“If you’re involved in standards and policy, you’ve definitely heard people talk about Internet fragmentation as a risk.”

It’s that slow drift away from a single, globally interoperable network toward something more regional, more controlled, and more politically bounded.

Internet shutdowns make that risk tangible. They are not accidents. They are not edge cases. And they are not technically difficult to execute. Increasingly, they are a predictable outcome of how national networks are designed, governed, and operated.

This post was prompted by a report someone sent me directly, Understanding Iran’s Internet Blackout. Reading it felt like seeing, in real time, another lens on the same dynamics I wrote about last year in The End of the Global Internet.

You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.

And be sure to leave me a Rating and Review!

Iran is a case study in fragmentation

The current Internet shutdown in Iran has been unusually well documented. That report I mentioned walks through how connectivity was curtailed by selectively withdrawing routes, restricting upstream connectivity, and funneling traffic through tightly controlled national gateways.

That matters because it dispels a persistent myth: that modern Internet shutdowns require exotic capabilities or extraordinary interventions. They do not.

They rely on:

• Centralized routing control
• Limited upstream providers
• State-mandated choke points
• Regulatory authority over domestic ISPs

In other words, they rely on architectural choices that many countries have already made.

Shutdowns come in degrees

When we say “Internet shutdown,” we often imagine a total blackout. That does happen, but more often, shutdowns are partial and targeted.

Governments now routinely block social media platforms, messaging services like WhatsApp, payment or communication APIs, and cross-border routing paths. These kinds of shutdowns are precise, configurable, and reversible at the discretion of the state.

As of this writing, there are 11 active full or partial Internet shutdowns globally, and 918 shutdowns have been recorded since 2018, according to tracking by the Internet Society. That number alone should change how we think about the “normal” operating conditions of the Internet.

From standards theory to runtime reality

Much of the digital identity and platform literature treats fragmentation as a design-time and policy challenge: harmonizing regulations, aligning standards, and building interoperable frameworks. A recent academic paper on cross-border digital identity systems, for example, frames fragmentation primarily in terms of regulatory divergence, interoperability gaps, and governance complexity. It’s an interesting and well-researched read, particularly for how clearly it surfaces fragmentation as a structural constraint rather than a temporary inconvenience.

But Internet shutdowns reveal what happens when fragmentation moves from theory to runtime reality.

When connectivity itself becomes conditional, identity systems become harder to integrate and operate. Federation flows fail not because of protocol incompatibility, but because networks are unreachable. Identity proofing, credential revocation, auditability, and even basic authentication assumptions quietly collapse when routing paths disappear or services are selectively blocked.

For identity and platform teams, this is as much an operational problem as it is a governance problem.

Why identity and platform teams should care

Internet shutdowns expose assumptions that many identity and platform systems quietly rely on but rarely test.

For teams responsible for CIAM, workforce identity, credential systems, or cross-border platforms, shutdowns introduce failure modes that standards discussions often gloss over.

Federation and login flows

• Federated authentication assumes network reachability between relying parties, identity providers, and browsers.
• During partial shutdowns, cross-border federation can fail asymmetrically — working for some users, regions, or protocols but not others.
• Failures often look like “user error” or “provider outage,” masking their real cause.

Credential lifecycle management

• Revocation, status checks, and re-issuance depend on timely connectivity.
• During shutdowns, credentials may remain valid longer than intended — or fail to validate at all.
• Emergency revocation becomes operationally difficult precisely when risk is highest.

Wallets, passkeys, and device-bound authentication

• Many newer authentication models assume cloud reachability for recovery, policy updates, or metadata refresh.
• Selective blocking of cloud providers or APIs can strand users without fallback paths.
• Cross-device and cross-platform recovery flows are particularly fragile.

Auditability and compliance

• Logging, monitoring, and evidence collection often rely on centralized or cross-border services.
• Shutdowns can create gaps in audit trails, complicating regulatory reporting after the fact.
• Compliance teams may be asked to explain missing data they had no control over.

Threat models

• Most identity threat models assume accidental outages, not intentional network partitioning.
• Shutdowns introduce an adversary with lawful authority, infrastructure access, and time on their side.
• That adversary is not hypothetical — and does not behave like a conventional attacker.

