Authors:
Adrian Wan, Internet Society
Charles Mok, Visiting Scholar, Global Digital Policy Incubator, Stanford University; Co-founder, Internet Society Hong Kong
Version 1.0 (18 February 2022)
Abstract
In 2021, Cambodia issued a decree that required all Internet traffic in Cambodia to be rerouted through the National Internet Gateway (NIG) by 16 February 2022. While the plans have since been delayed to an unspecified date, the decree–which seeks to “facilitate and manage Internet connections to enhance government revenue collection, national security, and preservation of social order, culture, and tradition”–remains in force.
Using the Internet Impact Assessment Toolkit (IIAT), this brief outlines how the decree would undermine three of five critical properties of the Internet Way of Networking and negatively impact all four of the qualities that maximize the Internet’s potential as an open, globally connected, secure, and trustworthy resource for good.
Methodology
The Internet owes its strength and success to a foundation of critical properties that, when combined, represent the Internet Way of Networking (IWN). This includes: an accessible Infrastructure with a common protocol, a layered architecture of interoperable building blocks, decentralized management and distributed routing, a common global identifier system, and a technology neutral, general-purpose network.
To assess whether the present proposal has an impact on the Internet, this report will examine its impact on the IWN foundation the Internet needs to exist, and what it needs to thrive as an open, globally-connected, secure, and trustworthy resource.
Context
On 16 February 2021, Cambodia issued Sub-Decree No. 23 on the Establishment of National Internet Gateway (NIG) to “strengthen the effectiveness and efficiency of the national revenue collection” and support the “protection of national security, and preservation of social order, culture, and national tradition.”
Consisting of a Domestic Internet Exchange (DIX) and an International Internet Gateway (IIG), the NIG manages all local and international—both incoming and outgoing—Internet traffic. The NIG will be run by government-appointed operators, and will have facilities in at least four locations in the country.
While the deadline for networks in the country to connect to the NIG had been set for 16 February 2022, the plans have since been delayed to an unknown date as of publication of this brief.
Any cross-border networks authorized before the decree took effect were to be rerouted by the deadline, by when telecommunications operators, Internet service providers (ISPs), data centers and content providers must connect to the DIX, and operators of submarine cable landing stations and satellite ground stations must connect to the IIG. Failure to comply could result in operating licenses being suspended or revoked, or bank accounts frozen.
The following topology of the NIG is included in the decree:
Topology of National Internet Gateway
Figure 1: An unofficial English translation of the decree. Note: Laos is misspelled as Loas in the original document. Source: DigitalReach
The decree requires NIG operators to cooperate with the Ministry of Posts and Telecommunications (MPTC) and Telecommunication Regulator of Cambodia (TRC) in “collecting national revenue, assuring safety, public order, dignity, culture, tradition, and custom of the society, as well as preventing and cracking down on crimes”.
NIG operators are expected to collaborate with the authorities to “block and disconnect all network connections that adversely affect national revenue, safety, social order, dignity, culture, traditions, and customs”.
NIG operators and all telecommunications operators must meet certain technical standards to ensure “smooth operation without any interruption or disruption”, among other requirements. If there is any Internet traffic congestion, NIG operators are expected to report to the authorities about the status and elaborate the causes and solutions in a timely manner.
It also says service providers connecting with the NIG via transit or peering are to be charged.
NIG operators are required to keep records of IP address allocation and route identification of traffic transiting through the NIG for at least a year. They must submit reports to the authorities on a regular basis. Meanwhile, the decree requires ISPs to verify user identities.
How Does the Sub-decree Affect the Internet?
To understand how the NIG affects the Internet itself we assess how it might impact the Critical Properties of the Internet Way of Networking as described by the Internet Society. We see that three properties are implicated and we discuss each in turn below.
Critical Property | Effect |
---|---|
1. An Accessible Infrastructure with a Common Protocol that is open and has low barriers to entry | Negative |
2. Open Architecture of Interoperable and Reusable Building Blocks based on open standards development processes voluntarily adopted by a user community | Negative |
3. Decentralized Management and a Single Distributed Routing System that is scalable and agile | Negative |
4. Common Global Identifiers that are unambiguous and universal | None |
5. A Technology Neutral, General-Purpose Network that is simple and adaptable | None |
An Accessible Infrastructure with a Common Protocol that is open and has low barriers to entry
One of the qualities that makes the Internet so valuable and successful is you do not need permission from a central authority to connect to the Internet. The network is continually extended by the many kinds of organizations that connect to it. These factors are largely driven by the market, not a centralized authority. There is no international policy on who can connect or what they should pay.
