The Western notion of an Internet that doesn’t adhere to man-made borders or the whims of nations was once thought to be a fundamental human right and is recognized by the UN to be just that. But the shortcomings of the global and open Internet were laid bare in the aftermath of the 2016 US presidential elections. Multiple investigations concluded that Russia harmed the integrity of the election process in numerous ways and sowed “distrust in American democracy overall,” as Abigail Abrams wrote in Time in April 2019. After this troubling episode, questions surrounding the free Internet were, rightfully, raised at its very birthplace. But it was mostly just that: questions. The irony of all this came to shore when Russia announced that it planned to take measures to secure itself against “foreign cyber attacks” by creating a sovereign Internet. But what does this mean?
“Historically speaking,” says Justin Sherman, a Fellow at the Atlantic Council’s Cyber Statecraft Initiative, “the global Internet has been governed mostly by what we call ‘multistakeholderism’—a mix of corporations, civil society groups, and standard-setting bodies, such as ICANN, W3C, ITU, the Internet Research Task Force, the Internet Governance Forum, and to some extent, governments making decisions about everything from where to build servers to how data should be routed online. But some countries don’t like that this governance model involves a smaller role of the state. Instead, they believe the government should have a more prominent role—if not the prominent role—in governing the Internet.”
The Internet is considered global and open because the way that the multistakeholder-designed Internet that Sherman refers to has developed means that national borders and political influences do not play a prominent role. To better understand this, let’s start with the basics.
Let’s trace the steps it takes to load the Welcome to the Jungle (WTTJ) homepage:
- You enter the address of WTTJ into the URL box.
- Your computer doesn’t know what those words mean. It needs the IP address of the computer hosting WTTJ’s content, so it looks it up in a registry called the domain name system (DNS), which works like a telephone book.
- Once the browser finds the IP address to contact, it sends a request for the web page to the server hosting the content.
- Even with the IP address, your request cannot reach the destination computer directly. Similar to how a letter first reaches the local post office and works its way up, before once again working its way down to the recipient’s local post office, the traffic on the Internet follows certain pathways. Put simply, think of your request being first sent to your router at home, then to the local Internet service provider (ISP), then to a network service provider (NSP), and ultimately to an Internet exchange point (IXP). The IXP then forwards the data to the recipient’s NSP and the request works its way down to the server hosting WTTJ. The server then sends the response, which in this case is the homepage of WTTJ, back to the user using a similar path.
Your request will go through multiple points of exchange before reaching the server hosting WTTJ. And the route taken by your computer will be different from the one taken by another computer.
It’s not obvious where the WTTJ server is located physically. In fact, a request from the southern part of India might have traveled across the European continent and the Atlantic Ocean to a server on the western coast of the US and all the way back with a response. This is why some countries are concerned because anything that’s not on their land is hard to control or regulate. So some, such as Russia and Iran, are working toward creating intranets that don’t rely on the global Internet infrastructure.
“This could be motivated by anything from wanting to better protect citizens from cybersecurity risks to wanting to censor and filter online content. Hence, some countries want to build and shape the Internet within their borders so that it’s technologically and legally easier for the state to control,” says Sherman.
Achieving this feat is technologically daunting, although some argue that it is not far-fetched. “Largely, a country can filter or cut off most international connections by controlling points of entry for submarine and terrestrial fiber-optic cables,” says Nicole Starosielski, Associate Professor of Media, Culture, and Communication at New York University and the author of The Undersea Network.
What makes the Internet global and open
When a user tries to access a web page, there are three main instances where the data might have to traverse borders: during the DNS lookup, at the IXP, and when accessing the hosting server.
- DNS lookup —the IP addresses for all the domains in the world are not stored in one place, rather they’re distributed among thousands of servers across the world. But ultimate authority (not ownership) over the root servers, at which any DNS lookup begins, is with the US Department of Commerce. The root server forwards the user to other servers down the hierarchy, until the user finds the IP address for the requested domain. So unless a country has its own DNS servers that contain all the IP addresses, it’s necessary to have cross-border interaction.
- Internet Exchange Points — IXPs provide Internet to NSPs, who in turn provide Internet to ISPs, who ultimately provide the Internet to end users like us. But it isn’t necessary for the IXP to be within a country. For many countries, especially smaller ones, the IXP is outside them. And even if there are some IXPs within those countries, these will, in turn, be connected to IXPs outside them. This is how data travels across the world. These IXPs are connected by thousands of miles of undersea fiber optic cable. To regulate the Internet, governments need to have control over their ISPs and the IXPs they’re connected to.
