Internet Governance (2): Governance by Infrastructure

Governance by Infrastructure is part of a series of research papers on Internet Governance. You can read other parts here:

Governance of Internet Resources

Internet Critical Resources (ICRs) might be the most important and the hottest areas of contestation in Internet Governance. To appreciate the importance of ICRs, and thus understand the causes of the fierce struggles around their governance, let’s first have a clear idea of what they are. (See chapter two in DeNardis 2014; chapter ten in Mueller 2010)

The term “resources” usually refers to collections of materials necessary for one or more needs, operations, and functions of humans and their society. Water, Petroleum, Natural Gas, Gold, and other precious metals, are intermediate goods used in manufacturing other products, like flour that is produced from wheat and used for producing bread, etc. These are what we think of when we encounter the term “resources.” On the other hand, Internet Resources’ most important feature is that they are virtual resources. As an example, Internet addresses are nothing but numbers with no meaning in themselves, just like phone numbers. What gives the Internet addresses their meaning is a set of agreed-on assumptions, hence they are virtual resources as you can’t touch a number or store it in a box.

This shouldn’t come as a surprise, as the Internet is itself a virtual “being”. Virtual in this context means, besides being immaterial, that the need for these resources is conventional, i.e., based on some sort of agreement among actors to recognize them. This doesn’t make them less crucial than any material resource, and most importantly, it doesn’t mean that their recognition is truly voluntary. But being conventional and virtual are important features of ICRs, they make them more contestable, and they shape the mode of contestation and its tools. Specifically, the struggle revolves around the technical method to apply, for instance, how Internet addresses are defined? What are the security precautions embedded in Internet protocols? Who should design these protocols? Who can distribute Internet addresses for those who need them? And with what conditions?

The second feature of ICRs is that they are Internet-specific, they have their value only within the context of the operation and use of the network. Other virtual resources like spectrum frequencies, which are crucial for international communications, while they affect the networks alternatively used for transmission of Internet data packets, they are still not ICRs, as the working of the Internet doesn’t really depend on them. This feature means that away from Internet Governance tools themselves, no other tools governing related but not Internet-specific resources can be used effectively to govern the Internet. Actors of any kind with power over such resources, still have no say over the Internet by virtue of this power alone. Some states and other actors have great influence due to controlling some globally important resources. For instance, the closest to impacting the Internet are marine cables transmitting telecommunications between countries. These cables go through hubs imposed by sea nature. Some of the most important of these hubs are under specific states’ control, as they lie within their regional waters. However, marine cables while important, the Internet doesn’t depend entirely on them, as there are always other alternatives for transmitting its communications. Even if malfunctioning marine cables may cause the Internet service to be stopped for most users on whole continents, this doesn’t mean that the Internet has stopped working. In conclusion, only ICTs can be used to control the Internet, thus it is only by controlling them that one may control the Internet.

Lastly, ICRs are global, by design, so they can’t be managed domestically within any country independently. This means that they must be unique, no Internet address may point to more than one device connected to it at any given time, and thus their distribution must be centrally managed, which meant that only one entity in the whole world should distribute these resources among those who need them to guarantee that no conflicts arise. It also means that they are finite and thus scarce, as there is always a limited supply of them at any given time. For expanding this supply there must be one solution that everybody abide by it, hence, once again, there should be one entity invested with the authority to make the final decision of which solution to be implemented. This accounts for much of the contestation of the governance of these resources, given that the history of their central governance still casts its shadow on the present making many actors quite uncomfortable with the status quo.

Internet Names and Numbers

The most important Internet resources that constitute its infrastructure, and thus nobody can access the Internet without them, are its basic names and numbers. There are exactly three types of these resources, IP addresses, Domain Names, and Autonomous System Numbers. The first two were necessary for the Internet since its early beginnings when it was still an American phenomenon. The third became necessary as the Internet fulfilled its design objective to be a global network of networks.

