Kiwi holding a key to the internet

BEN GRUBB
Last updated 13:12 04/03/2014
Fairfax NZ
GATEKEEPER: Andy Linton is one of the key holders of the internet.

Relevant offers

A modest, independent internet veteran of 30 years, who now teaches IT network engineering at Victoria University, is the bearer of one of only 14 keys holding the internet secure.

Victoria University lecturer Andy Linton is a member of a small group privileged enough to be entrusted with keeping the internet's "phone book" - the domain name system - secure.

Twice a year, Linton, 62, along with several other volunteers, flies to Los Angeles to attend a highly secure "key signing" ceremony at a data centre in El Segundo, in south-west Los Angeles, only a few kilometres from Los Angeles International Airport. There, they verify that each entry in the internet's domain name system is authentic.

The system, run by the US-controlled Internet Corporation for Assigned Names and Numbers (ICANN), is a series of registries linking web addresses to a series of numbers, called IP addresses. Without this version of an online phone book, you would need to know a long sequence of numbers for every website you wanted to visit on the internet. To get to Google, for example, you would have to enter "220.244.223.222" instead of google.com.

The Guardian news website recently profiled the process key holders go through every time they met.  They have been getting together since 2010. Linton's group of 7 key holders meets on the US West Coast twice a year. Another group of 7 meets twice a year on the US East Coast. Every three months, one of the groups holds a ceremony for the purpose of verifying the system and preventing a growth of fake internet addresses. Their process is crucial to preserve the security of the internet as a whole to prevent leading people to malicious websites used to hack computers or steal credit card details, The Guardian reported.

The two groups consist of people from all over the world, each with a key. Most are from the US,  though there are some from Britain, Sweden and even Nepal. Together, their keys create a master key used to verify the system's integrity. Most members of the select group are volunteers recruited via an online ad and vetted by a security process

Ad Feedback

Linton, who has been part of the global internet community for more than 30 years, said he became involved on a personal invitation.

"Someone suggested it to me … it was a bit of shoulder tap," he said.

"[They said], 'You'd be a good person for this because people know you're independent of any particular group and you'd be a good person to do this for the Asia-Pacific region…' "

He was privileged to have the responsibility but said most people did not know what it involved.

"Most people are not in the slightest bit interested. They're not even aware that it happens. When I tell people about it they go 'Really? Really? You do that and there's only 14 of you?' "

Others in the field  often teased him and other key holders, he said.

"There's light-hearted banter. They say we're 'The Keyholders' and that sort of thing."

He said the "key ceremony" also worked as an audit.

"So we're like, in financial terms, the auditor coming in and saying the books have been done properly and the process has been done properly."

The process usually last between two and three hours and involves more than 100 actions recorded to the minute using the GMT time zone for consistency.

It is done in a data centre, accessed first on presentation of a member's passport and two other forms of ID. Inside, access to other rooms requires palm and iris scanning, then smartcards, PINs and physical keys for the ceremony room.

"We have a physical key for [a] safety deposit box and one of the staff for ICANN has the other key for that safety deposit box so I [can] get out my credentials [a smartcard]," Linton said.

"It looks like a school locker key," he said. "It doesn't look at all interesting. It's of no use to anyone until they're right deep in that facility and then it's sort of a token. And you wouldn't get in to use that [key] unless people knew it was you anyway. So it's not like you could steal the key and rock up and say 'I would like to make some changes'. It wouldn't work. It's very secure."

His smartcard and those of the six other people are then used with a highly secure machine to verify that all is well with the internet's live phone book. Should the group not turn up in the future, the previously generated master key would expire after three months and error messages would start to appear across the internet, The Guardian reported.

Most volunteers travel to the ceremony at their own or their employer's expense. Linton said the Asia-Pacific Network Information Centre (APNIC), the regional internet registry for the Asia-Pacific region, had assisted with his travel (he is a co-chairman of APNIC's Special Interest Groups). The New Zealand Domain Name Commission, which runs .nz, had also assisted him, he said.

"Nobody is doing this to get paid."

If he lost the key he said he would not worry too much: "I don't think it's something I'd swallow if someone said 'give it to me'," he said, adding that there were key replacement processes.

"[One time] we had one person's key that didn't work so we all chipped in and watched the locksmith change the lock."

Comments

Special offers

Featured Promotions

Sponsored Content

My Career