The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 21 to 33.
DIDP Request #6: Revenues from gTLD auctions
https://cis-india.org/internet-governance/blog/didp-request-6-revenues-from-gtld-auctions
<b>CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking information regarding revenues received from gTLD auctions. CIS' request and ICANN's response are detailed below.</b>
<p style="text-align: justify; "> </p>
<h2 style="text-align: justify; ">CIS Request</h2>
<p style="text-align: justify; "><span>12 January 2015</span><span> </span></p>
<p style="text-align: justify; ">To:</p>
<p style="text-align: justify; ">Mr. Fadi Chehade, CEO and President</p>
<p style="text-align: justify; ">Mr. Steve Crocker, Chairman of the Board</p>
<p style="text-align: center; "><strong>Sub: Revenues from gTLD auctions</strong></p>
<p style="text-align: justify; "><span> </span></p>
<p style="text-align: justify; ">It is our understanding that an auction for a Generic Top Level Domain (gTLD) is used as a last-resort mechanism in order to resolve string contention, i.e., when there are groups of applications for same or confusingly similar new gTLDs. As of now, the ICANN website only furnishes information of the winning applicant and the winning price, as regards each new gTLD auction.<a href="#_ftn1">[1]</a> We have observed that information regarding the bids from all other applicants is not available. The revenue information provided to us<a href="#_ftn2">[2]</a> does not include revenues from new gTLDs.</p>
<p style="text-align: justify; ">In this regard, we request you to provide us with the following information:</p>
<p style="text-align: justify; ">(i) How many gTLDs have been sold <i>via</i> the auction process, since its inception?</p>
<p style="text-align: justify; ">(ii) What were the starting and winning bids in the ICANN auctions conducted?</p>
<p style="text-align: justify; ">(iii) What revenue has ICANN received from the gTLD auctions, since the first ICANN auction was conducted? Please also provide information about the winner (name, corporate information provided to/ available with ICANN).</p>
<p style="text-align: justify; ">(iv) How are proceeds from the gTLD auction process utilized?</p>
<p style="text-align: justify; "><span>We believe that this information will give us a framework for understanding the gTLD auction process within ICANN. Furthermore, it will assist us in understanding the manner and purpose for which the proceeds from the auctioning process are utilized, in the broader structure of ICANN transparency and accountability.</span></p>
<p style="text-align: justify; ">We hope that our request will be processed within the stipulated time period of 30 days. Do let us know if you require any clarifications on our queries.</p>
<p style="text-align: justify; ">Warm regards,</p>
<p style="text-align: justify; ">Lakshmi Venkataraman,</p>
<p style="text-align: justify; ">IV Year, NALSAR University of Law, Hyderabad,</p>
<p style="text-align: justify; "><i>for </i>Centre for Internet & Society</p>
<p style="text-align: justify; ">W: <a href="http://cis-india.org">http://cis-india.org</a></p>
<p style="text-align: justify; "> </p>
<h2 style="text-align: justify; ">ICANN Response</h2>
<p style="text-align: justify; ">ICANN's response to the above query is positive. ICANN states that all information surrounding the auctions is available on the New gTLDs microsite, and on the Auctions page: <span>http://newgtlds.icann.org/en/applicants/auctions. The current status of </span><span>auction proceeds and costs are available at </span><span>http://newgtlds.icann.org/en/applicants/auctions/proceeds,</span><span> and auction results are at </span><span>https://gtldresult.icann.org/application-result/applicationstatus/auctionresults. The utilization of proceeds from the auctions is yet to be decided by the ICANN Board:</span><span> “[auction] proceeds will be reserved and earmarked until the Board determines a plan for the appropriate use of the funds through consultation with the community. Auction proceeds are net of any Auction costs. Auction costs may include initial set-up costs, auction management fees, and escrow fees.”</span></p>
<p style="text-align: justify; "><span style="text-align: justify; ">ICANN's response to our DIDP request may be <a href="https://www.icann.org/en/system/files/files/cis-response-09feb15-en.pdf"><strong>found here</strong></a>.</span><span style="text-align: justify; "> A short summary of our request and ICANN's response may be found </span><a href="http://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file" style="text-align: justify; "><strong>in this table (Request S. no. 6)</strong></a><span style="text-align: justify; ">.</span></p>
<hr size="1" style="text-align: justify; " width="33%" />
<p style="text-align: justify; "><a href="#_ftnref1">[1]</a> See <i>Auction Results</i>, <a href="https://gtldresult.icann.org/application-result/applicationstatus/auctionresults">https://gtldresult.icann.org/application-result/applicationstatus/auctionresults</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref2">[2]</a> See <i>ICANN reveals hitherto undisclosed details of domain names revenues</i>, <a href="http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014">http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/didp-request-6-revenues-from-gtld-auctions'>https://cis-india.org/internet-governance/blog/didp-request-6-revenues-from-gtld-auctions</a>
</p>
No publishergeethaICANNDIDPTransparencyAccountability2015-03-10T10:59:37ZBlog EntryDIDP Request #5: The Ombudsman and ICANN's Misleading Response to Our Request
https://cis-india.org/internet-governance/blog/didp-request-5-the-ombudsman-and-icanns-misleading-response-to-our-request-1
<b>CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of the complaints received and resolved, parties involved and the nature of complaints under the Ombudsman process. CIS' request and ICANN's response are detailed below. ICANN's response is misleading in its insistence on confidentiality of all Ombudsman complaints and resolutions.</b>
<div class="page" title="Page 1">
<div class="layoutArea">
<div class="column">
<p style="text-align: justify; "> </p>
<h2 style="text-align: justify; ">CIS Request</h2>
<p style="text-align: justify; "><span>26 December 2014</span></p>
</div>
</div>
<div class="layoutArea">
<div class="column">
<p><span>To:<br /> Mr. Steve Crocker, Chairman of the Board </span></p>
<p><span>Mr. Fadi Chehade, CEO and President </span></p>
<p><span>Mr. Chris LaHatte, Ombudsman, ICANN </span></p>
<p style="text-align: center; "><span><strong>Sub: Details regarding complaints submitted to the ICANN Ombudsman </strong></span></p>
<p><span>We are very pleased to note that ICANN’s transparency and accountability mechanisms include maintaining a free, fair and impartial ombudsman. It is our understanding that any person with a complaint against the ICANN Board, staff or organization, may do so to the designated ombudsman.[1]</span><span> </span><span>We also understand that there are cases that the ICANN ombudsman does not have the authority to address. </span></p>
<p><span>In order to properly assess and study the efficiency and effectiveness of the ombudsman system, we request you to provide us with the following information: </span></p>
<p><span>(i) A compilation of all the cases that have been decided by ICANN ombudsmen in the history of the organization. </span></p>
<p><span>(ii) The details of the parties that are involved in the cases that have been decided by the ombudsmen. </span></p>
<p><span>(iii)A description of the proceedings of the case, along with the party that won in each instance. </span></p>
<p><span>Further, we hope you could provide us with an answer as to why there have been no ombudsman reports since the year 2010, on the ICANN website.[2]</span><span> </span><span>Additionally, we would like to bring to your notice that the link that provides the ombudsman report for the year 2010 does not work.</span></p>
</div>
</div>
<div class="layoutArea">
<div class="column">
<p><span>In order to properly assess the mechanism that ICANN uses for grievance redressal, it would be necessary to examine the details of all the cases that ICANN ombudsmen have presided over in the past. In this regard, kindly provide us with the above information.</span></p>
</div>
</div>
</div>
<div class="page" title="Page 2">
<div class="layoutArea">
<div class="column">
<p><span>We do hope that you will be able to furnish this information to us within the stipulated time period of 30 days. Do not hesitate to contact us if you have any doubts regarding our queries. Thank you so much. </span></p>
<p><span>Yours sincerely,<br /> Lakshmi Venkataraman<br /> NALSAR University of Law, Hyderabad, </span><span>for </span><span>Centre for Internet & Society<br /> W: http://cis-india.org</span></p>
<p> </p>
<h2>ICANN Response</h2>
<p style="text-align: justify; ">In its response, ICANN declines our request on grounds of confidentiality. It refers to the ICANN Bylaws on the office of the Ombudsman to argue that all matters brought before the Ombudsman "shall be treated as confidential" and the Ombudsman shall "<span>take all reasonable steps necessary to preserve the privacy of, and to avoid harm to, those parties not involved in the complaint being investigated by the Ombudsman". ICANN states that the Ombudsman publishes Annual Reports, in which he/she provides a "consolidated analysis of the year's complaints and resolutions", including "</span><span>a description of any trends or common elements of complaints received". </span><span>In sum, ICANN states that m</span><span>aking Ombudsman Requests public would violate ICANN Bylaws, and topple the independence and integrity of the Ombudsman.</span></p>
<p style="text-align: justify; ">These are, perhaps, valid reasons to decline our DIDP request. But it is important to investigate ICANN's reasons. The <span>ICANN Board appoints the Ombudsman for 2 year terms, under </span><a href="https://www.icann.org/resources/pages/governance/bylaws-en#V">Article V of ICANN’s Bylaws</a><span>. As we note </span><a href="http://cis-india.org/internet-governance/blog/where-does-icann2019s-money-come-from-we-asked-they-don2019t-know">in an earlier post</a><span>, the Ombudsman’s principal function is to receive and dispose of <span style="text-align: justify; ">complaints about unfair treatment by the ICANN Board, Staff or constituency.</span></span><span> He/she reports to the ICANN Board alone. He/she also </span><span>reports on the categories of complaints he receives, and statistics regarding decisions in his </span><a href="https://www.icann.org/resources/pages/reports-96-2012-02-25-en">Annual Reports</a><span>; no details are forthcoming for stated reasons of confidentiality and privacy. </span><span>It is clear, therefore, that the Ombudsman receives and disposes of complaints under a procedure that is inadequately transparent. </span></p>
<p style="text-align: justify; "><span>ICANN argues, however, that for reasons of confidentiality and integrity of the Ombudsman office, ICANN is unable to disclose details regarding Ombudsman complaints, the complainants/respondents and a description of the proceedings (including the decision/resolution). Indeed, ICANN states its</span><span> "Bylaws and <a href="https://www.icann.org/en/system/files/files/ombudsman-framework-26mar09-en.pdf">the Ombudsman Framework</a> obligates the Ombudsman to treat all matters brought before him as confidential and 'to take reasonable steps necessary to preserve the privacy of, and to avoid harm to, those parties not involved in the complaint being investigated by the Ombudsman'.” For this reason, ICANN considers that "D</span><span>isclosing details about the parties involved and the nature of the cases that have been decided by the Ombudsmen would not only compromise the confidentiality of the Ombudsman process but would also violate the ICANN Bylaws and the Ombudsman Framework." </span></p>
<p style="text-align: justify; "><span>While the privacy of parties both involved and "not involved in the complaint" can be preserved (by redacting names, email addresses and other personal identification), h</span><span>ow valid is ICANN's dogged insistence on confidentiality and non-disclosure? Let's look at Article V of ICANN's Bylaws and the Ombudsman Framework both.</span></p>
<h3 style="text-align: justify; ">Do ICANN Bylaws bind the Ombudsman to Confidentiality?</h3>
<p style="text-align: justify; ">Under Article V, Section 1(2) of ICANN's Bylaws, the Ombudsman is appointed by the ICANN Board for a 2 year term (renewable). As noted earlier, the Ombudsman's principal function is to<span> </span><span>“provide an independent internal evaluation of complaints by members of the ICANN community who believe that the ICANN staff, Board or an ICANN constituent body has treated them unfairly” or inappropriately (Art. V, Section 2). The Ombudsman is not a judge; his conflict resolution tools are "</span><span>negotiation, facilitation, and 'shuttle diplomacy'. </span></p>
<p style="text-align: justify; "><span>According to Art. V, Section 3(3), the Ombudsman has access to "all necessary information and records from staff and constituent bodies" to evaluate complaints in an informed manner. While the Ombudsman can <i>access</i> these records, he may not "publish if otherwise confidential". When are these records confidential, then? Section 3(3) supplies the answer. The confidentiality obligations are as "imposed by the complainant or <span style="text-align: justify; ">any generally applicable confidentiality policies adopted by ICANN". For instance, the complainant can waive its confidentiality by publishing the text of its complaint <span style="text-align: justify; ">and the Ombudsman's response to the same </span>(such as the <a href="http://www.internetcommerce.org/ica-tells-icann-ombudsman-office-its-irt-report-tardy-nonresponsive-and-non-persuasive/">Internet Commerce Association's complaint</a> regarding the Implementation Review Team under the new gTLD program), or a complaint may be publicly <a href="http://lists.ncuc.org/pipermail/ncuc-discuss/2012-November/010974.html">available on a listserv</a>. In any event, there is no blanket confidentiality obligation placed on the Ombudsman under ICANN's Bylaws.</span></span></p>
<p style="text-align: justify; "><span><span style="text-align: justify; "><span style="text-align: justify; ">Moreover, the Ombudsman also publishes Annual Reports,</span><span style="text-align: justify; "> in which he/she provides a "consolidated analysis of the year's complaints and resolutions", including "</span><span style="text-align: justify; ">a description of any trends or common elements of complaints received". That is, the Ombudsman's Annual Report showcases a graph comparing the increase in the number of complaints, categories of complaints (i.e., whether the complaints fall within or outside of the Ombudsman's jurisdiction), and a brief description of the Ombudsman's scope of resolution and response. The Annual Reports indicate that the mandate of the Ombudsman's office is extremely narrow. In 2014, for instance, 75 out of 467 complaints were <a href="https://www.icann.org/en/system/files/files/annual-report-2014-27jan15-en.pdf">within Mr. LaHatte's jurisdiction</a> (page 5), but he notes that his ability to intervene is limited to "failures in procedure". <a href="https://www.icann.org/en/system/files/files/final-recommendations-31dec13-en.pdf">As an input to the ATRT2 Report noted</a>, the Office of the Ombudsman “appears so restrained and contained” (page 53). As the ATRT2 noted, "</span></span></span><span>ICANN needs to reconsider the Ombudsman’s charter and the Office’s role as a symbol of good governance to be further incorporated in transparency processes"; the Office's transparency leaves much to be desired.</span></p>
<p style="text-align: justify; "><span><span style="text-align: justify; "><span style="text-align: justify; ">But I digress.</span></span></span></p>
<p style="text-align: justify; "><span><span style="text-align: justify; ">The Ombudsman is authorised to make reports on any complaint and its resolution (or lack thereof) to the ICANN Board, and unless the Ombudsman says so <i>in his sole discretion</i>, his reports are to be posted on the website (Art. V, Section 4(4)). <span style="text-align: justify; ">The Ombudsman can also report on individual requests, such as </span><a href="https://omblog.icann.org/index.html%3Fp=1015.html" style="text-align: justify; ">Mr. LaHatte's response to a complaint regarding a DIDP denial</a><span style="text-align: justify; "> (cached). </span>Some reports are actually available on the Ombudsman page; the last published report dates back to 2012, though in 2013 and 2014, the Ombudsman dealt with more complaints within his jurisdiction than in 2012 or prior. </span></span><span>So ICANN's argument that disclosing the information we ask for in our DIDP Request would violate ICANN Bylaws and the confidentiality of the Ombudsman is misleading. </span></p>
