Plans for the new year: defeating Digital Perseus

I officially launched Digital Medusa in September 2021. It has been challenging but also very fulfilling, and any step towards defeating digital Perseus is worthwhile. Below, I summarize some of what Digital Medusa has done over the past four months and a limited list of what will happen in the new year:

Social Media Governance 

  1. I joined the co-chairs of the Christchurch Call Advisory Committee— a civil society group that advises the New Zealand and France governments on the Christchurch Call commitments, which aim to moderate terrorist, violent extremist content. 
  2. We (Jyoti Panday, Milton Mueller, Dia Kayyali and Courtney Radsch) came up with a framework on analyzing multistakeholder governance initiatives in Content Governance. The framework will be published as a White Paper of Internet Governance Project. Let us know if you have any comments. 
  3. I joined a panel of the Paris Peace Forum on Christchurch Call. Read all about it. Watch.
  4. My research on Telegram governance became more popular after the Capitol riot in January 2021. NYT piece mentions my research
  5. I found an amazing network of people who work on prosocial design. Prosocial design and governance are alternative approaches to heavy content moderation and punitive measures for platform governance. We plan to discuss prosocial governance more in 2022. 

Internet Infrastructure

  1. I joined a group convened by Mark Nottingham to discuss how legislative efforts can hamper interoperability of the Internet, and the available remedies. 
  2. Because of the Taliban reign in Afghanistan, I wrote about how sanctions will affect Afghanistan’s access to the Internet. We also had a webinar (thanks to Urban Media Institute) with the Afghan colleagues to discuss the developments/setbacks. The video will be available on this website
  3. Fidler and I published an article in the Journal of Information Policy about Internet protocols and controlling social change. We argue that to understand Internet protocols’ effect on society we need to put them in context. Implementation matters and making Internet protocols aligned with human rights without considering context might not bring the social change needed. A lot of discussion went on about this paper on the Internet History mailing list, and there are some very interesting insights (the thread is filled with ad hominem attacks against the authors but even those attacks are good anthropological research materials.)


What will happen in 2022?


  1. I am helping draft an Internet Governance syllabus that the community can use to convene Internet governance schools and trainings. I am doing this work for the Internet Governance Forum, and it will be in a consultative manner. The plan is to come up with a global syllabus, including core modules but also modules that are elective. There will be a lot of focus on what Schools on Internet Governance (SIGs) do and helping developing countries to more easily convene schools and training on Internet governance. 
  2. Digital Medusa will do more vigorous research about sanctions that affect access to the Internet.
  3. Along with the Christchurch Call Advisory Network members, Digital Medusa is planning to be very active and find effective ways to contribute to CCAN and the Christchurch Call community. 
  4. Digital Medusa will undertake research and advocate for prosocial governance instead of just focussing on “content moderation” in Social Media Governance


Digital Medusa, for now, includes my (FB) activities. Hopefully, in the new year we can go beyond one Digital Medusa and attract more partners. 

Happy new year to all! To a year with fewer Digital Perseus moments and fresher digital governance point of views. 


Multistakeholder Content Governance

With multistakeholder governance gaining popularity in content governance, some initiatives have been keen on using the term to describe their governance model. The conversations around the multistakeholder nature of these processes motivated us to provide a draft framework to assess multistakeholder models in content governance.

We also held a session about multistakeholder content governance at the Internet Governance Forum 2021.*

During the session we talked about three initiatives: Christchurch Call to Action, Global Internet Forum to Counter Terrorism and the Facebook Oversight Board. It is of note that the first two initiatives have a narrow mandate: to eradicate and prevent terrorist, extremist content across platforms and online service providers. The Oversight Board however, has a much broader mandate that relates to content in general, but it’s limited to Facebook and Instagram.

