The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 21 to 27.
DIDP Request #5: The Ombudsman and ICANN's Misleading Response to Our Request
https://cis-india.org/internet-governance/blog/didp-request-5-the-ombudsman-and-icanns-misleading-response-to-our-request-1
<b>CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of the complaints received and resolved, parties involved and the nature of complaints under the Ombudsman process. CIS' request and ICANN's response are detailed below. ICANN's response is misleading in its insistence on confidentiality of all Ombudsman complaints and resolutions.</b>
<div class="page" title="Page 1">
<div class="layoutArea">
<div class="column">
<p style="text-align: justify; "> </p>
<h2 style="text-align: justify; ">CIS Request</h2>
<p style="text-align: justify; "><span>26 December 2014</span></p>
</div>
</div>
<div class="layoutArea">
<div class="column">
<p><span>To:<br /> Mr. Steve Crocker, Chairman of the Board </span></p>
<p><span>Mr. Fadi Chehade, CEO and President </span></p>
<p><span>Mr. Chris LaHatte, Ombudsman, ICANN </span></p>
<p style="text-align: center; "><span><strong>Sub: Details regarding complaints submitted to the ICANN Ombudsman </strong></span></p>
<p><span>We are very pleased to note that ICANN’s transparency and accountability mechanisms include maintaining a free, fair and impartial ombudsman. It is our understanding that any person with a complaint against the ICANN Board, staff or organization, may do so to the designated ombudsman.[1]</span><span> </span><span>We also understand that there are cases that the ICANN ombudsman does not have the authority to address. </span></p>
<p><span>In order to properly assess and study the efficiency and effectiveness of the ombudsman system, we request you to provide us with the following information: </span></p>
<p><span>(i) A compilation of all the cases that have been decided by ICANN ombudsmen in the history of the organization. </span></p>
<p><span>(ii) The details of the parties that are involved in the cases that have been decided by the ombudsmen. </span></p>
<p><span>(iii)A description of the proceedings of the case, along with the party that won in each instance. </span></p>
<p><span>Further, we hope you could provide us with an answer as to why there have been no ombudsman reports since the year 2010, on the ICANN website.[2]</span><span> </span><span>Additionally, we would like to bring to your notice that the link that provides the ombudsman report for the year 2010 does not work.</span></p>
</div>
</div>
<div class="layoutArea">
<div class="column">
<p><span>In order to properly assess the mechanism that ICANN uses for grievance redressal, it would be necessary to examine the details of all the cases that ICANN ombudsmen have presided over in the past. In this regard, kindly provide us with the above information.</span></p>
</div>
</div>
</div>
<div class="page" title="Page 2">
<div class="layoutArea">
<div class="column">
<p><span>We do hope that you will be able to furnish this information to us within the stipulated time period of 30 days. Do not hesitate to contact us if you have any doubts regarding our queries. Thank you so much. </span></p>
<p><span>Yours sincerely,<br /> Lakshmi Venkataraman<br /> NALSAR University of Law, Hyderabad, </span><span>for </span><span>Centre for Internet & Society<br /> W: http://cis-india.org</span></p>
<p> </p>
<h2>ICANN Response</h2>
<p style="text-align: justify; ">In its response, ICANN declines our request on grounds of confidentiality. It refers to the ICANN Bylaws on the office of the Ombudsman to argue that all matters brought before the Ombudsman "shall be treated as confidential" and the Ombudsman shall "<span>take all reasonable steps necessary to preserve the privacy of, and to avoid harm to, those parties not involved in the complaint being investigated by the Ombudsman". ICANN states that the Ombudsman publishes Annual Reports, in which he/she provides a "consolidated analysis of the year's complaints and resolutions", including "</span><span>a description of any trends or common elements of complaints received". </span><span>In sum, ICANN states that m</span><span>aking Ombudsman Requests public would violate ICANN Bylaws, and topple the independence and integrity of the Ombudsman.</span></p>
<p style="text-align: justify; ">These are, perhaps, valid reasons to decline our DIDP request. But it is important to investigate ICANN's reasons. The <span>ICANN Board appoints the Ombudsman for 2 year terms, under </span><a href="https://www.icann.org/resources/pages/governance/bylaws-en#V">Article V of ICANN’s Bylaws</a><span>. As we note </span><a href="http://cis-india.org/internet-governance/blog/where-does-icann2019s-money-come-from-we-asked-they-don2019t-know">in an earlier post</a><span>, the Ombudsman’s principal function is to receive and dispose of <span style="text-align: justify; ">complaints about unfair treatment by the ICANN Board, Staff or constituency.</span></span><span> He/she reports to the ICANN Board alone. He/she also </span><span>reports on the categories of complaints he receives, and statistics regarding decisions in his </span><a href="https://www.icann.org/resources/pages/reports-96-2012-02-25-en">Annual Reports</a><span>; no details are forthcoming for stated reasons of confidentiality and privacy. </span><span>It is clear, therefore, that the Ombudsman receives and disposes of complaints under a procedure that is inadequately transparent. </span></p>
