November 1999

A Battle For Control Of The Internet

BY BROUGH TURNER

The Internet is on its way to becoming the single network for all communications, so we in CTI need to pay attention to how the Internet evolves. At first glance, the Internet appears to be a completely distributed system, one that can't be controlled by any single organization. Indeed, even as backbone ISPs went through a period of consolidatation between 1997 and 1998, the fears of monopoly control that were widely expressed turned out to be groundless (as predicted in this column in April 1998).

But there is some Internet technology that requires central coordination, and even central allocation of scarce resources — IP addresses, for example. There are just over 4 billion possible addresses. For historical reasons, some large blocks of addresses were allocated to the U.S. government; to specific organizations (Stanford, MIT, and others); and to certain companies (Apple, AT&T, DEC, GE, IBM, Xerox, and others). On the other hand, despite rumors to the contrary, there are still quite a few IP addresses or workarounds available — enough, at least, that the early allocations haven’t slowed the growth of the Internet.

Another unique resource consists of domain names — names like tmcnet.com, nmss.com, whitehouse.gov, or opentelecom.org. These should be less of a problem, as there are vastly more possibilities, but because these names are visible to everyone, and sometimes overlap with trademarks or human vanity, the domain name system has become politicized. As a result, expansion of the name space has been completely stalled for more than four years. Even worse, the body to which the U.S. government plans to hand control of the name space, ICANN (Internet Corporation for Assigned Names and Numbers), has demonstrated a penchant for secrecy, and is currently unaccountable. Moreover, ICANN appears well on their way to gaining control over much more than the name space.

BACKGROUND ON THE DOMAIN NAME SYSTEM
IP addresses are unique numbers, one for each device directly connected to the Internet. With firewalls that incorporate address translation, you can have additional non-unique addresses for devices that are connected through the translation function. But direct connection implies a unique 32-bit address — typically written as four decimal numbers separated by periods. For example, 208.236.204.97 is a valid address.

It’s hard to remember such addresses, and it would be very hard to have to type such things into your browser. Consequently, names have been given to computers almost from the beginning of the Internet. As the early Internet grew, the name directories became unwieldy, so a hierarchical system called the Domain Name System (DNS) was introduced in the mid-1980s. DNS is what gives us names like www.oscar.nmss.com or www.tax.state.ri.us. The great thing about DNS is that it’s distributed — no single organization is responsible for updating it all. And it’s flexible.

The DNS system can be extended in breadth as well as depth. At the top, we currently have seven global “top level domains” (the gTLDs are .com, .edu, .net, .org, .gov, .mil, and .int) and over two hundred country code domains (ccTLDs such as .jp, .uk, and .fr). There is no reason we couldn’t have 5,000 or 10,000 additional TLDs, but we don’t. As a result, .com registrations have pulled ahead of all other TLDs. There are now over ten million secondary domains registered in .com. And, as more companies register in .com, the value of a .com URL continues to increase.

In 1996, we almost got seven new gTLDs (.firm, .store, .web, .arts, .rec, .info and .nom), but politics stalled the process.

THE POLITICAL PROBLEM
When naming a new product, you can spend hundreds or thousands of dollars in legal fees just to determine if a name is available. Global businesses require expensive, and slow, trademark checks in multiple countries with differing fees, laws, and procedures. Meanwhile, the DNS system serves a similar function for the Internet, but it’s developed without any input from the trademark community. With the DNS system, you can check whether a name is available for free, in seconds. And, if it’s available, you can register it yourself in a minute or two for less than $100. This shakes the trademark system to its core. And the interested parties have noticed! Domain name trademark lawsuits began in 1994.

In parallel, major telecommunications interests have realized that the Internet is going to be larger than today’s PSTN. And, finally, governments outside of the United States have recognized that their commercial future depends upon the Internet, which is managed in the United States, under U.S. government contracts.
With foreign governments and global business interests showing interest, the political hot potato was passed to the Department of Commerce. They were given the job of figuring out how to get the U.S. government out of the business of running the Internet. This meant finding a way to terminate the U.S. government contracts with the Internet Assigned Numbers Authority (IANA), a branch of the University of California’s Information Sciences Institute that manages IP addresses and protocol numbers, and with Network Solutions, Inc. (NSI), which operates the DNS root and the .com, .net, and .org registries.

THE EMERGENCE OF ICANN
The Department of Commerce’s National Telecommunications and Information Administration (NTIA) went through a series of documents and public comments in 1997 and 1998 culminating in a “white paper” in June 1998. While the white paper was being widely discussed, NTIA appears to have been working privately with IANA on a proposal, which IANA submitted and NTIA adopted in October 1998. This proposal defined a new body called ICANN (the Internet Corporation for Assigned Names and Numbers) to supervise IANA and the DNS system. IANA had already incorporated ICANN and recruited “temporary” officers. To this day, no one is sure exactly who drafted the IANA/ICANN proposal or where they got their input.