<h3 style="text-align: justify; ">Does the Ombudsman Framework Prohibit Public Reporting?</h3>
<p style="text-align: justify; ">So if ICANN Bylaws do not <i>ipso facto</i> bind the Ombudsman's complaint and conflict resolution process to confidentiality, does the Ombudsman Framework do so?</p>
<p style="text-align: justify; ">The Ombudsman does indeed have confidentiality obligations under <a href="https://www.icann.org/en/system/files/files/ombudsman-framework-26mar09-en.pdf" style="text-align: justify; ">the Ombudsman Framework</a> (page 4). All matters brought before the Ombudsman shall be treated as confidential, and the identities of parties not involved in the complaint are required to be protected. The Ombudsman may reveal the identity of the complainant to the ICANN Board or Staff only to further the resolution of a complaint (which seems fairly obvious); this obligation is extended to ICANN Board and Staff as well.</p>
<p style="text-align: justify; ">As the Framework makes crystal clear, the <i>identity of complainants</i> are to be kept confidential. Nothing whatsoever binds the Ombudsman from revealing the stakeholder group or affiliation of the complainants - and these are possibly of more importance. What stakeholders most often receive unfair or inappropriate treatment from ICANN Board, Staff or constituent bodies? Does business suffer more, or do non-commercial users, or indeed, governments? It is good to know <a href="https://www.icann.org/en/system/files/files/annual-report-2014-27jan15-en.pdf">what countries the complaints come from (page 4-5)</a>, but given ICANN's insistence on its multi-stakeholder model as a gold standard, it is important to know what stakeholders suffer the most in the ICANN system.</p>
<p style="text-align: justify; ">In fact, in the first page, the Ombudsman Framework says this: "<span><strong>The Ombudsman may post complaints and resolutions to a dedicated portion of the ICANN website</strong> (http://www.icann.org/ombudsman/): (i) <strong>in order to promote an understanding of the issues in the ICANN community</strong>; (ii) to raise awareness of administrative fairness; and (iii) <strong>to allow the community to see the results of similar previous cases</strong>. These postings will be done in a <strong>generic manner</strong> to protect the confidentiality and privilege of communicating with the Office of Ombudsman." But the ICANN website does not, in fact, host records of any Ombudsman complaints or resolutions; it links you only to the Annual Reports and Publications. </span></p>
<p style="text-align: justify; "><span>As I've written before, the Annual Reports provide no details regarding the nature of each complaint, their origins or resolution, and are useful if the only information we need is bare statistics of the <i>number of complaints received</i>. That is useful, but it's not enough. Given that the Ombudsman Framework <i>does</i> allow complaint/resolution reporting, it is baffling that ICANN's response to our DIDP request chooses to emphasise only the confidentiality obligations, while conveniently leaving out the parts enabling and encouring reporting. </span></p>
<h3 style="text-align: justify; ">Should ICANN Report the Ombudsman Complaints?</h3>
<p style="text-align: justify; ">Of course it should. The Ombudsman is aimed at filling an integral gap in the ICANN system - he/she listens to complaints about treatment by the ICANN Board, Staff or constituent bodies. As the discussions surrounding the appeal procedures in the CWG-Names show, and as the ATRT2 recommendations on Reconsideration and Independent Review show, conflict resolution mechanisms are crucial in any environment, not least a multi-stakeholder one. And in an organisation that leaves much desired by way of accountability and transparency, not reporting on complaints against the Board, staff or constituencies seems a tad irresponsible.</p>
<p style="text-align: justify; ">If there are privacy concerns regarding the identities of complainants, their personal identifying information can be redacted. Actually, <a href="https://omb.icann.org/portal/complaint.php">in the complaint form</a>, adding a waiver-of-confidentiality tick-box would solve the problem, allowing the complainant to choose whether to keep his/her complaint unreportable. But the details of the respondents ought to be reported; as the entity responsible and accountable, ICANN should disclose whom complaints have been made against.</p>
<p style="text-align: justify; ">ICANN's response to our DIDP request may be <a href="https://www.icann.org/en/system/files/files/cis-ombudsman-response-27jan15-en.pdf"><b>found here</b></a>. A short summary of our request and ICANN's response may be found <a href="http://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file"><strong>in this table (Request S. no. 5)</strong></a>.</p>
<p style="text-align: justify; "> </p>
<hr size="1" style="text-align: justify; " width="33%" />
<p style="text-align: justify; "><span>[1] </span><span><i>See</i> </span><span>What the Ombudsman can do for you</span><span>, </span><span>https://www.icann.org/resources/pages/contact- 2012-02-25-en</span><span>.</span></p>
<p style="text-align: justify; "><span>[2] <i>See</i> Annual Reports & Publications, https://www.icann.org/resources/pages/reports-96-2012- 02-25-en.</span></p>
</div>
</div>
</div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/didp-request-5-the-ombudsman-and-icanns-misleading-response-to-our-request-1'>https://cis-india.org/internet-governance/blog/didp-request-5-the-ombudsman-and-icanns-misleading-response-to-our-request-1</a>
</p>
No publishergeethaICANNDIDPTransparencyAccountability2015-03-06T11:11:31ZBlog EntryDIDP Request #4: ICANN and the NETmundial Principles
https://cis-india.org/internet-governance/blog/didp-request-4-icann-and-the-netmundial-principles
<b>CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of ICANN's implementation of the NETmundial Principles that it has endorsed widely and publicly. CIS' request and ICANN's response are detailed below.</b>
<p style="text-align: justify; "> </p>
<h3 style="text-align: justify; ">CIS Request</h3>
<p style="text-align: justify; "><span>27 December 2014</span></p>
<p style="text-align: justify; ">To:</p>
<p style="text-align: justify; ">Mr. Fadi Chehade, CEO and President</p>
<p style="text-align: justify; ">Mr. Steve Crocker, Chairman of the Board</p>
<p style="text-align: justify; ">Mr. Cherine Chalaby, Chair, Finance Committee of the Board</p>
<p style="text-align: justify; ">Mr. Xavier Calvez, Chief Financial Officer</p>
<p style="text-align: center; "><strong>Sub: Details of implementation by and within ICANN of the NETmundial Outcome Document (April ‘14)</strong></p>
<p style="text-align: justify; "><span> </span></p>
<p style="text-align: justify; ">We express our appreciation at ICANN’s prompt acknowledgement of our previous DIDP request, and await the information. We would, in the meanwhile, request information regarding ICANN’s internal measures to implement the NETmundial Outcome Document.<a href="#_ftn1">[1]</a><span> </span></p>
<p style="text-align: justify; ">In a post titled <i>Turning Talk Into Action After NETmundial,</i><a href="#_ftn2">[2]</a> Mr. Chehade emphasized the imperative to carry forward the NETmundial principles to fruition. In nearly every public statement, Mr. Chehade and other ICANN representatives have spoken in praise and support of NETmundial and its Outcome Document.</p>
<p style="text-align: justify; ">But in the absence of binding value to them, self-regulation and organizational initiatives pave the way to adopt them. There must be concrete action to implement the Principles. In this regard, we request information about mechanisms or any other changes afoot within ICANN, implemented internally in recognition of the NETmundial Principles.</p>
<p style="text-align: justify; ">At the IGF in Istanbul, when CIS’ Sunil Abraham raised this query,<a href="#_ftn3">[3]</a> Mr. Chehade responded that mechanisms ought to and will be undertaken jointly and in collaboration with other organisations. However, institutional improvements are intra-organisational as well, and require changes <i>within </i>ICANN. An example would be the suggestions to strengthen the IGF, increase its term, and provide financial support (some of which are being achieved, though ICANN’s financial contribution to IGFSA is incongruous in comparison to its financial involvement in the NETmundial Initiative).<span> </span></p>
<p style="text-align: justify; ">From ICANN, we have seen consistent championing of the controversial NETmundial Initiative,<a href="#_ftn4">[4]</a> and contribution to the IGF Support Association.<a href="#_ftn5">[5]</a> There are also mechanisms instituted for IANA Stewardship Transition and Enhancing ICANN Accountability,<a href="#_ftn6">[6]</a> as responses to the NTIA’s announcement to not renew the IANA functions contract and related concerns of accountability.</p>
<p style="text-align: justify; ">In addition to the above, we would like to know what ICANN has done to implement the NETmundial Principles, internally and proactively.</p>
<p style="text-align: justify; ">We hope that our request will be processed within the stipulated time period of 30 days. Do let us know if you require any clarifications on our queries.</p>
<p style="text-align: justify; ">Thank you very much.</p>
<p style="text-align: justify; ">Warm regards,</p>
<p style="text-align: justify; ">Geetha Hariharan</p>
<p style="text-align: justify; ">Centre for Internet & Society</p>
<p style="text-align: justify; ">W: <a href="http://cis-india.org">http://cis-india.org</a></p>
<p style="text-align: justify; "> </p>
<h3 style="text-align: justify; ">ICANN Response</h3>
<p style="text-align: justify; ">ICANN's response to the above request disappointingly linked to the very same blogpost we note in our request, <i>Turning Talk Into Action After NETmundial</i>. Following this, ICANN points us to their involvement in the NETmundial Initiative. On the question of internal implementation, ICANN's response is defensive, to say the least. "ICANN is not the home for the implementation of the NETmundial Principles", they say. In any event, ICANN defends that it already implements the NETmundial Principles in its functioning, a response that comes as a surprise to us. "<span>Many of the NETmundial Principles are high-level statements that permeate through the </span><span>work of any entity – particularly a multistakeholder entity like ICANN – that is interested </span><span>in the upholding of the inclusive, multistakeholder process within the Internet governance </span><span>framework", notes ICANN's response. Needless to say, ICANN's response falls short of responding to our queries. </span></p>
<p style="text-align: justify; "><span>Finally, ICANN notes that our request is beyond the scope of the DIDP, as it does not relate to ICANN's operational activities. Notwithstanding that our query does in fact seek ICANN's operationalisation of the NETmundial Principles, we are now confused as to where to go to seek this information from ICANN. If the DIDP is not the effective transparency tool it is aimed to be, who in ICANN can provide answers to these questions?</span></p>
<p style="text-align: justify; "><span>ICANN's response may be <a href="https://www.icann.org/en/system/files/files/cis-netmundial-response-27jan15-en.pdf"><strong>found here</strong></a>. A short summary of our request and ICANN's response may be found <a href="https://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file"><strong>in this table (Request S. no. 4)</strong></a>.</span></p>
<hr size="1" style="text-align: justify; " width="33%" />
<p style="text-align: justify; "><a href="#_ftnref1">[1]</a> See <i>NETmundial Multi-stakeholder Statement</i>, <a href="http://netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf">http://netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf</a>. <i> </i></p>
<p style="text-align: justify; "><a href="#_ftnref2">[2]</a> See Chehade, <i>Turning Talk Into Action After NETmundial</i>, <a href="http://blog.icann.org/2014/05/turning-talk-into-action-after-netmundial/">http://blog.icann.org/2014/05/turning-talk-into-action-after-netmundial/</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref3">[3]</a> See <i>ICANN Open Forum</i>, 9<sup>th</sup> IGF 2014 (Istanbul, Turkey), <a href="https://www.youtube.com/watch?v=Cio31nsqK_A">https://www.youtube.com/watch?v=Cio31nsqK_A</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref4">[4]</a> See McCarthy, <i>I’m Begging You To Join</i>, The Register (12 December 2014), <a href="http://www.theregister.co.uk/2014/12/12/im_begging_you_to_join_netmundial_initiative_gets_desperate/">http://www.theregister.co.uk/2014/12/12/im_begging_you_to_join_netmundial_initiative_gets_desperate/</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref5">[5]</a> See <i>ICANN Donates $50k to Internet Governance Forum Support Association</i>, <a href="https://www.icann.org/resources/press-material/release-2014-12-18-en">https://www.icann.org/resources/press-material/release-2014-12-18-en</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref6">[6]</a> See <i>NTIA IANA Functions’ Stewardship Transition & Enhancing ICANN Accountability Processes</i>, <a href="https://www.icann.org/stewardship-accountability">https://www.icann.org/stewardship-accountability</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/didp-request-4-icann-and-the-netmundial-principles'>https://cis-india.org/internet-governance/blog/didp-request-4-icann-and-the-netmundial-principles</a>
</p>
No publishergeethaICANNDIDPTransparencyAccountability2015-03-05T08:28:44ZBlog EntryDIDP Request #3: Cyber-attacks on ICANN
https://cis-india.org/internet-governance/blog/didp-request-3-cyber-attacks-on-icann
<b>CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of cyber-attacks on ICANN, and ICANN's internal and external responses to the same. CIS' request and ICANN's response are detailed below.</b>
<p style="text-align: justify; "> </p>
<h2 style="text-align: justify; ">CIS Request</h2>
<p style="text-align: justify; "><span>24 December 2014</span></p>
<p style="text-align: justify; ">To:</p>
<p style="text-align: justify; ">Mr. Steve Crocker, Chairman of the Board</p>
<p style="text-align: justify; ">Mr. Fadi Chehade, CEO and President</p>
<p style="text-align: justify; ">Mr. Geoff Bickers, Team Lead, ICANN Computer Incident Response Team (CIRT) & Director of Security Operations</p>
<p style="text-align: justify; ">Mr. John Crain, Chief Security, Stability and Resiliency Officer</p>
<p style="text-align: justify; ">Members of the ICANN-CIRT & ICANN Security Team</p>
<p style="text-align: center; "><strong>Sub: Details of cyber-attacks on ICANN</strong></p>
<p style="text-align: justify; "><span> </span></p>
<p style="text-align: justify; ">We understand that ICANN recently suffered a spear-phishing attack that compromised contact details of several ICANN staff, including their email addresses; these credentials were used to gain access to ICANN’s Centralized Zone Data System (CZDS).<a href="#_ftn1">[1]</a> We are glad to note that ICANN’s critical functions and IANA-related systems were not affected.<a href="#_ftn2">[2]</a></p>
<p style="text-align: justify; ">The incident has, however, raised concerns of the security of ICANN’s systems. In order to understand when, in the past, ICANN has suffered similar security breaches, we request details of all cyber-attacks suffered or thought/suspected to have been suffered by ICANN (and for which, therefore, investigation was carried out within and outside ICANN), from 1999 till date. This includes, naturally, the recent spear-phishing attack.</p>
<p style="text-align: justify; ">We request information regarding, <i>inter alia</i>,</p>
<p style="text-align: justify; ">(1) the date and nature of all attacks, as well as which ICANN systems were compromised,</p>
<p style="text-align: justify; ">(2) actions taken internally by ICANN upon being notified of the attacks,</p>
<p style="text-align: justify; ">(3) what departments or members of staff are responsible for security and their role in the event of cyber-attacks,</p>
<p style="text-align: justify; ">(4) the role and responsibility of the ICANN-CIRT in responding to cyber-attacks (and when policies or manuals exist for the same; if so, please share them),</p>
<p style="text-align: justify; ">(5) what entities external to ICANN are involved in the identification and investigation of cyber-attacks on ICANN (for instance, are the police in the jurisdiction notified and do they investigate? If so, we request copies of complaints or information reports),</p>
