Peripeteia with a song: Afghanistan’s access to IP addresses

As I mentioned in the two previous posts about .AF and generic domain names, sanctions might affect Afghanistan’s access to Internet infrastructure. In this last part of the trilogy, I am going to discuss Afghanistan’s access to Internet Protocol addresses. As a concluding remark, I invite all of us (the Internet community) to address these hurdles to the global Internet more systematically.

Part III: Afghanistan’s Internet Protocol Addresses 

Computers on the Internet address each other through long strings of numbers. Those numbers are Internet Protocol addresses (IP) and Autonomous System (AS) numbers. Sanctions that curtail the distribution of IP addresses might have a much bigger and deeper effect on Afghanistan’s access to technology and the Internet than any sanction on for example domain names. When a domain name goes offline, you can’t get to resources in that domain name, but the computers affected can get out to the Internet. If IP addresses are removed, then they do not work on the Internet at all, which means whole Internet Service Providers can be taken offline.

IP addresses are assigned to those requesting the addresses in blocks. The block assignments are managed by Regional Internet Registries (RIRs), who work in different geographic regions of the world: ARIN for North America and the Caribbean, LACNIC for Latin America, RIPE NCC for Europe and the Middle East, AFRINIC for Africa, and APNIC for Asia-Pacific.  Each of these organizations has a legal corporate existence somewhere. The party who receives the assignment is usually called a Local Internet Registry or LIR.

Suppose that the Taliban are the government of Afghanistan and the entire country comes under economic sanction from other countries. In that case, it may be challenging for an RIR (in this case, APNIC) to deal with people inside Afghanistan. We have seen this already in the RIPE region, which includes Iran and Syria.

RIPE NCC has been dealing with political and now bigger legal problems, because it serves countries sanctioned by the government of the Netherlands. RIPE NCC is an association under Dutch law, and so it has to obey sanctions under those laws. That is bad news for Internet operations in Syria and Iran.

APNIC is incorporated in Australia, so it needs to follow Australian laws. If the government of Australia (or the UN Security Council) decides to impose sanctions against Afghanistan, then APNIC will be restricted in the services it can provide to entities in Afghanistan. So, entities in Afghanistan seem likely to have a hard time getting new blocks of IP addresses, and it is even possible that the maintenance of existing blocks could be affected. You can see from this list that Australia already has sanctioned the Taliban when they were in power (or followed the UN rules about that), and in the past had even sanctioned ministries (commerce and agriculture for example).

To clarify the issues APNIC might be grappling with in the future, it helps to break down the nature of services that APNIC offers to the Local Internet Registries:

–  Membership contract: the RIR signs a contract with LIR and charges them an annual fee. This relationship might be categorized as “transactional”. Transactional relationships, especially when banks are involved, are likely to be subject to sanctions.

–  IP addresses as assets: the UN sanctions against Taliban has provided a list which imposes sanctions on some Taliban entities and individuals’ assets. If IP addresses can be categorized as assets, then according to the sanction’s rules APNIC has to freeze them (repossess them in this instance). RIRs generally try to treat IP address assignments as something other than assets. Courts have not always followed that lead, and there is a robust “secondary transfer market” in IPv4 address space.

–  Maintaining registration of IP addresses: it is unclear whether maintenance of the registration service is providing services and affected by sanctions. Since maintenance of registration requires some sort of financial and membership relationship, it may well be classified as an ongoing service and affected by the sanctions.

There are ways to resolve these problems through, for example, asking the UN to delist entities that are not terrorist organizations anymore. The Australian government also allows applications for a permit to serve those countries. Yet even a permit from Australia or being delisted from the UN sanction list might not fully solve the problem.The location of APNIC might not shield them from difficulty if the US decides to impose sanctions independent of any other country (and Taliban is already in the sanction list). Unfortunately, the US sanction system affects a host of intricate networks from banks to transactions with third parties. Many commercial parties are risk averse, and simply close their services to sanctioned countries’ residents even when sanctions do not apply to those residents. It is entirely possible that banks won’t allow transactions with Afghanistan, because no bank in the world can afford to forego operations in the US.

