QUIC: The Battle That Never Was

New research from postdoctoral researcher Clément Perarnaud and professor Francesca Musiani on the QUIC protocol reveals how tech giants like Google are reshaping internet infrastructure through standard-setting, raising fresh questions about power, governance, and digital sovereignty. Need a QUIC explainer? Check out this WIP from the authors of How the Internet Really Works.

But first...

From Software to Society—Openness in a changing world

The new study from Open Knowledge Foundation “From Software to Society: Openness in a Changing World” by Dr. Henriette Litta and Peter Bihr takes stock and looks to the future: What does openness mean in the digital age? Is the concept still up to date? The study traces the development of Openness and analyses current challenges. It is based on interviews with experts, including IX contributor Mallory Knodel, and extensive literature research. The key insights at a glance are:

• Give Openness a purpose.
• Protect Openness by adding guard rails.
• Open innovation and infrastructure need investments.
• Openness is not neutral.
• Market domination needs to be curtailed.

Correction

This is our 81st newsletter, and our first correction. Last week, we mistakenly said that this CPDP workshop was happening in Vaud, Switzerland. Oops. Like the rest of CPDP, it’s in Brussels, Belgium.

Spot an error? Send us a reply or write to editor@exchangepoint.tech.

This Week's Links

Internet Governance

• A few tech giants are gaining control over subsea cables and satellites that power the internet. ARTICLE 19 is launching a new initiative to investigate the impact. https://www.article19.org/resources/wired-and-orbited-reclaiming-infrastructure-for-a-resilient-internet 
• South Korea’s online platform bill is drawing U.S. backlash, as the U.S. continues to use tariffs as way to push back on regulations they perceive to be non-tariff barriers to digital trade. https://www.lawfaremedia.org/article/south-korea-s-digital-regulation-proposal-sparks-u.s.-pushback 
• ICANN is the latest organization to remove references to “diversity” and “inclusion” from its website. https://domainincite.com/31049-icann-kills-off-diversity-and-inclusion 
• Open Rights Group analyses how the Online Safety Act and Ofcom’s guidance are reshaping online speech through stricter rules on content moderation and age verification. https://www.openrightsgroup.org/publications/how-to-fix-the-online-safety-act-a-rights-first-approach 
• The EU is moving forward on an antitrust cooperation agreement with the U.K., providing regulators with a clear framework for collaboration on competition investigations. https://www.wsj.com/world/europe/eu-moves-forward-on-antitrust-cooperation-with-u-k-255dfc83?reflink=desktopwebshare_permalink&st=pv8UiA
• More than 100 organizations are raising alarms about a provision in the “one big, beautiful” bill that would hamstring the regulation of AI systems. https://edition.cnn.com/2025/05/19/tech/house-spending-bill-ai-provision-organizations-raise-alarm 
• A summary and analysis of the U.S. TAKE IT DOWN Act (2025) provided by the IFTAS Trust & Safety Library, a resource aimed at supporting volunteer moderators and administrators in the Fediverse. https://connect.iftas.org/library/legal-regulatory/take-it-down-act-2025-usa
• Fighting disinformation by taking down content misses the point. Today’s disinformation spreads through coordinated campaigns that exploit platform design, write Rohit Kumar and Paavi Kulshreshth. https://indianexpress.com/article/opinion/columns/disinformation-in-the-digital-age-cannot-be-fought-by-taking-down-content-10017122 

Digital Rights

• Trump’s latest immigration crackdown harnesses AI surveillance to sidestep due process. https://thebulletin-org.cdn.ampproject.org/c/s/thebulletin.org/2025/05/trumps-immigration-crackdown-is-built-on-ai-surveillance-and-disregard-for-due-process/amp 
• A student has made a tool that scans for users writing certain keywords on Reddit and assigns those users a so-called “radical score,” before deploying an AI-powered bot to automatically engage with the users to de-radicalize them. https://www.404media.co/student-makes-tool-that-identifies-radicals-on-reddit-deploys-ai-bots-to-engage-with-them 
• Seven civil society groups have launched a landmark legal case in Kenya to challenge internet shutdowns as unconstitutional violations of digital rights. https://blog.bake.co.ke/2025/05/14/bake-6-other-organizations-challenge-internet-shutdowns-in-kenya-in-landmark-public-interest-case 
• SMEX’s latest newsletter covers digital rights in Syria, an open letter to Samsung, and a reflection on the state of press freedom in the MENA. https://mailchi.mp/smex/digital-rights-in-syria-an-open-letter-to-samsung-and-a-reflection-on-the-state-of-press-freedom-in-the-mena 
• Skyline International for Human Rights condemns a proposed aid system in Gaza that would require Palestinians to undergo biometric scans, such as facial recognition, in exchange for food, water, and medical supplies. https://skylineforhuman.org/en/news/details/819/biometrics-for-food-a-dangerous-shift-from-humanitarian-relief-to-coercive-surveillance 
• The US embassy in Zambia has warned its citizens to be wary of a new "intrusive" cyber-security law. https://www.bbc.co.uk/news/articles/cj451xd0ezwo 

