cyberspace: architecture and modes of governance internet governance, topic 1 professor graham...
TRANSCRIPT
Cyberspace: Architecture and modes of governance
Internet Governance, Topic 1
Professor Graham Greenleaf(additional slides by Roger Clarke, XamaX P/L)
Internet Governance
‘IT law’, Internet and cyberspace
‘IT law’ is broader than when computers are networked, but the most interesting issues arise because of the networking
Why start with the architecture of the Internet? - Because it both limits and enables what law can achieve in regulating cyberspace
Internet Governance
What is the Internet?
‘Internet’ describes the ‘network of networks’ sharing these 4 key technologies: packet switching to communicate data Client-Server technology to share processing and
presenting data between a local computer (‘client’) and a remote computer (‘server’)
a set of protocols or rules for transmitting data called TCP/IP (Transmission Control Protocol/Internet Protocol)
A globally unique address space based on the IP protocol and the domain name system (DNS)
Internet Governance
A global network?
The Internet is global because these 4 key technologies (and standards for them) are global Was not always so (ISO/OSI lost to TCP/IP) Might not be so in future? - examples:
Attempts to establish alternative DNS structuresSome countries might try to impose different
standards
Internet Governance
What is 'cyberspace'?
‘Cyberspace’ describes the social networks that inhabit the Internet Networks of human interactions inhabiting this
technical space - global interactions Physical geography and legal jurisdictions are not
easily reflected in cyberspace ‘Cyberspace’ coined by William Gibson in
Neuromancer (1984) and allegedly first applied to the Internet by John Perry Barlow (1990)
‘Internet’ is technical, ‘cyberspace’ is social
Internet Governance
Visualising cyberspace
Martin Dodge An Atlas of Cyberspaces Example shows Paul Baran’s very first
diagram of the ‘nuclear proof’ packet switching network
“The net interprets censorship as damage and routes around it” (attrib. John Gilmore)
Geographic maps give a feel for the complexities of the Internet today
Internet Governance
Internet architecture and law
Look at 3 of the technical foundations: packet switching TCP/IP
(Transmission Control Protocol/Internet Protocol)
A globally unique address space (IP addresses and domain names)
…and some of their legal implications
Recommend ‘Primer’ by Clarke et al; then Clarke Internet Architecture and Operation (PPTs)
Internet Governance
Packet switching - technical
A stream of data being sent from A to B is first broken up at A's end into small "packets”.
Each packet contains:
Identification of the place to which the packet is being sent;
Identification of where it fits in sequence in the data stream; a fixed size batch of data from the data stream; and codes allowing error checking by the receiving equipment.
Each packet is sent separately across the network to B, possibly via different routes, and may arrive at different times and out of sequence.
B’s end checks for errors in transmission and re-assembles the packets into their correct sequence.
Internet Governance
Packet switching - law
Some legal implications of a ‘connectionless’ network: Interception of communications, if not at the
point of sending or receiving, will intercept many other communications as well
Censorship is more easily routed around Publication may only take place at the point of
receipt
Internet Governance
Internet Protocol Suite
TCP/IP etc is a set of protocols implementing a packet switching network - next diagram (from Clarke et al) shows its layers.
Communications channels are below the link layer; software is above the applications layer
Internet Governance
Layers of Internet Protocol Suite
Layer Function Orientation Examples of protocols
Application
Delivery of data to an application
Messages HTTP, SMTP, FTP
Transport Delivery of data to a node
Messages and Segments
TCP
Network Data addressing + transmission
Segments and
Packets
IP
Link Network access Packets, Bits and Signals
Ethernet, PPP
Copyright,1995-2002
12
Example Protocols in Each Layer
Physical LayerLink LayerNetwork Layer (IP)Transport Layer (TCP)Application LayerCSMA/CD, token ring, ADSL, ... Ethernet, PPP, ...IP, ICMP, DHCP, ...TCP, UDPHTTP, SMTP, POP, FTP, ...Twisted-Pair, Coax, Fibre-Optical Cable, Microwave, ...Transmission Medium
Copyright,1995-2002
13
The Encapsulation of Message-Data
Stevens 1994, p.10
Copyright,1995-2002
14
The Nodes at Work
Internet Governance
Protocols - legal implications
These protocols are largely unavoidable, and therefore determine what regulation is possible.
