Who Controls the Internet? And should they?

Posted on

This is a lightly edited transcript of my keynote over at NANOG 83, so please accept my apologies if some of the wording is not (yet) as clear as it should be! The original video, including Q&A can be found on NANOG’s Youtube channel

Hello, and welcome to this presentation on who controls the internet, and if they actually should. As you can see, I cover all grounds here. All kinds of flags are in this presentation and all kinds of companies.

But don’t worry, none of them comes out well. So first, introduction, who am I? My name is Bert Hubert. I’m from the Netherlands. I’m from Europe. I’m the founder of PowerDNS and PowerDNS is an open-source name server company that does around half of all DNS in Europe.

I no longer work there, but that’s my history since 1999. After that, I worked a few years for the Dutch intelligence agency, which gave me an all new outlook on the internet and on the world. After a while, I decided to leave that again, to focus on PowerDNS. And now, after many years, I have recently moved back to the dark side again, and I’m now a judge on the sort of the Dutch FISA court, which regulates the intelligence agencies.

Why do I tell you this stuff? In this presentation I’m going to spread a lot of love or mostly hate on various countries and various companies and on how they run the internet. And I want you to be sure that you know I’m only speaking on behalf of myself and on behalf of no one else.

During this time as an open source developer and a government worker, I have seen quite a bit of the internet and who may be controlling it or not.

So who controls the internet? We all have our dreams, our hopes, our heroes on the internet, but also our favorite enemies of the internet.

And in this presentation, I’ll cover all of these and talk about who actually controls the internet. If you are not upset by the end of this presentation, you were not paying attention. Because no one comes out well.

The scope of who controls the internet is very broad. So when I discussed this presentation with people beforehand, many folks said, look, my local internet exchange controls the internet or BGP controls the internet, or I control the internet actually.

And that’s not really the scope of this presentation. The scope of this presentation is way bigger. So who makes the internet fast for some people and slow for others? Who makes it easy to access some kinds of internet and makes it hard to access other kinds of internet? Who can make it cheap, who can make it expensive? So this is a far broader presentation than just where do the packets go.

Finally important. This presentation is not about us geeks because as geeks, we are like, no one controls my internet. I’m behind seven proxies, I will always be able to get myself beyond any kind of internet control.

And that’s probably true. Although I do know people that lived in China that had to give it up, they said, look, this control is now so stringent, I can no longer bypass it. This presentation is not so much about us and what we could do.

It is about how normal people access the internet and how they go online without too much trouble. So this is not about well financed freedom fighters, it is about how regular people around the world get access to internet.

And it turns out there are quite some naive ideas behind that. When I discussed this presentation on Twitter earlier today the Internet Governance Project came up and said, no one controls the internet because large complex distributed systems are not controlled by “who’s”.

And I would like to tell that to the people in North Korea or Iran that cannot access my content. Actually people do control the internet around the world and things maybe more complex than you think in other countries because the world is a big place.

And we know very little strangely enough about how the internet works in various countries. For example, during the recent big Facebook and WhatsApp outage, we found out that that many parts of the internet of in many parts of the world, the internet actually means the Facebook part of the internet, which is something I was not actually aware of.

So who wants to control the internet? Well, there are democratically elected governments that say we have interests to protect. There are authoritarian governments and regimes that say, well, we have to protect ourselves. And we want to make sure that the internet only has happy news about us.

We have rights holders that say, we don’t want you to use the internet to share our valuable intellectual property. There are activists that say, look, we want you to share this kind of content and not that kind of content.

The big movers and shakers of this world right now are advertising companies like Google, which influence the internet greatly so that they can continue their way of life.

Corporations would like to exert control of the internet as do, of course the schools and institutions, but also do not rule out yourself.

I’m all for an open and free internet. And I want information to be free, but not spam. I do not want spam on my network. I want an open and free internet without controls, but I also believe in BCP 38. So I don’t want you to be using the wrong IP addresses.

So it is not just governments. Really everyone wants to control the internet at least for a little bit. So that starts with the most controlled bit of the internet in the world.

