Basically based on this article. It’s also mentioned here, in this YouTube video from China Uncensored. From the article for those who don’t want to slog through either reading or video:
Here is an older article from the BBC on this. I’m not sure how many of you have been following this…I didn’t see any threads on it, but there might be some older ones or I just might have missed it. A lot of articles about this, with a lot of the conspiracy types fretting about the UN taking control (the Alex Jones types especially), but to me the Chinese angle seems more fleshed out and realistic…and scary. I haven’t seen any articles about the actual turn over…obviously we are past October 1 at this point. I don’t think it’s going to be an instant thing, but it certainly opens potential doors for abuse down the line, especially if China or some other authoritarian government is able to gain control, or even heavy influence.
Any thoughts on this? Something folks are worried about? Or glad that the US is no longer controlling it and think China will make a refreshing change? Or basically think that China won’t really be able to pull off what they are wanting to do and it’s just a good thing overall? I honestly am not sure what to think on this one. I can say that control of the root DNS is probably a bigger deal than most people think it is, and that even a small influence on what is in there could have major ramifications in redirecting traffic and killing some web sites. It’s hard to believe that companies would go along with China’s requests and demands when it so obviously will cut their own throats down the line, but look at IBM and CISCO.
There are two errors being made by the fear-mongers:
That control of ICANN means control of the internet.
That China will be able to control ICANN because it has been more fully privatized.
Neither argument is correct. ICANN is important, especially on issues like the anonymous hosting of websites and law enforcement access to DNS requests. But even if China had complete control of it, the worst they could do would be to delete whole domain levels or allow law enforcement to see all root DNS requests.
More importantly, control isn’t being handed to China–it simply is being relinquished by the US. No single stakeholder in the new structure will wield much power, which is the whole point. It would be nearly as accurate to characterize this as handing control over to Saudi Arabia. Actually, I’m surprised the right-wing hasn’t made exactly that argument.
They address this in the article. No, it’s not being handed over to China…China is trying to gain control over it by doing the leg work to gain control or at least influence over other stakeholders, such as several of the large tech companies. Coupled with its own seat it could influence or, perhaps, control the committee…which WOULD allow quite a bit of control over the internet, since controlling the DNS IS controlling the internet.
So, I don’t see the errors…more an error in your assumption of what the argument is. As for Saudi, you’d need to show me they are trying to do similar things to really say it’s similar. I don’t see any country doing the things China is wrt this issue.
As to the right wing, well…do some Google searching. A lot of right wingers ARE saying that stuff. And Ted Cruz is against this heavily for similar reasons.
[QUOT=Richard ParkerE]Neither argument is correct. ICANN is important, especially on issues like the anonymous hosting of websites and law enforcement access to DNS requests. But even if China had complete control of it, the worst they could do would be to delete whole domain levels or allow law enforcement to see all root DNS requests.
[/QUOTE]
They could change where DNS requests are sent. You would type in www.straightdope.com or do a Google search for the Straightdope and you’d get a different host than the one you were wanting. And you’d have no way of knowing what the actual host ID was, since if you controlled the DNS root any search would come back with the new host. Oh, I’d be able to still get here, and I suppose the word would get out that the resolve was wrong, and simply to use the actual IP instead of the DNS translation, but how many folks would do that? Not many. My WAG is not many would even understand what I’m saying here, and I’m not even going into detail.
My point is that neither claim is correct, nor does the article really seek to substantiate the claims by looking at the actual structure of the new entity. Short of capturing the West as a whole, there is no amount of leg work China can do to gain control of a majority of the stakeholders. It can increase it’s influence beyond where it is now. It probably cannot increase it beyond the influence of the US.
And, no, controlling DNS is not controlling the internet in any meaningful way. Again, the worst it can do is things like prevent new top-level domains. But there will be discussion of democracy in China without a .democracy domain. So there is some censorship and control at issue, but it’s really pretty marginal in the grand scheme.
In your example, if ICANN started monkeying with the DNS roots, all you’d have to do to circumvent that is get the IP of a handful of authoritative DNS servers (which aren’t controlled by ICANN). Or use one of the ICANN alternative DNS roots.
Okay, first, your cite is from Epoch Times? Are they really a news site or are they a right-wing filter site?
From what I’ve read just now, it seems that ICANN is not being handed over to the Chinese at all; it is being allowed to operate independently instead of under US government supervision.