<p style="text-align: justify; ">(6) whether and when culprits behind the ICANN cyber-attacks were identified, and</p>
<p style="text-align: justify; ">(7) what actions were subsequently taken by ICANN (ex: liability of ICANN staff for security breaches should such a finding be made, lawsuits or complaints against perpetrators of attacks, etc.).</p>
<p style="text-align: justify; ">Finally, we also request information on the role of the ICANN Board and/or community in the event of such cyber-attacks on ICANN. Also, when was the ICANN-CIRT set up and how many incidents has it handled since its existence? Do there exist contingency procedures in the event of compromise of IANA systems (and if so, what)?</p>
<p style="text-align: justify; ">We hope that our request will be processed within the stipulated time period of 30 days. Do let us know if you require any clarifications on our queries.</p>
<p style="text-align: justify; ">Thank you very much.</p>
<p style="text-align: justify; ">Warm regards,</p>
<p style="text-align: justify; ">Geetha Hariharan</p>
<p style="text-align: justify; ">Centre for Internet & Society</p>
<p style="text-align: justify; ">W: <a href="http://cis-india.org">http://cis-india.org</a></p>
<p style="text-align: justify; "> </p>
<h2 style="text-align: justify; ">ICANN Response</h2>
<p style="text-align: justify; ">ICANN responded to our request by noting that it is vague and broad in both time and scope. In response, ICANN has provided information regarding certain cyber-incidents already in the public domain, while noting that the term "cyber-attack" is both wide and vague. While the information provided is undoubtedly useful, it is anecdotal at best, and does not provide a complete picture of ICANN's history of vulnerability to cyber-attacks or cyber-incidents, or the manner of its internal response to such incidents, or of the involvement of external law enforcement agencies or CIRTs in combating cyber-incidents on ICANN.</p>
<p style="text-align: justify; ">ICANN's response may be <a href="https://www.icann.org/en/system/files/files/cis-response-23jan15-en.pdf"><b>found here</b></a>. A short summary our request and ICANN's response may be found <a href="https://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file"><b>in this table (Request S. no. 3)</b></a>.</p>
<hr size="1" style="text-align: justify; " width="33%" />
<p style="text-align: justify; "><a href="#_ftnref1">[1]</a> See<i> ICANN targeted in spear-phishing attack</i>, <a href="https://www.icann.org/news/announcement-2-2014-12-16-en">https://www.icann.org/news/announcement-2-2014-12-16-en</a>. <i> </i></p>
<p style="text-align: justify; "><a href="#_ftnref2">[2]</a> See <i>IANA Systems not compromised</i>, <a href="https://www.icann.org/news/announcement-2014-12-19-en">https://www.icann.org/news/announcement-2014-12-19-en</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/didp-request-3-cyber-attacks-on-icann'>https://cis-india.org/internet-governance/blog/didp-request-3-cyber-attacks-on-icann</a>
</p>
No publishergeethaICANNDIDPTransparencyAccountability2015-03-05T08:16:26ZBlog EntryDIDP Request #2: Granular Revenue/Income Statements from ICANN
https://cis-india.org/internet-governance/blog/didp-request-2
<b>CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking current and historical details of ICANN's income/revenue from its various sources. CIS' request and ICANN's response are detailed below.</b>
<p style="text-align: justify; "> </p>
<h2 style="text-align: justify; ">CIS Request</h2>
<p style="text-align: justify; "><span style="text-decoration: underline;">22 December 2014</span><span> </span></p>
<p style="text-align: justify; ">To:</p>
<p style="text-align: justify; ">Mr. Cherine Chalaby, Chair, Finance Committee of the Board</p>
<p style="text-align: justify; ">Mr. Xavier Calvez, Chief Financial Officer</p>
<p style="text-align: justify; ">Mr. Samiran Gupta, ICANN India</p>
<p style="text-align: justify; ">All other members of Staff involved in accounting and financial tasks<span> </span></p>
<p style="text-align: center; "><strong>Sub: Request for granular income/revenue statements of ICANN from 1999-2014</strong><span> </span></p>
<p style="text-align: justify; ">Earlier this month, on 3 December 2014, Mr. Samiran Gupta presented CIS with detailed and granular information regarding ICANN’s domain names income and revenues for the fiscal year ended June 30, 2014. This was in response to several requests made over a few months. The information we received is available on our website.<a href="#_ftn1">[1]</a><span> </span></p>
<p style="text-align: justify; ">The information mentioned above was, <i>inter alia</i>, extremely helpful in triangulating ICANN’s reported revenues, despite and in addition to certain inconsistencies between the Annual Report (FY14) and the information provided to us.</p>
<p style="text-align: justify; ">We recognize that ICANN makes public its current and historical financial information to a certain extent. Specifically, its Operating Plan and Budget, Audited Financial Statements, Annual Reports, Federal and State Tax Filings, Board Compensation Report and ccTLD Contributions Report are available on the website.<a href="#_ftn2">[2]</a><span> </span></p>
<p style="text-align: justify; ">However, a detailed report of ICANN’s income or revenue statement, listing all vendors and customers, is not available on ICANN’s website. Our research on accountability and transparency mechanisms in Internet governance, specifically of ICANN, requires information in such granularity. <strong>We request, therefore, historical data re: income and revenue from domain names (1999-2014), in a manner as detailed and granular as the information referenced in FN[1]</strong>. We would appreciate if such a report lists all legal entities and individuals who contribute to ICANN’s domain names income/ revenue.</p>
<p style="text-align: justify; ">We look forward to the receipt of this information within the stipulated period of 30 days. Please feel free to contact us in the event of any doubts regarding our queries.<span> </span></p>
<p style="text-align: justify; ">Thank you very much.</p>
<p style="text-align: justify; ">Warm regards,</p>
<p style="text-align: justify; ">Geetha Hariharan</p>
<p style="text-align: justify; ">Centre for Internet & Society</p>
<p style="text-align: justify; ">W: <a href="http://cis-india.org">http://cis-india.org</a></p>
<p style="text-align: justify; "> </p>
<h2 style="text-align: justify; ">ICANN Response</h2>
<p style="text-align: justify; ">ICANN's response to CIS's request can be <a href="https://www.icann.org/en/system/files/files/cis-response-21jan15-en.pdf"><strong>found here</strong></a>. A short summary of our request and ICANN's response may be found <a href="https://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file"><strong>in this table (Request S. no. 2)</strong></a>.</p>
<p style="text-align: justify; "> </p>
<hr size="1" style="text-align: justify; " width="33%" />
<p style="text-align: justify; "><a href="#_ftnref1">[1]</a> See <i>ICANN reveals hitherto undisclosed details of domain names revenues</i>, <a href="http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014">http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref2">[2]</a> See <i>Historical Financial Information for ICANN</i>, <a href="https://www.icann.org/resources/pages/historical-2012-02-25-en">https://www.icann.org/resources/pages/historical-2012-02-25-en</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/didp-request-2'>https://cis-india.org/internet-governance/blog/didp-request-2</a>
</p>
No publishergeethaICANNDIDPTransparencyAccountability2015-03-05T08:07:02ZBlog EntryDIDP Request #1: ICANN's Expenditures on "Travel & Meetings"
https://cis-india.org/internet-governance/blog/didp-request-1-icanns-expenditures-on-travel-meetings
<b>CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of expenditure by ICANN at its Meetings. CIS' request and ICANN's response are detailed below. </b>
<h2 style="text-align: justify; "></h2>
<h2 style="text-align: justify; "></h2>
<h2 style="text-align: justify; ">CIS' Request</h2>
<p style="text-align: justify; "><span>18 December 2014</span></p>
<p style="text-align: justify; ">To:</p>
<p style="text-align: justify; ">Mr. Cherine Chalaby, Chair, Finance Committee of the Board</p>
<p style="text-align: justify; ">Mr. Xavier Calvez, Chief Financial Officer</p>
<p style="text-align: justify; ">Mr. Samiran Gupta, ICANN India</p>
<p style="text-align: justify; ">All other members of Staff involved in accounting and financial tasks</p>
<p style="text-align: center; "><strong>Sub: Request for itemized details of expenditure by ICANN at its Meetings</strong></p>
<p style="text-align: justify; ">We would like to thank Mr. Calvez and Mr. Gupta for providing information regarding ICANN’s domain name revenues for the fiscal year ending June 30, 2014.<a href="#_ftn1">[1]</a> We would like to request further information through the DIDP.</p>
<p style="text-align: justify; ">In the Audited Financial Statements for the fiscal year ended June 30, 2014, the “statements of activities” provides Total Expenses (for ICANN and New gTLD) as USD 124,400,000.<a href="#_ftn2">[2]</a> For the fiscal year ended June 30, 2013, the Total Expenses (ICANN and New gTLD) noted is USD 150,362,000.</p>
<p style="text-align: justify; ">According to the statement, this covers expenses for Personnel, Travel and meetings, Professional services and Administration. Quarterly Reports note that the head “Travel and meetings” includes community support requests.<a href="#_ftn3">[3]</a> In addition to these heads, Quarterly Reports include “Bad debt expenses” and “Depreciation expenses”. The manner of accounting for these is explained in <span>Note 2</span> to the Notes to Financial Statements.<a href="#_ftn4">[4]</a> Note 2 explains that the expenses statement is prepared by “functional allocation of expenses” to identifiable programs or support services, or otherwise by methods determined by the management.</p>
<p style="text-align: justify; ">For the purposes of our research into normative and practised transparency and accountability in Internet governance, we request, to begin with, <i>current and historical</i> information regarding itemized, detailed expenses under the head “Travel and meetings”. We request this information from 1999 till 2014. We request that such information be categorized and sub-categorised as follows:</p>
<p style="text-align: justify; ">Total and Individual Expenses for each meeting (categorised by meeting and year):</p>
<p style="text-align: justify; "><span>1. Total and individual expenses for ICANN staff (differentiated by department and name of each individual attending the event, including dates/duration of attendance);</span></p>
<p style="text-align: justify; ">- Also broken down into each individual expense (flights, accommodation, per diem or separate local transport, food and other expenses).</p>
<p style="text-align: justify; ">- Each ICANN staff member who attended the event to be named.</p>
<p style="text-align: justify; ">2. <span>Total and individual expenses for members of ICANN Board (listed by each Board member and dates/duration of attendance);</span></p>
<p style="text-align: justify; ">- Broken down into each individual expense (flights, accommodation, per diem or separate local transport, food and other expenses).</p>
<p style="text-align: justify; ">- Each Board member to be named.</p>
<p style="text-align: justify; "><span>3. Total and individual expenses for members of ICANN constituencies (ALAC, ATRT, ccNSO, GAC, GNSO, etc.)</span></p>
<p style="text-align: justify; ">- Broken down into each individual expense (flights, accommodation, per diem or separate local transport, food and other expenses).</p>
<p style="text-align: justify; ">- Each attendee for whom ICANN covered expenses to be named.</p>
<p style="text-align: justify; "><span>4. Total and individual expenses for ICANN fellows</span></p>
<p style="text-align: justify; ">- Broken down into each individual expense (flights, accommodation, per diem or separate local transport, food and other expenses).</p>
<p style="text-align: justify; ">- Each attendee for whom ICANN covered expenses to be named, including their region and stakeholder affiliation.</p>
<p style="text-align: justify; ">5. <span>Total and individual expenses incurred for any other ICANN affiliate or liaison (ISOC, IETF, IAB, etc.)</span></p>
<p style="text-align: justify; ">- Broken down into each individual expense (flights, accommodation, per diem or separate local transport, food and other expenses).</p>
<p style="text-align: justify; ">- Each attendee for whom ICANN covered expenses to be named, including their affiliation.</p>
<p style="text-align: justify; ">6. <span>Total and individual expenses incurred for any other person, whether or not directly affiliated with ICANN</span></p>
<p style="text-align: justify; ">- Broken down into each individual expense (flights, accommodation, per diem or separate local transport, food and other expenses).</p>
<p style="text-align: justify; ">- Each attendee for whom ICANN covered expenses to be named, including their affiliation.</p>
<p style="text-align: justify; "><span>Please note that we request the above-detailed information for ICANN meetings, and also other meetings for which ICANN may provide financial support (for instance, CWG-Stewardship or CWG-Accountability). We request, as a preliminary matter, a list of </span><i>all meetings</i><span> to which ICANN provides and has, in the past, provided financial support (1999-2014).</span></p>
<p style="text-align: justify; ">We note that some information of this nature is available in the Travel Support Reports.<a href="#_ftn5">[5]</a> However, the Travel Support Reports are available only from 2008 (Cairo meeting), and are not available for ICANN48 to ICANN51. Further, the Travel Support Reports do not exhibit the level of granularity necessary for research and scrutiny. As explained above, we request granular information for all meetings.</p>
<p style="text-align: justify; ">In our view, providing such information will not violate any individual or corporate rights of ICANN, its Staff, Board, Affiliates/Liaisons or any other individual. Public corporations and even private organisations performing public functions may be subjected to or accept an increased level of transparency and accountability. We believe this is of especial importance to ICANN, as it is involved in a process to enhance its accountability, intrinsically related to IANA Stewardship Transition. We expressed similar views in our initial comment to “Enhancing ICANN Accountability”.<a href="#_ftn6">[6]</a> Increased transparency from ICANN may also address accountability concerns present across stakeholder-groups both within and outside ICANN.</p>
<p style="text-align: justify; ">We await your favorable response and the requested information within the prescribed time limit. Please do not hesitate to contact us should you require any clarifications.</p>
<p style="text-align: justify; ">Thank you very much.</p>
<p style="text-align: justify; "><span>Warm regards,</span></p>
<p style="text-align: justify; ">Geetha Hariharan</p>
<p style="text-align: justify; ">Centre for Internet & Society</p>
<p style="text-align: justify; ">W: <a href="http://cis-india.org">http://cis-india.org</a></p>
<p> </p>
<h2>ICANN's Response</h2>
<p>ICANN responded to the above request for information within the stipulated time of 30 days. <strong><a href="https://www.icann.org/en/system/files/files/cis-response-17jan15-en.pdf">ICANN’s response is here</a></strong>. A short summary of CIS's request and ICANN's response can be found <a href="https://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file"><strong>in this table (Request S. no. 1)</strong></a>.</p>
<p> </p>
<hr align="left" size="1" width="33%" />
<p><a href="#_ftnref1">[1]</a> See <i>ICANN reveals hitherto undisclosed details of domain names revenues</i>, <a href="http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014">http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014</a>.</p>
<p><a href="#_ftnref2">[2]</a> See <i>ICANN Financial Statements As of and For the years ended June 30, 2014 and 2013</i>, pages 7, 19-20, <a href="https://www.icann.org/en/system/files/files/financial-report-fye-30jun14-en.pdf">https://www.icann.org/en/system/files/files/financial-report-fye-30jun14-en.pdf</a>.</p>
<p><a href="#_ftnref3">[3]</a> For instance, see <i>ICANN FY14 Financial Package: For the nine months ending March 2014</i>, pages 2-5, <a href="https://www.icann.org/en/system/files/files/package-fy14-31mar14-en.pdf">https://www.icann.org/en/system/files/files/package-fy14-31mar14-en.pdf</a>.</p>
