why the itu just can’t hijack the internet

Plenty of wailing and gnashing of teeth has accompanied the mostly closed door ITU sessions in which the fate of the free web is supposedly being decided. The global communications group’s head is worried about stopping cyberwarfare and criminals using spyware to pull off heists. The world’s authoritarians and dictators are asking for less online anonymity and more control over what’s being said on the web. The bureaucrats are asking for more centralized oversight on the international level, believing that U.S.-based ICANN to be the internet’s self-appointed masters, despite the ICANN hosting a global advisory board representing over 100 nations. And none of the parties involved in trying to reshape the internet seem to know what they’re doing, almost as if they believe that the global communication networks is a series of tubes they can re-rout with executive orders served to some nerds with gravity-defying ties and black-rimmed glasses. The truth is that whatever they try to do to tame the internet is almost certainly doomed to fail.

First, as it’s been pointed out several times on this blog, filtering and inspecting data generated by web users is impractical, expensive, and won’t catch what those administering the mechanism are trying to catch. Want to try to deep packet inspect all the traffic coming into an IXP? Best of luck there tiger. You will be looking at oceans of data, much of it containing completely useless information, data about background processes, and encrypted transactions. To find a nebulous target in this torrent of bytes is like standing in front of a tsunami and insisting on extracting just an ounce of water from it, and not just any ounce of water but from droplets that started out as a bit of meltwater flowing into a river across the ocean from you. Other than throttling down much of the web to a screeching halt as you parse petabytes of data per day, you’re going to have to give up on this idea. There’s a reason why dictatorships architect their internet infrastructure to easily cut the cord rather than surgically cut down the troublemakers. They know that trying to root out rebels and activists via deep packet inspection alone simply won’t work.

Secondly, you can demand that people use their real names on the web all you want, but there are tools to get around these requirements. Credentials can be spoofed, stolen, or hijacked by someone who has even a modicum of skill, proxies around the world can obscure your origin on the web, and it takes a very dedicated and expensive effort (like the Great Firewall of China) to even make it challenging to hide who you are online if you really don’t want to be tracked. If I run the Tor browser, disable scripts, cookies, and history, and refresh my identity on a regular basis during a browsing session, whatever sites I’m visiting will think I’m from Poland, or Norway, or the Czech Republic. Likewise, they won’t be able to see where I go since they can’t save cookies on my machine or silently load an app in the background via a hidden iframe since Javascript won’t be enabled. Yes, surfing the web like this is rough, but it does make you a lot harder to identify and find unless you’re already on the authorities’ radar for one thing or another, usually political activism outspoken enough to encourage a malevolent regime’s thugs to pay you a visit.

Finally, ICAAN is indeed powerful, but it’s not the end-all-be-all of internet management. It has a vast international advisory board and it handles top level domains and domain name issues; it’s the concierge for the user- and business-friendly aspect of the web. But without ICAAN, you can still have servers running websites. You might need to enter 74.125.224.72 to get to Google in IPv4 or say, 2001:4a2b:6d4f:8f3f in IPv6 to get there, or set up your own DNS server to do your own DNS resolution rather than rely on a large group of professionals to do it for you, but it can be done. In fact there’s a small number of other DNS root providers who index niche domains or try to circumvent the ICAAN roots for ideological and security reasons, essentially creating what amounts to a competing mini-web. So it’s not as if ICAAN has any real monopoly on how much of the web is wired. Likewise, what would controlling ICAAN do for the world’s paper pushers? Their governments can easily register any top level domain they wish for what amounts to a laughable amount of money for them: $185,000 to start and $25,000 a year to renew.

And all that leaves us with the question of what the ITU is trying to accomplish. If they can’t deep packet inspect the web for safety, force people to use their real names, and force the wasteful and unnecessary experiment of creating a non-U.S. ICANN clone, what’s the point of all the big, dramatic meetings? Well, bureaucrats have meetings. It’s just what they do. Their job is to meet and talk about things, then talk about other times they met to talk about related things. Policy is made either at the blistering pace of a narcoleptic turtle on sodium pentothal or cobbled on the fly when an emergency strikes and new laws have to be enacted quickly to soothe the public or authorize a new course of action. But in the meantime, the bureaucrats meet and talk with little to nothing coming out of the meetings. If anything, this ITU summit looks like paper pushers with a more or less passing idea of what the web is — not the internet mind you, just the web — giving each other their wish lists for what they could do with it. And let’s remember what happens with a lot of wish lists. They get discarded when the wishes actually have to be turned into reality.