The success of the Internet lies in large part with the fact that when we open a web browser and type in a Uniform Resource Locator (URL), the page that comes up is the page we intended to visit. Moreover, generally speaking, it is the same page for me as it is for you, as it is for each user. That is the unity of today’s global Internet. Yet what would happen if a domain name meant one thing in my network, but something else in your network, and we couldn’t get to the same site using the same domain name? Such inconsistency would seriously undermine the utility of the Internet. This potential incoherence is the technical basis of the Internet fragmentation question.
The Internet is not fragmented today in its technical layer. Every device all over the world that is connected to the Internet runs on the same set of technical protocols and standards and uses the same set of identifiers. So long as the different networks that make up the global Internet use the same technical protocols, standards, and identifiers to find and speak to each other, we have one, single, global Internet. Protocols, Internet protocol (IP) addresses, and the domain name system (DNS) know no geographical borders. The coordination of these universal frameworks takes place through various so-called ‘multistakeholder’ governance processes – for example, the Internet Corporation for Assigned Names and Numbers (ICANN) and the Regional Internet Registries (RIRs) – that are guided by the overarching goal of maintaining global interoperability of the Internet.
Is there a risk that Internet fragmentation might happen? Certainly. Various legislative and non-legislative initiatives around the globe, combined with – or maybe because of – a deteriorating climate between international actors, even some that were traditionally allies, can feed this risk. In a world that is becoming increasingly more tense, there is less and less trust between international actors. States and regional groupings of states wish to be sovereign, including in the digital sphere. For the European Union (EU), too, ‘digital sovereignty’ has become a key political priority.
EU initiatives ‘on top of’ the Internet’s technical layer
Legislation to address concerns around cybersecurity, privacy, cybercrime, disinformation, and other online threats is proliferating across the world. These are legitimate concerns about matters that occur ‘on top of’ the Internet’s technical layer. The EU is taking the lead in this regard, with a number of legislative initiatives, some of which carry the additional feature of extraterritorial application beyond the EU’s own member states. In that way, initiatives such as the General Data Protection Regulation (GDPR) are driving similar legislative developments in other parts of the world.
To the extent that such EU initiatives are replicated in other regions and countries, they in effect set informal global norms, which contribute to convergence and unity in Internet governance. EU measures such as the GDPR, the Digital Markets Act, and the Digital Services Act most likely have a convergence effect, also beyond Europe. On the other hand, EU initiatives that impose design elements in digital infrastructure and services available in the internal market may contribute to divergence. Examples include upload filters (Article 17 of the 2019 Copyright Directive) or 'lawful filtering', complying with EU legal requirements to establish a European public DNS resolver, the so-called ‘DNS4EU’.
Again, however, such EU public policies concern what happens on top of the Internet’s technical layer. Possibly, these measures can restrict the content that Internet users can access, creating different ‘content’ segments that align with national borders. But they do not detract from the technical unity of the Internet.
In fact, any negative impact that such EU initiatives might have on the interoperability of ‘one network’ has been indirect, unintentional, and, in most cases, avoided once identified. For example, the ePrivacy proposal included a provision about cookies that, as drafted, would have tampered with the Internet’s routing. It was corrected as soon as technical experts pointed it out. As long as communication between various parts of this ‘one network’ remains based on universally accepted protocols and the same set of unique identifiers, the Internet cannot break at its technical layer.
EU initiatives affecting the Internet’s technical layer
Lately, though, the EU has contemplated initiatives that directly target the identifiers, and specifically the DNS. Such initiatives take the notion of digital sovereignty to the technical layer of the Internet, which knows no borders and does not fit into one jurisdiction.
The most prominent example is the proposed second edition of the Network and Information Security Directive (NIS2), which originally included regulatory measures on the root server system, the core of the DNS. EU regulation of the root servers and the root zone would be contrary to the multistakeholder governance approach to coordinating the identifiers, which the EU otherwise champions as the pillar for a single unfragmented network. From a cybersecurity standpoint, including the root services in the general scope of the application of NIS2 would not improve anything, especially something that already works. On the contrary, it would risk having the opposite effect, as root server operators (who, it should be noted, offer this service on a voluntary basis for the greater good) might have chosen to pull back or reduce the number of instances they support. This would only hurt the stability, security, and resilience of the DNS.
The EU has also contemplated initiatives relating to standard setting that, if adopted, would bypass existing processes to develop global standards. The draft eIDAS 2.0 rule-making proposes to force web browser vendors (e.g., Mozilla with Firefox, Google with Chrome, Apple with Safari) to recognize a digital artifact called a QWAC (qualified website authentication certificate). These QWACs have the laudatory aim to achieve a reliable digital ID card for use on the Internet. However, because the European Telecommunications Standards Institute (ETSI) developed these QWACs unilaterally, bypassing existing multistakeholder standards development processes, it turns out that these QWACs would break existing encryption mechanisms and actually make the Internet a less secure place.
To be sure, the EU’s pursuit of ‘sovereignty’ over the Internet has different motivations than those of authoritarian governments. Still, by putting forth initiatives that seem to aim at unilateral control of the identifiers and the technical protocols, the EU helps to drag these issues into the geopolitical debate. Take again the example of regulating the root. If one jurisdiction such as the EU asserts that it has the right to regulate the root of the Internet, then what is to keep another jurisdiction such as China or Russia from claiming the same? Traditionally the root has been entrusted to the global multistakeholder community precisely to keep it out of interstate politics and thus ensure maintenance of the one network.
Dragging the standards, the protocols, and the identifiers into the geopolitical agenda can endanger the global, single, and interoperable nature of the Internet. Why is that? It is because the Internet is based on trust. People assume that the Internet will work, and it largely does work because we all agree to operate on the same protocols and standards, especially the same IP address and DNS. Trust is the glue that keeps the Internet whole and unfragmented at its technical layer. If, through legislative efforts, we introduce multiple incompatible protocols and standards; if we introduce non-determinism and inconsistent DNS answers; and if we challenge existing governance mechanisms by supplanting them with national and regional legislative rule-making, we dissolve the glue that binds the Internet. The Internet would then no longer ‘just work’ for users … And that is Internet fragmentation. When pursuing digital sovereignty for otherwise perfectly sensible purposes, policymakers including those in the EU should not seek to apply it all the way down to the technical layer of the Internet. The protocols and the identifiers can only deliver the ‘one network’ as long as we do not try to fit them into national borders and sovereign jurisdictions.
About the Author
Elena Plexida is Vice President for Government and IGO Engagement at the Internet Corporation for Assigned Names and Numbers (ICANN). Prior to joining ICANN, Elena worked for the European Commission DG CONNECT on Internet governance issues. Before that, she was a telecom attaché with the Permanent Representation of Greece to the European Union. During the Greek Presidency of the Council of the EU, Elena co-chaired the Council Working Party on Telecommunications and Information Society. Before joining the Permanent Representation, Elena was an international affairs officer at the Hellenic Ministry of Telecom. Her main responsibilities included EU affairs and relations of the country with a number of international organizations. Elena holds a master’s degree from the National (Metsovian) Technical University of Athens and a degree in economics and political science. She is also a graduate of the National School of Public Administration of Greece (ESDD).