North Korea

North Korea actually has a few people that are really on the internet and a lot of people that are on Quangmyong or “bright light” North Korean intranet the country is small enough that it all fits in a 10/8 and they have a sort of intranet going on. It is their own private internet, which they sadly are not sharing with the world.

So we know very little about what is actually on this Bright Light internet, but sometimes things leak. So it turns out they have their own email system, they have their own search engine. They have a sort of highly curated Facebook and they even have video conferencing solutions that they built themselves, which were used more during the Corona outbreak even.

And they have made their own specifically modified Android tablets and they have a Linux operating system. So these people really run their own internet and it’s probably not even correct to call it an internet. Of specific interest, their modified Android tablets are rumored to be a fully controlled and setup to keep track of everything you do. And that’s just terrible.

And then I realized that’s actually what actual Android tablets also do, but they do it on behalf of advertisers. And in this case, they do it on behalf of the north Korean government. The probably only had to change a few domain names in the source code.

Why is this North Korea example relevant for the real internet? It may be that more and more countries will gravitate towards actually running their own intranet, instead of being part of the big internet.

China

Furthest along in that is China and China actually sort of runs a shadow internet.

They have their own root servers, they have their own everything, which of course it’s massively controlled. It’s not a free place. It barely is the internet. And it’s may be more fair to just call it Chinanet,

And they don’t just block information they don’t like they also impose slowdowns or reset packets on content that they don’t like.

So they have ways of signaling that look the information you are looking for, you should not be looking for that. Chinese people know to interpret bad internet connections as, oh, maybe I shouldn’t be going there and it’s actually sort of more effective than simply blocking everything.

Interestingly, China is one of the very few places in the world that could actually disconnect itself from the internet. They have enough parallel stuff going on. They have their own payment systems, they have their own cloud infrastructure. They have their own storage solutions.

If the internet in China were to be disconnected from the world, China would keep on functioning. And the other interesting thing is, is that they apparently have some kind of board or whatever, because there are many Chinese companies that are actually on Facebook and are on Twitter. And there are also individual scientists and space flight people, that are somehow able to publicly go online, on websites that are otherwise banned.

It appears there is some kind of board there that can grant you access to parts of the real internet. And interestingly enough, we don’t really know how the Chinese internet works. And we should know far more about that because many countries in the west are selling stuff in China and it would be good if we all knew how that works there, but there is some sort of cone of silence around the internet in China that no one is keeping track of just how that works.

And which means that periodically people in the west suddenly discovered that there is a whole different Chinese internet ecosystem out there that we know very little about.

Does China run the internet? Well these days they very much run their own internet. But periodically they come out and try to get the IETF or the ITU or other people to pass standards that make the internet well, maybe more to China’s liking.

Their current efforts are rather ham-fisted in that respect. I was personally involved with an attempt from them, or at least they sent their attempt to me for a sort of multi root internet, which would codify that there is a Chinese internet and a real internet, and that you could switch between these two. But so far we’re not really interested in running their “new IP” system.

Turkey, Indonesia, Iran

Well, there are lots of other countries, of course, that want to mess with the internet for, for their own reasons. And it turns out that it’s quite difficult to block parts of the internet. China can do it, but they invested quite a bit in the great Chinese firewall and other countries also want to do it, but they’re just not as good at it. Or they don’t have enough good people for it, or they don’t spend enough money on it. So Turkey, Indonesia, Iran all run DNS-based blocks or BGP hijacks for content that they don’t like. They may also try to block the third-party DNS. They might try to block DNS over HTTPS.

Iran, for example, is running some, not so very effective server server name based (SNI) based blocking by which they can also block select TLS traffic, but they’re just not very good at it.

And Turkey, for example, blocked, the Wikipedia for around three years and which is tremendously sad, of course, and they didn’t do a very good job of blocking it because over the three years that they blocked it to Turkish Wikipedia grew by 30,000 articles. So apparently people could actually access it.

