Welcome to the Internet Sanctions Project
This is an open, Internet community governed, project which produces real-time BGP and RPZ data feeds of network resources (IP addresses, Autonomous System numbers, and domain names) associated with sanctioned entities. These data feeds facilitate Internet network operators in complying with governmentally-mandated sanctions against violators of international and human rights law.
Why does this project exist?
Sanctions have been used as a tool of statecraft for thousands of years, but their use has become particularly widespread in the latter part of the Twentieth Century. Most sanctions used since the Second World War and until the start of the new Millennium were employed through the United Nations. Over the past 20 years, however, impasse at the United Nations Security Council (UNSC) has meant that a number of national governments and regional organisations also use their own autonomous (or unilateral) sanctions. These can supplement multilateral (UN) sanctions, or can be imposed entirely in their absence. All sanctions regimes employed today are supposed to be "targeted" or "smart" (geared to only impact on certain targets and not a country's entire population).
The United States (US) is the most prolific user of autonomous sanctions, followed by the European Union (EU). A number of other nations, such as the United Kingdom (UK), Canada, Australia and Japan also use autonomous sanctions; often in close coordination with one another. All regional organisations (such as the African Union and the League of Arab States) use sanctions against their own members, but the EU is the only one to use it as a tool of external foreign and security policy.
In contemporary times, the private sector within each nation is responsible for complying with sanctions adopted by the government where a given company is based. This can include multilateral and autonomous sanctions. In some cases, the US employs secondary sanctions, which have an extraterritorial reach, which means that all individuals, companies and other entities can be subject to US sanctions under certain regimes. The most common types of sanctions used by all actors are asset freezes (against individuals or entities), travel bans (against individuals) and arms embargoes. Since the early 2010s, there have been a rise in sectoral sanctions, such as those against finance, banking, energy and other commodities (in part, or in full). Some sanctions regimes have become so broad and hard-hitting that they can be considered de-facto comprehensive embargoes (or comprehensive sanctions) .
In the case of sanctions targeting banking sectors, compliance is facilitated by the fact that, while superficially appearing to be multinational, banks are actually collections of individual, autonomous, independently-regulated entities, each existing within a single country, though they may share a common brand. In the case of the "flat" global, transnational nature of the Internet, compliance with diverse sanctions regimes is rendered much more difficult for Internet organizations. Large Internet networks operate as single networks spanning the world, with unitary policy and technical choices implemented globally. Thus a policy imposed by a single government on a global network, if implemented, has extraterritorial effects in every other country, violating those countries' Westphalian rights of self-determination. And conflicting policies imposed by different governments cannot be resolved without breaking the fundamental nature of Internet connectivity.
At the same time, broadly-defined Internet sanctions tend to disproportionately affect the civilian population of sanctioned countries; this is both counterproductive and violates their human rights to freedom of communication and access to information as recognized by the United Nations, the European Union, the Council of Europe, the Organization of American States, the African Union, and others.
This project brings together governments, Internet organizations, civil society, and academia to provide a globally-harmonized Internet sanctions imposition mechanism that combines the expertise and perspectives of different stakeholders to develop proportional and effective sanctions that aim to not impinge upon civilians' access to information and communications. This project is neither pro-sanction nor anti-sanction; it exists to facilitate public-sector/private-sector coordination while ensuring that the human rights of civilians are protected.
Origin of the project
This project originated in an open letter from leaders of the multistakeholder Internet governance community, calling for constructive dialog about the imposition of Internet-related sanctions, and for a principled, structured, and transparent approach to sanctions, with the explicit aim of maintaining connectivity to civilian populations.
The project is implemented by five working groups:
- A policy group monitors the political situation and the sanction initiatives of national governments, and evaluates whether a situation or proposed sanctions is relevant in light of the project's principles. If a sanction is deemed in-scope, the policy group defines the situation and (potentially) sanctioned entities and passes them to the intelligence group. The policy group is responsible for determining the limited scope of measures, analyzing when existing sanctions should be repealed, and for liaising with governments which are considering declaring this mechanism to be sufficient compliance with their nationally-defined sanctions.
- An intelligence group investigates and catalogs the Internet resources (IP addresses, Autonomous System numbers, and domain names) held by sanctioned entities. This helps the policy group understand the (potential) impact of measures and assess their proportionality.
- An oversight board provides a final check on which resources are included in the blocking feed, verifying its conformity with international and human rights law. When anything is added to the feed, an announcement will be posted to the (read-only) announcement email list, which you're welcome to subscribe to, to keep track of the project's outcomes.
- An operations group keeps the BGP and RPZ feed publishing mechanisms working and gather feedback from implementers.
- A research group is responsible for metrics and monitoring of the system and its effectiveness, and liaises with the academic community.