Does The Internet Need A United Nations When It Doesn't Have A First Amendment?

Print This Post

68 Responses

  1. Clark says:

    If you care about free speech on the global internet, not just your provincial American corner of it, consider writing or calling your Congressman and Senators, and asking them to assert their authority against this ill-advised decision.

    Yeah, that'll work.


    Thanks, Patrick.

  2. Clark says:


    Your move.

  3. Charlie says:

    I expected better than to see an article here state that removing a site from major DNS servers will render the site "may as well as no longer exist".
    If that truly becomes a global (as opposed to merely national) problem, alternative DNS setups will be created, and one can always fall back to domain hopping. The Pirate Bay has experienced multiple unsuccessful attempts at blocking it via DNS blacklisting, and is still very much active and running, and accessible from mostly everywhere. Another example is Turkey's recent half-assed attempt to block Twitter, where the ISPs' poisoned DNS servers were trivially circumvented by using an alternative (Google) DNS server.

  4. I do believe that the American constituency for spying on everyone in the world is rather larger than the constituency for giving Vladimir Putin and Xi Jinping a say in domain name registration.

    A shame, but I'll take what I can get.

  5. Clark says:


    I expected better than to see an article here state that removing a site from major DNS servers will render the site "may as well as no longer exist".

    I'm with Patrick here.

    When the UN takes a site off the Global DNS, you or I could still get to it.

    My mom can't.

    For that matter, 99% of the people I know can't.

    And even if 3/4 of us could get to it, you've just chilled speech and behavior, because no one wants to risk that their site will be black-bagged and Gitmoed.

  6. I expected better than to see an article here state that removing a site from major DNS servers will render the site "may as well as no longer exist".

    I expect better from our commenting audience than non sequitur cryptoanarchist glorification of the Pirate Bay. Like you, I'm doomed to disappointment.

  7. Charlie says:

    I fully agree with you that implementing such a block would chill speech, as it already has in multiple cases of DNS blackholing by many different parties.
    What I dislike is the usage of extreme (imo) hyperbole on the topic, as a mere DNS block would do little more than inconvenience someone who is sufficiently determined to get to the site. I find it analogous to saying that erecting wall around your yard would render your house impervious to burglars.

  8. Charlie, are you seriously suggesting that if, for instance, Popehat was removed from DNS the site would have any meaningful existence?

    I mean, I'd know how to read it. Clark would know how to read it. You'd know how to read it.

    But Ken wouldn't, nor would 99.5% of our readers.

  9. Charlie says:

    Yes, I would seriously suggest that. I have more faith than you seem to have in the general technological competence of a group (in this case, Popehat readers) that is relatively far better educated than the general public. I don't find the act of changing a DNS server to be an extremely difficult task. I know my grandfather (who lives in China) knows how to use my SSH server to bypass the Great Firewall of China (which is a task I would rank as considerably more difficult than changing DNS servers).
    Blacklisting a site from DNS is an attack that has already been carried out and circumvented multiple times by internet users, and while it would certainly be a deplorable thing to do, I disagree that doing so would be particularly effective as a means of censorship (as compared to, for example, raiding their servers or physical threats).

  10. Charlie, please don't take this as an attempt to besmirch the technological competence of Popehat readers, but:

    I have access to the site's referral logs. I may know something you don't.

  11. Charlie says:

    You mean this ?
    I might be seeing your point

  12. Chad H says:

    Personally in comparative constitutional rights, I go for the North Korean Constition. It guarantees a fair trial, but North Korean law also makes judges criminally negligent for coming to the wrong decision.

    So guess why they always seem to decide in favour of the prosecution?

  13. John Cain says:

    I thought Russia and China wanted this responsibility transferred to the ITU at the UN, and that's not what's happening here. ICANN still exists. Or am I missing something?

  14. Personally I think the "Stalin Constitution" of 1936 was the most progressive document of governance ever written. In addition to freedom of speech, religion, education, assembly, inviolability of the person, scientific activities, and economic activities, it guaranteed citizens the right to leisure.

