This document discusses internet governance concepts, organizations, and cases. It begins by explaining that users see the internet as a simple "black box" and are unaware of its complex internal operations. It then defines internet governance and describes its multi-layered structure. Several key internet governance organizations are mentioned, including ICANN, RIRs, IETF, and others. The roles and responsibilities of these organizations in areas like technical standards, domain name management, IP address allocation, and more are also summarized.

1. 網路治理概念、組織及案例
Internet Governance
1
Kenny Huang, Ph.D.
Executive Council Member, APNIC
huangksh@gmail.com
22. Dec. 2017
黃勝雄博士
亞太網路資訊中⼼董事

2. 2
網路對使⽤者如同操作簡易⿊盒⼦
Internet Governance

3. 3
使⽤者並不瞭解其內部運作複雜性
Internet Governance

4. 4
使⽤者盲⽬相信網路世界
Internet Governance

5. 5
使⽤者誤以為擁有資料所有權
Internet Governance

6. 6
網路治理定義
Internet Governance

7. 7
網路治理分層架構
Internet Governance

8. 8
網路治理起源
Internet Governance

9. 9
全球網路資訊架構: 根伺服器
Internet Governance

10. 10
Internet 與公共財概念
Internet Governance

11. 11
IP位址管理機構
Internet Governance

12. 12
網路治理主要機構
Internet Governance
技術標準
Technical Standards
域名與統籌協調
ICANN
IP 位址 RIR
Regional Internet Registry
IAB
Internet Architecture Board
IETF
Internet Engineering Task Force
IRTF
Internet Research Task Force
ASO
Address Supporting Org
ccNSO
Country code Name Supporting
Org
gNSO
Generic Name Supporting Org
Verisign; Root DNS;
Root Zone; 註冊商
APNIC
TWNIC
ISP
W3C
World Wide Web Consortium

13. 13
功能領域 項目 主要參與機構
1.Control of “Critical Internet
Resources”
網路關鍵資源管制
網路名稱與IP位址監理機構 ICANN, USG, RIR, 交通部/通傳會
IP位址技術規範 IETF; RIR
頂級網域名稱授權 ICANN; 交通部; 通傳會
網域名稱代理註冊 授權代理註冊商
根域檔案監理(Root Zone File) USG
IP位址發放 APNIC, 交通部/通傳會; TWNIC; 網路
服務商
根域檔案管理(Root Zone File) IANA;
網路自治號碼ASN發放 APNIC, TWNIC
根伺服器管理 Versign, Cogent, 及其他
DNS查詢解析 DNS伺服器, 公共DNS Resolvers
2.Setting Internet Standards
訂定網路標準
網路協定號碼分配 IANA
網路技術標準 IETF
網頁技術標準 W3C
其他通信標準 ITU, IEEE, MPEG, JPEG, ISO,通傳會
3.Access and Interconnection
coordination
網路互連與接取協調
多方互連協調 網路交換中心; 通傳會批發價格管制
網路互連及轉接合約 網路服務商, 內容服務商
網路互連標準(如. BGP) IETF
網路管理 (服務品質) 網路服務商; 通傳會 ?
用戶接取政策 網路服務商; 通傳會?
網路接取法規 (如網路中立) 通傳會
資料來源: Laura DeNardis; 黃勝雄博士整理
網路治理功能領域1/2

14. 14
功能領域 項目 主要參與機構
4.Cybersecurity Governance
網路安全治理
維護網路基礎設施安全 網路服務商,機構網管部門
加密標準 相關標準制訂機關, 通傳會, 國安局
網路安全法規/執法 軟體法規, 多國合作協議
修正軟體資安漏洞 軟體公司
軟體更新管理 使用者
維護路由安全, IP位址安全, DNS安全 網路服務商, IETF, APNIC, TWNIC
資安通報 CERTs/CSIRTs, 技服中心
網站信任憑證 Certificate Authorities (CAs)國家憑證
管理中心
5.Information Intermediation
資訊中介
協助商業交易 電子商務網站,第三方金流機構
協助政府內容審查與移除 搜尋引擎, 社群網路, 內容彙整網站
App調解 (規範, 執法) 智慧手機製造商 (如. Apple, HTC)
隱私政策 社群網路, 廣告中介商, Email服務商,
網路服務商
網路霸凌與誹謗 內容中介商
隱私權法規 立法院
政府協調, 個人資訊申請 內容中介商, 網路服務商
6.Architecture-Based
Intellectual Property Rights
Enforcements
智財權執法
網域名稱爭議處理 ICANN UDRP, TWNIC,
侵權內容移除 內容中介商
演算法執法 (如搜尋排序) 搜尋引擎
侵權使用者禁止接取 網路服務商; 經濟部智慧財產局
DNS侵權執法 TWNIC, .taipei管理局, 代理註冊商
網路智財權法規 立法院
標準形式專利政策 經濟部標準檢驗局
內容商業機密制訂 搜尋引擎
網路治理功能領域2/2
資料來源: Laura DeNardis; 黃勝雄博士整理

