back to article No more IP addresses for countries that shut down internet access

Governments that cut off internet access to their citizens could find themselves refused new IP addresses under a proposal put through one of the five global IP allocation organizations. The suggested clampdown will be considered at the next meeting of internet registry Afrinic in Kenya in June: Afrinic is in charge of …

  1. Flakk

    Maybe I'm missing something here. Corrupt and kleptocratic government gets slapped by Afrinic, who says, "No IP addresses for you! Come back in one year!"

    Business owner living under this regime secures from Afrinic a /48 for his business. Corrupt and kleptocratic government that also runs the state-owned telco and ISP takes the /48 from the business owner, giving him a /56 while keeping the rest.

    What can Afrinic do to stop this?

    1. Sir Alien

      Yes they can stop this if they find out. Part of the rules allows them to revoke the whole block back. So if business is forced​ to give his addresses to state, afrinic would then just revoke the whole block and deny both parties the block.

      1. Anonymous Coward
        Anonymous Coward

        > Part of the rules allows them to revoke the whole block back

        Oh right, and then what.

        Are they going to prevent the ISP from originating the route? Are they going to use RPKI to stop the route propagating?

        Either way, they're doing exactly what the plan was supposed to avoid: disconnecting the country from the Internet. So that seems pretty counter-productive to me.

        Basically this is using IPv4 scarcity as a political lever, which I guess is an opportunity to encourage IPv6 deployment. After all, your initial v6 allocation is likely to last you many years if you deploy it wisely. So this makes you less beholden to the whim of registries as you expand.

        Corrupt countries leading the way in IPv6 - who'd have thunk it?

        Besides, who's judge and jury in the registry, making these political judgements? Having seen how ICANN have behaved over the last few years, maybe a tinpot dictator is preferable.

        1. Sir Alien

          I'd imagine this applies to both IPv6 and IPv4. It's not scarcity being used as a political tool just the whole IP system in general. True, the end result cuts the country off like the country itself is doing but it means that the country in question is not able to for example limit it to a subset of their populace since the entire block (v4 or v6) is revoked.

          True you could just announce the block anyway but the people you announce it to would have to accept the route. Should anyone upstream put in a rule to ignore your announcements then you would not get through to anything. It does work and has been implemented before where certain a asian country announced a block not belonging to them, so upstreams just ignored the advertisement after network admins waved magic all over their routers.

          Bit complicated to fully explain here but go read up on BGP routing and you will get quite a lot of information.

    2. Anonymous Coward
      Anonymous Coward

      Idiotic policy - already discarded by community

      Nothing at all and just a bit of grandstanding by the authors for whatever purpose as they know this too.

      It seems like Kieren McCarthy has become a mouthpiece for Liquid Telecom. I am sure he also recognizes the futility of this attempt at sensation and why it will never fly. Moreso, it endangers Afrinic which is better served by closer relationships with government.

      There have been more pragmatic suggestions from the community to address this which will no doubt have more stakeholders in the run up to the annual summit.

      1. Ogi

        Would it be applied equally?

        I mean, the UK government has the power to shut down the internet too.

        The Civil Contingencies Act and the 2003 Communications Act can both be used to suspend internet services, either by ordering internet service providers (ISPs) to shut down their operations or by closing internet exchanges. Under the protocol of the Communications Act, the switch-flicking would be done by the Culture Secretary.

        (From: http://www.independent.co.uk/life-style/gadgets-and-tech/features/could-the-uk-government-shut-down-the-web-2235116.html ).

        So the government haven't done it yet, but the law is on the books, and they can do it if they want. However if the UK government decides to do this, would they really blackhole the whole UK from the rest of the internet, like they say they would do to some African country? What about places like the USA, where you can't technically blackhole them (because so much backhaul goes through the country).

        This seems like an ill thought out solution to the problem of governments denying access to global communication to their citizens.

  2. Donn Bly
    Childcatcher

    attempt, failed or successful, to restrict access to the internet to a segment of the population

    That definition as written includes any attempts at censorship - including mandatory or opt-out filtering.

    I kind of like it ;-)

  3. Anonymous Coward
    Anonymous Coward

    Yet as always...

    It will be the people, the general populace, who gets to suffer from all this. "Sorry, no internet for you peasants, only for us government big shots. And don' blame us: they're <points at Afrinic> refusing to give them to you.".

  4. JimC

    Precedent...

    Whatever I might think about the Governments involved, I like the idea of an essentially self appointed group trying to dictate policy to them even less.

    1. Anonymous Coward
      Anonymous Coward

      Re: Precedent...

