Internet protocols are complex. As lawmakers finally move to regulate the web, complications will be the norm.

By Xische Editorial, October 18, 2019

Do we really understand the infrastructure of the internet? Of course, we interact with the internet and smart devices all day but do we understand the difference between protocols such as HTTP and HTTPS (hint, it has to do with encryption)? The gulf between how we use the internet and how much we understand about how the internet functions is coming into sharp focus thanks to regulatory pushes in the United States and Europe. 

After years of data scandals at leading technology and social media companies, the European Union implemented far-reaching data legislation laws called the General Data Protection Regulation (GDPR). Since 2018, GDPR has transformed how websites and companies collect information on their users in a manner that gives users more power over their data. The debate surrounding the passage of this law promoted fresh conversation about how companies collect, analyse, and store data. Regardless of your position on GDPR, the conversation that it started is long overdue and has been fascinating to watch unfold. 

A similar debate is finally getting started in the United States. Home to the world’s leading technology companies, any legislation passed by US lawmakers carries significant global implications. The only problem is that it appears that many US lawmakers don’t seem to grasp how Silicon Valley and the basic mechanics of the internet function. 

When Facebook CEO Mark Zuckerberg was brought up to testify before the US Senate in the wake of a major data scandal at the company, it was clear that some lawmakers didn’t have the slightest how Facebook made money. Senator Orin Hatch of Utah even asked how Facebook made money if it “offered its products for free”. Zuckerberg responded coyly, noting that the company makes money by running ads. 

This story highlights the challenges of data regulation in the world’s most important technology market. We have argued that smart regulation is critical for protecting user data and ensuring that innovation can continue without being stifled. The only way such legislation can materialise is if there is a vibrant and healthy debate about the nature of technology and its role in our lives. Smaller countries with nimble legislative environments such as the UAE and Baltic states have the advantage of being able to respond to developments in the technology landscape and regulate quickly. 

Recent legislation in the US Congress, however, highlights the potential pitfalls of heavy-handed regulation. Last month, antitrust investigators began scrutinising Google’s plans to use a new security protocol in its Chrome web browser because of concerns that it would stifle telecom operators’ ability to access consumer data. According to the Wall Street Journal, “the new standard modernizes a fundamental building block of the internet known as the domain name system or DNS. This software takes a user’s electronic request for a website name such as wsj.com and, much like a telephone book, provides the series of internet protocol address numbers used by computers.”

This new technology will improve user security since the user will have more control over who can see their internet surfing data. Internet service providers, which traditionally had access to all user surfing data, will be effectively left in the cold and that’s why the Congress believes this could give Google a competitive advantage in terms of monetising user data patterns. 

Who’s right in this debate is far from a settled issue. First of all, the notion that DNS is secure is even debatable and that’s one reason why Google is trying to update the protocol (and getting negative attention about it). Lily Hay Newman, a security writer at Wired, outlines a brief history of DNS: “The concept of DNS was developed in the mid-1980s and hasn't evolved much since the early 1990s. Like many foundational internet protocols, DNS has been remarkably flexible and serviceable over the years. But having roots that predate the rise of the modern internet has led to inevitable problems, one of which is that those address lookups aren't encrypted. That’s a big deal. Any time your browser attempts a DNS lookup, that request can pass across multiple servers.”

One can spot the tension. Google is updating an older protocol in a manner that is much more secure for users but siphons off user data to Google’s eyes only. Should Congress step in and protect the marketplace by limiting Google’s power to provide secure DNS? Is that an overstep that limits user ability to choose the most secure web protocol? 

The answer is not clear but the debate is, again, most critical here. The more mainstream users understand DNS protocol and other aspects of the core internet infrastructure, the better decisions they can make. While this issue might have more to do with the marketplace than engineering the internet, it is one of many that will soon be debated around the world. Without educated viewpoints, we wouldn’t achieve the goal of smart regulation ready for the rapidly developing global marketplace.