15. 15Internet Governance
APNIC

16. 16Internet Governance

17. 17
APNIC Region
Internet Governance

18. 18Internet Governance

19. 19Internet Governance

20. 20Internet Governance

21. 21Internet Governance

22. 22
APNIC Execution Council
Internet Governance

23. 23
Where do IP Addresses come from ?
Internet Governance

24. 24The purpose of computing is insight, not numbers
APNIC會議前 APNIC會議中 APNIC會議後
提案⼈提出政策案或修正
案送交秘書處
SIG主席將提案送交SIG
郵件群組
網路社群於SIG 郵件群組
討論提案
在APNIC SIG場次⾯對⾯
討論提案
共識?
共識?
在會員⼤會報告
SIG郵件群組最後公共評論
社群於SIG郵件群組討論
SIG主席送交討論結果
共識?
共識?
APNIC董事⽀持提案
完成政策實施
否
否
否
否
⼀
週
四
週
⼀
週
四
⾄
⼋
週
⾄
少
三
個
⽉
APNIC 政策制定流程 PDP (Policy Development Process)
資料來源：APNIC; ⿈勝雄博⼠整理

25. 25Internet Governance

26. 26Internet Governance

27. 27
僅
供
參
考
政
策
實
施
公
共
政
策
網
路
參
與
平
台
網
路
治
理
機
構
政
策
制
定
流
程
APNIC會議前 APNIC會議中 APNIC會議後
提案⼈提出政策案或修正
案送交秘書處
SIG主席將提案送交SIG
郵件群組
網路社群於SIG 郵件群組
討論提案
在APNIC SIG場次⾯對⾯
討論提案
共識?
共識?
在會員⼤會報告
SIG郵件群組最後公共評論
社群於SIG郵件群組討論
SIG主席送交討論結果
共識?
共識?
APNIC董事⽀持提案
完成政策實施
否
否
否
否
⼀
週
四
週
⼀
週
四
⾄
⼋
週
⾄
少
三
個
⽉

28. Public Goods Governance Models
28
Governance Capability & Capacity for Public Goods
Non-state Actors X O O
Governments O O X
Governance
Model
State Regulation
Cooperation
Private Self
Regulation
Co-Regulation
Delegation
(Knill, 2002)
(Tanja, Borzel, 2007)(Neoliberalism)
(Tanja Borzel, 2007)
(Knill, 2002)
source : edited by Dr. Kenny Huang

29. 29Internet Governance
Net Neutrality and CDN

30. 30
Internet (1980’s)
Internet Governance
ü Computer to computer connection
ü Single network-wide addressing model
ü Single network-wide routing model
ü Hop-by-hop destination-address-based packet forwarding

31. 31
Internet (2017) – Carriage Perspective
Internet Governance
Access ISP Access ISP
Regional ISP
Access ISP Access ISP
Regional ISP
Transit ISP

32. 32
Content vs. Carriage
Internet Governance
ü Who pays whom ?
ü The only reason why access
networks have clients is
because there are content
services that clients want to
access
ü To a carriage, content is just
another client
ü The content folk resolved this fight
by going OTT (Over The Top) and
created relationships directly with
end users

33. 33Internet Governance
But not all clients enjoy the same experience from a single service
Source : Facebook, NANOG68

34. 34
Content Delivery Network
Internet Governance
ü Reduced service latency
ü Increased service resilience
ü Happy customers

35. 35Internet Governance
Fewer cables being built Those that are being build are single owner cables
The majority are self-funded
Submarine Cables
Source : Tim Stronge, Telegeography
Almost all new submarine
international cable projects are
heavily underwritten by content
providers, not carriers

36. 36
Today’s Internet
Internet Governance
Access ISP Access ISP Access ISP Access ISP
CDN Data Feeds
CDN Service Cone
Access Network Tier
91% US Internet traffic
flows over CDN in 2021
Source: CISCO
資料來源：⿈勝雄博⼠
Source: Juniper

37. Transit and Public Policy
• If users don’t send packets to users any more
• If content is now delivered via CDNs to users via CDN service cone
• Then why do we need Transit Service Providers ?
• Once the CDN caches sit “inside” the access ISP then the entire wide
area network becomes a marginal activity compared to the value of
the content feeds
• If CDN feeder networks are private networks, there is little residual
public carriage other then last mile access networks, then what do we
mean by “public communication policy” ?
• Public policy : universal service; network neutrality; rights of access; market
dominance
• How about CDN operators ?
37Internet Governance

38. 38
Content is King
Internet Governance
The world’s 10 largest publicly traded companies,
as ranked by their market capitalization.
Sep. 2017
ü None of these five technology technology
companies are a telephone company, or even a
transit ISP
ü All of them have pushed aside carriage networks
in order to maintain direct relationships with
billions of consumers
ü These valuable consume relationships are based
on content services, not carriage.