This open and accessible infrastructure delivers several key benefits: the first is global connectivity, bringing participants from around the world together and allowing them to reach each other. The second is growth: the network continues to grow because participants find value in connecting, which continues to create even more value for everyone connected.
In the case of Cambodia’s NIG, the fact that networks must now connect to the DIX or IIG means that networks face increased technical and financial barriers to becoming part of the global Internet.
Since all telecommunications operators, ISPs, data centers, content providers, operators of submarine cable landing stations and satellite ground stations must connect to the NIG, it is an added technical barrier to connect to the Internet, especially when to meet that requirement they need to reroute traffic to match the country’s borders. The decree does not mention whether it will accept all networks, and if not, it will be essentially a new permission networks must get to join the Internet.
The fact that they will be charged government-imposed interconnection fees is a new financial barrier that further hinders the principle of an accessible infrastructure.
As a result, the benefits this critical property should bring—global connectivity that both increases and is driven by the growing value of the Internet for everyone—are denied to Internet users in Cambodia and elsewhere.
Open Architecture of Interoperable and Reusable Building Blocks based on open standards development processes voluntarily adopted by a user community
The Internet’s open architecture creates common interoperable services, which enable permissionless innovation everywhere. The architecture is made up of building blocks that deliver specific functions, such as supporting different network types, ensuring reliable transport, enabling security, or providing name resolution.
“Open architecture” means anyone can add innovation at any point—and Internet users can adopt (or reject) those building blocks that bring value without re-engineering the entire network.
The fact that the decree sets out to facilitate “national revenue collection, protection of national security, and preservation of social order, culture, and national tradition” by setting up a NIG suggests there will be interception or inspection of content at the NIG, so that targeted content can be acted on, for instance, by throttling, filtering, or blocking.
This creates discrimination against some data packets and goes against the end-to-end principle, which ensures the Internet does not privilege certain technologies and has shaped the open architecture, innovation, and growth of the Internet. In particular, because the NIG has to be able to analyze the content of the application payload, it has to be tuned to specific applications, which means that new applications won’t be recognized and will likely be blocked or otherwise degraded. This undermines the innovative potential of the Internet.
Other end-to-end security and safety technologies, such as encryption, could either be blocked or broken. That impacts the ability of people and businesses to engage with Cambodians in a trustworthy manner, which will eventually have an economic impact.
In addition, since NIG operators have control over all domestic and international Internet connections, no other networks in the country can legally access the global Internet directly or independently. This prevents innovations in cross-border connections, such as Low Earth Orbit (LEO) satellites, an increasingly popular way of enabling global, low-latency Internet connectivity, particularly for rural and underserved communities.
Decentralized Management and a Single Distributed Routing System that is scalable and agile
The Internet is a network of networks. Each network makes independent decisions on how to route traffic to its neighbors, based on its own needs and local requirements. There is no central direction or coordination dictating how and where connections are made, but rather each operator makes its own decisions and collaborates freely with those it chooses, so the network grows organically, driven by local needs.
Routing in Cambodia under this new regime will be a far cry from this way of networking. Under the decree on NIG, since all networks must route their traffic through the NIG in a few designated locations in the country, they will have no autonomy on how they interconnect with other networks and how they route their data based on local conditions.
In addition, since the authorities can decide how and where interconnections are made with who, the organic growth of networks to support the dynamic needs of their users will be severely limited.
As a result, local decisions and requirements would be impossible to accommodate without updating the central controller, in this case the MPTC and TRC. Networks will not be able to optimize how their Internet connection works in relation to changing technical and economic conditions, such as outages, and customer demands.
For instance, in emergency situations like disaster management, centralized routing decisions are likely to be less responsive or agile than in normal times as the regulator will need to carry out complex modelling using data from multiple sources to make decisions for many different operators. This will potentially hinder response management compared to how each operator acts independently based on its own real-time understanding of network conditions.
