Internet Governance Technology

Is The Internet Fragmenting? Join a panel discussion Tuesday, May 10, at 3:30pm US EDT

Is the Internet fragmenting?  Is the global, open Internet moving away from a network of networks that is universally interoperable to a series of networks fragmented along policy, technical or economic lines? As some governments pass laws related to data localization and restriction of cross-border data flows, what will the impact be?  What about the increasing use of DNS and content filtering? What other factors have the potential for causing fragmentation?

Please join us for a panel discussion on Tuesday, May 10 from 3:30 – 5:00 pm US EDT (UTC-4) sponsored by Microsoft and the Greater Washington DC Chapter of the Internet Society (ISOC-DC) and including Internet Society President and CEO Kathy Brown.  This session will bring together policy stakeholders, including government, the technical community, civil society, industry, and other organizations to consider these issues more fully. Panelists will discuss the different types of Internet fragmentation, their associated technical, economic, and political impacts and when fragmentation may be desirable or problematic. Additionally, the panelists will examine how these should be taken into consideration in policy making.

Participate on location:

  • Microsoft Innovation & Policy Center, 901 K Street, NW, 11th Floor, Washington, DC.  Registration is requested.

Participate remotely:

Speakers and panelists include:

  • Ambassador Daniel A. Sepulveda, Deputy Assistant Secretary, Bureau of Economic and Business Affairs, U.S. Department of State
  • Kathryn Brown, President and Chief Executive Officer, Internet Society
  • Dr. Laura DeNardis, Professor and Associate Dean, School of Communication at American University  and Director of Research, Global Commission on Internet Governance
  • Danil Kerimi, Head of Digital Economy, World Economic Forum
  • Paul Mitchell, Senior Director of Technology Policy, Microsoft
  • Jeremy West, Senior Policy Analyst, Directorate for Science, Technology and Innovation, Organisation for Economic Co-operation and Development

More background information and resources related to Internet fragmentation can be found on our page for the event.

Please see also:

Image credit: nchenga nchenga on Flickr  CC BY NC

Building Trust Privacy

Hey! Someone fragmented my Internet, and didn't even tell me.

Data Privacy Day 2016 is almost upon us (Thursday 28th Jan), and I’ll be hosting a panel on ethical data-handling at CPDP2016 to mark the occasion. But more about that later.

Meanwhile, over on the Internet Policy mailing list[1] a discussion is raising some very interesting topics whose relevance will continue to grow in the coming months. The discussion started with Bill Drake posting a link to a paper he co-authored with Vint Cerf and Wolfgang Kleinwachter, on “Internet Fragmentation: an Overview”; the paper was launched recently at the World Economic Forum, and it’s well worth reading:

That, in turn, prompted Richard Hill raise the question of “openness”; what is an “open” Internet, and what does it imply for service providers and users? As Richard noted, Bill’s paper included the following observations:

An Internet in which any endpoint could not address [and exchange data packets with] any other willing endpoint … would be a rather fragmented Internet.

Richard goes on to propose that the endpoints in question must be “willing”, and he gives a couple of examples. If an endpoint accepts traffic that has been processed by a firewall, that may introduce fragmentation of a kind, in that not all the packets sent to that endpoint might complete the journey. But that’s a good kind of fragmentation, Richard argues, because it happens with some degree of knowledge and consent on the part of the recipient, and it provides them with the benefit of blocking malware and attempted intrusions. Similarly, if a user activates some form of ad-blocking, then one could say that their endpoint is receiving only partial traffic. Again, arguably, a form of fragmentation, but a beneficial one from the user’s perspective, and usually an explicit choice on their behalf.

These examples illustrate that users may exercise very different levels of consent and control in different circumstances. For instance, users behind an enterprise firewall may have no option but to accept whatever firewall policies are put in place on their behalf. Similarly, many users rely (whether they know it or not) on third-party fragmentation of traffic in the form of prevention of DDoS attacks, and the automatic filtering-out of large volumes of spam mail.

And this is where things start to get interesting.

The examples I’ve given seem intuitively clear cut, because a number of usually-implicit assumptions are at work. For example, we assume that users would willingly choose the options they in fact get, because the outcomes are probably better than the alternatives. We assume that the third parties are acting genuinely in the interests of the user, and that they aren’t also filtering things which the user would want to receive. We assume that ad-blockers are doing their job as advertised, and that they aren’t simultaneously receiving payments to let certain ads through regardless.

