We are anonymous, we are legion

DIDP Request #23 - ICANN does not Know how Diverse its Comment Section Is

asvatha — 2016-07-30T05:55:15Z

While researching ICANN and the IANA Stewardship Transition Coordination Group (ICG), we came across a diversity analysis report of a public comment section.

See ICG report here.

We requested ICANN for similar reports on the ICANN public comment section. The request filed by Padmini Baruah can be found here.

What ICANN said

ICANN stated that they do not conduct diversity analysis on their comment sections. This is a shame, given that the one from ICG was so informative, clear and concise. Instead they provided us with links to reports and analyses of the different topics that were up for comments and an annual report on public comments.

ICANN’s public comments section is one of the important ways in which different stakeholders and community members get involved with the organization. A diversity analysis of this section for different topics could help in informing the public about which parts of the world actually get involved in ICANN through this mechanism We suggest that ICANN make it a regular part of their report.

ICANN's response to our DIDP request may be found here.

https://www.ianacg.org/icg-files/documents/Public-Comment-Summary-final.pdf

For more details visit https://cis-india.org/internet-governance/blog/didp-request-23-icann-does-not-know-how-diverse-its-comment-section-is

DIDP Request #22 - Reconsideration Requests from Parties affected by ICANN Action

asvatha — 2016-07-30T03:52:01Z

According to ICANN by-laws, ICANN has the responsibility to answer to reconsideration requests filed by those directly affected by its actions.

See ICANN bye-laws here

The board governance committee must submit an annual report to the board containing the following information (paraphrased):

Number and nature of Reconsideration Requests received including an identification of whether they were dismissed, acted upon or are pending.
If pending, the length of time and explanation if they have been pending for more than 90 days.
Explanation of other mechanisms ICANN has made available to ensure its accountability to those directly affected by its actions.

CIS requested copies of documents containing all this information. The request filed by Padmini Baruah can be found here.

What ICANN said

ICANN surmised that all the information we sought can be found in their annual reports. ICANN linked us to those: https://www.icann.org/resources/pages/annual-reports-2012-02-25-en

ICANN's response to our DIDP request may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-22-reconsideration-requests-from-parties-affected-by-icann-action

DIDP Request #21 - ICANN’s Relationship with the RIRs

asvatha — 2016-07-30T03:42:36Z

At CIS, we wanted a clearer understanding of ICANN’s relationship with the 5 internet registries. The large amount contributed by the RIRs to ICANN’s funding lead us to question the nature of this relationship as well as the payment. We wrote to ICANN asking them for these details.

The request filed by Padmini Baruah can be found here.

What ICANN said

ICANN’s response linked us to the Memorandum of Understanding signed by ICANN and the Number Resource Organization (NRO) which represents the 5 RIRs. The MoU replaces the ones signed by ICANN and the individual RIRs. The response also links us to a series of letters written by the NRO to ICANN reaffirming their commitment to the MoU. Interestingly, the MoU does not mention anything about payments or monetary contributions.

In response to the second part of our request focusing on their financial relationship, ICANN gave us the same information as they did earlier. However, as pointed out in this post, that information is either incomplete or inaccurate. Further, they reject the idea that providing anything more than the audited financial reports is necessary for public benefit. According to them, “the burden of compiling the requested documentary information from 2000 to the present would require ICANN to expend a tremendous amount of time and resources.” Therefore, they classified our request as falling under this condition for non-disclosure:

“Information requests: (i) which are not reasonable; (ii) which are excessive or overly burdensome; (iii) complying with which is not feasible; or (iv) are made with an abusive or vexatious purpose or by a vexatious or querulous individual.”

We fail to see how an organization like ICANN does not already have its receipts and documentation in order. If they do, it would not be burdensome to publish them and if they don’t, well, that’s worrying for a lot of different reasons.

ICANN's response to our DIDP request may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-21-icann2019s-relationship-with-the-rirs

DIDP Request #20 - Is Presumptive Renewal of Verisign’s Contracts a Good Thing?

asvatha — 2016-07-30T02:01:59Z

ICANN’s contract agreements with different registries contain a presumptive renewal clause. Unless they voluntarily give up their rights or there is a material breach by the registry operator, their contract with ICANN will be automatically renewed.

See the base registry agreement here.

In light of this, we filed a request asking ICANN for documents that discuss the rationale behind including the presumptive renewal clause. We also asked them for documents specific to the renewal of Verisign (.com and .net domains) and PIR (.org) contracts. The request filed by Padmini Baruah can be found here.

What ICANN said

ICANN provided a surprisingly comprehensive response to our request. They provided documents in response to our request and stated the rationale that has been given for including a presumptive renewal clause. According to the response,

“Absent countervailing reasons, there is little public benefit, and some significant potential for disruption, in regular changes of a registry operator. In addition, a significant chance of losing the right to operate the registry after a short period creates adverse incentives to favor short term gain over long term investment.”

