Who owns the internet?
Earlier this week, one company’s configuration error took websites across the globe down, from Reddit to The New York Times. It turns out that our power to log on lies in the hands of a few large businesses.
When vast swathes of the internet go dark, the rest of it lights up like a bustling metropolis. So it was the case on 8th June, when a configuration error by content distribution network (CDN) Fastly took some of the internet’s biggest websites offline, including Reddit, Twitch, and the websites of several governments around the world.
Thousands took to Twitter to speculate on what had gone wrong – many of them using emojis that, thanks to a quirk of the way Twitter works, wouldn’t load due to the very outage they were commenting on.
The outage lasted less than an hour. But its ramifications are still being felt. Not for the first time in recent years, we were reminded of how fragile the online infrastructure we rely on for work and play is.
The internet isn’t a series of tubes, as Alaskan Senator Ted Stevens infamously said in 2006, but it is a series of cables and servers handling data. CDNs like Fastly are designed to try and speed up our internet access, storing local versions of popular sites and files closer to major population centres. The goal is to stop your request to access The New York Times’s website being routed through thousands of miles of subsea cables in order to see what’s happening in the United States every morning. Instead, a version of the same website is saved in a rack of computer servers in a nearby city on these shores, constantly updated and waiting for you to access it.
“CDNs are helpful most of the time in reducing friction of internet use, however with the Fastly outage we saw the pitfalls of having a few single points of failure in our internet infrastructure,” says Dr Jessica Barker, a cybersecurity expert and co-CEO of Cygenta. “The irony is that we have centralised something which was intended to be decentralised, and in doing so we have become over-reliant on a few service providers. A lot of people will be totally unaware of how the internet actually works and of the fragility of our connectivity.”
“The thing we should all be worried about – and this is a dynamic you see across the internet stack – is that because of the way that network effects work, you get this similar dynamic where a small group of companies become hugely influential,” says Corinne Cath-Speth from the Oxford Internet Institute. We see this on social media. “Why are all of us on Twitter? Because all of us are on Twitter. Why is Twitter such a good service? They have millions of users who give them revenue to support its development.”
A similar situation has played out in the CDN world. There are a handful of players – Fastly, Akamai, Cloudflare and others, including Amazon – who control the majority of the market. The reason they’re able to do that is they have the money to throw at the expensive bits of kit needed to keep the internet going. “You need to have a lot of infrastructure,” says Cath-Speth. “Physical servers, physical hardware. That stuff is expensive. It’s expensive to run it, to cool it, to maintain it. It’s expensive to make sure the software works – and even when you have these resources, these companies can still make mistakes as we’ve seen.”
For many who still see the internet as a liberal, egalitarian world where everything is equal, the notion that a handful of companies control what we see and how we access it may be a shock. But in reality, argues Niels ten Oever of the University of Amsterdam, the libertarian ideal of the free internet never existed. “For a particular group of people, particularly white men from the US and Europe, it was an enormously liberating and nice space, in which we could experiment and play with our identities,” he says. “But for other people, the internet was never a freely accessible space. It’s never been possible to have an email address in Arabic or Chinese, for instance.”
The internet’s roots date back to 1957 and the characteristic beep-beep of the Sputnik satellite circling the globe, beaming back to home base. Sputnik – and the promise that the Soviet Union had ubiquitous vision across the entire planet – lit a fire in the United States to try and counter that. The internet as we know it was a military project, set up by ARPA, a US Department of Defence branch. “Only after the fall of the Soviet Union was the internet privatised and commericalised,” says ten Oever.
Since the internet became commercialised, it has boomed, with more and more use cases. “It’s now used for very different things than it was envisaged to do,” says ten Oever. (The military minds trying to tackle Sputnik had no idea you’d want to watch Friends episodes over the internet on your TV, for instance.) “Sometimes new layers or new services get added to these layers. But almost never something disappears.”
That makes it ever more complicated and raises the barrier to entry for companies looking to provide key elements of internet infrastructure. It concentrates power in a smaller number of hands and means that anything they do wrong can have catastrophic consequences. We saw it this week with Fastly and, last year, with Cloudflare, another CDN. “Clients of Cloudflare could go for a scrappy open-source alternative, but that might mean their expenses are higher, because it’s a smaller team and they can’t have the bigger efficiencies that make these things affordable,” says Cath-Speth.
Those CDNs who dominate the market say there is competition and they suggest that clients have multi-vendor contracts, spreading their hosting services across multiple providers so in the case of emergencies such as that encountered this week, they can switch to a different provider and stay online. But the lack of companies in the field means each company’s prices aren’t that different, making it expensive to have duplicate contracts. “It’s a self-sustaining dynamic,” says Cath-Speth. And that’s even when outages can lose companies up to $29 million an hour, as the economic impact of this week’s disaster was calculated by one analyst.
On 8th June, Cath-Speth got a phone call from her brother. He rang to tell her she was now eligible for her covid-19 vaccination in the Netherlands, where she currently resides. She ran to the Dutch government website, but like millions of browsers on Tuesday, received nothing more than a 503 error – service unavailable.
“While I’m sad The New York Times lost a lot of money, I’m more worried about the people who didn’t book their Covid shot [on 8th June],” she says. The solution is to acknowledge the vital importance of an always-on connection to some websites. While The New York Times may balk at the idea of two contracts with CDNs, governments shouldn’t. “It’s simply not acceptable that in this day and age, when so much of your direct interaction with the government is online, they can’t afford to be in these situations,” she says. And she suggests that, if CDNs aren’t willing to offer deals for clients wanting to hedge their bets between suppliers in the event of disaster, such deals are incentivised.
Cath-Speth would love to see a public-interest CDN, similar to the work the foundation set up by internet browser company Mozilla provides for the wider internet. But she acknowledges that’s not very likely. “So I’d like to start thinking about what we can do to give these CDNs incentive to think about how central their role is in playing these infrastructural services and to think about their public interest mandate,” she says. “They’re the digital roads for our times. But that’s not quite their mindset.”
Ten Oever agrees. “Up to now, governance bodies have resisted taking societal values into account in the governance of technology,” he says. But the Fastly outage this week was a magnitude more important than others we’ve encountered. It wasn’t just Reddit that went down; government websites and news outlets – sources of objective truth – were silenced in an instant.
“I’m extremely worried about this, but I’m also very convinced we can do something about this because we’ve done this before,” ten Oever says. He cautions against falling into the trap of ‘internet exceptionalism’ – that this technology is so new, there’s no way to bring it to heel.
“We’ve done this with the telegram, with the telephone, with television. We can and will do this with the internet as well. Whatever these multinational corporations say, we can do it,” he says. “They’ll want to extend it as long as possible, saying it’s complicated, transnational and doesn’t work like this.” But it has, since 1865, when an organisation called the International Telegraph Union regulated what was then a new communications technology.
“If they’re not ready to deal with it, then we’ll come down with laws and new technologies,” he says. “And they’ll be left behind, just like the telecommunication operators were when the internet came about.”