Centre for Internet and Society

Peering behind the veil of ICANN's DIDP (II)

Padmini Baruah — 2015-10-15T03:14:18Z

In a previous blog post, I had introduced the concept of ICANN’s Documentary Information Disclosure Policy (“DIDP”) and their extremely vast grounds for non-disclosure. In this short post, I have made an analysis of every DIDP request that ICANN has ever responded to, to point out the flaws in their policy that need to be urgently remedied.

Read the previous blog post here. Every DIDP request that ICANN has ever responded to can be accessed here.

The table here is a comprehensive breakdown of all the different DIDP requests that ICANN has responded to. This table is to be read with this document, which has a numbered list of the different non-disclosure exceptions outlined in ICANN’s policy. What I sought to scrutinize was the number of times ICANN has provided satisfactory information, the number of times it has denied information, and the grounds for the same. What we found was alarming:

Of a total of 91 requests (as of 13/10/2015), ICANN has fully and positively responded to only 11.
It has responded partially to 47 of 91 requests, with some amount of information (usually that which is available as public records).
It has not responded at all to 33 of 91 requests.
The Non-Disclosure Clause (1)^{^[1]} has been invoked 17 times.
The Non-Disclosure Clause (2)^{^[2]} has been invoked 39 times.
The Non-Disclosure Clause (3)^{^[3]} has been invoked 31 times.
The Non-Disclosure Clause (4)^{^[4]} has been invoked 5 times.
The Non-Disclosure Clause (5)^{^[5]} has been invoked 34 times.
The Non-Disclosure Clause (6)^{^[6]} has been invoked 35 times.
The Non-Disclosure Clause (7)^{^[7]} has been invoked once.
The Non-Disclosure Clause (8)^{^[8]} has been invoked 22 times.
The Non-Disclosure Clause (9)^{^[9]} has been invoked 30 times.
The Non-Disclosure Clause (10)^{^[10]} has been invoked 10 times.
The Non-Disclosure Clause (11)^{^[11]} has been invoked 12 times.
The Non-Disclosure Clause (12)^{^[12]} has been invoked 18 times.

This data is disturbing because it reveals that ICANN has in practice been able to deflect most requests for information. It regularly utilised its internal processes and discussions with stakeholders clauses, as well as clauses on protecting financial interests of third parties (over 50% of the total non-disclosure clauses ever invoked - see chart below) to do away with having to provide information on pertinent matters such as its compliance audits and reports of abuse to registrars. We believe that even if ICANN is a private entity legally, and not at the same level as a state, it nonetheless plays the role of regulating an enormous public good, namely the Internet. Therefore, there is a great onus on ICANN to be far more open about the information that they provide.

Finally, it is extremely disturbing that they have extended full disclosure to only 12% of the requests that they receive. An astonishing 88% of the requests have been denied, partly or otherwise. Therefore, it is clear that there is a failure on part of ICANN to uphold the transparency it claims to stand for, and this needs to be remedied at the earliest.

^{^[1]} “Information provided by or to a government or international organization, or any form of recitation of such information, in the expectation that the information will be kept confidential and/or would or likely would materially prejudice ICANN's relationship with that party”

^{^[2]} “Internal information that, if disclosed, would or would be likely to compromise the integrity of ICANN's deliberative and decision-making process by inhibiting the candid exchange of ideas and communications, including internal documents, memoranda, and other similar communications to or from ICANN Directors, ICANN Directors' Advisors, ICANN staff, ICANN consultants, ICANN contractors, and ICANN agents”

^{^[3]} “Information exchanged, prepared for, or derived from the deliberative and decision-making process between ICANN, its constituents, and/or other entities with which ICANN cooperates that, if disclosed, would or would be likely to compromise the integrity of the deliberative and decision-making process between and among ICANN, its constituents, and/or other entities with which ICANN cooperates by inhibiting the candid exchange of ideas and communications”

^{^[4]} “Personnel, medical, contractual, remuneration, and similar records relating to an individual's personal information, when the disclosure of such information would or likely would constitute an invasion of personal privacy, as well as proceedings of internal appeal mechanisms and investigations”

^{^[5]} “Information provided to ICANN by a party that, if disclosed, would or would be likely to materially prejudice the commercial interests, financial interests, and/or competitive position of such party or was provided to ICANN pursuant to a nondisclosure agreement or nondisclosure provision within an agreement”

^{^[6]} “Confidential business information and/or internal policies and procedures”

^{^[7]} “Information that, if disclosed, would or would be likely to endanger the life, health, or safety of any individual or materially prejudice the administration of justice”

^{^[8]} “Information subject to the attorney– client, attorney work product privilege, or any other applicable privilege, or disclosure of which might prejudice any internal, governmental, or legal investigation”

^{^[9]} “Drafts of all correspondence, reports, documents, agreements, contracts, emails, or any other forms of communication”

^{^[10]} “Information that relates in any way to the security and stability of the Internet, including the operation of the L Root or any changes, modifications, or additions to the root zone”

^{^[11]} “Trade secrets and commercial and financial information not publicly disclosed by ICANN”

^{^[12]} “Information requests: (i) which are not reasonable; (ii) which are excessive or overly burdensome; (iii) complying with which is not feasible; or (iv) are made with an abusive or vexatious purpose or by a vexatious or querulous individual”

For more details visit https://cis-india.org/internet-governance/blog/peering-behind-the-veil-of-icanns-didp-ii

Do you agree with our fee hike? Press 1 to answer Yes; or 2 for Yes

praskrishna — 2015-10-01T15:28:37Z

It has long been a concern that domain-name overseer ICANN is largely funded by companies reliant on the organization to make money.

The article by Kieren McCarthy was published in the Register on September 29, 2015.

Every biz that wishes to sell domain names – called a registrar – has to pay the organization $4,000 a year, plus 18 cents on every domain they sell.

In addition, they have to pay a variable fee that comprises the money ICANN says it spends on registrar-related activities divided by the number of companies that are accredited. This year that cost was $3.8m and with roughly 1,150 companies, that's $3,300 a head.

The pricing structure provides California-based ICANN with just under $40m a year, more than a third of its total budget. But in order to make sure the non-profit organization doesn't abuse its market control to hike up its fees, each year the registrars have to formally approve the fee structure that the ICANN Board has adopted. And they do that through an online vote.

This year, some registrars are wondering whether the $3.8m spent by ICANN is a good deal for them.

"What do your ICANN fees get you?" ICANN asks itself in an email sent to all registrars. "In addition to helping cover the expenses associated with ICANN meetings and ICANN's day-to-day operations, your fees have allowed us to conduct regular outreach with registrars through 'roadshow' type training seminars, webinars, in-person events, and site visits."

Don't ask, don't tell

It's not clear how that money is spent nor on what, since ICANN continues to provide only the vaguest details over its budget, providing annual sums for "travel" and for "meetings" across the entire organization.

ICANN is also actively refusing to hand that information over, telling one outfit that formally asked for additional financial data that for it to do so would be "extremely time consuming and overly burdensome." That organization – the Centre for Internet and Society – is appealing that decision [PDF] to ICANN's Board with a decision made two days ago but still unpublished.

ICANN expenditure is increasing: in 2014 alone, its "travel" costs jumped by 85 per cent to $17m; its meetings budget nearly doubled from an average of $3.2m per public meeting in 2013 to $6m in 2014. But there is almost no information on where this money has been spent, and so far no explanation for why it spent $113m in 2014 with an income of just $84m.

What else is ICANN spending registrars' fees on? "We've recruited Registrar Services staff dedicated to serving Europe, the Middle East/Africa, and Asia and have already begun a series of (low-cost) micro-regional events in China, Japan, Singapore, and South Korea, with plans taking shape for events in Europe, Africa, the Middle East, and the Americas in the near future," we're told.

But existing registrars are wondering whether all these new staff and events are needed. Are there hundreds of new registrars entering the market? Are they in Asia?

Unfortunately, ICANN has stopped providing that kind of information. In 2009, under pressure to be more open about what was going on, the organization made big play of the fact it was going to produce statistics showing how many registrars there were, how big they were, and where they were based in a new "dashboard."

But those stats stopped being produced two years ago and the most recent data provided is from 2012.

Software and security

Where else do the millions of dollars from the companies that support ICANN go? "We're building up the 'GDD Portal'," says a note from ICANN's staff, "which will become a one-stop destination for all registrar resources at ICANN, and transitioning our customer relationship management software from RADAR to salesforce.com."

This is the same GDD Portal that ICANN had to shut down earlier this year because of a security breach. It had misconfigured out-the-box software and exposed every user's information, including financial projections, launch plans, and confidential exchanges, to every other user. Having at first claimed there was "no indication" that confidential information was exposed, it later admitted that it had in fact happened 330 times.

As for RADAR, it was specifically named in a report by Verisign as a security risk; this is one of the things on a "growing list of examples where ICANN's operational track record leaves much to be desired."

We're listening...

Finally, in explaining why the registrar fees are a good deal for the companies, ICANN's staff note: "Most importantly, we're doing our best to listen to you to ensure that our work is of real value to you."

Unfortunately that listening does not extend to hearing any complaints about the fees, or what they are spent on.

All registrars receive an email during the annual approval of the fees levied against them with a link to an online survey. Incredibly enough, however, they are only allowed to agree to the fees – there is no option to disagree. Or in fact do anything other than sign up for another year.

And what is ICANN's explanation for why the companies that provide it with over a third of its budget are not allowed to express anything but approval of the fees ICANN sets? Problems with the voting software:

The system is only able to accept affirmative expressions of approval. (A technical limitation in the voting software prevents us from knowing when we've reached the level of approval required if we offer both a 'yes, I approve,' and a 'no, I don't approve' option.) But if you have reservations about approving the budget or concerns you'd like addressed first, please let me know and I'll be happy to try to address those directly with you.

So despite charging the companies $3,500 each a year to run the systems that they use, ICANN has been unable to find voting software that is capable of accepting more than one answer. Money well spent.

For more details visit https://cis-india.org/internet-governance/news/the-register-september-29-2015-kieren-mccurthy-do-you-agree-with-our-fee-hike

Peering behind the veil of ICANN’s DIDP (I)

Padmini Baruah — 2015-10-15T02:42:14Z

One of the key elements of the process of enhancing democracy and furthering transparency in any institution which holds power is open access to information for all the stakeholders. This is critical to ensure that there is accountability for the actions of those in charge of a body which utilises public funds and carries out functions in the public interest.

As the body which “...coordinates the Internet Assigned Numbers Authority (IANA) functions, which are key technical services critical to the continued operations of the Internet's underlying address book, the Domain Name System (DNS)”^{^[1]}, the centrality of ICANN in regulating the Internet (a public good if there ever was one) makes it vital that ICANN’s decision-making processes, financial flows, and operations are open to public scrutiny. ICANN itself echoes the same belief, and upholds “...a proven commitment to accountability and transparency in all of its practices”^{^[2]}, which is captured in their By-Laws and Affirmation of Commitments. In furtherance of this, ICANN has created its own Documentary Information Disclosure Policy, where it promises to “...ensure that information contained in documents concerning ICANN's operational activities, and within ICANN's possession, custody, or control, is made available to the public unless there is a compelling reason for confidentiality.”^{^[3]}

ICANN has a vast array of documents that are already in the public domain, listed here. These include annual reports, budgets, registry reports, speeches, operating plans, correspondence, etc. However, their Documentary Information Disclosure Policy falls short of meeting international standards for information disclosure. In this piece, I have focused on an examination of their defined conditions for non-disclosure of information, which seem to undercut the entire process of transparency that the DIDP process aims towards upholding. The obvious comparison that comes to mind is with the right to information laws that governments the world over have enacted in furtherance of democracy. While ICANN cannot be equated to a democratically elected government, it nonetheless does exercise sufficient regulatory power of the functioning of the Internet for it to owe a similar degree of information to all the stakeholders in the internet community. In this piece, I have made an examination of ICANN’s conditions for non-disclosure, and compared it to the analogous exclusions in India’s Right to Information Act, 2005

ICANN’ꜱ Defined Conditions for Non-Disclosure versus Exclusions in Indian Law :

ICANN, in its DIDP policy identifies a lengthy list of conditions as being sufficient grounds for non-disclosure of information. One of the most important indicators of a strong transparency law is said to be minimum exclusions.^{^[4]} However, as seen from the table below, ICANN’s exclusions are extensive and vast, and this has been a barrier in the way of free flow of information. An analysis of their responses to various DIDP requests (available here) shows that the conditions for non-disclosure have been invoked in over 50 of the 85 requests responded to (as of 11.09.2015); i.e., over two-thirds of the requests that ICANN receives are subjected to the non-disclosure policies.