      I don't have any problem with it. The Internet is not a required system. They can get along fine with paper and pencil. The Internet is also available to everyone, not just to those who please their masters the most. If a regime can't get along with the rest of the world, let's stop routing to them. I have no problem segregating the Internet into zones where there is no access to the other. Let China and Russia talk to each other. I fail to see any good reason why they can route their way into my country, other than the Internet being a free for all. Either abide by the "let everyone on" auspices, or stay home and don't route to us. I'm fine either way. I'd like for the Internet to have everyone on board, but then we get many noisy shitheads and criminals who just want to rip people off or do damage. And some of those are Comcast and AT&T. Anyway, the Internet is a free place, let the people on there, or disconnect for good and do not bother the real world until you can play nice. Someone has to take a stand. We know it's not you, JimC.

  5. Anonymous Coward
    Anonymous Coward

    Laws would be introduced...

    If this gets through, then the various politicians of likely offended countries will probably start introducing laws such that IP allocation cannot be restricted by Afnic, with escalating jail time until compliance is achieved.

    As has been demonstrated by the US & China several times in recent years, it doesn't matter if Afnic (in this case) employees are in the offending country or not. Said country will just send someone to "collect them" for jailing.

    1. Doctor Syntax Silver badge

      Re: Laws would be introduced...

      And while they're at it they could rule that pi is rounded down to 3.

  6. Your alien overlord - fear me

    Surely not handing out IP address blocks could stop areas getting online (minority groups etc.) and therefore Afrinic is doing the governments job for them?

  7. allthecoolshortnamesweretaken

    "But then Cameroon decided to cut off the internet for weeks – and targeted specific communities."

    Read that as Cameron first and started to fly off on a wild tangent... Need coffee...

    ... not that I wouldn't put it past callmeDave to think about it, mind you.

  8. datafabric
    FAIL

    Not Impacting Government

    The policy will impact citizens and businesses harshly, not the gov.

    1. sebt
      IT Angle

      Re: Not Impacting Government

      Trouble is that that's an argument for never doing _anything_, on the international level, against an evil/oppressive government.

      It's virtually impossible to apply international sanctions that are guaranteed to only make the people actually responsible suffer. Except, maybe, the kind of sanction that flows out of the barrel of a Walther PPK.

  9. Potemkine Silver badge

    Devil may be in the details

    But it seems nonetheless a good idea, which should be extended Worldwide.

  10. Anonymous Coward
    Anonymous Coward

    And what's to stop the country allocating its own addresses and putting a big NAT gateway at the border? Which also happens to be a convenient place for monitoring and controlling citizens' access?

  11. Gordon Pryra

    So now new IP addresses for the UK?

    Considering our legislators seem to be the recording industry and they seem to be the ones who both penned and enforced the 3 strikes fun

  12. aalston

    Some comments from one of the authors

    Hi All,

    Firstly - let me say that the policy was authored by each author in their private capacities - as all policy is.

    Now, on to what the policy itself.

    Firstly - every one of the authors knew before hand that what we were proposing was controversial,and far from perfect. But because of the ever rising number of shutdowns and the damage they are doing, something had to be done. So we submitted this, with the full knowledge that policy before it becomes reality is debated, discussed and modified with the community until such time as consensus is reached. Our hope is that - while we know that in its original draft form - it has many flaws and dire consequences potentially - that the community would read it, and work towards a solution that is more polished and results in actions, without the unintended consequences.

    We believe that something has to be done - we believe that the RIR's and other internet organisations cannot turn a blind eye - we believe that the statements that have been issued time and again are having zero effect and it was time for more drastic action. The only question is, what is that drastic action. That can only be determined through a robust debate on the issue - and so - we put OUR ideas out there and want to see the community debate this - perhaps come up with modifications to these ideas, or perhaps come up with new ideas - the point here is - we cannot do nothing, and the approaches taken to date have failed dismally.

    So yes - it's not perfect - but its time to take a stand and draw a line - there must be consequences when actions like this are taken - and I encourage EVERYONE - globally - to join this debate - it's on the lists and details of those lists can be found on the afrinic website - because at the end of the day this is not just an African problem - we are merely the first region to be attempting to something like this - and what comes out of this debate may well have global impact.

    Our only plea is - let us not sit silent - let us come up with some kind of action plan - remember, as per Edmund Berke - The only thing required for evil to florish, is for good men to do nothing.

    Andrew - Co Author of ANTI-SHUTDOWN-01

    1. Keith Oborn

      Re: Some comments from one of the authors

      Andrew, thanks for that sober and sensible response. Would that all comments on El Reg and elsewhere were like this ;-)

      I was minded to try and comment, but cannot find a way: "it's on the lists, and details of those lists can be found on the AFRINIC website". Where? I can find the board statement, that is all.

      Assuming the registry has details of allocations by organization, it is presumably possible to determine which blocks are allocated to government departments in a country. Some of these will be providing essential services, such as health, but it would presumably be possible to withdraw allocations from more contentious arms of government? That way, you inconvenience the perpetrators with minimum disruption to the general public.

      Could be a very useful tool to persuade some more "advanced" governments to behave (Russia and China spring to mind).

