Feeds

back to article Divorcing ICANN and the US won't break the 'net nor stop the spooks

The Montevideo statement on Internet governance, and Brazil's intervention in the governance debate, has set a cat among the pigeons, by reviving the debate over globalisation of the Internet's core technical administration. Along the way, it's also bringing warnings – like this one from Sascha Meinrath in Slate – that letting …

COMMENTS

This topic is closed for new posts.

Can you see where this is going?

From the US controlling the internet and abusing that position, to control being passed to a global body comprised of governments of every country, who will then collude together to build the biggest ever data collection program known to man. It will dwarf the NSA.

Need somehow to find a way to ensure that any new controlling body, is comprised of standard internet community citizens with no government or significant commercial representation.

4
4
Silver badge

Re: Can you see where this is going?

"... standard internet community citizens ...."

Isn't that like asking road users what the speed limits and lane markings should be? Given that there are problems with criminal use of the internet and that commercial concerns have put massive amounts of their owm money into the internet; then how could government and commercial firms be excluded on any reasonable grounds?

6
1
WTF?

Re: Can you see where this is going?

"global body comprised of governments"? Who ever suggested that; even the ITU can't be described accurately as that. The suggestion always has been a multi-stakeholder body without governments having a deciding role - which to be fair to ICANN and the US Govt, is to a large extent what we have today. It just needs to be moved out of US jurisdiction, into a jurisdiction that properly recognises the status of non-governmental organisations.

I can't imagine, though, why anyone would think for a moment that divorcing ICANN and the US would break the 'net or stop the spooks, so I find the whole story very puzzling.

8
0
Bronze badge

Re: Can you see where this is going?

Seems to me that the BRICS just want control themselves so they can do what we're doing and possibly silence any dissenters at the same time.

I can't imagine why governments like the ANC led Banana Republic of South Africa or CCP led People's Republic of China would want control of ICANN and the DNS roots, not at all. The United States isn't the bastion of freedom bordering on anarchy the world seems to think it is and should be but at least If I wasn't serving in the Armed Forces, I could tell the Government to go fuck itsself without worrying about the secret police kicking down my door and being sent to re-education, or being drug behind a police truck til I'm dead.

Having ITU in control would be the least bad in my estimation, but then again, I don't trust international organizations very much after seeing NATO's ineptitude get a number of my friends killed in Afghanistan, and (yeah Godwin's law, blah blah, this is less about the Nazis and more about international organizations being subject to subjugation to great power politics) seeing who the president of INTERPOL was from 1940 to 1942 when he was killed by Czech Partisans.

1
8
Silver badge

Re: Can you see where this is going?

Thanks for your tireless efforts Frank. Without people like you spouting off with insanely convoluted anti-foreign anything statements I wouldn't have to live up to such high standards when I travel abroad. Statements like yours set a rather high bar that requires me to do a lot of work to prove that not everyone from the US is a complete horses ass. It is a rather sisyphean task, but I will carry on, doing my best to offset the damage my fellow countrymen do overseas.

8
1
Bronze badge

Re: Can you see where this is going?

That might have worked before the eternal September. And it did. But today? Most of the ordinary uses of the internet are the type of people who start each day by opening IE, then binging google so they can google facebook.

4
0
Silver badge

I just don't see how this makes a difference

How exactly is the US benefiting from its kinda-sorta control over ICANN right now? The spying sucks, but that's because many important companies like Google, Cisco, Apple, Facebook, Microsoft and so on are based here. And many internet connections pass through here or through other countries that are our spying partners like UK or New Zealand.

Like I said in another thread, if the hyenas take the kill from the lion, they immediately start fighting over the spoils themselves. You don't really think the countries of the rest of the world will take ICANN away from the US and not see an opportunity to exert more control over the Internet themselves, do you?

I think the bureaucrats at ICANN vastly overrate their importance, as most bureaucrats do.

4
4
Silver badge

Re: I just don't see how this makes a difference

I'm not sure the lion/hyena analogy is relevant, but I agree with your core point. Say ICANN moves to Iceland or wherever, the physical internet pipes will still mostly pass through the US, Google et al will still be based in the US, and the NSA will still be able to tap all the data they want.