<p style="text-align: justify; "><span>ICANN argues, however, that for reasons of confidentiality and integrity of the Ombudsman office, ICANN is unable to disclose details regarding Ombudsman complaints, the complainants/respondents and a description of the proceedings (including the decision/resolution). Indeed, ICANN states its</span><span> "Bylaws and <a href="https://www.icann.org/en/system/files/files/ombudsman-framework-26mar09-en.pdf">the Ombudsman Framework</a> obligates the Ombudsman to treat all matters brought before him as confidential and 'to take reasonable steps necessary to preserve the privacy of, and to avoid harm to, those parties not involved in the complaint being investigated by the Ombudsman'.” For this reason, ICANN considers that "D</span><span>isclosing details about the parties involved and the nature of the cases that have been decided by the Ombudsmen would not only compromise the confidentiality of the Ombudsman process but would also violate the ICANN Bylaws and the Ombudsman Framework." </span></p>
<p style="text-align: justify; "><span>While the privacy of parties both involved and "not involved in the complaint" can be preserved (by redacting names, email addresses and other personal identification), h</span><span>ow valid is ICANN's dogged insistence on confidentiality and non-disclosure? Let's look at Article V of ICANN's Bylaws and the Ombudsman Framework both.</span></p>
<h3 style="text-align: justify; ">Do ICANN Bylaws bind the Ombudsman to Confidentiality?</h3>
<p style="text-align: justify; ">Under Article V, Section 1(2) of ICANN's Bylaws, the Ombudsman is appointed by the ICANN Board for a 2 year term (renewable). As noted earlier, the Ombudsman's principal function is to<span> </span><span>“provide an independent internal evaluation of complaints by members of the ICANN community who believe that the ICANN staff, Board or an ICANN constituent body has treated them unfairly” or inappropriately (Art. V, Section 2). The Ombudsman is not a judge; his conflict resolution tools are "</span><span>negotiation, facilitation, and 'shuttle diplomacy'. </span></p>
<p style="text-align: justify; "><span>According to Art. V, Section 3(3), the Ombudsman has access to "all necessary information and records from staff and constituent bodies" to evaluate complaints in an informed manner. While the Ombudsman can <i>access</i> these records, he may not "publish if otherwise confidential". When are these records confidential, then? Section 3(3) supplies the answer. The confidentiality obligations are as "imposed by the complainant or <span style="text-align: justify; ">any generally applicable confidentiality policies adopted by ICANN". For instance, the complainant can waive its confidentiality by publishing the text of its complaint <span style="text-align: justify; ">and the Ombudsman's response to the same </span>(such as the <a href="http://www.internetcommerce.org/ica-tells-icann-ombudsman-office-its-irt-report-tardy-nonresponsive-and-non-persuasive/">Internet Commerce Association's complaint</a> regarding the Implementation Review Team under the new gTLD program), or a complaint may be publicly <a href="http://lists.ncuc.org/pipermail/ncuc-discuss/2012-November/010974.html">available on a listserv</a>. In any event, there is no blanket confidentiality obligation placed on the Ombudsman under ICANN's Bylaws.</span></span></p>
<p style="text-align: justify; "><span><span style="text-align: justify; "><span style="text-align: justify; ">Moreover, the Ombudsman also publishes Annual Reports,</span><span style="text-align: justify; "> in which he/she provides a "consolidated analysis of the year's complaints and resolutions", including "</span><span style="text-align: justify; ">a description of any trends or common elements of complaints received". That is, the Ombudsman's Annual Report showcases a graph comparing the increase in the number of complaints, categories of complaints (i.e., whether the complaints fall within or outside of the Ombudsman's jurisdiction), and a brief description of the Ombudsman's scope of resolution and response. The Annual Reports indicate that the mandate of the Ombudsman's office is extremely narrow. In 2014, for instance, 75 out of 467 complaints were <a href="https://www.icann.org/en/system/files/files/annual-report-2014-27jan15-en.pdf">within Mr. LaHatte's jurisdiction</a> (page 5), but he notes that his ability to intervene is limited to "failures in procedure". <a href="https://www.icann.org/en/system/files/files/final-recommendations-31dec13-en.pdf">As an input to the ATRT2 Report noted</a>, the Office of the Ombudsman “appears so restrained and contained” (page 53). As the ATRT2 noted, "</span></span></span><span>ICANN needs to reconsider the Ombudsman’s charter and the Office’s role as a symbol of good governance to be further incorporated in transparency processes"; the Office's transparency leaves much to be desired.</span></p>
<p style="text-align: justify; "><span><span style="text-align: justify; "><span style="text-align: justify; ">But I digress.</span></span></span></p>
<p style="text-align: justify; "><span><span style="text-align: justify; ">The Ombudsman is authorised to make reports on any complaint and its resolution (or lack thereof) to the ICANN Board, and unless the Ombudsman says so <i>in his sole discretion</i>, his reports are to be posted on the website (Art. V, Section 4(4)). <span style="text-align: justify; ">The Ombudsman can also report on individual requests, such as </span><a href="https://omblog.icann.org/index.html%3Fp=1015.html" style="text-align: justify; ">Mr. LaHatte's response to a complaint regarding a DIDP denial</a><span style="text-align: justify; "> (cached). </span>Some reports are actually available on the Ombudsman page; the last published report dates back to 2012, though in 2013 and 2014, the Ombudsman dealt with more complaints within his jurisdiction than in 2012 or prior. </span></span><span>So ICANN's argument that disclosing the information we ask for in our DIDP Request would violate ICANN Bylaws and the confidentiality of the Ombudsman is misleading. </span></p>
