It Can’t Happen Here? Why A Full-Scale American Internet Blackout is Unlikely
In the aftermath of the recent Internet blackout in Egypt, there has been a great deal of discussion about the prospect of similar action in the United States. With due respect to Sinclair Lewis’s warning against complacency on the basis of American exceptionalism, it’s nevertheless true that It’s Unlikely to Happen Here.
The Internet is a collection of smaller individual networks that trade information, each of which is known as an autonomous system (AS). These networks distribute information much like vendors distribute beer at a stadium: They pass it hand-over-hand until it reaches its destination. When a user of Network A wants to reach a service on Network B, Network A sends that user’s transmission to the edge of its network and then asks its neighboring networks “Which of you knows where Network B is?” Through the use of the Border Gateway Protocol (BGP), each of the neighboring networks tells Network A whether that neighbor knows where Network B is located and, if it does, how it would attempt to get information there. The neighboring networks answer these questions by referring to internal listings, known as BGP tables, which they periodically update when they learn of a new or better route. Network A chooses the neighboring network that reports having the best route to Network B and hands off the user’s data to that neighbor. This process repeats itself until the data is handed off to Network B, which in turn hands it to the service that the user was trying to reach.
Egypt has only a handful of autonomous systems, and they share information with each other and the international Internet at only two or three Internet exchange points (IXPs). IXPs are the interchanges on the information superhighway, where many different networks connect and exchange data. Because Africa as a whole has relatively few regional IXPs, it relies heavily on those few connections to maintain its Internet presence. In fact, the lack of disruptions in service to other parts of North Africa that rely on Egyptian IXPs suggests that most of Egypt’s connections to the Internet were not physically severed.
Instead, the best analyses and commentary that we’ve seen suggest that the Egyptian government ordered the individual local Egyptian networks to stop advertising routes to most or all of their users and services by severely pruning their BGP tables. When a neighboring network carrying traffic from a foreign source – a non-Egyptian service provider such as Google or a party using a non-Egyptian network such as Verizon – asked one of the local Egyptian networks whether it knew how to pass traffic further into Egypt, that network responded “I’ve never heard of that destination.” In other words, these networks simply refused to pass the beer down the row. As a result, most Egyptian users no longer had any access to their foreign-homed communications tools – Gmail, Facebook, Twitter – and to the larger Internet, and were largely cut off from local communication.
There are two reasons, one technical and one legal, why this would not be likely to happen in the U.S.
On the technological level, the Internet in the U.S. is much larger and more densely connected than its Egyptian counterpart. In the United States, there are many more autonomous systems, several of which contain more participating machines than any individual Egyptian network. Large companies such as AT&T and Level 3 Communications operate several autonomous systems each. These tier one providers have peering agreements with each other in which they agree to exchange traffic directly. Moreover, hundreds of smaller companies, universities, and others operating smaller autonomous systems participate alongside those larger networks at dozens of different American IXPs, both small and large. As a result, information can be passed from sender to recipient down many possible paths; if one person refuses to pass the beer along, someone else will pass it up to the next row and route around him.
An attempt to take the equivalent action here would therefore be much more logistically complex. Because there are so many participants, government intervention to “shut down” the Internet would require the cooperation of dozens of network operators, rather than a select few. Because there are so many points of interconnection, participating operators would have to change more routing tables in more places, which would take more time and thus give other operators a chance to re-route traffic through other connections (assuming not all operators want to cooperate assiduously).
Perhaps more importantly, the U.S. government does not have blanket authority to shut down the Internet. Faced with an order, many network operators would demand a showing of clear legal authority before implementing any changes. In the case of an order of questionable legality, some, possibly many, network operators would resist. Some, possibly many, would seek judicial protection, challenging the order in court or simply declining to comply unless a judge ratified that order. It’s interesting to ask whether the Egyptian service providers, including multinationals operating in Egypt, could have done the same. As my colleague Cynthia Wong points out, even in repressive countries service providers, especially mulitnationals, have a responsibility to think through competing interests when faced with government demands.
Some have suggested that the legal authority for the U.S. government to require a blanket shutdown of the Internet is present in a Senate cybersecurity bill introduced last session and scheduled for reintroduction this year. That bill would give the government authority to shut down or limit Internet traffic in a cybersecurity emergency to protect critical infrastructure. As CDT’s Greg Nojeim writes here, the draft language in the bill creating that authority creates some problems, but the risk of shutting down free speech and political dissent does not immediately appear to be one of them. Even in its current questionable form, the bill’s provision would not give the President power to shut down the Internet to squelch dissent; if that bill’s language could be stretched to fit that purpose, so could some existing statutes already on the books. And that brings us back to the likelihood that one or more, possibly many, providers would resist such an abuse of authority.
The Internet faces many serious policy hurdles in the U.S. today, including proposals that would seriously crimp innovation, privacy and free expression. However, given both the technical and legal hurdles to shutting off American Internet access for political reasons, the Sinclair Lewises of the Internet world should feel free to breathe a little easier in at least this regard.