ICANN explains that the contracts have been drawn such that they balance the concerns above with the ability to replace a registry that doesn’t serve the community as it is obliged to do. The response also offers links to various documents substantiating this rationale.

We were provided an effective answer to our second question as well. ICANN’s response links us to various documents for the 2001, 2006 and 2012 renewals of Verisign’s contract for the .com domain. This includes a summary of the 2012 renewal, public comments for all three renewals and the proposed agreements.

For the .net domain, a presumptive renewal clause was not included in the 2001 Verisign contract which opened up the process to select an operator in 2005. ICANN chose to continue its relationship with Verisign and included the clause. The documents relevant to the 2011 renewal of the contracts have been provided.

After Verisign relinquished its rights over the .org domain in 2001, ICANN chose the Public Internet Society (PIR) to operate the domain. While there was no presumptive renewal clause in 2002, documents relevant to the 2006 and 2013 renewals have been provided.

ICANN's response to our DIDP request may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-20-is-presumptive-renewal-of-verisign2019s-contracts-a-good-thing

DIDP Request #19 - ICANN’s role in the Postponement of the IANA Transition

asvatha — 2016-07-29T16:37:04Z

In March 2014, the National Telecommunications and Information Agency (NTIA) of the United States government announced plans to shift the Internet Assigned Names and Numbers (IANA) functions from ICANN to the global multistakeholder community. The initial deadline set for this was September 2015.

See NTIA announcement here.

In August 2015, NTIA announced that it would not be technically possible to meet this deadline and extended it by a year. NTIA stated,

“Accordingly, in May we asked the groups developing the transition documents how long it would take to finish and implement their proposals. After factoring in time for public comment, U.S. Government evaluation and implementation of the proposals, the community estimated it could take until at least September 2016 to complete this process.”

In our DIDP request, we asked ICANN for all documents that it had submitted to NTIA that were relevant to the IANA transition and its postponement from the date of the initial announcement— March 14, 2015 to the date of the announcement of extension — August 17, 2015. We specifically requested the documents requested by NTIA in May 2015 as referenced by this blogpost.

The request filed by Padmini Baruah can be found here.

What ICANN said

ICANN’s response terms our request as “broadly worded” and assumes that our request is only related to documents about the extension of the deadline. It was not.

After NTIA’s announcement in 2014, ICANN launched a multi-stakeholder process and discussion at ICANN 49 in Singapore to facilitate the transition. The organizational structure of this process has been mapped out according to the different IANA functions that are being transitioned. Accordingly, we have the:

IANA Stewardship Transition Coordination Group (ICG)
Cross Community Working Group (CWG-Stewardship)
Consolidated RIR IANA Stewardship Proposal Team (CRISP TEAM)
IANAPLAN Working Group (IANAPLAN WG)
Cross-Community Working
Group (CCWG-Accountability)

In addressing our request, ICANN references this multi-stakeholder community overseeing the transition. According to the response document, the ICG, CWG-Stewardship, CRISP Team, IANAPLAN WG and the CCWG-Accountability submitted responses directly to the NTIA leaving the ICANN with no documents responsive to our request.

ICANN's response to our DIDP request may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-19-icann2019s-role-in-the-postponement-of-the-iana-transition

DIDP Request #18 - ICANN’s Internal Website will Stay Internal

asvatha — 2016-07-29T14:53:50Z

ICANN maintains an internal website accessible to staff and employees. We requested ICANN to provide us with a document with the contents of that website in the interest of transparency and accountability.

The request filed by Padmini Baruah can be found here. To no one’s surprise, not only did ICANN not have this document in “ICANN's possession, custody, or control,” even if it did it would be subject to DIDP conditions for non-disclosure.

ICANN's response to our DIDP request may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-18-icann2019s-internal-website-will-stay-internal

DIDP Request #17 - How ICANN Chooses their Contractual Compliance Auditors

asvatha — 2016-07-29T02:20:59Z

At a congressional hearing on internet governance and progress, then President of ICANN Fadi Chehadi indicated that the number of people working on compliance audits grew substantially—from 6 to 24 (we misquoted it as 25)— in the span of a few years.

It is clear to us at CIS that the people in charge of these compliance audits perform an important function at ICANN. To that effect, we requested information on the 24 individuals mentioned by Mr Chehadi as well as the third party auditors who perform this powerful watchdog function. More specifically, we requested documents calling for appointments of the auditors and copies of their contracts with ICANN.

The request filed by Padmini Baruah can be found here.