There are a few important points that emerged from the session:

  1. Multistakeholder governance goes beyond nation-states
  2. Multistakeholder participation can happen at various stages of decision-making
  3. Authority of the stakeholder groups is not directly related to their influence

Going beyond nation-states in content governance

Imagine if instead of just opening “public policy” offices in different countries, the online platforms would consider using a multistakeholder model to govern their users on their platform. This is not to say that we can or should give a global dimension to every issue and apply the multistakeholder model. But there are some issues that because of the global nature of these platforms, we can address with a multistakeholder model.

The Internet has revealed that the arbitrary nation-states’ borders are not an optimal unit for governance. The multistakeholder models allow us to use other units for governance. Sometimes local issues don’t belong to a certain geography and are shared with many others around the world.

Also, platforms content policies can and will affect the other parts of the Internet and its architecture, so including stakeholders that operate the infrastructure in these discussions can also help with preserving the open and global nature of the Internet.

When does multistakeholder participation start? 

The participation of different stakeholder groups in governance processes does not always start from the very beginning. Sometimes the initiatives start as a public-private partnership or by the industry.

During the Christchurch Call, since the governments and tech-corporations negotiated the commitments bilaterally, other stakeholder groups were left out and their role was not clear. The governments then decided to give a more formulated role to civil society. They convened the Christchurch Call Advisory Network that included civil society members and focused on including civil society in the implementation phase of the commitments.

Another example of this is the Global Internet Forum to Counter Terrorism which was an industry led initiative in the beginning and is now trying to infuse some multistakeholder structure to the process.

Converting some or all parts of a top-down led process to a multistakeholder process comes with its own challenges. For example the Christchurch Call Advisory Network has to work with the Christchurch Call text, which has used broad terms such as “online service providers” and terms that have very contested definitions such as terrorism.

Should stakeholder groups have authority or influence?

This is an interesting debate since it’s about soft versus hard power. If we look at the history of Internet Corporation for Assigned Names and Numbers, we might argue that over time stakeholders became more powerful and had a vote in policy-making decisions. But at the same time, the Government Advisory Committee, which supposedly was set up to give “advice” became more and more powerful. This was to the extent that its advice became de facto binding on ICANN board of directors (with some minimal exceptions).

While there is no clear-cut answer to what role should different stakeholders have, authority might not always bring about influence. So the initiative can be very multistakeholder and tick all the multistakeholder boxes, but in the end, the decisions are made by one powerful stakeholder.

So why do we need this framework?

We need to rescue “multistakeholder governance” by demystifying it. “Multistakeholder” processes are not all the same. The degree of involvement of different stakeholders in decision-making differs from one initiative to another. Using a framework to find out about these differences can help us understand what we need to improve and what is working. The framework might help us get a clearer picture of the governance models in content governance. It is not about who is more or less multistakeholder, it is about how these initiatives operationalize multistakeholder models, the effectiveness of these approaches and the future improvements. 




*We, a group of academics and civil society actors including Dr. Courtney Radsch, Dia Kayyali, Dr Milton Mueller and Jyoti Panday, suggested a framework for multistakeholder content governance. During the session we had a conversation with Dr. Ellen Strickland from the New Zealand government, Rachel Wolbers, Public Policy Manager at Facebook Oversight Board, and Dr. Erin Saltman from Global Internet Forum to Counter Terrorism, to discuss the framework for multistakeholder content governance.





The Christchurch Call: Are we multistakeholder yet?

A few days ago, I attended a Paris Peace Forum session on Christchurch Call to Action. I am one of the co-chairs of Christchurch Call Advisory Network. The Christchurch Call Advisory Network is a network of civil society members including academics, digital rights activists and other civil society organizations active in online platforms governance. The New Zealand and French government established this network to receive advice and expertise for the operationalization of the Christchurch Call commitments. French and New Zealand government and a handful of tech-corporations in 2019 made the Christchurch Call commitments after the Christchurch mosque massacre during which the terrorist broadcasted the massacre on various social media platforms. The commitments aim to eradicate terrorist and violent extremist content online. 