The takeaway is not that identity systems should “solve” Internet shutdowns. It’s that teams should stop assuming the network is neutral, global, and continuously available. In a fragmented Internet, identity becomes conditional, too.

Architecture enables policy, not the other way around

One takeaway from the Iranian case study is that policy intent matters less than architectural readiness.

A government that wants the ability to shut down the Internet will eventually get it, if the network is built to allow it. Centralized identity systems, mandatory national gateways, limited peering diversity, and domestically controlled routing all make shutdowns easier to implement, faster to deploy, and harder to circumvent.

These design decisions are often justified in the name of efficiency, security, or sovereignty. Increasingly, they’re also justified under the banner of public safety, with new laws explicitly authorizing shutdowns during protests, elections, or periods of unrest.

That legal backing matters. It turns exceptional measures into normalized tools.

The real impact goes far beyond access

The consequences of shutdowns are often framed in terms of free expression, and rightly so. But the ripple effects are broader and harder to reverse.

Research (see here and here, for example) shows shutdowns lead to:

• Immediate economic losses for local businesses
• Disrupted healthcare and emergency services
• Long-term damage to trust in digital infrastructure
• Increased reliance on informal or insecure alternatives

Once users and businesses learn that connectivity is conditional, they adapt. They route around official systems, invest elsewhere, or lower their expectations of reliability. That adaptation is itself a form of fragmentation.

Is fragmentation reversible?

This is the question I’m increasingly unsure about. Well, that’s not entirely true. I’m pretty sure it’s not reversible, though I do think it’s something many will push back against collectively.

As more governments pass laws that explicitly permit Internet shutdowns in the interest of “public safety,” fragmentation stops looking like a temporary deviation and starts looking like a stable equilibrium. The infrastructure is in place. The legal authority is established. The precedent has been set.

Articles documenting how governments weaponize connectivity make clear that shutdowns are proactive tools of control, not accidents. Once fragmentation is reinforced by both architecture and law, reversing it would require not just technical redesign, but political will to dismantle capabilities that states now consider essential.

History suggests that kind of rollback is rare.

Fragmentation starts with choices

Internet shutdowns are not just about censorship or control. They are signals that tell us which architectural decisions have already been made, which governance assumptions are baked in, and how fragile global interoperability really is.

If we care about preserving a usable, global Internet, we need to stop treating shutdowns as isolated incidents and start treating them as feedback on what we are designing for the future.

Because disconnecting a network is easy. Reconnecting it—technically, legally, and politically—is much harder.

📩 If you’d rather track the blog than the podcast, I have an option for you! Subscribe to get a notification when new blog posts go live. No spam, just announcements of new posts. [Subscribe here] 

Transcript

(00:00:04) Welcome to the Digital Identity Digest, the audio companion to the blog at Spherical Cow Consulting. I’m Heather Flanagan, and every week I break down interesting topics in digital identity—from credentials and standards to browser weirdness and policy twists.

If you work in digital identity but don’t have time to follow every specification or hype cycle, you’re in the right place.

Let’s get into it.

---

Internet Fragmentation Is No Longer Abstract (00:00:30)

---

(00:00:30) If you’re involved in standards or policy, you’ve probably heard people talk about internet fragmentation as a risk.

Typically, it’s described as a drift away from a single, globally interoperable network toward something more regional, more controlled, and more politically bounded.

However, once you’re living inside it, fragmentation stops being theoretical.

It begins affecting:

• Your work
• Your family
• Your ability to access critical information

And today, internet shutdowns are making this risk very real.

---

Internet Shutdowns as a Case Study (00:01:18)

---

(00:01:18) This episode was inspired by a report someone sent me directly called Understanding Iran’s Internet Blackout.

Reading it felt like watching events unfold in real time.

It also echoed themes I wrote about last year in The End of the Global Internet. Once you see the internet this way, it’s hard to unsee what shutdowns actually represent.

They’re often framed as:

• Exceptional events
• Temporary emergencies
• Overreactions

But importantly, they are not accidents.

They are not edge cases.

And they are rarely technically difficult to execute.

---

How Internet Shutdowns Actually Work (00:02:20)

---

(00:02:20) The Iranian shutdown is a powerful—and deeply sad—example because it’s been so well documented.

The internet wasn’t simply “turned off.”

