Peering behind the veil of ICANN's DIDP (II)

Read the previous blog post here. Every DIDP request that ICANN has ever responded to can be accessed here.

The table here is a comprehensive breakdown of all the different DIDP requests that ICANN has responded to. This table is to be read with this document, which has a numbered list of the different non-disclosure exceptions outlined in ICANN’s policy. What I sought to scrutinize was the number of times ICANN has provided satisfactory information, the number of times it has denied information, and the grounds for the same. What we found was alarming:

1. Of a total of 91 requests (as of 13/10/2015), ICANN has fully and positively responded to only 11.
2. It has responded partially to 47 of 91 requests, with some amount of information (usually that which is available as public records).
3. It has not responded at all to 33 of 91 requests.
4. The Non-Disclosure Clause (1)^[1] has been invoked 17 times.
5. The Non-Disclosure Clause (2)^[2] has been invoked 39 times.
6. The Non-Disclosure Clause (3)^[3] has been invoked 31 times.
7. The Non-Disclosure Clause (4)^[4] has been invoked 5 times.
8. The Non-Disclosure Clause (5)^[5] has been invoked 34 times.
9. The Non-Disclosure Clause (6)^[6] has been invoked 35 times.
10. The Non-Disclosure Clause (7)^[7] has been invoked once.
11. The Non-Disclosure Clause (8)^[8] has been invoked 22 times.
12. The Non-Disclosure Clause (9)^[9] has been invoked 30 times.
13. The Non-Disclosure Clause (10)^[10] has been invoked 10 times.
14. The Non-Disclosure Clause (11)^[11] has been invoked 12 times.
15. The Non-Disclosure Clause (12)^[12] has been invoked 18 times.

This data is disturbing because it reveals that ICANN has in practice been able to deflect most requests for information. It regularly utilised its internal processes and discussions with stakeholders clauses, as well as clauses on protecting financial interests of third parties (over 50% of the total non-disclosure clauses ever invoked - see chart below) to do away with having to provide information on pertinent matters such as its compliance audits and reports of abuse to registrars. We believe that even if ICANN is a private entity legally, and not at the same level as a state, it nonetheless plays the role of regulating an enormous public good, namely the Internet. Therefore, there is a great onus on ICANN to be far more open about the information that they provide.

Finally, it is extremely disturbing that they have extended full disclosure to only 12% of the requests that they receive. An astonishing 88% of the requests have been denied, partly or otherwise. Therefore, it is clear that there is a failure on part of ICANN to uphold the transparency it claims to stand for, and this needs to be remedied at the earliest.

^[1] “Information provided by or to a government or international organization, or any form of recitation of such information, in the expectation that the information will be kept confidential and/or would or likely would materially prejudice ICANN's relationship with that party”

^[2] “Internal information that, if disclosed, would or would be likely to compromise the integrity of ICANN's deliberative and decision-making process by inhibiting the candid exchange of ideas and communications, including internal documents, memoranda, and other similar communications to or from ICANN Directors, ICANN Directors' Advisors, ICANN staff, ICANN consultants, ICANN contractors, and ICANN agents”

^[3] “Information exchanged, prepared for, or derived from the deliberative and decision-making process between ICANN, its constituents, and/or other entities with which ICANN cooperates that, if disclosed, would or would be likely to compromise the integrity of the deliberative and decision-making process between and among ICANN, its constituents, and/or other entities with which ICANN cooperates by inhibiting the candid exchange of ideas and communications”

^[4] “Personnel, medical, contractual, remuneration, and similar records relating to an individual's personal information, when the disclosure of such information would or likely would constitute an invasion of personal privacy, as well as proceedings of internal appeal mechanisms and investigations”

^[5] “Information provided to ICANN by a party that, if disclosed, would or would be likely to materially prejudice the commercial interests, financial interests, and/or competitive position of such party or was provided to ICANN pursuant to a nondisclosure agreement or nondisclosure provision within an agreement”

^[6] “Confidential business information and/or internal policies and procedures”

^[7] “Information that, if disclosed, would or would be likely to endanger the life, health, or safety of any individual or materially prejudice the administration of justice”

^[8] “Information subject to the attorney– client, attorney work product privilege, or any other applicable privilege, or disclosure of which might prejudice any internal, governmental, or legal investigation”

^[9] “Drafts of all correspondence, reports, documents, agreements, contracts, emails, or any other forms of communication”

^[10] “Information that relates in any way to the security and stability of the Internet, including the operation of the L Root or any changes, modifications, or additions to the root zone”

^[11] “Trade secrets and commercial and financial information not publicly disclosed by ICANN”

^[12] “Information requests: (i) which are not reasonable; (ii) which are excessive or overly burdensome; (iii) complying with which is not feasible; or (iv) are made with an abusive or vexatious purpose or by a vexatious or querulous individual”