Wednesday, June 8, 2016

Protecting the Internet? Or, Protecting Interests.

Protecting Interests From Anyone

Today Senator Ted Cruz announced his new initiative, the Protecting Internet Freedom Act (PIFA), which aims to ensure the United States maintains "control of the Internet" for the purposes of "national security". While I can understand how Senator Cruz believes he is benefiting the United States and attempting to secure its interests, the rhetoric used to socialize the bill, and language in the bill itself, skews fundamental realities about how the Internet works and, more importantly, how national security on the Internet works. The bill, proposed by Cruz and Representative Sean Duffy (Republican, Wisconsin), aims to squash the transition of NTIA oversight of core Internet functions to the global multistakeholder community. 

Cruz's Claims

Senator Cruz has made the claim that the release of the National Telecommunications and Information Administration (NTIA) functions contract with the Internet Assigned Numbers Authority (IANA) is a direct threat to personal liberty, economic growth, and national security. This is a clear cut prediction from Cruz himself, as stated in a quote from the press release:

“This issue threatens not only our personal liberties, but also our national security. We must act affirmatively to protect the Internet and the amazing engine for economic growth and opportunity the Internet has become, and I urge my colleagues to support this legislation.”
While deftly skipping over the blatant and eye-roll-inducing misuse of The Washington Post, let's focus on some claims made by the Background released today. These claims state that the transition from NTIA shall:

Increase The Influence of Over 160 Foreign Governments

Terrifying, isn't it? Just the thought that the Internet is used by other countries must be chilling to some people. Yet, it's not. Not at all. While the Internet did grow from a Defense Advanced Research Projects Agency (DARPA) project in the 1970's, it has far exceeded any of the early expectations of the DARPA or academic architects. It is, and has been for decades, a system of communication for civilians, corporations, academic institutions, and more. It has also been a critical piece of infrastructure for almost every nation on Earth. And, guess what? These nations maintain their own core routing infrastructure, Domain Name System (DNS) namespaces, and networks. 

Worldwide organizations that rigidly monitor and administrate the global Internet have been in place for several decades. Chunks of the Internet are administered by these organizations, who dole out smaller chunks to nations and corporations worldwide. It's kind of akin to how modern cities and townships are physically managed. Each city manages its own land, zoning it for commercial, government, or civilian use, then distributes the land accordingly. The Internet is really no different. 

The International Telecommunication Union (ITU) estimated that in 2015 there would be approximately 3.2 billion Internet users. Interestingly, a majority of these users connect to the Internet from "undeveloped" countries, citing "for every Internet user in the developed world, there are two in the developing world". This is a fascinating number, and speaks to the demand placed on entities that must globally administer core Internet services. 

When put into perspective, it doesn't make sense for one entity to manage core global Internet services, does it? Instead, it makes more sense for a well defined consortium of countries to establish rules and requirements for these core services, then implement the services in an unbiased manner. This is exactly what has been planned for decades by not only the NTIA, but the US Government, itself. More on this shortly. 

Diminish the Role of the United States Government

Let's briefly point out that this has been the intent of the NTIA and the US Government since prior to 1997. In fact, in 1997, President Clinton directed the Secretary of Commerce to privatize DNS "in a manner that increases competition and facilitates international participation in its management." This directive was a part of Clinton's Framework for Global Electronic Commerce, which intended to increase global accessibility to resources that would strengthen the world economy. 

The transition of NTIA oversight is one of the final steps of the privatization process as outlined by the Framework for Global Electronic Commerce. This is not a bad thing. Rather, this is a key aspect of ensuring the global Internet is unified toward the goal of establishing fair and open access to information and resources. 

In fact, the United Nations (UN) agrees. In 2011, the UN declared access to the Internet a basic human right, while publicly denouncing the United Kingdom and France for acts violating this mantra (specifically related to copyright infringement). A fundamental requirement to distributing Internet access across the globe is ensuring that no one nation can control the core structure or services of the Internet. This capability would imply a natural (if unintended) bias against information, the flow of information, or speech. By using a global consortium of nations, similar to the United Nations, the Internet can be made more open to cultures not necessarily represented by the United States, and yet make up a larger chunk of Internet users

Insert into ICANN’s bylaws ... a gateway to content regulation

This claim is nothing but conjecture. The actual language in the Background document is the following:
Insert into ICANN’s bylaws an undefined commitment to respect “internationally recognized human rights” which will not only expand ICANN’s historical core mission but could create a gateway to content regulation
This claim asserts that somehow ICANN's commitment to "internationally recognized human rights" equates to extinguishing freedom of speech. This bizarre assertion completely ignores the entire purpose of ICANN, and breezes swiftly by ICANN's internal policies, which emphasize inclusion, ethical behavior, equality, and denouncing actions that would cause conflicts of interest for not only advisory board members, but the organization's global interests.

So, for us to believe that ICANN would eschew their publicly announced responsibilities and undertake some subversive or covert stance against human rights, we would have to believe that the board members of ICANN are either sociopaths, or some sinister criminal conspiracy. That seems a little batty, but maybe it's just me.

I mean, just look at the current ICANN chair, Dr. Steve Crocker. I don't think I've ever seen a more shady character in Internet history. This guy is not only the chair of ICANN, but he co-founded a startup focusing on information sharing and increasing the availability of security tools for the Internet. If that isn't terrifying enough for you, he has a history managing projects at DARPA, USC, and the Aerospace Corporation. I mean, I can forgive him for graduating from UCLA, but only because he was part of the team that laid the foundation for today's Internet.