39. 39
ISP Blocking and Traffic Engineering
Internet Governance

40. 40Internet Governance

41. 41Internet Governance
Significant Market Power
ISP
Source: Kenny Huang, Ph.D.
CDN CDN CDN
Netflix CEO: “Neutrality is really important for the Netflix of 10 years ago, it didn’t matter for the company anymore.”

42. 42Internet Governance
Cybersecurity

43. Cyber War Case - Afghanistan
• Two-way cyber war measures
• Cyber offensive capability
• Cyber dependence :
• Degree to which a nation relies upon cyber-controlled systems
• Cyber defensive capability
• “We have the most bandwidth running though our society and are more dependent on
that bandwidth. We are the most vulnerable.“ – former Admiral McConnell.
• Afghanistan 2001
• US had conducted a cyber war plan, but no targets for cyber warriors, that
gives Afghanistan an advantage.
• If Afghanistan had any offensive cyber capability, the cyber war would have
shifted in different way
43

44. Cyber War Case - China
• Offense vs. defense
• US has the most sophisticated offensive capability, but it can’t make up its
weaknesses in defensive position. Cyber defense trainings are offensive focus.
• China cyber warriors are tasked with both offense and defense in cyberspace.
• China advantages in cyber war
• Ownership : Internet in China is like an intranet of a company. Government is
the only service provider
• Censorship
• Great Firewall of China provides security advantages
• The technology that Chinese use to screen emails/message provide the infrastructure to
stop malware
• Install software on all computers to keep children from gaining access to pornography –
Give China control over every desktop in the country.
• Critical infrastructure: For electric power system, US relies on automation
controlled system, but China require a large degree of manual control.
44

45. Cyber War Strength
45
US
Cyber Offense: 8
Cyber Dependence : 2
Cyber Defense: 1
Total : 11
Russia
Cyber Offense: 7
Cyber Dependence : 5
Cyber Defense: 4
Total : 16
China
Cyber Offense: 5
Cyber Dependence : 4
Cyber Defense: 6
Total : 15
Iran
Cyber Offense: 4
Cyber Dependence : 5
Cyber Defense: 3
Total : 12
North Korea
Cyber Offense: 2
Cyber Dependence : 9
Cyber Defense: 7
Total : 18
Source:Richard Clarke,2010

46. DDoS vs. Cyberwar
46
Cyberwar initiated country Counterpart country
Internet DMZ
1. DDoS can only attack DMZ zone. DMZ was built for that purpose.
2. DDoS attacks are compelling. The targets can be easily identified. It
gives enemy an advantage of increasing defensive capability, or
relaxing cyber dependence.

47. OECD
47
Critical Information Infrastructure
üInformation components supporting the critical
infrastructure
üInformation infrastructure supporting essential
components of government business
üInformation infrastructure essential to the
national economy
US
Systems and assets, whether physical or virtual
to the US that the incapacity of destruction of
such systems and assets would have a
debilitating impact on security, national
economic security, national public health or
safety, or any combination of those matters.
EU
Directive (EU) 2016/1148 ANNEX II :
IXP、Root DNS、TLD Registry
能源
⽔資源
通訊傳播
交通
⾦融
醫療
中央地⽅機構
⾼科技園區
DNS
IX
Registry
CI CII

48. Who Controls The Internet : Meet The Seven Key Holders
48

49. Internet Routing Security - Detour
49
A path that originates in one
country, cross international
boundaries and returns back
to origin country

50. China Telecom hijacks Verizon Wireless
50
AS 4134
China Telecom
AS 7018
AT&T
AS 3356
Level 3
AS 2828
X0 Comm.
AS 6167
Verizon
AS 22394
Verizon
4134, 22724, 22724
66.174.161.0/24
3356, 6167, 22394
66.174.161.0/24
AS 22724
China Telecom
Apr, 2010
Prefix Hijacks
China Telecom announced 50,000 prefixes (15% routes)