In contrast, an analysis of India’s Right to Information Act, considered to be among the better drafted transparency laws of the world, reveals a much narrower list of exclusions that come in the way of a citizen obtaining any kind of information sought. The table below compares the two lists:

No.	ICANN^{^[5]}	India	Analysis
1.	Information provided by or to a government or international organization which was to be kept confidential or would materially affect ICANN’s equation with the concerned body.	Information, disclosure of which would prejudicially affect the sovereignty and integrity of India, the security, "strategic, scientific or economic" interests of the State, relation with foreign State or lead to incitement of an offense^{^[6]}/ information received in confidence from foreign government^{^[7]}	The threshold for both the bodies is fairly similar for this exclusion.
2.	Internal (staff/Board) information that, if disclosed, would or would be likely to compromise the integrity of ICANN's deliberative and decision-making process	Cabinet papers including records of deliberations of the Council of Ministers, Secretaries and other officers, provided that such decisions the reasons thereof, and the material on the basis of which the decisions were taken shall be made public after the decision has been taken, and the matter is complete, or over (unless subject to these exemptions)^{^[8]}	The Indian law is far more transparent as it ultimately allows for the records of internal deliberation to be made public after the decision is taken.
3.	Information related to the deliberative and decision-making process between ICANN, its constituents, and/or other entities with which ICANN cooperates that, if disclosed, would or would be likely to compromise the integrity of the deliberative and decision-making process	No similar provision in Indian Law.	This is an additional restriction that ICANN introduces in addition to the one above, which in itself is quite broad.
4.	Records relating to an individual's personal information	Information which relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual (but it is also provided that the information which cannot be denied to the Parliament or a State Legislature shall not be denied by this exemption);^{^[9]}	Again, the Indian law contains a proviso for information with “relationship to any public activity or interest”
5.	Proceedings of internal appeal mechanisms and investigations.	Information which has been expressly forbidden to be published by any court of law or tribunal or the disclosure of which may constitute contempt of court;^{^[10]}	While ICANN prohibits the disclosure of all proceedings, in India, the exemption is only to the limited extent of information that the court prohibits from being made public.
6.	Information provided to ICANN by a party that, if disclosed, would or would be likely to materially prejudice the commercial interests, financial interests, and/or competitive position of such party or was provided to ICANN pursuant to a nondisclosure agreement or nondisclosure provision within an agreement.	Information including commercial confidence, trade secrets or intellectual property, the disclosure of which would harm the competitive position of a third party, unless the competent authority is satisfied that larger public interest warrants the disclosure of such information;^{^[11]}	This is fairly similar for both lists.
7.	Confidential business information and/or internal policies and procedures.	No similar provision in Indian Law. This is encapsulated in the abovementioned provision	This is fairly similar in both lists.
8.	Information that, if disclosed, would or would be likely to endanger the life, health, or safety of any individual or materially prejudice the administration of justice.	Information, the disclosure of which would endanger the life or physical safety of any person or identify the source of information or assistance given in confidence for law enforcement or security purposes;^{^[12]}	This is fairly similar for both lists.
9.	Information subject to any kind of privilege, which might prejudice any investigation	Information, the disclosure of which would cause a breach of privilege of Parliament or the State Legislature^{^[13]}/Information which would impede the process of investigation or apprehension or prosecution of offenders;^{^[14]}	This is fairly similar in both lists.
10.	Drafts of all correspondence, reports, documents, agreements, contracts, emails, or any other forms of communication.	No similar provision in Indian Law	This exclusion is not present in Indian law, and it is extremely broadly worded, coming in the way of full transparency.
11.	Information that relates in any way to the security and stability of the Internet	No similar provision in Indian Law	This is perhaps necessary to ICANN’s role as the IANA Functions Operator. However, given the large public interest in this matter, there should be some proviso to make information in this regard available to the public as well.
12.	Trade secrets and commercial and financial information not publicly disclosed by ICANN.	Information including commercial confidence, trade secrets or intellectual property, the disclosure of which would harm the competitive position of a third party, unless the competent authority is satisfied that larger public interest warrants the disclosure of such information;^{^[15]}	This is fairly similar in both cases.
13.	Information requests: ● which are not reasonable; ● which are excessive or overly burdensome ● complying with which is not feasible ● which are made with an abusive or vexatious purpose or by a vexatious or querulous individual.	No similar provision in Indian Law	Of all the DIDP exclusions, this is the one which is most loosely worded. The terms in this clause are not clearly defined, and it can effectively be used to deflect any request sought from ICANN because of its extreme subjectivity. What amounts to ‘reasonable’? Whom is the process going to ‘burden’? What lens does ICANN use to define a ‘vexatious’ purpose? Where do we look for answers?
14.	No similar provision in ICANN’s DIDP.	Information available to a person in his fiduciary relationship, unless the competent authority is satisfied that the larger public interest warrants the disclosure of such information;^{^[16]}	-
15.	No similar provision in ICANN’s DIDP.	Information which providing access to would involve an infringement of copyright subsisting in a person other than the State.^{^[17]}	-

Thus, the net cast by the DIDP exclusions policy is more vast than even than that of a democratic state’s transparency law. Clearly, the exclusions above have effectively allowed ICANN to dodge answers to most of the requests floating its way. One can only hope that ICANN realises that these exclusions come in the way of the transparency that they are so committed to, and does away with this unreasonably wide range on the road to the IANA Transition.

^{^[1]} https://www.icann.org/resources/pages/welcome-2012-02-25-en

^{^[2]} https://www.icann.org/resources/accountability

^{^[3]} https://www.icann.org/resources/pages/didp-2012-02-25-en

^{^[4]} Shekhar Singh, India: Grassroot Initiatives in Tʜᴇ Rɪɢʜᴛ ᴛᴏ Kɴᴏᴡ 19, 44 (Ann Florin ed., 2007)

^{^[5]} In a proviso, ICANN’s DIDP states that all these exemptions can be overridden if the larger public interest is higher. However, this has not yet been reflected in their responses to any DIDP requests.

^{^[6]} Section 8(1)(a), Right to Information Act, 2005.

^{^[7]} Section 8(1)(f), Right to Information Act, 2005.

^{^[8]} Section 8(1)(i), Right to Information Act, 2005.

^{^[9]} Section 8(1)(j), Right to Information Act, 2005.

^{^[10]} Section 8(1)(b), Right to Information Act, 2005.

^{^[11]} Section (1)(d), Right to Information Act, 2005

^{^[12]} Section 8(1)(g), Right to Information Act, 2005.

^{^[13]} Section 8(1)(c), Right to Information Act, 2005.

^{^[14]} Section 8(1)(h), Right to Information Act, 2005.

^{^[15]} Section (1)(d), Right to Information Act, 2005

^{^[16]} Section 8(1)(e), Right to Information Act, 2005.

^{^[17]} Section 9, Right to Information Act, 2005.

For more details visit https://cis-india.org/internet-governance/blog/peering-behind-the-veil-of-icann2019s-didp

DIDP Request #12: Revenues

Aditya Garg — 2015-09-14T15:32:37Z

The Centre for Internet & Society (CIS) sought information from ICANN on their revenue streams by sending them a second request under their Documentary Information Disclosure Policy. This request and their response have been described in this blog post.

CIS Request

22 July 2015

To:

Mr. Cherine Chalaby, Chair, Finance Committee of the Board

Mr. Xavier Calvez, Chief Financial Officer

Mr. Samiran Gupta, ICANN India

All other members of Staff involved in accounting and financial tasks

Sub: Raw data with respect to granular income/revenue statements of ICANN from 1999-2011

We would like to thank ICAN for their prompt response to our earlier requests. We appreciate that the granular Revenue Details for FY14 have been posted online.[1] We also appreciate that a similar document has been posted for FY13.[2]

And we hope that one for FY12 would be posted soon, as noted by you in your Response to our Request No. 20141222-1.[3]

As also noted by you in the same request, similar reports cannot be prepared for FY99 to FY11 since “[i]t would be extremely time consuming and overly burdensome to cull through the raw data in order to compile the reports for the prior years”.[4]

Additionally, it was also mentioned that the “relevant information is available in other public available documents”.[5]

Hence, we would like to request for the raw data for years FY99 to FY11, for our research on accountability and transparency mechanisms in Internet governance, specifically of ICANN. Additionally, we would also like to request for the links to such public documents where the information is available.

We look forward to the receipt of this information within the stipulated period of 30 days. Please feel free to contact us in the event of any doubts regarding our queries.
Thank you very much.
Warm regards,
Aditya Garg,
I Year, National Law University, Delhi
For Centre for Internet & Society
W: http://cis-india.org

ICANN Response

ICANN referred to our earlier DIDP request (see here) where we had sought for a detailed report of their granular income and revenue statements from 1999-2014. They refused to disclose the data on grounds that it would be ‘time consuming’ and ‘overly burdensome’, which is a ground for refusal as per their exceptions to disclosure.

Our request may be found here, and their response is linked to here.

[1]. See FY14 Revenue Detail By Source, https://www.icann.org/en/system/files/files/fy2014-revenue-source-01may15-en.pdf.

[2]. See FY13 Revenue Detail By Source, https://www.icann.org/en/system/files/files/fy2013-revenue-source-01may15-en.pdf

[3]. See Response to Documentary Information Disclosure Policy Request No. 20141222-1, https://www.icann.org/en/system/files/files/cis-response-21jan15-en.pdf.

[4]. Id

[5]. See Response to Documentary Information Disclosure Policy Request No. 20141222-1, https://www.icann.org/en/system/files/files/cis-response-21jan15-en.pdf.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-12-revenues

DIDP Request #11: NETmundial Principles

Aditya Garg — 2015-09-14T15:08:40Z

The Centre for Internet & Society (CIS) followed up on the implementation of the NETmundial Principles that ICANN has been endorsing by sending them a second request under their Documentary Information Disclosure Policy. This request and their response have been described in this blog post.

22 July 2015

To:

Mr. Fadi Chehade, CEO and President

Mr. Steve Crocker, Chairman of the Board

Mr. Cherine Chalaby, Chair, Finance Committee of the Board

Mr. Xavier Calvez, Chief Financial Officer

Sub: Details of documents within ICANN regarding implementation of NETmundial Principles and documents modified within ICANN as a result of the same

It is our understanding that ICANN is one of the founding members of the NETmundial Initiative. And hence, it has been credited in the public forum for championing the Initiative.[1]

Mr. Fadi Chehade, CEO and President of ICANN, has maintained that it is time for the global community to act and implement the Principles set forth in the initiative.[2]

ICANN itself, in response to one of our earlier requests, has acknowledged that "NETmundial Principles are high-level statements that permeate through the work of any entity –particularly a multistakeholder entity like ICANN."[3]

We, therefore, request for all existing documents within ICANN which represent its efforts to implement the NETmundial Principles within its working. Additionally, we would also want to request for all the documents which were modified as the result of ICANN’s support of the NETmundial Initiave, highlighting the modification so made.

We look forward to the receipt of this information within the stipulated period of 30 days. Please feel free to contact us in the event of any doubts regarding our queries.

Thank you very much.

Warm regards,
Aditya Garg,
1st Year, National Law University, Delhi for Centre for Internet & Society

ICANN Response

ICANN in their response pointed to an earlier DIDP request that we had sent in, and they replied along the same lines. They brought to our attention that ICANN was not responsible for the implementation of the NETMundial Principles, despite it being one of the founding members of the Initiative. They reiterated their earlier statement of ICANN not being the “…home for implementation of the NETmundial Principles or the evolution of multistakeholder participation in Internet governance.” They have failed to provide us with documentary proof of the implementation of these principles, and have only pointed to statements which indicate a potential prospective adoption of said the initiative [4]; the responses have been near identical to those for the earlier DIDP request, which you can find here.

Further, ICANN claims that the information we seek falls within the scope of the exceptions to disclosure they lay down, as it is not within their operational activities, an explanation that fails to satisfy us. As always, they have used the wide scope of their non-disclosure policy to avoid providing us with the requisite information.

The request can be found here, and ICANN’s response has been linked here.

[1]. See McCarthy, I’m Begging You To Join, The Register (12 December 2014), http://www.theregister.co.uk/2014/12/12/im_begging_you_to_join_netmundial_initiative_gets_desperate/

[2]. See NETmundial Initiative Goes Live, Gobal Internet Community Invited to Participate (Press Release), https://www.netmundial.org/press-release-1

[3]. See Response to Documentary Information Disclosure Policy Request No. 20141228-1-NETmundial, https://www.icann.org/en/system/files/files/cis-netmundial-response-27jan15-en.pdf

[4]. Such as Objective 4.3 of their Strategic Five Year Plan. “Demonstrate leadership by implementing best practices in multistakeholder mechanisms within the distributed Internet governance ecosystem while encouraging all stakeholders to implement the principles endorsed at NETmundial” at https://www.icann.org/en/system/files/files/strategic-plan-2016-2020-10oct14-en.pdf

For more details visit https://cis-india.org/internet-governance/blog/didp-request-11-netmundial-principles

CIS Submission on CCWG-Accountability 2nd Draft Proposal on Work Stream 1 Recommendations

pranesh — 2015-11-23T14:58:58Z

The Centre for Internet & Society (CIS) submitted the below to ICANN's CCWG-Accountability.

The CCWG Accountability proposal is longer than many countries' constitutions. Given that, we will keep our comments brief, addressing a very limited set of the issues in very broad terms.

Human Rights

ICANN is unique in many ways. It is a global regulator that has powers of taxation to fund its own operation. ICANN is not a mere corporation. For such a regulator, ensuring fair process (what is often referred to as "natural justice") as well as substantive human rights (such as the freedom of expression, right against discrimination, right to privacy, and cultural diversity), are important. Given this, the narrow framing of "free expression and the free flow of information" in Option 1, we believe Option 2 is preferable.

Diversity

We are glad that diversity is being recognized as an important principle. As we noted during the open floor session at ICANN49: [We are] extremely concerned about the accountability of ICANN to the global community. Due to various decisions made by the US government relating to ICANN's birth, ICANN has had a troubled history with legitimacy. While it has managed to gain and retain the confidence of the technical community, it still lacks political legitimacy due to its history. The NTIA's decision has presented us an opportunity to correct this.

However, ICANN can't hope to do so without going beyond the current ICANN community, which while nominally being 'multistakeholder' and open to all, grossly under-represents those parts of the world that aren't North America and Western Europe.

Of the 1010 ICANN-accredited registrars, 624 are from the United States, and 7 from the 54 countries of Africa. In a session yesterday, a large number of the policies that favour entrenched incumbents from richer countries were discussed. But without adequate representation from poorer countries, and adequate representation from the rest of the world's Internet population, there is no hope of changing these policies.

This is true not just of the business sector, but of all the 'stakeholders' that are part of global Internet policymaking, whether they follow the ICANN multistakeholder model or another. A look at the board members of the Internet Architecture Board, for instance, would reveal how skewed the technical community can be, whether in terms of geographic or gender diversity.

Without greater diversity within the global Internet policymaking communities, there is no hope of equity, respect for human rights — civil, political, cultural, social and economic — and democratic functioning, no matter how 'open' the processes seem to be, and no hope of ICANN accountability either.

Meanwhile, there are those who are concerned that diversity should not prevail over skill and experience. Those who have the greatest skill and experience will be those who are insiders in the ICANN system. To believe that being an insider in the ICANN system ought to be privileged over diversity is wrong. A call for diversity isn't just political correctness. It is essential for legitimacy of ICANN as a globally-representative body, and not just one where the developed world (primarily US-based persons) makes policies for the whole globe, which is what it has so far been. Of course, this cannot be corrected overnight, but it is crucial that this be a central focus of the accountability initiative.

Jurisdiction, Membership Models and Voting Rights

The Sole-Member Community Mechanism (SMCM) that has been proposed seems in large part the best manner provided under Californian law relating to public benefit corporations of dealing with accountability issues, and is the lynchpin of the whole accountability mechanism under workstream.

However, the jurisdictional analysis laid down in 11.3 will only be completed post-transition, as part of workstream. Thus the SMCM may not necessarily be the best model under a different legal jurisdiction. It would be useful to discuss the dependency between these more clearly. In this vein, it is essential that the Article XVIII Section 1 not be designated a fundamental bylaw. Further, it would be useful to add that for some limited aspects of the transition (such as IANA functioning), ICANN should seek to enter into a host country agreement to provide legal immunity, thus providing a qualification to para 125 ("ICANN accountability requires compliance with applicable legislation, in jurisdictions where it operates.") since the IANA functions operator ought not be forced by a country not to honour requests made by, for example, North Korea.

It should also be noted that accountability needs independence, which may be of two kinds: independence of financial source, and independence of appointment. From what one could gather from the CCWG proposal, the Independent Review Panel will be funded by the budget the ICANN Board prepares, while the appointment process is still unclear.