ETA: I don’t want to quote the whole article, but there’s quite a bit of info on how the IANA was created, what it does and why it does it and how, as Richard said, there are a multitude of stakeholders now instead of just the US.
I agree with your first point…they are laying out a theory, and obviously it hasn’t come to pass. I think you are dismissing it too easily, but I admit that beyond what China has said it wants to do, and a look at what it’s actually doing and has done, there isn’t a lot of hard evidence that they will be successful.
You are just wrong about the second. If I control DNS I control where the vast majority of people will go on the internet. This is used even today to redirect people, and that’s with the root systems mainly being vetted. If those root systems were compromised systemically by China then absolutely they would control the internet. That’s pretty much how they control it in their own country. When you do an equivalent of a Google search in China (Baidu) it redirects you where they want you to go and to see what they want you to see. 99% of people rely on URLs and Google or some other search engine to give them the proper host addresses for what they are looking for and where they want to go. Control the source of DNS and you control where folks can go and what they will see.
[QUOTE=Snowboarder Bo]
Okay, first, your cite is from Epoch Times? Are they really a news site or are they a right-wing filter site?
[/QUOTE]
Are they? No idea.
And I’m not saying they are handing it over to China either…nor is the article.
And China is also trying to influence or even control many of the other large stakeholders as well. Yeah, I know. So, you think it’s a good thing then, yes? That’s what I’m asking.
I should have been clearer. I am not challenging the premise that control of DNS routing is meaningful control of the internet (though even complete control of that would be overcome in less than a year by alternative root servers, I suspect). I am challenging the premise that control of ICANN is meaningful control of DNS routing. It isn’t.
What ICANN controls is the root servers. And it controls them in the sense that it is the administrator. The actual root servers are located in private corporations in the US, in the U.S. Army, and elsewhere. If ICANN decided one day to start routing chinademocracy.com to fuckyou.com, it would have to implement that in all the root servers. Not gonna happen. But even if it did, it just moves the problem down one level. Now you need to directly reach the DNS server for .com in China instead of getting routed there through the relevant root server. It would take less than 24 hours for that to get sorted out and for your grandma to be clicking the link in her email that reconfigures how her browser routes requests.
Those servers are authoritative…in fact, they are the root authority. Yes, you’d need to have access to change them. That’s the premise. Currently, as it’s structured you are right…it would be very difficult to change them in such a systemic way to redirect traffic the way we are talking about. But the problem with propagation you are talking about wouldn’t be one, as the lower tiers look to the upper tiers, and the propagation, while theoretically 24 hours isn’t anything like that today. When I do a A record change these days it propagates in a few hours…sometimes in less than an hour. The speeds are incredible these days, and everything looks to those root servers.
Whether ICANN will be able to exert that sort of control or whether China will be able to cobble together enough stakeholders to exert control over ICANN…sure, that’s all speculation. So, you think this is overall a good thing then? I admit that this was my position even a month or two ago. Having the internet out from under the control of any government seemed a good thing to me, and having industry more engaged as stakeholders seemed really great. This article though made me rethink that somewhat…which is why I started the thread.
IOW, control of ICANN is not like controlling the Strait of Hormuz. You don’t actually physically control anything. You have administrative power. And you can certainly use that at the margins in damaging ways. You could ban the .gay domain, for example.
But if you starting doing things like misleadingly redirecting sites and the rest, your administrative power would be quickly resisted by the people with actual power–those who control the root servers. And that is and will continue to be NASA, Verisign, the US military, etc.
And, given the architecture of the internet, even those root servers are ultimately not that much control over the internet. The Darkweb works just fine, and would quickly become how the rest of the internet works if NASA and the US military decided to cede control to China.
To answer your question, I think less US influence (and less government influence as a whole) on ICANN is a good thing. The US is far more of a threat to use ICANN for wrong because most of the root servers are inside the US, and because the US wields enormous power over lots of other aspects of the internet. We’ve also been promising to do it for 20 years.
There is also a risk of greater control for authoritarians, but since even the worst case scenarios aren’t that bad, I think it’s an easy call.