What a chilling group of corporate vampires. Clearly.

ICANN Doesn't Listen to Senators

Ok, the actual text is composed of the following quote:
Embolden ICANN’s leadership which has a poor track record of acting in an unaccountable manner and a proven unwillingness to respond to specific questions posed by members of the United States Senate.
Apparently, the transition of NTIA oversight to ICANN will embolden ICANN. That is, again, terrifying considering that another board member, Erika Mann, (a woman!) is so emboldened that she was a German member of the European Parliament with a focus on telecommunications and Internet policy.

Instead of focusing on the horrors of the ICANN board, let's take a look at some of the amazing things the Senators may be talking about with regard to ICANN.

In a senate oversight hearing on the FCC, Senator Cruz asked:
“If the FCC believes regulation of IP numbers used to connect end points on the public switched telephone network is unnecessary, why hasn’t it forborne from the regulation of telephone numbers?”
 The problem with this question? The Public Switched Telephone Network (PSTN) is fundamentally different and also completely separate from the Internet. Though the two resources share similarities in their fundamental design, they have absolutely no direct correlation as one is not dependent on the other to function. While core Internet capabilities in PSTN architecture do incorporate Internet resources for routing, endpoint termination, etc., they do not require the Internet to function. These resources are fundamentally different and require different entities for oversight and administration.

This is the entire reason why IANA exists as a subset of ICANN, and why the FCC has rightfully left these entities alone. While the FCC should (and does) enforce policy onto both entities, it does not govern the numbering assignments themselves for good reason.

More importantly, Cruz and his researchers demonstrate a lack of understanding about how the Internet and PSTN work by stating "...regulation of IP numbers used to connect end points on the public switched telephone network". IP (addresses, for one) connecting endpoints on the PSTN has nothing to do with core Internet oversight. This is simply a design of any telephony system (such as Digital Subscriber Line, or DSL) that connects a PSTN endpoint to the Internet.

If I set up a home phone number at my house using PSTN, I do not need an IP address for that phone number. I never did. That's not how the PSTN works. If, however, I subscribe to DSL, an Internet address will be assigned to me through the use of the PSTN. These are two fundamentally different concepts.

So, maybe part of the problem is that ICANN is providing a lack of adequate responses to the good Senators because they are asking questions that fundamentally have no answer.

I CANN Has Problems

While I am typing quite a bit in support of ICANN and the transition of control from NTIA to global oversight organizations, it is important at least to note, for objectivity, that ICANN has indeed ran into some hiccups. Albeit, some of these are wildly conspiratorial, such as the "secretive new relationship with China". 

Yes, any organization that has control over a critical resource or infrastructure will have oversight issues, conflicts of interest, and even allegations of misconduct. Our US Senate is, sadly, no different, nor any less exposed to these fundamental human flaws. However, with the NTIA delegation of power to a more globally conscious authority, ICANN's influence will become less relevant as the global community gains more ability to control the direction of the critical decisions that guide our Internet. At least, that's the idea. 

You Think DNS Does What, Exactly

Regardless of how you see ICANN, IANA, the FCC, or even the NTIA, there is one consistent flaw with Senator Cruz's logic. And, again, it has to do with his team's flawed understanding of how the Internet works. 

Cruz claims that the United States will be in for a critical loss of national security as a result of a loss of stringent control over Top Level Domains such as gov and mil. This is false. Domain names don't lead to security flaws. If this were true, I would be able to legitimately impersonate any Internet service, such as Facebook, Google, Gmail, Yahoo, etc. This is because names are translated to addresses. The Internet's core functionality routes connection requests to addresses. Then, the name emitted by that address is cryptographically verified by a certificate chain, using Transport Layer Security (TLS), or a similar protocol. 

It is true, however, that those that do not employ security technology such as TLS, SSH2, IPSec, VPNs, etc., are vulnerable to spoofing, Man In The Middle (MITM) attacks, and other security risks. However, the American Government should be hip to all these security flaws. After all, they have had thirty years to iterate on them, and should be able to guard against these risks as they are actively exploiting them elsewhere

In other words, a loss of control over the names themselves means nothing. This is exactly why TLS, DNS Security (DNSSEC), SSH2, VPNs, etc., were invented. If the US Government claims that a loss of control over TLD equates to critical national security risks, our government is in far more danger than can be imposed by the Obama administration, NTIA, ICANN, or IANA. It would, essentially, already be a sitting duck.

Summary

Senator Cruz and Rep. Duffy's claims are irresponsible and groundless. They seem to make assertions that ICANN is, essentially, corrupt, and completely ignore the fundamental design of Internet security technology that does and should protect national security interests no matter who has oversight of American TLDs. While I'm sure there are rational arguments behind how this proposal came about, the Protecting Internet Freedom Act reads like a misguided and flawed attempt to regain Cruz's lost credibility and value after a struggling presidential campaign. 

It also seems to serve only the American capitalist goal of controlling Internet resources for profit, while simultaneously claiming that the NTIA oversight handoff will decrease global competitiveness. 

While, the writer will admit, that Senator Cruz does indeed seem to care about our freedom of speech, as he has campaigned extensively over the years for these freedoms. However, it is unclear whether Cruz understands that Internet globalization does suddenly not equate to China's ability to suddenly impose a great wall upon the entire Internet. Just like the United Nations, even countries that America considers an enemy has a right to voice an opinion. That, itself, is freedom of speech.