One of the most important accountability mechanisms with regard to the IANA functions is that of changing the IANA Functions Operator. As per the CWG Stewardship's current proposal, the "Post-Transition IANA" won't be an entity that is independent of ICANN. If the PTI's governance is permanently made part of ICANN's fundamental bylaws (as an affiliate controlled by ICANN), how is it proposed that the IFO be moved from PTI to some other entity if the IANA Functions Review Team so decides? Additionally, for such an important function, the composition of the IFRT should not be left unspecified.

While it is welcome that a separation is proposed between the IANA budget and budget for rest of ICANN's functioning, the current discussion around budgets seems to be based on the assumption that all IANA functions will be funded by ICANN, whereas if the IANA functions are separated, each community might fund it separately. That provides two levels of insulation to IANA functions operator(s): separate sources of operational revenue, as well as separate budgets within ICANN.

It should be noted that there have been some responses that express concern about the shifting of existing power structures within ICANN through some of the proposed alternative voting allocations in the SMCM. However, rather than present arguments as to why these shifts would be beneficial or harmful for ICANN's overall accountability, these responses seem to assume that shift from the current power structures are harmful. This is an unfounded assumption and cannot be a valid reason, nor can speculation of how the United States Congress will behave be a valid reason for rejecting an otherwise valid proposal. If there are harms, they ought to be clearly articulated: shifts from the status quo and fear of the US Congress aren't valid harms. Thus, while it is important to consider how different voting rights models might change the status quo while arriving at any judgments, that cannot be the sole criterion for judgment of its merits. Further, as the French government notes:

[T]he French Government still considers that linking Stress Test 18 to a risk of capture of ICANN by governments and NTIA’s requirement that no “government-led or intergovernmental organization solution would be acceptable”, makes no sense. . . . Logically, the risk of capture of ICANN by governments in the future is as low as it is now and in any case, it cannot lead to a “government-led or intergovernmental organization solution”.

While dealing with the question of relative voting proportions, the community must remembered that not all parts of the world are equally developed with regard to the domain name industry and with respect to civil society as those countries in North America, Western Europe, and other developed nations, and thus may not find adequate representation via the SOs. In many parts of the world, civil society organizations — especially those focussed on Internet governance and domain name policies — are non-existent. Thus a system that privileges the SOs to the exclusion of other components of a multistakeholder governance model would not be representative or diverse. A multistakeholder model cannot disproportionately represent business interests over all other interests.

In this regard, the comments of former ICANN Chairperson, Rod Beckstrom, at ICANN43 ought to be recalled:

ICANN must be able to act for the public good while placing commercial and financial interests in the appropriate context . . . How can it do this if all top leadership is from the very domain name industry it is supposed to coordinate independently?

As Kieren McCarthy points out about ICANN:

The Board does have too many conflicted members
The NomCom is full of conflicts
There are not enough independent voices within the organization

Reforms in these ought to be as crucial to accountability as the membership model.

The current mechanisms for ensuring transparency, such as the DIDP process, are wholly inadequate. We have summarized our experience with the DIDP process, and how often we were denied information on baseless grounds in this table.

For more details visit https://cis-india.org/internet-governance/blog/cis-submission-on-ccwg-accountability-2nd-draft-proposal-on-work-stream-1-recommendations

IANA Transition Stewardship & ICANN Accountability (II)

jyoti — 2015-07-31T15:47:20Z

This paper is the second in a multi-part series, in which we provide an overview of submitted proposals and highlight areas of concern that will need attention moving forward. The series is a work in progress and will be updated as the processes move forward. It is up for public comments and we welcome your feedback.

The discussions and the processes established for transition plan have moved rapidly, though not fast enough—given the complicated legal and technical undertaking it is. ICG will be considering the submitted proposals and moving forward on consultations and recommendations for pending proposals. ICANN53 saw a lot of discussion on the implementation of the proposals from the numbers and protocols community, while the CWG addressed the questions related to the 2^nd draft of the names community proposal. The Protocol Parameters (IANA PLAN Working Group) submitted to ICG on 6 January 2015, while the Numbering Resources (CRISP Team) submitted on 15 January 2015. The Domain Names (CWG-Stewardship) submitted its second draft to ICG on 25 June 2015. The ICG had a face-to-face meeting in Buenos Aires and their proposal to transition the stewardship of the IANA functions is expected to be out for public comment July 31 to September 8, 2015. Parallelly, the CCWG on Enhancing ICANN Accountability offered its first set of proposals for public comment in June 2015 and organised two working sessions at ICANN'53. More recently, the CCWG met in Paris focusing on the proposed community empowerment mechanisms, emerging concerns and progress on issues so far.

Number and Protocols Proposals

The numbering and the protocol communities have developed and approved their plans for the transition. Both communities are proposing a direct contractual relationship with ICANN, in which they have the ability to end the contract on their terms. The termination clause has seen push back from ICANN and teams involved in the negotiations have revealed that ICANN has verbally represented that they will reject any proposed agreement in which ICANN is not deemed the sole source prime contractor for IANA functions in perpetuity.[1] The emerging contentious negotiations on the issue of separability i.e., the ability to change to a different IANA functions operator, is an important issue.[2] As Milton Mueller points out, ICANN seems to be using these contract negotiations to undo the HYPERLINK "http://www.internetgovernance.org/2015/04/28/icann-wants-an-iana-functions-monopoly-and-its-willing-to-wreck-the-transition-process-to-get-it/#comment-40045"community process and that ICANN’s staff members are viewing themselves, rather than the formal IANA transition process shepherded by the ICG, as the final authority on the transition.[3] The attempts of ICANN Staff to influence or veto ideas regarding what solutions will be acceptable to NTIA and the Congress goes beyond its mandate to facilitate the transition dialogue. The ARIN meeting[4] and the process of updating MoU with IETF which mandates supplementary SLAs[5] are examples of ICANN leveraging its status as the incumbent IANA functions operator, with which all three operational communities must negotiate, to ensure that the outcome of the IANA transition process does not threaten its control.

Names Proposal

Recently, the CWG working on recommendations for the names related functions provided an improved 2nd draft of their earlier complex proposal which attempts to resolve the internal-external debate with a middle ground, with the creation of Post-Transition IANA (PTI). PTI a subsidiary/affiliate of the current contract-holder, ICANN, will be created and handed the IANA contract and its related technology and staff. Therefore, ICANN takes on the role of the contracting authority and PTI as the contracted party will perform the names-related IANA functions. Importantly, under the new proposal CWG has done away altogether with the requirement of “authorisation” to root zone changes and the reasons for this decision have not been provided. The proposal also calls for creation of a Customer Standing Committee (CSC) to continuously monitor the performance of IANA and creation a periodic review process, rooted in the community, with the ability to recommend ICANN relinquishing its role in names-related IANA functions, if necessary. A key concern area is the external oversight mechanism Multistakeholder Review Team– has been done away with. This is a significant departure from the version placed for public comment in December 2014. It is expected that clarification will be sought from the CWG on how it has factored in inputs from the first round of public comments.

Consensus around the CWG 2nd Draft

There is a growing consensus around the model proposed—the numbers community has commented on the proposal that it does "not foresee any incompatibility between the CWG's proposal”.[6] On the IANA PLAN list, members of the protocols community have also expressed willingness to accept the new arrangement to keep all the IANA functions together in PTI during the transition and view this as merely a reorganization.[7] However, acceptance of the proposal is pending till clarification related to how the PTI will be set up and its legal standing and scope are provided.

Structure of PTI

Presently, two corporate forms are being considered for the PTI, a nonprofit public benefit corporation (PBC) or a limited liability corporation (LLC), with a single member, ICANN, at its outset. Milton Mueller has advocated for the incorporation of PTI as a PBC rather than as a LLC, with its board composed of a mix of insiders and outsiders.[8] He is of the view that LLC form makes the implementation of PTI much more complex and risky as the CWG would need to debate mechanisms of control for the PTI as part of the transition process. The choice of structure is important as it will define the limitations and responsibilities that will be placed on the PTI Board—an important and necessary accountability mechanism.

Broadly, the division of views is around selection of the Board Members that is if they should be chosen either by IANA's customers or representative groups within ICANN or solely by the Board. The degree of autonomy which the PTI has given the existing ICANN structure is also a key developing question. Debate on autonomy of PTI are broadly centered around two distinct views of PTI being incorporated in a different country, to prevent ICANN from slowly subsuming the organization. The other view endorsed by ICANN states that a high degree of autonomy risks creates additional bureaucracy and process for no discernible improvement in actual services.

Functional Separability

Under the CWG-Stewardship draft proposal, ICANN would assume the role currently fulfilled by NTIA (overseeing the IANA function), while PTI would assume the role currently played by ICANN (the IANA functions operator). A divisive area here is that the goal of “functional separation” is defeated with PTI being structured as an “affiliate” wholly owned subsidiary, as it will be subject to management and policies of ICANN. From this view, while ICANN as the contracting party has the right of selecting future IANA functions operators, the legal and policy justification for this has not been provided. It is expected that ICANN'53 will see discussions around the PTI will focus on its composition, legal standing and applicability of the California law.

Richard Hill is of the view that the details of how PTI would be set up is critical for understanding whether or not there is "real" separation between ICANN and PTI leading to the conclusion of a meaningful contract in the sense of an agreement between two separate entities.[9] This functional separation and autonomy is granted by the combination of a legally binding contract, CSC oversight, periodic review and the possibility of non-renewal of the contract.[10]

Technical and policy roles - ICANN and PTI

The creation of PTI splits the technical and policy functions between ICANN and PTI. The ICANN Board comments on CWG HYPERLINK "http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfrIUO5F9nY4.pdf"PrHYPERLINK "http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfrIUO5F9nY4.pdf"oHYPERLINK "http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfrIUO5F9nY4.pdf"posal also confirm PTI having no policy role, nor it being intended to in the future, and that while it will have control of the budget amounts ceded to it by ICANN the funding of the PTI will be provided by ICANN as part of the ICANN budgeting process.[11] The comments from the Indian government on the proposal states this as an issue of concern, as it negates ICANN's present role as a merely technical coordination body. The concerns stem from placing ICANN in the role of the perpetual contracting authority for the IANA function makes ICANN the sole venue for decisions relating to naming policy as well as the entity with sole control over the PTI under the present wholly subsidiary entity.[12]

Key areas of work related to the distinction between the PTI and ICANN policy and technical functions include addressing how the new PFI Board would be structured, what its role would be, and what the legal construction between it and ICANN. The ICANN Board too has sought some important clarifications on its relationship as a parent body including areas where the PTI is separate from ICANN and areas where CWG sees shared services as being allowable (shared office space, HR, accounting, legal, payroll). It also sought clarification on the line of reporting, duties of the PTI Directors and alignment of PTI corporate governance with that of ICANN.

The Swedish government has commented that the next steps in this process would be clarification of the process for designing the PTI-IANA contract, a process to establish community consent before entering the contract, explicit mention of whom the contracting parties are and what their legal responsibilities would be in relation to it.[13]

Internal vs External Accountability

The ICANN Board, pushing for an internal model of full control of IANA Functions is of the view that a more independent PTI could somehow be "captured" and used to thwart the policies developed by ICANN. However, others have pointed out that under proposed structure PTI has strong ties to ICANN community that implements the policies developed by ICANN.[14] With no funding and no authority other than as a contractor of ICANN, if PTI is acting in a manner contrary to its contract it would be held in breach and could be replaced under the proposal.

Even so, as the Indian government has pointHYPERLINK "http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfJGK6yVohdU.pdf"edHYPERLINK "http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfJGK6yVohdU.pdf" out from the point of view of institutional architecture and accountability, this model is materially worse off than the status quo.[15]

The proposed PTI and ICANN relationship places complete reliance on internal accountability mechanisms within ICANN, which is not a prudent institutional design. The Indian government anticipates a situation where, in the event there is customer/ stakeholder dissatisfaction with ICANN’s role in naming policy development, there would be no mechanism to change the entity which fulfils this role. They feel that the earlier proposal for the creation of a Contract Co, a lightweight entity with the sole purpose of being the repository of contracting authority, and award contracts including the IANA Functions Contract provided a much more effective mechanism for external accountability. While the numbers and protocol communities have proposed a severable contractual relationship with ICANN for the performance of its SLAs no such mechanism exists with respect to ICANN's role in policy development for names.

Checks and Balances

Under the current proposal the Customer Standing Committee (CSC) has the role, of constantly reviewing the technical aspects of the naming function as performed by PTI. This, combined with the proposed periodic IANA Function Review (IFR), would act as a check on the PTI. The current draft proposal does not specify what will be the consequence of an unfavourable IANA Functions Review.

Some other areas of focus going forward relate to the IFR team inclusion in ICANN bylaws along the lines of the AOC established in 2009.[16] Also, ensuring the IFR team clarifies the scope of separability. The circumstances and procedures in place for pulling the IANA contract away if it has been established that ICANN is not fulfilling it contractual agreements. This will be a key accountability mechanism and deterrent for ICANN controlling the exercise of its influence.

CCWG Accountability

Work Stream (WS1): Responsible for drafting a mechanism for enhancing ICANN accountability, which must be in place before the IANA stewardship transition.

Work Stream (WS2): Addressing long term accountability topics which may extend beyond the IANA Stewardship Transition.

The IANA transition was recognized to be dependent on ICANN’s wider accountability, and this has exposed the trust issues between community and leadership and the proposal must be viewed in this context. The CCWG Draft Proposal attempts 4 significant new undertakings:

A. Restating ICANN’s Mission, Commitments, and Core Values, and placing those into the ICANN Bylaws. The CCWG has recommended that some segments of the Affirmation of Commitments (AOC)– a contract on operating principles agreed upon between ICANN and the United States government – be absorbed into the Corporation’s bylaws.

B. Establishing certain bylaws as “Fundamental Bylaws” that cannot be altered by the ICANN Board acting unilaterally, but over which stakeholders have prior approval rights;

C. Creating a formal “membership” structure for ICANN, along with “community empowerment mechanisms”. Some of the community empowerment mechanisms including (a) remove individual Board members, (b) recall the entire Board, (c) veto or approve changes to the ICANN Bylaws, Mission Statement, Commitments, and Core Values; and (d) to veto Board decisions on ICANN’s Strategic Plan and its budget;

D. Enhancing and strengthening ICANN's Independent Review Process (IRP) by creating a standing IRP Panel empowered to review actions taken by the corporation for compliance both with stated procedures and with the Bylaws, and to issue decisions that are binding upon the ICANN Board.

The key questions likely to be raised at ICANN 53 on several of these proposals will likely concern how these empowerment mechanisms affect the “legal nature” of the community.