  15. John Cain, did you know that ICANN is a contractor to the United States Department of Commerce?

    When it's a contractor for "global stakeholders" including the Russian and Chinese equivalents to the Department of Commerce (or to Kaspersky and Sina Weibo), is it possible that its priorities may change?

  16. Bruce says:

    Aussies are not an ally of free speech, internet or otherwise.

    We keep electing nanny-statist goons that want to block/filter/monitor everything "for the sake of the children". They would love to have the keys to lock out those they dislike.

  17. Grifter says:

    Whenever things like this come up, I'm always confused as to who possibly actually thought it would be a good idea?

  18. "glorification of the Pirate Bay"? Is this some of your Earth wacky self-referential humor?

  19. Mark Koskenmaki says:

    As someone said, it's always possible to start up an uncensored DNS. Really, it isn't hard at all. The question is more along the lines of whether OUR government will enforced other nation's attempts at domain squashing or site squashing.

    That is, if China wants "" blacklisted, will Washington DC demand it be silenced as well and enforce said blacklists here? Normally, I'd say not, but the deference our government has recently for accommodating tyrants, I'm not so sure we'd not have to battle our own government, as well.

  20. Kelly says:

    Speaking as someone who's been on the Internet since the time DNS was invented (1985), I'm not particularly concerned about turning over DNS TLD management to non-US folks. Even if this means that eventually prevents someone from registering parody or protest domain names.

    Mostly, this is because I'm less interested in the NAME of some host on the internet than the content or services that host provides. To a lesser degree, I believe there are viable short term (host your protest or parody content under an acceptable domain name; publish a URL instead of an English-readable URL) and even long term alternatives to DNS (e.g.

  21. "Speaking as someone who's been on the Internet since … 1985."

    Would I speak with more authority to to you if you knew I'd been on the Internet since 1983?

  22. C. S. P. Schofield says:

    As an amateur student of history, I believe that turning anything important over to "The International Community" is about as intelligent as turning over a gallon of nitroglycerin to a six year old.

  23. Brian says:

    I don't see a need to get worked up, especially before we know who the "stakeholders" are. Even without establishing a new root zone, DNS servers can (and do) selectively ignore entries in the root, or changes to them.

    Although the change does seem pointless.

  24. AlphaCentauri says:

    I think part of the impetus is that the US has already been using DNS to kill sites owned by people outside the US. While we have good protections for free speech, the US government does not provide much protection for website owners accused of things like intellectual property infringement. "The international community" is concerned they've got all their eggs in one basket.

    I don't anticipate that internationalizing control will result in a single country being able to project its own restrictions on free speech onto the citizens of other nations. What I do expect is less ability to address illegal activity that uses the internet to cross borders, as there will always be a country willing to provide a secure home to unsavory activities so long as they only bring in cash from other countries' citizens.

  25. Fnord says:

    If popehat alone were removed? Or if controversial sites were removed frequently?

    Those are different questions, because the greater the magnitude of the problem you suggest exists, the greater the incentive for people to learn to use alternative systems, and the greater the incentive for US companies to provide user-friendly solutions.

  26. Bobby Zimmerman says:

    End result: Balkanization of the network. Multiple root servers, number space conflicts, lots of fun for all…

  27. Robert White says:

    How I would rearrange DNS now-a-days:

    (1) DNS would be a Distributed Hash Table P2P operation a la "magnet links" in Bittorrent.

    (2) Every peer communicant on the "Backbone" of DNS would need a public key. This key would mostly be used for signing the transmissions. By this means a bad actor could be pseudo-banned by having his key banned (possibly along with his IP address). Sure, this isn't armor, but nothing is armored in P2P applications.

    (3) Each entry in the DNS system would have it's public key, that key's finger print, and as many of the related resource records as desired, all signed with the public key.

    (4) Only the public key, and to a lessor extent the key fingerprint, are known unique. Other names e.g. macdonalds etc., can be listed by as many people as care to construct and submit a well-formed block. The domain names become useful but not unique identifiers.