A fun thing is that found out, I know a lot of people in Iran, I have some sorta family members there, and they told me, yeah, we all use a VPN. And I was very impressed. I thought these people are so privacy conscious. And they said, no, no, it’s the only way to get somewhat performant internet here.

Because if you don’t use a VPN, you go through the interception infrastructure and it is like super overloaded. So we use a VPN to get fast internet and crucially, and I was very impressed by that, they said we also have no hopes that the VPN actually gives us privacy, because they were aware to many of the VPN providers out there are not actually that good in terms of providing privacy. But at least they are good at providing a faster internet in Iran.

So these are the countries that sort of want to block the internet to control the internet, but they’re not quite succeeding at it.

Russia

Russia has telecommunications agency called ROSKOMNADZOR and I have a personal beef with them because they blocked my own domain PowerDNS.COM for years and years and years. And we tried to find out how and why, and what have we done wrong? Sometimes PowerDNS gets blocked because there are people that block anything that has to do with alternative DNS, but that wasn’t it.

And we found out that previously ROSKOMNADZOR had been waging war on various internet services and they were not winning that war. So they were simply blocking huge amounts of IP space from Amazon and Digital Ocean. And they blocked like millions of IP addresses, including, by accident, PowerDNS. So, then I felt doubly bad because I was censored in Russia and I was sort of proud about that. And then I found out it was by accident.

Over time, Russia learned that this wide blocking hurt the economy too much because unlike China, they don’t yet have a homegrown payment system or homegrown clouds that are good enough. So if Russia decides to block too much of the internet, their own country suffers too much.

But they’re trying to get more homegrown payment infrastructure, which would allow them to do more of the internet themselves and would allow them to block other people’s internet more easily.

The United Kingdom

That brings us to the United Kingdom. The United Kingdom is an outlier in the sense that it’s a big country. It’s an important country. They have lots of people there. And strangely enough, they have an active internet censorship program going on, which is not quite legally enforced.

So the UK government told all the large scale internet access providers, they said, look, you must provide internet child safe internet by default. And there’s no legislation that forces them to do it. But the government said, look, if you don’t do it voluntarily, we were going to make some legislation for you.

And these ISP had to build this child safe internet infrastructure, which meant that they had to instrument their backbone so that they could block all kinds of content. And they bought big lists of data of sites that were not safe for children.

And while they were at it, they bought these big lists, that also categorize all other sites. And strangely enough, at least in one place that enabled an ISP to filter so granularly that they could filter out shoe stores.

And I’m not sure why, why any engineer would build a block for shoe stores, but apparently it happened. And the weird thing is if you want to turn off this child safe internet in the UK, you get a letter and they sent you this letter that tells you, look, you opted out of the filtering. Apparently you want to look at adult material.

And you can find web forums, in the UK where people ask, well, what does this letter look like? And when does it arrive? And what does on the envelope look like, all in hopes that they can intercept that letter. And these might be questions from husbands, from children. It is a strange system.

The other notable thing about the UK is that they are mad for football over there, everyone is mad for English football. So there is a lot of “unpaid” streaming going on. And also many lawsuits, which means that UK ISPs now routinely get court orders that say, you must block the following illegal streaming sites.

And it has now gone so far that internet providers actually preemptively hunt for these streamers. So before big matches, they look what sites suddenly get a lot more traffic. It’s probably no accident if just before the Arsenal match starts you suddenly you have 500 megabits of internet going somewhere. And then they block these sites. So it is quite preemptive.

I don’t know the scale of this, but even this week, five service providers were asked by courts to block a ton of streamers.

The final one is that the UK is working on its Online Safety Bill, which means that they’ve created a new category of content called “lawful, but harmful” and access to that content must somehow be regulated. And they’re having a lot of soul searching going on right now, what that means.

But importantly, they have already said that any foreign content provider that has business in the UK will have to adhere to this “lawful, but harmful” content regulation. So the UK is making a strong effort to control the internet.

The European Union

They love regulation. So, the GDPR that worked for them and everyone now has to deal with that. Unless you have a billion year budget for litigation and you don’t have to deal with that.