51. Pakistan Telecom hijacks YouTube
51
AS 18174
Allied Bank
AS 58467
Lahore Stock
AS 18173
Age Khan
AS 3491
PCCW
AS 3327
Linux Telecom
AS 25462
RETN Ltd
AS 36561
YouTube
17557
208.65.153.0/24
3491, 17557
208.65.153.0/24
36451
208.65.153.0/22
AS 17557
Pakistan Telecom
Feb 2008
Subprefix Hijacks

52. Why Bother Internet Governance
52
Jurisdiction
Law
Organization
Rules
International
Law / Treaty
Internet
Governance
Multistakeholder
Standard
Technology
Architecture
Policy
Procedure
Best Practices
Cooperation
Coordination
IG
Regime

53. Code is Law
53

54. Cybersecurity Attributes Recap
54
Confidentiality
pPhishing
pPacket sniffing
pPasswordattack
Integrity
pMITM (Man-in-
The-Middle)
pIP spoofing
Availability
pDDoS
pSYN flooding

55. DNSKEY root
DS .taipei
DNSKEY .taipei
DS 101.taipei
DNSKEY 101.taipei
root
TLD : .taipei
SLD: .101.taipei
ISP
recursive resolver
1 user makes request for
a .taipei domain
2 ISP resolver verifies the
root’s DS key
3 root points the ISP to the
.taipei TLD and gives the
ISP the .taipei DS key
4 ISP verifies .taipei’s DS key
5 .taipei points the ISP to the
101.taipei SLD and give the
ISP the 101.taipei DS key.
6 ISP verifies 101.taipei’s SLD
DS key
7 Requested SLD information
is retrieved and sent back to
ISP
8 ISP sends SLD information
back to user
9 User access trusted
101.taipei domain
1
8
2
3
4
5
6
7
User
stub resolver
9
Secure Name Space - DNSSEC
55

56. Secure Internet Routing - RPKI
56
APNIC
8.0.0/8
Level 3
8.8.8.8/24
Google
66.174.0.0/16
Verizon Wireless
66.174.0.0/24
AS22394
66.174.0.0/16
AS6167
8.0.0.0/9
AS3356
ROA
8.8.8.0/24
AS15169
cert
legend
PRKI : Resource PublicKey Infrastructure

57. Secure Communication : Technology
57
RFC 7457
Summarizing Known Attacks on TransportLayer Security (TLS)and
Datagram (DTLS)
RFC 2409 The Internet Key Exchange (IKE)
RFC 3526
More Modular Exponential(MODP) Diffie-Hellman groups for Internet Key
Exchange (IKE)
RFC 7258 PervasiveMonitoring Is an Attack
RFC 7525
Recommendations for SecureUseofTransport Layer Security (TLS)and
Datagram Transport Layer Security (DTLS)
RFC 4307
CryptographicAlgorithm for Usein the Internet Key ExchangeVersion 2
(IKEv2)
Remove support for DH1024
Proposed DH1024
Proposed DH 2048

58. Cybersecurity Evolution
58
Prevention, 80%
Monitoring, 15%
Response, 5%
Prevention, 33%
Monitoring, 33%
Response, 33%
NOW FUTURE
Source : RSA Conference 2016 Singapore

59. Potential Cooperation for Cybersecurity and Internet Governance
59
Case : Crypto–Ransomware
Source : EUROPOL

60. 60
Check Whois database,
Found In Romania
Traceroute, ends up in
Netherlands
1
2
It’s not useful
French Cyber Investigator
Source : EUROPOL

61. 61
MLAT* from French to Romania
1 month later, Romania LE goes
to the indicated company
3
4
MLAT: Mutual Legal Assistance Treaty
司法互助協定
Source : EUROPOL

62. 62
Scenario 1 : Romania company
cooperate
Found server is in Germany
Second MLAT from French to Germany
5
6
Scenario 2 : Romania company
uncooperative, victim of ID theft
5
Source : EUROPOL

63. 63
1 month later, Germany LE goes to
seize the server
7
To late !!
Decryption keys have been moved
to another server ..
8
Source : EUROPOL

64. LEA and RIRs Cooperation
64
Question ?
ü How can we ensure that IP addresses are
announced in the country where they
are actually registered?
ü Can the RIR database reflect the location
of an ISP handling an IP address?
Internet Policy Proposal
ü Require registration of all IP sub-allocation to downstream ISPs to
entire chain of sub-allocations are accurately reflected in WHOIS
ü NOT disclose end-user information but instead focus on downstream
ISP providing connectivity to the end-user Source : EUROPOL

