The Internet cuts its US apron strings

www.nesta.org.uk/feature/14-predictions-2014/the-internet-cuts-its-us-apron-strings/
Skip to content

If 2013 was the year of Edward Snowden's revelations about NSA spying, 2014 will be the year the world reacts. This year, the US lost its moral leadership of the Internet, and next year it will lose its technical leadership as well.

Born of the US defence establishment, the Internet has always struggled to cut its apron strings. Until the late 1990s, it was still directly under the control of the US government, which amongst other jobs, handed out the online equivalents of names and addresses.

Since then, governance has formally moved to NGOs, giving the appearance of internationalism. But Snowden's revelations give lie to this illusion: the essential components of today's Internet - the cables, hardware, software, services and standards - remain predominantly American.

This will soon end. The rising technological might – and technological independence – of the BRICs, and the general trend towards open innovation, make this inevitable (for more on this see recommendation 6 of Nesta’s Plan I For Europe).

Change is already afoot. Deutsche Telekom has reportedly modified routing rules to keep traffic from traversing the US and Brazil intends to go even further, building new under-sea cables to Europe that bypass the US. The Internet was designed, from the beginning, to be a loose, redundant network: it is inherently hard for any one country to maintain dominance over the pipes.

US giant Cisco remains the dominant supplier of the hardware that controls Internet traffic, but China's Huawei is gaining ground. Western governments have repeatedly excluded Huawei from tenders, citing vague ties to China's military; American manufacturers will now face the same concerns. Moreover, the open hardware movement may offer a future where designs are open and crowdsourced, produced cheaply by commodity manufacturers.

Open source

Software is already far along this path. The software stack of the modern Internet - the operating systems, databases, web servers and browsers - is now largely open source. Linux, MySQL, Apache, Firefox: the code for these products is available for anyone to inspect. While open source doesn't guarantee the absence of NSA backdoors, it's a far better bet than closed-source, where we know such backdoors exist. And while the free software movement remains centred on the US, other countries, for instance Brazil, are increasingly taking a leadership role.

This, arguably, leaves the two layers of the Internet most resistent to reform: services and standards.

Internet standards span everything from document formats to cryptographic algorithms. Standards-development in most categories has been, from the beginning, a relatively open and international process. Not so for cryptography.

Common cryptographic standards, including the Advanced Encryption Standard (AES) and Secure Hash Algorithm (SHA) are adopted by the US National Institute of Standards and Technology. Mandated in US government applications, these standards are quickly implemented in software, and become de facto global norms. Even visiting wikileaks.org, my connection is secured using AES and SHA - the former approved, and the latter actually designed, by the NSA.

These algorithms are open to inspection, and experts believe them (relatively) secure, but it is virtually impossible to prove this. The NSA has intentionally weakened such protocols in the past. In light of this year’s leaks, its role in standardisation looks anything but benign. It is technically possible to adopt different standards - dozens of candidates exist - but so far, the rest of the world has been remarkably complacent. This is already starting to change: the developers of FreeBSD, an operating system, just announced they will no longer rely on certain US-designed hardware random number generators, a key component of any cryptographic system. (Interestingly, the decision appears to have been made by a non-American working group at a European conference.) From now on this kind of ‘constructive distrust’ will be the rule.

Services may stand as the last bastion of US government influence. Cloud services and content delivery networks, with their increasing returns to scale, are dominated by US companies like Amazon and Microsoft. Complex network effects make the Google, Facebook and Apple platforms difficult to leave. And while these corporations manage their tax affairs like multinationals, they have proved singularly unable to resist the legal demands of the US security services (although, perhaps realising the risk, they are starting to push back). Significant challengers do exist in some regions - for example China's Baidu and Sina Weibo, and Russia's VK - but these seem hardly more appealing.

As yet, compelling open alternatives to many of these services have not emerged (see Diaspora). But the global community of hackers, responsible for so much of the Internet's development, is smart, driven and, following this year's revelations, mightily angry.

For now, the US retains its grip, but 2014 will be the year that changes.