Enforcing centralized routing eliminates the ability for ISPs of end users to choose the best connectivity for their needs, creates scalability problems, brings economic disadvantages, and inevitably degrades the resilience and performance of a network as large as the Internet.
Cambodia will no longer be able to fully leverage their international submarine and cross-border cable connectivity to serve as a regional connectivity hub. For end users, it may mean poorer quality of service in general, as their experience online, such as service delivery for applications or services, will likely be slower and less stable. For all types of industries from technology companies to manufacturing plants, Cambodia will simply be a less-attractive place to do business involving highly resilient and capable Internet networking.
How Does It Affect the Full Potential of the Internet?
The Internet rests upon several unique foundational properties that have facilitated its growth and fueled innovation for communities around the world. Yet, to achieve the Internet’s full potential it is necessary to look beyond this foundation to what enables the Internet to thrive as an open, globally connected, secure, and trustworthy resource for everyone.
The following section analyzes how the decree may impact these enablers and prevent the Internet from reaching its full potential.
Internet goal | Enabler | Effect | Reason |
---|---|---|---|
Open | Easy and Unrestricted Access | Negative | New access barriers for networks |
Collaborative Development, Management, and Governance | Negative | Collaboration between networks will be limited | |
Unrestricted Use and Deployment of Internet Technologies | Negative | Will affect end-to-end technologies & connectivity via LEOs |
|
Globally Connected | Unrestricted Reachability | Negative | New restrictions for users on particular content |
Available Capacity | Negative | Degradation of network performance | |
Secure | Data Confidentiality of Information, Services, and Applications | Negative | The interest in particular content is at odds with confidentiality |
Integrity of Information, Applications, and Services | None | / | |
Trustworthy | Reliability, Resilience, and Availability | Negative | Single point of control leads to sub-optimal network structure, lowers resilience |
Accountability | Negative | Lack of transparency & details of definitions & implementation | |
Privacy | Negative | Abilities to track user behaviour is introduced, increasing risks of personal information misuse |
Easy and Unrestricted Access
Description: An open Internet is an accessible Internet—it is easy to connect to the open Internet and use its services. Networks operators can easily add themselves to the Internet’s infrastructure without unnecessary regulatory or commercial barriers. It is affordable for users and has accessible services, empowering users to connect and use the Internet with minimal barriers.
In the case of Cambodia’s NIG, the fact that NIG operators have control over all domestic and international Internet connections means that no other networks in the country can access the global Internet directly or independently. This also means networks outside the country cannot freely interconnect with networks in it. Having designated providers run the NIG that funnel all Internet traffic in and out of the country creates a hierarchical network structure that is a move away from the mesh network that the Internet is, and closer to a tree network structure that has clear hierarchy. That severely impacts networks’ global reach, limits collaborative internetworking, and thus has a negative effect on the open Internet.
For domestic ISPs or content providers, the requirement to connect to the DIX is a regulatory and technical barrier that they otherwise may not need.
Moreover, the NIG also creates economic barriers to entry for network operators, as those who transit or peer through the NIG will be charged a fee set by designated ministers.
Another hurdle for network operators is the requirement to provide detailed technical and other operational information, including IP address allocation and route identification of traffic, to the regulator at the specified intervals. This goes far beyond typical requirements and may be significant administrative overhead for networks in the country.
Collaborative Development, Management, and Governance
Description: The open Internet is enabled when the Internet’s technologies are developed, managed, and governed in an open and collaborative way. The development and maintenance processes are intentionally based on transparency and consensus to optimize infrastructure and services to the benefit of the users of these technologies.
The NIG, which centralizes control over all incoming and outgoing domestic and international Internet traffic through a single infrastructure, effectively restricts collaboration among network operators in its operation and governance.
While Internet exchange points (IXPs) represent a collaborative way to improve the affordability and quality of connectivity, the Domestic Internet Exchange (DIX) in the decree is not to be confused with an IXP.
IXPs work by bringing together Internet stakeholders such as ISPs, municipal networks, and content delivery networks, so local Internet traffic is routed more efficiently, and local users enjoy better and more resilient access to local traffic.