Membership and Accountability

At the heart of the distrust between the ICANN Board and the community is the question of membership. ICANN as a corporation is a private sector body that is largely unregulated, with no natural competitors, cash-rich and directly or indirectly supports many of its participants and other Internet governance processes. Without effective accountability and transparency mechanisms, the opportunities for distortion, even corruption, are manifold. In such an environment, placing limitations on the Board’s power is critical to invoke trust. Three keys areas of accountability related to the Board include: no mechanisms for recall of individual board directors; the board’s ability to amend the company’s constitution (its bylaws), and the track record of board reconsideration requests.[17]

With no membership, ICANN’s directors represent the end of the line in terms of accountability. While there is a formal mechanism to review board decisions, the review is conducted by a subset of the same people. The CCWG’s proposal to create SOs/ACs as unincorporated “members” with Articles of Association has met with a lot of discussion, especially in the Governmental Advisory Council (GAC).[18] The GAC has posed several critical questions on this set up, some of which are listed here:

Can a legal person created and acting on behalf of the GAC become a member of ICANN, even though the GAC does not appoint Board members?
If GAC does not wish to become a member, how could it still be associated to the exercise of the 6 (community empowerment mechanisms) powers?
It is still unclear what the liability of members of future “community empowered structures” would be.
What are the legal implications on rights, obligations and liabilities of an informal group like the GAC creating an unincorporated association (UA) and taking decisions as such UA, from substantial (like exercising the community powers) to clerical (appointing its board, deciding on its financing) and whether there are implications when the members of such an UA are Governments?

Any proposal to strengthen accountability of ICANN needs to provide for membership so that there is ability to remove directors, creates financial accountability by receiving financial accounts and appointing editors and can check the ICANN’s board power to change bylaws without recourse to a higher authority.

Constitutional Undertaking

David Post and Danielle Kehl have pointed out that the CCWG correctly identifies the task it is undertaking – to ensure that ICANN’s power is adequately and appropriately constrained – as a “constitutional” one.[19] Their interpretation is based on the view that even if ICANN is not a true “sovereign,” it can usefully be viewed as one for the purpose of evaluating the sufficiency of checks on its power. Subsequently, the CCWG Draft Proposal, and ICANN’s accountability post-transition, can be understood and analyzed as a constitutional exercise, and that the transition proposal should meet constitutional criteria. Further, from this view the CCWG draft reflects the reformulation of ICANN around the broadly agreed upon constitutional criteria that should be addressed. These include:

A clear enumeration of the powers that the corporation can exercise, and a clear demarcation of those that it cannot exercise.
A division of the institution’s powers, to avoid concentrating all powers in one set of hands, and as a means of providing internal checks on its exercise.
Mechanism(s) to enforce the constraints of (1) and (2) in the form of meaningful remedies for violations.

Their comments reflect that they support CCWG in their approach and progress made in designing a durable accountability structure for a post-transition ICANN. However, they have stressed that a number of important omissions and/or clarifications need to be addressed before they can be confident that these mechanisms will, in practice, accomplish their mission. One such suggestion relates to ICANN’s policy role and PTI technical role separability. Given ICANN’s position in the DNS hierarchy gives it the power to impose its policies, via the web of contracts with and among registries, registrars, and registrants, on all users of the DNS, a constitutional balance for the DNS must preserve and strengthen the separation between DNS policy-making and policy-implementation. Importantly, they have clarified that even if ICANN has the power to choose what policies are in the best interest of the community it is not free to impose them on the community. ICANN's role is a critical though narrow one: to organize and coordinate the activities of that stakeholder community – which it does through its various Supporting Organizations, Advisory Committees, and Constituencies – and to implement the consensus policies that emerge from that process. Their comments on the CCWG draft call for stating this clarification explicitly and institutionalizing separability to be guided by this critical safeguard against ICANN’s abuse of its power over the DNS.

An effective implementation of this limitation will help clarify the role mechanisms being proposed such as the PTI and is critical for creating sustainable mechanisms, post-transition. More importantly, clarifying ICANN’s mission would ensure that in the post-transition communities could challenge its decisions on the basis that it is not pertaining to the role outlined or based on strengthening the stability and security of the DNS. Presently, it is very unclear where ICANN can interfere in terms of policymaking and implementation.

Other Issues

Other issues expected to be raised in the context of ICANN's overall accountabiltiy will likey concern the following:

Strengthening financial transparency and oversight

Given the rapid growth of the global domain name industry, one would imagine that ICANN is held up to the same standard of accountability as laid down in the right to information mechanisms countries such as India. CIS has been raising this issue for a while and has managed to received the list of ICANN’s current domain name revenues.[20]

By sharing this information, ICANN has shown itself responsive to repeated requests for transparency however, the shared revenue data is only for the fiscal year ending June 2014, and historical revenue data is still not publicly available. Neither is a detailed list (current and historical) of ICANN’s expenditures publicly available. Accountability mechanisms and discussions must seek that ICANN provide the necessary information during its regular Quarterly Stakeholder Reports, as well as on its website.

Strengthening transparency

A key area of concern is ICANN's unchecked influence and growing role as an institution in the IG space. Seen in the light of the impending transition, the transparency concerns gain significance and given ICANN's vocal interests in maintaining the status quo of its role in DNS Management. While financial statements (current and historic) are public and community discussions are generally open, the complexity of the contractual arrangements in place tracking the financial reserves available to ICANN through these processes are not sufficient.

Further, ICANN as a monopoly is presently constrained only by the NTIA review and few internal mechanisms like the Documentary Information Disclosure Policy (DIDP)[21], Ombudsman[22], Reconsideration and Independent Review[23] and the Accountability and Transparency Review (ATRT)[24]. These mechanisms are facing teething issues and some do not conform to the principles of natural justice. For example, a Reconsideration Request can be filed if one is aggrieved by an action of ICANN’s Board or staff. Under ICANN’s By-laws, it is the Board Governance Committee, comprising ICANN Board members, that adjudicates Reconsideration Requests.[25]

Responses to the DIDP requests filed by CIS reveal that the mechanism in its current form, is not sufficient to provide the transparency necessary for ICANN’s functioning. For instance, in the response to DIDP pertaining to the Ombudsman Requests[26], ICANN cites confidentiality as a reason to decline providing information as making Ombudsman Requests public would violate ICANN Bylaws, toppling the independence and integrity of the Ombudsman. Over December ’14 and January ’15, CIS sent 10 DIDP requests to ICANN with an aim was to test and encourage discussions on transparency from ICANN. We have received responses for 9 of our requests, and in 7 of those responses ICANN provides very little new information and moving forward we would stress the improvements of existing mechanisms along with introduction of new oversight and reporting parameters towards facilitating the transition process.[27]

[1]John Sweeting and others, 'CRISP Process Overview' (ARIN 35, 2015) https://regmedia.co.uk/2015/04/30/crisp_panel.pdf

[2]Andrew Sullivan, [Ianaplan] Update On IANA Transition & Negotiations With ICANN (2015), Email http://www.ietf.org/mail-archive/web/ianaplan/current/msg01680.html

[3]Milton Mueller, ‘ICANN WANTS AN IANA FUNCTIONS MONOPOLY – WILL IT WRECK THE TRANSITION PROCESS TO GET IT?’ (Internet Governance Project, 28 April 2015) http://www.internetgovernance.org/2015/04/28/icann-wants-an-iana-functions-monopoly-and-its-willing-to-wreck-the-transition-process-to-get-it/#comment-40045

[4]Tony Smith, 'Event Wrap: ICANN 52' (APNIC Blog, 20 February 2015) http://blog.apnic.net/2015/02/20/event-wrap-icann-52/

[5]Internet Engineering Task Force, 'IPROC – IETF Protocol Registries Oversight Committee' (2015) https://www.ietf.org/iana/iproc.html

[6]Axel Pawlik, Numbers Community Proposal Contact Points With CWG’S Draft IANA Stewardship Transition Proposal (2015), Email http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/msg00003.html

[7]Jari Arkko, Re: [Ianaplan] CWG Draft And Its Impact On The IETF (2015), Email http://www.ietf.org/mail-archive/web/ianaplan/current/msg01843.html

[8]Milton Mueller, Comments Of The Internet Governance Project (2015), Email http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/msg00021.html

[9]Richard Hill, Initial Comments On CWG-Stewardship Draft Proposal (2015), Email http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/msg00000.html

[10]Brenden Kuerbis, 'Why The Post-Transition IANA Should Be A Nonprofit Public Benefit Corporation' (Internet Governance Project, 18 May 2015) http://www.internetgovernance.org/2015/05/18/why-the-post-transition-iana-should-be-a-nonp

[11]ICANN Board Comments On 2Nd Draft Proposal Of The Cross Community Working Group To Develop An IANA Stewardship Transition Proposal On Naming Related Functions (20 May 2015) http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfrIUO5F9nY4.pdf

[12]Comments Of Government Of India On The ‘2nd Draft Proposal Of The Cross Community Working Group To Develop An IANA Stewardship Transition Proposal On Naming Related Functions’ (2015) http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfJGK6yVohdU.pdf

[13]Anders Hektor, Sweden Comments To CWG-Stewardship (2015), Email http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/msg00016.html

[14]Brenden Kuerbis, 'Why The Post-Transition IANA Should Be A Nonprofit Public Benefit Corporation |' (Internet Governance Project, 18 May 2015) http://www.internetgovernance.org/2015/05/18/why-the-post-transition-iana-should-be-a-nonprofit-public-benefit-corporation/

[15]Comments Of Government Of India On The ‘2nd Draft Proposal Of The Cross Community Working Group To Develop An IANA Stewardship Transition Proposal On Naming Related Functions’ (2015) http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfJGK6yVohdU.pdf

[16]Kieren McCarthy, 'Internet Kingmakers Drop Ego, Devise Future Of DNS, IP Addys Etc' (The Register, 24 April 2015) http://www.theregister.co.uk/2015/04/24/internet_kingmakers_drop_ego_devise_future_of_the_internet/

[17]Emily Taylor, ICANN: Bridging The Trust Gap (Paper Series No. 9, Global Commission on Internet Governance March 2015) https://regmedia.co.uk/2015/04/02/gcig_paper_no9-iana.pdf

[18]Milton Mueller, 'Power Shift: The CCWG’S ICANN Membership Proposal' (Internet Governance Project, 4 June 2015) http://www.internetgovernance.org/2015/06/04/power-shift-the-ccwgs-icann-membership-proposal/

[19]David Post, Submission Of Comments On CCWG Draft Initial Proposal (2015), Email http://forum.icann.org/lists/comments-ccwg-accountability-draft-proposal-04may15/msg00050.html

[20] Hariharan, 'ICANN reveals hitherto undisclosed details of domain names revenues', 8 December, 2014 See: http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014

[21] ICANN, Documentary Information Disclosure Policy See: https://www.icann.org/resources/pages/didp-2012-02-25-en

[22] ICANN Accountability, Role of the Ombudsman https://www.icann.org/resources/pages/accountability/ombudsman-en

[23] ICANN Reconsideration and independent review, ICANN Bylaws, Article IV, Accountability and Review https://www.icann.org/resources/pages/reconsideration-and-independent-review-icann-bylaws-article-iv-accountability-and-review

[24] ICANN Accountability and Transparency Review Final Recommendations https://www.icann.org/en/system/files/files/final-recommendations-31dec13-en.pdf

[25] ICANN Bylaws Article iv, Section 2 https://www.icann.org/resources/pages/governance/bylaws-en#IV

[26] ICANN Response to DIDP Ombudsman https://www.icann.org/resources/pages/20141228-1-ombudsman-2015-01-28-en

[27] Table of CIS DIDP Requests See: http://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file

For more details visit https://cis-india.org/internet-governance/blog/iana-transition-stewardship-and-icann-accountability-2

IANA Transition Stewardship & ICANN Accountability (I)

jyoti — 2015-07-31T14:56:26Z

This paper is the first in a multi-part series, in which we provide a background to the IANA transition and updates on the ensuing processes. An attempt to familiarise people with the issues at stake, this paper will be followed by a second piece that provides an overview of submitted proposals and areas of concern that will need attention moving forward. The series is a work in progress and will be updated as the processes move forward. It is up for public comments and we welcome your feedback.

In developing these papers we have been guided by Kieren McCarthy's writings in The Register, Milton Mueller writings on the Internet Governance Project, Rafik Dammak emails on the mailings lists, the constitutional undertaking argument made in the policy paper authored by Danielle Kehl & David Post for New America Foundation.

Introduction

The 53rd ICANN conference in Buenos Aires was pivotal as it marked the last general meeting before the IANA transition deadline on 30th September, 2015. The multistakeholder process initiated seeks communities to develop transition proposals to be consolidated and reviewed by the the IANA Stewardship Transition Coordination Group (ICG). The names, number and protocol communities convened at the conference to finalize the components of the transition proposal and to determine the way forward on the transition proposals. The Protocol Parameters (IANA PLAN Working Group) submitted to ICG on 6 January 2015, while the Numbering Resources (CRISP Team) submitted on 15 January 2015. The Domain Names (CWG-Stewardship) submitted its second draft to ICG on 25 June 2015. The ICG had a face-to-face meeting in Buenos Aires and their proposal to transition the stewardship of the IANA functions is expected to be out for public comment July 31 to September 8, 2015.

Parallelly, the CCWG on Enhancing ICANN Accountability offered its first set of proposals for public comment in June 2015 and organised two working sessions at ICANN'53. More recently, the CCWG met in Paris focusing on the proposed community empowerment mechanisms, emerging concerns and progress on issues so far. CIS reserves its comments to the CCWG till the second round of comments expected in July.

This working paper explains the IANA Transition, its history and relevance to management of the Internet. It provides an update on the processes so far, including the submissions by the Indian government and highlights areas of concern that need attention going forward.

How is IANA Transition linked to DNS Management?

The IANA transition presents a significant opportunity for stakeholders to influence the management and governance of the global network. The Domain Name System (DNS), which allows users to locate websites by translating the domain name with corresponding Internet Protocol address, is critical to the functioning of the Internet. The DNS rests on the effective coordination of three critical functions—the allocation of IP Addresses (the numbers function), domain name allocation (the naming function), and protocol parameters standardisation (the protocols function).

History of the ICANN-IANA Functions contract

Initially, these key functions were performed by individuals and public and private institutions. They either came together voluntarily or through a series of agreements and contracts brokered by the Department of Commerce’s National Telecommunications and Information Administration (NTIA) and funded by the US government. With the Internet's rapid expansion and in response to concerns raised about its increasing commercialization as a resource, a need was felt for the creation of a formal institution that would take over DNS management. This is how ICANN, a California-based private, non-profit technical coordination body, came at the helm of DNS and related issues. Since then, ICANN has been performing the Internet Assigned Numbers Authority (IANA) functions under a contract with the NTIA, and is commonly referred to as the IANA Functions Operator.