The way to get around NSA is:

1) stop using US-based services as much as possible, switch to your local country's search engine, webmail (or use your ISP webmail) etc etc

2) I don't know if it's possible, but could IP be configured from the host side to route preferentially to avoid certain IP address blocks where possible? Or could routers be configured in such a way? Wouldn't be 100% effective anyway even if possible but still maybe redirecting traffic around US when it's not necessary to pass though there

Of course that still leaves GCHQ, KGB, China etc etc to worry about, but, baby steps

4
1
Silver badge

You should stop caring about having your traffic captured because that ship has sailed

Don't forgot about intelligence agencies using specialized ships and subs to tap undersea cables.

I don't think you should worry about where your traffic passes, and should assume if it leaves your country the NSA can snatch it. You need to worry about making that traffic encrypted so well that the NSA can't view it. That's the trick though, since no one knows exactly what non-public capabilities the NSA has in encryption, but the whole DES story indicates they may be a couple decades ahead of everyone else. You may have something encrypted in a way everyone believes is safe, but the NSA knows how to crack - particularly since they have the unique ability to apply techniques that may require collecting petabytes of traffic encrypted with a given scheme before it becomes feasible to break. Hardly worth worrying about for a black hat, even if he's tapping your router, but the NSA?

The real issue is the NSA going from helping IBM strengthen DES back in the 70s to actively sabotaging encryption as they did with recent RSA schemes. They've been particularly interested in sabotaging random number generators in subtle ways so one may assume that many of the NSA's techniques rely on subtle weaknesses in key generation.

Certainly you would prefer to avoid using US based services, if those services are providing the NSA unfettered access to their information in the clear. Its easy to find a local email provider, but a local search provider who doesn't suck? Good luck, unless you're in China. And don't forget about your smartphone, Android may be nominally open source, but Google could certainly slip in a few helpful zero days for those friendly NSA folks without someone watching. They tried to do so with Linux but were rebuffed, but if Linux had been mostly in the control of someone like Google it might have succeeded.

Lastly, if you're using Windows, you might as well not bother with any of this, as the NSA has a library of zero days in an automated system able to peek inside your computer anytime it wants. I'd be willing to bet some of those zero days were deliberately inserted by Microsoft at the NSA's request.

1
1
Bronze badge

Re: I just don't see how this makes a difference

"You don't really think the countries of the rest of the world will take ICANN away from the US and not see an opportunity to exert more control over the Internet themselves, do you?"

Actually, the ITU has done a pretty good job of getting everyone to agree on things like international telephony, despite many of the countries having deep political and ideological differences. I doubt that a US administered body would have achieved the same level of cooperation.

The problem with ICANN and the Internet is that countries like China and Russia see the US control as a potential threat and are considering to implement their own systems in their countries, thereby leading to the balkanisation of the Internet that most would like to avoid.

2
0
Silver badge

Re: I just don't see how this makes a difference

Upvoted because (1) is pretty sensible.

I think you missed, "don't use US commercial software." Anyone with a large financial interest in the a country can be manipulated, especially if they are trying to sell to the government.

Most of us don't have stuff the NSA is really interested in, so we're unlikely to be the target of a concerted government attack. At that point I think we go with common sense security - avoid things which can't be checked (closed source) and stick with things which can be checked, even if you aren't the one checking them. I'd run VPNs and perhaps support some proper peer-to-peer messaging.

The aim isn't really to be absolutely secure and private. It is to encourage everyone to adopt practises which make spying awkward. Do you need that Cisco VPN concentrator supporting one meeelllion tunnels or would a BSD box work nicely? Do you need failover devices for VPNs or are two tunnels just fine?

It always amazes me how much money is spent on over-spec'ed commercial stuff. Hire an enthusiastic geek and ditch all that maintenance.

1
0
Bronze badge

To put it bluntly, whether or not ICANN and IANA operate within the US will have little or no effect on snooping by the NSA, the other Five Eyes participants, Russia, China, Israel, Iran or,indeed, quite a few others. Agitation to remove them from US "control" is pretty meaningless posturing.

