The Problem with "The Seven Keys"
From time to time, articles are published about "the seven people who control the keys to the Internet.” These articles, while probably well-intentioned, are completely incorrect. Let’s be absolutely clear: there are no keys that cause the Internet to function (or not to function).
The so-called "keys to the Internet” only relate to one function, and even then, they can only be used in extremely narrow circumstances. It is important to understand what these keys do, to see why they do not control the Internet.
First and foremost, the keys being talked about belong to just one single part of the Internet – the mechanism for authenticating the data in the domain name system (DNS), called DNSSEC. It is based on a hierarchy of cryptographic keys starting at the root of the DNS. The cryptographic keys for the root of the DNS are managed by ICANN.
These cryptographic keys are kept in two secure facilities over 4,000 kilometers apart, and are protected with multiple layers of physical security such as building guards, cameras, monitored cages and safes. The innermost layer of physical security is a specialized device called a hardware security module (HSM), which stores the actual cryptographic keys. An HSM resists physical tampering, for example, if someone attempts to open the device or even drops it, the HSM erases all the keys it stores to prevent compromise. ICANN keeps two HSMs at each facility.