This blog is about several interventions I made during the session and also some personal reflections about multistakeholder approaches to content governance on the Internet.

First, I should point out that  civil society has seen a significant improvement in its inclusion since the New Zealand and French governments launched Christchurch Call. In the beginning of the process, the governments and tech-corporations had round tables about inclusion of civil society while members of civil society organizations were watching from the audience. In 2021, during the Paris Peace Forum session on Christchurch Call, a government representative stepped down to share the platform with civil society members so that they might take part in the conversation as equal participants. The support of the governments goes beyond that. New Zealand and France both have been funding the activities of the network. We have various means of communication with the French and New Zealand governments. We are now more hopeful that we are on a multistakeholder path. The Call community is building multistakeholder structures that any member could use to raise an online governance issue related to terrorist content. The New Zealand and French governments aim for these groups to become more autonomous and they have helped with gathering key actors and decision-makers. 

Obviously, there are many challenges ahead. Civil society needs to be mindful of the risk of being co-opted by other actors and turning into a multistakeholder rubber stamp that legitimizes other actors’ actions. The Christchurch Call commitments were drafted and signed with no participation from civil society. So, being involved with every step of implementing the Call is important. As a transnational collective, we also need to be more effective in providing advice and expertise for other initiatives that work on governing extremist content online. Last and perhaps the most important is we need to have avenues to influence the online terrorist content laws and regulations that the governments come up with. 

Including civil society in governance approaches is a way to differentiate a democratic mindset from an authoritarian mindset on how to govern violent extremist and terrorist content on the Internet. Otherwise, governments around the world have almost the same tools in their toolbox for governing terrorist content: they use punitive measures that restrict freedom and affect the broader Internet ecosystem. 

The challenge that we have faced in implementing the multistakeholder model is that the multistakeholder model is not suitable or possible for everything related to online governance. Some part of the Internet can work without the multistakeholder model. Large tech-corporations that are centralized enough do not need to cooperate with stakeholders such as civil society or even the technical community to remove content from their platforms. For some parts of the Internet, multistakeholder governance is a necessity, because it can’t work in any other way. But the social media platforms, at least on issues related to content governance, do not need multistakeholder input as a matter of function — only as a matter of legitimacy. 

To create the need to govern through multistakeholder approaches, key decision-makers such as the governments can use their political capital to make consultation with other stakeholders a necessity for tech-corporations. In the past, they used that power to outsource regulation with no regard for other stakeholders. But this might not be the case for the Christchurch Call. So it makes sense to remain hopeful that the Christchurch Call might grow into a strong multistakeholder platform with the mandate of governing online violent extremist and terrorist content. After years of conversations, we can be cautiously optimistic that the multistakeholder approaches to social media governance are emerging.  

Layerless Internet Governance: In Search of Internet Infrastructure

Content governance at the Internet infrastructure level is gaining some traction and Techdirt, EFF and a few others will hold a session on October 6th. This event is a good excuse for this blog but I have a slightly different approach. I looked at the infrastructure governance with a more holistic lense. It is still possible to make a system of governance for Internet infrastructure – one that ensures an open, interoperable and global Internet. It is still possible to even affect the governance of platforms positively by good governance at the infrastructure level. But first we need to find the Internet infrastructure we keep talking about, determine how it has evolved and how and whether non-infrastructure elements have affected it. 

Facebook/Instagram/WhatsApp went down a few days ago, because of  a Border Gateway Protocol misconfiguration. Facebook had updated its BGP incorrectly. BGP allows one network that is part of the Internet to talk to other networks on the Internet.Since the BGP is a part of Internet infrastructure, there are arguments that this was an Internet infrastructure shortcoming and that centralization of Facebook is the centralization of the Internet. Which I totally disagree with but it sets the scene for addressing a critical issue: what is and where is this Internet infrastructure to govern?

