BROOKE GLADSTONE: Greeley described ICANN as impenetrable, and so it is, especially since 2010, when it began to implement a confoundingly complex system to protect the security of its domain names. The people with the key to the system meet quarterly, on the East Coast and then the West Coast, under the eye of a pack of observers. They met most recently on February 13th in a Los Angeles suburb. The Guardian’s James Ball was among them.
JAMES BALL: We had – there are seven people scattered around the world, with some master key to the internet that could switch it off or restart it, in the case of nuclear war or something like that. What then happens is essentially this, this really long 100-step scripted plan, this ritual. Let’s just renew a key at the core of the internet.
BROOKE GLADSTONE: To penetrate the fortress requires a series of IDs, security cards, handprints, even scans of the participants’ irises.
[MINORITY REPORT CLIP]:
COMPUTER: Please center your eyes in the mirror. [MUSIC] Please move a little back from the camera. Sorry, we cannot confirm your identity.
BROOKE GLADSTONE: The whole point is to ensure the security of the DNS system, the backbone of trust on the Web, and reassure us that in our virtual travels we will neither be hijacked or blocked. Or, if we are blocked, at least we'll know it. It all boils down to protecting a line of code, a digital master key. So ICANN devised a set of smart cards to activate it that are locked in a series of safety deposit boxes inside a safe. Those key holders, mostly computer security geeks, each hold a physical key to one of those safety deposit boxes. Still, with me?
JAMES BALL: So they have a key to a safety deposit box, which is inside the safe that they can’t open, which is inside an insanely high secure facility, which they, hopefully, can’t get into. So the person who knows the combination for the safe can’t get in the room and can’t get in the facility. The people who have the actual keys can’t get anywhere, but the people who can in the room don’t know the combination or have the key. So, I mean, it does sound like something out of Oceans 11.
BROOKE GLADSTONE: There’s even a procedure to get into the canteen.
JAMES BALL: You kind of have to present yourself, give your ID, and then someone takes you and puts his handprint in and a very long code, and this kind of door slides open. And you have to go into this room which is completely featureless. It’s about sort of 10-foot square. And the door shuts behind you and you’re sealed in, and then he has to do exactly the same again on another door to let you out. And they do another couple of tests. You’ve got to have a smart card and another handprint, and that gets you to the break room.
At this point, you can drink a bit of soda or play on an arcade machine.
BROOKE GLADSTONE: Getting into the room where the key ceremony actually is held demands a whole new round of security, which gets you into a small room split into three small mesh cages, one of which is off to the side and contains two huge safes. Ball couldn’t get into that one, but he could see it from his cage. That room was just for the chosen key holders, and not all seven. Three of them are there just for backup.
JAMES BALL: And so, they had four of these seven people with the keys to the internet, the kind of guy who was running the ceremony and one of two people in the world that knows the code to one of the safes. And they’re in this tiny eight-foot by eight-foot cage, and they slam the safe door. And it turns out, one of the many security procedures they have is a seismic sensor which disables all the door locks. Suddenly, they’ve locked the key holders to the internet inside [LAUGHS] this cage.
I was at least trapped in a bigger room and someone had very considerately brought some snacks so, at this point, we’re all eating Oreos and wondering how they’re gonna get them out of the cage. They worked out the only way they could do it was to trigger a building evacuation.
BROOKE GLADSTONE: After that little diversion, the ceremony resumed.
JAMES BALL: Each of the key holders hands over their smart card to the person running the ceremony, and they put them in turn into this machine, and after it’s had three of the seven, it’s activated. And then it’s just one quick line of code, and it renews the key for another three months.
BROOKE GLADSTONE: This summer, on the East Coast, they’ll do it all over again. This process, launched by ICANN in 2010, this transition to a single master key, protected by keys within keys, within keys, will take a few more years to roll out.
JAMES BALL: There's really no other security system in the world that leans back on just one key. This is about the one place in the world. It’s the first time they’ve tried it. And they’re really, really trying to make people believe that no one controls it. That’s what this whole kind of theater is about. They’re trying to say, hey, check it out. We’ve got all of these steps. There is no way the US has the secret backdoor into it. There’s no way the NSA does, there’s no way Russia does. We can only use it for what we’re saying we use it for.
BROOKE GLADSTONE: One key that can signal users that a website is blocked and indicate when a site is a sham, a single system for a Worldwide Web, a bold effort straining against the ill will generated by those NSA revelations, but still moving forward.
[MUSIC/MUSIC UP & UNDER]
BOB GARFIELD: That’s it for this week's show. On the Media was produced by Alex Goldman, PJ Vogt, Sarah Abdurrahman, Chris Neary, Laura Mayer, Kimmie Regler and Meera Sharma. And our show was edited - by Brooke. Our technical director is Jennifer Munson. Our engineer this week is Ken Feldman.
BROOKE GLADSTONE: Katya Rogers is our executive producer. Jim Schachter is WNYC’s Vice President for News. Bassist composer Ben Allison wrote our theme. On the Media is produced by WNYC and distributed by NPR. I’m Brooke Gladstone.