IANA Functions

In February 2000, the NTIA entered into the first stand-alone IANA Functions HYPERLINK "http://www.ntia.doc.gov/files/ntia/publications/sf_26_pg_1-2-final_award_and_sacs.pdf"contract[1] with ICANN as the Operator. While the contractual obligations have evolved over time, these are largely administrative and technical in nature including:

(1) the coordination of the assignment of technical Internet protocol parameters;

(2) the allocation of Internet numbering resources; and

(3) the administration of certain responsibilities associated with the Internet DNS root zone management;

(4) other services related to the management of the ARPA and top-level domains.

ICANN has been performing the IANA functions under this oversight, primarily as NTIA did not want to let go of complete control of DNS management. Another reason was to ensure NTIA's leverage in ensuring that ICANN’s commitments, conditional to its incorporation, were being met and that it was sticking to its administrative and technical role.

Root Zone Management—Entities and Functions Involved

NTIA' s involvement has been controversial particularly in reference to the Root Zone Management function, which allows allows for changes to the HYPERLINK "http://www.internetsociety.org/sites/default/files/The Internet Domain Name System Explained for Non-Experts (ENGLISH).pdf"highest level of the DNS namespace[2] by updating the databases that represent that namespace. DNS namespace is defined to be the set of names known as top-level domain names or TLDs which may be at the country level (ccTLDs or generic (gTLDs). This HYPERLINK "https://static.newamerica.org/attachments/2964-controlling-internet-infrastructure/IANA_Paper_No_1_Final.32d31198a3da4e0d859f989306f6d480.pdf"function to maintain the Root was split into two parts[3]—with two separate procurements and two separate contracts. The operational contract for the Primary (“A”) Root Server was awarded to VeriSign, the IANA Functions Contract—was awarded to ICANN.

These contracts created contractual obligations for ICANN as IANA Root Zone Management Function Operator, in co-operation with Verisign as the Root Zone Maintainer and NTIA as the Root Zone Administrator whose authorisation is explicitly required for any requests to be implemented in the root zone. Under this contract, ICANN had responsibility for the technical functions for all three communities under the IANA Functions contract.

ICANN also had policy making functions for the names community such as developing HYPERLINK "https://www.iana.org/domains/root/files"rules and procedures and policies under HYPERLINK "https://www.iana.org/domains/root/files"which any changes to the Root Zone File[4] were to be proposed, including the policies for adding new TLDs to the system. The policy making of numbers and protocols is with IETF and RIRs respectively. HYPERLINK "http://www.ntia.doc.gov/files/ntia/publications/ntias_role_root_zone_management_12162014.pdf"NTIA role in root zone management[5] is clerical and judgment free with regards to content. It authorizes implementation of requests after verifying whether procedures and policies are being followed.

This contract was subject to extension by mutual agreement and failure of complying with predefined commitments could result in the re-opening of the contract to another entity through a Request For Proposal (RFP). In fact, in 2011 HYPERLINK "http://www.ntia.doc.gov/files/ntia/publications/11102011_solicitation.pdf"NTIA issued a RFP pursuant to ICANN HYPERLINK "http://www.ntia.doc.gov/files/ntia/publications/11102011_solicitation.pdf"'HYPERLINK "http://www.ntia.doc.gov/files/ntia/publications/11102011_solicitation.pdf"s Conflict of Interest Policy.[6]

Why is this oversight needed?

The role of the Administrator becomes critical for ensuring the security and operation of the Internet with the Root Zone serving as the directory of critical resources. In December 2014, HYPERLINK "http://www.theregister.co.uk/2015/04/30/confidential_information_exposed_over_300_times_in_icann_security_snafu/"a report revealed 300 incidents of internal security breaches[7] some of which were related to the Centralized Zone Data System (CZDS) – where the internet core root zone files are mirrored and the WHOIS portal. In view of the IANA transition and given ICANN's critical role in maintaining the Internet infrastructure, the question which arises is if NTIA will let go of its Administrator role then which body should succeed it?

Transition announcement and launch of process

On 14 March 2014, the NTIA HYPERLINK "http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions"announced[8] “its intent to transition key Internet domain name functions to the global multistakeholder community”. These key Internet domain name functions refer to the IANA functions. For this purpose, the NTIA HYPERLINK "http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions"asked[9] the Internet Corporation for Assigned Names and Numbers (ICANN) to convene a global multistakeholder process to develop a transition proposal which has broad community support and addresses the following four principles:

Support and enhance the multistakeholder model;
Maintain the security, stability, and resiliency of the Internet DNS;
Meet the needs and expectation of the global customers and partners of the IANA services; and
Maintain the openness of the Internet.

The transition process has been split according to the three main communities naming, numbers and protocols.

Structure of the Transition Processes

ICANN performs both technical functions and policy-making functions. The technical functions are known as IANA functions and these are performed by ICANN are for all three communities.

I. Naming function: ICANN performs technical and policy-making for the names community. The technical functions are known as IANA functions and the policy-making functions relates to their role in deciding whether .xxx or .sucks should be allowed amongst other issues. There are two parallel streams of work focusing on the naming community that are crucial to completing the transition. The first, Cross-Community Working Group to Develop an IANA Stewardship Transition Proposal on Naming Related Functions will enable NTIA to transition out of its role in the DNS. Therefore, accountability of IANA functions is the responsibility of the CWG and accountability of policy-making functions is outside its scope. CWG has submitted its second draft to the ICG.

The second, Cross-Community Working Group on Accountability (CCWG-Accountability) is identifying necessary reforms to ICANN’s bylaws and processes to enhance the organization’s accountability to the global community post-transition. Therefore accountability of IANA functions is outside the scope of the CCWG. The CCWG on Enhancing ICANN Accountability offered its first set of proposals for public comment in June 2015.

II. Numbers function: ICANN performs only technical functions for the numbers community. The policy-making functions for numbers are performed by RIRs. CRISP is focusing on the IANA functions for numbers and has submitted their proposal to the ICG earlier this year.

III. Protocols function: ICANN performs only technical functions for the protocols community. The policy-making functions for protocols are performed by IETF. IETF-WG is focusing on the IANA functions for protocols and has submitted their proposal to the ICG earlier this year.

Role of ICG

After receiving the proposals from all three communities the ICG must combine these proposals into a consolidated transition proposal and then seek public comment on all aspects of the plan. ICG’s role is crucial, because it must build a public record for the NTIA on how the three customer group submissions tie together in a manner that ensures NTIA’s HYPERLINK "http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions"criteria[10] are met and institutionalized over the long term. Further, ICG's final submission to NTIA must include a plan to enhance ICANN’s accountability based on the CCWG-Accountability proposal.

NTIA Leverage

Reprocurement of the IANA contract is HYPERLINK "http://www.newamerica.org/oti/controlling-internet-infrastructure/"essential for ICANN HYPERLINK "http://www.newamerica.org/oti/controlling-internet-infrastructure/"'HYPERLINK "http://www.newamerica.org/oti/controlling-internet-infrastructure/"s HYPERLINK "http://www.newamerica.org/oti/controlling-internet-infrastructure/" legitimacy[11] in the DNS ecosystem and the authority to reopen the contract and in keeping the policy and operational functions separate meant that, NTIA could simply direct VeriSign to follow policy directives being issued from the entity replacing ICANN if they were deemed to be not complying. This worked as an effective leverage for ICANN complying to their commitments even if it is difficult to determine how this oversight was exercised. Perceptually, this has been interpreted as a broad overreach particularly, in the context of issues of sovereignty associated with ccTLDs and the gTLDs in their influence in shaping markets. However, it is important to bear in mind that the NTIA authorization comes after the operator, ICANN—has validated the request and does not deal with the substance of the request rather focuses merely on compliance with outlined procedure.

NTIA's role in the transition process

NTIA in its HYPERLINK "http://www.ntia.doc.gov/files/ntia/publications/ntia_second_quarterly_iana_report_05.07.15.pdf"Second Quarterly Report to the Congress[12] for the period of February 1-March 31, 2015 has outlined some clarifications on the process ahead. It confirmed the flexibility of extending the contract or reducing the time period for renewal, based on community decision. The report also specified that the NTIA would consider a proposal only if it has been developed in consultation with the multi-stakeholder community. The transition proposal should have broad community support and does not seek replacement of NTIA's role with a government-led or intergovernmental organization solution. Further the proposal should maintain security, stability, and resiliency of the DNS, the openness of the Internet and must meet the needs and expectations of the global customers and partners of the IANA services. NTIA will only review a comprehensive plan that includes all these elements.

Once the communities develop and ICG submits a consolidated proposal, NTIA will ensure that the proposal has been adequately “stress tested” to ensure the continued stability and security of the DNS. NTIA also added that any proposed processes or structures that have been tested to see if they work, prior to the submission—will be taken into consideration in NTIA's review. The report clarified that NTIA will review and assess the changes made or proposed to enhance ICANN’s accountability before initiating the transition.

Prior to ICANN'53, Lawrence E. Strickling Assistant Secretary for Communications and Information and NTIA Administrator HYPERLINK "http://www.ntia.doc.gov/blog/2015/stakeholder-proposals-come-together-icann-meeting-argentina"has posed some questions for consideration[13] by the communities prior to the completion of the transition plan. The issues and questions related to CCWG-Accountability draft are outlined below:

Proposed new or modified community empowerment tools—how can the CCWG ensure that the creation of new organizations or tools will not interfere with the security and stability of the DNS during and after the transition? Do these new committees and structures create a different set of accountability questions?
Proposed membership model for community empowerment—have other possible models been thoroughly examined, detailed, and documented? Has CCWG designed stress tests of the various models to address how the multistakeholder model is preserved if individual ICANN Supporting Organizations and Advisory Committees opt out?
Has CCWG developed stress tests to address the potential risk of capture and barriers to entry for new participants of the various models? Further, have stress tests been considered to address potential unintended consequences of “operationalizing” groups that to date have been advisory in nature?
Suggestions on improvements to the current Independent Review Panel (IRP) that has been criticized for its lack of accountability—how does the CCWG proposal analyze and remedy existing concerns with the IRP?
In designing a plan for improved accountability, should the CCWG consider what exactly is the role of the ICANN Board within the multistakeholder model? Should the standard for Board action be to confirm that the community has reached consensus, and if so, what accountability mechanisms are needed to ensure the Board operates in accordance with that standard?
The proposal is primarily focused on the accountability of the ICANN Board—has the CCWG considered accountability improvements that would apply to ICANN management and staff or to the various ICANN Supporting Organizations and Advisory Committees?
NTIA has also asked the CCWG to build a public record and thoroughly document how the NTIA criteria have been met and will be maintained in the future.
Has the CCWG identified and addressed issues of implementation so that the community and ICANN can implement the plan as expeditiously as possible once NTIA has reviewed and accepted it.

NTIA has also sought community’s input on timing to finalize and implement the transition plan if it were approved. The Buenos Aires meeting became a crucial point in the transtion process as following the meeting, NTIA will need to make a determination on extending its current contract with ICANN. Keeping in mind that the community and ICANN will need to implement all work items identified by the ICG and the Working Group on Accountability as prerequisites for the transition before the contract can end, the community’s input is critical.

NTIA's legal standing

On 25th February, 2015 the US Senate Committee on Commerce, Science & Transportation on 'Preserving the Multi-stakeholder Model of Internet Governance'[14] heard from NTIA head Larry Strickling, Ambassador Gross and Fadi Chehade. The hearing sought to plug any existing legal loopholes, and tighten its administrative, technical, financial, public policy, and political oversight over the entire process no matter which entity takes up the NTIA function. The most important takeaway from this Congressional hearing came from Larry Strickling’s testimony[15] who stated that NTIA has no legal or statutory responsibility to manage the DNS.

If the NTIA does not have the legal responsibility to act, and its role was temporary; on what basis is the NTIA driving the current IANA Transition process without the requisite legal authority or Congressional mandate? Historically, the NTIA oversight, effectively devised as a leverage for ICANN fulfilling its commitments have not been open to discussion. HYPERLINK "http://forum.icann.org/lists/comments-ccwg-accountability-draft-proposal-04may15/pdfnOquQlhsmM.pdf"Concerns have also been raised[16] on the lack of engagement with non-US governments, organizations and persons prior to initiating or defining the scope and conditions of the transition. Therefore, any IANA transition plan must consider this lack of consultation, develop a multi-stakeholder process as the way forward—even if the NTIA wants to approve the final transition plan.

Need to strengthen Diversity Principle

Following submissions by various stakeholders raising concerns regarding developing world participation, representation and lack of multilingualism in the transition process—the Diversity Principle was included by ICANN in the Revised Proposal of 6 June 2014. Given that representatives from developing countries as well as from stakeholder communities outside of the ICANN community are unable to productively involve themselves in such processes because of lack of multilingualism or unfamiliarity with its way of functioning merely mentioning diversity as a principle is not adequate to ensure abundant participation. As CIS has pointed out[17] before issues have been raised about the domination by North American or European entities which results in undemocratic, unrepresentative and non-transparent decision-making in such processes. Accordingly, all the discussions in the process should be translated into multiple native languages of participants in situ, so that everyone participating in the process can understand what is going on. Adequate time must be given for the discussion issues to be translated and circulated widely amongst all stakeholders of the world, before a decision is taken or a proposal is framed. This was a concern raised in the recent CCWG proposal which was extended as many communities did not have translated texts or adequate time to participate.

Representation of the global multistakeholder community in ICG

Currently, the Co-ordination Group includes representatives from ALAC, ASO, ccNSO, GNSO, gTLD registries, GAC, ICC/BASIS, IAB, IETF, ISOC, NRO, RSSAC and SSAC. Most of these representatives belong to the ICANN community, and is not representative of the global multistakeholder community including governments. This is not representative of even a multistakeholder model which the US HYPERLINK "http://cis-india.org/internet-governance/blog/iana-transition-suggestions-for-process-design"g HYPERLINK "http://cis-india.org/internet-governance/blog/iana-transition-suggestions-for-process-design"ov HYPERLINK "http://cis-india.org/internet-governance/blog/iana-transition-suggestions-for-process-design"ernment HYPERLINK "http://cis-india.org/internet-governance/blog/iana-transition-suggestions-for-process-design"has announced[18] for the transition; nor in the multistakeholder participation spirit of NETmundial. Adequate number of seats on the Committee must be granted to each stakeholder so that they can each coordinate discussions within their own communities and ensure wider and more inclusive participation.

ICANN's role in the transition process

Another issue of concern in the pre-transition process has been ICANN having been charged with facilitating this transition process. This decision calls to question the legitimacy of the process given that the suggestions from the proposals envision a more permanent role for ICANN in DNS management. As Kieren McCarthy has pointed out [19]ICANN has taken several steps to retain the balance of power in managing these functions which have seen considerable pushback from the community. These include an attempt to control the process by announcing two separate processes[20] – one looking into the IANA transition, and a second at its own accountability improvements – while insisting the two were not related. That effort was beaten down[21] after an unprecedented letter by the leaders of every one of ICANN's supporting organizations and advisory committees that said the two processes must be connected.

