This mailing list is no longer active and has been transitioned to Members of the I-coordination mailing list have been moved to the new mailing list. To learn more, visit

[I-coordination] A different model

Phillip Hallam-Baker hallam at
Tue Dec 10 15:56:52 CET 2013

One of the big problems with the net is working out what metaphors to use.

People who are talking about 'Internet governance' miss the fact that the
Internet is fundamentally ungovernable. What we are really talking about is
the governance of a small number of control points.

The control points that exist are not absolute and the exercise of those
control points is governed by what Roger Hurwitz, Joe Nye et. al. are
trying to get me to call 'norms'.

So one way to quantify the issues is to consider the degree of control a
control point exercises, what the norms are that govern that exercise, who
decides when to switch should a norm be violated and what the cost of
switching is.

When we are considering switching costs these range from set up a new
version of ICANN at the bottom rung to build a completely different
communication infrastructure at the top. While replacing the Internet might
sound absurd, that is exactly what has occurred in Cuba and North Korea
where the authorities have tried to suppress the Internet with the result
that people use USB memory sticks to communicate.

At the moment we have a model in which the switching costs are very low and
nobody is entirely sure what the norms are. What we are sure of is that we
can replace ICANN if those norms are violated.

The US has a privileged but not unique position in deciding if those norms
are violated but not much else. The switching costs are low and so coercing
ICANN to violate a norm is futile.

The change that we wish to make in the Internet is to secure the
infrastructures. And this is necessary in part because various governments
are attacking them for their own purposes. The US is not alone in that
respect. BGP and DNS attacks are becoming a serious threat to civil
critical infrastructures.

Securing the infrastructures will inevitably change the switching costs
which reduces the ability of non-US parties to decide that a norm has been

To date the discussion has been focused on the question of removing the US
privileged position over ICANN, IANA, etc. This is a difficult question
because it is always hard for an organization to give up or share an
exclusive power. There are factions within the US government whose mindset
is resolutely neo-colonialist, tin-pot imperialist., just as there are such
factions in every government. The same factions that forces the US to
continue the obscene gulag in Guantanamo over the wishes of the elected
administration can resist any plan to dilute or give up the US privileged
position. Moreover there are good reasons for the US to resist ceding any
degree of control to parties that are more rather than less likely to
observe traditional norms.

Rather than looking to fight over the existing control points, a better
approach is to look at the new infrastructures required to manage the
security infrastructure that the Internet badly needs.

In corporate terms, ICANN is the CEO of the security infrastructure. It is
necessary to vest executive power in one body because there are many
decisions that only make sense if they are coherent and taken by one body.

But public corporations do not vest absolute power in the CEO.
Responsibility for monitoring the performance of the CEO is vested in a
board of directors who have the power to decide when to fire the CEO and on
what grounds.

I see the potential for governments to play a similar role, not within
ICANN but above and alongside it. Rather than accepting the NSA models of
Internet security that concentrate control of the security infrastructures
at a single point, governments can and should insist that the control of
the apex of the security infrastructures is shared in such a fashion that a
group of governments that decide ICANN has violated the operating norms can
act in concert can reduce the switching costs to enable a change of

The way it would work is this. Each government that decided to participate
would establish a national cryptographic bureau that would manage a root
key that signs the apex roots of the DNSSEC, BGP, etc. and commit to
continue those services for a period of some decades. This would allow
providers of embedded devices, routers, etc. to either chain to their
national provider alone or some quorum of national cryptographic bureaus.

This approach allows the deployment of cryptographic infrastructure without
impact on switching costs.

More importantly for ICANN staff, it protects against the risk that someone
perform a physical terrorist attack against the root. The World Trade
Center was merely an office block that was mostly filled with lawyers but
the name made it a symbol of the global financial system. The name was in
legal terms 'an attractive nuisance'.

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the I-coordination mailing list