IP Addresses

For any device to connect to the Internet and exchange data with other devices connected to it, it must have a unique IP address, either permanent/static or temporary/dynamic. IP addresses are numbers. But while the domain of numbers in math is infinite, i.e., numbers can grow infinitely, computer numbers are limited by the need to have a fixed format and fixed storage space expressed as the number of bits required to physically store the binary representation of the number composed of a series of 1s and 0s. Therefore, the basic numbering system for computers is the binary system and not the Ten-based system we are accosted to using in daily life, and whose units may take any of ten different values: 0, 1, 2, … and 9. The smallest unit a computer can handle is a bit. For expressing any meaningful data these units are grouped into a larger unit which is the Byte. Each Byte is composed of 8 bits. For expressing any number, a predetermined and known number of Bytes must be used, as computers can’t guess where a number starts or ends. They can only work with a determined number of units as representing some number. For computers to exchange data, the number of units used to store any data type must be standardized to be the same for all computers. Therefore, Internet addresses have a determined number of storage units, their limit is determined by the highest number that these storage units can express.

Why do Internet addresses have a limit that can’t be exceeded?

In the early days, IP addresses were stored in a few bits, so there were only a very limited number of devices that can connect to the network. From 1972 to 1981, IP addresses were stored in 8 bits, this provided only 256 unique identifiers, i.e., only 256 devices could access the Internet at any given time.

The introduction of IPv4 which lengthened the address size to 32 bits provided about 4.3 billion unique identifiers. This means that around 4.3 billion devices can access the Internet at the same time. At the time of this expansion, it was thought that this number of identifiers was enough, but the Internet expanded so quickly and outgrew the limits imposed by the size of IP addresses. This led to the creation of IPv6, which provides a huge number of unique identifiers (2^128 i.e., 340 undecillion).

IP addresses are unique globally, i.e., two computers connected to the Internet can’t be assigned the same IP address. Consequently, IP addresses must be managed centrally, by one authority. In the current situation IP addresses are distributed through a hierarchical system. At the top is the Internet Assigned Numbers Authority (IANA), now under supervision of the Internet Corporation for Assigned Names and Numbers (ICANN). IANA distributes blocks of IP numbers to five regional Internet registries (RIRs), that in turn distributes IP addresses within their blocks to local Internet registries (LIRs) and national Internet registries (NIRs), and those in their turn distribute IP numbers to Internet Service Providers (ISPs) that statically or dynamically assign IP addresses to their clients.

Despite the great advantages of the new IP addresses, and the fact that IANA has already announced in February 2011 that it no longer had blocks of IPv4 available to allocated to RIRs, the transition from IPv4 to IPv6 has proved to be challenging. The causes for the very slow transition are lack of awareness about the need for it, and the limited financial resources available in developing countries for investment in new equipment. The problem of running out of IP addresses, is a great Internet Governance concern as it inhibits the further development of the Internet. Developing countries may face problems with keeping up with the new applications of the Internet, especially the Internet of Things (IoT), that requires a great expansion of IP addresses. This may reflect on users who may be required to pay more to access the Internet as IP addresses become rare commodities.

The Domain Name System (DNS)

While IP addresses are used for computers to identify each other’s on the Internet so they may communicate and exchange data, some computers, usually servers, that offer content, and services that end-users may consume, need to have names that humans can use. This can be addressed by assigning readable names, in natural languages, like English or Arabic to such servers. This, first, requires a method for interpreting these names into IP addresses. As IP addresses are unique, so should be the names that can be interpreted into them. But while IP addresses are numbers, that no matter how limited by their size, there can be really a huge number of them, names are much more limited by the limits of meaningful words in any language. So, the Domain Name System that was invented for this purpose had to be hierarchical.

Currently the DNS consists of root servers, top-level domain (TLD) servers, and a very large number of name servers located around the world. There are two types of top-level domains, generic like .com, .org, and .net, and country code top-level domains, like .uk, .us, and .eg. Root servers keep the IP addresses for registries that each manages a gTLD or a ccTLD and maintains a database of all the domain names registered under it. Registries are companies, organizations, or governmental institutions, they might also perform the actual registration of domain names, but usually this is done be other entities called registrars. (Kurbalija 2016, p. 46) On top of this whole system is ICANN that create any new gTLD and set rules for their registries. Rules of cc-TLDs however are set by their corresponding governments, or any entities they delegate this role to it.