I think Internet layering is partly at fault for making Internet infrastructure obscure. Some believe that the Internet has various layers. Those actors closer to the bottom layers are seemingly the operators of Internet infrastructure. For example, the Internet Service Providers are one operator of Internet infrastructure. Closer to the top of the stack, in the application layer, there are online platforms. Customarily these platforms were not known as Internet infrastructure. The distinction was so popular that we built the field of Internet studies partly based on it: some just study content-moderation/governance on online platforms. Some work on Internet infrastructure governance. The problem is that as the Internet and Internet-related technology evolve, the layers won’t help us much with identifying Internet infrastructure.

Setting the layers aside, I define Internet infrastructure as “Operators and service providers of the Internet that control, modify and affect the entire or substantial part of the presence of users on the Internet”. For now, we can see three kinds of Internet infrastructure emerging: 

1. Internet infrastructure by way of architecture:

Internet infrastructure through architecture: it is infrastructure as a part of the current architecture of the Internet. This kind of Internet infrastructure is more or less easy to identify. Their impact on online presence is immediate and far-reaching on the Internet. Most of the operators of Internet protocols, Internet Service Providers, Content Delivery Networks, domain name registries and registrars, and the like belong to this category of infrastructure. 

2. Internet infrastructure by way of policy:

Some platforms and Internet services can become a part of infrastructure through policy. This is a much harder category to define. For example, Apple (by way of policy) has a set of criteria for the apps in its App Store. If the apps do not meet the criteria, they cannot be on the App Store and iOS users have limited or no access to them on the Internet. In this instance, the App store has become Internet infrastructure because it can limit the Internet presence of certain services and Apps for the entire population of iOS users. Apple here is the gatekeeper for using that service “on the Internet”. When it approves an app, the App operates separately and does not exclusively use the App store’s network. So even if the App store goes down, approved and downloaded apps do not have a disruption in their service. 

Another example is the authentication account provided by tech-corporations. If certain integral online services and apps solely work through authentication accounts that Google or Facebook provide (via the OAuth protocol), these accounts also can be a part of Internet infrastructure. 

3. Internet infrastructure through collective action:

Various actors get together and adopt a policy that affects the Internet and Internet services. This kind of Internet infrastructure can hamper access to services on the Internet through collective action. An example that we have warned against in a blog about upload filter, is tech-corporation consortiums such as the Global Internet Forum to Counter Terrorism that might mandate certain features such as upload filters for online platforms that can become a part of Internet architecture.

Another example (that might be debated) is online payment intermediaries that collectively stop facilitating transactions that are vital for the existence of certain online platforms to function on the Internet. When there are no alternatives, it might lead to the service providers’ diminished Internet presence. 

Inspiring Governance

Early Internet infrastructure governance inspired a lot of the current platform governance models. The take-downs, site integrity and spam, in general, many of the top-down governance mechanisms have remained. Also, content policy dialogues have started paying attention  to multistakeholder governance, which was a fundamental feature of Internet infrastructure governance at least for domain names. 

With innovative governance at the infrastructure level, we can inspire better governance on platform level. Platforms such as Mastodon and Fediserve both have similar design to distributed, open and interconnected Internet infrastructure. 

Good governance of Internet infrastructure because we are not yet at a walled garden stage. A fundamental difference between Facebook’s market infrastructure and Internet infrastructure is that Internet infrastructure allows people to build other Internet services on top. Facebook rents you an office (it chooses the color, desks and everything else), but Internet infrastructure gives you a global virtual land. On the Internet, in an ideal world, people can have their own data servers, can build their own chat function, or can build (who would have thought) their own website. There is still hope for innovative governance at the infrastructure level well beyond content governance. 


Shall we resume dreaming? Decentralized web and decentralized governance 

The Internet and the world wide web are not the same thing. First, there are parts of the Internet that are not the web (the most obvious of which is email). But second, even though the web as a whole is decentralized, the design of the web is not technically a decentralized technology in the way some other Internet services are. That has had many implications for digital governance. 

