| News | Blog | Unequal and contested – Content Delivery Networks as critical infrastructures

Unequal and contested – Content Delivery Networks as critical infrastructures

The triumph of content delivery networks (CDNs) has played a significant role in shaping the development of the internet globally since the late 2000s. Today, CDN providers are among the largest and most successful technology companies in the world. In the process, they are increasingly influencing military contexts and geopolitical tensions and conflicts. A digital policy debate on these critical infrastructures has been lacking for a long time.

What are Content Delivery Networks (CDNs)?

In simple terms, a content delivery network is a network of distributed cache servers that can be used to cache data in geographical proximity to end users. This reduces the latency of data traffic between web servers and client-side applications on end devices. Against the background of data-intensive web services such as music and video streaming services, online gaming, social media or e-commerce platforms, CDNs have become central internet infrastructures within the last ten years. Already in 2016, about 52 percent of global internet traffic was routed via CDNs. In 2022, this share was over 70 percent. A high level of dynamism can be observed in the market: Whereas until a few years ago it was dominated by a few companies specialising in CDNs, such as Akamai Technologies, Cloudflare and Fastly, the American BigTech and the Chinese companies Huawei and Alibaba have massively expanded their infrastructures and now offer customers cloud computing services including data traffic via their own CDNs on a global level.

Geopolitics of digital infrastructures

The Russia-Ukraine war has made the security and economic significance of digital infrastructures succinctly visible: Already after the annexation of Crimea in 2014, the Russian administration had begun to reroute the routing of data packets from Crimea to Moscow via Russian territory – which significantly reduced the previously established data traffic via the internet exchange nodes in Frankfurt am Main. Similar efforts of territorial incorporation of data streams into networks that enable Russian surveillance and censorship measures are currently also being observed in the occupied territories in eastern Ukraine. At the same time, Ukrainian experts have begun to secure some important components of the Ukrainian internet or World Wide Web – such as servers for operating the country-specific top level domain .ua – on servers abroad. Emergency operation of certain internet services is thus also made possible by digital infrastructures outside the country.

These examples illustrate once again that the internet is not operated as a politically neutral infrastructure, as some central actors in the field of internet governance continue to proclaim as a guiding principle, but is rather embedded in geopolitical strategies, conflict and tension situations. In this context, it is not only state institutions that appear as central geopolitical actors. Various providers and operators of digital infrastructures are often linked to geopolitical issues of state security, sovereignty and independence. An important role is played by a group of technology companies that have hardly appeared in the political-public debate so far, but through whose infrastructures most of today’s internet traffic is operationalised: Providers of content delivery networks.

Unequal and contested spaces of CDNs

Against the background of this trend towards complex ecosystems for cloud computing including network services by individual players, the question arises to what extent content delivery networks have generated new network effects and lock-in effects and to what extent this furthermore leads to a reconfiguration of the functions of established internet infrastructures – such as internet exchange points – and contributes to a loss of intended norms, such as net neutrality. Google/Alphabet, Amazon Web Service and Microsoft Azur, for example, have also expanded the presence of cache servers of their CDNs (points of presence) in the local and regional networks of Internet service providers (ISPs) within the last few years in the EU – with Amazon Web Services (AWS) already dominating the market in many cases. With regard to the current debates on digital sovereignty, the question thus arises to what extent end users, companies and state institutions have become even more dependent on US providers of cloud and CDN infrastructures than previously assumed.

Especially against the backdrop of current geopolitical conflicts and tensions, it is surprising that content delivery networks have hardly been addressed in digital policy debates. Yet the importance of these infrastructures for the functioning of diverse services has already been demonstrated in geopolitical-military terms: In March 2022, for example, Ukraine’s Minister of Digital Transformation, Mykhailo Fedorov, called on Cloudflare and AWS, among others, to stop serving both cloud computing and CDNs, as well as the IT security of these services in Russia. While Cloudflare has rejected these demands, AWS says it is not launching new cloud and CDN services for customers from Russia and Belarus. At the same time, Cloudflare says it is offering Ukrainian government and telecommunications organisations the free service of its CDN, including enhanced protection against DDos attacks. Content delivery network providers are therefore already frequently confronted with questions of IT security and the operation of basic digital services, including in military contexts. This ultimately raises questions about the democratic control and design of these infrastructures.

Content Delivery Networks as Critical Infrastructures

However, the political and social relevance of content delivery networks is not only evident in wars, but also with regard to questions of security and resilience of internet infrastructures in general: for example, technical problems at CDN providers have repeatedly led to major outages of important services and websites in recent years. Most recently, for example, there was a major technical disruption at Akamai Technologies in July 2021, which led, among other things, to various websites of major media companies in Germany being unavailable for up to an hour in some cases. The same disruption led to international outages in the online services of banks, airports and IT companies. At the same time, CDN providers are increasingly taking on tasks for certain fields in the IT security of online services, which are operationalised via their infrastructures.

For example, in 2018, a previously unknown, strong DDoS attack on the website Github.com, which is central to software development in the EU, was only stopped with the help of Akamai Technologies. CDNs must therefore increasingly be regarded as critical internet infrastructures through which a large part of today’s digital communication is operationalised and which should simultaneously guarantee the security of online services.

The blog posts published by bidt reflect the views of the authors; they do not reflect the position of the institute as a whole.