Standing in the break room next to Lamb is Dmitry Burkov, one of the keyholders, a brusque and heavy-set Russian security expert on the boards of several internet NGOs, who has flown in from Moscow for the ceremony. “The key issue with internet governance is always trust,” he says. “No matter what the forum, it always comes down to trust.” Given the tensions between Russia and the US, and Russia’s calls for new organisations to be put in charge of the internet, does he have faith in this current system? He gestures to the room at large: “They’re the best part of Icann.” I take it he means he likes these people, and not the wider organisation, but he won’t be drawn further.
It’s time to move to the ceremony room itself, which has been cleared for the most sensitive classified information. No electrical signals can come in or out. Building security guards are barred, as are cleaners. To make sure the room looks decent for visitors, an east coast keyholder, Anne-Marie Eklund Löwinder of Sweden, has been in the day before to vacuum with a $20 dustbuster.
We’re about to begin a detailed, tightly scripted series of more than 100 actions, all recorded to the minute using the GMT time zone for consistency. These steps are a strange mix of high-security measures lifted straight from a thriller (keycards, safe combinations, secure cages), coupled with more mundane technical details – a bit of trouble setting up a printer – and occasional bouts of farce. In short, much like the internet itself.
As we step into the ceremony room, 16 men and four women, it is just after lunchtime in LA and 21.14 GMT. As well as the keyholders, there are several witnesses here to make sure no one can find some sneaky back door into the internet. Some are security experts, others are laypeople, two are auditors from PricewaterhouseCoopers (with global online trade currently well in excess of $1tn, the key has a serious role to play in business security). Lamb uses an advanced iris scanner to let us all in.
“Please centre your eyes,” the tinny automated voice tells him. “Please come a little closer to the camera… Sorry, we cannot confirm your identity.”
Lamb sighs and tries again.
“Thank you, your identity has been verified.”
We file into a space that resembles a doctor’s waiting room: two rows of bolted-down metal seats facing a desk. Less like a doctor’s waiting room are the networks of cameras live-streaming to Icann’s website. At one side of the room is a cage containing two high-security safes.
Francisco Arias, Icann’s director of technical services, acts as today’s administrator. It is his first time, and his eyes regularly flick to the script. To start with, things go according to plan. Arias and the four keyholders (the ceremony requires a minimum of three, not all seven) enter the secure cage to retrieve their smartcards, held in tamper-evident bags. Middle-aged men wearing checked shirts and jeans, they are Portuguese keyholder João Damas, based in Spain; American Edward Lewis, who works for an internet and security analytics firm; and Uruguayan Carlos Martinez, who works for Lacnic, the internet registry for Latin America and the Caribbean.
All but one of the 21 keyholders has been with the organisation since the very first ceremony. The initial selection process was surprisingly low-key: there was an advertisement on Icann’s site, which generated just 40 applications for 21 positions. Since then, only one keyholder has resigned: Vint Cerf, one of the fathers of the internet, now in his 70s and employed as “chief internet evangelist” by Google. At the very first key ceremony, in Culpeper, Virginia, Cerf told the room that the principle of one master key lying at the core of networks was a major milestone. “More has happened here today than meets the eye,” he said then. “I would predict that… in the long run this hierarchical structure of trust will be applied to a number of other functions that require strong authentication.” But Cerf struggled with the travel commitment and dropped his keyholder duties.
At 21.29, things go awry. A security controller slams the door of the safe shut, triggering a seismic sensor, which in turn triggers automatic door locks. The ceremony administrator and the keyholders are all locked in an 8ft square cage. Six minutes of quiet panic go by before they hit on a solution: trigger an alarm and an evacuation. Sirens blare and everyone piles out to mill around in the corridor until we can get back to the 100-point script. Every deviation has to be noted on an official record, which everyone present must read and sign off at a later point. Meanwhile, we use the downtime to snack: people rip open a few bags of Oreo biscuits and Cheez-Its.