The Global War for Internet Governance
Source: https://yalebooks.yale.edu/book/9780300181357/the-global-war-for-internet-governance/ ↗
DeNardis maps the institutions that actually govern the internet — ICANN, IETF, regional internet registries, root server operators, national regulators — and the conflicts among them.
Her central argument is that internet governance is not primarily a matter of treaties and summits but of technical architecture: decisions about protocols, addressing, naming, and routing are inherently political acts with distributive consequences.
The book covers disputes over domain names, IP address allocation, surveillance-enabling standards, and the role of private companies as de facto regulators.
DeNardis calls this the "deep stack" of governance, the layer beneath policy where real power operates.
For product leaders, the book explains why your product's reachability, performance, and legal exposure depend on governance decisions made in rooms you have never entered.
Understanding who controls the stack beneath your stack is not optional knowledge.
Central argument
DeNardis argues that internet governance is not primarily enacted through international treaties or policy summits but through technical architecture itself — the protocols, naming systems, addressing schemes, and routing decisions that constitute what she calls the 'deep stack.' Institutions like ICANN, IETF, and regional internet registries are the real seats of power, and their technical decisions carry inherent distributive and political consequences. The book demonstrates that private companies operating infrastructure function as de facto regulators, often with less accountability than the public bodies they displace.
Critique
DeNardis's framework, written in 2014, was already straining against a reality it only partially captures: the growing dominance of platform-layer governance by hyperscalers — app stores, CDNs, cloud providers, payment processors — which exercise coercive control over reachability and viability in ways that sit above the deep stack she maps, not within it. Her focus on ICANN-era infrastructure governance risks making the argument feel institutionally dated precisely as the locus of power shifted from naming and addressing toward algorithmic and contractual control. A reader today might find the diagnosis accurate but the patient no longer the most critical one.
Why it matters for product
A product leader who understands DeNardis's argument will recognize that choices made in IETF working groups about encryption standards, or ICANN disputes about domain delegation, can determine whether a product is reachable in specific markets, legally exposed to surveillance mandates, or vulnerable to de-platforming at the infrastructure level — none of which appear in a typical product risk register. Concretely, this should inform how CPOs think about geographic expansion decisions: entering a new market is not just a localization and GTM challenge but a question of which governance regimes — technical and jurisdictional — now apply to your stack beneath the stack you own.