[discuss] Transparency and Accountability vis-à-vis ICANN and the IANA functions

[John Curran]

On Apr 2, 2014, at 6:55 PM, George Sadowsky <george.sadowsky at gmail.com> wrote:

> So I am going to re-post a previous problem statement that got almost no traction earlier, in the hope that it may point more directly toward our goals.  If it gets no traction this time, I’ll understand that it’s not the right way to proceed.

Excellent idea.

> 	…. accountability TO someone or group FOR something
> 
> In other words, saying that someone is accountable, or not sufficiently accountable, by itself is relatively meaningless.  But if I can also state to whom the person is accountable, and precisely for what, then I have probably made a meaningful statement that can be comprehended and discussed.  Perhaps the more complete statement will allow me to also propose a metric by which the degree of adherence to accountability targets can be measured.

Agreed.

> HERE ARE SOME THINGS TO THINK ABOUT
> 
> What definition of the word ‘accountability’ best fits how we believe ICANN’s acceptability should be judged and measured, either for itself only, or for its post-transition stewardship of the IANA functions, or both?
> 
> In each case, specifically to WHOM would ICANN be accountable, and if the target of accountability is distributed, how would it be distributed?  In other words, if ‘A' is ICANN, who is ‘B’ in the above definition in red?
> 
> In each case, specifically for WHAT would ICANN be accountable?  How can the degree of accountability be measured, or is that not directly relevant?  In the context of the definition in red above, what are the set of 'actions and decisions' for which ICANN is accountable?
> 
> If we could get general agreement on the responses to the above questions, it might be possible to use this approach for an initial evaluation of any transition alternatives that are proposed.

George - 

My take on your questions is attached; note I actually had to back up somewhat 
to include background and a problem statement of larger scope than you may have
expected in order to be fully responsive. Also, note there are four significant 
outstanding questions included, at least one of which probably warrants its own
distinct problem statement.

For next steps (in no particular order), I would recommend - 

 - Refinement of this problem statement (and specifically with respect to scope)
 - Consensus development of the principles statement for the multi-stakeholder
   engagement model
 - Expedited effort on development of the problem statement regarding registry
   governance mechanisms to align services with customers
 
An interesting exercise; I hope you find the results useful in some manner.
(Feel free to edit, use, or discard as you see fit)

Enjoy!
/John

Disclaimer: My views alone.

=== Internet Identifier System Accountability Framework - Problem Statement

BACKGROUND -  

 The importance of the Internet to social and economic developments globally 
 is universally recognized and accepted.  This success of the Internet is  
 enabled by global coordination of the identifiers in its operation, and it
 is Internet identifier registry system that enables that global coordination.

 It is not possible to foresee all of the various manner in which the Internet 
 will affect the life of everyone globally in the coming years, and hence we 
 need to proactively adopt a set of principles that will insure that everyone 
 has an opportunity to understand and participate in the administration of the 
 underlying identifier system.

 All organizations with primary responsibilities in the Internet Identifier 
 system (including specifically ICANN, but also the RIRs and IETF) should be 
 accountable TO the public FOR operating the system in accordance with the 
 following overall principles of the multistakeholder engagement model - 

   – Open and Inclusive: Discussions are open to all and structured to encourage the broadest range of relevant inputs from all interested parties. Input provided is valued and heard by all. All documents are freely available online. Processes for public comment and remote participation are provided wherever feasible, and without requirements for participation other than decorum.
   – Consensus-based: Discussions allow for all views to be considered and addressed, leading towards common understanding and consensus among participants. Discussions are structured to avoid domination by any community of interest.
   – Transparent and Accountable: Processes for discussions and decision-making are documented, publicly available, and followed. Easily accessible records of decisions and the materials used for reaching those decisions are provided. Due process is provided to appeal decisions where processes were not followed.

 These principles for multistakeholder collaboration would be considered 
 applicable to all phases of the Internet identifier system, including:

    A) Internet protocol specification development
    B) Internet protocol parameter (i.e. identifier) registry specification
    C) Internet identifier registry policy development 
    D) Internet identifier registry policy implementation
    E) Internet identifier registry administration 
    F) Internet identifier registry operations/publication

 The principles should be applicable throughout the Internet identifier
 registry system activities, except during clearly identified processes 
 which require handling of sensitive or confidential information (e.g. 
 certain registry request processing, security key material, etc.)

PROBLEM STATEMENT -

 The actual problem statement is: How do we provide for the accountability 
 TO the public FOR the operation of the entire Internet identifier system
 per the principles of the multistakeholder engagement model?
   
DRAFT PROPOSAL - 
 
 Commitments must be obtained from each organization with primary
 responsibilities in the Internet Identifier system for operating 
 their portion of the system in accordance with principles of the 
 multistakeholder engagement model.

 Periodic and objective compliance assessments of each organizations
 Internet identifier operations need to be performed against the 
 principles of the multi-stakeholder engagement model. Significant or
 willful departure from the principles need to be documented, and the 
 organizations must review and respond regarding these findings.  Such 
 a periodic review process could be based on the present ICANN AoC/ATRT 
 processes,  and could involve numerous interested parties (including
 governments) who wish to participate in the review team process (and 
 of course, the review process itself would obviously have to operate 
 with maximal transparency and openness at all times, including 
 accepting input from any/all interested parties for consideration)

OPEN QUESTIONS - 

1. Would the IETF want to include periodic assessment of its own Internet 
   protocol specification development efforts in this commitment and review 
   process, or would it be more appropriate to only have it apply to the 
   Internet identifier registry phases (or even just the general-purpose 
   Internet identifier registry spaces, i.e. the DNS and IP address spaces)? 
   As the party which defines (and thus creates) the Internet identifier
   registry spaces via its protocol specification activities, the IETF has 
   a unique relationship to the Internet identifier system which should be
   made unambiguous as part of defining this accountability framework.

2. Is it sufficient to only seek and review ICANN and the RIRs regarding
   commitments to the multi-stakeholder principles for Internet Identifier 
   registry system or should any consideration be given to continuing the
   framework of commitment and reviews into the various DNS TLD policy 
   development and registry administration functions and/or the various 
   IP NIR/LIR/ISP address registry activities?  If it is not necessary, 
   then what precisely are the mechanisms or assumptions that provide 
   reassurance that it is not necessary, and that the global Internet 
   community will obtain the same benefits of the multi-stakeholder 
   engagement principles absent any explicit commitment or assessment?

3. Organizations in the Internet identifier system provide registry 
   services to subordinate registries in the system, thus defining 
   a set of customer relationships. Registry services must therefore 
   meet the needs and expectation of their customers, in an environment 
   where the customers have no meaningful alternative.  What governance
   mechanisms must exist to insure that the registries provide services
   with adequate performance, pricing, terms, and conditions to their
   customers, and how far down must these mechanisms exist? (this open
   question may warrant a distinct problem statement and consideration)

4. Does the scope of the periodic compliance review include the ability
   (if ever needed) to make an overall judgement of the suitability of 
   an organization in the Internet identifier system to perform its 
   registry duties?  It may be necessary to allow for such a finding
   (in addition to identification of departure from the principles) in
   order to provide a meaningful escalation for chronic insufficient
   performance. Can it be included in the scope of the review process,
   or would it also require development of clear consensus guidelines 
   regarding duration and magnitude of inadequate performance before 
   allowing such determinations to be made?  (In any case, it is 
   recommended that the initial scope of the problem statement for 
   developing this accountability framework end with the production 
   of the review process findings report.)

=== fini