And they have now come up with a new directive, the Network Information Security directive, version two, because the first one didn’t work, where they want to say, look, these are vital bits of the internet or vital bits of the society. And we want to regulate you on how you deal with getting hacked or how you deal with going down or whatever, so that you report that.

And in theory, it all, it’s all full of nice ideas and it’s of course good to report and do responsible disclosure and that kind of stuff.

But they have also attempted to regulate the entire internet with that, because they said the root servers of the internet are so important that yeah, they fall into this legislation and you must report any downtime and incidents to your local EU representative. And if you are not in the EU, you must pick representatives in the EU and report it there.

And this is not a very good idea. Together with the RIPE NCC and ISC, I and other people have been working on trying to talk sense into the European Union and the European parliament has now decided to put to the root servers out of scope, which is really nice, but it’s not a done deal. We’re still working on it.

What else is going on? In various European countries at times, domain names or IP addresses get blocked. And this is usually after a very long court battle because courts are not in the habit of just blocking stuff because you don’t like it. And so you have to have exhausted all your other remedies. And then after several years of lawsuits you often succeed in getting a European courts to order ISP, to block access to certain content. And this has typically not been very successful because they blocked domain names, they sometimes look IP addresses and the people that want to get access to Torrent, they also can use a different name server.

So they typically find a way around it.

One of the more scarier things that is going on that in Germany, the rights industry scans the internet for people doing Torrent things or other file sharing. Then they get a court order. And then the ISP has to cough up the details of the IP addresses that were found to be sharing data. And then you get a scary, a cease and desist letter. And it’s a really scary one in German. Uh, many things are scarier in German, and then you have to pay a thousand euros or appeal, whatever. And it’s quite a scary thing. We don’t have that in other countries in Europe, but if you’re in Germany, this is apparently a nasty letter to receive.

So in general, the European Union loves to regulate the internet. Countries do come up with blocks from time to time. These are not very effective, but they do actually happen.

The United States of America.

And I’m happy to I’m presenting this to you. Of course the US has a very powerful first amendment. So very often Americans will get really upset when they hear that the courts can order a certain kinds of content to be blocked in other countries or in Europe, because the first amendment!

And indeed the first amendment, is an exceptionally powerful piece of legislation. And it has to be because it’s so important in safeguarding your rights and freedoms, but is it all good?

And it turns out that there are quite a few ways in which you can block content without actually blocking content. So all of the world has to deal with the US DMCA.

So everyone in the world gets the DMCA notifications, and we have to act on them because if we don’t, the results are really bad. Um, the US has quite a big pull on the world. So if the US doesn’t like what you are doing, you get kicked out of payment systems. So you have freedom to say what you want. You just don’t have freedom to get paid for it.

And then there is the national security legislation from the US which is frighteningly scary and powerful. And let me explain a little bit how it works.
I am not from the US I have, I have not been to the US for many years Still I have to sign these pieces of paper with my bank periodically to prove to them that I have no US interests, because they are so afraid that they will ever get some kind of us sanctions issue with me, or with everyone that runs a big company, that they want to have a piece of paper on file that proves that I am not substantially an American or a US person or am there a lot.

So the whole world is sort of afraid of the US national security legislation, which is, can be good or bad. But it is in any case fair to say that this has a big influence on how people use the internet.

The other thing that’s interesting is that even though the first amendment rights are really good in the US and I’m, I’m jealous of them, I have to admit, I wish I had a first amendment.

But it turns out it’s surprisingly easy in the US to impound a domain name. So that means that I have a domain name, the US doesn’t like it. And suddenly my website is replaced by this:

And this happened to a VPN provider that’s somehow got law enforcement upset. And this was a .com name. And apparently the US department of justice can show up at Verisign or a registrar, and impound a domain name and replace it with this police artwork that proudly says that your domain has been taken down.

And of course, such things are nice when you are happy with such decisions, when you think, Hey, it’s nice. They took down this site full of of drug trades or arms trades. And that, of course, pretty good stuff.