What ICANN said

In their response to the first part of our question, ICANN linked us to a webpage containing the names and titles of all employees working on contractual compliance. This page contains 26 names including the Contractual Compliance Risk and Audit Manager: https://www.icann.org/resources/pages/about-2014-10-10-en

ICANN also described the process of selecting KPMG as their third party auditor in detail. A pre-selection process shortlists 5 companies that fit the following criteria: knowledge of ICANN, global presence, size, expertise and reputation. Then, ICANN issues a targeted Request For Proposal (RFP) to these companies asking them for their audit proposals. After a question and answer session, a proposal analysis and rating the scorecards, a “cross-functional steering committee” decided to go with KPMG. While the process has been discussed transparently, our questions remain unanswered.

The RFP would qualify as the document requested by us in the second part of the question (i.e.) a “document that calls for appointments to the post of the contractual compliance auditor.” Unfortunately, ICANN has not published the RFP citing the DIDP Conditions for Non-disclosure. However, the timeline for the RFP and other details have been posted here after our DIDP request. In addition, the contract between KPMG and ICANN has also not been published.

ICANN's response to our DIDP request may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-17-how-icann-chooses-their-contractual-compliance-auditors

DIDP Request #16 - ICANN has no Documentation on Registrars’ “Abuse Contacts”

asvatha — 2016-07-29T02:11:52Z

Registrars on contract with ICANN are required to maintain an “abuse contact” - a 24/7 dedicated phone line and e-mail address to receive reports of abuse regarding the registered names sponsored by the registrar.

We wrote to ICANN requesting information on these abuse complaints received by registrars over the last year. We specifically wanted reports of illegal activity on the internet submitted to these abuse contacts as well as details on actions taken by registrars in response to these complaints.

The request filed by Padmini Baruah can be found here.

What ICANN said

Our request to ICANN very specifically dealt with reported illegal activities. However, in their response, ICANN first broadened it to abuse complaints and then failed to give a narrowed down list of even those complaints.

In their response, ICANN indicated that they do not store records of complaints made to the abuse contact. This is stored by the registrars and is available to ICANN only upon request. However, since ICANN is only obliged to publish documents it already has in its possession, we did not receive an answer to our first question.

As for the second item, ICANN gave a familiarly vague answer, linking us to the Contractual Compliance Complaints page with a list of all the breach notices that have been issued by ICANN to registrars. A breach notice is relevant to our request only if it is in response to an abuse complaint, and the abuse complaint specifically deals with illegal activity. Even discounting that, this is not a comprehensive list when you take into account that a breach notice is published only “if a formal contractual compliance enforcement process has been initiated relating to an abuse complaint and resulted in a breach.”[1] What about the rest of the complaints received by the registrar?

In addition, ICANN refused to publish any communication or documentation of ICANN requesting reports of illegal activity under the DIDP non-disclosure conditions.

ICANN's response to our DIDP request may be found here.

[1] See ICANN response here (Pg 4): https://www.icann.org/en/system/files/files/didp-response-20150901-4-cis-abuse-complaints-01oct15-en.pdf

For more details visit https://cis-india.org/internet-governance/blog/didp-request-16-icann-has-no-documentation-on-registrars2019-201cabuse-contacts201d

DIDP Request #15: What is going on between Verisign and ICANN?

asvatha — 2016-07-29T02:01:06Z

During a hearing of the House Committee on Energy and Commerce on “Internet Governance Progress After ICANN 53,” President and CEO of ICANN - Mr Fadi Chehade indicated that ICANN follows up with registries and registrars on receipt of any complaint against them about violations of their contract with ICANN.

At CIS, we believe that any exchange of dialogue or any outcome from ICANN acting on these complaints needs to be in the public domain. Thus, our 15th DIDP request to ICANN were for documents pertinent to Verisign’s contractual compliance and actions taken by ICANN stemming from any discrepancies of Verisign’s compliance with its ICANN contract.

The DIDP request filed by Padmini Baruah can be found here.

What ICANN said

After sorting through a response designed to obfuscate information, it was clear that ICANN was not going to provide any of the details we requested. As mentioned in their previous responses, individual audit reports and the names of the registries associated with discrepancies are confidential under the DIDP Defined Conditions of Nondisclosure. Nevertheless, some details from the response are worth mentioning.

According to the response, “As identified in Appendix B of the 2012 Contractual Compliance Year One Audit Program Report, the following TLDs were selected for auditing: DotAsia Organisation Limited (.ASIA), Telnic Limited (.TEL), Public Interest Registry (.ORG), Verisign (.NET), Afilias (.INFO), and Employ Media LLC (.JOBS).” The response goes on to state that out of these 6 registries that were selected, only 5 chose to participate in the audit, the identies of which are once again confidential.

However, on further examination, it can be seen that Verisign (.NET) was chosen to participate in the audit the year after as well. Therefore, it’s clear that 2013 was the year Verisign was audited. Unfortunately, that was pretty much all that was relevant to our request in ICANN’s response.

