Control Point Analysis

25 Pages Posted: 1 Apr 2012 Last revised: 10 Sep 2012

David D. Clark


Date Written: September 10, 2012


This paper describes an informal method called control point analysis that can be used to catalog and understand the points of power and control created by specific design decisions in and surrounding the Internet. It helps to answer in a methodical way such questions as whether power is centralized (and if so, to what actors) or diffuse? Does the design create points of control or avoid them? What are the vulnerabilities created by these points of control?

As the Internet becomes more and more embedded in every sector of society, more and more actors have become concerned with its character, now and in the future. Governments are driven by a range of objectives as they consider the future of the Internet: access and uptake, competition policy, regime stability, policies with regard to controlling access to classes of content, and the like. The range of actions open to governments to shape the Internet is well-understood, including law and regulation, procurement, investment in research and development, participation in the standards process and more diffuse forms of leadership. But these actions do not directly shape the Internet. They bear on the actors that in turn have direct influence over the Internet and what happens there. The private sector actors that largely make the Internet, such as Internet Service Providers or ISPs, are motivated by profits as they shape and evolve the Internet. As part of any conversation about the shaping of the Internet, there is a narrower question that must be answered: given the Internet as it is today, who are these actors that can exercise direct control over how it works, and what options for control do they actually have?

This question requires an understanding of the Internet as a technology, which can be a bit of a daunting task. A technical description of a system like the Internet usually begins with its modularity (e.g. layers and regions), and the functions and formats of its protocols. These descriptions are often not of much use when describing a system to a non-technical listener — the mass of unfamiliar details masks any insights about the implications of the design with respect to issues such as economics or the relative power of various actors to influence the operation of the system. A useful conversation across disciplines must begin with a method of extracting and cataloging the important implications of the design without first getting lost in the technical details. Control point analysis is a method for doing this. In contrast to a static description of layers and protocols, control point analysis is a dynamic picture of the technology that extracts insights about the points of control over its operation.

The first part of this paper is an illustration of control point analysis. A typical task (retrieving and viewing a web page) is diagrammed according to this method, in order to illustrate the points of control over the task, the actors that exercise that control, and what their control options are. The second part of this paper demonstrates the use of control point analysis to draw a set of initial conclusions about why the actors that have control are disciplined to be trustworthy (it is not technology that assures the correct operation of the Internet), the options for indirect control by the actors that sit removed from the actual technology (e.g. governments, standards bodies and the like), and some overall considerations about the “controllability” of the Internet. The paper closes with some advice about the role of technical design in achieving correct and robust network operation in the face of control by actors with adverse interests.

Keywords: Internet, ISP, security, architecture

Suggested Citation

Clark, David D., Control Point Analysis (September 10, 2012). 2012 TRPC. Available at SSRN: or

David D. Clark (Contact Author)

MIT CSAIL ( email )

Stata Center
Cambridge, MA 02142
United States
617-253-6003 (Phone)

Paper statistics

Abstract Views