Skip navigation

“Internet governance” is one of those catchy phrases that people bandy about with the knowing assurance that everyone knows what is under discussion — or with a view to ensuring that crispness and clarity remain elusive.   The Internet is not random, nor even particularly chaotic:  there have been elements of Internet governance since the inception of the network.

The reality is that governance (as in management) of the Internet has existed and evolved to meet the needs of the Internet as it has developed over the last four and a half decades.  This started with the need to have (open) standards for interoperable networking and agreed norms for acquiring and using parameters in those protocols.  It evolved as availability of some of those parameters (IPv4 addresses) was inadequate for expected needs, especially given the original sizes of grants in allocation.

Even before the “g” in “Governance” started being capitalized,  the Internet community organized itself to have a global, yet regionalized, system for open development of formally implemented policies for management of IP address allocation.  Let me say that more directly.  Problem:  handing out chunks of address space was wasteful and leading to rapid runout of IPv4 addresses.  Solution:  the Internet community built bottom-up, open policy development institutions to manage the equitable allocation of the addresses that remained.  That worked so well that the deployment of the successor protocol with a massive address space (IPv6) was deferred for a decade.

While this approach to identifying and addressing problems for the Internet has worked well for those involved in developing the Internet, it’s not such a comfortable (recognizable, formal, predictable, <fill in the blank as you like>) for those who are on the outside looking in.  And those are the people who are increasingly impacted by the Internet and its use:  governments, law enforcement agencies, other businesses.  These worlds are colliding.

Tussle -- Worlds Collide, Internet Governance

I explored that concept and others when, in June,  I  gave a lecture for the Norwich University Residency Week conference.   I’ve posted my slides for the talk on my Publications  page (See: 20140618-NorwichResidencyWeekInternetGovernance-cc).

The 3 key concepts of the presentation were:

  1. Internet governance sparks fly when worldviews collide — as described above.
  2. The Internet knows no physical boundaries — it wasn’t built with a view to following national or jurisdictional boundaries.  Imposing rules and regulations on it forces an unnatural network topology with unhealthy side effects
  3. Internet governance should not only be about regulating technology and its use — for example, solving issues with abuse of “intellectual property rights” is more about getting agreement on what intellectual property is and how it should be handled than it is anything to do with networking.

As alluded to above, the definition of Internet governance (or Governance) has evolved over time.

  1. Making the Internet work through responsible construction and sharing
    • Original definition
    • Still see sparks of it – collaborative discussion of best paths forward in network architecting and operation
  2. Code for “management of critical Internet resources on a global basis”
    • International struggle to control the domain name system and/or IP addresses
    • Can the US pull the plug on a country’s Internet?
      • No
      • Country code domain name (e.g., .br for Brazil) relies on the DNS root zone file
  3. Physical world governance meeting and incorporating the Internet and its uses
    • As the Internet becomes increasingly part of our lives, it’s hard to separate “governance of the population” from the Internet

The Internet was not designed as a single-purpose, coherent network – it doesn’t even notice national boundaries.  That, in fact, is what gives us much of what we love about it.    So, increasing regulation of the wrong things could break what we love.

  • Forcing networks to line up on national boundaries
  • Regulating the Internet when really it’s some service that you wanted to focus on (e.g., “telephony”)

At the same time, there are key issues that need regulation in order
to foster an orderly future for all.  So, we all need to address the tussles when worlds collide, and figure out how to do it right.

Internet Governance — if you’re into it, you’re all over it.  If you’re not into it, you probably think it’s somebody else’s problem.   But, the issue with that thinking is that governance (note the small “g”) of the Internet was specifically designed to be the business of everyone who uses and builds it.   The further away we get from that mentality, the more the Internet becomes an industry-driven product and not an inter-network.

Such was the message I delivered when, in June, I gave a keynote lecture to introduce the graduating class of MSISA (Master of Science in Information Security & Assurance) at Norwich University to the rudiments of Internet governance.  I’ve posted my slides for the talk on my Publications  page (See: 20140617-NorwichResidencyWeek-MSISA-cc).