Next, ICANN was accused of stacking the deck[22] by purposefully excluding groups skeptical of ICANN’s efforts, and by trying to give ICANN's chairman the right to personally select the members of the group that would decide the final proposal. That was also beaten back. ICANN staff also produced a "scoping document"[23], that pre-empt any discussion of structural separation and once again community pushback forced a backtrack.[24]

These concerns garner more urgency given recent developments with the community working HYPERLINK "http://www.ietf.org/mail-archive/web/ianaplan/current/msg01680.html"groups[25] and ICANN divisive view of the long-term role of ICANN in DNS management. Further, given HYPERLINK "https://www.youtube.com/watch?v=yGwbYljtNyI#t=1164"ICANNHYPERLINK "https://www.youtube.com/watch?v=yGwbYljtNyI#t=1164" HYPERLINK "https://www.youtube.com/watch?v=yGwbYljtNyI#t=1164"President Chehade’s comments that the CWG is not doing its job[26], is populated with people who do not know anything and the “IANA process needs to be left alone as much as possible”. Fadi also specified that ICANN had begun the formal process of initiating a direct contract with VeriSign to request and authorise changes to be implemented by VeriSign. While ICANN may see itself without oversight in this relationship with VeriSign, it is imperative that proposals bear this plausible outcome in mind and put forth suggestions to counter this.

The HYPERLINK "http://www.ietf.org/mail-archive/web/ianaplan/current/msg01680.html"update from IETF on the ongoing negotiation with ICANN on their proposal[27] related to protocol parameters has also flagged that ICANN is unwilling to cede to any text which would suggest ICANN relinquishing its role in the operations of protocol parameters to a subsequent operator, should the circumstances demand this. ICANN has stated that agreeing to such text now would possibly put them in breach of their existing agreement with the NTIA. Finally, HYPERLINK "https://twitter.com/arunmsukumar/status/603952197186035712"ICANN HYPERLINK "https://twitter.com/arunmsukumar/status/603952197186035712"Board Member, Markus Kummer[28] stated that if ICANN was to not approve any aspect of the proposal this would hinder the consensus and therefore, the transition would not be able to move forward.

ICANN has been designated the convenor role by the US government on basis of its unique position as the current IANA functions contractor and the global coordinator for the DNS. However it is this unique position itself which creates a conflict of interest as in the role of contractor of IANA functions, ICANN has an interest in the outcome of the process being conducive to ICANN. In other words, there exists a potential for abuse of the process by ICANN, which may tend to steer the process towards an outcome favourable to itself.

Therefore there exists a strong rationale for defining the limitations of the role of ICANN as convenor. The community has suggested that ICANN should limit its role to merely facilitating discussions and not extend it to reviewing or commenting on emerging proposals from the process. Additional safeguards need to be put in place to avoid conflicts of interest or appearance of conflicts of interest. ICANN should further not compile comments on drafts to create a revised draft at any stage of the process. Additionally, ICANN staff must not be allowed to be a part of any group or committee which facilitates or co-ordinates the discussion regarding IANA transition.

How is the Obama Administration and the US Congress playing this?

Even as the issues of separation of ICANN's policy and administrative role remained unsettled, in the wake of the Snowden revelations, NTIA initiated the long due transition of the IANA contract oversight to a global, private, non-governmental multi-stakeholder institution on March 14, 2014. This announcement immediately raised questions from Congress on whether the transition decision was dictated by technical considerations or in response to political motives, and if the Obama Administration had the authority to commence such a transition unilaterally, without prior open stakeholder consultations. Republican HYPERLINK "http://www.reuters.com/article/2015/06/02/us-usa-internet-icann-idUSKBN0OI2IJ20150602"lawmakers have raised concerns about the IANA transition plan [29]worried that it may allow other countries to capture control.

More recently, HYPERLINK "https://www.congress.gov/bill/114th-congress/house-bill/2251"Defending Internet Freedom Act[30] has been re-introduced to US Congress. This bill seeks ICANN adopt the recommendations of three internet community groups, about the transition of power, before the US government relinquishes control of the IANA contract. The bill also seeks ownership of the .gov and .mil top-level domains be granted to US government and that ICANN submit itself to the US Freedom of Information Act (FOIA), a legislation similar to the RTI in India, so that its records and other information gain some degree of public access.It has also been asserted by ICANN that neither NTIA nor the US Congress will approve any transition plan which leaves open the possibility of non-US IANA Functions Operator in the future.

Funding of the transition

The Obama administration is also HYPERLINK "http://www.broadcastingcable.com/news/washington/house-bill-blocks-internet-naming-oversight-handoff/141393"fighting a Republican-backed Commerce, Justice, Science, and HYPERLINK "http://www.broadcastingcable.com/news/washington/house-bill-blocks-internet-naming-oversight-handoff/141393"Related Agencies Appropriations Act (H.R. 2578)[31] which seeks to block NTIA funding the IANA transition. One provision of this bill restricts NTIA from using appropriated dollars for IANA stewardship transition till the end of the fiscal year, September 30, 2015 also the base period of the contact in function. This peculiar proviso in the Omnibus spending bill actually implies that Congress believes that the IANA Transition should be delayed with proper deliberation, and not be rushed as ICANN and NTIA are inclined to.

The IANA Transition cannot take place in violation of US Federal Law that has defunded it within a stipulated time-window. At the Congressional Internet Caucus in January 2015, NTIA head Lawrence Strickling clarified that NTIA will “not use appropriated funds to terminate the IANA functions...” or “to amend the cooperative agreement with Verisign to eliminate NTIA's role in approving changes to the authoritative root zone file...”. This implicitly establishes that the IANA contract will be extended, and Strickling confirmed that there was no hard deadline for the transition.

DOTCOM Act

The Communications and Technology Subcommittee of the House Energy and Commerce Committee HYPERLINK "http://energycommerce.house.gov/markup/communications-and-technology-subcommittee-vote-dotcom-act"amended the DOTCOM Act[32], a bill which, in earlier drafts, would have halted the IANA functions transition process for up to a year pending US Congressional approval. The bill in its earlier version represented unilateral governmental interference in the multistakeholder process. The new bill reflects a much deeper understanding of, and confidence in, the significant amount of work that the global multistakeholder community has undertaken in planning both for the transition of IANA functions oversight and for the increased accountability of ICANN. The amended DOTCOM Act would call for the NTIA to certify – as a part of a proposed GAO report on the transition – that “the required changes to ICANN’s by-laws contained in the final report of ICANN’s Cross Community Working Group on Enhancing ICANN Accountability and the changes to ICANN’s bylaws required by ICANN’s IANA have been implemented.” The bill enjoys immense bipartisan support[33], and is being lauded as a prudent and necessary step for ensuring the success of the IANA transition.

[1] IANA Functions Contract <http://www.ntia.doc.gov/files/ntia/publications/sf_26_pg_1-2-final_award_and_sacs.pdf> accessed 15th June 2015

[2] Daniel Karrenberg, The Internet Domain Name System Explained For Nonexperts <http://www.internetsociety.org/sites/default/files/The%20Internet%20Domain%20Name%20System%20Explained%20for%20Non-Experts%20(ENGLISH).pdf> accessed 15 June 2015

[3] David Post and Danielle Kehl, Controlling Internet Infrastructure The “IANA Transition” And Why It Matters For The Future Of The Internet, Part I (1st edn, Open Technology Institute 2015) <https://static.newamerica.org/attachments/2964-controlling-internet-infrastructure/IANA_Paper_No_1_Final.32d31198a3da4e0d859f989306f6d480.pdf> accessed 10 June 2015.

[4] Iana.org, 'IANA — Root Files' (2015) <https://www.iana.org/domains/root/files> accessed 11 June 2015.

[5] 'NTIA's Role In Root Zone Management' (2014). <http://www.ntia.doc.gov/files/ntia/publications/ntias_role_root_zone_management_12162014.pdf> accessed 15 June 2015.

[6] Contract ( 2011) <http://www.ntia.doc.gov/files/ntia/publications/11102011_solicitation.pdf> accessed 10 June 2015.

[7] Kieren McCarthy, 'Confidential Information Exposed Over 300 Times In ICANN Security Snafu' The Register (2015) <http://www.theregister.co.uk/2015/04/30/confidential_information_exposed_over_300_times_in_icann_security_snafu/> accessed 15 June 2015.

[8] NTIA, ‘NTIA Announces Intent To Transition Key Internet Domain Name Functions’ (2014) <http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions> accessed 15 June 2015.

[9] NTIA, ‘NTIA Announces Intent To Transition Key Internet Domain Name Functions’ (2014) <http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions> accessed 15 June 2015.

[10] NTIA, ‘NTIA Announces Intent To Transition Key Internet Domain Name Functions’ (2014) <http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions> accessed 15 June 2015.

[11] David Post and Danielle Kehl, Controlling Internet Infrastructure The “IANA Transition” And Why It Matters For The Future Of The Internet, Part I (1st edn, Open Technology Institute 2015) <https://static.newamerica.org/attachments/2964-controlling-internet-infrastructure/IANA_Paper_No_1_Final.32d31198a3da4e0d859f989306f6d480.pdf> accessed 10 June 2015.

[12] National Telecommunications and Information Administration, 'REPORT ON THE TRANSITION OF THE STEWARDSHIP OF THE INTERNET ASSIGNED NUMBERS AUTHORITY (IANA) FUNCTIONS' (NTIA 2015) <http://www.ntia.doc.gov/files/ntia/publications/ntia_second_quarterly_iana_report_05.07.15.pdf> accessed 10 July 2015.

[13] Lawrence Strickling, 'Stakeholder Proposals To Come Together At ICANN Meeting In Argentina' <http://www.ntia.doc.gov/blog/2015/stakeholder-proposals-come-together-icann-meeting-argentina> accessed 19 June 2015.

[14] Philip Corwin, 'NTIA Says Cromnibus Bars IANA Transition During Current Contract Term' <http://www.circleid.com/posts/20150127_ntia_cromnibus_bars_iana_transition_during_current_contract_term/> accessed 10 June 2015.

[15] Sophia Bekele, '"No Legal Basis For IANA Transition": A Post-Mortem Analysis Of Senate Committee Hearing' <http://www.circleid.com/posts/20150309_no_legal_basis_for_iana_transition_post_mortem_senate_hearing/> accessed 9 June 2015.

[16] Comments On The IANA Transition And ICANN Accountability Just Net Coalition (2015) <http://forum.icann.org/lists/comments-ccwg-accountability-draft-proposal-04may15/pdfnOquQlhsmM.pdf> accessed 12 June 2015.

[17] The Centre for Internet and Society, 'IANA Transition: Suggestions For Process Design' (2014) <http://cis-india.org/internet-governance/blog/iana-transition-suggestions-for-process-design> accessed 9 June 2015.

[18] The Centre for Internet and Society, 'IANA Transition: Suggestions For Process Design' (2014) <http://cis-india.org/internet-governance/blog/iana-transition-suggestions-for-process-design> accessed 9 June 2015.

[19] Kieren McCarthy, 'Let It Go, Let It Go: How Global DNS Could Survive In The Frozen Lands Outside US Control Public Comments On Revised IANA Transition Plan' The Register (2015) <http://www.theregister.co.uk/2015/05/26/iana_icann_latest/> accessed 15 June 2015.

[20] Icann.org, 'Resources - ICANN' (2014) <https://www.icann.org/resources/pages/process-next-steps-2014-08-14-en> accessed 13 June 2015.

[21] <https://www.icann.org/en/system/files/correspondence/crocker-chehade-to-soac-et-al-18sep14-en.pdf> accessed 10 June 2015.

[22] Richard Forno, '[Infowarrior] - Internet Power Grab: The Duplicity Of ICANN' (Mail-archive.com, 2015) <https://www.mail-archive.com/infowarrior@attrition.org/msg12578.html> accessed 10 June 2015.

[23] ICANN, 'Scoping Document' (2014) <https://www.icann.org/en/system/files/files/iana-transition-scoping-08apr14-en.pdf> accessed 9 June 2015.

[24] Milton Mueller, 'ICANN: Anything That Doesn’T Give IANA To Me Is Out Of Scope |' (Internetgovernance.org, 2014) <http://www.internetgovernance.org/2014/04/16/icann-anything-that-doesnt-give-iana-to-me-is-out-of-scope/> accessed 12 June 2015.

[25] Andrew Sullivan, '[Ianaplan] Update On IANA Transition & Negotiations With ICANN' (Ietf.org, 2015) <http://www.ietf.org/mail-archive/web/ianaplan/current/msg01680.html> accessed 14 June 2015.

[26] DNA Member Breakfast With Fadi Chehadé (2015-02-11) (The Domain Name Association 2015).

[27] Andrew Sullivan, '[Ianaplan] Update On IANA Transition & Negotiations With ICANN' (Ietf.org, 2015) <http://www.ietf.org/mail-archive/web/ianaplan/current/msg01680.html> accessed 14 June 2015.

[28] Mobile.twitter.com, 'Twitter' (2015) <https://mobile.twitter.com/arunmsukumar/status/603952197186035712> accessed 12 June 2015.

[29] Alina Selyukh, 'U.S. Plan To Cede Internet Domain Control On Track: ICANN Head' Reuters (2015) <http://www.reuters.com/article/2015/06/02/us-usa-internet-icann-idUSKBN0OI2IJ20150602> accessed 15 June 2015.

[30] 114th Congress, 'H.R.2251 - Defending Internet Freedom Act Of 2015' (2015).

[31] John Eggerton, 'House Bill Blocks Internet Naming Oversight Handoff: White House Opposes Legislation' Broadcasting & Cable (2015) <http://www.broadcastingcable.com/news/washington/house-bill-blocks-internet-naming-oversight-handoff/141393> accessed 9 June 2015.

[32] Communications And Technology Subcommittee Vote On The DOTCOM Act (2015).

[33] Timothy Wilt, 'DOTCOM Act Breezes Through Committee' Digital Liberty (2015) <http://www.digitalliberty.net/dotcom-act-breezes-committee-a319> accessed 22 June 2015.

For more details visit https://cis-india.org/internet-governance/blog/iana-transitition-stewardship-icann-accountability-1

IANA Transition & ICANN Accountability Process and India' s Position

jyoti — 2015-08-23T09:26:06Z

Jyoti Panday participated in the workshop organized by CCAOI on "IANA Transition & ICANN Accountability Process and India' s Position" on May 30, 2015.

Dr Ajay Kumar launched the IANA Transition Report and set the context for the workshop. Dr Mahesh Uppal was the moderator of the panel and other participants included Mr Samiran Gupta, ICANN providing an overview of the current status on the transition, Mr Parminder Singh, IT for Change and Mr Rahul Sharma, DSCI sharing concerns of different stakeholders.