Since the early days of the commercialized Internet, the DNS was a point of contestation. The first issue was trademarks. In the early days registration of domain names was based on first demand order, i.e., the first to ask for a domain name acquires it. This created the problem of domain squatting, where some intentionally raced to register domains with names of famous trademarks of companies, organizations, and institutions, with the intention of selling them to their rightful owners at high prices. This led to many disputes in courts, that were not easy to settle due to the lack of relevant legislation. The answer to this problem took a long time to be developed by ICANN in cooperation with the World Intellectual Property Organization (WIPO). Together they developed the Uniform Dispute Resolution Policy that sets the rules for deciding to whom a disputed domain name should be registered.

An area of recurrent conflict as well is the creation of new generic top-level domains. The introduction of new gTLD meant that concerned owners of trademarks had to register new domain names for their trademarks under each new gTLD. On the other hand, the expansion of the Internet and its diversification required the expansion of the DNS as whole, which can’t be done without adding new gTLD, the ccTLD being limited to the countries already existing, and usually having more restrictive rules that makes the gTLD more favorable.

The management of ccTLDs is one area where politics intersects Internet Governance at the infrastructure level. The question is how to deal with entities with disputed status in conflict areas. One example of a related controversial issue was whether to allocate a domain name for the Palestinian Authority, as Palestine is not yet a recognized state. IANA however assigned to ccTLD .ps to the Palestinian Authority based on the principle of allocating domain named in accordance with the ISO 3166 standard for country codes, a rule that was proposed by Jon Postel who managed IANA functions for 30 years till 1998. (Kurbalija 2016, p. 48)

Governance by Internet Infrastructure

In an influential paper titled “Hidden Levers of Internet Control an Infrastructure-Based Theory of Internet Governance”, (DeNardis 2012) Laura DeNardis, used the term “turn to infrastructure in Internet governance”, to describe a trend where different actors co-opt “Internet infrastructure systems of governance–such as the Internet’s Domain Names System–for [political and economic] purposes other than those for which they were initially designed.” (DeNardis and Musiani 2016) Along with other researchers, DeNardis further developed this idea in their book Turn to Infrastructure in Internet Governance. (Musiani et al., 2016) Today the term and the different issues it refers to are even more relevant, as the use of Internet infrastructure by governments and big tech companies for political and economic purposes has intensified attracting the attention of main-stream media and the public audience.

While in the previous section of this article we discussed the Critical Internet Resources (CIRs), which are a subset of Internet infrastructure, in this section we expand our scope to deal with different issues related to CIRs as well as other aspects of the Internet infrastructure. The idea of the “turn to infrastructure in Internet governance,” serves as a suitable lens to view these issues through it. Another related concept that may help as an entry point for this discussion is “net neutrality,” the principle that all data packets are created equal and thus should be treated equally. Violating this principle, by Internet Service Providers (ISPs) under several practical pretexts, opens the doors to many forms of manipulating Internet infrastructure for political and economic purposes.

Governance of Internet Infrastructure vs. Governance by Internet Infrastructure

For the Internet to operate in the way we know it today it depends on many material and virtual resources that can be divided among three layers: physical, transport and application layers. (Kurbalija 2016, p. 35) The first includes the wired and wireless telecommunications infrastructure, that the Internet uses for transferring data among the different types of devices that can connect to it. These however are not Internet specific, so they are excluded from this discussion. The second layer includes the Internet protocols, and standards like TCP/IP, the DNS, the World Wide Web (WWW), etc. Finally, the third layer includes the applications running on the Internet providing different services to its users. These last two layers are Internet specific, and they belong to its infrastructure by virtue of creating control points governing the flow of data through the network. These control points are sites of enacting Internet infrastructure governance policies.

