'Governments taking power of the internet is wrong'

Steve Crocker is one of the unsung  founders of the Internet, coming on the scene  in the “postpartum” period of the late sixties and early seventies. In April 1969 he signed for the first RFC, that would become the official internet document and  thousands more would follow. Recently he was included in the Internet Hall of Fame in Geneva as one of the fourteen pioneers of the Internet. Currently, he is perhaps better known as Board Chair of Icann since 2008, the global organization of domain names and Internet governance. From  2002 – 2008 he led the Security and Stability Committee of Icann. SSAC . Crocker is also  businesswise active in security research for the Internet.

Being a member of the Hall of Fame means you're famous now as an Internet pioneer?

"It just happens that I was there at the right time at the right place. I was engaged in computer networking from an early age. It's related to what I did a long time ago, but it's very nice. And it was nice to be there with friends together in Geneva.  It's also nice because your children can read about you in the news."

Is that what it means to you, or is there  more?

"…It's an interesting question. I…I have a very strong resistance to touting one's own celebrity. It distorts reality a little bit. At the end of the day we are all more or less of the same. We put our pants on one leg at a time. The business of identifying individuals as very special or famous has a purpose. It's useful to create role models and inspiration, but it can be taken a bit too far. I do find it enjoyable, no question about it, and I'm not terribly embarrassed. There no dishonesty about what we've accomplished, but it also doesn't make us all that much different, and in many case there is a certain amount of luck involved,  accidents, things working out.

There can be equally good people standing right next to you, but suddenly the light shines on you and doesn't shine on them. And you think 'mmm…that's nice but not necessarily as meaningful as it's made out to be afterwards. You just try to go on with it, to enjoy it and use it in constructive ways."

Is it just by chance, or did you see a strategic direction for yourself?

"No, some people might have had a strategic direction. In my case, I wouldn't say it was strategic at all, but opportunities and interests and reactions to it paved the road. The only strategy is having some feeling for what you think is important or useful, but not in an organized sense of saying: I'm now here and I want to go there and I have to do this and I have to do that in order to get there. You take each step in its own right. Then you look back and say: 'Oh, that was interesting'.

What was the contribution of the Advanced Research Projects Agency (Arpa) of the U.S. Defense Department in those early days of Arpanet?

"In the late 1960s, ARPA consisted of about 150 people and a total budget of about 200 million dollar per year. These funds were spread across six offices within the agency.  The office that funded advanced computer science work was known as the Information Processing Techniques Office.  It had approximately six people, including secretaries, and it spent between $25 million and $40 million per year, as I can recall. The Arpanet was initiated out of this office. The office worked with the community of computer science research laboratories around the U.S. to formulate a plan, and then it contracted with the company Bolt, Beranek and Newman to build the routers, then called Interface Message Processors. IPTO also contracted with AT&T to provide high speed circuits to connect the IMPs. In those days, 'high speed' meant 50,000 bits per second.

The initial set of locations for the Arpanet were the university and non-profit laboratories who were already being funded by the same office for research in various areas of computer science. Arpa/IPTO had formal contracts with fairly precise specifications for the leased lines and the routers. But they did not attempt to specify how the laboratories would use this network. Instead, they left it to people at the laboratories to work out the details.  I was one of the graduate students in the laboratory at UCLA.  Along with others in our laboratory and similar people in the other laboratories, we worked out the original set of protocols and applications, and we also made sure there was room for others to expand or modify what we did. The intended purpose was to facilitate sharing of ideas and the development of cooperative work across the laboratories.  The network made it possible for people to work together across organizations, and it made it possible to share resources."

Now that you look back: what are you most proud of developing the internet?

"When the Arpanet was being planned I was at UCLA which became the first node. I was working on other areas of computer science. I was very interested in artificial intelligence, trying to make a computer smart. But I had quite a lot of experience as an undergraduate, compared with others, in programming. I was a decent, pretty good programmer. I knew a fair bit about computer and their operating systems. So when the decision was made that this network was going to be built, with the sites at UCLA and three others, we could see that there were some open problems that needed to be solved. How are these computers going to connect to each other? What kind of agreements will we have? And there was no organized plan. It was left to the initial users to figure that out. And within each laboratory the heads had their existing agendas, so they delegated the network questions, almost by default, down to graduate students or second level employees."

Really?

"Yes, it was almost neglect. It was either extremely smart on the part of the people doing the planning or an oversight. I think it was smart, actually."

Really?

"Yes, because these weren't ordinary laboratories, but places where advanced computer science was going on, with very good talent. Smart people. I'm not talking about myself, but the collective people. So we started by saying this can be very easy, but limited, or we could have a bigger vision, but very hard and complicated. How do we get a mix of both? So we decided to establish a framework, a minimal set of activities that allows others to build on it. We built  minimal pieces so that others could build upon that framework.

