Analysis: What exact control over the Internet is the US giving up and is it bad or not?

The single most important question is this: what does America currently control and therefore, what would we actually be giving up?

One of the problems of being non-partisan, patriotic (but not jingoistic), and strategic is that knee-jerk reactions can't necessarily become talking points. Gut feelings can't become strategy statements. Uninformed personal preferences can't be presented to all of you as if they were considered recommendations.

In other words, smart recommendations need to be backed by doing one's homework.

This, of course, brings us to Friday's announcement that, to quote Vladimir Putin's personal propaganda organ, (Russia Today), "Amid NSA fallout, US to relinquish top internet oversight role."

My first thought, my knee-jerk reaction was a simple W-T-F. Is the US government out of its mind? How could America possibly give up a strategic resource this important? Is this another case of our weak-willed politicians jumping at every imagined shadow and trying to curry favor with everyone on the planet?

Can we keep it safe and can we keep the schmucks out?

I wanted to stand on my oh-so-beloved leather couch and shout, "What the hell is wrong with you people?" Except, well, my wife doesn't let me stand on my couch (I broke one, once), and no one really listens when I shout back at the TV (which is, fundamentally, why I became a blogger and wound up writing this column). By writing rather than shouting, I don't break furniture, I don't scare my family members, and I protect my oh-so-luxuriously smooth vocal chords.

Where's the homework in all this? As it turns out, there are a few questions. The single most important question is this: what does America currently control and therefore, what would we actually be giving up?

That's what the rest of this article is about.

It's all about our roots

Although this seems like a political discussion, at the root the entire issue of Internet control are the DNS root files. Let's do a 30-second, overly general recap of DNS.

The domain name system is the component of the Internet that helps connect domain names to the actual IP addresses of the server or servers operating the domain. It's how, when you type into your browser, your browser is actually able to ask a specific machine to deliver the contents of our home page to you.

I sometimes tell people to think of the DNS as a phone book. When you look up someone's name in the phone book (back when we did such things), you'd see a phone number next to the name. So if you wanted to call Bob Smith, you'd look up his name, get a number, and dial the digits.

There are, of course, differences between the Internet and a phone book. First, of course, who uses phone books anymore? I can't recall the last time I actually saw a printed phone book (and I certainly don't miss them). Second, all the looking up goes on electronically in the "cloud" rather than thumbing through pages of paper.

But there are some things that make it a decent analogy. For example, we all know about area codes here in the US. Washington, DC is in the 202 area code and New York City is 212. If you prefix 555-5555 with 202, you ring a phone in DC. If you prefix it with 212, you're dialin' the Big Apple.

must read

How Amazon's Whole Foods purchase could solve its grocery supply chain puzzle

The $13.7 billion deal marks a turning point in Amazon's strategic efforts when it comes to cracking the $600 billion grocery market.

Likewise, we have the top-level domains like .com, .net, and so forth. If you go to, you might be directed to an entirely different site than The .com, .net, .uk, and so forth are what are known as top-level domains, or TLDs.

So let's say you want to go to The first thing that happens behind the scenes is your computer needs to know who owns and operates the .com TLD. In practice, this is usually one of many mirrored servers because having every single Internet user pounding on one resolver for .com would cause a meltdown.

In any case, your behind-the-scenes browser request finds out from the very tippy-top of the domain tree who "owns" .com, and then asks that server who manages the ZDNet domain. That server (usually operated by a domain registrar) then points your behind-the-scenes browser agent to a variable number of hops that will eventually result in an authoritative address for the server.

If you think about it, then, the folks who "own" .com have a heck of a lot of power, because if they happened to want to, they could -- theoretically -- route all the requests to,,, and to someplace they control. This, in fact, is how hackers sometimes hijack Web sites or generate denial of service attacks. They redirect domain traffic from its actual server cluster to someplace else.

So if .com is queried to point to all the domain name servers that resolve .com domains, you might imagine that there's some Mount Olympus-style resolver in the very upper stratosphere of the domain name system that tells the machines all over the world who operates .com (and many of the other TLDs).

Who runs this thing?

This Mount Olympus root domain resolver has been indirectly operated by the US government since the beginning of the Internet. In effect, the U.S. government has had some say in who tells the world where the .com and the other TLDs live.

