[discuss] we need to fix what may be broken

Carlos A. Afonso ca at cafonso.ca
Wed Apr 16 16:38:39 UTC 2014

Dear Parm, I am sorry to tell you it would be impossible for the EMC to
simply copy-and-paste the Delhi Declaration into the documents for

These docs are the result of weeks of pluralist (won't use
"multistakeholder" because the word has been submitted to exhaustive
exegesis and the result is agreement on not agreeing...), intensive,
international online work of EMC in bringing together more than 187
contributions. And now we submit them for comments on a very open basis
(all one needs to know is primary school arithmetics to pass the test
and send the comment).

As to my list of symptoms that something is fishy in, let me say,
technical layers' coordination, they are just a list of symptoms and an
alert that something ought to be done in tackling the situation. I am
not authoritative enough to propose solutions which would pass the
stress test of the ensemble of expertise in the I* realm. But I do know
there is a pressing need to advance on this.

I hope from NETmundial solid and *consensus* propositions can emerge in
the roadmap, as well as in the set of principles.

fraternal regards


On 04/15/2014 11:59 PM, parminder wrote:
> Dear Carlos
> You list an impressive set of issues that need fixing, and of course
> these are only illustrative of the larger issue - that technical and
> business decisions about the Internet have become so important to our
> societies today that there needs to be some way to incorporate public
> interest in them.... Perhaps, a formal way to do so, but you may have
> different ideas...
> I will certainly like to know, having described the problem so well,
> what do you suggest as a remedy, or even the directions towards a
> possible one. The draft netmundial document to me does certainly not
> open up any such direction, much less bring up a remedy... Isnt these
> kind the key global Internet governance issues that people seek
> resolution of, and not trite statements that the Netmundial doc is full
> of, although, at another level, I would say, hardly innocent ones, but
> lets not get into that.
> So, basically, how are we moving towards fixing what so convincingly
> show needs fixing?
> (And I hope this falls in the category of 'good comments' that you were
> expecting :) )
> Thanks and best regards
> parminder
> On Wednesday 16 April 2014 03:17 AM, Carlos A. Afonso wrote:
>> Dear people,
>> I recall our discussions with folks in the so-called "technical
>> community" between IGFs 2006 and 2007, in which the mantra "do not fix
>> what is not broken" was used to convince us all that management of the
>> logical infrastructure of the net should not be even considered as an
>> Internet governance topic in the IGF dialogues (and this with the IGF
>> prohibited from making recommendations). Thanks to pressure from sectors
>> of civil society and the government of Brazil (host to the 2007 IGF), we
>> finally managed to insert the theme in the IGF agenda, but it had to go
>> under the disguise of "critical Internet resources".
>> A bit more than six years passed, and what we see? Relevant and
>> frightening examples of the frailty of the current "governance" or
>> coordination model of the network -- mostly in the expert hands
>> basically of the I* group of entities and forums, which goes beyond just
>> names, numbers and protocols, and badly in need of fixing (and I assume
>> that the fix in general will involve more than just technical
>> coordination measures):
>> - The net was revealed as incredibly vulnerable by the revelations on
>> NSA surveillance, and we discovered that the NIST was at cahoots with
>> the NSA in "backdooring" the cryptographic systems.
>> - The IPv6 transition was literally abandoned by Icann. This on the one
>> hand is good, since I am one of the people who defend the
>> decentralization of Iana functions, and the RIRs structure works
>> technically quite well. But they cannot carry alone the burden of the
>> political/economic aspects of this transition. A more assertive Icann
>> (and other stances, such as the ITU pressuring their clients, the big
>> telcos, and equipment manufacturers taking the transition really
>> seriously) would have helped avoid this situation of crisis in the
>> addressing system (just read the situation papers and strong alerts by
>> Geoff Huston), which by the way increases vulnerability of the net with
>> improvised concoctions such as CGNAT and so on.
>> - The OpenSSL memory leak bug was sitting in our servers for years, to
>> the joy of NSA and similar peeking folks, and this is an open source
>> system maintained by the "technical community" -- supposedly, open
>> source code is there to be verified, double-checked etc, particularly
>> such a key security element of the net; there is nothing more disruptive
>> of the net security that we know of since the net became so pervasive
>> worldwide; I operate a very small non-profit Web service and am
>> horrified by the implications of this failure to verify the code.
>> Literally no one could know how far their servers' data have been
>> compromised after Heartbleed was sitting there for so many years -- and
>> who knows how many servers are still in need of patching.
>> - Now Yahoo decides unilaterally to implement an email verification
>> feature (DMARC) which is still in beta, affects all its users, and even
>> the implementation they did is not clear, as Miles Fidelman verified,
>> and I quote: "They knowingly did massive damage, published some
>> suggestions on how to mitigate that damage - using a capability defined
>> in the spec. that they deployed - then say "we don't support that"."
>> - And there are signs that Gmail may be taking unilateral measures as
>> well (not clear yet what is being done), as suspected recently by Lauren
>> Weinstein.
>> In the last two cases, there is a caveat -- they are free, opt-in
>> services, no one is required to use them to be on the net. But hundreds
>> of millions of users rely on their services, and these users are
>> basically "voluntary shareholders" of them, as the profiling of their
>> presence adds revenue to the respective companies -- but they are a
>> special kind of shareholders whose share just earns them unlimited mail
>> and social net services' use in exchange for their profiling. Someone
>> described these users as "products", which also makes some sense. And
>> the central fact is that these unilateral measures (using features which
>> the "technical community" describes as still beta) impact on hundreds of
>> thousands of email and listserv services worldwide, even on their own
>> users (!), and their response seems to be "this is what we are doing,
>> sorry".
>> The OpenSSL failure is so incredibly disruptive that some entities who
>> have Web sites in our servers are happy they never used SSL -- their
>> argument is: "if I had SSL, it would attract peekers thinking that,
>> well, this site uses SSL so there may be something worth mining there...
>> and it is easy to mine!"
>> Frankly, there are things scarily broken in this "governance" or
>> coordination system (and let us recall that coordination does not
>> necessarily mean centralization), and I hope NETmundial will provide an
>> opportunity to dialogue on what to do. It is the billions of Internet
>> users who are expecting us to do something better.
>> fraternal regards
>> --c.a.
>> Carlos A. Afonso
>> [writing in my personal capacity only]
>> _______________________________________________
>> discuss mailing list
>> discuss at 1net.org
>> http://1net-mail.1net.org/mailman/listinfo/discuss

More information about the discuss mailing list