There is an interesting note on the ITU Strategy and Policy Unit Newslog about Root Servers, Anycast, DNSSEC, WGIG and WSIS about a presentation to ICANN's GAC. (The GAC website appears to be offline or inaccessible today.)
The interesting sentence is this:
Lack of formal relationship with root server operators" is a public policy issue relevant to Internet governance. It is stated that this is "wrong" and "not a way to solve the issues about who edits the [root] zone file."
Let's look at that lack of a formal relationship.
But before we begin, I'd like to raise the following question: Where does the money come from (and where does it go) to provide DNS root services?
Over the years I've put together estimates of what it would take to deliver root services, and I've probably always undershot the actual costs. The raw hardware for a root server site isn't all that much - server computers, firewalls, load balancers, network switches/routers, and power distribution gear don't really cost all that much - a few tens of thousands of dollars in capital and installation costs per site depending on the desired capacity and the availability of reliable power. But there are recurring costs that can be rather higher, particularly the costs for bandwidth, funds for replacement and upgrade, and maintenance. If one wants to throw in physical security beyond that found in a typical high-quality shared facility or use dedicated links to multiple providers, the one-time and recurring costs will rise.
And that's just one site. Today, because of the use of anycast to replicate many of the 13 legacy servers, there are more than 100 root server sites spread around the world. Compared to the cost of an aircraft carrier, the total isn't that much. But we're still talking about a system that in total costs several millions of dollars per year.
So where does the money to operate this system come from?
Much of it is donated. But donated money is fickle. And it often comes with hidden strings. Unfortunately the root server operators have been very secretive about such matters.
We know that some of the root server operators are run by for-profit commercial corporations that are answerable to their stockholders and that may be acquired on the open stock exchanges. And some root operators are operated by the United States military establishment - which is ultimately obligated to protect the United States, any obligation to others is subordinate. There are root servers operated by university and non-profit entities. In the case of the former, there is little to guarantee that the trustees of the university will continue to want to expend money to provide DNS root services as educational costs continue to rise and educational budgets become ever more difficult to balance. As for the latter, they are under the control of trustees of boards that may have insular points of views or subtle biases in favor of certain industrial segments they consider to be "stakeholders".
In this whole system the flows of cash, the fiscal constraints and pressures, the ultimate allegiances, the chains of authority, and the hierarchies of authority are as unclear and vague as the flow of water through a Louisiana bayou.
All in all we can see that the root server operators are like a herd of cats - they may act in concert today but they could scatter to the four winds tomorrow as each responds to the pressures it feels and the attractions it sees.
There is no denying that to date the root server operators have done a job that deserves great praise.
But the internet community is building its future on nothing more than faith that the status quo will endure.
Suppose a root server operator found itself in a tough financial situation. There are ways they could use their position to raise money:
An operator could charge for root services or adopt the more subtle method of charging for preferred root server access and relegate the rest of us to fight over the left-overs.
An operator could mine the incoming query stream for marketing data. The full domain name being resolved is visible in the queries that go to the root servers, and even though the number of queries that reaches those servers represents a fraction of the total number of queries made by users it still forms a stream of raw data that can be mined using statistical techniques to form a rich lode of data about what domains are of interest and to whom.
An operator could sell response rates, much like a search engine sells words, so that queries for sponsored names are given priority over queries for names that are unsponsored.
And operator could skimp on protection, backups, and recovery planning. This is like skipping payments on an insurance policy - it feels like a good idea as long as nothing bad happens.
Or suppose one of the military root server operators received a command from its government, say perhaps, that that government declared itself to be at war with some country or some group of people. That root server operator would find itself in a position to observe enough of "the enemy's" queries to generate intelligence data. And that operator would also be in a position to poison the responses to those queries so that, for example, some portion of "enemy" VOIP or web traffic was vectored through a man-in-the-middle that observes that traffic.
Some may consider these scenarios to be hyperbole and unlikely. But those same people can not deny that what I have said above is possible.
And all of us have observed the unlikely turn into reality. Take for example the Pacific Lumber Company.
The Pacific Lumber Company is in the business of growing and producing redwood lumber. The best of this lumber comes from old-growth trees. The Pacific Lumber Company held a large inventory of such trees and protected that inventory and its market value. The company cut just enough trees to satisfy the demand of the upper tier of the market. As a result the company had a good balance sheet with good long-term prospects and a very good reputation for environmental protection. However the company was acquired via a leveraged buyout - that's a technique that uses the company's own assets to pay much of the purchase price. The Pacific Lumber Company found itself suddenly having to liquidate its assets to pay for the buyout. The company swiftly switched from careful conservation to massive clear cutting. Assets that would have lasted decades or longer and brought top dollar were liquidated as fast as the loggers could cut and sold into a glutted market.
