Find out what CIRA is up to beyond being the official .CA registry and DNS provider, and how being “in-between” the US and Europe provides an interesting and important perspective when it comes to public Internet policy.
The Canadian Internet Registration Authority (CIRA) is the non-profit best known for managing the .CA domain, the ubiquitous Canadian top-level domain that has more than 2.8 million registrations. CIRA leverages the knowledge and resources from running .CA to provide the same high-level of DNS services to the domain industry.
CIRA is also heavily involved in making the Canadian Internet better through its CIRA Labs initiative and providing funding for 130 projects through its Community Investment Program. And the organization is also necessarily involved in matters of policy that impact Canadian Internet users.
CIRA president and CEO Byron Holland was kind enough to talk about the exciting things going on at CIRA, and what policy challenges lie ahead not just for Canadians, but for all Internet users.
David Hamilton (i2Coalition): How did i2Coalition come to your attention and eventually become something you’d want to become involved in?
Byron Holland: Of course I was aware of the i2Coaltiion from social media and the Internet governance world we’re both a part of, but you really came onto my radar through colleagues in the industry who were part of it and talked about the merits of being a member.
But things really changed when the i2Coalition took the opportunity to participate in a CRTC proceeding on website blocking. That was probably the moment where I thought, OK, this is a serious international organization of fellow Internet infrastructure actors, and now they’re active the Canadian landscape where we have a lot of insight on the domestic policy issues of the day.
Of course, CIRA has a lot of international experience—a big part of what we do is participating in the global Internet governance ecosystem—but we really saw this as an opportunity for us to bring Canadian perspectives and values to the i2Coalition.
DH: I think that’s a really interesting point. Canada has an interesting in-between relationship as a separate entity from the US and the EU.
Byron: Absolutely. Canada occupies that in-between space where we need to play nicely with both the EU and the US, while recognizing that they often take very different positions or at least have very different views on issues. This is particularly true in the Internet space on issues like free speech and privacy. On first blush, it may not look like these issues would impact infrastructure providers, but of course they do.
Making sure that infrastructure providers’ views and insights are heard is absolutely critical. Being that Canadian in-between, we often find our friends to the south have strong views on a given issue, yet we as Canadians often gravitate towards more European sensibilities. Take privacy for example, and to some degree competition law, where we might find ourselves be more aligned with the EU. But it’s important to work very closely with our American colleagues on issues core to CIRA’s mandate.
DH: So, CIRA is obviously known for the .CA domain, but there are some other ways it occupies an important role in the Internet infrastructure industry.
Byron: We are very involved in several different areas.
Of course, everybody thinks of us as the registry that operates .CA. But there is the opportunity for us to do other things in the domain space. As the operators of .CA, we have a very good reputation in the domain space, and we’ve built essentially the state of the art registry and that allows us to be a backend service provider for registry service providers and others.
There are new generic top-level domains like .MUSIC or .ART. A lot of those new generic operators are focused on building their community, not the technology behind the community. They don’t necessarily want to run the nitty gritty tech operations of a registry. Luckily for them we built Fury, the latest and greatest state of the art registry that gives a lot of flexibility for this new kind of operator.
Another major piece of what CIRA does is the DNS or the domain name system – essentially the underlying infrastructure that allows the Internet to actually function in terms of looking up and finding the one and only address that you’re actually looking for. We operate the DNS for the .CA space, but because of the global infrastructure we’ve built both in terms of robustness resiliency, security, and geographic footprint, there’s an opportunity to provide those services for others who need it. This is what we refer to as DNS Anycast, where 15 or 16 sites around the world can offer DNS infrastructure for not just ourselves, but to other top-level domain operators as well.
We’re also very involved in Internet governance. That’s probably where our interest in i2Coalition comes about. As I often say, just because we’ve had the Internet that we do today does not mean we always will. I think it’s important to preserve the things that are good about the Internet, and apply lessons we’ve learned so we can continue to improve it for the future.
DH: Are there any particular challenges that you see up ahead that do make you worry about the Internet that we sort of know and love?
Byron: Governments, in general, have had a very light touch in the first 20 years of the commercial Internet. This has in part–though not exclusively–enabled the rapid expansion in the commercial Internet.
However, this very light touch has enabled some real negatives such as online misinformation campaigns, harassment, and a decrease in user privacy.
In terms of crime, in the old days, you used to have to be a thug on a street corner shaking down the local neighborhood. The Internet has allowed criminal elements to enjoy the benefit of the network effect. Now that same one thug can shake down a good chunk of the global neighbourhood if they’re tech savvy enough.
Because of the light touch, governments watched a lot of those things have gone on unabated. With the Internet’s ability to develop global audiences came the ability for bad actors to target global victims and global governments. In response, different kinds of governments—whether they’re open and free democracies, authoritarian regimes or dictatorships—are all coming to regulate the Internet in a big way. The decisions they make now could reverberate for years to come.
That has the potential to be very detrimental or quite helpful. It really depends on how it all plays out.
In open democracies the key will be having an informed and educated policy debate that deals with the real negatives of the Internet – hate speech, invasion of privacy, to name just a few – while still letting all that is good continue (which is the vast majority of what happens on the Internet) with a minimum of interruption.
I think that that’s really where the i2Coalition can play a valuable role in harnessing the expertise and insight of the various infrastructure actors and do it with a global perspective.
DH: Can you see there being almost a struggle where technical details in some ways obscure policymakers’ ability to apply those principles you were mentioning and make the right decisions?
Absolutely. Let me give you a couple of examples. In Western democracies, one of their primary mandates is to keep their citizens safe. That’s fair and legitimate. So how do you keep your citizens safe? Well, one approach is full information awareness. This way you can track and spy on the bad guys. Technology is a marvelous tool for tracking and spying on the bad guys. But of course, it can easily facilitate a major invasion of privacy and users’ rights. So where do you draw that line?
Every single day infrastructure providers in our sector build the technology to help network operators manage their infrastructure and optimize their networks. Yet, put in the wrong hands, this becomes spyware to surveil individual citizens.
We need the right checks and balances in place, like we have had historically with physical mail. We had to get a warrant in order to open somebody’s mail without their knowledge. In the online world, how do we find those right checks and balances when the technology is so different? Sure, law enforcement can apply deep-packet inspection and see everything happening for a very low cost compared to going and getting a court order for a single piece of mail. Sure technology can let them open all the mail, all the time, but is that really respectful of peoples’ privacy rights?
Let’s keep in mind that government and industry are here to serve the citizen – not the other way around. How we manage that in a way that allows governments to do their rightful job, which is to keep their citizens secure while not invading everybody’s privacy? How do you find that right balance?
I think that will be one of the great challenges of government and industry in the coming years. We are all wrestling with these thorny, hard problems. If they were easy they’d be solved. They’re not. And the stakes couldn’t be higher.