recommended reading

What Does It Mean for the U.S. to 'Lose Control of the Internet?'

Sergey Nivens/

Is the U.S. losing control of the Internet?

That’s how some are interpreting a statement released in October by 10 organizations central to the Internet’s operation.

“With striking unanimity, the organizations that actually develop and administer Internet standards and resources initiated a break with three decades of U.S. dominance of Internet governance,” writes Milton Mueller, a professor at the Syracuse University School of Information Studies.

“A break” sounds severe—what would that mean? How much of the web does the U.S. control, anyway? And how fast could they lose that control?

Right now, the Internet is governed by a set of organizations with diverging responsibilities. The Internet Corporation for Assigned Names and Numbers (ICANN) helps assign domain names and top-level domains (the letters, like “.com” or “.org,” that come after the dot). Two other groups develop the standards for how information is shared and displayed through the Internet and on the web. And five regional Internet address registries assign IP addresses to Internet-connected devices.

That’s what the institutions do—but, in addition to having different responsibilities, each holds a different kind of of power. ICANN has tremendous power over how the modern web works: It’s in the middle of a years-long process to allow many, many more words than “com” or “org” to follow the dot in a web address. But it doesn’t have a significant say in what bits look like when they get to your computer. The two standards-making bodies, the Internet Engineering Task Force (IETF) and World Wide Web Consortium (W3C), have huge consultative and technical power (the IETF determines what constitutes the literal Internet Protocol) but very little national oversight. And the Internet couldn’t work without the regional IP registries, but they act more as nodes in the system, as technical entities, than as leaders. Still more organizations have advisory clout but no concrete role: These include the Internet Society.

The leaders of 10 organizations signed the statement in Montevideo, Uruguay. They include ICANN, the standards-making IETF and W3C, the Internet Society, and the five regional registries. But of those 10 organizations, the U.S. has oversight powers over only one: ICANN. So if the Uruguay statement concerns the United States, then it really concerns the functioning of ICANN.

And three bullet points in the statement imply ICANN. Here’s the main one:

[The signatories] called for accelerating the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing.

The globalization of ICANN: This may sound unprecedented, but, for ICANN, it isn’t a new goal.

“ICANN has been agitating for greater independence from the U.S. government for many, many, many years, basically since it was founded,” A. Michael Froomkin, a law professor at the University of Miami, said in a phone interview. Froomkin writes about Internet law, including two widely cited articles about ICANN’s relationship with the U.S. government.

In the 1990s, the U.S. government found itself in control of the servers which controlled the domain name system behind the burgeoning web. For a number of reasons, it didn’t want to entirely retain this power, and it sought a way to delegate it. So the government—the Clinton administration, at the time—privatized control of the “root” DNS servers in a non-profit body called ICANN, which would administer domain names. This happened in 1998; since then, ICANN has operated the system. Since then, too, its power and independence has grown, and the U.S. reaffirmed its delegation of the DNS to ICANN while insisting it could step in in case of emergency.

Most recently, in September 2009, the U.S. and ICANN agreed on an “Affirmation of Commitments” The U.S. permitted the corporation more independence, but retained its power to take over the root server in an emergency.

“The Affirmation of Commitment was kind of a truce,” says Froomkin. “ICANN got most of what it wanted; the Europeans and Japanese got most of what they wanted; the US gave up, you know, a lot, without giving up the core thing -- which is that, in case of emergency, it can step in.”

He added that it entailed “very substantial but not total independence” for ICANN.

So when the Uruguay statement mentions “accelerating the globalization of ICANN,” it’s essentially reopening negotiations which ended four years ago. Moreover, the statement frames ICANN’s independence as an eventual, unavoidable end to history. Talk about “accelerating” something, and you’re suggesting its an incontrovertible process.

This is, in other words, a savvy way to state an opening negotiating position.

And what is the occasion of this negotiating? It can be found in another bullet:

[The signatories] expressed strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance.

This sentence doesn’t mention the NSA but it’s totally talking about the NSA.

The NSA leaks, says Froomkin, have “become a way for a lot of different agendas to meet.”

Many groups have something against the U.S.: “You’ve got all the countries who are unhappy about the NSA’s surveillance. You’ve got all the countries and parties who were unhappy they didn’t get everything they wanted in the last round, in terms of independence. And you have ICANN itself, which is always trying to get out from any control over its behavior by anybody.”

Milton Mueller, the Syracuse professor, agrees: The statement constitutes “the latest, and one of the most significant manifestations of the fallout from the Snowden revelations about NSA spying on the global Internet.”

So this statement is tied to the NSA. But it’s not entirely provoked by the NSA. Rather, it lets countries (with their own spying services) and companies (who often want more freedom on the web) complain about the U.S.’s small corner of Internet oversight, and possibly find a reason to re-negotiate with the country. 

But if negotiations restart, what will ICANN go to the table to seek? And what would replace the U.S. in overseeing ICANN?

“What you’ll notice,” says Froomkin, “is that the resolution is pretty vague about what’s going to replace the U.S. in terms of controls.”

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.