There is no reason to believe that the commercial root server operators are immune to the kind of involuntary reversal of personality such as was suffered by the Pacific Lumber Company.
And there is no reason to believe that the US military won't decide that the US should use all of its weapons, including its root servers, in its wars.
So the question we need to ask is this: How do we institutionalize root server operations so that the community of internet users has the assurance that it will be able to obtain root server services continuously, equitably, and without its activities being observed (or manipulated) for commercial or other purposes?
It seems to me that contracts - clearly enforceable and clearly binding contracts - are the appropriate vehicle. The notion of contract is, with only relatively minor variations, recognized by every nation on the planet.
We know that in the extreme we can never contractually bind sovereign national governments - or their military operations. And that may mean that it is time to thank and excuse the military root server operators and replace them with providers who are willing to enter into enforceable agreements.
What should these agreements require, with whom should they be made, and who should be allowed to demand that the obligations be enforced?
I will address these in reverse order:
We want to make the right to require enforcement to be as broad as possible. Far too frequently people who are affected by a contact obligation find themselves locked out because they lack standing. For this reason any root server contracts should explicitly recognize that the users of the internet are third-party beneficiaries with explicit powers to require that the parties to the contract live up to their obligations. There is, of course, a danger that some people could use this right to become nuisances in order to obtain unwarranted settlements. So some careful thought would be needed when crafting this third-party right.
There needs to be some body with whom the root server operators make these contracts. I have no clear idea who or what this body is, but I do feel that this body will also need to hold the strings over the contents of the root zone file that the root servers will be obligated to publish. This linkage to the root zone file is necessary so that the oversight body can exercise final authority over who is and who is not a root server for its root zone file. My own personal feeling is that ICANN has disqualified itself from consideration for this role.
And finally - what should be the terms in those agreements? My list is found below. Most of the obligations in that list are things that the root servers do already; most of the obligations have no affect on current operations. Rather most of the obligations ensure that the status quo remains the status quo into the future. I've listed these obligations in qualitative terms; in practice these obligations should be restated into quantitative service level agreements.
Servers must be operated to ensure high availability of individual servers, of anycast server clusters, and of network access paths.
Root zone changes should be propagated reasonably quickly as they become available.
User query packets should be answered with dispatch but without prejudice to the operator's ability to protect itself against ill formed queries or queries that are obviously intended to cause harm or overload.
User query packets should be answered accurately and without manipulation that interferes with the user's right to enjoy the end-to-end principle and to be free from the undesired introduction of intermediary proxies or man-in-the-middle systems.
Operators should coordinate with one another to ensure reasonably consistent responses to queries made to different root servers at approximately the same time.
There should be no discrimination either for or against any query source.
Queries should be given equal priority no matter what name the query is seeking to resolve.
There should be no ancillary data mining (e.g. using the queries to generate marketing data) except for purposes of root service capacity planning and protection.
The operator must operate its service to be reasonably robust against threats, both natural and human.
The operator must demonstrate at reasonable intervals that it has adequate backup and recovery plans. Part of this demonstration ought to require that the plans have been realistically tested.
The operator must demonstrate at reasonable intervals that it has adequate financial reserves and human resources so that should an ill event occur the operator has the capacity (and obligation) to recover.
Obligations go two-ways. The oversight body should ensure that there is wide and free dissemination of the root zone file so that people, entities, and local communities can cache the data and, when necessary, create local temporary DNS roots during times of emergency when those local communities are cut-off from the larger part of the internet.
I just saw Shakespeare Santa Cruz's production of Twelfth Night.
It was an excellent production. The acting and direction was first class. Every part was well cast and well played. The costumes were good - although I must say that the Viola's Cesario costume emphasized rather than masked the underlying anatomy. And the set - it has to be seen to be believed.
If you want to see one of Shakespeare's best comedies in one of the best outdoor settings there is - anywhere - I strongly recommend that you come to Santa Cruz and see the festival's shows: Twelfth Night, The Winters Tale, Engaged, and The Antipodes.
Many people fear Shakespeare - high school teachers everywhere have done their best to make it seem distant and foreign. But good actors under good direction - and Shakespeare Santa Cruz has both - make the shows accessible, real, and enjoyable.