<h3 style="text-align: justify; ">Does the Ombudsman Framework Prohibit Public Reporting?</h3>
<p style="text-align: justify; ">So if ICANN Bylaws do not <i>ipso facto</i> bind the Ombudsman's complaint and conflict resolution process to confidentiality, does the Ombudsman Framework do so?</p>
<p style="text-align: justify; ">The Ombudsman does indeed have confidentiality obligations under <a href="https://www.icann.org/en/system/files/files/ombudsman-framework-26mar09-en.pdf" style="text-align: justify; ">the Ombudsman Framework</a> (page 4). All matters brought before the Ombudsman shall be treated as confidential, and the identities of parties not involved in the complaint are required to be protected. The Ombudsman may reveal the identity of the complainant to the ICANN Board or Staff only to further the resolution of a complaint (which seems fairly obvious); this obligation is extended to ICANN Board and Staff as well.</p>
<p style="text-align: justify; ">As the Framework makes crystal clear, the <i>identity of complainants</i> are to be kept confidential. Nothing whatsoever binds the Ombudsman from revealing the stakeholder group or affiliation of the complainants - and these are possibly of more importance. What stakeholders most often receive unfair or inappropriate treatment from ICANN Board, Staff or constituent bodies? Does business suffer more, or do non-commercial users, or indeed, governments? It is good to know <a href="https://www.icann.org/en/system/files/files/annual-report-2014-27jan15-en.pdf">what countries the complaints come from (page 4-5)</a>, but given ICANN's insistence on its multi-stakeholder model as a gold standard, it is important to know what stakeholders suffer the most in the ICANN system.</p>
<p style="text-align: justify; ">In fact, in the first page, the Ombudsman Framework says this: "<span><strong>The Ombudsman may post complaints and resolutions to a dedicated portion of the ICANN website</strong> (http://www.icann.org/ombudsman/): (i) <strong>in order to promote an understanding of the issues in the ICANN community</strong>; (ii) to raise awareness of administrative fairness; and (iii) <strong>to allow the community to see the results of similar previous cases</strong>. These postings will be done in a <strong>generic manner</strong> to protect the confidentiality and privilege of communicating with the Office of Ombudsman." But the ICANN website does not, in fact, host records of any Ombudsman complaints or resolutions; it links you only to the Annual Reports and Publications. </span></p>
<p style="text-align: justify; "><span>As I've written before, the Annual Reports provide no details regarding the nature of each complaint, their origins or resolution, and are useful if the only information we need is bare statistics of the <i>number of complaints received</i>. That is useful, but it's not enough. Given that the Ombudsman Framework <i>does</i> allow complaint/resolution reporting, it is baffling that ICANN's response to our DIDP request chooses to emphasise only the confidentiality obligations, while conveniently leaving out the parts enabling and encouring reporting. </span></p>
<h3 style="text-align: justify; ">Should ICANN Report the Ombudsman Complaints?</h3>
<p style="text-align: justify; ">Of course it should. The Ombudsman is aimed at filling an integral gap in the ICANN system - he/she listens to complaints about treatment by the ICANN Board, Staff or constituent bodies. As the discussions surrounding the appeal procedures in the CWG-Names show, and as the ATRT2 recommendations on Reconsideration and Independent Review show, conflict resolution mechanisms are crucial in any environment, not least a multi-stakeholder one. And in an organisation that leaves much desired by way of accountability and transparency, not reporting on complaints against the Board, staff or constituencies seems a tad irresponsible.</p>
<p style="text-align: justify; ">If there are privacy concerns regarding the identities of complainants, their personal identifying information can be redacted. Actually, <a href="https://omb.icann.org/portal/complaint.php">in the complaint form</a>, adding a waiver-of-confidentiality tick-box would solve the problem, allowing the complainant to choose whether to keep his/her complaint unreportable. But the details of the respondents ought to be reported; as the entity responsible and accountable, ICANN should disclose whom complaints have been made against.</p>
<p style="text-align: justify; ">ICANN's response to our DIDP request may be <a href="https://www.icann.org/en/system/files/files/cis-ombudsman-response-27jan15-en.pdf"><b>found here</b></a>. A short summary of our request and ICANN's response may be found <a href="http://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file"><strong>in this table (Request S. no. 5)</strong></a>.</p>
<p style="text-align: justify; "> </p>
<hr size="1" style="text-align: justify; " width="33%" />
<p style="text-align: justify; "><span>[1] </span><span><i>See</i> </span><span>What the Ombudsman can do for you</span><span>, </span><span>https://www.icann.org/resources/pages/contact- 2012-02-25-en</span><span>.</span></p>