    Under this system:

    People would quickly adapt to the fact that names are not unique nor protected. "Robert White" isn't uniquely me, why should McDonalds be uniquely them? There just aren't enough words to go around this way on the internet. Names as unique keys just cannot keep up.

    Organizations could issue QRCodes or whatever on their business cards or on other important communications that contain their key or key fingerprint. Links in documents would also point to that info. So http://big-hex-number-here becomes the only way to know for sure you are getting a unique whatnot. Once you have gotten and bookmarked the right top level stuff you are golden, inside those documents they should be using the same kind of "I know who I am talking about" links, or on-same-page links.

    If you enter a name like "Pope Hat" (we don't need the .com or whatever any more) or "McDonalds" your browser would give you a list of all the sites that match, optionally preferring one you have bookmarked because it's already in your browser. Meanwhile if there are a bunch of detractors or even fans of "name" you get this self selected list of topical groupings.

    If someone is banned by you personally, you'd be blacklisting their key and after that it would hide _all_ their DNS listings till they went with another key.

    Keys could be revoked in the normal Public Key Infrastructure (PKI). DNS nodes would naturally drop any key that they found was revoked.

    Keys naturally expire in PKI anyway.

    Businesses like become impossible, as does domain squatting.

    The DNS system becomes its own distributed search engine type technology for core terms.

    The technologies are all well understood. Names wouldn't be assumed safe any more, but that's life isn't it…

  28. Allen says:

    Given our national debt isn't China already a stakeholder in the US Dept. of Commerce?

    Hell, turn it over to the UN. Then we can all be Josef K and discover the process. Which is probably where we are headed anyway.

  29. When I hear the word stakeholders I reach für mein Browning.

  30. Anonymous says:

    When I hear the word stakeholders I reach für mein Browning.

    I literally have a document open right now with the filename "Stakeholders.txt"

  31. Cat G says:

    Stakeholders is a dirty way of saying "nothing is really going to change". ICANN is currently running the Root Zone. This will not change anytime soon. When the DoC bows out, the "stakeholders" will come in – and I think you can name some of them. (Level 3, Google, Apple, Microsoft, etc.) I would imagine that ICANN is going to give them the same level of respect Clark would give to a fascist dictator espousing beliefs he disagrees with.

    The root zone servers themselves do not appear to be slated for any changes, and it's worth noting that no matter who is behind the wheel (theoretically) three of those servers are operated by the US government. (DISA, NASA, and the US Army Research Lab.) Two are US based colleges (USC, University of Maryland). Two are run by one company (Verisign).

    I don't see any of the above allowing themselves to be moved from the list without significant upheaval, and if I were going to bet, I would say they (and the other Root Zone servers) would properly be the best "stakeholders" – they have the responsibility to run the servers.

    And if all else fails, I hope none of you have dynamic IPs.

  32. Bob Brown says:

    Do not forget that ICANN is also in charge of IP address assignments, a power which provides for at least as many opportunities for screwuppage as does their power over DNS.

    I am personally certain that The Government has nefarious motives at heart because the change was announced on a Friday afternoon.

  33. ZarroTsu says:

    Words hurt people, so if we remove the words people can't be hurt!

    Wait a sec…

    People hurt people. What if we removed all the people!?

  34. Joel says:

    And this was the day Zarro uncovered the true secret to world peace.

  35. Hoare says:

    from techdirt …

    The US government already had little to no actual say over anything that ICANN was doing. The organization has been almost entirely independent from the beginning, and this move really just helps to clarify things, while actually taking some pressure off of ICANN so that other countries can't whine and complain (incorrectly) that the internet is "under US control."

  36. JTG says:

    @Bob Brown

    Isn't it IANA that is in charge of IP address assignments?

  37. JTG says:

    @Robert White

    With DNSSEC, we may already have part of your proposal, albeit in a rather cumbersome manner.