So we had a kind of rough shape, but not the details and no design of the whole thing by ourselves. Other people would come in over time build it up. These discussions of 1968, 1969 led to the open architecture that has been the hallmark of the Internet and made it possible for the more spectacular improvements to come from places that you never had expected…."

Like?

"In 1968 we already had working models of hypertext links, a mouse and keyboard and graphics in special laboratories. But we didn't have it come across our network. So the idea of what became the world wide web as a concept was not all that new. The idea was brought to life by physicists in a Swiss nuclear facility 24 years later, but was not part of the original plan.

We had experiments with voice over the internet in early stages of the Arpanet at Harvard University with Danny Cohen. But there was not the slightest idea that in a tiny Baltic country that was earlier under control of a communist regime a program like Skype was invented that we would all use on a daily basis. The idea of building a database with the web and algorithms in a multibillion company called Google was not part of the plan. The idea of keeping track of the relationship status of undergraduates which would grow to an extraordinary large company like Facebook was not on our drawing board .

Nobody can say: ‘That should not have happened. We should have been in charge of these developments.’ It needed to be open so that those kinds of surprises would be possible."

When did you see this would be something great?

"Right away actually…"

Really?

"Yes…but one must be careful about this. I don't want to make  sweeping statements. We had the good fortune of having access to the best research in the U.S. in computer science. We could see artificial intelligence research, graphics research, database research, the beginning of supercomputers and good work was happening in different labs across the country. We knew those people and could interact with them. Those were the blueprints which would become more commonplace years later.

So pick up an iPhone today and there are very few ideas in there that we didn't see coming already. But having them available for everybody at a minimal cost fitting in your pocket; that was some distance away.

I wrote a short memo in roughly 1973 about having a map of the world with which you could specify how much detail you wanted to see. I was working at ARPA, the funding agency at that time. So I went over to the mapping agency within the U.S. Defense department.

They were still working with cameras, photographs, copper sheets, large processes. They needed 18 months to produce a new map. I had the idea of digital map when there was still a huge gap between what was already in my head and what is really possible today sitting at our desk. The concept was there, the technology and business models were not ready. We could see pretty far ahead, but of course we didn't see Google and Facebook coming."

Next steps

If so, I should ask you, what's next?

"If I had said that everything is proceeding exactly on schedule, I could give an answer like: just wait and see. Another field which we could see arriving was speech interaction with computers."

Which has been predicted for decades, developed for decades, but coming very slowly…

"Indeed, but we now see people talking to their phones with questions being answered, in a rather simple form. Not like people talking to each other. Speech recognition will be an 'overnight' forty or fifty year success, as we say.  It sometimes looks like it came soon, but it took a long time. That makes a difference."

Next step, we don't have to talk at all, we exchange brain signals…

"Yes, there has been work on interfaces to neurons, implantations.  It’s an outrageously  hard field. Let's make it simpler: your recorder here records our conversation but could give signals when text is not exactly captured. It may not have been understood. If this device listens carefully and says: “can you repeat that?” or even; “why did you say that because this doesn't make sense with what you said before.” Computers helping you, not impossible to imagine."

Networking was a huge success, but AI not so far…

"Yes and no.  The original vision was a humanlike computer, but bits and pieces in a very different way originally conceived of. For example in MSWord, marking spelling and grammar is built in and nobody things about it."

Language translation is one of the wonderful things of the Internet, although not without mistakes…

"Exactly, but the techniques used are very different of what was originally envisioned as carefully built dictionaries. Now you build experience from very large databases of translated text. Is that artificial intelligence or not? It works pretty well. Some pieces of AI are pretty good working in other ways than originally considered."

What were the high and low points in you technical career?

"The high point was definitely the Arpanet, because is has become successful and so meaningful. But we missed the mark of some of the security aspects."

Where?

"In many ways. The systems that we built were fragile. They can be broken too easily. I now think we were too tolerant. We should have been more demanding with security. We don't tolerate automobiles breaking down as easily as our computer systems. Over time the public has demanded more reliability of cars. You can drive thousands of kilometers without any problems if you do the proper maintenance. Today you have a computer and less of confidence that it isn't broken and not going down and so on.

And then you have these terrible mechanisms like passwords to deal with. It's a misuse. We are being used as servants of the computer instead of the other way around."

Totalitarian regimes and the Facebook passport

The Internet allows regimes like China, Iran etc. to control it, to shut it for foreign websites. Could you have built a system without being able to censor and misuse it so easily?