<p style="text-align: justify; "><span>[2] <i>See</i> Annual Reports & Publications, https://www.icann.org/resources/pages/reports-96-2012- 02-25-en.</span></p>
</div>
</div>
</div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/didp-request-5-the-ombudsman-and-icanns-misleading-response-to-our-request-1'>https://cis-india.org/internet-governance/blog/didp-request-5-the-ombudsman-and-icanns-misleading-response-to-our-request-1</a>
</p>
No publishergeethaICANNDIDPTransparencyAccountability2015-03-06T11:11:31ZBlog EntryDIDP Request #4: ICANN and the NETmundial Principles
https://cis-india.org/internet-governance/blog/didp-request-4-icann-and-the-netmundial-principles
<b>CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of ICANN's implementation of the NETmundial Principles that it has endorsed widely and publicly. CIS' request and ICANN's response are detailed below.</b>
<p style="text-align: justify; "> </p>
<h3 style="text-align: justify; ">CIS Request</h3>
<p style="text-align: justify; "><span>27 December 2014</span></p>
<p style="text-align: justify; ">To:</p>
<p style="text-align: justify; ">Mr. Fadi Chehade, CEO and President</p>
<p style="text-align: justify; ">Mr. Steve Crocker, Chairman of the Board</p>
<p style="text-align: justify; ">Mr. Cherine Chalaby, Chair, Finance Committee of the Board</p>
<p style="text-align: justify; ">Mr. Xavier Calvez, Chief Financial Officer</p>
<p style="text-align: center; "><strong>Sub: Details of implementation by and within ICANN of the NETmundial Outcome Document (April ‘14)</strong></p>
<p style="text-align: justify; "><span> </span></p>
<p style="text-align: justify; ">We express our appreciation at ICANN’s prompt acknowledgement of our previous DIDP request, and await the information. We would, in the meanwhile, request information regarding ICANN’s internal measures to implement the NETmundial Outcome Document.<a href="#_ftn1">[1]</a><span> </span></p>
<p style="text-align: justify; ">In a post titled <i>Turning Talk Into Action After NETmundial,</i><a href="#_ftn2">[2]</a> Mr. Chehade emphasized the imperative to carry forward the NETmundial principles to fruition. In nearly every public statement, Mr. Chehade and other ICANN representatives have spoken in praise and support of NETmundial and its Outcome Document.</p>
<p style="text-align: justify; ">But in the absence of binding value to them, self-regulation and organizational initiatives pave the way to adopt them. There must be concrete action to implement the Principles. In this regard, we request information about mechanisms or any other changes afoot within ICANN, implemented internally in recognition of the NETmundial Principles.</p>
<p style="text-align: justify; ">At the IGF in Istanbul, when CIS’ Sunil Abraham raised this query,<a href="#_ftn3">[3]</a> Mr. Chehade responded that mechanisms ought to and will be undertaken jointly and in collaboration with other organisations. However, institutional improvements are intra-organisational as well, and require changes <i>within </i>ICANN. An example would be the suggestions to strengthen the IGF, increase its term, and provide financial support (some of which are being achieved, though ICANN’s financial contribution to IGFSA is incongruous in comparison to its financial involvement in the NETmundial Initiative).<span> </span></p>
<p style="text-align: justify; ">From ICANN, we have seen consistent championing of the controversial NETmundial Initiative,<a href="#_ftn4">[4]</a> and contribution to the IGF Support Association.<a href="#_ftn5">[5]</a> There are also mechanisms instituted for IANA Stewardship Transition and Enhancing ICANN Accountability,<a href="#_ftn6">[6]</a> as responses to the NTIA’s announcement to not renew the IANA functions contract and related concerns of accountability.</p>
<p style="text-align: justify; ">In addition to the above, we would like to know what ICANN has done to implement the NETmundial Principles, internally and proactively.</p>
<p style="text-align: justify; ">We hope that our request will be processed within the stipulated time period of 30 days. Do let us know if you require any clarifications on our queries.</p>
<p style="text-align: justify; ">Thank you very much.</p>
<p style="text-align: justify; ">Warm regards,</p>
<p style="text-align: justify; ">Geetha Hariharan</p>
<p style="text-align: justify; ">Centre for Internet & Society</p>
<p style="text-align: justify; ">W: <a href="http://cis-india.org">http://cis-india.org</a></p>
<p style="text-align: justify; "> </p>
<h3 style="text-align: justify; ">ICANN Response</h3>
<p style="text-align: justify; ">ICANN's response to the above request disappointingly linked to the very same blogpost we note in our request, <i>Turning Talk Into Action After NETmundial</i>. Following this, ICANN points us to their involvement in the NETmundial Initiative. On the question of internal implementation, ICANN's response is defensive, to say the least. "ICANN is not the home for the implementation of the NETmundial Principles", they say. In any event, ICANN defends that it already implements the NETmundial Principles in its functioning, a response that comes as a surprise to us. "<span>Many of the NETmundial Principles are high-level statements that permeate through the </span><span>work of any entity – particularly a multistakeholder entity like ICANN – that is interested </span><span>in the upholding of the inclusive, multistakeholder process within the Internet governance </span><span>framework", notes ICANN's response. Needless to say, ICANN's response falls short of responding to our queries. </span></p>