Best practices have shown that IXP location and management should be as neutral as possible and agreed upon by IXP participants so local networks can efficiently exchange information by eliminating the need to exchange local Internet traffic overseas. In contrast, the DIX will be centrally developed and managed, putting a tight constraint on collaboration.
Unrestricted Use and Deployment of Internet Technologies
Description: The Internet’s technologies and standards are available for adoption without restriction. This enabler extends to end points: the technologies used to connect to and use the Internet do not require permission from a third party, operating system (OS) vendor, a network provider, or any other third party.
Like the point made under Open Architecture of Interoperable and Reusable Building Blocks, the NIG’s mandate to facilitate “national revenue collection, protection of national security, and preservation of social order, culture, and national tradition” suggests there will be interception or inspection of content at the NIG, so that targeted content can be acted on, for instance, by throttling, filtering, or blocking.
This will likely negatively impact all end-to-end technologies, such as encryption, like TLS 1.3, and new application and transfer protocols.
In addition, since NIG operators have control over all domestic and international Internet connections, no other networks in the country can legally access the global Internet directly or independently. This prevents innovations in cross-border connectivity, such as Low Earth Orbit (LEO) satellites, a way of enabling global, low-latency Internet connectivity, typically in remote, rural, or underserved areas.
Unrestricted Reachability
Description: With a truly interconnected Internet, anyone who wants to be part of the Internet can participate and exchange traffic with other participants without restrictions. Internet users have access to all resources and technologies made available on the Internet and can make resources available themselves. Once a resource has been made available in some way by its owner, there is no blocking of legitimate use and access to that resource by third parties.
Under the decree, NIG operators are obligated to collaborate with the MPTC to “block and disconnect all network connections that adversely affect national revenue, safety, social order, dignity, culture, traditions, and customs”, without defining the terms or specifying ways to block the connections.
Given the harsh penalties stipulated in the decree for failing to comply with the above, NIG operators would likely take precautions so as not to be held liable for targeted data that pass through their networks. Typically, they would implement technical measures to block online resources. But these measures typically “over-block”, imposing collateral damage on acceptable content, resulting in increased restrictions on the Internet.
Available Capacity
Description: The capacity of the Internet, like bandwidth and latency, is sufficient to meet user demand. No one expects the capacity of the Internet to be infinite, but there is enough connection capacity – ports, bandwidth, services – to meet the demands of the users.
Having designated providers run the NIG that funnel all Internet traffic in and out of the country while maintaining a few locations as local exchanges creates a rigid hierarchical network structure that does not scale as efficiently as the mesh network that is the Internet.
As networks are not allowed to interconnect where it makes most technical and commercial sense to them, the result is likely to be significant degradation of network performance and increase in costs.
The restricted networking model of the DIX may not facilitate optimal traffic exchange either, resulting in reducing available capacity to Cambodian users. This will also have a global effect since Cambodian resources will effectively be less accessible from outside the country.
Data Confidentiality of Information, Devices, and Applications
Description: A secure Internet is resistant to attacks on its infrastructure, delivering a robust service to its user community. In a secure Internet, data should have its confidentiality, integrity, and availability protected. Data confidentiality, usually accomplished with tools such as encryption, allows end users to send sensitive information across the Internet so that eavesdroppers and attackers cannot see the content or know who is communicating.
Given the decree’s priority on performing specified tasks for the government, including facilitating public revenue collection, protection of national security, and preservation of social order, among others, it is likely NIG will have to monitor content flowing through the portal by potentially breaking encryption.
While the implementation remains unclear, the NIG’s obligations and structure present risks it could significantly weaken the ability of users to preserve the confidentiality and integrity of communications in the country.
Reliability, Resilience, and Availability
Description: The Internet is reliable when technology and processes are in place that permit the delivery of services as promised. If, for example, an Internet service’s availability is unpredictable, then users will observe this as unreliable. This can reduce trust not just in one single service, but in the Internet itself. Resilience is related to reliability: a resilient Internet maintains an acceptable level of service even in the face of errors, malicious behaviour, and other challenges to its normal operations.
As illustrated in the topology included in the decree, the NIG will manage all local and international—both incoming and outgoing—Internet traffic. The creation of the single point of control for all traffic will increase security risks as a failure in the portal will put the entire country’s Internet availability
at risk.