Technology for Society

• A New Social unveils Bridgy Fed Config for seamless cross-platform setup, and launches a Patreon to help sustain the future of the open social web. https://blog.anew.social/bridgy-fed-config-patreon 
• Across the Western Balkans, governments are increasingly weaponising surveillance and censorship tools to silence dissent and control digital spaces. https://balkaninsight.com/2025/04/29/surveillance-and-censorship-worsening-in-western-balkans-birn-report
• As openness faces co-optation and crisis, a new study argues it must be redefined and defended as a political, not just technical, value. https://okfn.de/blog/2025/05/from-software-to-society-openness-in-a-changing-world 
• This essay collection asks: Can we reimagine AI to serve environmental justice and creativity instead of accelerating harm and erasing human expression? https://libraopen.lib.virginia.edu/public_view/3n203z326 
• The tech industry’s greatest disruptor is its own workers. Lucy Purdon explains why they need our support. https://courageeverywhere.substack.com/p/the-tech-industrys-greatest-disruptor 
•  Elon Musk struck a series of undisclosed business deals across the Gulf while accompanying Donald Trump on a high-profile diplomatic tour. https://www.nytimes.com/2025/05/20/world/middleeast/gulf-deal-making-spree-also-benefited-elon-musk-and-his-family.html 
• A new report examines Kenya’s push to digitize migrant identification, revealing how bureaucratic barriers to ID access shape refugees’ ability to integrate and access essential services. https://www.cariboudigital.net/publication/integration-without-identification 
• The High Court of Kenya officially ruled that Worldcoin’s collection and processing of biometric data in the country was unconstitutional. https://www.linkedin.com/feed/update/urn:li:activity:7328018153991520258/ 
• New report finds that Spanish-speaking data workers in Latin America use informal digital networks to cope with low pay and precarity on global tech platforms. https://onlinelibrary.wiley.com/doi/10.1111/ntwe.12340 

Privacy and Security

• Signal doesn't recall, and now you can (not), too. Signal Desktop now includes “Screen security” designed to prevent your device from capturing screenshots of your Signal chats on Windows, and any app can copy their solution to flag content as under digital rights management (DRM) by default. https://signal.org/blog/signal-doesnt-recall
• Researchers scraped 2 billion public Discord messages for academic use, raising serious privacy concerns and potential violations of Discord’s policies. https://www.404media.co/researchers-scrape-2-billion-discord-messages-and-publish-them-online 
• AI and virtual reality are creating new frontiers for misogyny, and tech companies are looking the other way. https://www.newstatesman.com/culture/books/book-of-the-day/2025/05/misogyny-in-the-metaverse 
• Google’s Jigsaw unit unveils new encryption standards to close long-standing privacy gaps in DNS and TLS, protecting billions from domain-level surveillance. https://medium.com/jigsaw/a-more-private-internet-encryption-standards-hit-new-milestones-c239ede23eaf 
• New document from the World Wide Web Consortium (W3C) provides definitions for privacy and related concepts that are applicable worldwide as well as a set of privacy principles that should guide the development of the web as a trustworthy platform. https://www.w3.org/TR/2025/STMT-privacy-principles-20250515 
• W3C has officially published Verifiable Credentials 2.0 as a W3C Standard, providing a more secure, privacy-respecting, and interoperable framework for issuing and verifying digital credentials. https://www.w3.org/press-releases/2025/verifiable-credentials-2-0 
• The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration. https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes

Upcoming Events

• Streaming now, Ian Bruce is a portrait artist, fascinated by what Elon Musk is doing to our online and offline worlds. Join him as he spends a week, alongside special guests, exploring who Musk is as he paints him. May 20-23. Online. https://www.youtube.com/live/uogmc-cKPIw 
• FediForum brings together the leading thinkers and doers who build this new Open Social Web. June 5-7. Online. https://fediforum.org/2025-06 
• ICANN83 Policy Forum schedule now live! The hybrid event will accommodate both in-person and virtual participation. June 9–12. Prague, Czech Republic and Online. https://www.icann.org/en/announcements/details/icann83-schedule-now-available-19-05-2025-en 
• Join DemocracyNext for a conversation on how AI can support, not replace, the scaling of democratic deliberation across five key dimensions. June 17, 4:00pm BST. https://www.linkedin.com/events/fivedimensionsofscalingdemocrat7330556694038507521 
• Webinar hosted by the AI Standards Hub and the AI Quality Infrastructure Consortium exploring conformity assessment schemes and international standards like ISO/IEC 42006 support compliance with the EU AI Act and broader AI safety. June 20, 12:30 pm BST. Online. https://aistandardshub.org/events/the-role-of-conformity-assessment-and-quality-infrastructure-in-supporting-ai-safety-and-regulatory-compliance 
• The annual Internet Governance Forum is coming up 23-27 June in Norway. It's a UN event that is free to attend and facilitates remote participation. https://www.igf2025.no
• South to South (S2S) is a program that aims to strengthen the connection between artificial intelligence accountability reporting and civil society engagement, contributing to a more informed governance of AI in the Global South.Three peer learning circles are currently planned: Southeast Asia: June 25-27. Africa: July 9-11. Latin America: July 23-25. Online. https://pulitzercenter.org/journalism/initiatives/south-to-south 

Careers and Funding Opportunities

• Applications are now open to join the Knight-Georgetown Institute (KGI) and the Institute for Technology Law & Policy (Tech Institute) as a postdoc fellow. Rolling applications, interviews begin mid-May. https://kgi.georgetown.edu/postdoctoral-fritz-fellow-digital-competition-policy-research 
• The Internet Society is hiring a Director of Monitoring, Evaluation and Learning. https://internetsociety.bamboohr.com/careers/289 
• Open Knowledge Foundation is looking for an AI Strategy Consultant and an AI Technical Expert. https://okfn.org/en/jobs 
• Phoenix R&D, a European messaging technology company, is hiring a Freelance Junior Product Manager. https://join.com/companies/phoenix/14160490-freelance-junior-product-manager-all-genders-part-time 
• Three Fully-funded Interdisciplinary PhD Positions on Governance by Data Infrastructure at University of Amsterdam. https://www.academictransfer.com/en/jobs/351725/three-fully-funded-interdisciplinary-phd-positions-on-governance-by-data-infrastructure 

Opportunities to Get Involved

• Hard Art is a cultural collective of artists, activists, and scientists standing in solidarity in the face of climate and democratic collapse. They're starting a new creative movement. Join them. https://hardart.metalabel.com/introducing-hard-art 
• A unique online course on threat sharing and digital forensics, taught from a feminist and human rights perspective. Apply by June 15. https://www.digitaldefenders.org/online-course-threat-sharing-and-digital-forensics-from-a-feminist-and-human-rights-perspective

Book Recommendations:

• Capitalism and Its Critics A History: From the Industrial Revolution to AI. From Luddites to degrowth activists, a new history explores capitalism’s global evolution through the eyes of its fiercest critics. https://bookshop.org/p/books/capitalism-and-its-critics-a-history-john-cassidy/20374711?affiliate=112451 
• Fatal Abstraction: Why the Managerial Class Loses Control of Software. In practice, few of the systems we looked to with such high hopes have lived up to their fundamental mandate. https://bookshop.org/p/books/fatal-abstraction-why-the-managerial-class-loses-control-of-software-darryl-campbell/21479418?affiliate=112451

What did we miss? Please send us a reply or write to editor@exchangepoint.tech.

QUIC, The Battle That Never Was: A Case Of Infrastructuring Control Over Internet Traffic

By Clément Perarnaud and Francesca Musiani

Recent research from Clément Perarnaud and Francesca Musiani explores the under-studied arena of Internet standardization by focusing on the adoption process and global deployment of QUIC (pronounced “quick”) , arguably one of the most consequential transport standards that the IETF has released in recent history. The authors demonstrate how this process is reshaping global power over the internet, with potentially long-term consequences for internet governance. Below they discuss the key findings of their paper.

