Dead.ly url's and authoritarian social network tracking

The escalating unrest in North Africa and other parts of the world continues to make us wonder about the fundamental levers of control of the entire internet, and its uses for mass interactions and broadcasts.Bit.
Written by Oliver Marks, Contributor

The escalating unrest in North Africa and other parts of the world continues to make us wonder about the fundamental levers of control of the entire internet, and its uses for mass interactions and broadcasts.

Bit.ly, the uniform resource locator (web site url address) shortener widely used by marketers and Twitter users relies on .ly, the Internet country code top-level domain (ccTLD) for Libya and it's still far from clear who ultimately controls the off switch for those domains. More importantly, my Constellation Research Group colleague Alan Silberberg ruffled feathers and forced focus within US government circles last week by pointing out that their use of bit.ly isn't consistent with expected security levels - from his blog on Huffington Post:

...I talked to many federal workers today, and received many emails and direct messages with varying degrees of use/non-use of the .ly extensions. One thing became very clear. In this age of Gov 2.0 and Web 2.0 - we need to be careful to guard against the rush of technology leading to rash decision making.

....The United States Government recently issued its own shortener, based on Bit.ly professional (paid) version with some changes to the T.O.S. and other things. They have a secondary company supporting this. To the credit of the GSA, when I inquired through a tweet about the use of .ly shorteners with regard to Government agencies and the current crisis, I got a real response within minutes showing Gov 2.0 in use. However I seriously question the reliance on a company that is in turn relying on an extension controlled by a brutal dictatorship with no regard to human rights let alone western corporate rights. There are other shortener companies that do not rely on the .ly extensions. Why create a potential back door for mischief?

...there is the more pernicious problem of the potential abuse of any redirect necessitated in any shortener program. These shorteners start executable code on your computer to do the re-direct. You don't always know where you are being sent. Recently the Israeli government demonstrated that DDOS and other malicious code can be inserted into the backend of shorteners, a stern warning any government should be paying attention to.

These are serious domestic US security concerns, the result of reliance on the top level domain of a very unstable sovereign state.  According to Bit.ly they have five root nameservers for the .ly ccTLD: two in Oregon, one in the Netherlands and two in Libya.

The Oregon and Netherlands servers are presumably reliant on obtaining updates from the .LY registry inside Libya. If they can't, at some point they will consider the data they have stale/obsolete and stop providing information on the .LY domain. If the Libyan registry is cut off the internet the availability of .LY domains would be compromised somewhere between 0 and 28 days, with inconsistencies increasing as attempts to 'phone home' to the Libyan TLD servers got no response.

The Internet Corporation for Assigned Names and Numbers (ICANN) is a 13 year old non-profit headquartered in California, United States which was set up to oversee a number of Internet-related tasks previously performed directly on behalf of the U.S. government by other organizations, notably the Internet Assigned Numbers Authority (IANA), which oversaw all global IP address allocation. How powerful this entity is in a fluid situation like the .ly TLD situation is far from clear since we are now entering untested waters. It shocked many people that there was a giant internet 'off switch' in Egypt, although looking at the map that doesn't seem too hard to achieve in that part of the world, as I discussed here in 2008.

The fundamental levers of control for the entire internet are also discussed this week by Nancy Scola in the Atlantic Magazine "When the Internet Nearly Fractured, and How It Could Happen Again".

...With the U.S. government's recent domain name power grabs, ICANN's continued position at the heart of the Internet has become part of an ongoing global debate over whether the U.S. has far too much power over how the Internet works. There's been a considerable push to transfer power away from ICANN and towards an internationally accountable organization, like the International Telecommunications Union. At the World Summit on the Information Society in Tunisia in 2005, a last-minute agreement emerged that affirmed ICANN's central role, but it was and remains a shaky consensus.

The next year after the Tunis agreement, China, for example, began to make noises about setting up its own DNS registries for the .com domain, so that "Internet users don't have to surf the Web via the servers under the management of the ICANN of the United States," as the Communist Party's People's Daily put it. In March of last year, ISPs around the world reportedly began inadvertently using Chinese DNS servers that had been configured to enforce the so-call Great Firewall. Internet users in the United States and Chile suddenly found themselves unable to get to sites like Twitter, YouTube and Facebook.

It is far from clear, as the internet matures into an ever more complex and fundamental part of our infrastructure, who controls what in hostile situations. In August of 2008 Georgia (the country in the Caucasus region of Eurasia between Western Asia and Eastern Europe, not the American state) was in armed conflict with Russia and separatist groups from South Ossetia and Abkhazia.

As I wrote in 2009, in the context of 'Dark Internet Fundamentals'

Many of Georgia’s internet servers fell under external control or were the subject of crippling ‘Distributed Denial of Service’ (DDoS) attacks during this period. You can track the attacks historically through shadowserver.org, and while it appears that Russian ‘patriotic elements’ were collaborating to attack Georgia in ‘cyberspace’, they may well have been an informal proxy of the attackers.

Meanwhile the media today has largely been focusing on the supposed widespread use of US commercial social networks to promote collaboration and interaction between dissidents in many parts of the world. As the opening sequence for the Beatles first film 'A Hard Day's Night' above demonstrates, there appears to have been mass mobilization of Beatlemania enthusiasts well before the internet and mobile phone era. Word of mouth is as old as human civilization but has more often involved flaming torches and pitch fork armed mobs than screaming over successful sightings and touchings of Paul McCartney.

Evgeny Morozov, the Belarusian writer of US Foreign Policy magazine's 'Net Effect' blog and author of  'The Dark Side of Freedom - The Net Delusion' provides a skeptical perspective on the internet's ability to provoke change in regimes, believing it to be an equally or more powerful conduit for enforcing authoritarian and nationalist ideas. (I've nearly finished reading The Net Delusion and highly recommend it, along with Jaron Lanier's 'You are not a gadget',  as alternatives to broad 2.0 and social computing philosophies and perspectives).

Putting aside counter arguments to the power of western social services and mobile texting being a central part of grass roots mobilization in authoritarian countries, it's hard to see how people protesting lack of food and economic prospects on the street are able to afford the latest digital devices so common in many parts of the western world, with their monthly data and voice charges.

Meanwhile in the UK the police are starting to pick up use of social tools as control mechanisms - in the future you will be alerted by the Old Bill on Twitter as you stand in the protesting crowd about when they are about to send the cavalry in or

are about to be “kettled” - confined to a small space, often for hours at a time - which some believe provokes violent clashes rather than preventing them.

according to the UK Telegraph today. (' Police attempt softer approach in bid to control large scale demonstrations - Scotland Yard is in the process of adopting a new “softly softly” approach to policing demonstrations in a bid to keep protesters better informed and retain control of the streets'.)

Back in 2008 Greek rioters were well ahead of the curve with sophisticated usage of Twitter and tags, as I wrote at the time. Now everyone's doing it on both sides of the barricades.

Being whacked on the head with a truncheon as you struggle to keep up with events on your mobile device in a fast moving crowd seems closer to Morozov's rather dismal cautions of an Orwellian future than to Clay Shirky's more Huxley like 'Here Comes Everybody' round up of popular perspectives on ochlocracy ...especially when you think that events are being recorded for posterity on closed circuit cameras and filed away in bit.ly like activity tracking systems...

Editorial standards