Given the creation of network choke points, the NIG will result in a sub-optimal network structure and lower resilience. It will create unpredictable variations in the Internet’s reliability, potentially decreasing trust in the Internet.
The content inspection and filtering carried out by the NIG also has the effect of throttling international traffic, further affecting reliability of the service.
Accountability
Description: Accountability on the Internet gives users the assurance that organizations and institutions they interact with are directly or indirectly acting in a transparent and fair way. In an accountable Internet, entities, services, and information can be identified and the organizations involved will be held responsible for their actions.
Since the decree’s release on 16 February 2021, the MPTC has dismissed allegations the government intended to undermine privacy, “restrict freedom of expression, and pursue the Chinese model”.
On 15 February 2022—a day before the deadline—the government announced the plans have been delayed to an unspecified date.
At the time of the present Internet impact brief’s publication, there have been no other public announcements or details about the NIG’s implementation, even though all service providers were supposedly required to reroute all Internet traffic through the new infrastructure within a year; that is, by 16 February 2022.
There have been no public definitions or specifications about key terms in the decree, namely the phrase “adversely affect national revenue, safety, social order, dignity, culture, traditions, and customs”. Additionally, there has been no public information on who the government is contracting to operate the NIG.
Considering the importance of the decree and the amount of social change the decree may introduce, it is important that the authorities act in a transparent and responsible manner. The lack of transparency, coupled with the significant risks for security and privacy and threats to the global, open Internet, in turn damages accountability on the Internet.
While the decree has provisions for an appeal mechanism, whereby anyone dissatisfied with the penalties may appeal to the regulator or the court, the lack of information in the public domain about the new national Internet infrastructure calls into question the trust users have in the Internet.
Privacy
Description: Privacy on the Internet is the ability of individuals and groups to understand what information about them is being collected and how, and to control how this is used and shared.
While Article 14 of the decree requires NIG operators to store technical records and provide routine status reports to the authorities, Article 12 requires all telecommunications operators connected to the NIG to ask their users for clear identification of their identities. Coupled with the significant risks that the NIG may weaken or break encryption, it could essentially eliminate any privacy in communications.
With few existing safeguards for data privacy, the collection and storage of the information could reduce users’ ability to control how this information is used and shared by whom and for how long.
Summary and Recommendations
This brief finds that Cambodia’s decree would undermine three critical properties of the Internet Way of Networking and negatively impact all four of the qualities that maximize the Internet’s potential as a resource for good: open, globally connected, secure and trustworthy.
- By mandating all domestic and international Internet traffic to flow through a single infrastructure, the decree will mean that no other networks in the country can access the global Internet directly or independently, undermining the Internet’s accessible infrastructure.
- The decree’s focus on some content suggests there will be interception or inspection of content at the NIG (National Internet Gateway), so that targeted content can be intercepted—which runs counter to the end-to-end principle and undermines the Internet’s Open Architecture of Interoperable and Reusable Building Blocks.
- This regime would create an unusually hierarchical network structure that will undermine decentralized management and distributed routing.
- By severely impacting Cambodian networks’ global reach and limiting collaborative ‘internetworking’, the decree will make the Internet a less open resource.
- Obligations for NIG operators to work with the government to block or disconnect a wide range of undefined content threatens the globally connected nature of the Internet.
- The creation of a single point of control will increase security risks as a failure in the portal will put the entire country’s Internet availability at risk.
- Internet trustworthiness is also reduced under the decree as privacy is threatened, accountability weakened, and reliability, resilience, and availability diminished.
These changes will restrict Cambodia’s access to global technologies and knowledge, effectively reducing the socioeconomic benefits the Internet brings Cambodia. At a time when the Internet could be a foundation for a thriving digital economy as the country’s new engine of economic growth, the decree will hurt businesses, Internet users, and vulnerable communities in Cambodia.
This brief offers a single recommendation:
A full and robust Internet impact assessment—more comprehensive than this brief—should be conducted by the Cambodian government to identify the potential harms to the Internet resulting from setting up the NIG and defend the Internet that everyone can benefit from: one that is open, globally connected, secure, and trustworthy.