Once again, ICANN was able to use the DIDP Defined Conditions of Nondisclosure, especially the following conditions to allow itself the ability not to answer the public:

Information exchanged, prepared for, or derived from the deliberative and decision-making process between ICANN, its constituents, and/or other entities with which ICANN cooperates that, if disclosed, would or would be likely to compromise the integrity of the deliberative and decision-making process between and among ICANN, its constituents, and/or other entities with which ICANN cooperates by inhibiting the candid exchange of ideas and communications.
Information provided to ICANN by a party that, if disclosed, would or would be likely to materially prejudice the commercial interests, financial interests, and/or competitive position of such party or was provided to ICANN pursuant to a nondisclosure agreement or nondisclosure provision within an agreement.
Confidential business information and/or internal policies and procedures.[1]

ICANN’s response to our request can be found here.

[1] See DIDP https://www.icann.org/resources/pages/didp-2012-02-25-en

For more details visit https://cis-india.org/internet-governance/blog/didp-request-15-what-is-going-on-between-verisign-and-icann

Roundtable: Identifying and Limiting Hate Speech and Harassment Online

praskrishna — 2016-08-09T13:31:58Z

Japreet Grewal attended this event organized by Software Freedom Law Centre at Constitution Club Of India, Rafi Marg, New Delhi on July 28, 2016.

See the original report published by SFLC here.

SFLC.in organized a roundtable discussion on 28^th July, 2016 in New Delhi to initiate a focused and collaborative dialogue around the increasingly important issues of online harassment and hate speech. This roundtable was intended as the first in a series of discussions around said issues, and was attended by representatives from various stakeholder groups including intermediary platforms, civil society groups, and media houses, along with individuals who had personally experienced such online abuse & harassment. The core objective of this discussion was to recognize and understand the vast range of concerns that exist in this sphere, in an effort to develop a framework for the regulation of such activities, without stepping on the right to freedom of expression. The discussion was conducted under Chatham House rules so as to facilitate an uninhibited exchange of views.

Over the course of the event, the complex and multifaceted nature of its overarching theme unraveled, as the discussion moved from underlying social constructs, to responsibilities of intermediary platforms, adequacy of existing laws, sensitization of everyday users and effective handling of grievances by law enforcement agencies. At the very outset, it was highlighted that social media platforms, with their increasing popularity, are being considered centralized hubs for businesses and others. However, individuals, communities & institutions often find themselves at the receiving end of sustained abuse and threats either on grounds of their actual or perceived characteristics, or over their online expression. The dynamic discussion that ensued brought to light significant concerns that would require a collaborative effort across stakeholder groups to address. For the sake of clarity, we are categorizing these learnings under the following heads:

