The security, stability and resiliency of the Internet are recognized as vital to the continued successful growth of the Internet as a platform for worldwide communication, commerce and innovation. This panel focused on domain name service blocking and filtering and the implementation of Internet Protocol version 6 (IPv6) and critical Internet resources in general. The panel addressed some of the implications of blocking and filtering; the implementation of DNSSEC and IPv6 on a national basis; and future challenges to the Internet in a mobile age.
Details of the session:
The Internet’s success well into the future may be largely dependent on how it responds and reacts to new challenges, according to panelists in a session on critical Internet resources at the IGF-USA conference July 18 in Washington, D.C.
The Internet continues to evolve. It is also growing, as it becomes accessible to billions more people. A major challenge now and in years to come is to make the Internet more secure while continuing to promote openness, accessibility, transparency, bottom-up decision-making, cooperation and multistakeholder engagement. It is important that organizations continue to retain these values as much as possible as they react to cybersecurity and cybertrust issues.
This workshop was conducted in two parts, both moderated by Sally Wentworth, senior manager of public policy for the Internet Society. Panelists included:
- John Curran, president and CEO of the American Registry for Internet Numbers (ARIN)
- Steve Crocker, CEO and co-founder of Shinkuro, and vice chair of the board for ICANN, the Internet Corporation for Assigned Names and Numbers
- Bobby Flaim, special agent in the Technical Liaison Unit of the Operational Technology Division of the FBI
- George Ou, expert analyst and blogger for High Tech Forum
- Rex Bullinger, senior director for broadband technology for the National Cable and Telecommunications Association (NCTA)
- Paul Brigner, chief technology policy officer, Motion Picture Association of America (MPAA)
- David Sohn, senior policy counsel for the Center for Democracy and Technology (CDT)
- Don Blumenthal, senior policy adviser for the Public Interest Registry (PIR)
- Jim Galvin, director of strategic relationships and technical standards for Afilias
Wentworth began the session by referring to it by its alternate title, “Blocking and Tackling.” The alternate title proved appropriate, as the panelists became more and more passionate in their assertions during heated discussions on two topics that affect the future health of the Internet: the implementations of Internet Protocol version 6, known as IPv6, and Domain Name System (DNS) blocking and filtering.
IPv6 implementation issues are more complex than earlier imagined
The first panel grouping consisted of John Curran, Steve Crocker, Rex Bullinger, Jim Galvin and Bobby Flaim. It centered on a discussion of IPv6 and the difficulty in implementing a system that is viewed as the “broccoli of the Internet” – something that is technologically necessary, but for consumers is less of a priority because a switch is not incentivized.
The technological necessity is an inevitability. IPv4 has 4.3 billion independent IP addresses. The central pool of addresses ran dry Feb. 3, 2011. The last five blocks were passed out to the five regional address distributors. Depending on the rate of growth, Curran explained, those addresses may not last very long. In fact, the Pacific region has already handed out all its addresses. The 7 billion people in the world can’t fit into 4.3 billion addresses, especially when most have more than one address to their names.
“We have to move, the hard part is getting them to move,” Curran said, referring to consumers.
The biggest problem is that IPv6 and IPv4 are two languages that don’t talk to each other.
“You have to enable IPv6 in order to speak to IPv6 Internet users. It’s literally possible for us to break the global Internet if we don’t transition to IPv6,” Curran said.
The dual stack model – one in which both IPv4 and IPv6 run – was identified by the Internet Engineering Task Force (IETF) to be the most effective and efficient way to begin integrating IPv6 into the lexicon.
“What we have is a coexistence processes rather than a transition,” Crocker explained. “We’re going to have these two existing parallels. You’ve got pure IPv4 exchanges and conversations, pure IPv6 exchanges, then you’ll have somewhat more complex interchanges between IPv4 users and IPv6 systems and those will require some sort of translation.”
“The ISPs,” Curran said, “are stuck in the trap as to whether there’s enough demand to make the switch.”
Currently, most devices, such as laptops, are IPv6-enabled and have been for some time, so they’re coexisting, rather than transitioning directly from IPv4, Curran said.
“Things are not going to be replaced overnight,” Galvin said. “The providers are ready, but the customers aren’t. The laptops are ready, but the interaction is not ready.”
There are other problematic implications of enacting the new IP version, particularly as it relates to ensuring that how the IP addresses are being allocated and to whom and logging network address translators (NATS), according to Flaim.
Another element was addressed by an audience member – the possible advantages possessed by countries with less infrastructure than the United States. Is the United States being left behind because its Internet is too big? Crocker contended that it’s a possible scenario that some developing regions could leap frog over IPv4 and go directly to IPv6.
DNS blocking and filtering basis for continued controversy
The second panel of the afternoon, moderated by Sally Wentworth, consisted of Crocker, George Ou, Paul Brigner, Galvin, David Sohn and Don Blumenthal and centered on a lively discussion about the merits of DNS blocking and filtering as an answer to copyright infringement.