<p><a href="#_ftnref4">[4]</a> <i>Supra</i> note 1, page 14.</p>
<p><a href="#_ftnref5">[5]</a> See Community Travel Support, <a href="https://www.icann.org/resources/pages/travel-support-2012-02-25-en#reports">https://www.icann.org/resources/pages/travel-support-2012-02-25-en#reports</a>.</p>
<p><a href="#_ftnref6">[6]</a> See CIS Comments on Enhancing ICANN Accountability, <a href="http://cis-india.org/internet-governance/blog/cis-comments-enhancing-icann-accountability">http://cis-india.org/internet-governance/blog/cis-comments-enhancing-icann-accountability</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/didp-request-1-icanns-expenditures-on-travel-meetings'>https://cis-india.org/internet-governance/blog/didp-request-1-icanns-expenditures-on-travel-meetings</a>
</p>
No publishergeethaICANNDIDPTransparencyAccountability2015-03-05T08:00:36ZBlog EntryWhere Does ICANN’s Money Come From? We Asked; They Don’t Know
https://cis-india.org/internet-governance/blog/where-does-icann2019s-money-come-from-we-asked-they-don2019t-know
<b>Just how transparent is ICANN? How responsive are they to requests for information? At CIS, we sent ICANN ten questions seeking information about, inter alia, their revenues, commitment to the NETmundial Principles, Globalisation Advisory Groups and organisational structure. Geetha Hariharan wonders at ICANN's reluctance to respond. </b>
<p> </p>
<h3>Why Is ICANN Here?</h3>
<p style="text-align: justify; ">The Internet Corporation for Assigned Names and Numbers (<a href="https://cis-india.org/internet-governance/blog/icann.org">ICANN</a>) is responsible for critical backbones of the Internet. It manages the root server system, the global allocation of IP addresses, protocol registries and the domain name system (management of gTLDs, ccTLDs, as well as the newly rolled-out “new gTLDs”).</p>
<p style="text-align: justify; ">ICANN was incorporated in California in 1998, and was intended as the technical coordination body for the backbone of the Internet. That is, it was to administer the Internet’s domain names and IP addresses, and also manage the Internet root servers.</p>
<p style="text-align: justify; ">As a result of <a href="http://www.ntia.doc.gov/page/iana-functions-purchase-order">an agreement</a> with the National Telecommunications and Information Administration (NTIA) in the US Department of Commerce, ICANN is the IANA functions operator. It carries out the <a href="https://www.icann.org/en/system/files/files/iana-factsheet-24mar14-en.pdf">IANA functions</a>, which include making changes to the <a href="http://en.wikipedia.org/wiki/DNS_root_zone">root zone file</a> (the backbone of the domain name system), allocation of IP address blocks to the five Regional Internet Registries (RIRs), and maintaining protocol parameter registries in collaboration with the Internet Engineering Task Force (IETF). The RIRs are responsible for allocating IP addresses (IPv4 and IPv6) to national and local Internet registries. The IETF develops Internet standards and protocols, such as those within <a href="http://en.wikipedia.org/wiki/Internet_protocol_suite">the TCP/IP suite</a>. To be clear, ICANN does not make policy for the IP address or Internet standards/protocols; those are the domains of RIRs and the IETF, respectively.</p>
<h3 style="text-align: justify; ">ICANN, Domain Names and All That Buried Treasure</h3>
<p style="text-align: justify; ">ICANN is the <i>de facto</i> policy-making body for domain names. Through ICANN’s community Supporting Organisations and Advisory Committees (SOACs) – largely a multi-stakeholder community – ICANN determines policies for dispute resolution (see, for instance, <a href="https://www.icann.org/resources/pages/help/dndr/udrp-en">the UDRP</a> for domain name disputes), maintaining the <a href="http://whois.icann.org/">WHOIS database</a>, etc. for domain names.</p>
<p style="text-align: justify; ">Under its contracts with Top Level Domain (TLD) Registries, ICANN receives payment for all registrations and/or renewals of domain names. For instance, under <a href="https://www.icann.org/sites/default/files/tlds/bharti/bharti-agmt-pdf-09jan14-en.pdf">the <strong>.bharti </strong>Registry Agreement</a>, ICANN receives a fixed annual registry free of US $6250. If there are more than 50,000 registrations or renewals of domain names under a TLD (say, <strong>.bharti</strong>) in a quarter, then ICANN also receives an amount equal to (No. of registrations or renewals <span>X</span> US $0.25). <a href="https://www.icann.org/resources/pages/registries/registries-en">TLD Registries</a> “own” TLDs like <strong>.com</strong>, and they maintain a list of all the domain names registered under that TLD. There are around <a href="https://www.icann.org/resources/pages/registries/registries-agreements-en">816 such Registry Agreements</a>, and in FY14, ICANN received over US $47 million in Registry fees [<i>see </i><a href="https://www.icann.org/en/system/files/files/financial-report-fye-30jun14-en.pdf">page 7</a>].</p>
<p style="text-align: justify; ">Similar agreements exist between ICANN and domain name Registrars accredited by it, too. Domain name Registrars are entities like <a href="https://in.godaddy.com/">Go Daddy</a> and <a href="http://www.bigrock.in/">Big Rock</a>, from whom people like you and me (or companies) can register domain names. Only Registrars accredited by ICANN can register domain names that will be included in the ICANN DNS, the most frequently used DNS on the Web. Each Registrar pays a <a href="https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#raa">yearly accreditation fee</a> of US $4000 to ICANN (see <span>Clause 3.9</span>). Each Registrar also <a href="https://www.icann.org/resources/pages/financials-55-2012-02-25-en">pays to ICANN</a> fees for every domain name registration or renewal. There are <a href="https://www.icann.org/registrar-reports/accredited-list.html">over 500 ICANN-accredited Registrars</a>, and in FY14, ICANN received over US $34.5 million in Registrar fees [<i>see </i><a href="https://www.icann.org/en/system/files/files/financial-report-fye-30jun14-en.pdf">page 7</a>].</p>
<p style="text-align: justify; ">Now, apart from this, in its IANA operator role, ICANN is responsible for the global allocation of IP addresses (IPv4 and IPv6). From the global pool of IP addresses, ICANN allocates to the five Regional Internet Registries (RIRs), which then allocate to National Internet Registries like the National Internet Exchange of India (<a href="http://www.nixi.in/en/contact-us/103-irinn">NIXI as IRINN</a>), local Internet registries or ISPs. For this, ICANN receives a combined contribution of US $823,000 each year as revenue from RIRs [<i>see, ex.</i>:<i> </i><a href="https://www.icann.org/en/system/files/files/financial-report-fye-30jun09-en.pdf">FY09 Financial Statements, page 3</a>].</p>
<p style="text-align: justify; "><span>And this isn’t all of it! With its </span><a href="http://newgtlds.icann.org/en/">new gTLD program</a><span>, ICANN is sitting on a large treasure trove. Each gTLD application cost US $185,000, and there were 1930 applications in the first round (that’s US $357 million). Where there arose disagreements as to the same or similar strings, ICANN initiated an auction process. Some new gTLDs were auctioned for </span><a href="http://www.circleid.com/posts/20141129_icann_new_gtld_auction_proceeds_approaching_30_million/">as high as US $6 million</a><span>.</span></p>
<p style="text-align: justify; ">So ICANN is sitting on a great deal of treasure (US $355 million in revenues in FY14 and growing). It accumulates revenue from a variety of quarters; the sources identified above are by no means the only revenue-sources. But ICANN is unaware of, or unwilling to disclose, all its sources of revenue.</p>
<h3 style="text-align: justify; ">ICANN's Troubling Scope-creep and Does Transparency Matter?</h3>
<p style="text-align: justify; ">At CIS, we are concerned by ICANN’s unchecked influence and growing role in the Internet governance institutional space. For instance, under its CEO Fadi Chehade, ICANN was heavily involved backstage for NETmundial, and has set aside over US $200,000 for Mr. Chehade’s brainchild, the NETmundial Initiative. Coupled with its lack of transparency and vocal interests in furthering <i>status quo </i>(for instance, both the names and numbers communities’ proposals for IANA transition want ICANN to remain the IANA functions operator, without stringent safeguards), this makes for a dangerous combination.</p>
<p style="text-align: justify; ">The clearest indication lies in the money, one might say. <a href="http://cis-india.org/internet-governance/blog/icann-accountability-iana-transition-and-open-questions">As we have written before</a>, ICANN budgets for less than US $10 million for providing core Internet functions out of a US $160 million strong budget (<a href="https://www.icann.org/en/system/files/files/adopted-opplan-budget-fy15-01dec14-en.pdf">Budget FY15, page 17</a>). It has budgeted, in comparison, US $13 million for travel and meetings alone, and spent over US $18 million on travel in FY14 (<a href="https://www.icann.org/en/system/files/files/adopted-opplan-budget-fy15-01dec14-en.pdf">Budget FY15, page 11</a>).</p>
<p style="text-align: justify; ">To its credit, ICANN <a href="https://www.icann.org/resources/pages/governance/financials-en">makes public</a> its financial statements (current and historic), and community discussions are generally open. However, given the understandably complex contractual arrangements that give ICANN its revenues, even ploughing through the financials does not give one a clear picture of where ICANN’s money comes from.</p>
<p style="text-align: justify; ">So one is left with questions such as the following: Which entities (and how many of them) pay ICANN for domain names? What are the vendor payments received by ICANN and who pays? Who all have paid ICANN under the new gTLD program, and for what purposes? Apart from application fees and auctions, what other heads of payment exist? How much does each RIR pay ICANN and what for, if <a href="https://www.arin.net/policy/nrpm.html#six41">IP addresses are not property to be sold</a>? For how many persons (and whom all) does ICANN provide pay for, to travel to meetings and other events?<span> </span></p>
<p style="text-align: justify; ">You may well ask why these questions matter, and whether we need greater transparency. <span>To put it baldly: ICANN’s transparency is crucial. ICANN is today something of a monopoly; it manages the IANA functions, makes policy for domain names and is increasingly active in Internet governance. It is without greater (effective) accountability than a mere review by the NTIA, and some teething internal mechanisms like the </span><a href="https://www.icann.org/resources/pages/didp-2012-02-25-en">Documentary Information Disclosure Policy</a><span> (DIDP), </span><a href="https://www.icann.org/resources/pages/accountability/ombudsman-en">Ombudsman</a><span>, </span><a href="https://www.icann.org/resources/pages/reconsideration-and-independent-review-icann-bylaws-article-iv-accountability-and-review">Reconsideration and Independent Review</a><span> and the </span><a href="https://www.icann.org/en/system/files/files/final-recommendations-31dec13-en.pdf">Accountability and Transparency Review</a><span> (ATRT). I could elaborate on why these mechanisms are inadequate, but this post is already too long. Suffice it to say that by carefully defining these mechanisms and setting out their scope, ICANN has stifled their effectiveness. For instance, a Reconsideration Request can be filed if one is aggrieved by an action of ICANN’s Board or staff. Under ICANN’s By-laws (</span><a href="https://www.icann.org/resources/pages/governance/bylaws-en#IV">Article IV, Section 2</a><span>), it is the Board Governance Committee, comprising ICANN Board members, that adjudicates Reconsideration Requests. This simply violates the principles of natural justice, wherein one may not be a judge in one’s own cause (</span><i>nemo debet esse judex in propria causa</i><span>).</span></p>
<p style="text-align: justify; ">Moreover, ICANN serves corporate interests, for it exists on account of contractual arrangements with Registries, Registrars, the NTIA and other sundry entities. ICANN has also troublingly reached into Internet governance domains to which it was previously closed, such as the NETmundial Initiative, the NETmundial, the IGF and its Support Association. It is unclear that ICANN was ever intended to overreach so, a point admitted by Mr. Chehade himself at the <a href="https://www.youtube.com/watch?v=Cio31nsqK_A">ICANN Open Forum</a> in Istanbul (IGF 2014).</p>
<p style="text-align: justify; ">Finally, despite its professed adherence to multi-stakeholderism, there is evidence that ICANN’s policy-making and functioning revolve around small, cohesive groups with multiple professional inter-linkages with other I-Star organisations. For instance, a <a href="http://cis-india.org/internet-governance/blog/ianas-revolving-door">revolving door study</a> by CIS of the IANA Coordination Group (ICG) found that 20 out of 30 ICG members had close and longterm ties with I-Star organisations. This surely creates concern as to the impartiality and fairness of the ICG’s decision-making. It may, for instance, make a pro-ICANN outcome inevitable – and that is definitely a serious worry.</p>
<p style="text-align: justify; ">But ICANN is <i>intended </i>to serve the public interest, to ensure smooth, stable and resilient running of the Internet. Transparency is crucial to this, and especially so during the IANA transition phase. <a href="http://singapore52.icann.org/en/schedule/sun-iana-stewardship-accountability">As advisor Jan Scholte asked at ICANN52</a>, what accountability will ICANN exercise after the transition, and to whom will it be accountable? What, indeed, does accountability mean? The CCWG-Accountability is <a href="https://twitter.com/arunmsukumar/status/564269949237985280">still asking that question</a>. But meanwhile, one among our cohorts at CIS <a href="http://openup2014.org/privacy-vs-transparency-attempt-resolving-dichotomy/">has advocated</a> transparency as a check-and-balance for power.<span> </span></p>
<p style="text-align: justify; ">The DIDP process at ICANN may prove useful in the long run, but does it suffice as a transparency mechanism?</p>
<h3 style="text-align: justify; ">ICANN's Responses to CIS' DIDP Requests</h3>
<p style="text-align: justify; ">Over December ’14 and January ’15, CIS sent 10 DIDP requests to ICANN. Our aim was to test and encourage transparency from ICANN, a process crucial given the CCWG-Accountability’s deliberations on ways to enhance ICANN’s accountability. We have received responses for 9 of our requests. <b>We summarise ICANN’s responses in a table: <a href="https://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file">please go here</a></b>.</p>
<p style="text-align: justify; ">A glance at the table above will show that ICANN’s responses are largely negative. In 7 requests out of 9, ICANN provides very little new information. Though the responses are detailed, the majority of information they provide is already identified in CIS’ requests. For instance, in the response to the <b><a href="https://www.icann.org/resources/pages/20141228-1-netmundial-2015-01-28-en">NETmundial Request</a></b>, ICANN links us to blogposts written by CEO Fadi Chehade, where he notes the importance of translating the NETmundial Principles into action. They also link us to the Final Report of the Panel on Global Internet Cooperation and Governance Mechanism, and ICANN’s involvement in the NETmundial Initiative.<span> </span></p>
<p style="text-align: justify; ">However, to the query on ICANN’s own measures of implementing the NETmundial Principles – principles that it has lauded and upheld for the entire Internet governance community – ICANN’s response is surprisingly evasive. Defending lack of action, they note that “ICANN is not the home for implementation of the NETmundial Principles”. But ICANN also responds that they <i>already implement</i> the NETmundial Principles: “Many of the NETmundial Principles are high-level statements that <i>permeate through the work of any entity </i>– particularly a multistakeholder entity like ICANN – that is interested in the upholding of the inclusive, multistakeholder process within the Internet governance framework” (emphasis provided). One wonders, then, at the insistence on creating documents involving such high-level principles; why create them if they’re already implemented?<span> </span></p>