It is sort of frightening from the world’s perspective that the US can impound .com domain names. And they recently did that for presstv.com, which was an Iranian propaganda site. I’m also not in favor of Iranian propaganda, but for the world at large, it’s a bit worrying that ..com domains can simply be impounded.

So even though I much respect the US first amendment, it is not fair to say that the internet in America is completely free, because there are many ways in which you can still be taken offline, even though you have still have a lot of rights of free speech.

Now, this has been in sort of an array of what governments are up to and how they are blocking the internet. On the other side, we have, of course, the big technology companies and they are sort of, yeah, literally on the other side, they want to share information and they typically also make big noises about keeping your information safe, uh, from governments with, by using strong encryption, for example.

And that’s good by the way. Um, but these companies have become so big.

And I know that there’s a lot of debates about that, and I don’t want to enter into section 230 stories, which are so important in the US that we even even hear them here in Europe. I just want to diagnose what is going on.

If you have ever been on the naughty list of Google, YouTube, Facebook, or Microsoft, where they have decided that your content is bad for some reason, maybe they found malware on your site. Maybe there was a complaint about your site or whatever.

All these companies run private tribunals.

And in these tribunals, they decide that your site is no longer safe and no one should be visiting it, or your sites should disappear from view, or your site is no longer allowed to make money or in the case of Microsoft specifically, your site is no longer allowed to send email.

And these are decisions that are taken much like how authoritarian governments do it.
These decisions are very arbitrary and you cannot appeal them. So if one of these companies decides that your content is somehow illegal or whatever you got, maybe you get a notification. That’s not even always the case.

But if you’re unhappy with the decision that your content was illegal you cannot go, you can not appeal. You can not go to a higher court or go to the “Google Supreme court” or whatever, and argue your case again.

Quite often there is only a button that says, I am not happy with this decision and can you review it? Sometimes they even use words like, like appeal and verdict, so it even sounds a bit like a court, but these tribunals are very arbitrary.

We don’t know how they work. We don’t know what procedures they run by. Is there court the first instance? Is there even an appeal? And also quite often the first thing you notice that someone has an issue with your content is the fact that you can no longer Logan. So suddenly everything is gone.

And there have been cases where people, for example, got their Google account blocked, so they couldn’t log into their email anymore. And there were no longer able to communicate about their case. And these consequences are very dire.

So a friend of mine Con Kolivas is a Linux kernel developer, and anesthesiologist. And he also developed a tool called lrzip (long range zip), which is used in biology for example. And it’s sadly also used by malware authors for some reason. And at some point Google Safe Browsing decided that lrzip was a scary piece of technology, and it shouldn’t be visited.

And it was gone. No one with any browser could visit his page anymore because even non-Google browsers run checks with Google Safe Browsing and Google safe browsing had decided that his page was no longer safe, so no one could visit it anymore.

And I got involved with that and we tried to get an appeal going on. We tried to get someone to review, and it turns out that these processes on what gets delisted are so arbitrary that even if you know lots of people over at Google, it just happens.

And it took years to resolve this situation. So this is actually sort of quite authoritarian government behavior. And there’s a term for this, it’s called the kangaroo court.

“A kangaroo court is court that ignores recognized standards of law or justice, carries little or no official standing in the territory within which it resides, and is typically convened ad hoc. A kangaroo court may ignore due process and come to a predetermined conclusion.“ - Wikipedia

And that has been around for a while where companies or sports clubs or whatever, run their own sort of legal systems and make their own ad hoc decisions without actually being formal courts. And this has historically been a very bad thing.

Then you have to realize that the world is bigger than Europe and the US and other places. Even if there is a way to appeal that may not be as open in all countries around the world.

So for example, the news from last week was that Facebook had apparently struck a deal with the Vietnamese government where they said, this opposition content it’s anti-government, and we’re going to assist you in blocking this.

Facebook is a private company that they can do whatever they want apparently, but the access to appeal or to be unhappy with that is of course, a lot better from the US or even from Europe than it is from Vietnam.