<p style="text-align: justify; "><span>Finally, ICANN notes that our request is beyond the scope of the DIDP, as it does not relate to ICANN's operational activities. Notwithstanding that our query does in fact seek ICANN's operationalisation of the NETmundial Principles, we are now confused as to where to go to seek this information from ICANN. If the DIDP is not the effective transparency tool it is aimed to be, who in ICANN can provide answers to these questions?</span></p>
<p style="text-align: justify; "><span>ICANN's response may be <a href="https://www.icann.org/en/system/files/files/cis-netmundial-response-27jan15-en.pdf"><strong>found here</strong></a>. A short summary of our request and ICANN's response may be found <a href="https://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file"><strong>in this table (Request S. no. 4)</strong></a>.</span></p>
<hr size="1" style="text-align: justify; " width="33%" />
<p style="text-align: justify; "><a href="#_ftnref1">[1]</a> See <i>NETmundial Multi-stakeholder Statement</i>, <a href="http://netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf">http://netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf</a>. <i> </i></p>
<p style="text-align: justify; "><a href="#_ftnref2">[2]</a> See Chehade, <i>Turning Talk Into Action After NETmundial</i>, <a href="http://blog.icann.org/2014/05/turning-talk-into-action-after-netmundial/">http://blog.icann.org/2014/05/turning-talk-into-action-after-netmundial/</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref3">[3]</a> See <i>ICANN Open Forum</i>, 9<sup>th</sup> IGF 2014 (Istanbul, Turkey), <a href="https://www.youtube.com/watch?v=Cio31nsqK_A">https://www.youtube.com/watch?v=Cio31nsqK_A</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref4">[4]</a> See McCarthy, <i>I’m Begging You To Join</i>, The Register (12 December 2014), <a href="http://www.theregister.co.uk/2014/12/12/im_begging_you_to_join_netmundial_initiative_gets_desperate/">http://www.theregister.co.uk/2014/12/12/im_begging_you_to_join_netmundial_initiative_gets_desperate/</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref5">[5]</a> See <i>ICANN Donates $50k to Internet Governance Forum Support Association</i>, <a href="https://www.icann.org/resources/press-material/release-2014-12-18-en">https://www.icann.org/resources/press-material/release-2014-12-18-en</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref6">[6]</a> See <i>NTIA IANA Functions’ Stewardship Transition & Enhancing ICANN Accountability Processes</i>, <a href="https://www.icann.org/stewardship-accountability">https://www.icann.org/stewardship-accountability</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/didp-request-4-icann-and-the-netmundial-principles'>https://cis-india.org/internet-governance/blog/didp-request-4-icann-and-the-netmundial-principles</a>
</p>
No publishergeethaICANNDIDPTransparencyAccountability2015-03-05T08:28:44ZBlog EntryDIDP Request #3: Cyber-attacks on ICANN
https://cis-india.org/internet-governance/blog/didp-request-3-cyber-attacks-on-icann
<b>CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of cyber-attacks on ICANN, and ICANN's internal and external responses to the same. CIS' request and ICANN's response are detailed below.</b>
<p style="text-align: justify; "> </p>
<h2 style="text-align: justify; ">CIS Request</h2>
<p style="text-align: justify; "><span>24 December 2014</span></p>
<p style="text-align: justify; ">To:</p>
<p style="text-align: justify; ">Mr. Steve Crocker, Chairman of the Board</p>
<p style="text-align: justify; ">Mr. Fadi Chehade, CEO and President</p>
<p style="text-align: justify; ">Mr. Geoff Bickers, Team Lead, ICANN Computer Incident Response Team (CIRT) & Director of Security Operations</p>
<p style="text-align: justify; ">Mr. John Crain, Chief Security, Stability and Resiliency Officer</p>
<p style="text-align: justify; ">Members of the ICANN-CIRT & ICANN Security Team</p>
<p style="text-align: center; "><strong>Sub: Details of cyber-attacks on ICANN</strong></p>
<p style="text-align: justify; "><span> </span></p>
<p style="text-align: justify; ">We understand that ICANN recently suffered a spear-phishing attack that compromised contact details of several ICANN staff, including their email addresses; these credentials were used to gain access to ICANN’s Centralized Zone Data System (CZDS).<a href="#_ftn1">[1]</a> We are glad to note that ICANN’s critical functions and IANA-related systems were not affected.<a href="#_ftn2">[2]</a></p>
<p style="text-align: justify; ">The incident has, however, raised concerns of the security of ICANN’s systems. In order to understand when, in the past, ICANN has suffered similar security breaches, we request details of all cyber-attacks suffered or thought/suspected to have been suffered by ICANN (and for which, therefore, investigation was carried out within and outside ICANN), from 1999 till date. This includes, naturally, the recent spear-phishing attack.</p>
<p style="text-align: justify; ">We request information regarding, <i>inter alia</i>,</p>
<p style="text-align: justify; ">(1) the date and nature of all attacks, as well as which ICANN systems were compromised,</p>
<p style="text-align: justify; ">(2) actions taken internally by ICANN upon being notified of the attacks,</p>
<p style="text-align: justify; ">(3) what departments or members of staff are responsible for security and their role in the event of cyber-attacks,</p>