<p style="text-align: justify; ">Responses to other requests indicate that the DIDP is, in its current form, unable to provide the transparency necessary for ICANN’s functioning. For instance, in the response to the <b><a href="https://www.icann.org/resources/pages/20141228-1-ombudsman-2015-01-28-en">Ombudsman Request</a></b>, ICANN cites confidentiality as a reason to decline providing information. Making Ombudsman Requests public would violate ICANN Bylaws, and topple the independence and integrity of the Ombudsman.</p>
<p style="text-align: justify; ">These are, perhaps, valid reasons to decline a DIDP request. But it is also important to investigate these reasons. ICANN’s Ombudsman is appointed by the ICANN Board for 2 year terms, under <a href="https://www.icann.org/resources/pages/governance/bylaws-en#V">Clause V of ICANN’s Bylaws</a>. The Ombudsman’s principal function is to “provide an independent internal evaluation of complaints by members of the ICANN community who believe that the ICANN staff, Board or an ICANN constituent body has treated them unfairly”. The Ombudsman reports only to the ICANN Board, and all matters before it are kept confidential, including the names of parties and the nature of complaints. The Ombudsman reports on the categories of complaints he receives, and statistics regarding decisions in his <a href="https://www.icann.org/resources/pages/reports-96-2012-02-25-en">Annual Reports</a>; no details are forthcoming for stated reasons of confidentiality and privacy.<span> </span></p>
<p style="text-align: justify; ">This creates a closed circle in which the Ombudsman operates. The ICANN Board appoints the Ombudsman. He/she listens to complaints about unfair treatment by the ICANN Board, Staff or constituency. He/she reports to the ICANN Board alone. However, neither the names of parties, the nature of complaints, nor the decisions of the Ombudsman are publicly available. Such a lack of transparency throws doubt on the functioning of the Ombudsman himself – and on his independence, neutrality and the extent of ICANN’s influence on him/her. An amendment of ICANN’s Bylaws would then be imperative to rectify this problem; this matter is squarely within the CCWG-Accountability’s mandate and should be addressed.</p>
<p style="text-align: justify; ">As is clear from the above examples, ICANN’s DIDP is an inadequate tool to ensure transparency functioning. The Policy was crafted without community input, and requires substantial amendments to make it a sufficient transparency mechanism. CIS’ suggestions in this regard shall be available in our next post.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><i>CIS' Annual Reports are <a href="http://cis-india.org/about/reports">here</a>. Our audit is ongoing, and the Annual Report for 2013-14 will be up shortly. <i>Pranav Bidare (<i style="text-align: justify; ">3rd year)</i> of the National Law School, Bangalore assisted with research for this post, and created the table of CIS' DIDP requests and responses.</i></i></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/where-does-icann2019s-money-come-from-we-asked-they-don2019t-know'>https://cis-india.org/internet-governance/blog/where-does-icann2019s-money-come-from-we-asked-they-don2019t-know</a>
</p>
No publishergeethaAccountabilityICANNIANA TransitionTransparencyDIDP2015-03-05T07:43:45ZBlog EntryICANN reveals hitherto undisclosed details of domain names revenues
https://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014
<b>Following requests from CIS, ICANN has shared a detailed list of its revenues from domain names for the fiscal year ending June 2014. Such level of detail has, until now, been unavailable. Historical data is still to be made available. </b>
<p style="text-align: justify; "> </p>
<p style="text-align: justify; ">Five days ago, CIS received a <a href="https://cis-india.org/internet-governance/blog/fy14-customer-payments-final-version/at_download/file">detailed list of ICANN’s revenues</a> from domain name sales and renewals for the fiscal year ending June 2014. The document, sent to us by ICANN’s India head Mr. Samiran Gupta, lists payments received by ICANN from registrars, registries, sponsors and other entities such as the NRO and Country Code TLD administrators. Such granular information is not available at the moment on ICANN’s website as part of its financial transparency disclosures. A <a href="https://cis-india.org/internet-governance/blog/fy14-customer-payments-summary/at_download/file">summary</a> has also been provided by ICANN.</p>
<p style="text-align: justify; ">This revenue disclosure from ICANN comes on the heels of public and email correspondence between CIS and ICANN staff. At the <a href="http://2014.rigf.asia/wp-content/uploads/2014/08/0805APRIGF-Plenary.doc">Asia Pacific Regional IGF</a> (August 3-6, 2014), CIS’ Sunil Abraham sought granular data – both current and historical – on ICANN’s revenues from the domain name industry.</p>
<p style="text-align: justify; ">Again, <a href="http://www.intgovforum.org/cms/174-igf-2014/transcripts/1986-2014-09-04-open-forum-icann-room-4">at the ICANN Open Forum at IGF</a> (4 September 2014), Sunil sought “<i>details of a list of legal entities that give money to ICANN and how much money they give to ICANN every year</i>”. In emails to Kuek Yu-Chuang (ICANN’s Asia Pacific head) and Xavier Calvez (ICANN CFO), CIS had asked for historical data as well.<span> </span></p>
<p style="text-align: justify; ">The global domain name industry is a <a href="http://www.circleid.com/posts/domain_industry_4_billion_2010/">multi-billion dollar industry</a>, and ICANN sits at the centre of the web. ICANN is responsible for the policy-making and introduction of new Top Level Domains (TLDs), and it also performs technical coordination and maintenance of the Internet’s unique identifiers (domain names and IP addresses). For each domain name that is registered or renewed, ICANN receives payment through a complex contractual network of registries and registrars. The domain name industry is ICANN’s single largest revenue source.</p>
<p style="text-align: justify; "><span>Given the impending IANA transition and accountability debates at ICANN, and the </span><a href="http://money.cnn.com/news/newsfeeds/articles/marketwire/1162596.htm">rapid growth</a><span> of the global domain name industry, one would imagine that ICANN is held up to the same standard of accountability as laid down in the right to information mechanisms of many countries. At the ICANN Open Forum (IGF Istanbul), </span><a href="http://www.intgovforum.org/cms/174-igf-2014/transcripts/1986-2014-09-04-open-forum-icann-room-4">Sunil raised</a><span> this very point. Had a Public Information Officer in India failed to respond to a request for information for a month (as ICANN had to CIS’ request for granular revenue data), the officer would have been fined and reprimanded. Since there are no sufficiently effective accountability or reactive transparency measures at ICANN, such penalties are not in place.</span></p>
<p style="text-align: justify; ">In any event, CIS received the list of ICANN’s current domain name revenues after continual email exchanges with ICANN staff. This is undoubtedly heartening, as ICANN has shown itself responsive to repeated requests for transparency. But it remains that ICANN has shared revenue data <i>only</i> for the fiscal year ending June 2014, and historical revenue data is still not publicly available. Neither is a detailed list (current and historical) of ICANN’s expenditures publicly available. Perhaps ICANN could provide the necessary information during its regular Quarterly Stakeholder Reports, as well as on its website. This would go a long way in ascertaining and improving ICANN’s accountability and transparency.</p>
<p style="text-align: justify; ">**</p>
<p><span>The documents:</span></p>
<ol>
<li><a href="https://cis-india.org/internet-governance/blog/fy14-customer-payments-final-version/at_download/file">ICANN’s domain name revenues in FY14</a>.</li>
<li><a href="https://cis-india.org/internet-governance/blog/fy14-customer-payments-summary/at_download/file">Summary of revenue information</a>. </li>
</ol>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014'>https://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014</a>
</p>
No publishergeethaICANNTransparencyAccountability2014-12-12T05:08:02ZBlog EntryReading the Fine Script: Service Providers, Terms and Conditions and Consumer Rights
https://cis-india.org/internet-governance/blog/reading-between-the-lines-service-providers-terms-and-conditions-and-consumer-rights
<b>This year, an increasing number of incidents, related to consumer rights and service providers, have come to light. This blog illustrates the facts of the cases, and discusses the main issues at stake, namely, the role and responsibilities of providers of platforms for user-created content with regard to consumer rights.</b>
<p style="text-align: justify; "><span>On 1st July, 2014 the Federal Trade Commission (FTC) filed a complaint against T-Mobile USA,</span><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn1">[1]</a><span> accusing the service provider of 'cramming' customers bills, with millions of dollars of unauthorized charges. Recently, another service provider, received flak from regulators and users worldwide, after it published a paper, 'Experimental evidence of massive-scale emotional contagion through social networks'.</span><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn2">[2]</a><span> The paper described Facebook's experiment on more than 600,000 users, to determine whether manipulating user-generated content, would affect the emotions of its users.</span></p>
<p style="text-align: justify; ">In both incidents the terms that should ensure the protection of their user's legal rights, were used to gain consent for actions on behalf of the service providers, that were not anticipated at the time of agreeing to the terms and conditions (T&Cs) by the consumer. More precisely, both cases point to the underlying issue of how users are bound by T&Cs, and in a mediated online landscape—highlight, the need to pay attention to the regulations that govern the online engagement of users.</p>
<p style="text-align: justify; "><b>I have read and agree to the terms</b></p>
<p style="text-align: justify; ">In his statement, Chief Executive Officer, John Legere might have referred to T-Mobile as "the most pro-consumer company in the industry",<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn3">[3]</a> however the FTC investigation revelations, that many customers never authorized the charges, suggest otherwise. The FTC investigation also found that, T-Mobile received 35-40 per cent of the amount charged for subscriptions, that were made largely through innocuous services, that customers had been signed up to, without their knowledge or consent. Last month news broke, that just under 700,000 users 'unknowingly' participated in the Facebook study, and while the legality and ethics of the experiment are being debated, what is clear is that Facebook violated consumer rights by not providing the choice to opt in or out, or even the knowledge of such social or psychological experiments to its users.</p>
<p style="text-align: justify; ">Both incidents boil down to the sensitive question of consent. While binding agreements around the world work on the condition of consent, how do we define it and what are the implications of agreeing to the terms?</p>
<p style="text-align: justify; "><b>Terms of Service: Conditions are subject to change </b></p>
<p style="text-align: justify; ">A legal necessity, the existing terms of service (TOS)—as they are also known—as an acceptance mechanism are deeply broken. The policies of online service providers are often, too long, and with no shorter or multilingual versions, require substantial effort on part of the user to go through in detail. A 2008 Carnegie Mellon study estimated it would take an average user 244 hours every year to go through the policies they agree to online.<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn4">[4]</a> Based on the study, Atlantic's Alexis C. Madrigal derived that reading all of the privacy policies an average Internet user encounters in a year, would take 76 working days.<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn5">[5]</a></p>
<p style="text-align: justify; ">The costs of time are multiplied by the fact that terms of services change with technology, making it very hard for a user to keep track of all of the changes over time. Moreover, many services providers do not even commit to the obligation of notifying the users of any changes in the TOS. Microsoft, Skype, Amazon, YouTube are examples of some of the service providers that have not committed to any obligations of notification of changes and often, there are no mechanisms in place to ensure that service providers are keeping users updated.</p>
<p style="text-align: justify; ">Facebook has said that the recent social experiment is perfectly legal under its TOS,<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn6">[6]</a> the question of fairness of the conditions of users consent remain debatable. Facebook has a broad copyright license that goes beyond its operating requirements, such as the right to 'sublicense'. The copyright also does not end when users stop using the service, unless the content has been deleted by everyone else.</p>
<p style="text-align: justify; ">More importantly, since 2007, Facebook has brought major changes to their lengthy TOS about every year.<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn7">[7]</a> And while many point that Facebook is transparent, as it solicits feedback preceding changes to their terms, the accountability remains questionable, as the results are not binding unless 30% of the actual users vote. Facebook can and does, track users and shares their data across websites, and has no obligation or mechanism to inform users of the takedown requests.</p>
<p style="text-align: justify; ">Courts in different jurisdictions under different laws may come to different conclusions regarding these practices, especially about whether changing terms without notifying users is acceptable or not. Living in a society more protective of consumer rights is however, no safeguard, as TOS often include a clause of choice of law which allow companies to select jurisdictions whose laws govern the terms.</p>
<p style="text-align: justify; ">The recent experiment bypassed the need for informed user consent due to Facebook's Data Use Policy<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn8">[8]</a>, which states that once an account has been created, user data can be used for 'internal operations, including troubleshooting, data analysis, testing, research and service improvement.' While the users worldwide may be outraged, legally, Facebook acted within its rights as the decision fell within the scope of T&Cs that users consented to. The incident's most positive impact might be in taking the questions of Facebook responsibilities towards protecting users, including informing them of the usage of their data and changes in data privacy terms, to a worldwide audience.</p>
<p style="text-align: justify; "><b>My right is bigger than yours</b></p>
<p style="text-align: justify; ">Most TOS agreements, written by lawyers to protect the interests of the companies add to the complexities of privacy, in an increasingly user-generated digital world. Often, intentionally complicated agreements, conflict with existing data and user rights across jurisdictions and chip away at rights like ownership, privacy and even the ability to sue. With conditions that that allow for change in terms at anytime, existing users do not have ownership or control over their data.</p>
<p style="text-align: justify; ">In April New York Times, reported of updates to the legal policy of General Mills (GM), the multibillion-dollar food company.<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn9">[9]</a> The update broadly asserted that consumers interacting with the company in a variety of ways and venues no longer can sue GM, but must instead, submit any complaint to “informal negotiation” or arbitration. Since then, GM has backtracked and clarified that “online communities” mentioned in the policy referred only to those online communities hosted by the company on its own websites.<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn10">[10]</a> Clarification aside, as Julia Duncan, Director of Federal programs at American Association for Justice points out, the update in the terms were so broad, that they were open to wide interpretation and anything that consumers purchase from the company could have been held to this clause. <a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn11">[11]</a></p>
<p style="text-align: justify; "><b>Data and whose rights?</b></p>