In a recent paper I co-authored with professors Meares and Tyler, we include a brief history of how, gradually, communities and autonomous decision-making on the Internet turned into a centralized, top-down governance on social media platforms. One reason we have identified is the “centralized” nature of the web. (P.26) Before the web became popular, services such as Usenet operated in a decentralized manner. Multiple Internet site operators had a role to play in governing the space and it was not possible to take control of an entire operation. Attempts to impose central control resulted in people objecting and setting up alternatives.   

When the web started becoming popular, its comparatively centralized technology encouraged centralization of content and a more top-down governance approach. However, note that it was still possible to have a decentralized governance on the web and early on, platforms such as Slashdot and Wikipedia continued using a community-based governance on the web (they still more or less do). Gradually, however, new platforms emerged with a tendency to be more and more centralized. It was the website owners who would decide the governance of that site, and it is costly to set up alternatives to a site if a governance mechanism is not desirable. Economically, it was also in these platforms’ interest to keep users inside their “ecosystems”. It was easy to predict that the centralization and top-down governance approaches and the disappearing communities would eventually happen. But the question is, how innovative are we in our technological and governance approaches that can create a decentralized digital space?  

Perhaps we should be more creative than just arguing for tired content moderation governance systems and arguing with social media platforms about who is “really” in charge and keep bringing up platform responsibility. Maybe decentralized technology can help us with solving some of the contemporary social media platform problems. Last week at the Unfinished Live event Jonathan Dotan (Starling Lab) gave an excellent and powerful presentation on a new paradigm for preserving history and human rights. By creating a new “web” protocol that is decentralized, it might be more feasible to create trust in the digital records of human history— for example to preserve the accounts of a holocaust survivor or an Afghan Taliban victim. They intend to provide a way to create a chain of custody, store data in a decentralized way that cannot be manipulated or altered (but that doesn’t necessarily need consensus) and provide the ability to verify data without having to trust the source. Imagine if, instead of tech-giants, the nodes (i.e. humans) were able to authenticate a piece of data and store it.

These kinds of initiatives are worthwhile to follow as they are very issue specific and, unlike other claims about decentralized technologies, they are not too abstract. However, one thing that I think we should stop doing is to separate decentralized governance from decentralized technology discussions. The combination of decentralized governance and technology might be an answer to some of the digital problems we are facing. Perhaps MacKinnon’s thought piece about governance of Web3 is a step in that direction.

Peripeteia with a song: Afghanistan’s access to IP addresses

As I mentioned in the two previous posts about .AF and generic domain names, sanctions might affect Afghanistan’s access to Internet infrastructure. In this last part of the trilogy, I am going to discuss Afghanistan’s access to Internet Protocol addresses. As a concluding remark, I invite all of us (the Internet community) to address these hurdles to the global Internet more systematically.

Part III: Afghanistan’s Internet Protocol Addresses 

Computers on the Internet address each other through long strings of numbers. Those numbers are Internet Protocol addresses (IP) and Autonomous System (AS) numbers. Sanctions that curtail the distribution of IP addresses might have a much bigger and deeper effect on Afghanistan’s access to technology and the Internet than any sanction on for example domain names. When a domain name goes offline, you can’t get to resources in that domain name, but the computers affected can get out to the Internet. If IP addresses are removed, then they do not work on the Internet at all, which means whole Internet Service Providers can be taken offline.

IP addresses are assigned to those requesting the addresses in blocks. The block assignments are managed by Regional Internet Registries (RIRs), who work in different geographic regions of the world: ARIN for North America and the Caribbean, LACNIC for Latin America, RIPE NCC for Europe and the Middle East, AFRINIC for Africa, and APNIC for Asia-Pacific.  Each of these organizations has a legal corporate existence somewhere. The party who receives the assignment is usually called a Local Internet Registry or LIR.

