The Internet - Learning Module

Loading content...

0/228

Internet Governance: Coordinating the Global Network

Who Runs the Internet?

"Who runs the Internet?" seems like a simple question, but the answer reveals one of the Internet's most remarkable characteristics: no single entity controls it. Unlike traditional telecommunications systems governed by treaties and national regulators, the Internet operates through a complex web of organizations, agreements, and stakeholder communities.

Understanding Internet governance isn't optional for network professionals. It explains how IP addresses get allocated, how domain names work, why protocols evolve the way they do, and where policy debates happen. Whether you're designing network architecture, defending against attacks, or making business decisions about Internet services, these governance structures shape your operating environment.

What You Will Learn

By the end of this page, you will understand the major Internet governance organizations—ICANN, IANA, Regional Internet Registries, IETF, W3C, and more. You'll grasp how IP addresses and domain names are managed, how Internet standards are developed, and how the multi-stakeholder model coordinates a global resource without central authority.

The Multi-Stakeholder Governance Model

Internet governance operates through multi-stakeholder processes—meaning governments, private sector, civil society, technical community, and academia all participate in decision-making. No single category of stakeholder holds ultimate authority.

Why Multi-Stakeholder?

The Internet's technical origins shaped its governance. Academic and technical communities built the early Internet with minimal government involvement. By the time governments recognized its importance, governance structures already existed—and they worked.

Key principles of multi-stakeholder Internet governance:

Multi-Stakeholder Principles

•Inclusivity — All affected parties can participate in relevant decisions, regardless of sector or nationality.
•Transparency — Processes are open; decisions and rationales are publicly documented.
•Consensus-based — Decisions seek broad agreement rather than majority vote; persistent objections carry weight.
•Bottom-up — Policies emerge from community input rather than top-down mandates.
•Distributed authority — Different organizations handle different functions; no single body controls everything.
•Technical merit — Technical decisions prioritize what works over political preferences.

The Governance Landscape:

Internet governance involves multiple overlapping organizations:

Technical coordination — Managing the technical resources that make the Internet work (addresses, names, protocols)
Standards development — Creating the protocols and formats that enable interoperability
Operational security — Responding to threats and maintaining stability
Policy development — Addressing issues like privacy, access, and content

No single entity handles all these functions. Instead, specialized organizations handle specific domains, coordinating through overlapping membership and liaison relationships.

Governments and Internet Governance

Governments have limited direct control over Internet governance, which some view positively (preventing censorship, enabling innovation) and others view negatively (lack of democratic accountability, US influence). Through organizations like the UN's Internet Governance Forum (IGF) and ITU, some governments advocate for more traditional intergovernmental control. This tension remains central to Internet governance debates.

ICANN and IANA: Critical Internet Resources

ICANN (Internet Corporation for Assigned Names and Numbers) and IANA (Internet Assigned Numbers Authority) manage the Internet's critical unique identifiers—the resources that must be globally coordinated for the Internet to function.

IANA Functions:

The IANA functions predate ICANN and continue under its umbrella:

IP Address Allocation — Allocating IP address blocks to Regional Internet Registries (RIRs)
Domain Name Coordination — Managing the DNS root zone and delegating top-level domains
Protocol Parameters — Maintaining registries of protocol values (port numbers, protocol numbers, etc.)

Jon Postel individually performed IANA functions from the 1970s until his death in 1998, when the role was formalized under ICANN.

ICANN Structure:

ICANN is a California nonprofit corporation, but its community governance is global:

Board of Directors — Sets policy and oversees operations; includes community-selected and independent directors
Supporting Organizations (SOs) — Develop policy for specific areas:
- GNSO (Generic Names SO) — gTLD policy (.com, .org, .net, etc.)
- ccNSO (Country Code Names SO) — ccTLD coordination (.us, .uk, .jp, etc.)
- ASO (Address SO) — IP address policy coordination
Advisory Committees (ACs) — Provide advice to the Board:
- GAC (Governmental Advisory Committee) — Government input
- ALAC (At-Large AC) — End-user interests
- SSAC (Security and Stability AC) — Technical security advice
- RSSAC (Root Server System AC) — Root server operations

ICANN/IANA Resource Management
Resource	IANA Role	Delegation
IP Addresses	Allocate /8 blocks to RIRs	RIRs allocate to ISPs/organizations
Domain Names (gTLDs)	Delegate to registry operators	Registries manage TLD operations
Domain Names (ccTLDs)	Delegate to country managers	Often national organizations/governments
Root Zone	Coordinate root zone updates	Verisign operates root zone; 12 orgs operate root servers
Protocol Parameters	Maintain registries per IETF standards	Technical community requests allocations

The IANA Stewardship Transition:

Until 2016, the US government (via NTIA) maintained oversight of the IANA functions through a contract with ICANN. In 2016, this contract expired and was not renewed—transferring stewardship to the global multi-stakeholder community.

