How the US government exerts control over ICANN

Michael Geist sez, "The debate over Internet governance for much of the past decade has often come down to a battle between ICANN and the ITU (a UN body), which in turn is characterized as a choice between a private-sector led, bottoms-up, consensus model (ICANN) or a governmental-controlled approach. The reality has always been far more complicated. The U.S. still maintains contractual control over ICANN, while all governments exert considerable power within the ICANN model through the Governmental Advisory Committee (GAC)."

While the GAC claims its role is merely to provide 'advice' to ICANN, it often seems to take the view that its suggestions can't be refused. Indeed, late on Friday, ICANN proposed a by-law change that would grant governments even greater control over its decision-making process. At the moment, ICANN looks to various supporting organizations to develop policies designed to represent the views of many different stakeholders, including the GAC. Where the GAC and the ICANN board disagree on a policy issue, the ICANN board decision governs provided that a simple majority of board members vote against the GAC advice and that ICANN provide an explanation for the decision.

ICANN is now proposing that the threshold be increased so that 2/3 of eligible ICANN board members would be required to vote against GAC advice in order to reject it. The increased threshold would grant governments enormous power over ICANN, coming close to an effective veto over decisions based on broad consultations and participation from around the world. With the GAC intervening with increasing frequency (particularly on new generic TLD issues), ICANN has maintained that it is not required to follow the governmental advice. That is technically true, but the proposed by-law chance would make it exceptionally difficult to overcome government demands. In effect, governments would be given near-complete veto power over ICANN board decisions.

Government Control Over Internet Governance: Proposal Would Give the GAC Increased Power over ICANN Board Decisions [Michael Geist]

Great video explainer: Vint Cerf on ICANN and NTIA

The "father of the Internet" explains why the Congressional posturing and global freakout about the US National Telecommunications and Information Administration stepping back from management of the Internet domain name system is misplaced.

Read the rest

Why dictators (don't) shut down the Internet

Warren Ellis's Vice column, "How to Shut Down Internets," looks at the phenomenon of Middle Eastern dictators shutting off their nation's Internet during moments of extremis. Here's the money graf:

There are two reasons why these shutdowns happen in this manner. The first is that these governments wish to black out activities like, say, indiscriminate slaughter. That much is obvious. The second is sometimes not so obvious. These governments intend to turn the internet back on. Deep down, they believe they will be in their seats the next month and have the power to turn it back on. They believe they will win. It is the arrogance of power: they take their future for granted, and need only hide from the world the corpses it will be built on.

For me, this raises a couple of much more interesting questions:

1. Why would a basket-case dictator even allow his citizenry to access the Internet in the first place? (A: Because the national economy can't function without it)

2. Why not shut down the Internet the instant trouble breaks out? (A: Because it would be immensely unpopular, even among your sympathizers; also, see 1.)

Update: Bruce Schneier adds: "The reason is that the Internet is a valuable tool for social control. Dictators can use the Internet for surveillance and propaganda as well as censorship, and they only resort to extreme censorship when the value of that outweighs the value of doing all three in some sort of totalitarian balance."

How to Shut Down Internets

Leaked: ITU's secret Internet surveillance standard discussion draft

Yesterday morning, I wrote about the closed-door International Telecommunications Union meeting where they were working on standardizing "deep packet inspection" -- a technology crucial to mass Internet surveillance. Other standards bodies have refused to touch DPI because of the risk to Internet users that arises from making it easier to spy on them. But not the ITU.

The ITU standardization effort has been conducted in secret, without public scrutiny. Now, Asher Wolf writes,

I publicly asked (via Twitter) if anyone could give me access to documents relating to the ITU's DPI recommendations, now endorsed by the U.N. The ITU's senior communications officer, Toby Johnson, emailed me a copy of their unpublished policy recommendations.


5 hours later, they emailed, asking me not to publish it, in part or in whole, and that it was for my eyes only.

Please publish it (credit me for sending it to you.)

Also note:

1. The recommendations *NEVER* discuss the impact of DPI.


"I.9.2 DPI engine use case: Simple fixed string matching for BitTorrent"
"II.3.4 Example “Forwarding copy right protected audio content”"
"II.3.6 Example “Detection of a specific transferred file from a particular user”"
"II.4.2 Example “Security check – Block SIP messages (across entire SIP traffic) with specific content types”"
"II.4.5 Example “Identify particular host by evaluating all RTCP SDES packets”"
"II.4.6 Example “Measure Spanish Jabber traffic”"
"II.4.7 Example “Blocking of dedicated games”"
"II.4.11 Example “Identify uploading BitTorrent users”"
"II.4.13 Example “Blocking Peer-to-Peer VoIP telephony
with proprietary end-to-end application control protocols”"
"II.5.1 Example “Detecting a specific Peer-to-Peer VoIP telephony with proprietary end-to-end application control protocols”"

Read the rest

UN's International Telecommunications Union sets out to standardize bulk surveillance of Internet users by oppressive governments

The International Telecommunications Union, a UN agency dominated by veterans of incumbent telcoms who mistrust the Internet, and representatives of repressive governments who want to control it, have quietly begun the standardization process for a kind of invasive network spying called "deep packet inspection" (DPI). Other standards bodies have shied away from standardizing surveillance technology, but the ITU just dived in with both feet, and proposed a standard that includes not only garden-variety spying, but also spying "in case of a local availability of the used encryption key(s)" -- a situation that includes the kind of spying Iran's government is suspected of engaging in, when an Iranian hacker stole signing keys from the Dutch certificate authority DigiNotar, allowing for silent interception of Facebook and Gmail traffic by Iranian dissidents.