65. 65Internet Governance
Internet Censorship

66. 66
內容過濾
Internet Governance

67. 67
內容過濾技術與⽅法
Internet Governance

68. 68
2017 最佳內容過濾軟體
Internet Governance
資料來源 : TopTenReview

69. 69Internet Governance
資料來源 : Freedomhouse, 2017

70. 70Internet Governance
美國模式：開放式網路治理
電腦
網路使用者網站提供者
選用DNS 選用VPN
網路搜尋國家地區搜尋
域名轉換IP
網址請求網頁提供網頁瀏覽
建立網頁
啟動域名
載入伺服器
網頁可提供
數位千禧年
著作權法下架
DMCA
takedonw
下架或控制
選擇ISP
服務選取

71. 71Internet Governance
電腦
網路使用者網站提供者
限定DNS 封鎖VPN
網路搜尋
安裝過濾軟體
限制合規搜尋
域名轉換IP控制或封鎖
網址請求網頁提供網頁瀏覽
建立網頁
啟動域名
載入伺服器
網頁可提供
提供者
需註冊
移除或控制
選擇ISP
實名制
及追蹤
服務選取
中國模式：審查式網路治理

72. 72Internet Governance
中國網路內容審查措施
資料來源: Harvard University, Gary King 2014

73. 73Internet Governance
國務院
廣電總局工信部網信辦國防部
部委管理國家
局
中央密碼辦中央保密辦
中國政府網路安全相關部會

74. 74

75. 75
中國網路內容過濾構⾯分析
Internet Governance
資料來源 : opennet.net

76. 內容過濾問題
• 網路效能
• 澳洲政府網路效能衰退 2%-75%
• 倫理 / ⾔論⾃由 / ⼈權
• 過度過濾 : 錯誤過濾內容
• 2億5000萬網站過度過濾，影響近20億使⽤者
(資料來源 : Pingdom)
• 使⽤者仍可使⽤中繼⽅式連網
76Internet Governance
埃及茉莉花⾰命
⽰威者不滿國家緊急安全法，
公民缺乏⾃由選舉權和⾔論⾃由權

77. 內容過濾問題
• 如果每個國家建構⾃⼰的過濾軟體引擎
• 成本⾼、效能低
• 澳洲 : 政府編列4500萬美元預算建構過濾引擎，此政策導致過濾每組 URL
花費成本⾼達 9000 美元 (資料來源 smh.com.au)
• 全球性問題
• 網路犯罪、病毒軟體、⾊情內容、賭博、毒品買賣、網路安全
• 是否應該建⽴⼀套全球過濾機制的標準
77Internet Governance

78. 78
過濾成本與過濾品質
Internet Governance

79. 79
換位思維: 過濾機制、服務成本與商業模式
Internet Governance
網路服務供應商ISP國內網路
終端接取
設備
終端接取
設備
終端接取
設備
國際⾻幹
設備
過濾成本低 過濾成本⾼
服務範例：兒少上網
覆蓋範圍：少數簽約⽤⼾
受益者 ：簽約⽤⼾
商業模式：使⽤者付費
法律⾵險：低
服務成本：低
服務範例：境外侵權內容
覆蓋範圍：全體境內使⽤者
受益者 ： 智財權⼈
商業模式： ?
法律⾵險：中
服務成本：中
境外

80. 80
導⼊網路治理可能模式
Internet Governance
智財權組織電信公司ISP
通傳會
網路內容治理實驗計畫
合作協議
監理沙盒
豁免權
網路治理
產業⾃律政策
1. 期程短 (6-12⽉)
2. 微量過濾清單 (實驗期程少於10組)
3. 智財權組織提供單⼀窗⼝(電話、網站)服務
4. 智財權組織提供訴願管道與訴願程序

81. 81Internet Governance
GDPR

82. 82
GDPR
Internet Governance

83. Data Minimization
• The more data are collected, higher are the risks
• One should focus on most pertinent data
• One should focus on most recent data
83Internet Governance

84. 84Internet Governance

85. 85
DSP : Demand Side Platform
Internet Governance

86. 86
DMP : Data Management Platform
Internet Governance

87. 87
Data Collection and Usage
Internet Governance

88. 88
Personal Data
Internet Governance

89. 89
Direct Identifiable and Indirect Identifiable
Internet Governance

90. 90Internet Governance

91. 91Internet Governance

92. 92
GDPR requires a chain of accountability
Internet Governance

93. 93Internet Governance

94. 94Internet Governance

95. 95Internet Governance

96. 96Internet Governance

97. 97
Data breaches under the GDPR
Internet Governance

98. 98
Cybersecurity Assurance
Internet Governance

99. 99Internet Governance