Conceptual understanding of online harassment and hate speech: It was discussed at length that hate speech and speech that culminates in harassment on the online sphere, are reflective of the social outlook of the country at large. Women were seen as more frequent targets of harassment in the form of rape threats, sexual remarks, and name calling, whereas men are mostly called out for their beliefs and opinions. When discussing hate speech relations, it was considered important to take note of the power dynamics at play amongst the stronger groups, and the vulnerable ones. Limiting such content gets specially complicated considering the apprehension that in an effort to monitor hate speech and harassment, free speech may get stifled. The paradox of anonymity being an enabler of free speech, as well the reason for unabashed harassment adds yet another layer of complexity to the issue. Moreover, it was felt that a nuanced distinction needed to be made regarding the systematic attacks by online mobs against a particular person, as opposed to hateful and/or harassing speech that engages on a one to one level. This all culminated in a realization that this issue goes beyond the online domain, into the societal mindset that is amplified on the Internet, and that the faint line between free speech, and hateful & harassing speech is very difficult to pin-point.
Role of intermediaries: It was the opinion of the representatives of intermediary platforms at the roundtable that the current legal frameworks in the country are sufficient to tackle this issue and they should operate in compliance with such laws. While the specific terms of service may differ in terms of permissible content depending on the type of service being provided by the intermediary, these platforms do invariably keep a check on the content being generated and evaluate them for compliance with the applicable terms of service. Additionally, platforms that have the option of users creating & generating their own content, give the user various tools such as block, filter, un-follow, and other customized options to moderate the content they receive. though the intermediaries, in their own words ‘ are not a delete squad, but a compliance team’, it was said that they ran the perpetual risk of either censoring content that should not have been censored, or not censoring enough of the content that should have been censored. This incentivizes them to exercise zero-tolerance policies in certain areas such as child sexual abuse or terrorism, and resort to immediate take down of content related to such themes. However, in spite of the sheer volume of material that is generated and reported, it was felt that a completely automated approach cannot be followed for filtering hateful and harassing content that violates terms of service Taking down content and expression requires processing various factors that determine the context of that material, and this calls for a subjective approach that requires a set of human eyes. Therefore, the intermediaries do have tools for users that protect them from hate and harassing speech, and they work with certain safety experts to ensure that the users feel safe while using their services.
Adequacy of legal frameworks: A distinction was drawn over the course of the discussion between hate speech as a social as opposed to a legal concept. For legal purposes, speech would not attract penalties until it incites a real threat of violence and civic disorder. However, the law is not sufficiently equipped to deal with speech that does not incite violence, but causes psychological damage. It was undisputed that the concerns in this area cannot be solved by creating more statutes. Going down this road could lead to the creation of a Section 66A equivalent that would lead to censorship through law and cause a chilling effect on freedom of expression. It was emphasized that the existing laws have adequate provisions, but a strict implementation is required.
Response from law enforcement agencies: An evaluation of this point led to the conclusion that people who are harassed online, or are the targets of hate speech, are hesitant to approach the police and law enforcement agencies for their help. There have been instances where the police is unable to help due to the limited application of laws in such cases, as mentioned above.
Possible remedies: As a part of this roundtable, SFLC.in had proposed a set of best practices aimed at limiting hateful and harassing content online. These were intended as self-regulatory measures that could be followed by intermediaries functioning as speech platforms, where users could create and publish content without pre-filtrations. Amongst the measures that was discussed extensively was the practice of promoting ‘counter speech’ on the platforms that are most frequently used to spread hateful propaganda and harassment. This was generally seen as an effective counter-measure deserving further exploration, and one of the intermediaries mentioned a project they were formulating on ‘counter radicalization’. However, concerns were raised with respect to the identification of areas that would benefit from counter speech, and its effectiveness with respect to mob attacks. Another unique approach suggested by the participants was to ‘vaccinate’ first time users by educating them about the enormity and complexity of the Internet, including intiation of such users to the idea that freedom of expression online often crosses over to hate speech and harassment. This would act as an initiation process to understand the working of the Internet and the prevalence of hateful and harassing content on its numerous speech platforms, so that first-time users are not discouraged from using the Internet merely due to the presence of negative content. An interesting suggestion for the platforms was to work towards a mechanism that is more offender centric, and facilitates the tracking of repeat offenders along with providing tools of blocking for users.

This roundtable served in exploring the many layers of hateful and harassing speech that runs across roles and responsibilities of various stakeholder groups and concerns that are deeply entrenched in our societal outlook. The increasing frequency and amount of such content on the Internet is an indication of the urgent need to collaborate and develop a framework for limiting such speech, while balancing the fundamental right to freedom of expression. We thank all the participants and appreciate their valuable contributions that facilitated a better understanding of the overall theme.

For more details visit https://cis-india.org/internet-governance/news/roundtable-identifying-and-limiting-hate-speech-and-harassment-online

DIDP Request #14: Keeping track of ICANN’s contracted parties: Registrars

asvatha — 2016-07-28T16:34:27Z

In September 2016, we filed two separate DIDP requests regarding ICANN’s Contractual Compliance Goals.

The first one which we have written about here,[1] was regarding ICANN contracts with registries while the second one about registrars is briefed below. In our second request, we specifically asked for the following information:

Copies of the registrar contractual compliance audit reports for all the audits carried out as well as external audit reports from the last year (2014-2015).
A generic template of the notice served by ICANN before conducting such an audit.
A list of the registrars to whom such notices were served in the last year.
An account of the expenditure incurred by ICANN in carrying out the audit process.
A list of the registrars that did not respond to the notice within a reasonable period of time.
Reports of the site visits conducted by ICANN to ascertain compliance.
Documents which identify the registrars who had committed material discrepancies in the terms of the contract.
Documents pertaining to the actions taken in the event that there was found to be some form of contractual non-compliance.
A copy of the registrar self-assessment form which is to be submitted to ICANN.

The DIDP request filed by Padmini Baruah can be viewed here.

What ICANN said

Information pertinent to item 1 and 3 can be found in the 2014 Contractual Compliance Annual Report here:https://www.icann.org/en/system/files/files/annual-2014-13feb15-en.pdf. While this report contains detailed information regarding the audit, individual audit reports are subject to the DIDP Defined Conditions for Nondisclosure.

ICANN provided a link to all the communication templates used during the audit process, including the notice served by ICANN prior to conducting audits. (Item 2) It can be found here: https://www.icann.org/en/system/files/files/audit-communication-template-04dec15-en.pdf. As mentioned in an earlier blog post, ICANN set aside USD 0.6 million for the Three Year Audit plan.[2] (item 4)

According to the Audit FAQ on ICANN website,[3] “If a contracted party reaches the enforcement phase per process, ICANN will issue a notice of breach in which the outstanding issues are noted. The response links us to the ICANN webpage where these breach notices are listed: https://www.icann.org/compliance/notices#notices-2014. (Item 5) According to the link, 61 registrars received breach notices in 2014; a full explanation has been provided for each notice. (Item 7 and 8) Since no site visits were conducted, ICANN does not possess any document regarding this.