  38. JTG says:

    I also wonder whether the set of "stakeholders" would include entities such as industry groups. One could make the argument that some of those, notably those related to intellectual property rights, can just as censorious as some of the countries noted above.

  39. Warren Vita says:

    As long as ICANN is headquartered in the U.S., I suspect they will err on the side of free speech, despite being a contractor to "global stakeholders". And I doubt that group will be cohesive enough to ever try to fire ICANN, even if they are all pissed off at their lack of censorship.

  40. Elizabeth says:

    Isn't the largest group of ICANN constituents the registrars? With more TLDs and many more domain registrations in the registrars' best interest, does this give ICANN a financial reason to keep the Internet "free"? (ICANN is a California non-profit, but between all its global meetings and new gTLDs, it is a profit generating machine.)

  41. cpast says:


    IANA refers to whatever body is in charge of generally coordinating IP addresses and DNS; it's currently run by ICANN, but if someone besides ICANN took over the job, they would become IANA.

  42. Gabriel says:

    and ICANN also does ASNs, which afford just as much internet-fucking potential as DNS and IP's if mishandled.

  43. Carl says:

    This was what NetSol was already willing to do. I don't imagine the current change will make them better.

  44. ldouglas says:

    You all realize ICANN has been assisting governments with censoring/shutting down political dissidents' websites for years now, right?

  45. Thad says:

    @Patrick: You mention SOPA in reply #2 as if it somehow supports your point, which I find a bit baffling as I can't think of a better example of why the US SHOULD give up its authority than Congress coming within a hair's breadth of handing control of the DNS spec over to Hollywood lobbyists.

    The system isn't broken? Tell that to the people who've had their domains hijacked without compensation or due process over spurious copyright claims.

    I don't think any single country should have that authority. You mention Australia as an acceptable alternative — really? The country that censors violent video games and won't allow flat-chested women to make porn movies?

    I share your concern for what could happen with UN control over DNS. I don't share your faith that the system we've got now is worth preserving.

  46. David C says:

    I don't think any single country should have that authority.

    Someone has to have authority, though. Whether it's a country, or the Department of Commerce of a country, or Google, or a committee of various people, someone is going to have authority and therefore have the opportunity to abuse the authority.

    America isn't perfect, but it's a far better choice than Syria, or Turkey, or Russia, or China, or many other countries.

  47. mcalex says:

    know doubt?
          no doubt.

  48. Jason says:

    A more appropriate video to make your point, that I suspect will be more accurate in the long run, would be the robot chicken parody of that scene from Empire.

  49. joshuaism says:

    Like ldouglas said above: Yeah, we need to keep the domain name system based in America because it has always protected us from censorship and the US would never sieze domains or disrupt DNS service for no reason.

  50. LC says:

    Not a comment, just a sad observation that I think is relevant:
    Turkish government takes down YouTube too

  51. The Man in the Mask says:

    " Time counts and keeps countin', and we knows now finding the trick of what's been and lost ain't no easy ride. […]"

    Gather 'round the fire, dear boys and girls, and let's go back to a time BEFORE the DNS system was organized. We still had a network and we still had hosts on it — lots of 'em. Do you know how we managed the mapping of hosts to IP addresses?

    We had a static file. It was maintained at a central location and was updated daily. In the wee hours of the night, our systems would wake up and poll that central location, downloading the latest version so that it'd be ready for the next working day.

    Crude? Sure. But there weren't so many hosts that it was unworkable, and there weren't so many changes that being a day behind was a big deal. And the file wasn't that big, even by the standards of the time.

    There were certain advantages to this: for one thing, no DNS system to attack. For another (to a decent first approximation) every host knew the address of every other host. And for another, we quickly worked out how to avoid downloading a broken version of the file and overwriting the perfectly good one that we had just a moment ago.

    I'm not reciting this bit of history to suggest that this is the way going forward. Oh, it would work, more or less, for the top 10K or 100K or 1000K domains because we could encapsulate their primary DNS information in a file, sign it cryptographically, and drop it into a torrent. Then we could play whack-a-mole with countries like Turkey that are trying to block certain social networks.