Suppose that the Taliban are the government of Afghanistan and the entire country comes under economic sanction from other countries. In that case, it may be challenging for an RIR (in this case, APNIC) to deal with people inside Afghanistan. We have seen this already in the RIPE region, which includes Iran and Syria.

RIPE NCC has been dealing with political and now bigger legal problems, because it serves countries sanctioned by the government of the Netherlands. RIPE NCC is an association under Dutch law, and so it has to obey sanctions under those laws. That is bad news for Internet operations in Syria and Iran.

APNIC is incorporated in Australia, so it needs to follow Australian laws. If the government of Australia (or the UN Security Council) decides to impose sanctions against Afghanistan, then APNIC will be restricted in the services it can provide to entities in Afghanistan. So, entities in Afghanistan seem likely to have a hard time getting new blocks of IP addresses, and it is even possible that the maintenance of existing blocks could be affected. You can see from this list that Australia already has sanctioned the Taliban when they were in power (or followed the UN rules about that), and in the past had even sanctioned ministries (commerce and agriculture for example).

To clarify the issues APNIC might be grappling with in the future, it helps to break down the nature of services that APNIC offers to the Local Internet Registries:

–  Membership contract: the RIR signs a contract with LIR and charges them an annual fee. This relationship might be categorized as “transactional”. Transactional relationships, especially when banks are involved, are likely to be subject to sanctions.

–  IP addresses as assets: the UN sanctions against Taliban has provided a list which imposes sanctions on some Taliban entities and individuals’ assets. If IP addresses can be categorized as assets, then according to the sanction’s rules APNIC has to freeze them (repossess them in this instance). RIRs generally try to treat IP address assignments as something other than assets. Courts have not always followed that lead, and there is a robust “secondary transfer market” in IPv4 address space.

–  Maintaining registration of IP addresses: it is unclear whether maintenance of the registration service is providing services and affected by sanctions. Since maintenance of registration requires some sort of financial and membership relationship, it may well be classified as an ongoing service and affected by the sanctions.

There are ways to resolve these problems through, for example, asking the UN to delist entities that are not terrorist organizations anymore. The Australian government also allows applications for a permit to serve those countries. Yet even a permit from Australia or being delisted from the UN sanction list might not fully solve the problem.The location of APNIC might not shield them from difficulty if the US decides to impose sanctions independent of any other country (and Taliban is already in the sanction list). Unfortunately, the US sanction system affects a host of intricate networks from banks to transactions with third parties. Many commercial parties are risk averse, and simply close their services to sanctioned countries’ residents even when sanctions do not apply to those residents. It is entirely possible that banks won’t allow transactions with Afghanistan, because no bank in the world can afford to forego operations in the US.

There are other third party problems that might arise. For example, the IP addresses could be reallocated to sanctioned entities via third parties.  This is much similar to working with informal financial organizations that facilitate transfer of money from sanctioned entities. One answer to this might be that APNIC will not be responsible for third party action, but successful investigations might oblige APNIC to repossess the registered IP addresses.

Concluding remarks:

We have known about the problem of sanctions and how they affect access to Internet infrastructure for many years. But we have never addressed it systematically.  Neither have we tried to create a coalition that can help to ensure all people’s access to infrastructure. We need a holistic plan to work with governments in order to overcome these risks, perhaps through granting of general licenses or through transnational solutions. What we must not do is solve these issues one by one anymore.


Tragedy part II: the fate of .AF

In the last post I discussed Afghanistan’s access to generic domain names. In this post, I will talk about how the Taliban takeover can affect access to .AF, Afghanistan’s Country Code Top Level Domain Name. 

Country code TLDs (or ccTLDs) were originally assigned on the basis of an International Standards Organization (ISO) standard, ISO 3166. The Internet Assigned Numbers Authority made this decision before ICANN came into existence. The idea was that there was already an existing process in the world that decided what a country was and how it should be identified, so the Internet community did not have to solve that problem. A few years ago ICANN extended the meaning of ccTLD to include internationalized versions of country names (that is, labels that are written in characters other than the ASCII that ISO 3166 uses). Those assignments still rely on the existence of an entry in the ISO 3166 standard, however. The country code TLD for Afghanistan is AF.