QUIC is a transport-layer network protocol. In other words, it defines how two endpoints—such as a user's device and a web server—can establish a connection and communicate on the Internet. The Transmission Control Protocol (TCP), introduced in the 1970s as part of the original suite of internet protocols, has long been the standard way for moving data across the internet. Initially designed by Google, QUIC is often presented as an alternative to TCP. It provides a new technical architecture to communicate and encrypt data through the network.

What Can We Learn from QUIC?

QUIC is a case study in how powerful tech companies like Google are reshaping who controls the core infrastructure of the internet. QUIC offers a way to look at recent changes in the balance of power between “Big Tech” actors, other actors of the internet industry, and states. The protocol’s development highlights how private companies take part in the making of internet standards, how the growing influence of a few dominant actors impacts standard-setting, and about how technical debates over standardisation design details can end up shifting power and decision-making in internet governance.

Because QUIC was first created by Google, its  standardisation process offers a way to look closely at how Google can use its influence within the Internet Engineering Task Force (IETF), one of the leading bodies responsible for developing and maintaining global Internet standards. When bringing QUIC to the IETF in the mid-2010s, Google came with a sophisticated working solution, it had already tested at scale and widely deployed across services like Chrome and YouTube. 

Yet, success in the IETF usually doesn’t happen alone and requires allies and coalitions. We examined how Google was able to gain the support of internet companies, network operators and state officials alike. despite early concerns that QUIC might hurt their business models, technical systems or security practices.

The Controversial Debate about Internet Consolidation

While QUIC is often celebrated for the many innovations it brings to the transport layer (including encryption), its deployment raises important questions about who stands to benefit most from its use, and how it may accelerate the ongoing concentration of power in Internet architecture.

Internet giants seem far better equipped to fully benefit from QUIC’ speed and performance gains at scale. Companies such as Google, Meta, Apple, Alibaba, Amazon, and Microsoft have all developed their own QUIC implementations—which vary depending on their use cases and design choices—but are expected to share the core of the IETF specifications, to ensure interoperability. 

Though it is far from impossible technically, smaller actors may find it harder or less beneficial to adopt QUIC. Currently, the limited adoption from smaller actors seems linked in part to the lack of technical support and regular updates needed to implement QUIC in many server environments. There is also limited awareness, or even appetite within large and small companies, in adopting a protocol that could affect the stability and security of their private networks.  

Despite QUIC’s advantages, this means that many actors will continue relying on TCP, even if it leads to slower performance compared to major services like YouTube. This shows why QUIC will not completely replace TCP in internet traffic. Both protocols are likely to coexist in the medium term due to the mixed incentives, motivations and resources of the many actors on the internet.

Our research shows that QUIC’s implications go beyond the  internet industry, it matters for states themselves. Some of the new features introduced by QUIC could be interpreted as a challenge to the ability of states, or national network operators, to analyze traffic and communications. 

QUIC and (Digital) Sovereignties 

This brings us to the final point, which relates to digital sovereignty and the role of states in shaping internet standards. QUIC was formally adopted at a time when many countries in the world, including in the EU, were advocating for their “digital sovereignty”, calling for more control over their digital infrastructure and standards. 

The analysis of how QUIC was developed shows that state actors were largely absent in these discussions. Yet, states were still “there”, somehow. States’ control over networks came up often as a central issue in debates, and was regularly used as justification for both limiting and expanding encryption of internet traffic. Our research highlights that the success of QUIC’ standardisation process partly lies in the successful pre-emption of states’ security concerns by Google in the design of the protocol itself, to ensure limited opposition to QUIC’s global deployment.

The case of QUIC raises broader questions such as: can “digital sovereignty”—understood as the ability to control infrastructure, data, and technology with minimal dependencies—exist not only for states, but also for private actors? If so, have large technology companies taken one more step towards their own digital sovereignty? To what extent are digital sovereignty claims becoming an explicit part of IETF discussions and, more generally, of standardisation processes?

For more, the open access article is available here: https://journals.sagepub.com/doi/10.1177/14614448251336438