Examples: IP6 and privacy ‘referrer’ in HTTP and detecting © breaches
Governments can’t change protocolsWho controls them is very important
Internet Governance
Addresses - name space
The Internet uses two structures to allocate unique addresses to every computer Numerical addresses (‘IP addresses’)
eg 138.64.13.1 used primarily for computers (‘routers’ and others) to send
packets to their correct destinations Addresses in words (Domain names)
eg ‘www.austlii.edu.au’ or ‘microsoft.com’ used so that people can conveniently address messages
and find information on the internet For each IP address there is usually a domain name
(and always vice-versa)
Internet Governance
Control of IP addresses
Allocation of IP addresses: A global hierarchical set, allocated by ICANN in
blocks to 3 regional Network Information Centres, then to ISPs and others
There is no close relationship between the IP address and domain name hierarchies
Dynamic IP addresses mean there is no correlation between an IP address and a person/computer
Legal implications For privacy law, might not be ‘personal information’ For investigations, more information is needed
Internet Governance
Control of domain names
Allocation In theory, a global hierarchical structure Crucial control is of Top Level Domains (TLDs) - both
generic (gTLDs) and by country (ccTLDs) ICANN controls .com and .org gTLDs, and creation of
new ones For ccTLDs, the control structure differs by country At every DNS level, someone has the right to allocate
new sub-domains DNS servers located throughout the Internet, keep at
least the addresses of the root servers for each TLD
Internet Governance
Internet Governance
Legal implications of domain names
Uniqueness gives commercial valueHow TLDs are managed is very political - it
controls who can be found on the net Eg China’s attempt to control Chinese character
names Eg attempts to create .sucks and .union TLDs
Threats and attempts to create alternative DNS systems result
Disputes within ICANN
Internet Governance
Control of domain names (2)
Most disputes are about domain name allocation
We assume domain names will function internationally once allocated - that DNS servers will resolve to the ‘correct’ IP
address What type of rule or ‘law’ is this?
Exceptions: China’s corruption of the DNS to make <google.com>
resolve to Chinese search engines
Internet Governance
Summary: Architecture’s implications
To understand how it is possible for law (or anything else) to regulate cyberspace, you have to understand the basics of its architecture
Next class: Prof. Lessig’s theory of internet regulation is based around control of architecture
Internet Governance
The user perspective
Read Clarke et al ‘Primer’ 6. The Process of Using the Internet to understand how the protocols work
Froomkin’s Internet Skills Page will help:Basic Web TricksPrivacy: YoursPrivacy: Other People'sCommerceAdvanced Web Tricks
Internet Governance
The Internet’s changing nature
Internet Mk I - The pre-commercial Internet (to 1996)
• The ideology of ‘digital libertarianism’; ‘information wants to be free’; the net can self-regulate; ‘borderless’ means uncontrollable; techologies are generally liberating
Internet Mk II - The commercial Internet (since 1996)
• Commercial interests and reputations impose conventional laws on the net; increase in surveillance technologies for commercial purposes
Internet Mk III - Freedom vs surveillance (Sept 2001 - )
• Technologies are increasingly reversing the early liberating potential; businesses are more desperate for profit; governments everywhere want more surveillance
There is no such thing as ‘the Internet’ - Lessig calls this ‘is-ism’
Internet Governance
The global impact
Contrasting views: Internet immersion by any country will bring political
and social liberalisationeg Bill Clinton on China
Authoritarian governments are capable of using the Internet as a tool of control
Kalathil and Boas (2001) argue China is succeedingClarke (2001) and Lessig (2001) argue that technological
changes facilitate state and commercial control
This is one of the big questions of the 21st C.
Internet Governance
Who governs cyberspace?