In the previous part we focused on the issues related to managing the scarce resources of the Internet, namely IP addresses and Domain Names. Some of these issues were political in nature, like deciding which entity qualifies for the status of a country so as a Country Code Top-Level Domain (ccTLD) may be assigned to it. This however belongs to what we may call the Politics of Internet Infrastructure Governance. i.e., the politics accidentally involved in the day-to-day functions of Internet Infrastructure Governance.

What we focus on in this part is the manipulation of Internet Infrastructure Governance tools within the context of political, cultural or economic conflicts. Recognizing the difference between the two might be elusive in many cases. For instance, when ICANN announced a massive expansion of the Generic Top-Level Domains (gTLDs), some countries objected to the creation of specific new domain names like gay, sexy, porn, and islam on the ground of cultural, moral, and identity representation claims. How this case is different from that of assigning a specific ccTLD to some entity? Simply, in the case of assigning a ccTLD, ICANN didn’t need to resolve the conflict over the status of the entity itself, it just used the internationally approved standards for assigning country codes. In other words, ICANN performance of an Internet Governance functions wasn’t used as a tool in a political conflict. In the other case, the cultural, moral, or identity conflict had no internationally approved rule to resolve it. Whatever decision ICANN could make, would mean using the Internet Governance function it is authorized to perform for favoring one side in the conflict over the other. This is what we call Governance by Internet Infrastructure.

Governance by Internet Protocols

The most important Internet protocol, the TCP/IP was designed as a means for transmitting data between two ends. It works most efficiently when treating data packets as such, i.e., as opaque packages of digital data. Technically, there is no need for inspecting the actual contents of these packets, thus the principle of net neutrality is embedded in the transmission Internet protocol. Any need for violating this principle can only arise for achieving purposes other than the function of this protocol.

In 2003, Deep Packet Inspection (DPI) was first introduced. The purpose was filtering malware. The DPI technique however was since used for many political and economic purposes. ISPs use it to differentiate different types of content with the announced purpose of optimizing net traffic, and performance. Contents requiring more speed for better performance, like video streaming, for example, are given priority over other types of content whose delay is barely noticeable by end users. Using the DPI technique doesn’t stop at achieving this purpose, however. ISPs use it also to favor content based on its source IP address, giving their own services, or some third party’s content priority guaranteeing better performance. DPI is also used to favor some content by invoicing less or no charges for it.

Using DPI and other techniques ISPs can discriminate against information transmitted over the Internet based on IP addresses of the origin (blocking specific sites), or the destination (cutting access to the Internet for specific users); protocols (throttling data with specific protocols like BitTorrent or VoIP); or applications (slowing down or blocking some applications like Skype). (Zhao 2012; Margoni and Perry 2000)

Inspecting the actual contents of data packets is also a means for practicing censorship by filtering and blocking content and surveillance by intercepting content sent by users. Governments can only do that with voluntary or forced cooperation of ISPs.

Some policies used by many ISPs target specific users like throttling bandwidth for users of unlimited plans when they exceed some consumption limits. Once again this is a policy that uses identification by IP addresses for purposes other than what they are intended for. The underlying techniques used by these policies constitute a violation of users’ privacy that can be further exploited for surveillance purposes by repressive regimes, as IP addresses are assigned by ISPs to specific subscribers whose personal data are obtained on subscription and kept by the ISP.

Governance by the DNS

When Wikileaks published classified US diplomatic cables, an American DNS service provider stopped resolving queries for its .org domain. This is a clear example for using Internet Infrastructure for a political purpose, which in this case punishing an entity for political infringement and trying to help minimize the harm caused by this infringement by limiting access to the classified material.

The DNS can be manipulated for different purposes. The usual technique is resolving queries for some domain name to an IP other than the one associated with it, which is call DNS hijacking. This technique is used for redirecting access to sites that offer pirated materials, but it is also used for censorship purposes redirecting access to porn sites, political activists’ blogs, opposition media sites, etc. While ISPs, usually offering DNS services to their subscribers, may divert access to some sites when requested to do so by law enforcement agencies in some country, in other cases they may do it when requested by content producers in case a site illegally sells or offers for free their copy righted material.