- Location of the hosting server — if we want to access a website that has its content stored in the US, there is simply no way to access it without reaching that server. That’s the reason we have IXPs in the first place. They help us reach servers in other countries. “A news site [in Russia], for example, may depend on an Amazon Web Services cloud server, Google tracking software, and a Facebook commenting plug-in, all of which are located outside Russia,” explains this article by Wired. If Russia disconnects from the Internet, users there will risk losing access to some of these websites because it’s impossible to ask every company in the world to have its content hosted on a server within Russia.
The sovereign Internet
“Developing a more ‘sovereign Internet’ can mean many things,” says Sherman. “Some governments might focus just on limiting traffic flows through Internet gateways—legally requiring Internet service providers to inspect traffic and block it when the websites match a list of blacklisted IP addresses, for example. Other governments pursue cyber sovereignty in ways that involve more fundamental changes to the web’s physical hardware elements, such as the intranet in Iran, or what Moscow is trying to do with building a custom domain name system.”
Russia’s plan to create RuNet—a “sustainable, secure, and fully functioning sovereign Russian Internet,” as the Kremlin describes it—offered little on details from the get-go. But local news outlets reported that Russia is attempting to develop its own DNS system to eliminate dependence on the global DNS infrastructure. Of course, this comes at a cost. Initial estimates by the Russian financial watchdog put this at an estimated $38m, but new figures suggest that it could be hundreds of millions more. In addition to building its own DNS, the Russian government has mandated that all the 3,000+ ISPs in the country have the technical means to disconnect from the global Internet and route traffic through the government-approved IXPs within the country. Russia also passed a law in 2015 requiring companies who collect personal data of Russian citizens to host content in local servers; companies that didn’t comply were blocked.
The main issue for a country like Russia is that the existing Internet structure is highly sophisticated. “It tends to be much harder to turn off the Internet once you’ve built a resilient Internet infrastructure,” said Andrew Sullivan, President and CEO of the Internet Society in Wired in 2019. Russia’s disconnection will also pose a threat to other countries that rely on the same infrastructure. “These communications would either have to be routed around that country, if possible or would be stopped,” says Starosielski.
A leading example of a country that has extensive control over its Internet is China, which has what is infamously known as the Great Firewall. The Chinese started getting access to the Internet in 1989, and 10 years later, the government initiated the Golden Shield Project. As part of this project, all the ISPs, the very few IXPs connected to the outside world, and all the key DNS servers came under government control. This effectively gave the government tools for URL filtering, DNS poisoning, VPN blocking, IP blocking, and packet filtering.
These tools allow the government to censor content and block all popular Western-made websites and apps such as Facebook, Instagram, WhatsApp, and Google. Locally made alternatives that comply with government censorship rules and takedown requests are instead encouraged. One recent example that shows the extent of this control is when China banned all images of Winnie-the-Pooh on the Internet because they were being used to mock its leader.
Although some argue that other countries might find it hard to emulate the Chinese model because it exercised control over the Internet at its nascency, Starosielski thinks that’s not the case. “Other countries can already do this as there are not many points of entry, relatively speaking, even in the United States,” she says.
The Chinese model raises the most concerning question of the move towards an intranet: Is it more of a means for countries to control information flow and impose censorship or a genuine safeguarding measure against foreign attacks? China’s openly stated goal was to prevent the influx of Western beliefs and ideas. As mentioned, Iran, too, is setting up its own intranet, for the same reasons, blocking much of the Western-made content in the process. North Korea’s Kwangmyong, meanwhile, is the most extreme example of such a highly restricted intranet.
The road ahead
In a study titled The Digital Deciders, Sherman and his co-authors describe three clusters of countries based on their Internet profile: On one end of this spectrum are countries that prefer a sovereign and controlled Internet. This cluster includes countries such as China, Russia, and Iran. On the other end of the spectrum are countries including the US and nations that are part of the EU, who advocate for a global and open Internet. In between these two clusters are countries such as Brazil, Indonesia, Mexico, and India, which are mostly undecided and could swing either way. These digital deciders hold the keys to the future of the global Internet.
Some of them are looking for the sweet spot between the remaining part of the global Internet (and the economic benefits it offers) and having the means to regulate the content. “Vietnam, for example, had a cybersecurity law go into effect last year that requires local storage of certain kinds of data and gives the government broader authorities to conduct surveillance. Nigeria, Kenya, India, and many other countries are also passing or considering data-localization laws. Different manifestations of ‘cyber sovereignty’ are cropping up around the world with greater frequency,” says Sherman.
