The impact of the recently revealed US government data collection practices may go well beyond the privacy ramifications outlined in our statement: expect a chilling effect on global, resilient network architecture. As governments of other countries realize how much of their citizens’ traffic flows through the US, whether or not it is destined for any user or service there, expect to see moves to curtail connections to and through the US.
Let’s consider how it happens. The reality is that it may be cheaper, easier, and faster to send a packet from Vancouver (Canada) to Toronto (Canada) via Seattle (United States) than any all-Canadian route — but that makes the traffic subject to US inspection.
Or, many international connections out of Latin America terminate in Miami, because that provides the most direct link to all other continents. But, that means traffic from Santiago (Chile) to London (UK) may well pass through the US and be subjected to US government inspection/collection.
The first situation can be addressed by building more Internet exchange points (IXPs) to make it economically viable to keep Canadian Internet traffic in Canada. The second is a little harder to address without moving continents closer together, although it is reasonable to expect that some other, non-US location will emerge as a preferred nexus for Latin American inter-continental traffic.
But, before we conclude this is just a messy and expensive question of network operators changing their connections, it’s important to take a step back and think about what this means for a resilient, robust Internet.
The Internet was not designed to recognize national boundaries. It’s not being rude — it just wasn’t relevant. Resiliency[1] [2] is achieved through diversity of infrastructure. Having multiple connections and different routes between key points ensures that traffic can “route around” network problems — nodes that are off the air because of technical, physical, or political interference, for example. We’ve seen instances where countries are impacted by disaster but at least some of that country’s websites remain accessible: if the ccTLD has a mirror outside the impacted network, and if the websites are hosted/mirrored elsewhere, they’re still accessible. This can be incredibly important when a natural disaster occurs and there is a need to be able to get to local resources.
The more there is a push to retrofit the Internet to align with national borders for the sake of maintaining apparent control over all the resources (as opposed to considered network architectural reasons), the more we run the risk of undermining the diversity that gives the Internet the resiliency it has today. The Internet works through collaboration; making decisions on the assumption of territorial boundaries weakens it at every step.
For certain, there are legitimate concerns that policymakers have about security of their networks and privacy of their citizens. In developing policies to address these concerns, it’s important that policymakers bear in mind that resiliency is a key component of security, trust and interoperability. As one of those considerations, the impact on network resiliency should be properly weighed as a negative side effect when proposing the kind of broad scale tracking that the the US is apparently doing.
On the Internet, no nation is an island.
[1] https://wiki.ittc.ku.edu/resilinets_wiki/index.php/Definitions#Resilience