This transition was contentious. Supporters viewed it as appropriate internationalization of a global resource. Critics worried about losing US protection against authoritarian capture. The compromise created new accountability mechanisms within ICANN, including community powers to reject Board decisions and remove directors.

The Root Zone Matters

Control of the DNS root zone is extraordinarily sensitive. The root zone file contains delegations for all top-level domains. Modifications could theoretically remove entire countries from the DNS namespace or redirect TLDs to different operators. While procedural safeguards and technical distribution protect against arbitrary changes, root zone governance remains a focus of geopolitical attention.

Regional Internet Registries (RIRs)

Regional Internet Registries (RIRs) manage IP address allocation within their geographic regions. They receive large address blocks from IANA and allocate them to ISPs, enterprises, and other organizations needing Internet number resources.

The Five RIRs:

Regional Internet Registries
RIR	Region	Founded	Members
ARIN	North America, Caribbean, North Atlantic	1997	~6,500
RIPE NCC	Europe, Middle East, Central Asia	1992	~20,000
APNIC	Asia-Pacific	1993	~7,000
LACNIC	Latin America, Caribbean	2002	~12,000
AFRINIC	Africa	2004	~2,000

RIR Functions:

RIRs handle critical Internet resource management:

IP Address Allocation:

Receive IPv4 and IPv6 blocks from IANA
Allocate to ISPs (who further assign to customers)
Directly assign to end-user organizations qualifying for their own space
Maintain registries documenting who holds which addresses

ASN Allocation:

Assign Autonomous System Numbers to organizations running BGP
Maintain ASN registries

Routing Registry:

Operate regional Internet Routing Registries (IRRs)
Document routing policies and prefix ownership
Enable route origin validation

Policy Development:

RIRs develop allocation policies through open community processes:

Anyone can propose — Policy proposals come from the community
Mailing list discussion — Proposals are debated publicly
Public meetings — Discussed at regional meetings (ARIN meetings, RIPE meetings, etc.)
Consensus evaluation — Chairs assess community consensus
Board ratification — RIR boards approve policies achieving consensus

This bottom-up process means the organizations receiving IP addresses set the policies for how those addresses are allocated.

IPv4 Exhaustion Status

•APNIC — Reached final /8 in 2011; allocating from last block with strict limits
•RIPE NCC — Exhausted in 2012; now allocating only from recovered/returned space
•LACNIC — Reached final /10 in 2014; severe address scarcity
•ARIN — Officially exhausted in 2015; waitlist for returned addresses
•AFRINIC — Reached last /8 in 2017; limited availability remains

Obtaining IP Addresses

Small organizations typically receive IP addresses from their ISP (provider-assigned space). Larger organizations needing portable addresses apply to their RIR, demonstrating need through a justified request showing planned utilization. IPv6 is much easier to obtain—RIRs actively encourage IPv6 adoption to address IPv4 exhaustion.

Internet Standards: IETF and Beyond

Internet protocols are developed through open standards processes. The primary organization is the Internet Engineering Task Force (IETF), but other bodies contribute essential standards.

IETF (Internet Engineering Task Force):

The IETF develops the protocols that make the Internet work—TCP, IP, HTTP, DNS, TLS, BGP, and hundreds more. Its motto: "We reject kings, presidents, and voting. We believe in rough consensus and running code."

IETF Characteristics:

Individual participation — People participate as individuals, not representing employers
Open meetings — Anyone can attend; no membership required
Mailing lists — Primary work happens on public mailing lists
Rough consensus — Decisions seek broad agreement, not unanimity or voting
Running code — Working implementations validate specifications
Area Directors — Technical experts guide work areas but don't command

The RFC Process:

IETF standards become RFCs (Requests for Comments)—the Internet's standard documentation format:

Internet-Draft — Working document, expires after 6 months, subject to change
Working Group Adoption — WG accepts draft for development
WG Consensus — Working group agrees draft is ready
IETF Last Call — Broader community review
IESG Review — Area Directors evaluate for publication
RFC Publication — Becomes permanent, numbered document

RFC Categories:

Standards Track — Proposed Standard, Internet Standard (the highest status)
Informational — Useful information not intended as a standard
Experimental — Research and experimental protocols
Best Current Practice (BCP) — Operational guidance and process documents
Historic — Obsoleted or deprecated specifications

Key Internet Standards Organizations
Organization	Focus	Notable Standards
IETF	Internet protocols	TCP, IP, HTTP, DNS, TLS, BGP
W3C	Web standards	HTML, CSS, DOM, WebAssembly, Accessibility
IEEE	Hardware and lower-layer protocols	Ethernet (802.3), WiFi (802.11), Bluetooth
ITU-T	Telecommunications	H.264/265 video, telephony standards
OASIS	Enterprise/security standards	SAML, WS-*, STIX/TAXII
ISO	International standards	ISO 7498 (OSI model), ISO 8601 (date formats)

W3C and Web Standards

The World Wide Web Consortium (W3C) develops standards for the Web platform—HTML, CSS, DOM APIs, WebAssembly, and accessibility guidelines. While the IETF handles HTTP (the transport), W3C handles what's transported and how browsers process it. Both organizations coordinate through liaison relationships to ensure their standards work together.

Domain Name System Governance

The Domain Name System (DNS) translates human-readable names to IP addresses. Its governance involves multiple layers:

Root Zone Management:

The DNS root zone contains delegations for all top-level domains. Its management involves:

IANA (ICANN) — Coordinates root zone content changes
Verisign — Operates the root zone (edits and publishes the file) under contract
Root Server Operators — 12 organizations operate 13 root server clusters (with anycast providing 1,700+ actual instances)
RSSAC — Advises on root server system architecture and operations

The root zone is extraordinarily stable—changes are carefully reviewed and relatively rare. Adding a new TLD or updating a delegation triggers a multi-step verification process.

Top-Level Domain Governance:

Generic TLDs (gTLDs):

Legacy gTLDs (.com, .net, .org, .edu, .gov, .mil, .int) — Established before ICANN
Sponsored gTLDs (.aero, .coop, .museum) — Operated by sponsoring organizations for specific communities
New gTLDs — 1,200+ TLDs added since 2012 (.xyz, .app, .blog, brand TLDs)

gTLD registries operate under contracts with ICANN specifying technical and policy requirements.

Country-Code TLDs (ccTLDs):

ccTLDs (.us, .uk, .jp, .cn, etc.) are delegated to organizations in each country. ICANN's role is limited—ccTLDs often follow national policies rather than ICANN rules. Some ccTLDs (like .tk for Tokelau) operate as de facto gTLDs with open registration.

DNS Ecosystem Participants

•Registries — Operate TLDs and maintain authoritative databases (Verisign for .com/.net, PIR for .org)
•Registrars — Sell domain registrations to the public (GoDaddy, Namecheap, Cloudflare)
•Registrants — People and organizations who register domain names
•Resellers — Sell registrar services under their own brand
•DNS Operators — Run authoritative DNS servers (may be registrar, registry, or independent)
•Resolvers — Recursive DNS servers that answer queries (ISPs, Google Public DNS, Cloudflare 1.1.1.1)

Domain Disputes:

Conflicts over domain names are resolved through:

UDRP (Uniform Domain-Name Dispute-Resolution Policy) — ICANN-mandated arbitration for trademark disputes
URS (Uniform Rapid Suspension) — Faster, cheaper process for clear trademark violations
Court litigation — Traditional legal remedies in relevant jurisdictions

UDRP applies to gTLDs; ccTLDs may have their own dispute processes.

DNSSEC Deployment

DNSSEC adds cryptographic authentication to DNS, preventing spoofing attacks. The root zone was signed in 2010, and most TLDs now support DNSSEC. However, deployment at the individual domain level remains limited—only about 30% of domains in signed TLDs have DNSSEC enabled. Network engineers should understand DNSSEC to properly secure name resolution.

Operational and Security Organizations

Beyond governance of resources and standards, various organizations coordinate Internet operations and security:

Network Operator Groups:

Regional and topic-specific operator groups facilitate coordination among network engineers:

NANOG (North American Network Operators Group) — One of the most influential; focus on routing and backbone operations
RIPE — European network operators (combines with RIR function)
APRICOT/APNIC — Asia-Pacific operators
Many others — MENOG, AfNOG, regional NOGs, topic-specific groups

These groups share operational experiences, discuss routing issues, and coordinate responses to incidents. They're informal but crucial—many significant security responses are coordinated through operator group mailing lists.

Key Operational Organizations
Organization	Focus	Activities
FIRST	Incident response	Global forum of CERTs/CSIRTs; coordinates cross-border response
ICANN OCTO	DNS security and stability	Monitors DNS threats; operates L-Root
MANRS	Routing security	Promotes routing security best practices
OARC	DNS research and ops	DNS operators; research into DNS security
Internet Society	Internet development	Promotes Internet development and access globally
CISA	Critical infrastructure (US)	Coordinates US Internet security efforts

CERTs and Incident Response:

Computer Emergency Response Teams (CERTs) or Computer Security Incident Response Teams (CSIRTs) respond to security incidents:

National CERTs — Government-sponsored teams for national coordination (US-CERT, CERT-UK, JPCERT)
Sector CERTs — Industry-specific teams (financial, healthcare, energy)
Organizational CERTs — Internal security teams at large organizations
Vendor CERTs — Coordinate vulnerability disclosure (Microsoft, Apple, etc.)

FIRST (Forum of Incident Response and Security Teams) connects these teams globally, enabling cross-border coordination during major incidents.

Routing Security Initiatives:

MANRS (Mutually Agreed Norms for Routing Security) promotes routing security best practices:

Filtering — Prevent propagation of incorrect routing information
Anti-spoofing — Implement BCP38 to prevent source address spoofing
Coordination — Maintain accurate contact information for incident response
Global validation — Encourage RPKI deployment for route origin validation

RPKI (Resource Public Key Infrastructure) provides cryptographic proof of IP address and AS number holdings, enabling Route Origin Validation (ROV) to reject hijacked routes.

Coordination Without Authority

Internet security coordination relies on voluntary cooperation—there's no enforcement authority. When a network is hijacking traffic or hosting attacks, responders can pressure, publicly shame, or disconnect the offending network, but there's no global Internet police. This makes community norms, reputation, and economic pressure the primary enforcement mechanisms.

Contemporary Governance Challenges

Internet governance faces ongoing challenges as the Internet's importance grows and stakeholder interests diverge:

Fragmentation Pressures:

The unified global Internet faces fragmentation pressures:

National sovereignty — Some governments want control over "their" portion of the Internet
Data localization — Requirements to keep data within national borders
Content control — Blocking and filtering create national differences in Internet experience
Alternative DNS roots — Some propose national DNS systems independent of ICANN
Protocol politics — Disputes over protocol development can reflect geopolitical tensions

Key Governance Tensions

•Multi-stakeholder vs. Multilateral — Should governments have special authority, or should all stakeholders be equal?
•Innovation vs. Protection — Should platforms be liable for user content, or does immunity enable innovation?
•Global vs. Local — How do global platforms comply with contradictory national laws?
•Openness vs. Security — How much should protocols be designed to enable surveillance or prevent it?
•Centralization vs. Distribution — Are dominant platforms undermining the Internet's distributed nature?

Emerging Governance Areas:

New technologies create new governance needs:

Artificial Intelligence:

AI governance intersects with Internet governance as AI systems increasingly operate over networks
Questions about AI-generated content, deepfakes, and automated decision-making

Internet of Things:

Billions of poorly-secured devices create security challenges
Device lifecycle management (updates, end-of-life) lacks governance frameworks

Encryption vs. Access:

Strong encryption protects privacy but frustrates law enforcement
Debates over "exceptional access" and key escrow continue

Platform Power:

Major platforms control communication infrastructure without traditional common carrier obligations
Content moderation decisions affect billions without clear accountability

Governance Participation

Internet governance processes are generally open to participation. IETF meetings, ICANN meetings, RIR meetings, and operator group meetings welcome newcomers. Mailing lists are public. Engaging in these processes is how standards and policies get shaped. Network engineers have valuable perspectives that governance discussions need—technical reality should inform policy.

Summary: Internet Governance

We've explored the complex ecosystem of organizations that coordinate Internet operation—from technical resource management to standards development to security coordination. Let's consolidate the key governance concepts:

Key Governance Takeaways

•Multi-stakeholder governance — No single entity controls the Internet; governments, private sector, civil society, and technical community all participate.
•ICANN/IANA — Manage critical Internet identifiers including domain names and IP address allocation to RIRs.
•Regional Internet Registries — Five RIRs manage IP address allocation in their regions through open policy processes.
•IETF — Develops Internet protocols through open, consensus-based processes documented in RFCs.
•DNS governance — Multi-layered system involving root servers, registries, registrars, and operators.
•Security coordination — CERTs, operator groups, and initiatives like MANRS coordinate Internet security without enforcement authority.
•Ongoing challenges — Fragmentation pressures, platform power, and emerging technologies create governance tensions.

What's Next:

Now that we understand the Internet's governance structure, the final page examines Internet evolution—how the Internet has changed and continues to change, including IPv6 adoption, cloud computing, edge networks, and future directions that will shape the next generation of Internet infrastructure.

Page Complete

You now understand how the Internet is governed—the organizations that manage technical resources, develop standards, and coordinate security. This knowledge is essential for participating in industry discussions, understanding policy impacts on engineering decisions, and engaging with governance processes that shape the Internet's future. Next, we'll explore the Internet's ongoing evolution and future directions.