The Internet has so infiltrated our daily lives that it is changing how we go about many aspects of our non-digital lives.  Just imagine trying to buy a house, the most physically-rooted, tangible object many of us aspire to owning, without having the resources of the World Wide Web.  It’s not just the realty sites — you probably also want to review the local schools, perhaps check out the social and civic activities in the area, and generally inform yourself with what people who live there have to say.

Many of those resources are available because the Internet allows “innovation without permission“.  Concerned citizens and enthusiastic locals who never would have thought of themselves as “content publishers” can readily set up information resources.  (Seriously — I can check out the food safety inspection report for our local grocery store online).   Of course, the World Wide Web itself is the poster child for the value of allowing innovation (on the Internet) without requiring permission.

The Internet’s management, or governance, has grown up over the decades of its existence.  No longer uniquely the purview of a handful of (primarily US) researchers, the Internet’s developers/deployers/users have set up open institutions to engage successive generations of Internet supporters in the process of thoughtful management of its resources.

Understanding the impact and value of the existing institutions, as well as ensuring the Internet’s users don’t become a simple “audience” to its services, are key challenges of evolving the Internet’s governance in the face of today’s political pressures.

RIP, Privacy?  I certainly hope not.      The definition of privacy includes “the state of being free from intrusion or disturbance in one’s private life or affairs “.      In that light,  the suggestion that “you have zero privacy anyway, get over it” (attributed to Scott McNealy) is kind of scary:  if we’re trying to make the world a better place, we should have fewer intrusions and  disturbances in our private life, rather than expecting that they should be the norm.

What we’ve seen over the last decade is an explosion in the exposure of personal data, due to:

  • data being shared in electronic form (especially, via the Internet)
  • cheap computer storage making it feasible to collect and retain massive quantities of data
  • cheap, fast computing that facilitates processing the masses of data to draw correlations and inferences

While privacy has traditionally  been achieved through confidentiality of data, the factors above have outstripped our rational ability to develop appropriate means to act given how little data exposure it takes in order to lead to an impact on privacy.

In early June, I gave a talk to a George Mason University class, “Privacy and Ethics in an Interconnected World”  in the Applied Information Technology department.   The assigned subject of the talk was “Regulating Internet Privacy”.

In preparing for the talk, I want through 5 “case studies” of data exposure and privacy impacts:

So-called Public Data:  E.g., is it okay that everyone knows how much you paid for your house?

  • At least in some jurisdictions, it is “public data”
  • It does help inform  future buyers in the area

But — it can create tense times with your family, friends and neighbours, which is most certainly an intrusion on your personal life.

And then along comes Zillow and takes individual pieces of public data to paint a picture of your neighbourhood, which paints a whole different picture of you,  your worth, etc.

Personal Data in Corporate Hands:  Your usage at a particular service means you wind up sharing personal data.

  • In part, this is an inevitable consequence of carrying out a business transaction.
  • An argument is that it helps tailor your service to your interests.

But, when a history is maintained,  your usage is tracked,  and data is sold to third parties, the implications may catch you by surprise.  (Should you be denied health care coverage if you don’t walk 10,000 steps a day?).

Identity Data:   Data that identifies you personally undermines any opportunity for  anonymity.

Freedom of speech means different things in different parts of the world, and being able to voice an opinion without fear of repercussion follows with that

Accountability:  On the flip side, some ability to attach actions to individuals who are responsible for them.

  • When someone does something bad on or to the Internet, it should be possible to track them down
  • Of course, “something bad” is in the eye of the beholder

This is, of course, the complement of the desire to be able to provide anonymity.

Pervasive Monitoring: collecting any and all data about Internet connections, irrespective of source or destination or accountable person.

  • Governments demanding access  –to metadata of Internet connections, and sometimes content.
  • From reports, they have no a priori reason to track you, but it’s easier to collect all the data and figure out what they want later

But, inferences from data mining are not always correct, and if you don’t know they are being made, you have no recourse to fix them.

One thing that all of the points above have in common is that the data is being used for purposes beyond which people originally understood or expected it to be.

It’s pretty hard to function in today’s society without sharing some data some of the time — so complete confidentiality is not an effective option.   But being cautious about what you share, when, is necessary in this day and age.  The Internet Society has some useful guidance on that front:

And the other side of the coin is making sure that the data that is shared is treated appropriately.

