On January 27, 2011, in the midst of massive anti-government protests in Egypt, the Egyptian government initiated an unprecedented measure to disrupt network access to, from and within the country. Several network monitoring sites reported that at around midnight, almost all routes to Egyptian networks were withdrawn from the Internet’s global routing table (see also here and here). This sounds like some pretty heavy-duty techy stuff, but in fact, it isn’t, and the Egyptian government’s action has exposed a very serious weakness in Internet governance which has tended to fly under the radar. The Egyptian government’s action involves what is called the Border Gateway Protocol (BGP), the communication protocol that certain “gateway” routers use to announce to each other what traffic should be delivered to them. Most of us casual Internet users are never aware of gateway routers or BGP, but without them the Internet would be useless to us because our communications wouldn’t know where to go.
BGP is a notoriously insecure protocol. There have been several incidents where misuse, either intentional or not, of BGP has resulted in significant disruptions of global network traffic. What happens is, a gateway router will start to announce that it can handle traffic for which it is not authorized. Network traffic destined for the servers that the gateway router is falsely announcing is forwarded to that router and eventually hits a dead end. One well documented incident, often called the Chinese Internet Hijack, occurred in April of last year when a Chinese router started announcing a huge number of addresses for which it was not responsible. Consequently, Internet traffic ended up being forwarded to the Chinese network space, even though it was intended to go somewhere else entirely. On a global scale, few Internet users were affected by the Chinese Internet Hijack because, although the Chinese gateway router was announcing the addresses, it wasn’t doing it in a way that presented itself as an optimal route for the traffic. This was not the case in another incident in 1997 involving a gateway router in Florida. In this incident, the gateway router involved announced the entire Internet routing table. Additionally, the router announced that it could deliver traffic to these destinations in a single hop. The result was that this route was seen as the optimal route for all Internet traffic. The entire Internet died that day.
The gateway router system has long been operated on a system of mutual trust. In some ways it could be said to be a throwback to the early days of the Internet when there was a strong sense of camaraderie among the small group of users and, thus, security wasn’t considered a significant issue. Several BGP-related incidents have highlighted the need for stronger security and that need is being addressed. However, the actions of the Egyptian government raise entirely new questions regarding BGP; should it be possible for a national government to control Internet routing information, the way the Egyptian government has done? This is a serious Internet governance issue. Much more so than issues regarding control over Domain Name Servers (DNS), that have tended to dominate Internet governance debates. The Egyptian government has set a precedent for how governments can effectively shut off the Internet and, as long as the system is unchanged, the Egyptian method is likely to be used again.
So I leave you with the following questions:
Should national governments be free to claim control over core Internet traffic management systems?
If not, how should the problem be addressed?
a) Leave it up to nation-states to implement preventative provisions on the basis of their legal systems?
b) Revamp the global routing system to make it impossible for a nation to do what the Egyptian government has done?
c) Other (suggestions are welcome)?
Tryggvi Thayer, Ph.D.
-
Recent Posts
Archives
Usage Rights
-
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
One Response to Internet governance in light of Egypt’s network shutdown