      I'm in the UK, so this won't affect me. Yet. I am now waiting for a gentleman from GCHQ to contact me--.

      1. aalston

        Re: Some comments from one of the authors

        Hi Keith,

        I'm not sure if this reply will get through because I'm not sure if el reg wll let post urls, but the policy list subscription info can be found at:

        https://lists.afrinic.net/mailman/listinfo.cgi/rpd

        The actual list archives can be found at:

        https://lists.afrinic.net/pipermail/rpd/

        It's been an interesting debate so far - and for the most part has stayed on topic - obviously you have some of the normal trolls who in the absence of things to say about the policy have gone on random attacks against whoever they can aim them at to detract from the actual issue under discussion - but by and large the feedback has been useful, and will allow for potential edits to the policy that are more in line with the community thinking.

        Obviously the authors welcome any feedback and constructive criticism so that we can better produce the next draft and get to something that we hope will find support at the Nairobi meeting. As per Alan's statement in the comments above btw - the next meeting is in Nairobi not Botswana! :)

  13. Tom 7

    Censoring is bad

    if you censor people we will censor you - and the people you want to censor obviously.

  14. Anonymous Coward
    Anonymous Coward

    The obvious thing is, governments don't need their own IP addresses. They can just go to their ISP, and get PA addresses from them, just like any other customer.

    So if this is to work at all, the registry has to revoke all IP blocks from all ISPs in the country *where there are any government customers within them*

    Basically it's saying: "AfriNIC's policy is that under these circumstances, ISPs must stop providing Internet access to governments; or risk the ISP themselves being cut off from the Internet"

    That's going to fly. Not.

    1. Keith Oborn

      Good point. Got to be a way to do this!

  15. apbarrett

    Correcting some misconceptions

    A proposal has been put forward by some individuals in the community, but no decisions have been made.

    The AFRINIC community's policy development process is open to all. Anybody can propose a policy, but if it fails to find rough consensus in the community then it will not be implemented. AFRINIC as an organisation has not yet assessed the legal or other ramifications of the policy proposal under discussion.

    There are a few incorrect or misleading statements in the article.

    1. The headline implies that a decision has been made, but actually there is a proposal in the early stages of discussion.

    2. The headline says "No more IP addresses for countries that shut down internet access", but the proposal actually talks about "governments" not "countries". Even if the proposal is implemented, which is by no means certain, only government or state-owned entities would be directly affected; non-government entities in such countries would not be targeted.

    3. The first paragraph says that the proposal was "put forward by one of the five global IP allocation organizations." That's not true at all. The proposal was not made by AFRINIC as an organisation; it was made by individual members of the community.

    4. The third paragraph talks about "refuse to hand over any new IP address to a country". This makes the same mistake as the headline, confusing countries with governments. The fourth paragraph gets this right with "The ban would cover all government-owned entities …”

    5. The next AFRINIC public policy meeting is in Nairobi, Kenya, from 29 May to 2 June; not in Botswana.

    Alan Barrett

    CEO, AFRINIC

  16. localzuk

    Wouldn't this just create more North Koreas?

    With their own "internet"? Basically, these oppressive countries would look at it and think "does the population actually need "internet"? Or would their own network, controlled entirely by the government, do the job?

    This is why infrastructure organisations really must remain neutral, and leave the politics to the politicians. The proposal sounds fair enough, but the unintended consequences could be very significant.

    1. Tony J Smith

      Re: Wouldn't this just create more North Koreas?

      I'd argue it likely wouldn't for two reasons, the first is that the disruption to business would likely chip away at the support of, and hopefully bring down, the offending governments, before they ever got that far. Governments restricting and censoring the internet in this fashion would usually be well on their way to becoming authoritarian, if they were not already so. They still, however, need the support of broad sections of their populations to stay in power. Severely harming business interests could radically reduce their support in several key support bases, the business community most directly, the general population (by way of self-inflicted economic damage), and possibly the military, if the general situation deteriorated that much (i.e. increased disorder, and possibly fewer resources going to the military).

      The second reason, related to the first, is that these countries would generally not have a Chinese "sugar daddy" to prop them up, as North Korea does now. North Korea is not a normal state; it exists as it does today only because China views them as a useful buffer/client state between themselves and capitalist South Korea, and it's thousands of US troops. The removal of Chinese support, and most importantly money, would collapse the North Korean regime quite quickly.

      You might argue that these sorts of policies are unfair because they will harm the populations of any countries that might run afoul of these policies. The populations of these countries are, however, already being harmed by the policies of governments that policies such as these are designed to combat, both now, and in the long term. I'd argue that countermeasures such as this would only make it easier for all to see how widespread censorship and similar policies are ultimately self-harming, and the only people they serve are a handful of kleptocrats who want a slightly easier time of it in robbing their people.

  17. WMCDC

    A good start. The IMF is holding a meeting next week on Driving Digital Financial Inclusion in Africa. I will bring this up.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon