The biggest threat to your online rights isn’t Facebook or Google, it’s something you’ve probably never heard: internet protocols. Dense technical documentation, international legalese and working groups may sound like snoresville, but these protocols underpin how the internet works. And they are at very real risk of capture by autocratic despots.
The early internet was a pretty innocent undertaking. Its architects were similarly-minded, collegial academics scattered across a range of elite universities and defence science laboratories. They knew that computers needed a common language, a common series of rules, if they were ever going to be able to talk to each other. There were a number of competing visions, but one protocol eventually won. It emerged to define the internet: called TCP/IP.
Transfer Control Protocol/ Internet Protocol. Even its name is unimaginably boring. Hardly anyone knows how the protocol works, and the vast majority of people who rely on it every day don’t know that it exists. But this tangle of code is undoubtedly more important than any law, any charter or covenant, for enshrining the rights, at least online, that you enjoy today. Just a series of rules, TCP/IP was written into the way the internet worked, and it reflected that innocent time.
The internet, TCP/IP says, must be free to use. It is a network that any computer, anywhere can join. All the data that passes through the internet, it says, must be treated equally, and computers are entirely disinterested about what that data is. And because of the way that it works, the internet would have no reigning authority or centre. No-one would be – really could be – in charge of it. It was a vision for a free-wheeling, open, democratic network of networks.
As the decades have passed, however, the internet has grown beyond the wildest, most unguarded imaginations of the people who first built it. From an innocent network of researchers, it is now more likely to be seen as a playground for hate criminals, information warfare officers and organised cybercriminals.
And yet TCP/IP has maintained its innocent outlook, still letting anyone join, still treating all data as equal still, essentially, trusting people to be who they say they are. Its architects might have imagined the internet as an escape from the tawdry geo-political struggles that blighted offline life, but it is now a key battleground where those very conflicts are being fought.
As the internet has fallen from its state of innocence, protocols – those powerful, forgotten, mysterious things – are now part of that struggle. There is now a competitor to TCP/IP, a very different kind of protocol, that has been rising in popularity.
It is called Digital Object Architecture, or, another acronym, DOA. Created in the 1990s, by one of the original inventors of the internet, Bob Kahn, DOA has another way of managing information. Unlike TCP/IP, data isn’t anonymous. Everything on the internet gets its own, unchanging digital fingerprint, whether a device, document or a person. Everything gets an identity number that doesn’t change.
DOA has been used to manage libraries and online academic repositories. But it is now being proposed to make the internet more secure. Forged identity is one of the main reasons crime is so easy to commit on the internet, and DOA would likely help change that. A hacker would struggle to impersonate you, because they wouldn’t have your unique identifier. Likewise, a fraudster would struggle to pretend to be your bank. Your financial records, your medical data, your social media profile – everything could be tagged to ensure that only certain people could look at it. It would weave identity and security into the fundamental way that the internet works.
For its backers, however, DOA may solve an even bigger problem than cybercrime. The internet, as it stands, has always been very difficult for states to control. In order to work, huge databases may have to be built, where every digital object is uniquely tagged, and where information is added, tracked and queried. Whomever controls the DOA registry becomes the centralised gatekeeper to all the information, resources and devices on the internet. It would create an unprecedented concentration of power to control and manage online life. And who would probably own the DOA registries? Governments.
There are reports – confirmed and unconfirmed – that DOA has begun to be rolled out. China may have been in 2014. In May 2016, the Russian Minister of Communications Nikolay Nikiforov, “Russia is interested in designing alternative ways of addressing on the internet, such as the DONA [an authority to implement DOA]”. On 16 October 2016 South Africa an agreement to use DOA. It’s not clear who else is using it, and that, of course, is part of the problem.
Human rights always exist in tension with one another, and these protocols that run the internet are at the very centre of one of the most important of these tensions. It’s a lot harder for any State to control an internet governed by TCP/IP, but it’s also easier for criminals to flourish. DOA would likely make cybercrime more difficult, but the price would be that governments would have a level of control over digital life that at the moment they simply do not have.
This is a big deal. Different governments will take different views on the right protocols for the future. Western governments will probably give DOA a wide berth, whilst others have already adopted it. If that’s the case, we might be heading towards the ‘splinternet’ – a fracturing in the basic way that the internet works across geo-political divides. Some countries will use one protocol, and others another.
But underlying any kind of geo-political fracture in the internet is, for me, a more fundamental concern. Historically, human rights need to be protected by more than governments. They need high public visibility and the aggressive, vocal advocacy of civic society.
Internet protocols may become one of the most important battlegrounds where we fight for our online rights, freedoms and responsibilities. But surrounded by an alphabet soup of international agencies, legalese and impenetrable technical verbiage, they are difficult to explain, to understand, to raise any kind of awareness about. For all but a small handful, they are simply too impenetrable and boring to feel angry about. And that is a huge, huge danger.