According to the ICANN website, “The 2013 Registrar Accreditation Agreement (RAA) requires ICANN-accredited registrars to complete an annual self-assessment and provide ICANN with a compliance certification by 20 January.”[4] The form for the same can be found here: https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#compliance

ICANN’s response to our request can be found here.

[1] To be linked to the first post

[2] See FY15 budget (pg72): https://www.icann.org/en/system/files/files/adopted-opplan-budget-fy15-01dec14-en.pdf

[3] See Audit FAQ: https://www.icann.org/resources/pages/faqs-2012-10-31-en

[4] See CEO certification: https://www.icann.org/resources/pages/ceo-certification-2014-01-29-en

For more details visit https://cis-india.org/internet-governance/blog/didp-request-14-keeping-track-of-icann2019s-contracted-parties-registrars

DIDP Request #13: Keeping track of ICANN’s contracted parties: Registries

asvatha — 2016-07-28T15:40:01Z

On multiple occasions, Fadi Chehade, then President and CEO of ICANN has emphasized the importance of conducting audits (internal and external) to ensure compliance of ICANN’s contracted parties. At a US congressional hearing, he spoke about the contract monitoring function of ICANN.

In September 2015, we filed two separate DIDP requests regarding ICANN’s Contractual Compliance Goals. The first one, briefed below, is regarding the contracts with registries and the second one is regarding ICANN contracts with registrars. This post contains some additional background information on the Contractual Compliance Goals at ICANN. In our first request, we specifically asked for the following information:

Copies of the registry contractual compliance audit reports for all the audits carried out as well as external audit reports from the last year (2014-2015).
A generic template of the notice served by ICANN before conducting such an audit.
A list of the registries to whom such notices were served in the last year.
An account of the expenditure incurred by ICANN in carrying out the audit process.
A list of the registries that did not respond to the notice within a reasonable period of time.
Reports of the site visits conducted by ICANN to ascertain compliance.
Documents which identifies the registry operators who had committed material discrepancies in the terms of the contract.
Documents pertaining to the actions taken in the event that there was found to be some form of contractual non-compliance.

The DIDP request filed by Padmini Baruah can be viewed here.

What ICANN said

ICANN’s Contractual Compliance Goal is to ensure that all the parties that ICANN has entered into a contract with complies with the stipulations of the contract. This is done in several ways, including Contractual Compliance complaints and Audits.[1]

In 2012, ICANN initiated the Three Year Audit plan where one-third of registries were selected each year for an audit. In 2014, the third set of registries were audited. In response to Item 1, information about the audit for 2014 can be found here: https://www.icann.org/en/system/files/files/contractual-compliance-ra-audit-report-2014-03feb15-en.pdf. At this link, we can also find the list of registries that went through the audit process in 2014 (item 3). Monthly updates on overall contractual compliance can be found here: https://www.icann.org/resources/pages/update-2013-03-15-en.

ICANN linked us to all the communication templates used during the audit process, including the notice served by ICANN prior to conducting audits. (Item 2) It can be found here: https://www.icann.org/en/system/files/files/audit-communication-template-04dec15-en.pdf

In the operating plan and budget for FY15, ICANN sets aside USD 0.2 million for the New Registry Agreement Audit and USD 0.6 million for the Three Year Audit plan.[2]

Other documents to answer this question such as invoices from the external auditing firm are subject to non-disclosure under DIDP policies. Since all registries responded in a timely manner and no site visits were conducted, there are no documents to answer items 5 and 6.

The audit report linked above contains information on deficiencies identified during the audit. ICANN states that registries addressed these deficiencies during the remediation process. However, there is a caveat to this discussion. The names of the registries that are associated with these discrepancies remains confidential, subject to the DIDP Defined Conditions for Nondisclosure. (Item 7) ICANN goes on to state that it is not required to confirm if the registries have taken appropriate action and thus does not have any documents in response to item 8. While ICANN’s audit process seems thorough, does this last statement indicate a lack of enforcement mechanisms on ICANN’s part?

ICANN’s response to our request can be found here.

[1]. See Contractual Compliance website: https://www.icann.org/resources/pages/compliance-2012-02-25-en

[2]. See FY15 budget (pg72): https://www.icann.org/en/system/files/files/adopted-opplan-budget-fy15-01dec14-en.pdf

For more details visit https://cis-india.org/internet-governance/blog/didp-request-13-keeping-track-of-icann2019s-contracted-parties-registries

Facebook is censoring some posts on Indian Kashmir

praskrishna — 2016-07-28T03:03:53Z

Film makers, activists and journalists accused Facebook of blocking their accounts this week after they posted messages and images related to the violence in the trouble-torn province of Kashmir. In recent weeks, the India administered, Muslim-majority Kashmir state has been facing violence and curfews after protests erupted against the killing of a popular leader of a terrorist group.