<p style="text-align: justify; ">(4) the role and responsibility of the ICANN-CIRT in responding to cyber-attacks (and when policies or manuals exist for the same; if so, please share them),</p>
<p style="text-align: justify; ">(5) what entities external to ICANN are involved in the identification and investigation of cyber-attacks on ICANN (for instance, are the police in the jurisdiction notified and do they investigate? If so, we request copies of complaints or information reports),</p>
<p style="text-align: justify; ">(6) whether and when culprits behind the ICANN cyber-attacks were identified, and</p>
<p style="text-align: justify; ">(7) what actions were subsequently taken by ICANN (ex: liability of ICANN staff for security breaches should such a finding be made, lawsuits or complaints against perpetrators of attacks, etc.).</p>
<p style="text-align: justify; ">Finally, we also request information on the role of the ICANN Board and/or community in the event of such cyber-attacks on ICANN. Also, when was the ICANN-CIRT set up and how many incidents has it handled since its existence? Do there exist contingency procedures in the event of compromise of IANA systems (and if so, what)?</p>
<p style="text-align: justify; ">We hope that our request will be processed within the stipulated time period of 30 days. Do let us know if you require any clarifications on our queries.</p>
<p style="text-align: justify; ">Thank you very much.</p>
<p style="text-align: justify; ">Warm regards,</p>
<p style="text-align: justify; ">Geetha Hariharan</p>
<p style="text-align: justify; ">Centre for Internet & Society</p>
<p style="text-align: justify; ">W: <a href="http://cis-india.org">http://cis-india.org</a></p>
<p style="text-align: justify; "> </p>
<h2 style="text-align: justify; ">ICANN Response</h2>
<p style="text-align: justify; ">ICANN responded to our request by noting that it is vague and broad in both time and scope. In response, ICANN has provided information regarding certain cyber-incidents already in the public domain, while noting that the term "cyber-attack" is both wide and vague. While the information provided is undoubtedly useful, it is anecdotal at best, and does not provide a complete picture of ICANN's history of vulnerability to cyber-attacks or cyber-incidents, or the manner of its internal response to such incidents, or of the involvement of external law enforcement agencies or CIRTs in combating cyber-incidents on ICANN.</p>
<p style="text-align: justify; ">ICANN's response may be <a href="https://www.icann.org/en/system/files/files/cis-response-23jan15-en.pdf"><b>found here</b></a>. A short summary our request and ICANN's response may be found <a href="https://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file"><b>in this table (Request S. no. 3)</b></a>.</p>
<hr size="1" style="text-align: justify; " width="33%" />
<p style="text-align: justify; "><a href="#_ftnref1">[1]</a> See<i> ICANN targeted in spear-phishing attack</i>, <a href="https://www.icann.org/news/announcement-2-2014-12-16-en">https://www.icann.org/news/announcement-2-2014-12-16-en</a>. <i> </i></p>
<p style="text-align: justify; "><a href="#_ftnref2">[2]</a> See <i>IANA Systems not compromised</i>, <a href="https://www.icann.org/news/announcement-2014-12-19-en">https://www.icann.org/news/announcement-2014-12-19-en</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/didp-request-3-cyber-attacks-on-icann'>https://cis-india.org/internet-governance/blog/didp-request-3-cyber-attacks-on-icann</a>
</p>
No publishergeethaICANNDIDPTransparencyAccountability2015-03-05T08:16:26ZBlog EntryDIDP Request #2: Granular Revenue/Income Statements from ICANN
https://cis-india.org/internet-governance/blog/didp-request-2
<b>CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking current and historical details of ICANN's income/revenue from its various sources. CIS' request and ICANN's response are detailed below.</b>
<p style="text-align: justify; "> </p>
<h2 style="text-align: justify; ">CIS Request</h2>
<p style="text-align: justify; "><span style="text-decoration: underline;">22 December 2014</span><span> </span></p>
<p style="text-align: justify; ">To:</p>
<p style="text-align: justify; ">Mr. Cherine Chalaby, Chair, Finance Committee of the Board</p>
<p style="text-align: justify; ">Mr. Xavier Calvez, Chief Financial Officer</p>
<p style="text-align: justify; ">Mr. Samiran Gupta, ICANN India</p>
<p style="text-align: justify; ">All other members of Staff involved in accounting and financial tasks<span> </span></p>
<p style="text-align: center; "><strong>Sub: Request for granular income/revenue statements of ICANN from 1999-2014</strong><span> </span></p>
<p style="text-align: justify; ">Earlier this month, on 3 December 2014, Mr. Samiran Gupta presented CIS with detailed and granular information regarding ICANN’s domain names income and revenues for the fiscal year ended June 30, 2014. This was in response to several requests made over a few months. The information we received is available on our website.<a href="#_ftn1">[1]</a><span> </span></p>
<p style="text-align: justify; ">The information mentioned above was, <i>inter alia</i>, extremely helpful in triangulating ICANN’s reported revenues, despite and in addition to certain inconsistencies between the Annual Report (FY14) and the information provided to us.</p>
<p style="text-align: justify; ">We recognize that ICANN makes public its current and historical financial information to a certain extent. Specifically, its Operating Plan and Budget, Audited Financial Statements, Annual Reports, Federal and State Tax Filings, Board Compensation Report and ccTLD Contributions Report are available on the website.<a href="#_ftn2">[2]</a><span> </span></p>