    No, I'm reciting this because I want to make the point that alternatives to DNS exist and others will no doubt be developed. If there is sufficient pressure applied to the system to annoy the braintrust — which ranges all over the political spectrum but is united in its contempt for politicians putting their fingers into places where they don't belong — will deploy one or twenty of them. And given the migration to IPv6 which is happening as you read this (albeit slowly), the would-be censors of the world are going to find themselves facing problems that are intractable, in an engineering sense.

    (e.g.: we publish 100 addresses for, and the government of Elbonia blackholes them in their perimeter routers. Fine, we say. The next day, because we can, we publish 500,000, nearly all of which aren't really the web site, but HTTP proxies that gateway to it — and we have 500K because we know a kajillion people who love popehat (in spandex) and they all have /64's because that's what everyone has.)

    There are other ways as well. Many ways. I think that attempts
    to bend the DNS system to the will of governments and corporations are likely to accelerate the experimentation with and deployment of those. Some will flop. Some will work. But the spice must flow! Oh, wait, sorry, wrong movie.

    For my part, I have watched (as Lauren Weinstein puts it) the domain-industrial complex deploy an array of bogus, worthless, useless TLDs as cash cows for the registrars (e.g., .xxx). I've made it a point to use DNS RPZ (response policy zones) to make them disappear from my view of the Internet. Those same RPZ have other uses as well. Many uses. As some governments are about to learn.

  52. NI says:

    Man in the Mask, I'm not tech-savvy enough to know if what you're telling us is right, but the immediate first question that comes to mind is this: If the braintrust can bypass politicians as easily as you claim, then why has China been so successful at censoring the internet?

  53. azazel1024 says:

    Obviously we need to appoint Mr. Universe as the curator of the DNS system.

    Problem solved.

    Or easier, just everyone learn to memorize their favorite websites' IP addresses.

    I mean seriously, how hard is it to remember

    2607:f8b0:4004:807::1007 is almost as easy to remember.

  54. Kratoklastes says:

    OP shows far too much faith in the cesspit that is the US political system, and far too little faith in the chops of the cypherpunks. (Not to mention a childish and naive faith in 'democracy' – a system that Arrow showed can not possibly work… Google "Condorcet Paradox" or "Arrow Impossibility Theorem" to see why democracy does not reliably reflect 'the will of the people' or whatever flowery Rousseauean-nonsense trope you prefer).

    OpenNIC is already a thing; P2P-based, signed, non-centraslly-administered DNS will be a thing. And if shit gets more real, some bright group of folks will create something even more betterer, and it will be free.

    .gov might waste vast amounts of tax revenue playing whack-a-mole, but eventually it will lose.

    In fact the feeb attempts of's minions to control internet content in The China are a case in point: they've perfected it such that certain bits of the internet are completely unavailable to citizens of The China who fail to spend 5 minutes finding out how to circumvent the Great Firewall.

    Getting 'non-approved' web content in The China is kinda like getting a drink during 1920s Prohibition, or getting some bud during The War On Some Drugs.

  55. cpast says:

    Arrow's Paradox doesn't say "democracy can't work", it said "any system that ranks a finite set of outcomes based only on a finite number of ranked preference lists must violate Pareto efficiency, independence of irrelevant alternatives, or non-dictatorship". Taking non-dictatorship as necessary, and Pareto efficiency as "any system without this can't be taken seriously" (violating it means that everyone can prefer option A to option B, and the system then pops out that the group prefers B to A), what you're left with is that no reasonable ranked voting system has independence of irrelevant alternatives – if the group prefers A to B, and you add option C, they may now prefer B to A. In real terms: Gore wins the election without Nader, Bush wins it with Nader.

    First, that's a far cry from "doesn't work". Second, it only applies to ranked systems. Third, although IIA is necessary for rational decisions, humans are irrational, and there's evidence that humans are affected by irrelevant alternatives – in some cases, giving someone choice C *does* affect their preference between A and B.

