The role of internet governance: who decides what

When an operator/internet provider grows beyond a certain size, it becomes capable of influencing the way Big Internet works and effectively becomes part of the network’s governance by Andrea Monti – Initially published in Italian by MIT Technology Review Italy

As I wrote in this article, the very nature of internet technology allows everyone to build their own, which does not necessarily have to interact with other infrastructures: to describe this situation, thirty years ago, high-tech marketing coined the term “intranet”. In such a context, therefore, everyone makes the decisions they prefer without having to answer to anyone.

However, when you want to enter an ecosystem inhabited by multiple entities that are neither linked to each other nor organised hierarchically, it is clear that the technical structure requires shared rules. And it is already at this level that the rhetoric of the free internet falls apart.

In fact, despite the image that describes the network as an anarchic territory, devoid of rules and control centres, Big Internet has always been governed by vertical bodies which, despite being participated in by a large number of subjects — individuals, organisations, companies and executives — ultimately manage the way the entire system works on their own.

The masters of the network

There are three key bodies in the field of internet governance: the IETF (Internet Engineering Task Force), the IANA (Internet Assigned Numbers Authority), and the ICANN (Internet Corporation for Assigned Names and Numbers).

The first develops and maintains technical standards (Request For Comments – RFC) for Internet protocols (IP, TCP, UDP, TLS, QUIC, DNS, etc.).

The second controls key resources for the functioning of the Big Internet, such as IP addresses, Autonomous System Numbers (ASNs), and the DNS root zone. These elements are fundamental to routing management, i.e. the routing choices of individual data packets moving within the network. At the regional level, there are also special registries such as, for Europe, RIPE — Réseaux Internet Européens.

The third coordinates the global domain name system (registration, Top Level Domain) and the policies associated with DNS and IP addresses. ICANN has the power to grant or revoke “delegation”, i.e. the right to manage a TLD. For example, the suffix .it, which identifies domain names geographically associated with Italy, is managed by the Institute of Informatics and Telematics of the CNR in Pisa. But this is only because ICANN allows it; therefore, there is nothing to prevent the delegation of our national domain from being assigned to others.

Parallel to the institutional bodies of internet governance, Big Tech operates both through participation in and support for the various working groups that define technical standards, and by developing its own standards, thus creating pockets of incompatibility with the rest of the Big Internet.

One example is Oblivious DOH (ODOH), a protocol developed by Cloudflare and Apple that anonymises DNS connections so that it is impossible to know who is trying to connect to a certain domain and which domain the user is trying to connect to. ODOH is not recognised by the IETF, but this has not prevented it from being and continuing to be widely used by these two tech giants.

Internet governance between politics and rights

The geopolitical dimension of internet governance has emerged strongly in recent years, showing how technical decisions can become instruments of political pressure and how political decisions can be taken by bodies that are — at least apparently — devoid of any state role.

During the war in Ukraine, for example, the authorities in Kiev asked RIPE to revoke the delegation of the national domain .ru in order to isolate Russia from the Big Internet. The request was denied because it is not RIPE but ICANN that has such power, but regardless of this gross error, the simple fact that a decision with enormous political impact for the whole world could have been referred to a private entity requires us to reflect on the symbolic and substantial power of internet governance bodies.

Similarly, in 2022, some large network operators changed their routing to prevent data from passing through Russian infrastructure. This decision, motivated by geopolitical considerations, demonstrates how routing control is an integral part of the Western technological arsenal and how it has direct consequences on the international balance of power.

Added to this is the fact that large technology platforms have developed their own global transport infrastructures, effectively autonomous networks capable of influencing the overall functioning of the Big Internet. One example above all: the de facto adoption of email server configuration standards set by Google in order to exchange messages with Gmail.

Finally, it should not be forgotten that states retain control over basic physical infrastructure — cables, data centres, terrestrial and submarine backbones — and that this control is one of the most effective tools for exercising public sovereignty. This is so true that even Italy has equipped itself with a “kill switch”, the power that the then Conte government had granted itself and which still exists, thanks to which the Italian Prime Minister can “shut down the network”.

The multipolar conflict

The narrative of a free and self-governed Big Internet, as long as it worked, guaranteed the technical stability that made the expansion of Big Internet possible.

This balance, fragile as it may be, has now been definitively broken, and it is therefore necessary to ask how Big Internet can continue to function in a context of political pressure, industrial concentration and conflicts of sovereignty.

It is this multipolar conflict between institutional powers and private entities that will determine whether it will be possible to maintain a common infrastructure on a global scale or whether, instead, we will move towards a balkanisation of networks, complete with checkpoints to allow only certain types of data to transit to certain types of destinations.

Today, therefore, the choices to be made are not only technological in nature — scalability, security, interoperability — but above all relate to politics and therefore to law.

We will have to decide who will have the right to define the rules, what values will guide governance choices, and what balance will be found between global interests and local sovereignty.

In this sense, therefore, the internet and its governance are no longer just an infrastructure, but a permanent terrain of negotiation between power, rights and control.