<p style="text-align: justify; ">However, a detailed report of ICANN’s income or revenue statement, listing all vendors and customers, is not available on ICANN’s website. Our research on accountability and transparency mechanisms in Internet governance, specifically of ICANN, requires information in such granularity. <strong>We request, therefore, historical data re: income and revenue from domain names (1999-2014), in a manner as detailed and granular as the information referenced in FN[1]</strong>. We would appreciate if such a report lists all legal entities and individuals who contribute to ICANN’s domain names income/ revenue.</p>
<p style="text-align: justify; ">We look forward to the receipt of this information within the stipulated period of 30 days. Please feel free to contact us in the event of any doubts regarding our queries.<span> </span></p>
<p style="text-align: justify; ">Thank you very much.</p>
<p style="text-align: justify; ">Warm regards,</p>
<p style="text-align: justify; ">Geetha Hariharan</p>
<p style="text-align: justify; ">Centre for Internet & Society</p>
<p style="text-align: justify; ">W: <a href="http://cis-india.org">http://cis-india.org</a></p>
<p style="text-align: justify; "> </p>
<h2 style="text-align: justify; ">ICANN Response</h2>
<p style="text-align: justify; ">ICANN's response to CIS's request can be <a href="https://www.icann.org/en/system/files/files/cis-response-21jan15-en.pdf"><strong>found here</strong></a>. A short summary of our request and ICANN's response may be found <a href="https://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file"><strong>in this table (Request S. no. 2)</strong></a>.</p>
<p style="text-align: justify; "> </p>
<hr size="1" style="text-align: justify; " width="33%" />
<p style="text-align: justify; "><a href="#_ftnref1">[1]</a> See <i>ICANN reveals hitherto undisclosed details of domain names revenues</i>, <a href="http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014">http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref2">[2]</a> See <i>Historical Financial Information for ICANN</i>, <a href="https://www.icann.org/resources/pages/historical-2012-02-25-en">https://www.icann.org/resources/pages/historical-2012-02-25-en</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/didp-request-2'>https://cis-india.org/internet-governance/blog/didp-request-2</a>
</p>
No publishergeethaICANNDIDPTransparencyAccountability2015-03-05T08:07:02ZBlog EntryDIDP Request #1: ICANN's Expenditures on "Travel & Meetings"
https://cis-india.org/internet-governance/blog/didp-request-1-icanns-expenditures-on-travel-meetings
<b>CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of expenditure by ICANN at its Meetings. CIS' request and ICANN's response are detailed below. </b>
<h2 style="text-align: justify; "></h2>
<h2 style="text-align: justify; "></h2>
<h2 style="text-align: justify; ">CIS' Request</h2>
<p style="text-align: justify; "><span>18 December 2014</span></p>
<p style="text-align: justify; ">To:</p>
<p style="text-align: justify; ">Mr. Cherine Chalaby, Chair, Finance Committee of the Board</p>
<p style="text-align: justify; ">Mr. Xavier Calvez, Chief Financial Officer</p>
<p style="text-align: justify; ">Mr. Samiran Gupta, ICANN India</p>
<p style="text-align: justify; ">All other members of Staff involved in accounting and financial tasks</p>
<p style="text-align: center; "><strong>Sub: Request for itemized details of expenditure by ICANN at its Meetings</strong></p>
<p style="text-align: justify; ">We would like to thank Mr. Calvez and Mr. Gupta for providing information regarding ICANN’s domain name revenues for the fiscal year ending June 30, 2014.<a href="#_ftn1">[1]</a> We would like to request further information through the DIDP.</p>
<p style="text-align: justify; ">In the Audited Financial Statements for the fiscal year ended June 30, 2014, the “statements of activities” provides Total Expenses (for ICANN and New gTLD) as USD 124,400,000.<a href="#_ftn2">[2]</a> For the fiscal year ended June 30, 2013, the Total Expenses (ICANN and New gTLD) noted is USD 150,362,000.</p>
<p style="text-align: justify; ">According to the statement, this covers expenses for Personnel, Travel and meetings, Professional services and Administration. Quarterly Reports note that the head “Travel and meetings” includes community support requests.<a href="#_ftn3">[3]</a> In addition to these heads, Quarterly Reports include “Bad debt expenses” and “Depreciation expenses”. The manner of accounting for these is explained in <span>Note 2</span> to the Notes to Financial Statements.<a href="#_ftn4">[4]</a> Note 2 explains that the expenses statement is prepared by “functional allocation of expenses” to identifiable programs or support services, or otherwise by methods determined by the management.</p>
<p style="text-align: justify; ">For the purposes of our research into normative and practised transparency and accountability in Internet governance, we request, to begin with, <i>current and historical</i> information regarding itemized, detailed expenses under the head “Travel and meetings”. We request this information from 1999 till 2014. We request that such information be categorized and sub-categorised as follows:</p>
<p style="text-align: justify; ">Total and Individual Expenses for each meeting (categorised by meeting and year):</p>