Sure…a lot of Tor users out there. But it’s a small fraction of the actual internet users, we are talking a fraction of a percent. And while I like to think that people would rise up and use other stuff, I’m not sure that’s the reality for most users. They are used to using the old standby sites and search engines and basically clicking the links that come up. Or typing in the URLs they are familiar with, or that they have saved under favorites. And if you were clever, like the CCP is, you wouldn’t change the look and feel of where you are redirecting folks to…just alter the content or redirect when certain things are asked for. Ask for info on Tiananmen Square in 1989 and give a link to a cite talking about another event or tourist information that looks and feels just like, say, Wiki.
At any rate, you are probably right…I doubt the US would just stand by while this happened, and neither would other countries who have freedom of information. Just gave me pause when I was reading the article. Really, knowing the CCP and what the Chinese have done wrt their own cyber environment and firewalling/redirecting, it scared the shit out of me to know they are actually thinking about this.
No, I don’t think it’s a good thing. I also don’t think it’s a bad thing. I don’t have an opinion because I don’t know very much about it all. I do think that ICANN not being under government supervision is something that goes back to the GWB administration and since no one has seen fit to reverse the plan during more than a decade of existence, perhaps the plan is basically sound.
And yes, I understand completely the points you are making regarding the importance of the root authority, but it seems the plan is to keep that the same (or mostly the same) as it is now in a kind of “it ain’t broke so don’t fix it” manner.
Epoch Times is owned by Falun Gong. It’s slightly right wing, buy not just some sort of right wing filter site…it’s a real newspaper, headquartered in New York City. Ad you can imagine, it’s pretty anti PRC, though.
If it’s owned by Falun Gong?? Yeah, I imagine they might be just a tad anti-PRC/CCP. Good to know, though. A friend sent me the link, and it was also used in the China Uncensored video (probably where she got it actually…it’s probably in there somewhere).
Totally makes sense why China Uncensored used the article in their piece. Like I said, good to know. From the Wiki (same as the one Bo has):
So, this isn’t what one generally means by ‘right-wing filter site’…in fact they would probably laugh themselves silly if they heard that descriptor. They are basically the content media equivalent to my China Uncensored channel that I use a lot…they are ‘anti-communist’ in that they are mainly anti-CCP (though they probably don’t like any communists after their experience), and are focused on events in China. Being associated with Falun Gong they probably know quite a bit about suppression and the nasty side of China, and are probably more sensitive to things like how China views the events in the OP, and also probably pay more attention when China says they are doing something (such as trying to gain control of ICANN and what they plan to do with that control, should they get it). Of course, just because China WANTS to do something doesn’t mean it will happen, and just because China plans to do something with it doesn’t mean that will pan out. Hopefully it won’t, and this is just fretting over nuffin.
I bet I can guess who called them the ‘mouthpiece of the Falun Gong’ though…
From what I have read, and responded to, on the likes of Facebook, people (all conservaties it appears) are concerned that by turning ICANN over to a neutral body, this body will be able to control the content of the internet and exert some censorship over things which it disapproves.
ICANN, though has no control over content (as mentioned above, they could play some games with the DNS servers, but this would be taking out the good with the ‘bad’. There is little fear that your website will be blocked just because someone disapproves of what you say therein.
First of all, the entire internet is based on routing protocols that only function due to trust.
Second of all there is no need to control the root dns servers to redirect users. That is far easier accomplished at the local level or through cache poisoning that is still a viable exploit.
Third, I would be far more worried about the explosion of the number of trusted CAs in modern OSs. Why would china risk a fairly easily detected DNS root server change when they could just route packets through an SSL proxy by just demanding the Hongkong Post CA provide them with certs for facebook.com, wellsfargo.com etc…
Even the mentioned Tor project knows how broken this model is.
I am not being paranoid, just realistic. You should assume that anything sent on the internet is vulnerable and the most effective protection is to ensure that you limit the blast radius of a disclosure. As an example when choosing banks add their fraud reimbursement policies to your selection criteria.
The transfer of the rules making body from a country with well known violations of personal privacy and mass data collection efforts to a more global community control point is a relatively minor risk compared to the vast attack surface of the other systems. The above is far larger, where the entire SSL system has traded a workable trusted model for one that produces income and is mostly security theater.
If someone claims that the transfer of an oversight body like ICANN is a huge threat to the global internet you can reliably filter them out as an authoritative source for risk mitigation as they obviously only have a cursory understanding on how the public internet functions.
And Ted Cruz is against this heavily for similar reasons.