Daily Archives: March 11, 2015

Technology Damnation 82: The Secret Seven

We all think the internet, with its distributed design, open and thoroughly tested encryption and security technologies, and its foundation of our modern public, private, government, and academic culture is, despite regular security breaches (which are often a result of improperly applied security procedures and technologies of corporations that should know better), relatively secure and reliable and will remain outside of any one organization’s control for years to come. Especially since our global business functions, and global procurement functions in particular, rely on it.

And while that is the expected future, as no one corporation, nation, or conglomerate owns the internet, the reality is that ICANN, the Internet Corporation for Assigned Names and Numbers, which is a private corporation, has an awful lot of power over the internet as it manages the Internet’s Domain Name System (DNS) that links your domain to the right IP address. In order for a registrar to sell you a domain (to link to an IP that is typically made available to you by your ISP), the registrar has to be accredited by ICANN. In addition, IANA, the Internet Assigned Numbers Authority, which is another private corporation, is responsible for the Internet Protocol Addressing System and allocates IP blocks to the Regional Internet Registries (that allocate, in turn, to National Internet Registries, that allocate, in turn, to the Local Internet Registries that, in turn, allocate IP address to the local ISPs).

This says that if a body managed to gain control of IANA, they control your IP address, and, even worse, if a body managed to gain control of ICANN, they control the mappings, and since everyone uses domain names, and not IPs, they would essentially control who goes where on the information superhighway. This couldn’t really happen, right? Wrong. While not likely, all a villainous/terrorist organization of Bond proportions needs to do is gain control of, or replace, the seven key holders that control the core ICANN DNS system. That’s right. The vault that controls the entire global internet only takes seven keys to open.

And even though the key holders hold traditional safety box keys, the keys that control the internet aren’t regular keys you find on a key ring and are, in fact, smart cards, that can only be accessed by the key holder (with the safety box key) after going though traditional and biometric security screenings that are likely tighter than they have in place at Fort Knox (and the process required to complete the ceremony and gain access to the machine that generates the new master key has over 100 steps). And no key on its own can make changes to the master DNS. All seven keys are required to activate the machine that generates the master key that allows the DNS to be updated. (And whoever holds the master key, just like whoever holds a traditional master key, has access to the entire internet just like a traditional master key gives you access to an entire building.)

But at the end of the day, it only takes the keys and biometrics of 7 people to get the smart cards that activate the machine that generates the new master key for the internet which allows whomever holds it to redirect domains at will. It is true that these 7 people, who are some of the greatest minds in internet security and who are as trustworthy as they come, are spread all over the world, but still, at the end of the day, it would only take 7 samurai to slay the internet.

In other words, no matter how far we progress with technology and security, it all comes down to the trust and nobility of a select few to keep our global supply chains humming.

And if you start to think about this too deeply, you might really believe we’re all damned in the end!