The panel also saw discussion on issues in the transition process that are of relevance to India and what should their position going forward including ensuring the efficiency of ICANN Functions included in the CWG draft proposal.

CIS raised issues around financial accountability and the role of ICANN in shaping markets therefore the urgent need for improving transparency and accountability measures.

The report launched at the workshop is available here.

For more details visit https://cis-india.org/internet-governance/news/iana-transition-icann-accountability-process-indian-position

DIDP Request #8: ICANN Organogram

geetha — 2015-03-17T11:39:16Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of its oragnisational structure and headcount of all staff. CIS' request and ICANN's response are detailed below.

CIS Request

13 January 2015

To:

Mr. Steve Crocker, Chairman of the Board

Mr. Fadi Chehade, President and CEO

Mr. Samiran Gupta, ICANN India

Sub: ICANN organogram

In order to understand ICANN’s organizational structure, decision-making and day-to-day functioning, may we request an organogram of ICANN. We request that the organogram include ICANN’s reporting hierarchy, mentioning positions held in all departments. Wherever possible (such as middle and senior management), we request names of the ICANN staff holding the positions as well. Along with this, could you also provide a count per department of the number of ICANN staff employed in all departments as of this date?

We await your favorable response and the requested information within the prescribed time limit. Please do not hesitate to contact us should you require any clarifications.

Thank you very much.

Warm regards,

Geetha Hariharan

Centre for Internet & Society

W: http://cis-india.org

ICANN Response

ICANN does not provide all the information we requested, but it responded with the following:

First, ICANN has responded that its current staff headcount is approx. 310. ICANN states that it already makes publicly available an organisational chart. This is immensely useful, for it sets out the reporting hierarchies at senior and mid-managerial levels. However, it doesn't tell us the organisational structure categorised by all departments and staff in the said departments. The webpages of some of ICANN's departments list out some of its staff; for instance, Contractual Compliance, Global Stakeholder Engagement and Policy Development (scroll down).

What you will notice is that ICANN provides us a list of staff, but we cannot be sure whether the team includes more persons than those mentioned. Second, a quick glance at the Policy Development staff makes clear that ICANN selects from outside this pool to coordinate the policy development. For instance, the IANA Stewardship Transition (the CWG-IANA) is supported by Ms. Grace Abuhamad, who is not a member of the policy support staff, but coordinates the IANA mailing list and F2F meetings anyway. What this means is that we're no longer certain who within ICANN is involved in policy development and support, whom they report to, and where the Chinese walls lie. This is why an organogram is necessary: the policy-making and implementation functions in ICANN may be closely linked because of staff interaction, and effective Chinese walls would benefit from public scrutiny.

Now, ICANN says that one may explore staff profiles on the Staff page. While short biographies/profiles are available for most staff on the Staff page, it's unclear what departments they work in, how many staff members work each in department, whom they report to, and what the broad range of their responsibilities include.

Privacy concerns do not preclude the disclosure of such information for two reasons. First, staff profiles imply a consent to making staff information public (at least their place in the organisational structure, if not their salaries, addresses, phone extension numbers, etc.). Second, such information is necessary and helpful to scrutinise the effectiveness of ICANN's functioning. Like the example of the policy-making process mentioned above, greater transparency in internal functioning will itself serve as a check against hazards like partisanism, public comment aggregation, drafting of charters for policy-making and determining scope, etc. While the functioning itself may or need not change, scrutiny can ensure responsibility from ICANN and its staff.

ICANN's response to our DIDP request may be found here. A short summary of our request and ICANN's response may be found in this table (Request S. no. 8).

For more details visit https://cis-india.org/internet-governance/blog/didp-request-8-organogram

DIDP Request #7: Globalisation Advisory Groups

geetha — 2015-03-17T10:07:26Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking information regarding the creation and dissolution of the President's Globalisation Advisory Groups. The GAGs were created to advise the ICANN Board on its globalisation efforts, and to address questions on Affirmation of Commitments (AOC), policy structures, legal structure, root server system, the IANA multistakeholder accountability, and Internet governance. CIS' request and ICANN's response are detailed below.

CIS Request

12 January 2015

To:
Mr. Fadi Chehade, CEO and President

Mr. Steve Crocker, Chairman of the Board

Ms. Theresa Swineheart, Senior Advisor to the President on Strategy

Mr. Samiran Gupta, ICANN India

Sub: Creation and dissolution of the President’s Globalisation Advisory Groups

On 17 February 2014, at a Special Meeting of the ICANN Board, the Board passed a resolution creating the President’s Globalisation Advisory Groups.1 Six Globalisation Advisory Groups were created, including on IANA globalization, legal structures, Internet governance, the Affirmation of Commitments, policy structures and the root server system.2 According to the minutes of the meeting, the Advisory Groups were to meet with the community at ICANN49 (Singapore, March 2014), make recommendations to the Board, and the Board would present their reports at ICANN50 (London, June 2014).3 Mr. Chehade was vested with the authority to change the Advisory Groups and their composition without the need for a further resolution, but the manner of dissolution was not laid out.

ICANN lists the Advisory Groups on its “Past Groups” page, with no further information.4 Presumably, the Groups remained in existence for at most one month. No explanation is provided for the reasons regarding the dissolution of all the Advisory Groups. There are no reports or transcripts of meetings with the community at ICANN49 or recommendations to Mr. Chehade or the Board.

The Globalisation Advisory Groups covered issues crucial for ICANN and the global Internet governance community, including its seat (“Legal Structures”), the Affirmation of Commitments (considered critical for ICANN’s accountability), the IANA stewardship transition, and ICANN’s (increasing) involvement in Internet governance. Given this, we request the following information:

Of the six Globalisation Advisory Groups created, is any Group active as of today (12 January 2015)?
When and how many times did any of the Groups meet?
On what date were the Groups dissolved? Were all Groups dissolved on the same date?
By what mechanism did the dissolution take place (oral statement, email)? If the dissolution occurred by way of email or statement, please provide a copy of the same.
Did any of the six Globalisation Advisory Groups present any report, advice, or recommendations to Mr. Chehade or any member(s) of the Board, prior to their dissolution? If yes, please provide the report/recommendations (if available) and/or information regarding the same.
Why were the Advisory Groups dissolved? Has any reason been recorded, and if not, please provide an explanation.

We await your favorable response and the requested information within the prescribed time limit. Please do not hesitate to contact us should you require any clarifications.

Thank you very much.

Warm regards,
Geetha Hariharan
Centre for Internet & Society

ICANN Response

ICANN's response to this request is positive. ICANN states that the Board did indeed set up the six Globalisation Advisory Groups (GAGs) on 17 February 2014 to tackle issues surrounding ICANN's globalisation efforts. The Affirmation of Commitments (AOC), policy structures, legal structure, root server system, the IANA multistakeholder accountability, and Internet governance were issues taken up by the GAGs. However, after the NTIA made its announcement regarding the IANA transition in March 2014, the GAGs were disbanded so as to avoid duplication of work on issues that "had a home in the global multistakeholder discussions". As a result, by a Board resolution dated 27 March 2014, the GAGs were dissolved.

This is an example of a good response to an information request. Some documentation regarding the creation and dissolution of the GAGs existed, such as the Board resolutions. The response points us to these documents, and summarises the reasons for the GAGs' creation and dissolution.

It is possible that this response is clear/comprehensive because the GAGs no longer exist, and in any event, did not perform any work worth writing about. Queries about ICANN's involvement in Internet governance (NETmundial, the NETmundial Initiative, etc.) garner responses that are, to say it informally, cage-y and surrounded by legalese.

ICANN's response to our DIDP request may be found here. A short summary of our request and ICANN's response may be found in this table (Request S. no. 7).

[1] See Approved Board Resolutions | Special Meeting of the Board, https://www.icann.org/resources/board-material/resolutions-2014-02-17-en.

[2] See President’s Globalisation Advisory Groups, https://www.icann.org/en/system/files/files/globalization-19feb14-en.pdf.

[3] See Minutes | Special Meeting of the Board, https://www.icann.org/resources/board- material/minutes-2014-02-17-en.

[4] See Past Committees, Task Forces, and Other Groups, https://www.icann.org/resources/pages/past-2012-02-25-en.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-7-globalisation-advisory-groups

DIDP Request #6: Revenues from gTLD auctions

geetha — 2015-03-10T10:59:37Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking information regarding revenues received from gTLD auctions. CIS' request and ICANN's response are detailed below.

CIS Request

12 January 2015

To:

Mr. Fadi Chehade, CEO and President

Mr. Steve Crocker, Chairman of the Board

Sub: Revenues from gTLD auctions

It is our understanding that an auction for a Generic Top Level Domain (gTLD) is used as a last-resort mechanism in order to resolve string contention, i.e., when there are groups of applications for same or confusingly similar new gTLDs. As of now, the ICANN website only furnishes information of the winning applicant and the winning price, as regards each new gTLD auction.[1] We have observed that information regarding the bids from all other applicants is not available. The revenue information provided to us[2] does not include revenues from new gTLDs.

In this regard, we request you to provide us with the following information:

(i) How many gTLDs have been sold via the auction process, since its inception?

(ii) What were the starting and winning bids in the ICANN auctions conducted?

(iii) What revenue has ICANN received from the gTLD auctions, since the first ICANN auction was conducted? Please also provide information about the winner (name, corporate information provided to/ available with ICANN).

(iv) How are proceeds from the gTLD auction process utilized?

We believe that this information will give us a framework for understanding the gTLD auction process within ICANN. Furthermore, it will assist us in understanding the manner and purpose for which the proceeds from the auctioning process are utilized, in the broader structure of ICANN transparency and accountability.

We hope that our request will be processed within the stipulated time period of 30 days. Do let us know if you require any clarifications on our queries.

Warm regards,

Lakshmi Venkataraman,

IV Year, NALSAR University of Law, Hyderabad,

for Centre for Internet & Society

W: http://cis-india.org

ICANN Response

ICANN's response to the above query is positive. ICANN states that all information surrounding the auctions is available on the New gTLDs microsite, and on the Auctions page: http://newgtlds.icann.org/en/applicants/auctions. The current status of auction proceeds and costs are available at http://newgtlds.icann.org/en/applicants/auctions/proceeds, and auction results are at https://gtldresult.icann.org/application-result/applicationstatus/auctionresults. The utilization of proceeds from the auctions is yet to be decided by the ICANN Board: “[auction] proceeds will be reserved and earmarked until the Board determines a plan for the appropriate use of the funds through consultation with the community. Auction proceeds are net of any Auction costs. Auction costs may include initial set-up costs, auction management fees, and escrow fees.”

ICANN's response to our DIDP request may be found here. A short summary of our request and ICANN's response may be found in this table (Request S. no. 6).

[1] See Auction Results, https://gtldresult.icann.org/application-result/applicationstatus/auctionresults.

[2] See ICANN reveals hitherto undisclosed details of domain names revenues, http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-6-revenues-from-gtld-auctions

DIDP Request #5: The Ombudsman and ICANN's Misleading Response to Our Request

geetha — 2015-03-06T11:11:31Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of the complaints received and resolved, parties involved and the nature of complaints under the Ombudsman process. CIS' request and ICANN's response are detailed below. ICANN's response is misleading in its insistence on confidentiality of all Ombudsman complaints and resolutions.

CIS Request

26 December 2014

To:
Mr. Steve Crocker, Chairman of the Board

Mr. Fadi Chehade, CEO and President

Mr. Chris LaHatte, Ombudsman, ICANN

Sub: Details regarding complaints submitted to the ICANN Ombudsman

We are very pleased to note that ICANN’s transparency and accountability mechanisms include maintaining a free, fair and impartial ombudsman. It is our understanding that any person with a complaint against the ICANN Board, staff or organization, may do so to the designated ombudsman.[1] We also understand that there are cases that the ICANN ombudsman does not have the authority to address.

In order to properly assess and study the efficiency and effectiveness of the ombudsman system, we request you to provide us with the following information:

(i) A compilation of all the cases that have been decided by ICANN ombudsmen in the history of the organization.

(ii) The details of the parties that are involved in the cases that have been decided by the ombudsmen.

(iii)A description of the proceedings of the case, along with the party that won in each instance.

Further, we hope you could provide us with an answer as to why there have been no ombudsman reports since the year 2010, on the ICANN website.[2] Additionally, we would like to bring to your notice that the link that provides the ombudsman report for the year 2010 does not work.

In order to properly assess the mechanism that ICANN uses for grievance redressal, it would be necessary to examine the details of all the cases that ICANN ombudsmen have presided over in the past. In this regard, kindly provide us with the above information.

We do hope that you will be able to furnish this information to us within the stipulated time period of 30 days. Do not hesitate to contact us if you have any doubts regarding our queries. Thank you so much.

Yours sincerely,
Lakshmi Venkataraman
NALSAR University of Law, Hyderabad, for Centre for Internet & Society
W: http://cis-india.org

ICANN Response

In its response, ICANN declines our request on grounds of confidentiality. It refers to the ICANN Bylaws on the office of the Ombudsman to argue that all matters brought before the Ombudsman "shall be treated as confidential" and the Ombudsman shall "take all reasonable steps necessary to preserve the privacy of, and to avoid harm to, those parties not involved in the complaint being investigated by the Ombudsman". ICANN states that the Ombudsman publishes Annual Reports, in which he/she provides a "consolidated analysis of the year's complaints and resolutions", including "a description of any trends or common elements of complaints received". In sum, ICANN states that making Ombudsman Requests public would violate ICANN Bylaws, and topple the independence and integrity of the Ombudsman.

These are, perhaps, valid reasons to decline our DIDP request. But it is important to investigate ICANN's reasons. The ICANN Board appoints the Ombudsman for 2 year terms, under Article V of ICANN’s Bylaws. As we note in an earlier post, the Ombudsman’s principal function is to receive and dispose of complaints about unfair treatment by the ICANN Board, Staff or constituency. He/she reports to the ICANN Board alone. He/she also reports on the categories of complaints he receives, and statistics regarding decisions in his Annual Reports; no details are forthcoming for stated reasons of confidentiality and privacy. It is clear, therefore, that the Ombudsman receives and disposes of complaints under a procedure that is inadequately transparent.

ICANN argues, however, that for reasons of confidentiality and integrity of the Ombudsman office, ICANN is unable to disclose details regarding Ombudsman complaints, the complainants/respondents and a description of the proceedings (including the decision/resolution). Indeed, ICANN states its "Bylaws and the Ombudsman Framework obligates the Ombudsman to treat all matters brought before him as confidential and 'to take reasonable steps necessary to preserve the privacy of, and to avoid harm to, those parties not involved in the complaint being investigated by the Ombudsman'.” For this reason, ICANN considers that "Disclosing details about the parties involved and the nature of the cases that have been decided by the Ombudsmen would not only compromise the confidentiality of the Ombudsman process but would also violate the ICANN Bylaws and the Ombudsman Framework."

