Mark's Musings

A miscellany of thoughts and opinions from an unimportant small town politician and bit-part web developer

How ignorance is killing the Internet


Hot on the heels of an EU regulation that could, if actually implemented and enforced, destroy the advertising-supported economy of websites based in Europe, the British government comes up with a proposal of its own that is equally ludicrous.

For those that may have missed it, the EU recently published a set of regulations that will outlaw cookies. That’s cookies as in the type used by web browsers, not the sort with chocolate chips in, but (bad pun alert!) the new law certainly takes the biscuit. Legal firm Pinsent Masons described the move as “breathtakingly stupid”, and their article does such a good job of pointing out its flaws that I won’t bother rehashing them here.

But it isn’t just the EU making bad laws that affect the Internet. Our own government has recently released the draft wording of the forthcoming Digital Economy bill, which is intended to deal with a variety of issues including copyright infringement and the managing of domain names. Most of the media focus on this has been the proposals for a “three strikes” rule whereby alleged copyright infringers can have their Internet connections cut off without any need for court action. Now, that section has itself been the subject of widespread criticism from within the Internet industry, partly because of the costs it will impose on ISPs (and hence their customers), and partly because of the intrusive nature of the technology that will be required to enforce it. At the moment, ISPs don’t routinely monitor the traffic that passes over their networks, not just because doing so would be costly but also because it would be an invasion of privacy. To give an idea of what that would entail, imagine a situation where Royal Mail, City Link, DHL, Businesspost etc are required by law to open every letter and package they deliver to you in order to check that it doesn’t contain a knock-off DVD. Even if you’re not doing anything wrong, you’re not going to want that – especially if you have to pay them more for the privilege of having it done! But that, in effect, is what the DE bill will oblige ISPs to do.

That’s not, however, the most stupid part of the draft DE bill. Nor is the part that gives the Secretary of State the right to change copyright law to deal with online copying as and when he/she feels like it, without the need for parliamentary scrutiny (and if anyone thinks that might be a good thing for rights holders, consider what happens when the pollsters start telling the ruling party that over-restrictive copyright enforcement is a certain vote loser). No, it gets even more daft than that.

Hidden away amongst the stuff aimed at preserving the Labour Party’s relationship with their wealthy (but wealth-challenged) supporters in the outdated entertainment industry is a section designed to allow the government to regulate domain name registries operating in the UK. To understand what’s going on here, you need to know some of the background.

A root name server

A root name server

Domain names ending in .uk are controlled by Nominet, a not-for-profit organisation which has what amounts to a franchise from the global domain name authority, ICANN (the organisation which controls the root name servers), to operate the .uk ccTLD. Because Nominet is a non-profit organisation, without any shareholders, any money it makes has to be used to develop and maintain the .uk registry system and any associated activities. And, since it doesn’t have shareholders, it’s ultimately controlled by its members, who elect the board and advisory committee. One of the side-effects of this, though, is that Nominet is somewhat vulnerable to a potential internal challenge from its own members who see a carpetbagging opportunity or the chance to alter Nominet’s policies to suit their own ends. And, unfortunately, there are a significant number of Nominet members who want to do this. If they were to take control of Nominet, it could have extremely unpleasant consequences for ordinary users of .uk domain names. The government is, rightly, concerned about this and has included measures in the DE bill which would, in extremis, allow them to impose a regulator on Nominet and ensure that it continues to be run for the benefit of the UK Internet community as a whole and not a small number of self-centred manipulators of the system.

So, what’s wrong with that? Well, nothing, as far as intent is concerned. The possibility that Nominet might get hijacked by carpetbaggers and/or domainers is a real one, and is worth legislating to avoid. Where it all goes wrong is in the actual wording of the draft bill. It looks to me as if there has been a significant amount of mission creep prior to the publication of the bill, and the result is a proposal which would, effectively, give the government ultimate authority over every domain name registry operating in the UK. And, by “registry”, they don’t just mean Nominet or any equivalent organisation. The wording of the bill extends this to any person or organisation which runs a primary DNS server and subdelegates domains or allocates hostnames to anyone else, either as part of a paid-for service or just for free. So, for example, if I own and then let you use and someone else use, then I’m acting as a registry and fall within the remit of the legislation (and it’s not even a .uk domain name either – it applies to any domain, in any TLD). That’s something which is very common – a lot of free or budget webhosting firms do this to allocate subdomains to their customers, and it’s not uncommon among ISPs as well. It’s also extremely common in the academic and hobbyist sectors of the Internet.

This is such a broad-ranging definition that I find it hard to believe that it’s intentional, at least in that form. Rather, it looks to me to be the result of some extremely poor drafting by someone who thinks he knows what he wants to acheive but doesn’t really understand how to go about it.

I’ve deliberately avoided explaining some of the technical and industry terms (such as domainer, primary DNS, TLD and ICANN) I’ve used in this article because I want to make a point here. If you don’t understand them, do you think you would feel capable of writing legislation to control them? I hope that any sensible person would answer “no” to that – they’d either let someone who does understand it work out how to control it, or they’d make the effort to learn how it works before doing so themselves. But the bureaucrats who wrote the Digital Economy bill clearly don’t understand how the Internet works, and that hasn’t stopped them trying to write legislation to control it. The same applies to the authors of the EU regulation that bans cookies. In both cases, something that started out as a genuine, and valuable, attempt to regulate someting undesirable has led to something that actually makes things worse as a result of badly drafted legislation.

The first reason this matters is because the Internet is, increasingly, an essential part of everyday life for many people. These new rules aren’t just an obscure piece of legislation dealing with some esoteric practice; they will have a direct and obvious effect on your normal usage of the Internet. If enforced, the EU regulations on cookies will result in many of your favourite websites closing down or becoming pay-per-view sites. If the Digital Economy bill becomes law in its present form, it will increase the monthly cost of your Internet connection and make you vulnerable to malicious accusations of copyright infringement. These aren’t speculative worst-case scenarios, they are the obvious and most likely outcomes of the law as it stands. And both could have been avoided if the laws’ authors had made some attempt to comprehend the technology they’re trying to regulate.

The second reason this matters is, though, probably even more important than the first. If the EU or the British government is prepared to legislate on things without understanding them, then that massively increases the chances of bad or unworkable laws being passed. But it only seems to be communications technology where this ignorance is tolerated. People would be up in arms if, say, the Minister for Transport admitted to never having learned to drive, or if the Foreign Office employed staff who think that East Anglia is abroad. But there’s no equivalent outrage when the Department for Business, Innovation and Skills clearly doesn’t understand how the Internet works. Maybe that’s because the majority of people don’t, themselves, understand how the Internet works and therefore don’t realise how badly the government is getting it wrong. But, if so, that’s a very dangerous place to be – because ignorance is easily exploited by those who do have the knowledge and the desire to use it for their own ends.