The proponents of the DOA platform have promised increased security and counterfeit mitigation in a number of telecommunications products and services. Civil and human rights groups have raised concerns about the motivations within the SG20 working group of the ITU’s standardisation sector - ITU-T, stressing on embedded risks for human rights, such as privacy and freedom of expression.
The technology allows a unique and persistent identifier to be assigned to digital objects and track their use (Lazanski, 2016). While this has already been adopted in libraries and the film industry, several member states of the ITU have pushed for the standardisation of the technology for the global identification and interconnection of Internet of Things (IoT) devices (Article 19, 2017; Rogers, 2016). Civil society groups and some ITU member states (see below), however, are concerned that the ITU as a rather ‘closed’ political organisation is ill-fitted to lead this particular standardisation process. In their view, if DOA is going to be utilised in IoT device management, the standardisation efforts should be undertaken within non-state, multi-stakeholder environment that organisations like W3C, IETF, IEEE could offer.
The proposals for the utilisation of DOA as a core IoT technology came from three regional telecommunications bodies of the ITU – the Arab, African and that of Russia and the former Soviet states. Two other regions, the Americas (CITEL) and Europe (CEPT) – opposed those proposals. The concerns were focused on the effectively proprietary nature of the DOA technology (its creators define it as non-proprietary, yet see discussion in Farhat, 2017, 9-10 and Dardailler, 2016), developed by the Corporation for National Research Initiatives (CNRI) in the 1990s and which holds the ‘change control’ over the specifications (Sharp, 2016). The Corporation is chaired by the co-creator of the core TCP/IP protocols of the internet, Robert E. Kahn (together with Vint Cerf). However, the Geneva based Digital Object Numbering Authority (DONA) Foundation currently manages DOA. There is a Memorandum of Understanding (MoU) between DONA and the ITU, by which the later would take over responsibilities if the former ceased to exist. European and American states, however, have raised concerns about the fact that part of the operation of DOA is delegated to the Multi-Primary Administrators (MPAs), which currently include states such as China, South Africa, Saudi Arabia. Thus, discrepancies in the approach are based on political splits between different ITU regions, broadly West vs. South/East. The draft CEPT position claims that:
If DOA became a universal identifier for IOT it would place MPA governments in an extremely powerful position overseeing the interconnection of all objects, devices and networks in IOT. It could enable access by governments to unprecedented levels of information on individual citizens. This would include everything from health data and financial transactions to the physical location of every object.
From an internet governance perspective, transparency and protection from capture, is crucial (Sharp, 2016). Many questions remain unanswered in terms of the administration of DOA if it is potentially adopted as a universal system for identification on the Internet. Currently, the use of DOA is allowed under a License Agreement, the termination of which is ‘at CNRI’s sole discretion’. Moreover, it is regarded as unrealistic for a small and relatively unknown organisation such as DONA to be assigned responsibilities similar to that of the Internet Assigned Numbers Authority (IANA), granted with the global IP addressing and autonomous system numbering and the management of the DNS root zone.
The political discourse, however, is grounded on technical divergences in the operation of the internet. The DOA proponents have projected the view that it can serve as a partial alternative to the existing web architecture and internet resource identification system (URIs, URLs) (see Dardailler, 2016). This is something that the Western ITU states have strongly opposed, while SSOs based in those countries (e.g. IETF and W3C) have not found a technical ground for undertaking its standardisation through an open process of expert participation. Brought to the IETF, the standardisation of DOA there failed and resulted in three 'informational’ only RFCs published in 2003. For its proponents, the ITU seems to be regarded ‘as a stepping stone towards eventual complete standardisation’ (Farhat, 2017: 11). In concern over developments, the World Wide Web Consortium (W3C) has invited the ITU to specify identified use cases (if any) not covered by the existing identifiers and to collaborate on the needed revisions in an open standardisation process.