While the privacy of parties both involved and "not involved in the complaint" can be preserved (by redacting names, email addresses and other personal identification), how valid is ICANN's dogged insistence on confidentiality and non-disclosure? Let's look at Article V of ICANN's Bylaws and the Ombudsman Framework both.

Do ICANN Bylaws bind the Ombudsman to Confidentiality?

Under Article V, Section 1(2) of ICANN's Bylaws, the Ombudsman is appointed by the ICANN Board for a 2 year term (renewable). As noted earlier, the Ombudsman's principal function is to “provide an independent internal evaluation of complaints by members of the ICANN community who believe that the ICANN staff, Board or an ICANN constituent body has treated them unfairly” or inappropriately (Art. V, Section 2). The Ombudsman is not a judge; his conflict resolution tools are "negotiation, facilitation, and 'shuttle diplomacy'.

According to Art. V, Section 3(3), the Ombudsman has access to "all necessary information and records from staff and constituent bodies" to evaluate complaints in an informed manner. While the Ombudsman can access these records, he may not "publish if otherwise confidential". When are these records confidential, then? Section 3(3) supplies the answer. The confidentiality obligations are as "imposed by the complainant or any generally applicable confidentiality policies adopted by ICANN". For instance, the complainant can waive its confidentiality by publishing the text of its complaint and the Ombudsman's response to the same (such as the Internet Commerce Association's complaint regarding the Implementation Review Team under the new gTLD program), or a complaint may be publicly available on a listserv. In any event, there is no blanket confidentiality obligation placed on the Ombudsman under ICANN's Bylaws.

Moreover, the Ombudsman also publishes Annual Reports, in which he/she provides a "consolidated analysis of the year's complaints and resolutions", including "a description of any trends or common elements of complaints received". That is, the Ombudsman's Annual Report showcases a graph comparing the increase in the number of complaints, categories of complaints (i.e., whether the complaints fall within or outside of the Ombudsman's jurisdiction), and a brief description of the Ombudsman's scope of resolution and response. The Annual Reports indicate that the mandate of the Ombudsman's office is extremely narrow. In 2014, for instance, 75 out of 467 complaints were within Mr. LaHatte's jurisdiction (page 5), but he notes that his ability to intervene is limited to "failures in procedure". As an input to the ATRT2 Report noted, the Office of the Ombudsman “appears so restrained and contained” (page 53). As the ATRT2 noted, "ICANN needs to reconsider the Ombudsman’s charter and the Office’s role as a symbol of good governance to be further incorporated in transparency processes"; the Office's transparency leaves much to be desired.

But I digress.

The Ombudsman is authorised to make reports on any complaint and its resolution (or lack thereof) to the ICANN Board, and unless the Ombudsman says so in his sole discretion, his reports are to be posted on the website (Art. V, Section 4(4)). The Ombudsman can also report on individual requests, such as Mr. LaHatte's response to a complaint regarding a DIDP denial (cached). Some reports are actually available on the Ombudsman page; the last published report dates back to 2012, though in 2013 and 2014, the Ombudsman dealt with more complaints within his jurisdiction than in 2012 or prior. So ICANN's argument that disclosing the information we ask for in our DIDP Request would violate ICANN Bylaws and the confidentiality of the Ombudsman is misleading.

Does the Ombudsman Framework Prohibit Public Reporting?

So if ICANN Bylaws do not ipso facto bind the Ombudsman's complaint and conflict resolution process to confidentiality, does the Ombudsman Framework do so?

The Ombudsman does indeed have confidentiality obligations under the Ombudsman Framework (page 4). All matters brought before the Ombudsman shall be treated as confidential, and the identities of parties not involved in the complaint are required to be protected. The Ombudsman may reveal the identity of the complainant to the ICANN Board or Staff only to further the resolution of a complaint (which seems fairly obvious); this obligation is extended to ICANN Board and Staff as well.

As the Framework makes crystal clear, the identity of complainants are to be kept confidential. Nothing whatsoever binds the Ombudsman from revealing the stakeholder group or affiliation of the complainants - and these are possibly of more importance. What stakeholders most often receive unfair or inappropriate treatment from ICANN Board, Staff or constituent bodies? Does business suffer more, or do non-commercial users, or indeed, governments? It is good to know what countries the complaints come from (page 4-5), but given ICANN's insistence on its multi-stakeholder model as a gold standard, it is important to know what stakeholders suffer the most in the ICANN system.

In fact, in the first page, the Ombudsman Framework says this: "The Ombudsman may post complaints and resolutions to a dedicated portion of the ICANN website (http://www.icann.org/ombudsman/): (i) in order to promote an understanding of the issues in the ICANN community; (ii) to raise awareness of administrative fairness; and (iii) to allow the community to see the results of similar previous cases. These postings will be done in a generic manner to protect the confidentiality and privilege of communicating with the Office of Ombudsman." But the ICANN website does not, in fact, host records of any Ombudsman complaints or resolutions; it links you only to the Annual Reports and Publications.

As I've written before, the Annual Reports provide no details regarding the nature of each complaint, their origins or resolution, and are useful if the only information we need is bare statistics of the number of complaints received. That is useful, but it's not enough. Given that the Ombudsman Framework does allow complaint/resolution reporting, it is baffling that ICANN's response to our DIDP request chooses to emphasise only the confidentiality obligations, while conveniently leaving out the parts enabling and encouring reporting.

Should ICANN Report the Ombudsman Complaints?

Of course it should. The Ombudsman is aimed at filling an integral gap in the ICANN system - he/she listens to complaints about treatment by the ICANN Board, Staff or constituent bodies. As the discussions surrounding the appeal procedures in the CWG-Names show, and as the ATRT2 recommendations on Reconsideration and Independent Review show, conflict resolution mechanisms are crucial in any environment, not least a multi-stakeholder one. And in an organisation that leaves much desired by way of accountability and transparency, not reporting on complaints against the Board, staff or constituencies seems a tad irresponsible.

If there are privacy concerns regarding the identities of complainants, their personal identifying information can be redacted. Actually, in the complaint form, adding a waiver-of-confidentiality tick-box would solve the problem, allowing the complainant to choose whether to keep his/her complaint unreportable. But the details of the respondents ought to be reported; as the entity responsible and accountable, ICANN should disclose whom complaints have been made against.

ICANN's response to our DIDP request may be found here. A short summary of our request and ICANN's response may be found in this table (Request S. no. 5).

[1] See What the Ombudsman can do for you, https://www.icann.org/resources/pages/contact- 2012-02-25-en.

[2] See Annual Reports & Publications, https://www.icann.org/resources/pages/reports-96-2012- 02-25-en.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-5-the-ombudsman-and-icanns-misleading-response-to-our-request-1

DIDP Request #4: ICANN and the NETmundial Principles

geetha — 2015-03-05T08:28:44Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of ICANN's implementation of the NETmundial Principles that it has endorsed widely and publicly. CIS' request and ICANN's response are detailed below.

CIS Request

27 December 2014

To:

Mr. Fadi Chehade, CEO and President

Mr. Steve Crocker, Chairman of the Board

Mr. Cherine Chalaby, Chair, Finance Committee of the Board

Mr. Xavier Calvez, Chief Financial Officer

Sub: Details of implementation by and within ICANN of the NETmundial Outcome Document (April ‘14)

We express our appreciation at ICANN’s prompt acknowledgement of our previous DIDP request, and await the information. We would, in the meanwhile, request information regarding ICANN’s internal measures to implement the NETmundial Outcome Document.[1]

In a post titled Turning Talk Into Action After NETmundial,[2] Mr. Chehade emphasized the imperative to carry forward the NETmundial principles to fruition. In nearly every public statement, Mr. Chehade and other ICANN representatives have spoken in praise and support of NETmundial and its Outcome Document.

But in the absence of binding value to them, self-regulation and organizational initiatives pave the way to adopt them. There must be concrete action to implement the Principles. In this regard, we request information about mechanisms or any other changes afoot within ICANN, implemented internally in recognition of the NETmundial Principles.

At the IGF in Istanbul, when CIS’ Sunil Abraham raised this query,[3] Mr. Chehade responded that mechanisms ought to and will be undertaken jointly and in collaboration with other organisations. However, institutional improvements are intra-organisational as well, and require changes within ICANN. An example would be the suggestions to strengthen the IGF, increase its term, and provide financial support (some of which are being achieved, though ICANN’s financial contribution to IGFSA is incongruous in comparison to its financial involvement in the NETmundial Initiative).

From ICANN, we have seen consistent championing of the controversial NETmundial Initiative,[4] and contribution to the IGF Support Association.[5] There are also mechanisms instituted for IANA Stewardship Transition and Enhancing ICANN Accountability,[6] as responses to the NTIA’s announcement to not renew the IANA functions contract and related concerns of accountability.

In addition to the above, we would like to know what ICANN has done to implement the NETmundial Principles, internally and proactively.

We hope that our request will be processed within the stipulated time period of 30 days. Do let us know if you require any clarifications on our queries.

Thank you very much.

Warm regards,

Geetha Hariharan

Centre for Internet & Society

W: http://cis-india.org

ICANN Response

ICANN's response to the above request disappointingly linked to the very same blogpost we note in our request, Turning Talk Into Action After NETmundial. Following this, ICANN points us to their involvement in the NETmundial Initiative. On the question of internal implementation, ICANN's response is defensive, to say the least. "ICANN is not the home for the implementation of the NETmundial Principles", they say. In any event, ICANN defends that it already implements the NETmundial Principles in its functioning, a response that comes as a surprise to us. "Many of the NETmundial Principles are high-level statements that permeate through the work of any entity – particularly a multistakeholder entity like ICANN – that is interested in the upholding of the inclusive, multistakeholder process within the Internet governance framework", notes ICANN's response. Needless to say, ICANN's response falls short of responding to our queries.

Finally, ICANN notes that our request is beyond the scope of the DIDP, as it does not relate to ICANN's operational activities. Notwithstanding that our query does in fact seek ICANN's operationalisation of the NETmundial Principles, we are now confused as to where to go to seek this information from ICANN. If the DIDP is not the effective transparency tool it is aimed to be, who in ICANN can provide answers to these questions?

ICANN's response may be found here. A short summary of our request and ICANN's response may be found in this table (Request S. no. 4).

[1] See NETmundial Multi-stakeholder Statement, http://netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf.

[2] See Chehade, Turning Talk Into Action After NETmundial, http://blog.icann.org/2014/05/turning-talk-into-action-after-netmundial/.

[3] See ICANN Open Forum, 9^th IGF 2014 (Istanbul, Turkey), https://www.youtube.com/watch?v=Cio31nsqK_A.

[4] See McCarthy, I’m Begging You To Join, The Register (12 December 2014), http://www.theregister.co.uk/2014/12/12/im_begging_you_to_join_netmundial_initiative_gets_desperate/.

[5] See ICANN Donates $50k to Internet Governance Forum Support Association, https://www.icann.org/resources/press-material/release-2014-12-18-en.

[6] See NTIA IANA Functions’ Stewardship Transition & Enhancing ICANN Accountability Processes, https://www.icann.org/stewardship-accountability.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-4-icann-and-the-netmundial-principles

DIDP Request #3: Cyber-attacks on ICANN

geetha — 2015-03-05T08:16:26Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of cyber-attacks on ICANN, and ICANN's internal and external responses to the same. CIS' request and ICANN's response are detailed below.

CIS Request

24 December 2014

To:

Mr. Steve Crocker, Chairman of the Board

Mr. Fadi Chehade, CEO and President

Mr. Geoff Bickers, Team Lead, ICANN Computer Incident Response Team (CIRT) & Director of Security Operations

Mr. John Crain, Chief Security, Stability and Resiliency Officer

Members of the ICANN-CIRT & ICANN Security Team

Sub: Details of cyber-attacks on ICANN

We understand that ICANN recently suffered a spear-phishing attack that compromised contact details of several ICANN staff, including their email addresses; these credentials were used to gain access to ICANN’s Centralized Zone Data System (CZDS).[1] We are glad to note that ICANN’s critical functions and IANA-related systems were not affected.[2]

The incident has, however, raised concerns of the security of ICANN’s systems. In order to understand when, in the past, ICANN has suffered similar security breaches, we request details of all cyber-attacks suffered or thought/suspected to have been suffered by ICANN (and for which, therefore, investigation was carried out within and outside ICANN), from 1999 till date. This includes, naturally, the recent spear-phishing attack.

We request information regarding, inter alia,

(1) the date and nature of all attacks, as well as which ICANN systems were compromised,

(2) actions taken internally by ICANN upon being notified of the attacks,

(3) what departments or members of staff are responsible for security and their role in the event of cyber-attacks,

(4) the role and responsibility of the ICANN-CIRT in responding to cyber-attacks (and when policies or manuals exist for the same; if so, please share them),

(5) what entities external to ICANN are involved in the identification and investigation of cyber-attacks on ICANN (for instance, are the police in the jurisdiction notified and do they investigate? If so, we request copies of complaints or information reports),

(6) whether and when culprits behind the ICANN cyber-attacks were identified, and

(7) what actions were subsequently taken by ICANN (ex: liability of ICANN staff for security breaches should such a finding be made, lawsuits or complaints against perpetrators of attacks, etc.).

Finally, we also request information on the role of the ICANN Board and/or community in the event of such cyber-attacks on ICANN. Also, when was the ICANN-CIRT set up and how many incidents has it handled since its existence? Do there exist contingency procedures in the event of compromise of IANA systems (and if so, what)?

We hope that our request will be processed within the stipulated time period of 30 days. Do let us know if you require any clarifications on our queries.

Thank you very much.

Warm regards,

Geetha Hariharan

Centre for Internet & Society

W: http://cis-india.org

ICANN Response

ICANN responded to our request by noting that it is vague and broad in both time and scope. In response, ICANN has provided information regarding certain cyber-incidents already in the public domain, while noting that the term "cyber-attack" is both wide and vague. While the information provided is undoubtedly useful, it is anecdotal at best, and does not provide a complete picture of ICANN's history of vulnerability to cyber-attacks or cyber-incidents, or the manner of its internal response to such incidents, or of the involvement of external law enforcement agencies or CIRTs in combating cyber-incidents on ICANN.

ICANN's response may be found here. A short summary our request and ICANN's response may be found in this table (Request S. no. 3).

[1] See ICANN targeted in spear-phishing attack, https://www.icann.org/news/announcement-2-2014-12-16-en.

[2] See IANA Systems not compromised, https://www.icann.org/news/announcement-2014-12-19-en.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-3-cyber-attacks-on-icann