<p style="text-align: justify; ">Following Snowden revelations, data privacy has become a contentious issue in the EU, and TOS, that allow the service providers to unilaterally alter terms of the contract, will face many challenges in the future. In March Edward Snowden sent his testimony to the European Parliament calling for greater accountability and highlighted that in "a global, interconnected world where, when national laws fail like this, our international laws provide for another level of accountability."<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn12">[12]</a> Following the testimony came the European Parliament's vote in favor of new safeguards on the personal data of EU citizens, when it’s transferred to non-EU.<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn13">[13]</a> The new regulations seek to give users more control over their personal data including the right to ask for data from companies that control it and seek to place the burden of proof on the service providers.</p>
<p style="text-align: justify; ">The regulation places responsibility on companies, including third-parties involved in data collection, transfer and storing and greater transparency on concerned requests for information. The amendment reinforces data subject right to seek erasure of data and obliges concerned parties to communicate data rectification. Also, earlier this year, the European Court of Justice (ECJ) ruled in favor of the 'right to be forgotten'<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn14">[14]</a>. The ECJ ruling recognised data subject's rights override the interest of internet users, however, with exceptions pertaining to nature of information, its sensitivity for the data subject's private life and the role of the data subject in public life.</p>
<p style="text-align: justify; ">In May, the Norwegian Consumer Council filed a complaint with the Norwegian Consumer Ombudsman, “… based on the discrepancies between Norwegian Law and the standard terms and conditions applicable to the Apple iCloud service...”, and, “...in breach of the law regarding control of marketing and standard agreements.”<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn15">[15]</a> The council based its complaint on the results of a study, published earlier this year, that found terms were hazy and varied across services including iCloud, Drop Box, Google Drive, Jotta Cloud, and Microsoft OneDrive. The Norwegian Council study found that Google TOS, allow for users content to be used for other purposes than storage, including by partners and that it has rights of usage even after the service is cancelled. None of the providers provide a guarantee that data is safe from loss, while many, have the ability to terminate an account without notice. All of the service providers can change the terms of service but only Google and Microsoft give an advance notice.</p>
<p style="text-align: justify; ">The study also found service providers lacking with respect to European privacy standards, with many allowing for browsing of user content. Tellingly, Google had received a fine in January by the French Data Protection Authority, that stated regarding Google's TOS, "permits itself to combine all the data it collects about its users across all of its services without any legal basis."</p>
<p style="text-align: justify; "><b>To blame or not to blame</b></p>
<p style="text-align: justify; ">Facebook is facing a probe by the UK Information Commissioner's Office, to assess if the experiment conducted in 2012 was a violation of data privacy laws.<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn16">[16]</a> The FTC asked the court to order T-Mobile USA, to stop mobile cramming, provide refunds and give up any revenues from the practice. The existing mechanisms of online consent, do not simplify the task of agreeing to multiple documents and services at once, a complexity which manifolds, with the involvement of third parties.</p>
<p style="text-align: justify; ">Unsurprisingly, T-Mobile's Legere termed the FTC lawsuit misdirected and blamed the companies providing the text services for the cramming.<a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftn17">[17]</a> He felt those providers should be held accountable, despite allegations that T-Mobile's billing practices made it difficult for consumers to detect that they were being charged for unauthorized services and having shared revenues with third-party providers. Interestingly, this is the first action against a wireless carrier for cramming and the FTC has a precedent of going after smaller companies that provide the services.</p>
<p style="text-align: justify; ">The FTC charged T-Mobile USA with deceptive billing practices in putting the crammed charges under a total for 'use charges' and 'premium services' and failure to highlight that portion of the charge was towards third-party charges. Further, the company urged customers to take complaints to vendors and was not forthcoming with refunds. For now, T-Mobile may be able to share the blame, the incident brings to question its accountability, especially as going forward it has entered a pact along with other carriers in USA including Verizon and AT&T, agreeing to stop billing customers for third-party services. Even when practices such as cramming are deemed illegal, it does not necessarily mean that harm has been prevented. Often users bear the burden of claiming refunds and litigation comes at a cost while even after being fined companies could have succeeded in profiting from their actions.</p>
<p style="text-align: justify; "><b>Conclusion </b></p>
<p style="text-align: justify; ">Unfair terms and conditions may arise when service providers include terms that are difficult to understand or vague in their scope. TOS that prevent users from taking legal action, negate liability for service providers actions despite the companies actions that may have a direct bearing on users, are also considered unfair. More importantly, any term that is hidden till after signing the contract, or a term giving the provider the right to change the contract to their benefit including wider rights for service provider wide in comparison to users such as a term that that makes it very difficult for users to end a contract create an imbalance. These issues get further complicated when the companies control and profiting from data are doing so with user generated data provided free to the platform.</p>
<p style="text-align: justify; ">In the knowledge economy, web companies play a decisive role as even though they work for profit, the profit is derived out of the knowledge held by individuals and groups. In their function of aggregating human knowledge, they collect and provide opportunities for feedback of the outcomes of individual choices. The significance of consent becomes a critical part of the equation when harnessing individual information. In France, consent is part of the four conditions necessary to be forming a valid contract (article 1108 of the Code Civil).</p>
<p style="text-align: justify; ">The cases highlight the complexities that are inherent in the existing mechanisms of online consent. The question of consent has many underlying layers such as reasonable notice and contractual obligations related to consent such as those explored in the case in Canada, which looked at whether clauses of TOS were communicated reasonably to the user, a topic for another blog. For now, we must remember that by creating and organising social knowledge that further human activity, service providers, serve a powerful function. And as the saying goes, with great power comes great responsibility.</p>
<hr size="1" style="text-align: justify; " width="33%" />
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref1">[1]</a> 'FTC Alleges T-Mobile Crammed Bogus Charges onto Customers’ Phone Bills', published 1 July, 2014. See: http://www.ftc.gov/news-events/press-releases/2014/07/ftc-alleges-t-mobile-crammed-bogus-charges-customers-phone-bills</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref2">[2]</a> 'Experimental evidence of massive-scale emotional contagion through social networks', Adam D. I. Kramera,1, Jamie E. Guilloryb, and Jeffrey T. Hancock, published March 25, 2014. See:http://www.pnas.org/content/111/24/8788.full.pdf+html?sid=2610b655-db67-453d-bcb6-da4efeebf534</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref3">[3]</a> 'U.S. sues T-Mobile USA, alleges bogus charges on phone bills, Reuters published 1st July, 2014 See: http://www.reuters.com/article/2014/07/01/us-tmobile-ftc-idUSKBN0F656E20140701</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref4">[4]</a> 'The Cost of Reading Privacy Policies', Aleecia M. McDonald and Lorrie Faith Cranor, published I/S: A Journal of Law and Policy for the Information Society 2008 Privacy Year in Review issue. See: http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref5">[5]</a> 'Reading the Privacy Policies You Encounter in a Year Would Take 76 Work Days', Alexis C. Madrigal, published The Atlantic, March 2012 See: http://www.theatlantic.com/technology/archive/2012/03/reading-the-privacy-policies-you-encounter-in-a-year-would-take-76-work-days/253851/</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref6">[6]</a> Facebook Legal Terms. See: https://www.facebook.com/legal/terms</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref7">[7]</a> 'Facebook's Eroding Privacy Policy: A Timeline', Kurt Opsahl, Published Electronic Frontier Foundation , April 28, 2010 See:https://www.eff.org/deeplinks/2010/04/facebook-timeline</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref8">[8]</a> Facebook Data Use Policy. See: https://www.facebook.com/about/privacy/</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref9">[9]</a> 'When ‘Liking’ a Brand Online Voids the Right to Sue', Stephanie Strom, published in New York Times on April 16, 2014 See: http://www.nytimes.com/2014/04/17/business/when-liking-a-brand-online-voids-the-right-to-sue.html?ref=business</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref10">[10]</a> Explaining our website privacy policy and legal terms, published April 17, 2014 See:http://www.blog.generalmills.com/2014/04/explaining-our-website-privacy-policy-and-legal-terms/#sthash.B5URM3et.dpufhttp://www.blog.generalmills.com/2014/04/explaining-our-website-privacy-policy-and-legal-terms/</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref11">[11]</a> General Mills Amends New Legal Policies, Stephanie Strom, published in New York Times on 1http://www.nytimes.com/2014/04/18/business/general-mills-amends-new-legal-policies.html?_r=0</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref12">[12]</a> Edward Snowden Statement to European Parliament published March 7, 2014. See: http://www.europarl.europa.eu/document/activities/cont/201403/20140307ATT80674/20140307ATT80674EN.pdf</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref13">[13]</a> Progress on EU data protection reform now irreversible following European Parliament vote, published 12 March 201 See: http://europa.eu/rapid/press-release_MEMO-14-186_en.htm</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref14">[14]</a> European Court of Justice rules Internet Search Engine Operator responsible for Processing Personal Data Published by Third Parties, Jyoti Panday, published on CIS blog on May 14, 2014. See: http://cis-india.org/internet-governance/blog/ecj-rules-internet-search-engine-operator-responsible-for-processing-personal-data-published-by-third-parties</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref15">[15]</a> Complaint regarding Apple iCloud’s terms and conditions , published on 13 May 2014 See:http://www.forbrukerradet.no/_attachment/1175090/binary/29927</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref16">[16]</a> 'Facebook faces UK probe over emotion study' See: http://www.bbc.co.uk/news/technology-28102550</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Reading%20the%20fine%20script%20When%20terms%20and%20conditions%20apply.docx#_ftnref17">[17]</a> Our Reaction to the FTC Lawsuit See: http://newsroom.t-mobile.com/news/our-reaction-to-the-ftc-lawsuit.htm</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/reading-between-the-lines-service-providers-terms-and-conditions-and-consumer-rights'>https://cis-india.org/internet-governance/blog/reading-between-the-lines-service-providers-terms-and-conditions-and-consumer-rights</a>
</p>
No publisherjyotiSocial MediaConsumer RightsGoogleinternet and societyPrivacyTransparency and AccountabilityIntermediary LiabilityAccountabilityFacebookData ProtectionPoliciesSafety2014-07-04T06:31:37ZBlog EntryICANN’s Documentary Information Disclosure Policy – I: DIDP Basics
https://cis-india.org/internet-governance/blog/icann2019s-documentary-information-disclosure-policy-2013-i-didp-basics
<b>In a series of blogposts, Vinayak Mithal analyses ICANN's reactive transparency mechanism, comparing it with freedom of information best practices. In this post, he describes the DIDP and its relevance for the Internet community.</b>
<p style="text-align: justify; ">The Internet Corporation for Assigned Names and Numbers (“ICANN”) is a non-profit corporation incorporated in the state of California and vested with the responsibility of managing the DNS root, generic and country-code Top Level Domain name system, allocation of IP addresses and assignment of protocol identifiers. As an internationally organized corporation with its own multi-stakeholder community of Advisory Groups and Supporting Organisations, ICANN is a large and intricately woven governance structure. Necessarily, ICANN undertakes through its Bye-laws that “<i>in performing its functions ICANN shall remain accountable to the Internet community through mechanisms that enhance ICANN’s effectiveness</i>”. While many of its documents, such as its Annual Reports, financial statements and minutes of Board meetings, are public, ICANN has instituted the Documentary Information Disclosure Policy (“DIDP”), which like the RTI in India, is a mechanism through which public is granted access to documents with ICANN which are not otherwise available publicly. It is this policy – the DIDP – that I propose to study.</p>
<p style="text-align: justify; ">In a series of blogposts, I propose to introduce the DIDP to unfamiliar ears, and to analyse it against certain freedom of information best practices. Further, I will analyse ICANN’s responsiveness to DIDP requests to test the effectiveness of the policy. However, before I undertake such analysis, it is first good to know what the DIDP is, and how it is crucial to ICANN’s present and future accountability.</p>
<h3><strong>What is the DIDP?</strong></h3>
<p style="text-align: justify; ">One of the core values of the organization as enshrined under Article I Section 4.10 of the Bye-laws note that “in performing its functions ICANN shall remain accountable to the Internet community through mechanisms that enhance ICANN’s effectiveness”. Further, Article III of the ICANN Bye-laws, which sets out the transparency standard required to be maintained by the organization in the preliminary, states - “ICANN and its constituent bodies shall operate to the maximum extent feasible in an open and transparent manner and consistent with procedures designed to ensure fairness”.</p>
<p style="text-align: justify; ">Accordingly, ICANN is under an obligation to maintain a publicly accessible website with information relating to its Board meetings, pending policy matters, agendas, budget, annual audit report and other related matters. It is also required to maintain on its website, information about the availability of accountability mechanisms, including reconsideration, independent review, and Ombudsman activities, as well as information about the outcome of specific requests and complaints invoking these mechanisms.</p>
<p style="text-align: justify; ">Pursuant to Article III of the ICANN Bye-laws for Transparency, ICANN also adopted the DIDP for disclosure of publicly unavailable documents and publish them over the Internet. This becomes essential in order to safeguard the effectiveness of its international multi-stakeholder operating model and its accountability towards the Internet community. Thereby, upon request made by members of the public, ICANN undertakes to furnish documents that are in possession, custody or control of ICANN and which are not otherwise publicly available, provided it does not fall under any of the defined conditions for non-disclosure. Such information can be requested via an email to <a href="mailto:didp@icann.org">didp@icann.org</a>.</p>
<h3><strong>Procedure</strong></h3>
<ul style="text-align: justify; ">
<li>Upon the receipt of a DIDP request, it is reviewed by the ICANN staff.</li>
<li>Relevant documents are identified and interview of the appropriate staff members is conducted.</li>
<li>The documents so identified are then assessed whether they come under the ambit of the conditions for non-disclosure.