The ITU-T DPI standard holds very little in reserve when it comes to privacy invasion. For example, the document optionally requires DPI systems to support inspection of encrypted traffic “in case of a local availability of the used encryption key(s).” It’s not entirely clear under what circumstances ISPs might have access to such keys, but in any event the very notion of decrypting the users’ traffic (quite possibly against their will) is antithetical to most norms, policies, and laws concerning privacy of communications. In discussing IPSec, an end-to-end encryption technology that obscures all traffic content, the document notes that “aspects related to application identification are for further study” – as if some future work may be dedicated to somehow breaking or circumventing IPSec.

Several global standards bodies, including the IETF and W3C, have launched initiatives to incorporate privacy considerations into their work. In fact, the IETF has long had a policy of not considering technical requirements for wiretapping in its work, taking the seemingly opposite approach to the ITU-T DPI document, as Germany pointed out in voicing its opposition to the ITU-T standard earlier this year. The ITU-T standard barely acknowledges that DPI has privacy implications, let alone does it provide a thorough analysis of how the potential privacy threats associated with the technology might be mitigated.

These aspects of the ITU-T Recommendation are troubling in light of calls from Russia and a number of Middle Eastern countries to make ITU-T Recommendations mandatory for Internet technology companies and network operators to build into their products. Mandatory standards are a bad idea even when they are well designed. Forcing the world’s technology companies to adopt standards developed in a body that fails to conduct rigorous privacy analysis could have dire global consequences for online trust and users’ rights.

Adoption of Traffic Sniffing Standard Fans WCIT Flames [CDT]

Act now to stop unaccountable, censor-friendly UN agency from hijacking control of the Internet!

Evan from Fight for the Future, "The open internet is in danger. In just a few weeks, governments from around the world are getting together, and they could decide the future of our internet. Watch the video to find out why a government-dominated agency as old as the telegraph is trying to get its hands on the net we love. Then take action by using the platform to contact your government and tell them to stand up for an open internet."

There’s a meeting between the world’s governments in a just a few weeks, and it could very well decide the future of the internet through a binding international treaty. It’s called the World Conference on International Telecommunications (WCIT), and it’s being organized by a government-controlled UN agency called the International Telecommunication Union (ITU).

If some proposals at WCIT are approved, decisions about the internet would be made by a top-down, old-school government-centric agency behind closed doors. Some proposals allow for access to be cut off more easily, threaten privacy, legitimize monitoring and blocking online traffic. Others seek to impose new fees for accessing content, not to mention slowing down connection speeds. If the delicate balance of the internet is upset, it could have grave consequences for businesses and human rights.

The ITU could put the Internet behind closed doors. (Thanks, Evan!)

FCC commissioner: don't let the Internet fall into the UN's hands

FCC Commissioner Robert M. McDowell has a WSJ op-ed condemning a treaty proposed at the International Telecommunications Union, the UN agency that oversees global phone systems, which would transfer much of Internet governance to the UN.

Commissioner McDowell correctly asserts that transferring governance to the ITU would be bad for Internet freedom. There are few UN specialized agencies that are more ossified and more prone to being gamed by the world's totalitarian regimes than the ITU. One UN acquaintance of mine memorably referred to the ITU as the place "where superannuated telco bureaucrats go to die." And let's not forget the vital role that ITU designates filled in creating surveillance and censorship regimes established by the failing governments of Tunisia and Egypt (and the similar role they're likely playing in other regional nations in the midst of popular uprisings).

But it's pretty rich for someone from the Obama administration US government to go around talking about how the Internet is in danger from political interference from special interests. This is the administration that gave us SOPA and the TPP, that argues that ACTA can be put into law without an act of Congress, and that has made a habit of extrajudicially seizing .com and .net domains on the sloppy say-so of its political donors from the entertainment industry.

I agree with Commissioner McDowell that the Internet needs to be free of political interference. I agree that this won't happen at the ITU.

But that's where we part ways. McDowell describes a present-day Internet where wise American stewards neutrally steer the net's course. I see a world where political hacks and appointees from the lobbyist/regulator revolving-door are ready to destroy the Internet to maximize profits for one or another industry, and where an amok defense industry is ready to destroy whatever is left after Big Content gets through with its dirty work.

The Internet does need stewards, and the Obama administration has spectacularly demonstrated that it is unfit to carry out that stewardship.

Merely saying "no" to any changes to the current structure of Internet governance is likely to be a losing proposition. A more successful strategy would be for proponents of Internet freedom and prosperity within every nation to encourage a dialogue among all interested parties, including governments and the ITU, to broaden the multi-stakeholder umbrella with the goal of reaching consensus to address reasonable concerns. As part of this conversation, we should underscore the tremendous benefits that the Internet has yielded for the developing world through the multi-stakeholder model.

Upending this model with a new regulatory treaty is likely to partition the Internet as some countries would inevitably choose to opt out. A balkanized Internet would be devastating to global free trade and national sovereignty. It would impair Internet growth most severely in the developing world but also globally as technologists are forced to seek bureaucratic permission to innovate and invest. This would also undermine the proliferation of new cross-border technologies, such as cloud computing.

The U.N. Threat to Internet Freedom (via Reddit)