MANRS Move Highlights Consolidation of Power Online

Every so often, a seemingly innocuous announcement tells us something profound. It happened at the end of March, when the MANRS project expanded its reach to include content delivery networks.

The non-profit Internet Society launched the Mutually Agreed Norms for Routing Security initiative in 2016. It brings together internet infrastructure providers to help solve one of the internet's biggest and oldest problems: Border Gateway Protocol (BGP) routing insecurity.

BGP is the protocol that routes traffic between the large networks that make up the internet, but it wasn't designed with security in mind. Intentional or accidental misrouting can choke off internet services to entire countries or redirect traffic through undesirable destinations. It can allow attackers to mount denial of service attacks and snoop on others' traffic.

MANRS brings internet infrastructure companies together to help solve that problem in several ways. Network operators define clear routing policies and check their customers' networking information to avoid incorrect routing information propagating around the net. They also document their routing policies publicly in a well-known place using a common format so that everyone can validate everyone else's network information. And they agree to coordinate with each other, publishing globally accessible and up-to-date contact details.

MANRS began by focusing on network operators, but then expanded to the internet exchange points that facilitate the exchange of traffic between those operators. At the end of March, it expanded again, announcing a CDN and cloud initiative, enabling these companies to join the party. Akamai, AWS, Azion, Cloudflare, Facebook, Google, Microsoft, and Netflix are the founding participants.

They're joining because CDNs are an increasingly important part of an internet that is markedly different to the one that existed when they formed. In the nineties, the internet was a hierarchical system of customer networks, local and regional access providers, and finally national backbone operators at the top. Today, the CDNs coexist at the top and control an increasing proportion of internet traffic. As we can see from the list of founding participants, some of them also own a lot of its content.

This concentration of power has technical implications for everything from security to resilience, not to mention more political ramifications, as the laws of power distribution centralize control over both infrastructure and content in the hands of fewer companies. Single points of control and failure aren't what the original internet was about. MANRS has made this move because it can't continue without must acknowledge, for better or worse, the importance of these companies and how they're reshaping the modern internet. So should we.

What’s Hot on Infosecurity Magazine?