The Invisible Chokepoints

A chokepoint is a location where flow can be interrupted. Geographic chokepoints are the ones that appear in strategy briefings: Hormuz, Malacca, the Bosphorus, the Panama Canal, the Suez Canal. They have coordinates. They can be photographed from satellites. Military planners have studied them for decades.

Protocol chokepoints are different. They are points in technical infrastructure where traffic must pass and where access can be revoked. They don't have coordinates. They have addresses, certificates, registry entries, and routing tables. Their power is comparable to geography — and in some cases larger.

When Iran announced its Hormuz closure and oil moved 3%, the story was reported as a story about Hormuz. It was actually a story about the relative value of visible versus invisible chokepoints in 2026. The market was pricing both.

The SWIFT network handles roughly $5 trillion in daily transactions. When the US and EU excluded Iran from SWIFT in 2012, the effect on Iran's economy was more severe than any naval blockade in the modern era. Iran lost access to 30% of its foreign oil revenues and 50% of its foreign trade revenues within months. No ships were positioned. No military assets were deployed. The decision was administrative: Iran's banks were removed from the directory.

Russia's partial SWIFT exclusion in 2022 demonstrated something more subtle: the precision of the weapon. Several major Russian banks were excluded, but Sberbank and Gazprombank were initially spared — European energy buyers needed to pay for gas through some channel. The exclusion was calibrated to apply maximum pressure while preserving a specific payment flow.

This is not how geographic chokepoints work. You can make passage through a strait harder, but you cannot selectively permit some tankers and block others with administrative precision. Protocol chokepoints have a different character: in the directory or out of it, trusted or untrusted. That makes them simultaneously more precise and more total. A financial entity can be cut off from dollar-denominated transactions globally, without requiring any physical presence near the entity.

Below SWIFT are more fundamental layers. The internet runs on BGP — the Border Gateway Protocol, which tells traffic how to route between networks. BGP is essentially unauthenticated: you announce "I have a route to these addresses," and other networks believe you. BGP hijacks have happened multiple times. In 2010, China Telecom briefly routed substantial fractions of US internet traffic through Chinese networks for eighteen minutes. In 2008, Pakistan Telecom made YouTube unreachable globally for two hours by announcing a more specific route. No country announced these events. No UN resolution was required.

The Domain Name System is governed by ICANN, headquartered in Los Angeles. The root zone — the list of top-level domains that all DNS resolves against — is managed by the Internet Assigned Numbers Authority. A country-code TLD can technically be removed. This has never been done aggressively, but the infrastructure exists. The capacity to make a country's domain extensions unresolvable globally is a governance decision, not a military one.

Certificate authorities are the trust anchors for encrypted communications. Browsers ship with a built-in list of trusted CAs — roughly sixty to seventy root authorities globally. When a CA is removed from browser trust, all websites using its certificates become inaccessible with trust warnings. CNNIC, China's internet regulator, was removed from browser trust in 2015 after issuing unauthorized certificates. The decision was made by Google, an American company, through its Chromium browser trust policy. No legislation required.

China has understood this longer than Western analysis has been willing to say. CIPS — the Cross-border Interbank Payment System — launched in 2015 as an explicit SWIFT alternative for yuan-denominated transactions. BeiDou achieved global satellite navigation coverage in 2020. Huawei's network infrastructure, installed across substantial portions of Africa, Southeast Asia, and Latin America, runs on Chinese hardware and Chinese protocol implementations. The Belt and Road Initiative's physical component is partly about creating infrastructure where the governance layer is not American.

This isn't catching up — it's building a parallel stack. The goal is not to defeat the existing infrastructure but to create a population of users whose critical flows don't transit it. Once CIPS handles enough volume, the SWIFT exclusion weapon becomes less effective against states that have migrated critical payments to it. Once enough governments deploy BeiDou terminals, GPS signal denial matters less. The protocol layer arms race is a race to reduce the other side's chokepoint leverage before it gets used.

Geographic chokepoints require military assets to enforce. The US Fifth Fleet sits in Bahrain partly to credibly threaten or defend Hormuz. That's expensive, it requires sustained presence, and the assets can be targeted. Protocol chokepoints require governance assets: lawyers, regulatory bodies, technical standards committees, browser trust policy decisions. These are cheaper, less visible, and much harder to strike. You cannot bomb a standards committee.

The US is structurally better at governance assets than at military presence in distant straits. The dollar's reserve status, SWIFT's governance structure, ICANN's location, the concentration of root CA authority in American and Western European companies — these accumulated over decades of building the internet and the post-war financial system. They are not things any adversary can replicate quickly. The parallel stacks being built are real, but adoption takes time, and the window in which they're incomplete is the window of maximum protocol leverage.

The next escalation event that matters probably will not be a ship blocked in a strait. It will be an entity excluded from a payment system, a BGP route manipulated to intercept traffic at scale, a certificate authority removed from trust in ways that degrade a country's internet connectivity, or an undersea cable cut in a location that forces traffic through a particular inspection infrastructure.

These events are harder to photograph than a tanker fleet piling up at Fujairah. They will be covered as technical incidents first and political events second — which is wrong. The causality runs the other way. Technical infrastructure is the domain of political contests that haven't yet learned to declare themselves in the language that gets geopolitical coverage.

The Hormuz closure moved oil 3%. The SWIFT exclusion did more. That ratio will not hold forever — the parallel stacks are being built, the leverage will compress — but right now, in this window, the invisible chokepoints are worth more than the visible ones. That's not a prediction. It already happened. The market just hasn't gotten comfortable writing the dateline.