Instead, connectivity was curtailed by:

• Selectively withdrawing routes
• Restricting upstream connectivity
• Funnel­ing traffic through tightly controlled national gateways

This distinction matters.

It dismantles the persistent myth that modern internet shutdowns require exotic tools or extraordinary capabilities.

They don’t.

If you control routing and upstream connectivity, everything else follows.

And many governments already have this control built into their network architecture.

---

Partial Shutdowns and Precision Control (00:03:45)

---

(00:03:45) When people hear “internet shutdown,” they often imagine a total blackout.

Sometimes that happens.

More often, shutdowns today are partial and targeted.

For example:

• Certain platforms become unreachable
• Specific services quietly fail
• Cross-border traffic paths disappear

From the outside, this can look chaotic.

From the inside, these are precise, configurable interventions—reversible only at the discretion of the state.

---

Shutdowns Are a Pattern, Not an Anomaly (00:04:45)

---

(00:04:45) At the time of writing, there were 11 active full or partial internet shutdowns worldwide.

Since 2018—when the Internet Society began tracking them—there have been nearly 1,000 shutdowns.

That’s not a statistical fluke.

That’s a pattern.

And it brings us back to fragmentation.

---

Fragmentation Becomes Operational (00:05:20)

---

(00:05:20) Internet fragmentation isn’t just a political talking point.

It’s a structural condition.

Shutdowns are what fragmentation looks like when it becomes operational.

They show us that:

• National borders increasingly define routing behavior
• Global reach is conditional, not assumed
• Interoperability depends on political tolerance, not just technical compliance

Once a country can selectively disconnect from the global internet, the idea of a single shared network becomes fragile in very real ways.

---

Why This Matters for Digital Identity (00:06:10)

---

(00:06:10) Much of the digital identity literature treats fragmentation as a design-time problem:

• Regulatory divergence
• Governance complexity
• Standards alignment

That work is valuable.

However, internet shutdowns expose a different failure mode.

When connectivity becomes conditional, identity systems don’t degrade gracefully.

They stop.

---

Runtime Failures in Identity Systems (00:06:45)

---

(00:06:45) When shutdowns occur:

• Federation flows fail because endpoints can’t reach each other
• Credential status checks don’t time out—they never arrive
• Logs don’t get delayed; they disappear
• Monitoring pipelines go dark

This isn’t a standards problem unfolding slowly.

It’s a runtime failure that appears all at once.

And most identity systems quietly assume the network is neutral, global, and continuously available.

Shutdowns break that assumption completely.

---

A Different Kind of Threat Model (00:07:30)

---

(00:07:30) Most threat models don’t account for this scenario.

The adversary here isn’t external or opportunistic.

It’s lawful authority acting through infrastructure it already controls.

That’s a fundamentally different challenge—and one we haven’t fully grappled with yet.

The Iranian case makes another point clear: policy intent matters less than architectural readiness.

If the infrastructure supports selective disconnection, shutdowns become a matter of decision, not capability.

---

Is Internet Fragmentation Reversible? (00:08:00)

---

(00:08:00) Is fragmentation reversible?

I’m unconvinced that it is.

Once shutdown authority is embedded in law and infrastructure, rolling it back would require dismantling capabilities governments now consider essential.

I can’t point to clear examples where that’s happened.

Connectivity is increasingly treated as a tool of control, not a neutral utility.

That’s uncomfortable—but harder to dismiss every year.

---

Shutdowns Are a Feature, Not a Failure (00:08:25)

---

(00:08:25) Disconnecting a network is easy.

Putting it back together—technically, legally, and politically—is much harder.

That’s why internet shutdowns aren’t failures of the internet.

They’ve become features of the internet we’re building today.

It’s something to keep in mind as you design systems, protocols, and platforms—especially if you believe this isn’t the future we should be normalizing.

Good luck, and have a great rest of your day.

---

Closing and Call to Action (00:08:37)

---

(00:08:37) That’s it for this week’s episode of the Digital Identity Digest.

If this helped make things a little clearer—or at least more interesting—share it with a friend or colleague.

Connect with me on LinkedIn @hlflanagan, and if you enjoyed the show, be sure to subscribe and leave a rating or review wherever you listen to podcasts.

You can find the full written post at sphericalcowconsulting.com.

Stay curious, stay engaged, and let’s keep these conversations going.