And the company does exceptionally well on non Shakespeare works as well. Last year's Who's Afraid of Virginia Woolf was one of those theatre experiences that reminds us that live actors in front of a live audience is engaging and powerful far beyond film and television.
My wife and I are performance sponsors for The Winters Tale.
I'm watching the progress of the Roberts confirmation. Today the White House is refusing to turn over certain papers on the basis that there exists an attorney-client privilege between Roberts and the President.
What I find amusing is this: The US Constitution does not define an attorney-client privilege. Historically such privileges are created by legislatures that enact laws and judges who create common-law precedents. Yet much of what this administration desires from its nominee is that he/she take a restricted view of what can be drawn from the Constitution.
In other words, the President is using a principle that it imputes from the Constitution in order to seat a judge who will (it hopes) find such imputations improper.
The other night I was chatting with my wife about things and I mentioned a TV show that I saw back in the 1980's about a home-brew nuclear device in which the bomb-squad person who cuts the cliché red or green wire makes the wrong choice.
So I went to Google to find the movie. I had a hard time finding it. (I eventually did - it was the 1983 show Special Bulletin.) But along the way I more than once wondered whether my memory was playing games on me.
The meta-thought that came about was this: There is all this noise about whether the internet should have one single domain name system (DNS) namespace (an argument more frequently cast, incorrectly, as whether the internet shall have one catholic DNS root.) Yet, with the rise of a highly dominant search engine, Google, the policies and choices of Google have a much greater power to define what is, and what is not, on the internet than do any policies about the domain name system.
To an increasing degree, if it ain't in Google, it doesn't exist. That's scary.
I have two items on my reading table.
The first is Bernard DeVoto's edition of The Journals of Lewis and Clark. (ISBN: 0395859964)
The second is the Report of the Working Group on Internet Governance.
I highly recommend both.
The expedition of Lewis and Clark occurred 200 years ago during the middle of a major political shift caused by the American and French Revolutions and the Napoleonic wars. It was a time relatively early in the shift away from national sovereignty as deriving from a deity and expressed through a monarch to a time when it was believed that nations exist and obtain legitimacy from the consent of the governed.
The Working Group's report seems to mark the end of that shift.
We are today in an era when the concept of the nation-state is changing in as deep and important ways as it did during the century surrounding the expedition of Lewis and Clark.
The WGIG report is a harbinger of the nature of that change.
The era of Lewis and Clark ushered in the idea that governments obtain their legitimacy from the people and that such governments are entirely accountable to those same people. That was the era of phrases that recognized the humanity that underlies governance and governments - that was the era of stirring phrases such as "When in the Course of human events ..." (US Declaration of Independence) and "We the People of the United States ... establish this Constitution" (US Constitution), and documents such as the French Declaration of the Rights of Man.
The era of the WGIG Report retreats from the idea that people matter.
Nowhere does the WGIG report even begin to establish that the purpose of governance is to advance the aspirations of people both as individuals and as nations. Instead the WGIG report designs this new form of governance, and government, on the concept of privileged groups euphemistically called "stakeholders". (And nowhere does the WGIG report bother to ask who gets the privilege of measuring this "stake" and deciding who or what will be awarded the prized label and right of participation.)
The WGIG report identifies three groups of these "stakeholders": "governments", "private sector", and "civil society". The community of internet users is ignored by the WGIG report and implicitly leaves you and I to be to nothing more than passive observers and voiceless consumers.
In other words, the WGIG report seems to have swallowed without question the proposition that the worth of a person is not found in his or her character or works but instead is only to be indirectly measured through those corporations and associations who claim to represent that person (whether they actually do or not.)
Accountability in the world of the WGIG is not to the people but to the corporations and associations. The corporatist theories of the 1930's are revived in the WGIG report.
One might attempt to argue that the WGIG report's inclusion of "governments" is an implicit path through which the concerns of living people are expressed. However, to the extent that such an argument has validity it also has validity with regard to the concerns of the legal fictions we call corporations and other forms of association. If you and I obtain sufficient representation in this new world through our national governments then why do not business entities; why do they get their own special seat at the table while you and I are denied?
It would be hyperbole to say that the WGIG report is the end of democratic governance; however it is not too much to recognize that the WGIG report contains nary a bone of democratic principle.
I will have more to say in later notes about the other contents of the WGIG report. Much is good. Some is disingenuous and naive. But on a scale of importance, those matters are almost vanishing small compared to the report's reversion to governance by guild.