"There are boundaries here. We have a complex society and some of the problems we see on the Internet reflect the complexities in our society. If you want to prevent countries from interfering with traffic, where to do you draw the boundary? If you could do that, how about other limitations?

You could simply say: no communication outside of our country, only within the country. The problem is if you want to prevent all those abuses you take away positive possibilities as well. Where do you draw those lines now when more and more of the problems of society come to the Internet? People get bored with this discussion, but there is no escape from it."

Could you have made the internet a safer place at some early point, maybe with some less possibilities but safer?

"I think if we had built stronger identity and security mechanisms we might have had a higher degree of responsibility. But then other people would say: anonymity is very important. That needs very careful discussion."

What's your personal opinion about anonymity?

"I think there are arenas where anonymity is important, but I don't think it's the right thing to build anonymity build in the bottom level of the internet. An analogy is in regular society we use intermediaries. You can write in a newspaper where a source can be anonymous, go to an attorney who secures your anonymity, or use certain trusted organizations.

But in general when you move about in society you have to be responsible for your actions with your own identity. Generally you don't hide. In the U.S. and various other countries there is an extremely strong tradition with free speech. You can express yourself but it doesn't say you have a right to be anonymous. That's a big distinction."

So Facebook is offering a de facto Internet passport. It identifies everyone, also on 3 million third party websites. Is this a good development?

[Laughing loudly]: "So again, this is a bit complicated. On the one hand Facebook is big enough to prevail with identification. But on the other hand there is a strong concentration of power, with what kind of governance?

What kind of alternatives are there. If Facebook's policies become unacceptable, what do you do? An identity that you can use across multiple places is good, but e-mail identity turns out to be one of the more common things. It's hard to predict how this will evolve. To develop this a bit more, basically without the power of one or several companies would be a challenge."

Governments and ITU

Will it become part of a UN organization like the ITU which has already wanted to incorporate Icann for the last 15 years?

"We do everything we can to build institutional stability and strength, so it will keep its position in the next ten years. I hope that it becomes less interesting in a way. People know what it is, it's stable.

The ITU is a different kind of question. ITU was founded some 150 years ago, became part of the United Nations and a treaty organization.  It’s government dominated. It’s difficult to get decisions made. It's not as open as the Icann, not multi stakeholder."

But if states want to take over internet governance they maybe will try to do that via the UN and ITU?

"That's the concern. That wouldn't necessarily serve their real interest in my view and according to many others. It would be the wrong thing to do, even from the perspective of the governments. The internet brings huge economic improvements in a country. One of the focuses of the ITU is to make settlements and rules. But the amount of money in the internet itself is tiny compared to the gain of the economy at large. You get a kind of narrow, short-term focus versus against a much longer term situation which we enjoy now."

In the Netherlands the national organization for domain names signed an agreement with the ministry of Economic Affairs for some coordination and how to deal with the government. Can there come an agreement between the UN, ITU and Icann?

"We definitely want governments around the world, including the developing countries,  to feel comfortable and be well served by Icann. There is substance and there are appearances involved. Sometimes those appearances are much bigger issues that are not part of the Icann but part of a convenient proxy. We have to work our way through that process."

There is a growing influence by governments, although in the Icann board with 21 members, governments have only one seat. Is that sustainable?

"I never looked at it quite that way. First, Icann is always viewed as being more important than it is. Is actually has a relatively narrow mandate. What makes it look big is that there could be other organizations that deal with other aspects of the internet governance.

But there are so few of them in internet governance that we're standing alone where there should be other political organizations. It's a vast desert with one little structure in the middle that everybody focuses its attention on, it instead of building more structures there.

Within the Icann there is the Governmental Advisory Committee, or GAC, with representatives of all the governments.  The real power is within the GAC. How they operate, what they want and discuss.

The Board role is to oversee the entire process and not make its own decisions, appoint the CEO, approve the budget and so on. All the real work including all the policy development takes place in the different Icann groups and in committee meetings."

But there is a kind of Trias Politica underlying the Icann and internet governance: it started with the community which was very strong, business came in and took over power, and afterward governments demanded more influence. Is there still a good balance, or are companies and governments taking over power?

"My colleagues from civil society would see themselves as a fourth party. Various non-profit organizations and so on, like privacy organizations. Yes, you can place them within the community, but they are non-technical while the community from the early days onwards is technical in origin. This distinction is important.

But I like the history you are drawing of influence factors within internet governance and so on within  Icann. For companies it’s clear what they are driven by. They are extremely important because they provide the engine for growth of the internet. They pay us where necessary. We also understand the potential excesses so you must control competition and protect against too much concentration of power. Books about Google and Facebook are dealing with the limits of those companies.