And the people in Vietnam really, didn’t not have a lot of choice in this. So this is again a case where such an internal decision made by big company on what is good and what is not good can be, have a very big consequences.

This is another one that’s interesting. It’s a sort of nearly secret Facebook project, Facebook basics. And this is a project to got 1 billion people online on Facebook’s terms, and they’ve invested in a big way, and they have not spoken a lot about this, but they have sort of export that a free version of the internet to all the blue countries on this map of Africa:

And if you try to find out how that works, then you only find information for developers, how you can become part of the Facebook basics program, which means that people in Africa can access your content for free, but no one knows who gets on this internet, who doesn’t get on this internet, who picks, who gets to be on it, can the opposition party also be on it? No one knows.

So these are again, sort of government-like decisions, government-like activities. And we have no idea what’s going on.

Transparency

We now know that that the big companies run their own tribunals. So it would be nice if we could see what they were doing. And I have a lot of beef with this one. If you try to find out what a modern phone or a modern browser is doing, it will not tell you.

So we may know, or remember from the past that you install certificates and run a proxy server and inspect what comes out of a browser. This is no longer true. If you have a modern phone, you can not run a proxy service for it to figure out what your phone is sharing with the world about you. It is impossible.

There was a paper from a university in Dublin two weeks ago, where they made valiant attempts to figure out what Android apps are actually sending to their mothership. And they had to root their phone, reverse engineer it, replace certificates, and they were able to partially figure out what the apps were doing. But they even found out that once they had stripped the TLS layer, that the data that was being snitched about users was often super-encrypted using obfuscated AES keys.

And these Dublin researchers were unable to figure out what the phone was actually sending to the mothership about you, the owner. This is being sold as zero trust and as better for everyone.

Because the story you hear is that privacy means that the data is a well kept secret between you and Google or you and Apple, and no one else should be able to see it. Not even you apparently.

So the phone has its own enclave, where it sends information about you to the cloud. And it’s not going to tell you what it is sending, “for your own good”.

And this leads to the harsh choice that if you have a device on your network, a modern phone or a modern browser, or a modern Chromebook even, you have to give it unimpeded and uninspectable access to the internet, because the moment you try to figure out “what is my phone telling about me” to it’s creator, then the phone ceases to function. It will not allow you to do that.

And that means that all control is now with the creators of phones and browsers, which is pretty sad news for network operators and potentially evil governments. It’s not all bad.

But it is a combination that is worrying. Behind this is an idea that if we make information so well encrypted that no one can decrypt it, that this will allow for perfect freedom around the world.

And it might just be, as explained in this XKCD comic, that things do not quite work out like that.

So let’s say you are Russia, or you are Indonesia or Turkey. And I mean, it’s nice that it’s getting far harder to censor modern phones. So it is nice. I mean, it’s a good raising the bar exercise.

I’m very fond of end to end encryption. And I love privacy, but the idea that we will then be giving safety to people accessing content that their government doesn’t like, I’m not sure how that works, because every webpage I visited is full of trackers. That store exactly where I go and what sites I visit and what my uh, latitude and longitude is and what apps I have installed on my phone.

I’m not entirely sure if encrypting all the data is actually going to protect people because there’s so much data being collected. I am not sure that all parties collecting the data will actually keep it secret from these evil governments. And we have not also seen that for example, in Russia, phones must now be sold with mandatory governments apps and famous phone manufacturers now apparently put these apps now on these phones and, I’m sure it is very difficult for them to balance what they do.

And they probably try to keep a real good eye on these apps if they’re not snitching on or endangering their users. But it is nice that there is now end to end encryption, but I’m not sure if this will actually deliver a super secure, experience for everyone.

And the end result may be that authoritarian governments say, look, you made it impossible for us to intercept traffic on the network. Fine we’re going to intercept traffic straight in the browser. So if you want to use the internet, we’ll have this hosted the browser for you. And you can use this hosted browser as much as you want, because we’ve modified this browser that it keeps track of what you are doing, much like is happening in North Korea right now.

