[discuss] elephant in the room

John Curran jcurran at istaff.org
Mon Mar 17 18:28:05 UTC 2014 

On Mar 16, 2014, at 9:34 PM, DAVID JOHNSON <davidr.johnson at verizon.net> wrote:

> The question is: without USG oversight, what would keep ICANN (a future rogue ICANN, not the friendly guys we know) from using the revocation of domain names (or registry contracts or registrar accreditations) to enforce a mandatory, adhesion contract that compels registrants (or even their users) to comply with global rules that are not supported by consensus, not related to protection of the sound, secure, resilient operation of the net, but instead related to some notion of what content is permissible, how people should behave online?

David - 

Thanks for posting this excellent question.  I'd also like to suggest some related 
alternative questions of similar nature only with different underlying motivations - 

   "What would keep a future rogue ICANN from using the revocation of domain 
    names (or etc.) to compels registrants (or even their users) to comply with 
    global rules that are not supported by consensus, not related to protection 
    of the sound, secure, resilient operation of the net, but instead:

    a) driven out of national interests of a single government, or
    b) motivated by ICANN's own financial goals and desires, or 
    c) due to purely financial interests of the registry operator community"

In all of the above cases, the real concern is _not_ what is driving the deviation,
but the deviation itself from the consensus output of the global community expressed
through the policy development process.

There is a belief held by many that under the present NTIA arrangement (in at least 
in some of the above cases) there would be strong words from NTIA to the "rogue" ICANN
(backed by the implied threat of redelegation of the IANA functions to another party)
suggesting that ICANN needs to prioritize actual community consensus over its own 
internal views.  Whether this would (or has? ;-) ever happened we can only speculate, 
but it is fairly clear that it ceases to be an effective stewardship/oversight option 
after transition of the IANA Function contract.

> Will we allow the domain name system to be used, by a global multi-stakeholder group, to enforce global rules that are not supported by a demonstrated consensus among affected parties, that are designed not to regulate the internet but to regulate how people use the internet, that replace local decision-making (subsidiarity) with global rules that don't have any reasonable form of consent of the governed?
> 
> Some fear a registry-based oversight over IANA, even though the registries (including cctlds) effectively represent the whole world and, because they are the ones who have to sign the contracts with ICANN, are the sole available source of push back against abusive use of a monopoly position (the definitive say on what goes in the root).

One little nit:  It may be (as you put it) that the DNS registries may represent 
(post-NTIA) the sole available source of "push back" under the current system, but 
many would argue that (as a group with numerous strong commercial interests) they 
cannot "effectively represent the whole world"   

Concerns about a rogue ICANN may also be equally easily reformulated as concerns 
about a "rogue registry system" (i.e.. ICANN and co-aligned DNS registries) taking
actions contrary to the outputs of the global community, so while strong registry-
based oversight of ICANN may indeed be desirable, it is unlikely to be singularly 
sufficient to get the job done. 

(FYI - you may repeat the prior paragraph with "ICANN and IP regional registries"; 
any coordinated system of registries carries the potential for actions predominantly 
in its own interest and therefore also worth keeping in mind as we consider models 
for oversight of IANA [and the entire Internet registry system] in a post-NTIA model)

> ...
> There are those who would like to use revocation of domain name registrations to "govern the net" (meaning govern the way that people behave on the net). This is a very dangerous game unless limited to the enforcement of rules on which there really is global consensus that the behaviors in question have no possible justification. An unconstrained (rogue) ICANN could in fact impose global rules, through its monopoly power over intermediaries. It would be wise now to construct the mechanisms that would constrain it from doing so. ICANN could protect itself against over-reaching governments by explaining that it doesn't have the power to enforce global rules by board fiat. The best defense would be for it to tie itself to the mast -- sign a contract with the global registries that ties the new, separate IANA duty to obey its policies to the condition that ICANN will not impose global rules unless they are supported by consensus and necessary  to protection of the sound, secure
> operation of the dns.

Note that IANA is far more than just DNS, it is the operator of many other IETF registries 
including the IP address space registries and the other technical (not general-purpose) 
protocol parameter registries.  When you reference ICANN above, it appears to be "ICANN
in its DNS policy development capacity", as opposed to ICANN the IANA operator (or even
ICANN in its overall Internet identifier coordination role.)

I do see merit in those who directly utilize the IANA services (e.g. DNS root zone registry
operation and publication services) to group together and collectively contract for those 
services; that makes sense given the natural incentives that those directly affected have 
in making sure that the services are responsive, stable and secure.  The challenge I see 
is that some of the aspects of implementation of registry services can have indirect policy 
implications, and as such, even registry operations needs to be highly transparent, and open 
to input from all parties, even those not directly affected.   This means that taking a 
structural approach to providing IANA accountability via the "global customers and partners 
of the IANA services" is probably achievable, but needs to be very carefully thought out 
to make sure that it does not collectively have have the same risks regarding openness and 
accountability to the global community that a single organization "gone rogue" might pose.

Thanks!
/John

Disclaimer: My views alone (and fully accountable, foremost to my level of caffeine intake ;-)

More information about the discuss mailing list