This uber-top domain resolver is called the "authoritive root zone file" and is operated by an entity known as the Internet Assigned Numbers Authority (IANA). IANA is really a set of Internet management functions overseen by the NTIA (National Telecommunications and Information Administration), which, itself, is part of the US Commerce Department.

There's more. Keep reading... 

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at

So NTIA oversees IANA. It does this by contracting with outside organizations to perform the various functions of IANA, which are described by NTIA as, "The related root zone management functions are the management of the root zone 'zone signing key' (ZSK), as well as implementation of changes to and distribution of the DNS authoritative root zone file, which is the authoritative registry containing the lists of names and addresses for all top level domains, effectively the Internet’s phone book."

In other words, if you want to go to, you get to do so only because .com knows where google is, and IANA knows where .com is.

The actual functions of IANA are run by ICANN. You might of heard of these folks. For years, there were nice and just operated country domains and such storied TLDs as .com and .net.

In recent years, however, they've gone a little wild and introduced a whole pile of TLDs that most of us ignore, like .info, .museum, .name and even .plumbing (which ICANN hopes to sell to some domain registrar who can go to town registering plumbers).

ICANN (Internet Corporation for Assigned Names and Numbers) is a private non-profit that has the Commerce Department contract for operating IANA. The actual zone file maintenance is operated by VeriSign, under another contract approved by Commerce.

Back in 1998, Bill Clinton helped form this whole structure when he moved the operation and control of the domain name system from DARPA and the University of Southern California. The idea in 1998 was that the Internet would eventually be a world entity and therefore should be managed outside of direct US control.

Back then, the plan was for all top-level DNS functions to be out of US control by 2000. Clearly, that didn't happen.

What Commerce announced on Friday

All of that brings us back to what the Department of Commerce announced on Friday, which is that NTIA is beginning the process of releasing control of IANA to an as-yet-to-be-agreed-upon non-governmental organization that oversees all of the root zone authority.

The idea is that ICANN will convene a series of meetings and conferences to allow interested organizations to come to some level of agreement about the eventual root zone authority oversight.

NTIA stated explicitly that it won't agree to some other government taking over from the US, but that doesn't mean governments can't influence the various nonprofits and organizations that will eventually operate the root zone authority.

So is this bad? Is it bad for America?

Short answer: that depends. From a truly technical point of view, the Internet has generally been operated quite successfully by the coordinated organizations who have been running things all these years.

There are two gotchas. The first is that countries like China and Russia may try to have a disproportionate influence in the operation of the Internet that would have otherwise been kept at bay by US government watchdogs. The second is that some of these governments are considered rogue nations and operate their own Internet-based criminal, terrorist, and hacking activities. They might gain an entirely unwanted foothold in Internet governance.

On the move-out-of-NTIA side of the argument is the fact that the Internet is now humanity's network, not just a service of the US government. Planet Earth operates on the Internet as much now as ancient societies operated on the seas. We all (and I mean the global all, not just the "my fellow Americans" all) rely on the Internet and we all need it to run reliably and securely.

Another fact is that, despite the headlines, the US is not giving up control of the Internet. It's been pretty much out of the US government's control for years. Sure, the US government could -- in a fit of apocalyptic desperation -- pull the plug on the authoritative root zones, but that's beyond unlikely given how much America itself relies on the smooth operation of the Internet.

Besides, if things really go bad, America has some very sweet bombers and some really big bombs. I'm not advocating. I'm just sayin'...

On its surface, then, this change is not necessarily a bad strategic decision on the part of our generally useless leadership. It's just the continuation of a process set in action well over a decade ago, and which has been proceeding with reasonable success over the years.

There is an issue though, and it's the issue that is a subplot among every Internet story these days: can we keep it safe and can we keep the schmucks out?

If the root zone authority is operated by highly-respected professionals, no matter from what country, we should be fine. But if the bad guys, the rogue nations, or the various nasty lobbying interests get their hands on it, we're in for a world of hurt.

If you think about it, that makes it all pretty much same ol' same ol'.

P.S. You'll notice I did not address the NSA fuss as part of this story. Many articles claim the US is doing this as a result of Snowden's theft and release of information. I don't consider the two to be connected at all. The US is clearly letting the NSA keep doing what it's been doing, so if this is an attempt to throw any kind of bone to the rest of the world, it's a pretty mealy one at that.

What do you think? When you comment, please let us know if you're American or not so we can better gauge how this is playing outside of the US.

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All