As I mentioned in the two previous posts about .AF and generic domain names, sanctions might affect Afghanistan’s access to Internet infrastructure. In this last part of the trilogy, I am going to discuss Afghanistan’s access to Internet Protocol addresses. As a concluding remark, I invite all of us (the Internet community) to address these hurdles to the global Internet more systematically.
Part III: Afghanistan’s Internet Protocol Addresses
Computers on the Internet address each other through long strings of numbers. Those numbers are Internet Protocol addresses (IP) and Autonomous System (AS) numbers. Sanctions that curtail the distribution of IP addresses might have a much bigger and deeper effect on Afghanistan’s access to technology and the Internet than any sanction on for example domain names. When a domain name goes offline, you can’t get to resources in that domain name, but the computers affected can get out to the Internet. If IP addresses are removed, then they do not work on the Internet at all, which means whole Internet Service Providers can be taken offline.
IP addresses are assigned to those requesting the addresses in blocks. The block assignments are managed by Regional Internet Registries (RIRs), who work in different geographic regions of the world: ARIN for North America and the Caribbean, LACNIC for Latin America, RIPE NCC for Europe and the Middle East, AFRINIC for Africa, and APNIC for Asia-Pacific. Each of these organizations has a legal corporate existence somewhere. The party who receives the assignment is usually called a Local Internet Registry or LIR.
Suppose that the Taliban are the government of Afghanistan and the entire country comes under economic sanction from other countries. In that case, it may be challenging for an RIR (in this case, APNIC) to deal with people inside Afghanistan. We have seen this already in the RIPE region, which includes Iran and Syria.
RIPE NCC has been dealing with political and now bigger legal problems, because it serves countries sanctioned by the government of the Netherlands. RIPE NCC is an association under Dutch law, and so it has to obey sanctions under those laws. That is bad news for Internet operations in Syria and Iran.
APNIC is incorporated in Australia, so it needs to follow Australian laws. If the government of Australia (or the UN Security Council) decides to impose sanctions against Afghanistan, then APNIC will be restricted in the services it can provide to entities in Afghanistan. So, entities in Afghanistan seem likely to have a hard time getting new blocks of IP addresses, and it is even possible that the maintenance of existing blocks could be affected. You can see from this list that Australia already has sanctioned the Taliban when they were in power (or followed the UN rules about that), and in the past had even sanctioned ministries (commerce and agriculture for example).
To clarify the issues APNIC might be grappling with in the future, it helps to break down the nature of services that APNIC offers to the Local Internet Registries:
– Membership contract: the RIR signs a contract with LIR and charges them an annual fee. This relationship might be categorized as “transactional”. Transactional relationships, especially when banks are involved, are likely to be subject to sanctions.
– IP addresses as assets: the UN sanctions against Taliban has provided a list which imposes sanctions on some Taliban entities and individuals’ assets. If IP addresses can be categorized as assets, then according to the sanction’s rules APNIC has to freeze them (repossess them in this instance). RIRs generally try to treat IP address assignments as something other than assets. Courts have not always followed that lead, and there is a robust “secondary transfer market” in IPv4 address space.
– Maintaining registration of IP addresses: it is unclear whether maintenance of the registration service is providing services and affected by sanctions. Since maintenance of registration requires some sort of financial and membership relationship, it may well be classified as an ongoing service and affected by the sanctions.
There are ways to resolve these problems through, for example, asking the UN to delist entities that are not terrorist organizations anymore. The Australian government also allows applications for a permit to serve those countries. Yet even a permit from Australia or being delisted from the UN sanction list might not fully solve the problem.The location of APNIC might not shield them from difficulty if the US decides to impose sanctions independent of any other country (and Taliban is already in the sanction list). Unfortunately, the US sanction system affects a host of intricate networks from banks to transactions with third parties. Many commercial parties are risk averse, and simply close their services to sanctioned countries’ residents even when sanctions do not apply to those residents. It is entirely possible that banks won’t allow transactions with Afghanistan, because no bank in the world can afford to forego operations in the US.
There are other third party problems that might arise. For example, the IP addresses could be reallocated to sanctioned entities via third parties. This is much similar to working with informal financial organizations that facilitate transfer of money from sanctioned entities. One answer to this might be that APNIC will not be responsible for third party action, but successful investigations might oblige APNIC to repossess the registered IP addresses.
We have known about the problem of sanctions and how they affect access to Internet infrastructure for many years. But we have never addressed it systematically. Neither have we tried to create a coalition that can help to ensure all people’s access to infrastructure. We need a holistic plan to work with governments in order to overcome these risks, perhaps through granting of general licenses or through transnational solutions. What we must not do is solve these issues one by one anymore.