Governments are more interesting in a way because they are in a state of evolution. Even within every government, every country there are different opinions about regulations and governance. There are tensions within and people  come together and express different views. So we are in a maturation process. Governments also have agendas that are not just single focused.

Although important, the internet is still not a top level issue in international politics. It's a part of bigger agendas. You have the tension between developed and developing countries, North and South. Geopolitical tensions rise and the internet is used as a pawn in those discussions. Some debates are about internet issues; in other discussions it's not the development of the internet itself which counts."

For example the claim of foreign minister Clinton who wants to provide people in other countries secure communications to use against their regimes…

"Yes, and you can imagine how countries react that feel threatened by that policy. The internet is just a tool in these bigger discussions…that's complicated, really complicated."

Sex and company suffixes

You just said companies provide funding for Icann. The amounts become bigger and bigger, for example 185.000 dollar to pay for a new top level domain. Icann has spent half a billion dollar over time. Is Icann becoming a money sponge, a bit greedy?

"We hear those things sometimes, we've been accused being focused on money. But I’ve never heard the half a billion figure. It was small in the beginning and grew to 60 million per year now. But we are non-profit and not distributing money to shareholders."

But about 100 million dollars in the bank. Various expenses within the budget for next year are rising by 20 to 40 per cent, while inflation is 3 per cent. Are you living on big feet?

"Costs are growing fast, with our tasks. We have a job to do and part of the job is to be pretty stable so nobody has to worry about if we can still do their job via the internet the next day. It's important to be solid enough that companies and governments can trust the domain name - and addressing systems. We must definitely be very reliable with the fundamentals of the internet. Every organization and every individual depends upon this stability. If a disruption happens the cost would be enormous, nothing compared with the 100 million dollars you mentioned."

Now only huge organizations can buy top level domains. Will they in the end be available for little companies at a little cost and even people like you and I?

"Cost will come down and more companies will apply for the new top level domains, but not to an enormous level. Under .com a hundred million names are registered. Are we getting 100 million new top level domains? No. A few hundred, or a few thousand finally? Yes. Hundreds of thousands? Probably not. Some persons will be able to afford it as well."

Icann introduced a xxx top level domain for sex sites. Was that, perhaps, a mistake?

[Loudly laughing] "The answer can only create trouble for myself, either a 'yes' or a 'no'…Certainly is was controversial. I think that is less trouble than the critics have suggested, and less of a solution than it's proponents have suggested. It falls into the category of one of these debatable things.

I don't think it's harmful. Arguably a purpose of having a domain like that is to make it clear to anybody seeking access there’s a warning sign. It's both a positive and a negative sign for surfers at the same time. In many countries you have the ratings on movies, as a compromise between outright censorship and free distribution. Some people search for the rating because they want to see sex or violence, others, like families, avoid films with the rating. That's close to the intention of the xxx-domain."

But you're dealing with content, not the area where the Icann should act, perhaps?

"Well, that's interesting. Icann is not dealing with content, but xxx is dealing with content. Icann simply permitted .xxx to be one of the many domain suffixes."

But allowing specific content areas to have their own domain spaces like .xxx and .travel etc. doesn't work very well…

"We experimented with sponsored top level domains for specific areas. The experience in general has taught us that this is not a sufficient strategy.  We created more and more of these kind of problems. That finally led to the broad opening of the gTLD-space. We wanted to be supportive of specialized communities, but as we discovered the hard way, it put us in the middle of too many decisions and ongoing compliance and enforcement issues.

The business models also changed. Some of them discovered that the original plan didn't work so well. They want to make changes and we had to approve them, which is a terrible business to deal with. It's better covered with the idea of an open area."

Better security

What strategy does Icann have with the roll out of DNSSEC to end users and what are the effects for hosting companies?

"DNSSEC is a subject close to my heart. We want DNSSEC to be universally deployed, with a signing and checking process. We actually don't want end users to have to be involved. We want it to be a silent service under the covers and provide a high degree of assurance that when someone seeks an IP address for a domain they’re sure they will be connected to the right domain.

Imagine the signing side and imagine the checking side, the validation. At the top level things are moving forward. The next level is getting enterprises signed. At the validating side we are in the early stages. A little bit of validation takes place. We need ISP's and developers of end systems like browsers to incorporate that process in the early stages. So we want both to move forward; enterprise signing and validation. Icann's role has been very strong in getting the root signed and encouraging top level domains to be signed. For the other parts, Icann can't do it by itself, though it can advocate the process."

Is that enough?

"Well, it's not Icann's job to do it. Many other parties are involved. For example the country top level domain organizations have much more direct access to this process. It's getting their customers, the enterprises, to be involved. It's better to do it on that level."