There are other third party problems that might arise. For example, the IP addresses could be reallocated to sanctioned entities via third parties.  This is much similar to working with informal financial organizations that facilitate transfer of money from sanctioned entities. One answer to this might be that APNIC will not be responsible for third party action, but successful investigations might oblige APNIC to repossess the registered IP addresses.

Concluding remarks:

We have known about the problem of sanctions and how they affect access to Internet infrastructure for many years. But we have never addressed it systematically.  Neither have we tried to create a coalition that can help to ensure all people’s access to infrastructure. We need a holistic plan to work with governments in order to overcome these risks, perhaps through granting of general licenses or through transnational solutions. What we must not do is solve these issues one by one anymore.

 

Tragedy part II: the fate of .AF

In the last post I discussed Afghanistan’s access to generic domain names. In this post, I will talk about how the Taliban takeover can affect access to .AF, Afghanistan’s Country Code Top Level Domain Name. 

Country code TLDs (or ccTLDs) were originally assigned on the basis of an International Standards Organization (ISO) standard, ISO 3166. The Internet Assigned Numbers Authority made this decision before ICANN came into existence. The idea was that there was already an existing process in the world that decided what a country was and how it should be identified, so the Internet community did not have to solve that problem. A few years ago ICANN extended the meaning of ccTLD to include internationalized versions of country names (that is, labels that are written in characters other than the ASCII that ISO 3166 uses). Those assignments still rely on the existence of an entry in the ISO 3166 standard, however. The country code TLD for Afghanistan is AF.

One interpretation of ICANN policies is that sanctions will not affect the ccTLDs, therefore they might not affect the redelegation of .AF. In delegation and redelegation of ccTLDs, ICANN has traditionally maintained a neutral role, and it normally does not adjudicate directly. It prefers to rely on decisions made by local actors. IANA resolutions that declare the delegation or redelegation of a ccTLD are generally rubber-stamping local decisions. IANA has a standard process for this, documented at this link. It does have certain requirements that might not be purely technical (for example, it requires multi-stakeholder support for the redelegation), but it does not proactively negotiate with the parties or facilitate the redelegation. Sometimes if it cannot evaluate the multistakeholder local support, it still goes ahead with the approval of the delegation. Over the years, the operators of ccTLDs ensured this neutrality and hands-off approach so that ICANN and its Government Advisory Committee would not get too involved in delegation and redelegation decisions. Given that the Afghan Ministry of Communications runs the .AF registry, if the Taliban takes over the ministry of communications, there is a possibility that they will thereby receive control of .AF. 

It is also possible that, even if there is a legal dispute against Afghanistan in the US, .AF won’t be affected. There is jurisprudence about the delegation of ccTLDs. Once, in the US, terrorist victims wanted to attach .IR to the victims as an Islamic Republic asset, but the court ruled against the attachement (see Weinstein v. Islamic Republic of Iran et al., No. 14-7193 (D.C. Cir. 2016).  Also see Mueller and Badiei paper about the attachment of .IR

There are, however, other scenarios to think about:

Issue 1: If the operator of .AF is in the Specially Designated Nationals (SDN) list, the legal arguments that worked to protect the .IR operator might not work in this case. At the time of the court ruling, the Iranian registry operator was not in the SDNl list. It is unclear whether the .AF operator will be on the SDN list. But if the Taliban operator is on the SDN list, claimants can use it as a legal argument in court to remove the delegation of .AF. However, it  is unclear whether the court admits such an argument.

 

Issue 2: If there are technical issues or a redelegation request does not provide ICANN with the correct documentation, it is possible that .AF goes dormant, i.e. no one will operate it. In fact .AF went dormant between 2000 and 2003. ICANN in several cases has not delegated or redelegated the ccTLDs due to incomplete requests or simply due to the fact that there was no local person that responded to ICANN and provided documentations. For example, it was not until 2007 that ICANN assigned North Korea’s ccTLD. Their application in 2004 was not complete. In 2007,  a German affiliate of the Korea Computer Center submitted a request for delegation which the Board decided to approve. 