One interpretation of ICANN policies is that sanctions will not affect the ccTLDs, therefore they might not affect the redelegation of .AF. In delegation and redelegation of ccTLDs, ICANN has traditionally maintained a neutral role, and it normally does not adjudicate directly. It prefers to rely on decisions made by local actors. IANA resolutions that declare the delegation or redelegation of a ccTLD are generally rubber-stamping local decisions. IANA has a standard process for this, documented at this link. It does have certain requirements that might not be purely technical (for example, it requires multi-stakeholder support for the redelegation), but it does not proactively negotiate with the parties or facilitate the redelegation. Sometimes if it cannot evaluate the multistakeholder local support, it still goes ahead with the approval of the delegation. Over the years, the operators of ccTLDs ensured this neutrality and hands-off approach so that ICANN and its Government Advisory Committee would not get too involved in delegation and redelegation decisions. Given that the Afghan Ministry of Communications runs the .AF registry, if the Taliban takes over the ministry of communications, there is a possibility that they will thereby receive control of .AF. 

It is also possible that, even if there is a legal dispute against Afghanistan in the US, .AF won’t be affected. There is jurisprudence about the delegation of ccTLDs. Once, in the US, terrorist victims wanted to attach .IR to the victims as an Islamic Republic asset, but the court ruled against the attachement (see Weinstein v. Islamic Republic of Iran et al., No. 14-7193 (D.C. Cir. 2016).  Also see Mueller and Badiei paper about the attachment of .IR

There are, however, other scenarios to think about:

Issue 1: If the operator of .AF is in the Specially Designated Nationals (SDN) list, the legal arguments that worked to protect the .IR operator might not work in this case. At the time of the court ruling, the Iranian registry operator was not in the SDNl list. It is unclear whether the .AF operator will be on the SDN list. But if the Taliban operator is on the SDN list, claimants can use it as a legal argument in court to remove the delegation of .AF. However, it  is unclear whether the court admits such an argument.


Issue 2: If there are technical issues or a redelegation request does not provide ICANN with the correct documentation, it is possible that .AF goes dormant, i.e. no one will operate it. In fact .AF went dormant between 2000 and 2003. ICANN in several cases has not delegated or redelegated the ccTLDs due to incomplete requests or simply due to the fact that there was no local person that responded to ICANN and provided documentations. For example, it was not until 2007 that ICANN assigned North Korea’s ccTLD. Their application in 2004 was not complete. In 2007,  a German affiliate of the Korea Computer Center submitted a request for delegation which the Board decided to approve. 


All in all even when it comes to ccTLD redelegation, which is supposed to be a more or less straightforward process, the situation is complicated and .AF’s fate is unknown. 

In the next and last part of the trilogy, we will discuss Afghanistan’s access to Internet Protocol addresses.

A Trilogy: the tragedy of Internet infrastructure in Afghanistan

The US and other countries have imposed economic sanctions against certain target countries, such as Syria and Iran. These sanctions have had negative consequences for access by the residents of those target countries to a variety of Internet services. Over the years these  sanction laws applied to the Internet more fiercely. The dream of an open, interconnected Internet is fading. Now that the head of the newly established Taliban government is on the UN sanction list, it seems likely we are now going to add another sanctioned country to the list: Afghanistan. 

There are a few infrastructure elements in Afghanistan that sanctions can affect: generic domain names, country code domain names, and Internet protocol addresses. I will cover these areas in three different blogs. For now, we can talk about what will happen to access to Generic Top-level Domain Names.