The article by Rama Lakshmi was published by Washington Post on July 27. Sunil Abraham was quoted.

As people posted images, videos and stories about police violence and people injured by pellet wounds on Facebook, some discovered their accounts were disabled. On Monday, the account of Arif Ayaz Parrey, an editor with an environmental magazine in New Delhi, was disabled for more than a day. He administers the Facebook account of a discussion group called the Kashmir Solidarity Network, whose page was also removed.

“The Kashmir Solidarity page was started by a Kashmiri anthropology student in New York. This is not a hate forum, we share stories,” Parrey said. More than 47 people have died and hundreds injured in angry clashes between the police and protesters in Kashmir this month, the worst outbreak of bloody violence in six years in the region claimed by both India and neighboring Pakistan.

“Our Community Standards prohibit content that praises or supports terrorists, terrorist organizations or terrorism, and we remove it as soon as we’re made aware of it,” said a Facebook spokesman in India. “We welcome discussion on these subjects but any terrorist content has to be clearly put in a context which condemns these organizations or their violent activities.”India and the United States topped the list of governments that requestFacebook for details of accounts in the second half of 2015.

India has more than 340 million mobile Internet users and has the second largest number of Facebook users after the United States. The company is seeking to expand its footprint here by introducing a pared down version called “Free Basics.” But earlier this year, New Delhi shot it down, saying service providers cannot charge discriminatory prices for Internet users.

A journalist in Kashmir said that many who shared stories about a new band of militants and videos of police brutality have been blocked. “It looks more like Facebook censorship rather than something initiated by the government. Maybe they are trying to please the government proactively,” said Sunil Abraham, executive director of Center for Internet and Society. “Nevertheless it will have a chilling effect. You will think twice before exercising free speech on Facebook now.”

Ather Zia, a political commentator from Kashmir who teaches anthropology at the University of Northern Colorado, said after her account was disabled on Tuesday: "It is safe to assume creating awareness for Kashmir using social media or writing about the ground reality is under severe threat." Meanwhile, users struggled to restore their accounts on Wednesday as they uploaded new documents requested by the company.

“I use my Facebook account not as a personal page to tell people about my last haircut or last holiday. I use it for work, I share media stories about whatever bothers me in the universe,” said Sanjay Kak, a documentary film maker whose account was disabled Tuesday. “Nothing I shared can be considered inflammatory or incendiary.”

For more details visit https://cis-india.org/internet-governance/news/washington-post-july-27-2016-rama-lakshmi-facebook-is-censoring-some-posts-on-indian-kashmir

DIDP Request #9 - Exactly how involved is ICANN in the NETmundial Initiative?

asvatha — 2016-07-27T15:53:22Z

The importance and relevance of knowing ICANN’s involvement in the NETmundial Initiative cannot be overstated.

It was reported recently that ICANN contributed US$200,000 to the Initiative.[1] Following this report, we requested the details of all expenses incurred by ICANN for NMI till date. This includes formal contributions to NMI as well as costs incurred towards travel and accommodation of ICANN board and staff to meetings relevant to the NMI discussion.

Apart from these financial details, we also requested information regarding the number of staff working on NMI from ICANN and the hours clocked by them for the same. We further specified that we would like this information to gauge ICANN’s involvement beyond its technical mandate. The request filed by Geetha Hariharan can be found here.

What ICANN said

In its response, ICANN separated the questions in the request into two categories: a) Expenses incurred by ICANN towards the NETmundial Initiative and b) Other resources (personnel and hours) allocated to the Initiative by ICANN. The first category in the request includes: formal contribution to the NETmundial Initiative; travel costs of ICANN board and staff; and costs of maintenance of other sponsored parties. The second includes the number of staff involved in the NETmundial Initiative from ICANN and the number of hours spent working on it.

To answer both, the response directs us to the Memorandum of Collaboration (MOC)[2]signed by the Brazilian Internet Steering Committee (CGI.br), ICANN and the World Economic Forum (WEF) to set up the NETmundial Initiative according to the outcome document from the initial NETmundial meeting in Sao Paulo, Brazil.

Some of the important takeaways from the MOC that are relevant to our request are the following:

Each party to the MOC agrees to pay $201,667 towards operational expenses on signature of the agreement.
Total anticipated cost of the NETmundial Initiative is $605,000 (also mentioned in the response).
Each party will assign 1 staff member to the NETmundial Initiative secretariat during the inaugural period to smoothen the process. This staff member will commit at least 50% of their time towards Secretariat work.