Some of the digital deciders prefer a sovereign Internet. “Yes, there is a trend of growing nationalization of infrastructure,” admits Starosielski. But these nations are well aware of the technical challenges it poses. “Russia’s sovereign Internet execution has been far from perfect—and there are many technical roadblocks that will be a test for Moscow, going forward,” says Sherman. But if Russia succeeds, it is a big sign that a sovereign intranet is technically feasible, and Russia will have the guide map and tools for it. This could influence how the digital deciders think. “Playing copycat is certainly part of the surge we’re seeing in ‘cyber sovereignty’ pushes around the world. Just as some countries have modeled privacy legislation after the EU’s GDPR, some countries have looked to Beijing as the gold standard in online-content censorship, and others may look to Russia as an indicator of the technical feasibility of a more fundamental alteration to the Internet in their country, such as trying to build a custom DNS,” says Sherman.
Some digital deciders might find themselves going down another route. These countries are part of China’s Belt and Road Initiative (BRI), which could be a key determiner of the Internet’s future. The project aims to build infrastructure in more than 71 countries in Asia, Eastern Europe, and Africa, and as a part of this, China is engaged in about 80 telecommunications projects around the world. “Several countries who have received Internet infrastructure as part of the BRI have been engaging in more practices like online-content censorship,” says Sherman, although he doesn’t think that countries that are part of BRI will naturally have a more closed Internet. “It depends on a number of factors,” he says. “First and foremost, I think it’s important to differentiate between Chinese companies exporting particular kinds of Internet infrastructure or surveillance technology and the Chinese government packaging those same technologies into its Belt and Road effort. It’s also important to challenge the all-too-pervasive assumption that Chinese technology equals authoritarianism. This is a big assumption about broader political and governance objectives being inherently embedded into technologies. It doesn’t exactly account for the fact that many companies incorporated in liberal democracies also sell surveillance tools and Internet infrastructure to dictators, and it also doesn’t exactly account for cases in which countries use Chinese Internet infrastructure and don’t have a more closed Internet.”
The bigger question, and seemingly a difficult one to answer, is how can countries have a global and open Internet and yet have some control over it, both for cybersecurity reasons and to prevent malicious actors from taking advantage of their freedom. This is something the lawmakers in the US, UK, and the EU are grappling with. Sherman thinks this balance is achievable. “Many harms that can occur today because of global digital connectivity, like identity theft, can be mitigated in ways that don’t involve fundamental changes to the openness of the Internet itself—for example, basic cybersecurity practices like storing customers’ information is strongly encrypted formats or using multi-factor authentication on all of your financial-related accounts. I think it’s also important to resist the temptation to look for purely technical solutions to problems related to technology. With the Russian election interference, for instance, there are potentially many tactics that could work to deter or prevent such activity that has nothing to do with altering the Internet’s global and open nature. Economic sanctions aimed at key decision makers are but one example, as is the alleged US Cyber Command operation during the 2018 US midterms to knock a troll farm of the Russian Internet Research Agency offline.”
Only 50 years since its birth, the Internet is undergoing some radical changes. Regardless of how the logistics and timeline play out, a handful of countries will move towards a completely sovereign intranet and many countries will at least engage in some degree of content monitoring and filtering. With issues such as fake news and foreign interference in domestic affairs, the countries that favor the open Internet might also end up passing regulations that could restrict the free Internet. Whether this is necessary and good is a debate in progress. In any case, the one thing that seems to be happening is the disintegration of what was once a global and unrestricted internet.
This article is part of Behind the Code, the media for developers, by developers. Discover more articles and videos by visiting Behind the Code!
Want to contribute? Get published!
Illustration by Catherine Pearson
Más inspiración: Coder stories
We can learn a lot by listening to the tales of those that have already paved a path and by meeting people who are willing to share their thoughts and knowledge about programming and technologies.
Keeping up with Swift's latest evolutions
Daniel Steinberg was our guest for an Ask Me Anything session (AMA) dedicated to the evolutions of the Swift language since Swift 5 was released.
10 may 2021
"We like to think of Opstrace as open-source distribution for observability"
Discover the main insights gained from an AMA session with Sébastien Pahl about Opstrace, an open-source distribution for observability.
16 abr 2021
The One Who Co-created Siri
Co-creator of the voice assistant Siri, Luc Julia discusses how the back end for Siri was built at Apple, and shares his vision of the future of AI.
07 dic 2020
On the Importance of Understanding Memory Handling
One concept that can leave developers really scratching their heads is memory, and how programming languages interact with it.
27 oct 2020
How The URL Was Built
Let's explore the history and role of each of the components that make up the URL!
07 oct 2020
¿Estás buscando tu próxima oportunidad laboral?
Más de 200.000 candidatos han encontrado trabajo en Welcome to the JungleExplorar ofertas