Part I. Generic Top-level Domain Names 

The Internet uses a system called the Domain Name System (DNS) to make things on the Net accessible to humans. (If you are reading this blog, you likely already know this, but I’ll include it for completeness.) Computers on the Internet address each other through strings of numbers, which are hard for humans to remember. So, for convenience, the DNS maps those numbers to easy-to-remember names like “”. The DNS is hierarchical, so that different people can administer different parts of it. Each “dot” in a domain name is a place where a new person can take over administration in a new “zone” (this is optional, not required). The part at the end (each part is called a “label”) is called a “top-level domain name” because it is at the “top” of the hierarchy. Because on the Internet nobody likes to speak in words when a bit of jargon can make things harder to understand, “top-level domain name” (for example .ORG) is usually shortened to “TLD”.  All the TLDs are in a special zone called the root zone, and this zone is administered by the Internet Corporation for Assigned Names and Numbers, or ICANN, as one of the functions of the Internet Assigned Numbers Authority (IANA).  ICANN is incorporated in the US, which is significant for this topic.

Generic domain names are domain names that are not assigned on the basis of country. Some have been around for a long time, such as .COM. Others are pretty new, such as .MARKET. While the original TLDs were created before ICANN came into being, the new TLDs were all created according to ICANN processes.  Those processes imposed common contractual terms on the registry operators, as well as on the accredited registrars for registering names beneath these TLDs.

Afghan domain name registrants will most likely face the same problems people in Iran and other sanctioned countries face. Problems that I elaborated some years ago, such as confiscation of domain name or forcing a well established business to move, or just ending the domain name with no proper notice. New generic domains registries often have a direct relationship with the registrants, and so  have to apply sanctions to those registrants. Sometimes the legacy domain names (such as those ending in .COM) also are taken down through court order . 

Unfortunately, due to what might be called private sector over-compliance, the issue is not just limited to the US government block list (or specific sanctioned entities and individuals). Businesses are so risk averse that they don’t even give a chance to normal people living in sanctioned countries to operate their domain names.

Who is going to be cautious from now on dealing with Afghan residents? .NGO, .ACADEMY, .MARKET and a whole host of registrars.

We could have solved this problem by receiving a license from the Office of Foreign Assets Control (OFAC). But unfortunately, many actors I have talked to pass the ball to someone else until it finally gets to ICANN. We asked ICANN in a consensus report to file for a license a few years ago, but nothing seems to be happening on that front.

This was the first of the trilogy. Next time we will talk about the .AF fate.

Farzaneh Badii

Threatening Social Media Platforms With Traffic Throttling

Recently, I prepared a lecture for the Asia Pacific School of Internet Governance. In midst of my research, came across an old piece of news. Last year, Facebook claimed that it had only agreed to comply with the Vietnam requests to take-down anti-state materials, because the government had threatened to throttle traffic to Facebook. Content-removal, automation of take-downs etc are not the only ways that the governments and other actors regulate social media platforms. One aspect that I think we should think more about is the role of governments in regulating social media platforms via Internet infrastructure. When governments have the liberty to use Internet infrastructure to regulate the actors on the Internet, then we need to think about the appropriate ways that social media platforms should respond to this. Should they, like Facebook, agree to government requests in the face of such threats?

US tech sanctions leave all Iranians in the dark

“Sanctions on digital products and services make the ‘foreign enemy’ syndrome more severe and a more effective tool for isolating the country even further. It is the foreign enemy that doesn’t want you to talk to your kids abroad on Google Talk, it is not the government,” said Farzaneh Badiei, director of the Social Media Governance Initiative at Yale Law School.

“Another problem is these kinds of sanctions legitimize the concept of a national internet. The government can argue that we need to be able to assert sovereignty over the internet so that we’d be self-sufficient and not need them. In reality, they want to create a national internet so that civil society’s access to a global internet diminishes,” she told Asia Times.

Kurosh Ziabari

Asia Times

About The Author

Farzaneh Badii

Digital Medusa is a boutique advisory providing digital governance research and advocacy services. It is the brainchild of Farzaneh Badi[e]i.Digital Medusa’s mission is to provide objective and alternative digital governance narratives.