Other techniques used for political and economic purposes are DNS injection techniques. One group of these techniques are called man-in-the-middle, which monitor DNS queries and inject false information in the resolution process. These techniques are known to be used by cyber criminals to redirect users to fake pages where they may obtain sensitive personal data like credit cards numbers. They are also used by governments for censorship purposes for example the Great Firewall of China uses DNS injection techniques to censor contents. Private companies may also inject misinformation for economic purposes. ISPs or content providers that engage in online advertising or data collection will sometimes hijack DNS queries and redirect users to an intermediate “loading” webpage that displays advertisements
Another aspect of using DNS for purposes other than its function is treating Domain Names as assets. For instance, a group of injured victims of a suicide bombing in Jerusalem planned by Hamas obtained a US court order awarding them billions of dollars in compensation from Iran for its support of Hamas. Seeking to collect damages the victims asked ICANN to seize the country code top-level domains of Iran, Syria, and North Korea and turn them to the plaintiffs. ICANN however argued that ccTLDs are not property owned by their respective countries’ governments. (Musiani et al. 2016, p. 3)

How Manipulating Internet Infrastructure Affects Users

Different techniques for manipulating Internet infrastructure for purposes other than what it was intended for alter users experience of the Internet in many ways that ranges between the annoying to the extremely dangerous. Experiencing slower speeds, delay, and longer load and downloads times is annoying. Being unable to access websites and pages, can prevent users from using the Internet for learning, research, work, getting medical advice, etc. Privacy violation and surveillance can pose different threats to users, some might even be fatal.
Compared to interventions practiced on higher layers of the Internet, those exploiting its infrastructure are mostly invisible, out of reach for end-users, and can’t be avoided easily, or at all. While some countries may legislate laws that enforce net neutrality curbing some practices, this will be limited to their jurisdiction borders, and will suffer from many other difficulties of using laws for Internet governance in general, which will be discussed in another part of this series.

The bottom line is that whatever exploits the vulnerabilities of Internet infrastructure can only be dealt with by embedding the required counter measures within this infrastructure itself. However, in a governance system of multi-stakeholders that many of the most influential among them benefit, in a way or another, from co-opting Internet infrastructure governance tools for their own purposes, it is rather difficult to achieve the required changes. Only with an effective representation of end-users within the global multi-stakeholders Internet governance system is it possible to influence it in way favoring their interests.


DeNardis, Laura. 2012. “Hidden Levers of Internet Control: An Infrastructure-Based Theory of Internet Governance.” Information, Communication & Society 15 (5): 720–38.

———. 2014. The Global War for Internet Governance. New Haven: Yale University Press.

DeNardis, Laura, and Francesca Musiani. 2016. “Governance by Infrastructure.” In The Turn to Infrastructure in Internet Governance, edited by Francesca Musiani, Derrick L. Cogburn, Laura DeNardis, and Nanette S. Levinson, 3–21. Information Technology and Global Governance. New York: Palgrave Macmillan US.

Kurbalija, Jovan. 2016. An Introduction to Internet Governance. 7th edition. Msida, Malta Geneva Belgrade: DiploFoundation.

Margoni, Thomas, and Mark Perry. 2000. “Deep Pockets, Packets; Harbours: Never the Three Shall Meet.” SSRN Electronic Journal.

Mueller, Milton. 2010. Networks and States: The Global Politics of Internet Governance. Information Revolution and Global Politics. Cambridge, Mass: MIT Press.

Musiani, Francesca, Derrick Cogburn, Laura DeNardis, and Nanette Levinson. 2016. Turn to Infrastructure in Internet Governance. Place of publication not identified: Springer Nature.

Zhao, Jinshuang. 2012. “Implications of Deep Packet Inspection (DPI) Internet Surveillance for Society The Privacy & Security Research Paper Series Issue #1 The Privacy & Security -Research Paper Series,” July.