 

All in all even when it comes to ccTLD redelegation, which is supposed to be a more or less straightforward process, the situation is complicated and .AF’s fate is unknown. 

In the next and last part of the trilogy, we will discuss Afghanistan’s access to Internet Protocol addresses.

A Trilogy: the tragedy of Internet infrastructure in Afghanistan

The US and other countries have imposed economic sanctions against certain target countries, such as Syria and Iran. These sanctions have had negative consequences for access by the residents of those target countries to a variety of Internet services. Over the years these  sanction laws applied to the Internet more fiercely. The dream of an open, interconnected Internet is fading. Now that the head of the newly established Taliban government is on the UN sanction list, it seems likely we are now going to add another sanctioned country to the list: Afghanistan. 

There are a few infrastructure elements in Afghanistan that sanctions can affect: generic domain names, country code domain names, and Internet protocol addresses. I will cover these areas in three different blogs. For now, we can talk about what will happen to access to Generic Top-level Domain Names.

Part I. Generic Top-level Domain Names 

The Internet uses a system called the Domain Name System (DNS) to make things on the Net accessible to humans. (If you are reading this blog, you likely already know this, but I’ll include it for completeness.) Computers on the Internet address each other through strings of numbers, which are hard for humans to remember. So, for convenience, the DNS maps those numbers to easy-to-remember names like “digitalmedusa.org”. The DNS is hierarchical, so that different people can administer different parts of it. Each “dot” in a domain name is a place where a new person can take over administration in a new “zone” (this is optional, not required). The part at the end (each part is called a “label”) is called a “top-level domain name” because it is at the “top” of the hierarchy. Because on the Internet nobody likes to speak in words when a bit of jargon can make things harder to understand, “top-level domain name” (for example .ORG) is usually shortened to “TLD”.  All the TLDs are in a special zone called the root zone, and this zone is administered by the Internet Corporation for Assigned Names and Numbers, or ICANN, as one of the functions of the Internet Assigned Numbers Authority (IANA).  ICANN is incorporated in the US, which is significant for this topic.

Generic domain names are domain names that are not assigned on the basis of country. Some have been around for a long time, such as .COM. Others are pretty new, such as .MARKET. While the original TLDs were created before ICANN came into being, the new TLDs were all created according to ICANN processes.  Those processes imposed common contractual terms on the registry operators, as well as on the accredited registrars for registering names beneath these TLDs.

Afghan domain name registrants will most likely face the same problems people in Iran and other sanctioned countries face. Problems that I elaborated some years ago, such as confiscation of domain name or forcing a well established business to move, or just ending the domain name with no proper notice. New generic domains registries often have a direct relationship with the registrants, and so  have to apply sanctions to those registrants. Sometimes the legacy domain names (such as those ending in .COM) also are taken down through court order . 

Unfortunately, due to what might be called private sector over-compliance, the issue is not just limited to the US government block list (or specific sanctioned entities and individuals). Businesses are so risk averse that they don’t even give a chance to normal people living in sanctioned countries to operate their domain names.

Who is going to be cautious from now on dealing with Afghan residents? .NGO, .ACADEMY, .MARKET and a whole host of registrars.

We could have solved this problem by receiving a license from the Office of Foreign Assets Control (OFAC). But unfortunately, many actors I have talked to pass the ball to someone else until it finally gets to ICANN. We asked ICANN in a consensus report to file for a license a few years ago, but nothing seems to be happening on that front.

This was the first of the trilogy. Next time we will talk about the .AF fate.

Farzaneh Badii

About The Author

Farzaneh Badii

Digital Medusa is a boutique advisory providing digital governance research and advocacy services. It is the brainchild of Farzaneh Badi[e]i.Digital Medusa’s mission is to provide objective and alternative digital governance narratives.