This information is important but it does not provide a comprehensive answer to our query. It does not, for example, answer if ICANN contributed anything more than the $201,667 the MOC specifies. It also does not tell us if ICANN allotted any staff apart from the designated secretariat member to work on NETmundial Initiative.

Further, the response states that ICANN does not keep track of costs according to the number of hours or the topic but rather according to strategic objectives. Since ICANN is not required to create a document that does not already exist to answer a DIDP enquiry,[3] we have no way of knowing the specific amount of time or money spent on the NETmundial Initiative by ICANN. The response instead directs us to the financial presentation at ICANN50 where the costs of attending the NETmundial Meeting at Sao Paulo is detailed. While this is interesting (ICANN spent $1.5 million)[4] it is not a satisfactory answer to our question.

ICANN justifies its lack of direct answers by expressing that not only is the request “overbroad", it is also “subject to the following DIDP Condition of Nondisclosure: Information requests: (i) which are not reasonable; (ii) which are excessive or overly burdensome; and (iii) complying with which is not feasible.”[5]

ICANN's response to our DIDP request may be found here.

[1] See McCarthy, ‘I’m Begging You To Join’ – ICANN’s NETmundial Initiative gets desperate, THE REGISTER (12 December 2014), http://www.theregister.co.uk/2014/12/12/im begging you to join netmundial initiative gets d esperate/

[2] See MOC: https://www.netmundial.org/sites/default/files/MOC-%20CGI.br,%20ICANN%20&%20WEF.pdf

[3] See Disclosure Policy: https://www.icann.org/resources/pages/didp-2012-02-25-en

[4] See ICANN50 Finance Presentation (Pg 4): https://london50.icann.org/en/schedule/thu-finance/presentation-finance-26jun14-en

[5] See ICANN conditions for non-disclosure: https://www.icann.org/resources/pages/didp-2012-02-25-en

For more details visit https://cis-india.org/internet-governance/blog/didp-request-9-exactly-how-involved-is-icann-in-the-netmundial-initiative

DIDP Request #10 - ICANN does not know how much each RIR contributes to its Budget

asvatha — 2016-07-27T14:57:00Z

In an effort to understand the relationship between the Regional Internet Registries (RIRs) and ICANN, we requested current and historical information on the contract fees paid by the five RIRs (AfriNIC, ARIN, APNIC, LACNIC and RIPE NCC) to ICANN annually.

We acknowledged that the independently audited financial reports on ICANN’s website list the total amount from all RIRs as a lump sum.[1] However, we specifically sought a breakdown of these fees detailing contributions made by each RIR from 1999 to 2014. Not only will this information help understand the RIR-ICANN relationship, it will also be relevant to the IANA transition.

The request filed by Protyush Choudhury can be found here.

What ICANN said

According to ICANN’s response to our request, the five RIRs (AfriNIC, ARIN, APNIC, LACNIC and RIPE NCC) make a voluntary annual contribution to ICANN’s budget through the Number Resource Organization (NRO). [2] Since Financial Year 2000, this contribution has been made to ICANN as an aggregate amount without the kind of breakdown requested by us with the exception of FY03, FY04 and FY05. The breakdown of the contribution for those years is as below:

FY03: APNIC - $129,400; ARIN - $159,345; RIPE - $206,255
FY04: APNIC - $160,500; ARIN - $144,450; RIPE - $224,700; LACNIC - $5,350
FY05: APNIC - $220,976; ARIN - $218,507; RIPE - $358,086; LACNIC - $25,431

The response links back to the independent financial reports mentioned by us in the request. These reports can be found on the ICANN website here.

On closer examination of the audit reports of FY03, 04 and 05, it is clear that the information provided in their response is either incomplete or incorrect. According to KPMG’s audit report of FY03, the total contribution from Address Registries is US$535,000. The breakdown in the response adds up only to $494,600. The response does not account for the extra $40,400. If only APNIC, ARIN and RIPE contributed to ICANN in 2003, where did the other $40,400 come from? Moreover, why is it listed as an Address Registry Fee in the audit report if it was a voluntary contribution?[3]

The “Address Registry Fees” in the audit reports for FY04 and FY05 match the amounts in the response: $535,000 and $823,00 respectively. ICANN's response to our DIDP request may be found here.

For the reader’s reference, the audit reports for FY00 - FY14 are linked below:

[1] See audited financial reports: https://www.icann.org/resources/pages/governance/current-en

[2] See letter from NRO to ICANN: https://www.icann.org/en/system/files/files/akplogan-to-twomey-23mar09-en.pdf

[3]. See report for FY03 (pg 4): https://www.icann.org/en/system/files/files/financial-report-fye-30jun03-en.pdf

For more details visit https://cis-india.org/internet-governance/blog/didp-request-10-icann-does-not-know-how-much-each-rir-contributes-to-its-budget