The panel was divided on its views – some felt that DNS filtering and blocking represented the perfect answer to copyright infringement and media piracy, while others felt that a solution based on technical adjustment is the wrong way to approach what they deemed a human problem, not a technical problem.
While a consensus was not achieved, the discussion addressed serious concerns about the damaging effects of illegal downloading on the content production industry, as well as the greater constitutional, technical and political implications of the use of DNS filtering and blocking. Panelists referenced the Protect IP legislation that is currently in the U.S. Senate. The legislation is aimed at off-shore websites that infringe copyright laws by hosting pirated media. One of the ways the bill works is to undercut the sites by going after their advertising and funding sources.
The trouble, Crocker explained, is that the blockages or filters are not only “trivial to get around” but the motivation is there. Sohn agreed that DNS filtering is not beneficial, especially in this case, because it is easy to evade. Using DNS filtering to prevent users from accessing entire domains that may contain illegal content rather than addressing the content itself on specific websites is too broad, Sohn suggested.
Galvin agreed: “While content providers have a legitimate need to protect their assets, there seems to be the automatic assumption that DNS filtering is the right way to do that. You’re concerned about content, so you want to do content filtering.”
Galvin cautioned the panel and the audience to be aware of resulting damages.
Sohn also raised concerns about prior restraint. “Under prior restraint law, you cannot restrict speech unless it’s actually proven illegal,” he said. “DNS filtering orders would often occur on a preliminary basis, as part of a restraining order, rather than after a full legal determination by a court.”
There was further discussion that on a technical level, the use of these tactics would be problematic because it would break DNSSEC and destabilize the Internet. Especially when DNSSEC was designed to detect just that type of illegal activity, Crocker maintained.
On the other side of the issue, Brigner explained that in using DNS filtering, criminal sites would be removed from the “global phonebook,” preventing individuals from accessing them and propagating the consumption of illegal media.
“We’re not asking for a new row of cannons,” he said in reference to an earlier remark Crocker while sharing a metaphor about the Vassa, a Swedish warship that sank because its poor design was based on the king’s desire for more firepower in spite of architectural faults. “Let’s use sound engineering principals.”
An audience member’s suggestion of the use of an industry seal program was also met with varying levels of support and dissension. Ou said an industry seal program may be easily counterfeited, while others said they think using a “human” solution rather than a technical solution is a more appropriate answer to the problem.
In the end, the dialogues during this session raised many questions about the real-world implications of IPv6 and DNS blocking technologies.
“It’s important that these various communities find a way to address the issues in a way that’s respectful of the technology, respectful of the global Internet and people’s need to carry out their business, and the freedom of expression,” Wentworth said in closing.
“There are a lot of competing interests, but they don’t have to be mutually exclusive.”
– Bethany Swanson
A selection of Twitter reports on this IGF-USA 2011 event:
Five #IGF11-USA PM workshops begin at 1:15; issues range from CIR to cyber policy, Domain Name System, youth uses, emergency management.
“Adopting IPv6 is crucial for the future of the Internet” -Sally Wentworth, Internet Society #IGF11-USA
IPv4 running low on its 4.3 billion available Internet addresses. IPv6 is new standard that could solve the problem. -John Curran #IGF11
“It is literally possible for us to break the global Internet if we don’t transition to #IPv6.” -Curran #IGF11-USA
“We might find ourselves showing up last to the party when other countries already have a better option.” -Curran on IPv6, #IGF11-USA
Q1: Should the gov push IPv6? Steve Crocker says there must be incentives to get the cycle going. #IGF11-USA
“There’s a lot of technology out there that only knows about IPv4, we’re not going to transition overnight.” -Jim Galvin, #IGF11-USA
New Challenges to CIR workshop continues, large panel switches members: Crocker, Ou, Brigner, Galvin, Sohn and Blumenthal now up. #IGF11-USA
Discussion turns to protecting intellectual property rights online; piracy a “massive threat to American jobs”-MPAA’s Paul Brigner #IGF11-USA
“America needs to step it up. Protect IP is a good mechanism to do that” -Brigner of Motion Picture Assoc. #IGF11-USA
U.S. likely to set the tone for other countries concerning domain name filtering. -David Sohn of CDT #IGF11-USA
Participant asks, “If industry wants consumers to be aware of illegal content, why not recognize legal content w. an industry seal?” #IGF11
Discussion rather heated at end. Wentworth closes CIR workshop by saying actors must avoid polarization if progress to be made. #IGF11-USA
The multimedia reporting team for Imagining the Internet at IGF-USA 2011 included the following Elon University students and alumni: Jeff Ackermann, Natalie Allison, Ronda Ataalla, Ashley Barnas, Joe Bruno, Kristen Case, Lianna Catino, Nicole Chadwick, Kellye Coleman, Colin Donohue, Steven Ebert, Jeff Flitter, Anna Johnson, Elizabeth Kantlehner, Melissa Kansky, Morgan Little, Brian Meyer, Julie Morse, Derek Scully, Rachel Southmayd, Katy Steele, Jeff Stern, Bethany Swanson and Carolyn VanBrocklin.