And we should, indeed, be able to “rest in peace” — peace of mind that our lives are not being undermined by misuse of our data.


On Friday (May 16), I will pack up my office at the Internet Society, pull out of the parking lot and make that horrible left turn onto Wiehle Ave one last time, and head off into the sunset.

I joined the Internet Society’s staff almost 7 years ago, as its first Chief Internet Technology Officer, to build out a platform of technology programmes to help the organization achieve its mission of promoting the open development, evolution, and use of the Internet for the benefit of all people throughout the world.   I think that platform is pretty solidly built, the organization has smoothly transitioned CEOs this year, and it’s time now for me to step back, unwind from too many orbits of the planet, and think about what I want to build next.

My immediate plan is to spend a couple of months writing.  A number of people have said they envy me — well, it’s not like I’m going to take off and spend the summer on an idyllic island somewhere.  Oh — wait — I am!!  But, it’s a great place for writing Willa Cather thought so.

Assuming all goes well, you’ll be hearing more about the writing progress, here, in the coming weeks.   Stay tuned!

SouthWest Head

SouthWest Head, Grand Manan, NB



My first day back at the office after a summer of working remotely featured a traffic jam of the sort that reminds me why I hate commuting:  one car crash, a key highway closed, and no reasonable surface road alternative routes.     There’s just nothing to do but suffer the consequences when that road backs up.

I had an early team meeting and was already scrambling to leave the house with a buffer of half the regular commute time.  It wasn’t going to be enough.   I dropped a note to my team, who’d all be participating from their  locations (in other cities and countries), and warned them.

As I was driving to work, I thought about the fact that any one of my team, who know roughly where I live, and where the office is, could look at the Google Maps traffic status for the route and make a reasonable guess about my progress and likely delay.     That works because Google Maps is a World Wide Web resource, and is uniformly accessible to everyone on the globe.  That’s kind of a key feature of the Internet and its resources.

That kind of uniform access, where services don’t (in fact, generally can’t) pre-judge the boundaries of their service market, has been a hallmark of the Internet information age.  It has been the leveler of playing fields.  It has made obscure parts of the world accessible to all; kept people in touch with their home towns, opened small businesses to global markets.

The thought that chased that one through my brain was:  how different it would be if each of my team had to download a traffic map app for my area in order to be able to check on traffic status.  They wouldn’t do it.  In fact, who’s to say that the traffic map app for my area would even be available in the iTunes store of another country? (Since that model more or less encourages pre-judgement of your target market).

As we rocket into the future of Internet-as-seen-from-your-mobile-device, I think it’s an important issue to ponder.  Are we exiting the age of ubiquitous information and access?  Is that a good thing?


I lit up this website barely a month ago, and according to Google Analytics, it’s hit a top speed of 20 visits in a day!   Heh.  And that was just one day — total pageviews accumulated since it went live is 101.  Well, that’s fine — I’m not really trying to “drive traffic” to it, especially as I’m still tinkering.

The more depressing thing is that it has nevertheless managed to generate 7 comments — 100% of which were spam.   Now, that is depressing.

Tempted though I am to simply turn off the more-than-likely-superfluous comment feature, I’ve settled for installing a captcha mechanism.   We’ll see how that does…

I registered the domain name almost 17 years ago.  I’ve used it very actively for e-mail through most of those years:   borrowing friends’ server resources first in Sweden, then in Maryland, then in Virginia…  It’s a well-traveled domain 😉

Websites have been a little more resource intensive to set up and maintain.  I’m trying out WordPress as a website creation tool (CMS — like I have that much content to manage 😉 ).  The next hurdle will be maintaining it!

Even so — this is still a split domain.  Currently, mail is being handled through a shared server, and I’ve set this website up on a WordPress installation on a virtual machine I’ve rented.   Not even on the same coasts of the continent, let alone on the same network.  This is the sort of fun you can have with a domain!

This is pretty much a quiet beta release.  I plan to update the “publications”and “media” sections of the site to be a repository of those things (because “repository” sounds so much better than “digital detritus on my home computer”).

Stay tuned…