Submission to the Workshop on Internet Governance
26-27 February 2004

Deconstructing Internet Governance

Author: Karl Auerbach, former North American publicly elected Director, ICANN

In my final report to ICANN[1] I suggested this definition of the internet:

    The internet is the open system that carries IP packets from source IP addresses to destination IP addresses.

This proposed definition of the internet focuses on the flow of IP packets between end points designated by IP addresses.  IP addresses, and the mechanisms that guide a packet to its intended destination as it flows across the intricate spider web of the internet are topics that many consider arcane and comprehensible only to a few technologists.  Yet in many regards, the issues of IP addresses and the routing of packets are far more important to the public and to nations than the domain name system.

My proposed definition is narrow.  It regards things such as Voice over IP (VOIP) and the World Wide Web as applications that are layered on top of the internet but which themselves are not necessarily part of the internet.  I know that this distinction will disturb many people.  Let me therefore mention that my definition does not exclude these applications from governance.  Rather, I believe that by clearly articulating the linkages and dependencies between things like the VOIP and the base internet we will be able to design more appropriate governance structures.

Under my proposed definition, the Domain Name System is an application, albeit a critical one, that is layered upon the base internet.  It is my sense that we ought to deal with DNS as a matter distinct and separate from the system of packet routing and delivery that I have defined as the base internet.

The End-To-End Principle and The Risk of Internet Fragmentation

You may have heard of the "end-to-end principle"[2].  This principle is implicit in my proposed definition of the internet.

The end-to-end principle is one of the primary reasons why the internet has been so successful.   Failure to maintain the end to end principle could lead to several negative consequences:  Without a firm commitment to the end-to-end principle, the internet could evolve into separate networks that touch one another only through guarded portals.  Without the end-to-end principle innovation on the net would be more expensive and occur more slowly.  Promising technologies such as Voice over IP could be crippled or stillborn.  Without the end to end principle the internet could easily stagnate.

Is the end to end principle at risk?  The answer is "yes".

We have already begun to observe the first symptoms of fragmentation of the internet.[3].

Very understandable and legitimate concerns about unsolicited bulk e-mail ("spam"), the distribution of unsavory material, the protection of children, and the protection of cultural values have fueled the creation of what amount to protected gates that today control the passage of network traffic.  These portals could harden and not only reduce the value of the worldwide internet but also create opportunities for those in charge of the portals to take advantage of their privileged position either for profit or political gain.  A good example of this is Versign's "SiteFinder",[4] a recent attempt to profit by leveraging Verisign's highly privileged position over the .com and .net top level domains.

The IP address allocation system has driven many people and companies to deploy Network Address Translation (NAT) devices.  These devices break the end to end principle.  NATs have already begun to impede the deployment of Voice over IP products.

The Internet As A Multifaceted System

Let me return to my original purpose - to inquire how our approach to internet governance may be informed through a clear understanding of what the internet is.

Let me submit the following proposition:  There is no single thing called "the internet".  Rather, I submit that the internet has several distinct aspects.  Let me further suggest that these aspects may each be governed separately with a mode of governance most appropriate to its particular circumstances.

What I have suggested above is a departure from the current practice in which governance of multiple aspects of the internet are merged into one body.  It is my strongly held opinion that the division of internet governance into distinct bodies is more than merely prudent, I believe that it is a necessity.

What are the distinct aspects of the internet that ought to be considered as subjects of governance?  Here is my list:

  1. First, a system of IP address allocation that meshes well with the IP packet routing systems.

    This function, to date, has been handled with relatively little controversy by various "Regional IP Registries" (RIRs).  However, I anticipate that questions of fairness of IP address allocation, as well as quality of service demands for network services such as VOIP will begin to inject public-interest concerns into what has been a largely technical area.

  2. Second, a system of inter-carrier/inter-ISP traffic exchange in which end users can obtain usable assurances not merely that packets can actually flow between senders and receivers but also that designated traffic flows will achieve specified levels of service.

    Today the internet is composed of carriers and ISPs who are often jealous and suspicious of one another.  However, it is only by virtue of the adherence to at least a minimal set of shared practices that IP packets can find their way across the internet, through a sequence of carriers and ISPs, from senders to receivers.  The dissemination and processing of information regarding the routing of IP packets is a complex technical matter.  Overlaying that technical difficulty is the resistance of carriers and ISPs to disclose how they connect to one another and under what terms.

    It is not unusual for large portions of the net to be unreachable or invisible at any given moment.  Today most of these events are transitory (on a timescale ranging from minutes to a few hours.)  With the increasing use of potentially permanent filtering, selective reachability may become the norm rather than the exception; the scope of the internet will begin to vary depending on the place from whence one looks.

    New uses of the internet, such as for Voice-over-IP (VOIP) will require adequate end-to-end service levels.  Without adequate service, applications such as VOIP may find it difficult to expand beyond local scope or be treated as anything but a toy.

    The notion that internet packet routing, issues of inter-ISP peering and transit, and end-to-end service levels are matters for governance is a notion that may be strongly resisted by carriers and ISPs.  It is very important to initiate a dialog with that community.

  3. Third, a system to allocate protocol numbers and other similar identifiers.  This has been, and will remain an essentially clerical function performed on behalf of standards bodies.  (I do not believe that this aspect of the internet is in need of governance, however the legacy of ICANN and IANA have placed this aspect into the realm of internet things that are expected to be governed.)

  4. Fourth, the responsible and accountable operation of the upper layers of the DNS hierarchy including oversight, on behalf of the community of internet users, of a suite of Domain Name System (DNS) root servers.

  5. Fifth,  the management of the DNS root zone file.  This function includes the clerical task of preparing the root zone file for distribution to the root servers.  This function also includes the discretionary task of developing and applying policies to determine which new top-level domains will be allowed entry into the root zone.  (This latter function could conceivably be split so that national and "country code" top level domains are handled separately from other top level domains.)

I will return to those aspects of governance in my next submission and suggest how appropriate structures of governance might be designed for each.

Earlier in this note I indicated that I believe that layered upon the internet are several important applications.  These include, but are certainly not limited to, the World Wide Web, Voice over IP, and Instant Messaging.  It is my suggestion that for each of these applications, to the extent that governance is appropriate at all (and I strongly urge that in many cases there is no need for governance), should be handled by its own distinct body of governance.

A Note of Concern

The internet is rapidly becoming a public utility.  People and entities are basing economic plans, products and services, and, increasingly, matters involving health and safety on the internet.  As part of that evolution, I believe that not only do our engineering practices have to evolve[5] but I also believe that we need to consider how to ensure that the net's infrastructure remains stable and dependable into the future without badly compromising the ability of the still nascent net to evolve.


[1] My final report to ICANN is available online at  The referenced material is found towards the end of that document.

[2] Saltzer, Reed, Clark, "End-to-End Arguments in System Design", 1981 available online at

[3] See my note Is the Internet Dying? at

[4] See "IAB Commentary: Architectural Concerns on the use of DNS Wildcards", available online at

[5] See "From Barnstorming to Boeing - Transforming the Internet Into a Lifeline Utility" slides at and speakers notes at

Updated: 17 Feb 2004 08:37:58 PM