National and local laws, subject toConstitutions - laws States can’t changeTreaties between States (increasingly so)
Self-governance mechanismsInstitutions of Internet self-governance (global/local)Non-institutonal means of self-governance
Controllers of Internet architectureState control (global/local)Private control (global/local)
Individuals as participants in markets as people observing and enforcing norms
Internet Governance
Modes of governance
All of these forms of Internet governance must be considered - as regulatory realities - as regulatory options
Turn first to a more detailed look at ‘Self-regulation’ or ‘Self-governance’
Internet Governance
Institutions of self-governance
Global Internet governing bodies
no single central body controlling Internet Protocols and other standard-setting bodies
Key references:Michael Froomkin ‘[email protected]: Toward a
Critical Theory of Cyberspace’, 116 Harv. L. Rev. 749 (2003)Milton Meuller Ruling the Root MIT Press 2002Roger Clarke Internet Architecture and Operation (PPTs)
Internet Governance
Global Internet governance bodies
No single central body Internet Society (ISOC) is umbrella for IAB, IETF etc -
a complex set of ‘volunteer’ standards organisationsDecision process of ‘orderly anarchy’ (Froomkin, Reagle)
and ‘rough consensus and running code’ World-Wide-Web Consortium (W3C) controls the
HTTP (web) protocol - less volunteer controlled ICANN is a partly appointed, partly elected, US Co.
Origins as a US network still apparent in almost all the international governance structures
Copyright,1995-2002
30
Key Players
Transmit and Receive SignalsCSMA/CD, token ring, ADSL Transmit and Receive Packets
Ethernet, PPPTransmit and Receive Datagrams
IP, ICMP, DHCPReliably Transmit and Receive Segments
TCP, UDPTransmit and Receive Messages
HTTP, SMTP, POP, FTP Physical MediumPhysical LayerLink LayerNetwork Layer (IP)Transport Layer (TCP)Application LayerW3C, IETFIETFIETF, IEEE, ITUIEEE, ITU, ETSIIETFIEEE, IETFIP-Addresses: (ICANN), ARIN/RIPE/APNICDomain-Names: ICANN, RegistrarsParameters: (ICANN), IANA, IETFArchitecture: ISOC, IAB, IETF, (ICANN)
Copyright,1995-2002
31
The Real Powers in Engineering Standards
• Internet Engineering Task Force (IETF), especially re the upper and middle layers
• Institute of Electrical and Electronic Engineers (IEEE), especially re the middle and lower layers
• International Telecommunications Union (ITU), primarily re the lower layers; but also European Telecommunications Standards Institute (ETSI)
• World Wide Web Consortium (W3C), for all aspects of WWW matters (mainly upper layers)
Copyright,1995-2002
32
IETF’s RFC (Request For Comments) Documents
This is a generic term that covers multiple categorieshttp://www.rfc-editor.org/rfcxx00.html, as at 22 Oct 2002:
• technical specifications, including:• formally adopted Standards (STD – 60)• de facto standards (many vital RFCs – 70)• experimental proposals (160)• historical (formally obsoleted) (70)• obsolescent and obsolete (c. 2,500)
• Best Current Practices descriptions (BCP – 66)• Informational Documents (FYI – 38)
An RFC must first be an Internet Draft (I-D – 1,750)
Copyright,1995-2002
33
Standards Development Processes
• Working Groups of IETF, also ITU, IEEE, W3C• 136 IETF WGs alone, as at 22 October 2002• In principle, IETF WGs are open to contributors,
but are engineer-driven and highly esoteric• In practice, IETF WGs are:
• dominated by Driven Individuals employed and travel-funded by large corporations
• not tightly controlled by corporations (because the Driven Individuals act as professionals rather than employees)
• but social interests are rarely represented
Copyright,1995-2002
34
Other institutions of Internet governance
• See further slides in Clarke Internet Architecture and Operation (PPTs) for summaries of:
• IANA governance• ITU governance• IEEE governance• W3C governance• ICANN
Internet Governance
Global Internet governance bodies - opinions
Concerning the IAB / IETF processes: Eg Froomkin (pgs 815-25)considers that IETF is ‘a
model of exactly the sort of small, spontaneous, citizen-organised forum’ that uses discourse to promote public good in a communitarian way
Opinions of other governance organisations (W3C, ICANN) are far more mixed Eg Meuller considers that ICANN constitutes
something like an informal agreement between States, IP owners and WIPO to regulate the resource of Internet addresses
Internet Governance
National Internet governance bodies
Mix of NGO and government bodies - ‘self governance’ may be a misnomer
Usually not so important, as Procols set by international bodies
Domain name ccTLDs are important, and under varying government influence
What if national / local bodies refuse to apply international Internet protocols or conventions?