<ul>
<li>Yes - A review is conducted as to whether, under the particular circumstances, the public interest in disclosing the documentary information outweighs the harm that may be caused by such disclosure. </li>
<li>Documents which are considered as responsive and appropriate for public disclosure are posted on the ICANN website.</li>
<li>In case of request of documents whose publication is appropriate but premature at the time of response then the same is indicated in the response and upon publication thereafter, is notified to the requester.</li>
</ul>
</li>
</ul>
<h3><strong>Time Period and Publication </strong></h3>
<p style="text-align: justify; ">The response to the DIDP request is prepared by the staff and is made available to the requestor within a period of 30 days of receipt of request via email. The Request and the Response is also posted on the DIDP page <a href="http://www.icann.org/en/about/transparency">http://www.icann.org/en/about/transparency</a> in accordance with the posting guidelines set forth at <a href="http://www.icann.org/en/about/transparency/didp">http://www.icann.org/en/about/transparency/didp</a>.</p>
<h3><strong>Conditions for Non-Disclosure</strong></h3>
<p style="text-align: justify; ">There are certain circumstances under which ICANN may refuse to provide the documents requested by the public. The conditions so identified by ICANN have been categorized under 12 heads and includes internal information, third-party contracts, non-disclosure agreements, drafts of all reports, documents, etc., confidential business information, trade secrets, information protected under attorney-client privilege or any other such privilege, information which relates to the security and stability of the internet, etc.</p>
<p style="text-align: justify; ">Moreover, ICANN may refuse to provide information which is not designated under the specified conditions for non-disclosure if in its opinion the harm in disclosing the information outweighs the public interest in disclosing the information. Further, requests for information already available publicly and to create or compile summaries of any documented information may be declined by ICANN.</p>
<h3><strong>Grievance Redressal Mechanism </strong></h3>
<p style="text-align: justify; ">In certain circumstances the requestor might be aggrieved by the response received and so he has a right to appeal any decision of denial of information by ICANN through the Reconsideration Request procedure or the Independent Review procedure established under Section 2 and 3 of Article IV of the ICANN Bye-laws respectively. The application for review is made to the Board which has designated a Board Governance Committee for such reconsideration. The Independent Review is done by an independent third-party of Board actions, which are allegedly inconsistent with the Articles of Incorporation or Bye-laws of ICANN.</p>
<h3><strong>Why does the DIDP matter?</strong></h3>
<p style="text-align: justify; ">The breadth of ICANN’s work and its intimate relationship to the continued functioning of the Internet must be appreciated before our analysis of the DIDP can be of help. ICANN manages registration and operations of generic and country-code Top Level Domains (TLD) in the world. This is a TLD:</p>
<p style="text-align: justify; "><img src="https://cis-india.org/internet-governance/blog/TLD.jpg/@@images/1bb21859-d1aa-41c6-b5e0-4041ae099f54.jpeg" alt="TLD" class="image-inline" title="TLD" /></p>
<p style="text-align: justify; ">(<i>Source</i>: <a class="external-link" href="http://geovoices.geonetric.com/wp-content/uploads/2013/11/parts_of_a_domain_name.jpg">here</a>)</p>
<p style="text-align: justify; ">Operation of many gTLDs, such as .com, .biz or .info, is under contract with ICANN and an entity to which such operation is delegated. For instance, Verisign operates the .com Registry. Any organization that wishes to allow others to register new domain names under a gTLD (sub-domains such as ‘benefithealth’ in the above example) must apply to ICANN to be an ICANN-accredited Registrar. GoDaddy, for instance, is one such ICANN-accredited Registrar. Someone like you or me, who wants to get our own website – say, vinayak.com – buys from GoDaddy, which has a contract with ICANN under which it pays periodic sums for registration and renewal of individual domain names. When I buy from an ICANN-accredited Registrar, the Registrar informs the Registry Operator (say, Verisign), who then adds the new domain name (vinayak.com) to its registry list, and then it can be accessed on the Internet.</p>
<p style="text-align: justify; ">ICANN’s reach doesn’t stop here, technically. To add a new gTLD, an entity has to apply to ICANN, after which the gTLD has to be added to the root file of the Internet. The root file, which has the list of all TLDs (or all ‘legitimate’ TLDs, some would say), is amended by Verisign under its tripartite contract with the US Government and ICANN, after which Verisign updates the file in its ‘A’ <a href="http://root-servers.org/">root server</a>. The other 12 root servers use the same root file as the Verisign root server. Effectively, this means that <i>only </i>ICANN-approved TLDs (and all sub-domains such as ‘benefithealth’ or ‘vinayak’) are available across the Internet, on a global scale. Or at least, ICANN-approved TLDs have the most and widest reach. ICANN similarly manages country-code TLDs, such as .in for India, .pk for Pakistan or .uk for the United Kingdom.</p>
<p style="text-align: justify; ">All of this leads us to wonder whether the extent of ICANN’s voluntary and reactive transparency is sufficient for an organization of such scale and impact on the Internet, perhaps as much impact as the governments do. In the next post, I will analyse the DIDP’s conditions for non-disclosure of information with certain freedom of information best practices.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><i>Vinayak Mithal is a final year student at the Rajiv Gandhi National University of Law, Punjab. His interests lie in Internet governance and other aspects of tech law, which he hopes to explore during his internship at CIS and beyond. He may be reached at vinayakmithal@gmail.com.</i></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/icann2019s-documentary-information-disclosure-policy-2013-i-didp-basics'>https://cis-india.org/internet-governance/blog/icann2019s-documentary-information-disclosure-policy-2013-i-didp-basics</a>
</p>
No publisherVinayak MithalInternet GovernanceAccountabilityICANNDIDPTransparency2014-07-01T13:01:34ZBlog EntryComments to ICANN Supporting the DNS Industry in Underserved Regions
https://cis-india.org/internet-governance/blog/cis-comments-supporting-the-dns-industry-in-underserved-regions
<b>Towards exploring ideas and strategies to help promote the domain name industry in regions that have typically been underserved, ICANN published a call for public comments on May 14, 2014. In particular, ICANN sought comments related to existing barriers to Registrar Accreditation and operation and suggestions on how these challenges might be mitigated. CIS contributed to the comments on this report, which will be used to determine next steps to support the domain name industry in underserved regions.</b>
<p style="text-align: justify; "><b> </b><b> </b></p>
<p style="text-align: justify; "><span>Domain names and the DNS are used in virtually every aspect of the Internet, and without the DNS, the Internet as we know it, would not exist. The DNS root zone has economic value and ICANN's contract with Verisign delineates the selling of domain names via only ICANN accredited registrars. By the indirect virtue of its control of the root, ICANN has the power and capacity to influence the decisions of entities involved in the management and operations of the DNS, including registrars.</span></p>
<p style="text-align: justify; "><b>Too far, too many?</b></p>
<p style="text-align: justify; ">We acknowledge some of the efforts for improvements, in particular with reference to barriers to participation in DNS-related business in regions such as Africa and the Middle East, including the creation of a fellowship program, and increased availability of translated materials. However, despite these efforts, the gaps in the distribution of the DNS registrars and registries across the world has become an issue of heightened concern.</p>
<p style="text-align: justify; ">This is particularly true, in light of the distribution of registrars and given that, of the 1124 ICANN-accredited registrars, North America has a total of 765 registrars. US and Canada together, have more than double the number of registrars than the rest of the world taken collectively. To put things further into perspective, of the total number of registrars 725 are from the United States alone, and 7 from the 54 countries of Africa.</p>
<p style="text-align: justify; ">A barrier to ICANN's capacity building initiatives has been the lack of trust, given the general view that, ICANN focuses on policies that favour entrenched incumbents from richer countries. Without adequate representation from poorer countries, and adequate representation from the rest of the world's Internet population, there is no hope of changing these policies or establishing trust. The entire region of Latin America and the Caribbean, comprising of a population of 542.4 million internet users<a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftn1">[1]</a> in 2012, has only 22 registrars spread across a total of 10 countries. In Europe, covering a population of 518.5 million internet users<a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftn2">[2]</a>, are 158 registrars and 94 of those are spread across Germany, UK, France, Spain and Netherlands. The figures paint the most dismal picture with respect to South Asia, in particular India, where just 16 registrars cater to the population of internet users that is expected to reach 243 million by June 2014<a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftn3">[3]</a>.</p>
<p style="text-align: justify; ">While we welcome ICANN's research and outreach initiatives with regard to the DNS ecosystem in underserved regions, without the crucial first step of clarifying the metrics that constitute an underserved region, these efforts might not bear their intended impact. ICANN cannot hope to identify strategies towards bridging the gaps that exist in the DNS ecosystem, without going beyond the current ICANN community, which, while nominally being 'multistakeholder' and open to all, grossly under-represents those parts of the world that aren't North America and Western Europe.</p>
<p style="text-align: justify; ">The lack of registries in the developing world is another significant issue that needs to be highlighted and addressed. The top 5 gTLD registries are in the USA and it is important that users and the community feels that the fees being collected are equivalent compensation for the services they provide. As registries operate in captive markets that is allocated by ICANN, we invite ICANN to improve its financial accountability, by enabling its stakeholders to assess the finances collected on these registrations.</p>
<p style="text-align: justify; "><b>Multistakeholderism—community and consensus </b></p>
<p style="text-align: justify; ">As an organization that holds itself a champion of the bottom-up policy development process, and, as a private corporation fulfilling a public interest function, ICANN, is in a unique position to establish new norms of managing common resources. In theory and under ICANN’s extensive governance rules, the board is a legislative body that is only supposed to approve the consensus decisions of the community and the staff wield executive control. However in reality, both board and the staff have been criticised for decisions that are not backed by the community.</p>
<p style="text-align: justify; ">The formal negotiations between ICANN and Registrar Stakeholder Group Negotiating Team (Registrar NT) over the new Registrar Accreditation Agreement (RAA), is an example of processes that have a multistakeholder approach but fail on values of deliberation and pluralistic decision making.<a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftn4">[4]</a> ICANN staff insisted on including a "proposed Revocation (or "blow up") Clause that would have given them the ability to unilaterally terminate all registrar accreditations" and another proposal seeking to provide ICANN Board ability to unilaterally amend the RAA (identical to proposal inserted in the gTLD registry agreement - a clause met with strong opposition not only from the Registry Stakeholder Group but from the broader ICANN community).</p>
<p style="text-align: justify; ">Both proposals undermine the multistakeholder approach of the ICANN governance framework, as they seek more authority for the Board, rather than the community or protections for registrars and more importantly, registrants. The proposed amendments to the RAA were not issues raised by Law Enforcement, GAC or the GNSO but by the ICANN staff and received considerable pushback from the Registrar Stakeholder Group Negotiating Team (Registrar NT). The bottom-up policy making process at ICANN has also been questioned with reference to the ruling on vertical integration between registries and registrars, where the community could not even approach consensus.<a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftn5">[5]</a> Concerns have also been raised about the extent of the power granted to special advisory bodies handpicked by the ICANN president, the inadequacy of existing accountability mechanisms for providing a meaningful and external check on Board decisions and the lack of representation of underserved regions on these special bodies. ICANN must evolve its accountability mechanisms, to go beyond the opportunity to provide comments on proposed policy, and extend to a role for stakeholders in decision making, which is presently a privilege reserved for staff rather than bottom-up consensus.</p>
<p style="text-align: justify; ">ICANN was created as a consensus based organisation that would enable the Internet, its stakeholders and beneficiaries to move forward in the most streamlined, cohesive manner.<a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftn6">[6]</a> Through its management of the DNS, ICANN is undertaking public governance duties, and it is crucial that it upholds the democratic values entrenched in the multistakeholder framework. Bottom up policy making extends beyond passive participation and has an impact on the direction of the policy. Presently, while anyone can comment on policy issues, only a few have a say in which comments are integrated towards outcomes and action. We would like to stress not just improving and introducing checks and balances within the ICANN ecosystem, but also, integrating accountability and transparency practices at all levels of decision making.</p>
<p style="text-align: justify; "><b>Bridging the gap</b></p>
<p style="text-align: justify; ">We welcome the Africa Strategy working group and the public community process that was initiated by ICANN towards building domain name business industry in Africa, and, we are sure there will be lessons that will applicable to many other underserved regions. In the context of this report CIS, wants to examine the existing criteria of the accreditation process. As ICANN's role evolves and its revenues grow across the DNS and the larger Internet landscape, it is important in our view, that ICANN review and evolve it's processes for accreditation and see if they are as relevant today, as they were when launched.</p>