And this brings in a whole new set of choices eventually for content and communication providers - do we trust that the user has a safe browser?

Apple and Microsoft

I have not spoken a lot about Apple and Microsoft and I’ve promised I would upset everyone in this presentation. So I still have a little bit of work to do.

I personally have been doing battle with Microsoft for many years, because whenever I tried to send email to their users, I would end up in the spam folder. So I could not effectively for my self hosted email communicate with people using live.com or hotmail.com.

And this went on for years, and this became sort of my personal quest to see what can I do to solve this. So I did everything. I did the DMARC. I did the SPF. I logged on to the Microsoft IP reputation program. I signed contracts with them and nothing worked. And for many years, I could not send email to live.com users or hotmail.com users, but I could send the email to Office365 users because they apparently get better spam filters.

But again, there was no way to appeal. I could not talk to Microsoft formally. I could talk to Microsoft informally because I know a lot of people, and I had a lot of useful contacts in the email industry, but even then I could not move the needle there. I couldn’t email to Microsoft users because Microsoft had decided that I am not worthy to send email to their customers, and there was no way to appeal.

Apple meanwhile, they dress it up very well. And it’s very pretty, but if you want to operate in the Apple ecosystem, they control how you breathe and everything has to be exactly like how they want you to do it.

And they have this big fight for our privacy going on, which I appreciate of course. I love it. But the end result somehow is that they tripled their advertising revenue over the past quarter or something like that.

Somehow everyone now has to use their advertising program. So this is again, someone trying to control the internet. And similarly, we all know the EPIC app store story. Basically if you want to sell something on an Apple device, Apple would really like to get their cut, if you used their technology or not.

So also no love for Apple and Microsoft.

Summarizing

Who actually controls the internet? Well, we have a bunch of governments and they make pretty ham-fisted attempts to control the internet. And it’s not very effective in many countries.

But at least in democracies, there are courts, there are lawsuits, there is due process. It’s not easy for a non authoritarian government to block content online. They have to go through all kinds of motions and is a very visible thing.

Maybe some good news, all these efforts to encrypt ever more of the internet do mean that less sophisticated or less autonomous governments have an ever a harder time controlling the internet.

So let’s just count that as a win.

Meanwhile, we have these big technology firms, that control the hardware, the software, and they run their own kangaroo courts that decide who wins and who loses.

And there’s no way to appeal that or to have any insights from what they are doing, because they are encrypting what they are doing and hiding it from end users, while simultaneously moving more and more stuff to their control points

This means 1) they have these kangaroo courts and 2) they’re moving more and more control to these kangaroo courts.

Much as we love to hate on incompetent governments that just don’t get it, and I work for one, so I’m well aware of how they don’t get it. Stuff like due process is actually rather nice. It is pretty good that if someone wants to kick you off the internet, that there has to be some kind of process for that and that you can appeal and that there are standards of evidence. That actually is a nice thing.

People fought centuries to get that. And then we moved to the internet. Then we said, well, we no longer need that. We can just kick people off the internet using. And I mean, an invisible mechanism that no one knows how it works because, and this is worrying because as it stands more and more control of the internet is shifting to these unaccountable mega firms, and personally, that worries me.

And I think with that, we can say that who controls the internet? Well, evermore of it is controlled by a big opaque companies.

So is there any hope? There are no easy solutions. Privacy is good. Encryption is good. End to end Encryption is good. Making information freely available is good, but neither governments or companies are protecting these interests well enough right now

Maybe the one thing we could concretely demand is that players with such significant market power do better than the current kangaroo courts that they are running right now, because due process really is a lovely thing. Especially if there are decisions that can just look you out of your life or ruin your company.

And with that, we have reached the end of my presentation but I will be around afterwards for a Q and A. I’m happy to answer any of your questions there. And if not, then please feel free to send me an email or find me on Twitter because I’d love to hear your thoughts and to make sure that I really upset everyone.

Thank you.