Preserving the Internet's policy-neutral core

In August 2002, the Recording Industry Association of America (RIAA) sued a group of U.S.-based Internet service providers, seeking to block access to a music-copying site in China. The suit was dropped when the offending site was shut down, but the event was widely regarded as a pivotal moment. It was widely known that the so-called “Great Firewall of China” blocks access from within China to many international sites. In a test conducted from March 2002 to November 2002, researchers at Harvard’s Berkman Center for Internet and Society found that 10 percent of the 200,000 sites they tested were blocked. But the RIAA’s action was an ominous sign that in the United States, as well, political and economic interests could interfere with the flow of packets on the Internet.

In July 2003, during an InfoWorld Test Center lab test between two locations, Senior Analyst P.J. Connolly and I encountered another kind of blockage. Each of us maintains a pair of independent DSL circuits. Of our four different providers, two — one of P.J.’s, one of mine — were silently blocking traffic on TCP Port 135. The cause, we found, was a July 24 advisory posted by the U.S. Department of Homeland Security. Reacting to an epidemic of worms exploiting vulnerabilities in the Windows RPC (Remote Procedure Call) subsystem, the advisory recommended not only that computer owners patch their systems but also that ISPs and network administrators “consider blocking TCP and UDP Ports 135, 139, and 445 for inbound connections unless absolutely needed for business or operational purposes.”

In September 2003, VeriSign altered the .com and .net DNS registries to make domain name lookups resolve to Site Finder, a revenue-generating VeriSign site. Internet technologists argued that network management and anti-spam tools depend on unaltered failure responses. On Oct. 4, under pressure from the Internet Corporation for Assigned Names and Numbers (ICANN), VeriSign withdrew Site Finder, but two weeks later, the company vowed to resurrect Site Finder with minor tweaks and after giving 30 to 60 days’ notice.

In its defense, VeriSign said that its survey of users found that most were happy to have mistyped domain names redirected to an informative site. VeriSign also argued that the Internet Engineering Task Force’s BCP (Best Current Practices) 56 — aka RFC (Request for Comments) 3205 — discourages using “HTTP on Port 80 for applications other than Web browsing,” an interpretation that Web services experts flatly refute.

The Internet, it’s often said, treats censorship as damage and routes around it. Even before ICANN weighed in on Site Finder, ISPs and network administrators had begun to route around it. Ironically, one major network that reportedly opted out was the tightly controlled Chinese Internet backbone, prompting some observers to foresee an escalating arms race of blockages. We doubt that will happen. But recent events remind us that although the Internet was built to survive a nuclear attack, it may need some help resisting political and economic assaults on its policy-neutral core.