    Also, there's no such country as "The China".

  56. If there were such a thing as the Will of the People, it would need no enforcement. We don't need Arrow to know that.

  57. cpast says:

    Only if you think "will of the people" must be unanimous. I think most people would agree that it's the will of the people that people walking on the street should not be shot and have everything on them taken by the person who shot them; yet, this needs enforcement.

  58. Grifter says:

    On a side note, out of curiosity, in the headline….

    What is the "it" meant to refer to? Every time I read it, I get confused for a moment.

    Is it:

    "Does The Internet Need A United Nations When The Internet Doesn't Have A First Amendment?"


    "Does The Internet Need A United Nations When A United Nations Doesn't Have A First Amendment?"

  59. CJK Fossman says:



  60. OrderoftheQuaff says:

    "Stakeholders" is one of those words that makes me cringe. If you have fleas or intestinal parasites, aren't they stakeholders too?

  61. Leon Wolfeson says:

    Kratoklastes – Well yes, which is why governments like the UK and Australia's are now doing things like trying to ban financial dealings to their citizens for broad categories of websites.

    Given the virtual duopoly of payments in the first world (inferior, ironically, to much of the third world – heck, the Bristol Pound (a local currency) has FAR superior payment options), this will likely be more effective.

    The US can't talk either, given the whole internet gambling thing.

    Given DNSSEC, I expect there to be a second, free-software-driven distributed DNS system within a not so many years anyway. (Yes, I'm an anarchist – a mutualist, why do you ask?)

  62. cpast says:

    I'm not sure what you mean by "free-software-based alternative DNS." DNS, as well as damn near the entire underlying suite of protocols used on the Internet, is *already* an open standard, freely available to everyone (as opposed to, say, ISO standards, which cost money), and BIND (the most common implementation, which is also the reference implementation) is free software.

    And how does DNSSEC have anything whatsoever to do with a distributed DNS system? For a record to be validated by DNSSEC, the nameserver's key has to be validated by another nameserver, whose key must be validated, and so on, down to a trust anchor whose key is preloaded in the client's resolver. By default, the trust chain follows the DNS chain:'s key is validated by, which is validated by the .com nameserver, which is validated by the DNS root, which is preloaded into a resolver. A resolver can have whatever anchors you want preloaded, but as with SSL certificates, in practice there will be a very restricted set commonly preloaded, and a chain not going to one of them won't be validated by most systems.

  63. GoddersUK says:

    Trusting the UK with governance of the internet would be incredibly foolish. Look up Claire Perry, for instance. The same would be trued with most other European states. It's a sad fact that the only country in the world that I'm aware of that has the necessary legal protections for the internet to function is the US (not sad because I dislike the US, sad because I want more countries, mine included, to have those protections).

  64. Ole Juul says:

    I may have missed it in the comments, so I'm not sure that people know that the US will not relinquish control of ICANN. I agree with many, that the solution (if there is a problem) is not clear, but to suggest that this is anything but US propaganda seems wrong. I'll just leave a quote from an article by Michael Geist about this:

    "in 2009 the U.S. and ICANN entered into an agreement that institutionalized "the technical coordination of the Internet's domain name and addressing system." That document included a commitment for the U.S. to remain involved in the Governmental Advisory Committee (GAC), the powerful body within ICANN that allows governments to provide their views on governance matters. It also contained an ICANN commitment to remain headquartered in the U.S., effectively ensuring ongoing U.S. jurisdiction over it."

  65. Eli Rabett says:

    Why should anyone trust the US wrt the internet given the revelations about the NSA and how it abused the US's position on the INTERNET?

  1. April 11, 2014

    […] Amendment," which means the impending change is not happy news for the cause of free speech, notes Patrick at Popehat. More: The […]

  2. April 15, 2014

    […] Does The Internet Need A United Nations When It Doesn't Have A First Amendment? | Popehat […]