In any event, NTIA and ICANN signed a Memorandum of Understanding in November 1998, and the temporary officers of ICANN were off and running. Since then, ICANN has been evolving proposals for its corporate structure and its proposed span of control. Together with NTIA, ICANN has been negotiating with NSI for control of DNS policy and the DNS root. They’re testing a system of competing domain name registrars for .com — in other words, a scheme where there is one database but multiple registrars that can make entries in that database. As yet there has been no progress on adding additional gTLDs.

On the ICANN Web pages and in other public statements, ICANN presents itself as an institution that reflects the “consensus of the Internet community.” However, a second look suggests this is far from true.

THE CONSPIRACY THEORY
There are many people — not just a lunatic fringe, but established members of the Internet community with substantial technical, business, and legal credentials — who believe that ICANN has been hijacked by vested interests.

The fundamental problem is that ICANN operates in secrecy. Its board meetings are closed, and its public meetings are highly orchestrated. A second problem is that ICANN appears to be extending its span of control. ICANN is assuming powers in a closed process, specifically without the consent of the people ICANN intends to control. This is counter to the way the Internet has worked to date (and to U.S. political tradition).

Congress is involved. In July, the House Commerce Committee held hearings entitled, “Domain Name System Privatization — Is ICANN Out of Control?” There was significant testimony suggesting the answer is yes. But, of course, it was a congressional hearing with significant noise — even Ralph Nader joined in — but little action. It did air out some facts and provide grist for the on-going controversy. (For a sample of some credible complainants, see www.cookreport.com/isoccontrol.shtml, www.cavebear.com/nsf-dns/ntia-comments.html, www.domain-name.org, http://minion.netpolicy.com/dnrc/82799cong.html, and www.internetwk.com/columns/frezz092099.htm.)

The unfortunate thing about the Congressional hearings is that the discussion assumes we need central control, and that we’re just fighting over how to provide it. I, for one, advocate decentralized control or (even better) no control! There are many alternatives to ICANN.

POSSIBLE ALTERNATIVES
It would be relatively easy to turn over the operations of IANA (which handles the less controversial numeric IP addresses) to an organization of network service providers, that is, to those who are affected. Perhaps the easiest way to do this would be assign the funding and control of IANA to the existing registries that already handle regional address assignments — ARIN (American Registry for Internet Numbers), RIPE (R�seaux IP Europ�ans), and APNIC (Asia Pacific Network Information Center). These entities currently take large blocks of IP addresses from IANA and assign them to network service providers and others and handle inter-routing issues between networks in their respective regions.

I’ve seen several similarly simple proposals for DNS. For example, create several thousand new TLDs available on a first-come, first-served basis with some minimum conditions on new registrars for technical capability and financial stability, and create an association of registrars with annual dues adequate to fund operation of both the association and the root servers. This association could then administer competing registries for the one special TLD — .com. This proposal puts control of the DNS resource in the hands of those who are affected. And it keeps DNS separate from IANA on the principle that the more distributed a system, the better.

But does DNS require central control? Karl Auerbach, an attorney and network professional (www.cavebear.com/cave bear/growl/index.htm), says no. He points out that all a root server does is direct inquiries to the DNS servers for the various TLDs. If the government turned off the existing DNS root, a competitive root server system would emerge, and rather quickly. ISPs look to the root server to find out where to go to resolve names on behalf of their customers. With one day’s advance notice, backbone ISPs could reconfigure their existing DNS servers to know about current TLDs. Then, as registrars introduced and marketed new TLDs, their users would exert pressure to have these new TLDs accessible as well.

Whether it’s through ISPs or independent root server operators, in a competitive market, the best root server would be the one that covered the largest number of viable TLDs. With competition, there would be multiple root servers vying for the best directory coverage, and some competing to provide value-added services. And multiple root systems would add to the stability of the Internet as there would be one less place where a single failure could impact everyone.

HOPE FOR THE FUTURE
Prospects for Internet governance are depressing at the moment, but there is hope, even if DNS is taken over by ICANN. The Internet is a set of protocols that allows independent networks and independent people to connect and communicate. There are always ways to bypass or leap around anything that’s a real obstacle to communication. And the Internet is growing at such a pace that it is unlikely that any bureaucracy will be able to regulate it. So, I expect the Internet as a whole will keep following its current growth path, in spite of politics that has stalled expansion of the Domain Name System for four years.

Brough Turner is senior vice president of technology at Natural MicroSystems, a leading provider of hardware and software technologies for developers of high-value telecommunications solutions. For more information, call Natural MicroSystems at 508-620-9300, or visit the company’s Web site at www.nmss.com. E-mail to the author is also welcome.