<p style="text-align: justify; ">The relationship between ICANN and every accredited registrar is governed by the individual RAA, which set out the obligations of both parties, and, we recommend simplifying and improving them. The RAA language is complex, technical and not relevant to all regions and presently, there are no online forms for the accreditation process. While ICANN's language will be English, the present framing has an American bias—we recommend—creating an online application process and simplifying the language keeping it contextual to the region. It would also be helpful, if ICANN invested in introducing some amount of standardization across forms, this would reduce the barrier of time and effort it takes to go through complex legal documents and contribute to the growth of DNS business.</p>
<p style="text-align: justify; ">The existing accreditation process for registrars requires applicants to procure US$70,000 or more for the ICANN accreditation to become effective. The applicants are also required to obtain and maintain for the length of accreditation process, a commercial general liability insurance with a policy limit of US$500,000 or more. The working capital and the insurance are quite high and create a barrier to entrance of underserved regions in the DNS ecosystem.</p>
<p style="text-align: justify; ">With lack of appropriate mechanisms registrars resort to using US companies for insurance, creating more foreign currency pressures on themselves. The commercial general liability insurance requirement for the registrars is not limited to their functioning as a registrar perhaps not the most appropriate option. <span>ICANN should, and must, increase efforts towards helping registrars find suitable insurance providers and scaling down the working capital. Solutions may lie in exploring variable fee structures adjusted against profits, and derived after considering factors such as cost of managing domain names and sub-domain names, expansion needs, ICANN obligations and services, financial capacities of LDCs and financial help pledged to disadvantaged groups or countries.</span></p>
<p style="text-align: justify; ">Presently, the start-up capital required is too high for developing countries, and this is reflected in the number of registries in these areas. Any efforts to improve the DNS ecosystem in underserved regions, must tackle this by scaling down the capital in proportion to the requirements of the region.</p>
<p style="text-align: justify; ">Another potential issue that ICANN should consider, is that users getting sub-domain names from local registrars located in their own country, are usually taxed on the transaction, however, online registration through US registrars spares users from paying taxes in their country.<a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftn7">[7]</a> This could create a reverse incentive for registering domain sub-names online from US registrars. ICANN should push forward on efforts to ensure that registrars are sustainable by providing incentives for registering in underserved regions and help towards maintain critical mass of the registrants. The Business Constituency (BC)—the voice of commercial Internet users within ICANN, could play a role in this and ICANN should endeavour to either, expand the BC function or create a separate constituency for the representation of underserved regions.</p>
<hr size="1" style="text-align: justify; " width="33%" />
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftnref1">[1]</a> Internet Users and Population stats 2012. http://www.internetworldstats.com/stats2.htm</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftnref2">[2]</a> Internet Users and Population stats 2012. http://www.internetworldstats.com/stats4.htm</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftnref3">[3]</a> Times of India IAMAI Report. http://timesofindia.indiatimes.com/tech/tech-news/India-to-have-243-million-internet-users-by-June-2014-IAMAI/articleshow/29563698.cms</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftnref4">[4]</a> Mar/07/2013 - Registrar Stakeholder Group Negotiating Team (Registrar NT) Statement Regarding ICANN RAA Negotiations.http://www.icannregistrars.org/calendar/announcements.php</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftnref5">[5]</a> Kevin Murphy, Who runs the internet? An ICANN 49 primer. http://domainincite.com/16177-who-runs-the-internet-an-icann-49-primer</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftnref6">[6]</a> Stephen Ryan, Governing Cyberspace: ICANN, a Controversial Internet Standards Body http://www.fed-soc.org/publications/detail/governing-cyberspace-icann-a-controversial-internet-standards-body</p>
<p style="text-align: justify; "><a href="file:///C:/Users/jyoti/Desktop/Comments%20on%20Supporting%20the%20DNS%20Industry%20in%20Underserved%20Regions.doc#_ftnref7">[7]</a> Open Root-Financing LDCs in the WSIS process. See: http://www.open-root.eu/about-open-root/news/financing-ldcs-in-the-wsis-process</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/cis-comments-supporting-the-dns-industry-in-underserved-regions'>https://cis-india.org/internet-governance/blog/cis-comments-supporting-the-dns-industry-in-underserved-regions</a>
</p>
No publisherjyotiIG4allICANNInternet GovernanceAccountability2014-07-04T06:48:36ZBlog EntryCIS Comments: Enhancing ICANN Accountability
https://cis-india.org/internet-governance/blog/cis-comments-enhancing-icann-accountability
<b>On May 6, 2014, ICANN published a call for public comments on "Enhancing ICANN Accountability". This comes in the wake of the IANA stewardship transition spearheaded by ICANN and related concerns of ICANN's external and internal accountability mechanisms. Centre for Internet and Society contributed to the call for comments.</b>
<h3><strong>Introduction:</strong></h3>
<p style="text-align: justify; ">On March 14, 2014, the US National Telecommunications and Information Administration <a href="http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions">announced its intent</a> to transition key Internet domain name functions to the global multi-stakeholder Internet governance community. ICANN was tasked with the development of a proposal for transition of IANA stewardship, for which ICANN subsequently <a href="https://www.icann.org/resources/pages/draft-proposal-2014-04-08-en">called for public comments</a>. At NETmundial, ICANN President and CEO Fadi Chehadé acknowledged that the IANA stewardship transition and improved ICANN accountability were <a href="http://www.internetcommerce.org/issuance-of-netmundial-multistakeholder-statement-concludes-act-one-of-2014-internet-governance-trifecta/">inter-related issues</a>, and <a href="http://blog.icann.org/2014/05/icanns-accountability-in-the-wake-of-the-iana-functions-stewardship-transition/">announced</a> the impending launch of a process to strengthen and enhance ICANN accountability in the absence of US government oversight. The subsequent call for public comments on “Enhancing ICANN Accountability” may be found <a href="https://www.icann.org/resources/pages/enhancing-accountability-2014-05-06-en">here</a>.</p>
<h3><strong>Suggestions for improved accountability:</strong></h3>
<p style="text-align: justify; ">In the event, Centre for Internet and Society (“CIS”) wishes to limit its suggestions for improved ICANN accountability to matters of reactive or responsive transparency on the part of ICANN to the global multi-stakeholder community. We propose the creation and implementation of a robust “freedom or right to information” process from ICANN, accompanied by an independent review mechanism.</p>
<p style="text-align: justify; ">Article III of ICANN Bye-laws note that “<i>ICANN and its constituent bodies shall operate to the maximum extent feasible in an open and transparent manner and consistent with procedures designed to ensure fairness</i>”. As part of this, Article III(2) note that ICANN shall make publicly available information on, <i>inter alia</i>, ICANN’s budget, annual audit, financial contributors and the amount of their contributions, as well as information on accountability mechanisms and the outcome of specific requests and complaints regarding the same. Such accountability mechanisms include reconsideration (Article IV(2)), independent review of Board actions (Article IV(3)), periodic reviews (Article IV(4)) and the Ombudsman (Article V).</p>
<p style="text-align: justify; ">Further, ICANN’s Documentary Information Disclosure Policy (“DIDP”) sets forth a process by which members of the public may request information “<i>not already publicly available</i>”. ICANN <a href="https://www.icann.org/resources/pages/didp-2012-02-25-en">may respond</a> (either affirmatively or in denial) to such requests within 30 days. Appeals to denials under the DIDP are available under the reconsideration or independent review procedures, to the extent applicable.</p>
<p style="text-align: justify; ">While ICANN has historically been prompt in its response to DIDP Requests, CIS is of the view that absent the commitments in the AoC following IANA stewardship transition, it would be desirable to amend and strengthen Response and Appeal procedures for DIDP and other, broader disclosures. Our concerns stem from the fact that, <i>first</i>, the substantive scope of appeal under the DIDP, on the basis of documents requested, is unclear (say, contracts or financial documents regarding payments to Registries or Registrars, or a detailed, granular break-up of ICANN’s revenue and expenditures); and <i>second</i>, that grievances with decisions of the Board Governance Committee or the Independent Review Panel cannot be appealed.</p>
<p style="text-align: justify; ">Therefore, CIS proposes a mechanism based on “right to information” best practices, which results in transparent and accountable governance at governmental levels.</p>
<p style="text-align: justify; "><i>First</i>, we propose that designated members of ICANN staff shoulder responsibility to respond to information requests. The identity of such members (information officers, say) ought to be made public, including in the response document.</p>
<p style="text-align: justify; "><i>Second</i>, an independent, third party body should be constituted to sit in appeal over information officers’ decisions to provide or decline to provide information. Such body may be composed of nominated members from the global multi-stakeholder community, with adequate stakeholder-, regional- and gender-representation. However, such members should not have held prior positions in ICANN or its related organizations. During the appointed term of the body, the terms and conditions of service ought to remain beyond the purview of ICANN, similar to globally accepted principles of an independent judiciary. For instance, the Constitution of India forbids any disadvantageous alteration of privileges and allowances of judges of the <a href="http://www.constitution.org/cons/india/p05125.html">Supreme Court</a> and <a href="http://www.constitution.org/cons/india/p06221.html">High Courts</a> during tenure.</p>
<p style="text-align: justify; "><i>Third</i>, and importantly, punitive measures ought to follow unreasonable, unexplained or illegitimate denials of requests by ICANN information officers. In order to ensure compliance, penalties should be made continuing (a certain prescribed fine for each day of information-denial) on concerned officers. Such punitive measures are accepted, for instance, in Section 20 of India’s Right to Information Act, 2005, where the review body may impose continuing penalties on any defaulting officer.</p>
<p style="text-align: justify; "><i>Finally</i>, exceptions to disclosure should be finite and time-bound. Any and all information exempted from disclosure should be clearly set out (and not merely as categories of exempted information). Further, all exempted information should be made public after a prescribed period of time (say, 1 year), after which any member of the public may request for the same if it continues to be unavailable.</p>
<p style="text-align: justify; ">CIS hopes that ICANN shall deliver on its promise to ensure and enhance its accountability and transparency to the global multi-stakeholder community. To that end, we hope our suggestions may be positively considered.</p>
<h3 style="text-align: justify; "><strong>Comment repository</strong>:</h3>
<p style="text-align: justify; ">All comments received by ICANN during the comment period (May 6, 2014 to June 6, 2014) may be found <a href="http://forum.icann.org/lists/comments-enhancing-accountability-06may14/">at this link</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/cis-comments-enhancing-icann-accountability'>https://cis-india.org/internet-governance/blog/cis-comments-enhancing-icann-accountability</a>
</p>
No publishergeethaIANAInternet GovernanceNETmundialICANNAccountability2014-06-10T13:03:57ZBlog EntryCIS Statement at ICANN 49's Public Forum
https://cis-india.org/internet-governance/blog/icann49-public-forum-statement
<b>This was a statement made by Pranesh Prakash at the ICANN 49 meeting (on March 27, 2014), arguing that ICANN's bias towards the North America and Western Europe result in a lack of legitimacy, and hoping that the IANA transition process provides an opportunity to address this.</b>
<p>Good afternoon. My name is Pranesh Prakash, and I'm with the Yale Information Society Project and the Centre for Internet and Society.</p>
<p>I am extremely concerned about the accountability of ICANN to the global community. Due to various decisions made by the US government relating to ICANN's birth, ICANN has had a troubled history with legitimacy. While it has managed to gain and retain the confidence of the technical community, it still lacks political legitimacy due to its history. The NTIA's decision has presented us an opportunity to correct this.</p>
<p>However, ICANN can't hope to do so without going beyond the current ICANN community, which while nominally being 'multistakeholder' and open to all, grossly under-represents those parts of the world that aren't North America and Western Europe.</p>
<p>Of the 1010 ICANN-accredited registrars, 624 are from the United States, and 7 from the 54 countries of Africa. In a session yesterday, a large number of the policies that favour entrenched incumbents from richer countries were discussed. But without adequate representation from poorer countries, and adequate representation from the rest of the world's Internet population, there is no hope of changing these policies.</p>
<p>This is true not just of the business sector, but of all the 'stakeholders' that are part of global Internet policymaking, whether they follow the ICANN multistakeholder model or another. A look at the boardmembers of the Internet Architecture Board, for instance, would reveal how skewed the technical community can be, whether in terms of geographic or gender diversity.</p>
<p>Without greater diversity within the global Internet policymaking communities, there is no hope of equity, respect for human rights -- civil, political, cultural, social and economic --, and democratic funtioning, no matter how 'open' the processes seem to be, and no hope of ICANN accountability either.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/icann49-public-forum-statement'>https://cis-india.org/internet-governance/blog/icann49-public-forum-statement</a>
</p>
No publisherpraneshIANAIG4allInternet GovernanceAccountabilityICANNNorth vs South2014-06-04T05:31:44ZBlog Entry