Does National Security reshape Internet Governance?

The DNS4EU project – a European DNS resolver – discreetly continues to develop. Depending on one’s perspective, it is a tool for the Union’s technological independence or centralised citizens’ control. Either way, it represents a caesura in the global Internet governance chain. The speech by Andrea Monti, Professor of Digital Law in the Master’s degree course in Digital Marketing at the University of Chieti-Pescara Initially published in Italian by Formiche.net

The Ukrainian crisis has brought to the forefront an uncomfortable topic in the public debate on telecommunications: Internet governance. In fact, Kyiv’s requests were to prevent Russia from using IPs (the ‘computer number plates’ of computers connected to the Big Internet) and DNS (the system that ‘converts’ IPs into characters ‘intelligible’ for human beings). If granted, the request would have ousted Moscow from the possibility of using the network outside its borders, thus causing undoubtedly very substantial damage.

The request was denied, and therefore Russian citizens are still free to use the Internet for activities of various kinds, including attacks on the technological infrastructures of many countries, including Italy. Given the hyper-activism on the front of cyberattacks geographically referable to Russia but not explicitly attributable to its government and the possibility of limiting their impact, one might wonder what the political motivation was for the choice to favour the status quo.

The EU and its executives had a direct say on seizures of Russian citizens’ assets or military support to Ukraine. However, the power to intervene on critical elements for access to the Big Internet does not reside in their hands. It belongs to private organisations that are part of what is collectively called Internet Governance. Sure, abstractly, individual governments could have enacted urgent measures to achieve the goal, but against whom?

The IP number management system is controlled by ‘five sisters‘ who negotiate as equals with governments and institutional players. The 13 root name servers are managed by private entities, just as private are the registrars that allow domain names to be assigned according to the rules set by the Internet Corporation for Assigned Names and Numbers.

As long as governments have no direct control (as is the case, for instance, with domain names in France) over Internet governance, technological sovereignty can only be achieved (very) partially.

The announced willingness of the EU Commission to finance DNS resolvers in open competition with the US ones, now materialised in the publication of a tender, is part of this debate.

The proposal has aroused interest and concern in internet governance bodies. This is an understandable reaction, considering, in fact, that the creation of EU resolvers would potentially be the first step towards nationalisation of direct control over the systems that, at a low level, make the Big Internet work.

The issue is extraordinarily complex.

On the one hand, a system of community resolvers would make it possible to respond to the most obvious issues related to the possibility for the EU to exercise direct control over the circulation of content, block access to the network and, in general, adopt immediately effective interdiction measures within the framework of political strategies. On the other hand, even limited financing of companies that should operate in this sector poses problems related to competition, market distortion and the functionality of the European technological infrastructure. Not to mention the paradox created if non-EU companies were allowed to become shareholders of resolution service operators.

Until now, European Data Protection Authorities and the Court of Justice have focused on the impact of the US FISA on the data of European citizens transferred to the US.

No one yet has wanted to open Pandora’s box of the Cloud Act, which allows US authorities to obtain from American companies data and information held by their subsidiaries located outside the United States and, therefore, in Europe too.

Inevitably, therefore, the issue of (re)taking control of the Big Internet’s governance structures also passes through the evaluation of choices to limit the entry of foreign capital into the entities that will have to deal with it.

In 2019, the EU issued a regulation and guidelines to coordinate Foreign Direct Investments, and the same year Italy significantly extended the operation of Golden Power to include technological sectors.

However, the (geo)political issue comes before the regulatory aspects. It concerns the fundamental choice of whether or not to further expand private sector involvement in sectors critical to the state’s survival, reinforcing or curbing the techno-neomedievalist paradigm.

Leave a Reply

Your email address will not be published. Required fields are marked *