Those who are so fired up about the awfulness of what the NSA is doing should know by now that it is replicated by GCHQ, CSEC, DSD, and GCSB; and they might wish to consider, at least, whether they would have more privacy in Russia (Spetssvyaz), China (Third Department of the General Staff), or even Switzerland (NDB). I don't like it, any more than I like taxes or getting old, but doubt that any of them will go away except that eventually I will stop getting old, and like that prospect less. In the meantime I will know that the authorities and quite a number of commercial entities can watch me if they like and I will use available technical and nontechnical means to limit their intrusion as seems worthwhile.

2
1
Gold badge
Unhappy

We thank ARPA for funding the TCP/IP protocols and inital implementation.

But that was a long time ago.

The formal administration of the internet (insofar as it has any formal administration) should be a non governmental body and moved to a country which respects all rights.

I would suggest Switzerland

4
3
WTF?

Re: We thank ARPA for funding the TCP/IP protocols and inital implementation.

"I would suggest Switzerland"

Like Blatter's FIFA eh?

Yes that should be safe alright.

2
1

Suspicion

It's hard to avoid the suspicion the US wants to hang on to ICANN for military or spying purposes, and that some of the arguments appealing to Middle America's UNophobia are just a smoke screen for that. Nor can i see technical standrads balkanising - If upper Bongo adopts IP5, who is going to produce the kit?

On the other hand, can we be sure that the ITU/UN Son of Icann will be properly set up? Tricky ...

2
0
Bronze badge
Boffin

The root zone is a very small and well known file

And ultimately, it's up to anyone configuring a DNS client to decide where to get it from.

It's true that ICANN has some infrastructure making signing of this more secure in connection with DNSSEC, compared to what a competing startup might have. This includes ability to have some but not all directors with smartcards able to get on planes to revoke the root key and cause another to be rolled over and established in the event it gets compromised. Not a trivial crytographic operation to manage all of this, though while hardly anyone uses DNSSEC hopefully it will become important within a few years.

So for stability purposes it would probably make more sense for ICANN to come under ITU managment than for the ITU or some collective formed by TLD DNS server operators to establish an alternative administration for the purpose. Selling off .porn and .coca-cola to the highest bidder really doesn't help the US argue that ICANN isn't broken. Those who believe in the right of all Americans to act as the world government will of course downvote this proposal.

But in realpolitik terms, getting the US to agree to it (if agreement is required instead of the rest of the world deciding to setup and manage an alternative root) will probably have to wait until the US wants something from the UN worth more to them than they value ICANN, and which other major countries could grant them but are not really that bothered about.

4
0
Silver badge

Correction

"Certainly, some countries believe in censorship of the Internet"

Read:

Certainly, most countries believe in censorship of the Internet

6
0
Bronze badge

Re: Correction

Hippies use to say "information wants to be free." But now we see information is a slavish thing, prepared to prostitute itself to the one with the biggest firewall.

Given the (mis-) use of the Internet for espionage and cyber warfare as a result of early disinterest in security, perhaps Balkanization is for the best. To paraphrase an old adage, good firewalls make good neighbors.

0
0
Anonymous Coward

Europe should create its own Internet

Europe has been "second best", trying to take ICANN's role for too many years: it is time to create an Internet according to the European Commission.

0
4
Thumb Down

Re: Europe should create its own Internet

We tried that. Didn't work out too well.

http://www.cordis.europa.eu/projects/rcn/8882_en.html

0
0
Silver badge

Wrong focus here

Rather than deciding who the next dictator should be, we should be agreeing on a system that makes dictatorship impossible. This needs good universal PKI, respect for key lengths and an agreement that the communications *channel* is unhindered. If there is any kind of addressing scheme to get from one box to another, we will find a way. I would like to see addresses too long to be accessed accidentally that resolve to opaque widely distributed systems.

No entity should be capable of observing data being transmitted across the Internet and no entity should be able to shut down any but a tiny fraction of the Internet. As long as a wired or wireless or even sneaker-net channel exists, it should be possible to get to your data at all times.

We do not have technical impediments here. We have political ones. We need to vote with our collective sovereign power to sweep those political considerations aside.

0
0
This topic is closed for new posts.