Introduction
If you play the online game of World of Warcraft, every title bar your computer displays, including subjects and recipient names of your emails, will be sent to the vendor, Blizzard, to ensure you "do not cheat" in the game. Governments have made secret deals with printer vendors such as Canon, who secretly implemented a 'fingerprint' on pages produced by their color printers in almost invisible yellow dots that encode the printer's serial number, as well as the date and time the page was printed. Anonymity and privacy has never been so far away. Neighbors can easily watch what you do on your wireless network at home. We are leaving our digital footprints everywhere, for better or worse. The Big Brothers (and even more little ones) are here to stay. Everyone needs to take their precautions. They should, and now can, use strong cryptography.
However, this freedom for the good guys also means that organized crime, petty thieves, vandals, frauds, and terrorists can use cryptography. This fact is often cited by governments to justify regulations to limit the use of cryptography for private citizens and to increase surveillance. Unfortunately, the "privacy versus security" argument is a persuasive one, although it is in our opinion a fallacy at best, and a deliberate misrepresentation at worst. The argument is framed with manipulative questions such as, "Would you be willing to sacrifice some privacy to increase your security against terrorism?" However, the truth is that privacy and security are separate issues. One need not be sacrificed for the other.
We will never be able to hide the information needed for terrorists to do harm, but we can show potential terrorists what a true free world has to offer. And a free world is not one where governments and corporations look at and predict all your steps along the way so they can manipulate, intervene, or maximize profits. Privacy is essential to what makes us individuals. It is a Human Right.
Security
Cryptography does not just provide privacy; it also provides security. Using cryptography we can ensure that we are talking to whom or what we intend, whether it is a person or an ATM machine. We can ensure that no one else is eavesdropping on us, and that no one else is pretending to be us. By encrypting data, we prevent information leakage. We protect against manipulation of our data stream. The security works both ways. We can trust them, and they can trust us. Security gives us integrity.
A History of the Internet
The Internet was, in fact, not invented by Al Gore. If one could bestow the invention of the Internet onto a single person, this person would be Jon Postel. However, he is not considered as the inventor of the Internet. By most, he is considered the first Guardian of the Internet.
The key to the Internet's success is that these millions of computers are able to communicate to one another without disrupting the communications of other computers trying to accomplish the same thing. At the core of that success is the Internet Protocol (IP). Another essential part of the Internet is the lack of central control, and the absence of any third-party approval—be it governmental or corporate—before one may communicate.
6
Chapter 1
Holding the Internet Together
The Internet is an international network. It is not owned by any organization. And though some governments would like to believe otherwise, it is not under the control of any national or international governmental body either. No single individual or company dictates how the Internet should be run or evolve, and no single restrictive non-free patented technology is necessary to communicate using the Internet. For this to continue, many parties need to agree on protocols, and on top of that, need to recognize and adhere to these protocols. These protocols usually have many options, which all parties communicating need to agree upon. Compare this to the 'car driving' protocol, where everyone agrees to stop for a red light, and to continue on a green light.
These formal registrations used to be maintained by one man, Jon Postel. The task was later delegated to a more formal group of technology people, the Internet Assigned Number Authority, IANA. In 1998 the US Department of Commerce (DoC) released two policy documents that called for the creation of a new body to govern these core functions of the Internet, which led to the creation of the Internet Committee for Assigned Names and Numbers, ICANN.
The Creation of ICANN
ICANN's creation was not very well received internationally, as it gave the US full control over the root of the Internet. As such, worldwide engineers largely ignored this non-technical political organization. An attempt was made to gain more widespread acceptance by reforming ICANN. Though this process started in 1998, it took years to complete. A famous Green Paper and White Paper with recommendations were written, leading to a Memorandum of Understanding (MoU) between ICANN and the DoC.
The 'ICANN at large' program, which allowed every individual to participate with ICANN and elect three board members, took two years to set up and was launched in 2000.
Two of these newly elected directors—Karl Auerbach, a legal scholar and Internet veteran who had been involved with the Internet before the Internet Protocol existed and Andreas Mueller-Maguhn from the German hacker community Chaos Computer Club—tried to get a true reform going but they were instantly blocked by the directors that had not been elected by the public. They were not even allowed to see the books of the organization they represented, and for which they were formally held responsible for.
The Electronic Freedom Frontier (EFF), a digital rights organization, assisted Auerbach so he could sue the Board of Directors in 2002. After he won the case, ICANN squirmed until finally a judge ordered ICANN to allow all the directors to see the books. However, while ICANN stalled handing out this information, it changed its own rules and more or less fired the At Large elected directors instead. It was pretty much apparent that ICANN was to be kept a US-only affair, and the international Internet community responded in a way that became typical of the Internet. It started to collectively maneuver around ICANN.
7
Introduction
ICANN Bypassed
ICANN was supposed to handle three separate tasks: protocol registrations, IP address allocation, and top-level domain (TLD) management.
Protocol registrations are really done by the IETF and IANA, and ICANN just stamps its approval. It completely lacks the skill or desire to interfere with this process.
The IP address allocation is really done by the Regional Internet Registries (RIRs), which are pro-actively ignoring ICANN completely. This became painfully obvious when the three major RIRs, ARIN (for North America and South America), RIPE (for Europe, Africa, and the Middle East), and APNIC (Asia and the Southern Pacific), set up the Number Resource Organization (NRO). They no longer acknowledged ICANN as the central authority for handing out IP allocations to the RIRs. It was nothing less than a coup d'état.
The Root Name Servers
For technical reasons, there should not be more than thirteen name servers for any given domain, including the root. Otherwise, a DNS query answer would not fit into a single UDP packet, greatly delaying the answer of DNS requests. These name servers, eleven in the US and two in Europe, were historically placed at locations with the best Internet connectivity. They were run by volunteers, often at the big universities. When ICANN formally received control, they only actually got control of one of these root name servers, the so called 'A' root server, although this is the ultimate master root server. The other twelve servers are set up to pull data from the 'A' server. The 'A' server is currently run for ICANN by Verisign.
The reliance of the entire Internet on only thirteen servers has been a major concern for those involved in Internet design. A new protocol was created, called ANYCAST. In essence, it allows an IP address to exist at multiple places at once, and a computer requesting that IP address will be directed to the nearest ANYCAST IP address. The most important non-US root server, 'K', is run by RIPE-NCC, the operational branch of RIPE. Using ANYCAST, it currently resides in multiple places, including the two biggest conglomerations of Internet connections, LINX in London and the AMSIX in Amsterdam. An important side effect of ANYCAST was that the international community is no longer as dependent on the 11 of the 13 root servers that are based in the US and which are still in large part formally under government control. It has greatly reduced ICANN's influence over the root. The 'K' root server is a prime candidate to split off from the 'A' server if for some technical or political reason such a change becomes necessary.
Running the Top-Level Domains
ICANN is left with only the top-level domain management. This task is perhaps the most politically loaded task, and not as technologically neutral as handing out IP addresses or Internet protocol numbers or running the root name servers.
There are two kinds of TLDs, country code TLDs ("cc:tld") and generic TLDs ("gtld"). The cc:tlds are fairly straightforward. There are already international ISO procedures for this. Every country receives a two or three letter representation. The US has 'us', the Netherlands has 'nl', and China has 'ch'. These translate one to one to the top-level domains, .us, .nl, and .ch respectively.
8