At the other end of the spectrum from these examples of “good” fragmentation, there are of course plenty of examples of “bad” fragmentation: censorship, malicious tampering with the routing or contents of traffic, interference with endpoints, and so on.

And as the usually-implicit assumptions suggest, there are many ways in which the question can be a lot less clear cut. In fact, between the “good” and “bad” ends of the spectrum, there is a whole continuum of cases where it’s harder to tell whether what is done on the user’s behalf is in their best interests; where users themselves might not even be certain what they would choose, or how to express their preference.

Crucially, there are many cases (especially to do with advertising and the collection of personal data) where it is almost impossible to associate a user’s choice with a particular outcome, one way or another.

These “middle cases” are extremely common. They have to do with things like the default “Do Not Track” or cookie settings in your browser; whether apps ask for location data from your mobile device; whether you are expected to register your real name when signing up with a web-site.

In fact, although we might notice them less than we would notice censorship or massive volumes of unfiltered spam, these more subtle factors not only shape the Internet as we see it, they also shape the way the Internet sees us. They raise questions of access to information, of self-determination and of personal identity that should concern us all.

I’ll be exploring many of those questions over the coming months, as part of ISOC’s programme of work on ethical data-handling. We’ll be trying to produce clear problem statements and, more important, practical guidance about why ethical data-handling is relevant and compelling… and how to do it.

As well as this week’s CPDP panel, I’ll soon be setting up a round-table workshop, setting out our ideas at several conferences/events, and posting updates here and on Twitter (@futureidentity). I look forward to hearing your thoughts.


[1] To join the Internet Policy email list, please log into the ISOC Member Portal – – and then choose Interests & Subscriptions from the My Account menu.

Image credit: Masakazu Matsumoto on Flickr.

Building Trust Growing the Internet Human Rights Identity Internet Governance Privacy

Provoking National Boundaries on the Internet? A chilling thought…

The impact of the recently revealed US government data collection practices may go well beyond the privacy ramifications outlined in our statement: expect a chilling effect on global, resilient network architecture. As governments of other countries realize how much of their citizens’ traffic flows through the US, whether or not it is destined for any user or service there, expect to see moves to curtail connections to and through the US.

Let’s consider how it happens. The reality is that it may be cheaper, easier, and faster to send a packet from Vancouver (Canada) to Toronto (Canada) via Seattle (United States) than any all-Canadian route — but that makes the traffic subject to US inspection.

Or, many international connections out of Latin America terminate in Miami, because that provides the most direct link to all other continents. But, that means traffic from Santiago (Chile) to London (UK) may well pass through the US and be subjected to US government inspection/collection.

The first situation can be addressed by building more Internet exchange points (IXPs) to make it economically viable to keep Canadian Internet traffic in Canada. The second is a little harder to address without moving continents closer together, although it is reasonable to expect that some other, non-US location will emerge as a preferred nexus for Latin American inter-continental traffic.

But, before we conclude this is just a messy and expensive question of network operators changing their connections, it’s important to take a step back and think about what this means for a resilient, robust Internet.

The Internet was not designed to recognize national boundaries. It’s not being rude — it just wasn’t relevant. Resiliency[1] [2] is achieved through diversity of infrastructure. Having multiple connections and different routes between key points ensures that traffic can “route around” network problems — nodes that are off the air because of technical, physical, or political interference, for example. We’ve seen instances where countries are impacted by disaster but at least some of that country’s websites remain accessible: if the ccTLD has a mirror outside the impacted network, and if the websites are hosted/mirrored elsewhere, they’re still accessible. This can be incredibly important when a natural disaster occurs and there is a need to be able to get to local resources.

The more there is a push to retrofit the Internet to align with national borders for the sake of maintaining apparent control over all the resources (as opposed to considered network architectural reasons), the more we run the risk of undermining the diversity that gives the Internet the resiliency it has today. The Internet works through collaboration; making decisions on the assumption of territorial boundaries weakens it at every step.

For certain, there are legitimate concerns that policymakers have about security of their networks and privacy of their citizens. In developing policies to address these concerns, it’s important that policymakers bear in mind that resiliency is a key component of security, trust and interoperability. As one of those considerations, the impact on network resiliency should be properly weighed as a negative side effect when proposing the kind of broad scale tracking that the the US is apparently doing.

On the Internet, no nation is an island.