Example - PRC treatment of Google DNS resolution?
Internet Governance
Non-institutional self-governance
Important aspects of Internet self government arise without institutions
Cooperative informal sanctions - vigilanteism
Alternative dispute resolution (ADR)?
Open source code
‘Technologies for democracy’ (Froomkin Pt V)
Internet Governance
Cooperative informal sanctions
Spontaneous cooperation - vigilanteism- by those controlling some Internet architecture to enforce an informal sanction
Examples Usenet SPAM, mass revenge and the Usenet Death
Penalty (UDP) Email SPAM 'Black Holes’ - MAPS RBL
See Froomkin Pt IV (pgs 825-834) for description and discussion of justifications
Internet Governance
Vigilantees (cont)
Usenet SPAM Proliferated when spammers became their own ISPs Usenet postings can be recalled individually
(CancelMoose) but this became impossibleThe Usenet Death Penalty (UDP)
Initiated by a proposal to a special newsgroup Debated, then UDP adopted by consensus Every newsgroup posting from a UDP’d site is
automatically cancelled; most NNTP software accepts cancellations by default, unless administrator changes this
Internet Governance
Vigilantees (cont)
Eg Email SPAM 'Black Holes’ No centralised method of sending or blocking email cooperation by (some) ISPs to block (refuse to accept
and pass on) any email that comes from any other ISP that is used to send or relay SPAM.
Registers (the 'black hole' lists) are kept of ISPs considered to be in breach.
Users of ‘blackholed’ ISPs cannot send email to or receive mail from any other users whose ISPs are RBL members => pressure their own ISP.
MAPS (Mail Abuse Prevention System LLC) RBL (Realtime Blackhole List) is best known
Internet Governance
Alternative dispute resolution?
Can self-regulation resolve cyberspace disputes? Attempts to create cyberspace ADR do not seem to
have been very successful
Major exception: ICANN’s UDRP (Uniform Dispute Resolution Policy) has resolved thousands of disputes in 2 years why?: because Registrars control the DNS Why?: because registrants must agree to the UDRP
Internet Governance
ADR in cyberspace (cont)
HKIAC Electronic Transaction Arbitration Rules (2002) Applies the HK Domestic Arbitration Rules to set up a
method of online arbitration HK online merchants subscribing to the WebTrust
Standards adopt the HKIAC Rules as the means of dispute resolution required
Award enforceable under New York Convention on Recognition and Enforcement of Arbitral Awards
Internet Governance
Open source code
Open source Software for which the source code is
provided, and others are free to modify Software evolves rapidly through bug fixes,
improvements and distribution Unfair or dangerous aspects of software can
be eliminated by the ‘1000 eyeballs’ See Opensource.org
Internet Governance
Open source - implications
Many key pieces of Internet software are already Open source: Apache, Sendmail, BIND, and (most famous) Linux
Implication for Internet regulation: More difficult for governments or commerce to readily
control Internet architecture Other governments can be more relaxed about
security issues than with US software Eg China has just made Linux compulsory for key
communications installations
Internet Governance
‘Technologies for democracy’
Froomkin Pt V discusses tools for creating more effective discourse communities (in Habermas’ terms)
Weblogs (blogs)
Wiki Webs & other collaborative drafting tools
Slash & other collaborative filtering tools
Tools for open government and community deliberation
Internet Governance
Summary: Self-regulation
Self-regulation is principally effective if it involves organisations that control some aspect of cyberspace architecture.
The rest of the course will examine how more conventional forms of regulation - legislatures and Courts - attempt to create law in cyberspace.