA PATRIOT Act). Those who meet those performance standards are exempted from liability for violating privacy laws in cases of disclosing private information to law enforcement.
In a general sense, the bill is pretty well conceived. Disclosures must accompany a belief that it is related to a suspected cybersecurity attack. It may give a little too much leeway to Internet Service Providers (ISPs) to examine the contents of people’s Internet traffic, but it’s unclear that they have much freedom in that regard.
Where the Act falls short is in a way that many bills in the past (such as SOPA, PIPA, and DMCA) have also fallen short, in recognizing that the Internet is international. To understand what I mean requires us to look a bit at how the Internet works.
When you type “www.logarchism.com” into your browser, your computer has to find the internet protocol (IP) address of this site, which it does by contacting your domain name service (DNS) server. It’s akin to looking in the phone book for the telephone number corresponding to a person’s name. There are tens of thousands of DNS servers out there, and odds are that the one you use is run by your ISP. But there are so many domains in existence that your ISP’s DNS server isn’t necessarily going to have in its database the listing your computer is looking for. If it doesn’t, it can look further up the chain as illustrated in the tree here (i.e., if it doesn’t have “www.logarchism.com”, it may have “logarchism.com”, or merely “com”), and ask the DNS server that owns that portion of the Internet’s domains for the information. Every DNS server must have in its database all of the listings of the next level (i.e., the owner of “com” [Network Solutions] has every single “.com” domain in its database). At the very root of the Internet is a series of servers, run by ICANN, that handle the top-level domains (TLDs) such as “com”, “net”, “org”, “edu”, “mil”, and all of the two-letter country domains.
ICANN, then, is at the root of all domains.
And where is ICANN? They’re in Marina del Rey, a district of Los Angeles, California…in the United States. And that means that the United States Congress thinks they can control the Internet by asserting jurisdiction over ICANN. In the very short run, they’re right. But in the long run, they’re very, very wrong.
There’s a reason that ICANN resides in the United States. The Internet is the evolution of DARPAnet, created by the Defense Advanced Research Project Agency as a network architecture to be resilient to nuclear attacks on the United States taking out large portions of the nation’s infrastructure. The original DNS infrastructure consisted of Jon Postel, one man at the University of Southern California, who maintained a list of all domain names which he periodically published to people who could then install the database on their own local servers. Astonishingly, he maintained this list until his death in 1998. ICANN was set up to replace Postel (who, had he not met an untimely demise, would have been ICANN’s first chief technology officer) with an organization and infrastructure to be far more resilient than a single person.
But in shifting control of the Internet from one man to an organization, coupled with the rapid growth of the Internet all over the world, the countries that happen not to be called “The United States of America” were concerned about control of the Internet belonging to the United States government, who would have the power to shut off Internet access to other nations at will. At that time, governments outside the US were pushing for control of IP addresses and domain names to be handled by the United Nations. As you might imagine, the prospect of UN control over the Internet did not appeal to Congressional Republicans, who on principle have long opposed the very existence of the UN.
In order to keep control of the Internet geographically within the United States, ICANN was formed with bylaws that are designed to prevent the US government from exerting jurisdictional control over the Internet. In other words, as long as the US government remains a benign host, control over the Internet can remain in Marina del Rey.
Which brings us back to these cybersecurity bills. The more power the United States government exerts over the Internet, particularly ICANN, and especially under the justification of national security, the greater the likelihood that the functions currently handled by ICANN will move to the United Nations. If it goes to the UN, Russia and China will have significantly more influence over issues such as privacy, national security, and censorship. And that would result in the US having less, rather than more, control over the overall security of the Internet and our national security, to say nothing of the free expression of ideas that we take for granted today on the Internet.
It’s hard at times for Americans to realize just how much we take for granted. We must be aware of the delicate balance between the US and the rest of the world in control over the Internet. And we must, then, tread lightly in attempting to push our ideals onto the Internet over the objections of the rest of the world.
- Thread: What does ICANN do? (threads.scripting.com)
- ICANN Wins IANA Contract Bid (internetnews.me)
- ICANN Leadership Confusion? (internetnews.me)
- U.S. Commerce Department Retains Icann as Web’s Address Manager — Bloomberg (bloomberg.com)