<p style="text-align: justify; "><span>1. Total and individual expenses for ICANN staff (differentiated by department and name of each individual attending the event, including dates/duration of attendance);</span></p>
<p style="text-align: justify; ">- Also broken down into each individual expense (flights, accommodation, per diem or separate local transport, food and other expenses).</p>
<p style="text-align: justify; ">- Each ICANN staff member who attended the event to be named.</p>
<p style="text-align: justify; ">2. <span>Total and individual expenses for members of ICANN Board (listed by each Board member and dates/duration of attendance);</span></p>
<p style="text-align: justify; ">- Broken down into each individual expense (flights, accommodation, per diem or separate local transport, food and other expenses).</p>
<p style="text-align: justify; ">- Each Board member to be named.</p>
<p style="text-align: justify; "><span>3. Total and individual expenses for members of ICANN constituencies (ALAC, ATRT, ccNSO, GAC, GNSO, etc.)</span></p>
<p style="text-align: justify; ">- Broken down into each individual expense (flights, accommodation, per diem or separate local transport, food and other expenses).</p>
<p style="text-align: justify; ">- Each attendee for whom ICANN covered expenses to be named.</p>
<p style="text-align: justify; "><span>4. Total and individual expenses for ICANN fellows</span></p>
<p style="text-align: justify; ">- Broken down into each individual expense (flights, accommodation, per diem or separate local transport, food and other expenses).</p>
<p style="text-align: justify; ">- Each attendee for whom ICANN covered expenses to be named, including their region and stakeholder affiliation.</p>
<p style="text-align: justify; ">5. <span>Total and individual expenses incurred for any other ICANN affiliate or liaison (ISOC, IETF, IAB, etc.)</span></p>
<p style="text-align: justify; ">- Broken down into each individual expense (flights, accommodation, per diem or separate local transport, food and other expenses).</p>
<p style="text-align: justify; ">- Each attendee for whom ICANN covered expenses to be named, including their affiliation.</p>
<p style="text-align: justify; ">6. <span>Total and individual expenses incurred for any other person, whether or not directly affiliated with ICANN</span></p>
<p style="text-align: justify; ">- Broken down into each individual expense (flights, accommodation, per diem or separate local transport, food and other expenses).</p>
<p style="text-align: justify; ">- Each attendee for whom ICANN covered expenses to be named, including their affiliation.</p>
<p style="text-align: justify; "><span>Please note that we request the above-detailed information for ICANN meetings, and also other meetings for which ICANN may provide financial support (for instance, CWG-Stewardship or CWG-Accountability). We request, as a preliminary matter, a list of </span><i>all meetings</i><span> to which ICANN provides and has, in the past, provided financial support (1999-2014).</span></p>
<p style="text-align: justify; ">We note that some information of this nature is available in the Travel Support Reports.<a href="#_ftn5">[5]</a> However, the Travel Support Reports are available only from 2008 (Cairo meeting), and are not available for ICANN48 to ICANN51. Further, the Travel Support Reports do not exhibit the level of granularity necessary for research and scrutiny. As explained above, we request granular information for all meetings.</p>
<p style="text-align: justify; ">In our view, providing such information will not violate any individual or corporate rights of ICANN, its Staff, Board, Affiliates/Liaisons or any other individual. Public corporations and even private organisations performing public functions may be subjected to or accept an increased level of transparency and accountability. We believe this is of especial importance to ICANN, as it is involved in a process to enhance its accountability, intrinsically related to IANA Stewardship Transition. We expressed similar views in our initial comment to “Enhancing ICANN Accountability”.<a href="#_ftn6">[6]</a> Increased transparency from ICANN may also address accountability concerns present across stakeholder-groups both within and outside ICANN.</p>
<p style="text-align: justify; ">We await your favorable response and the requested information within the prescribed time limit. Please do not hesitate to contact us should you require any clarifications.</p>
<p style="text-align: justify; ">Thank you very much.</p>
<p style="text-align: justify; "><span>Warm regards,</span></p>
<p style="text-align: justify; ">Geetha Hariharan</p>
<p style="text-align: justify; ">Centre for Internet & Society</p>
<p style="text-align: justify; ">W: <a href="http://cis-india.org">http://cis-india.org</a></p>
<p> </p>
<h2>ICANN's Response</h2>
<p>ICANN responded to the above request for information within the stipulated time of 30 days. <strong><a href="https://www.icann.org/en/system/files/files/cis-response-17jan15-en.pdf">ICANN’s response is here</a></strong>. A short summary of CIS's request and ICANN's response can be found <a href="https://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file"><strong>in this table (Request S. no. 1)</strong></a>.</p>
<p> </p>
<hr align="left" size="1" width="33%" />
<p><a href="#_ftnref1">[1]</a> See <i>ICANN reveals hitherto undisclosed details of domain names revenues</i>, <a href="http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014">http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014</a>.</p>
<p><a href="#_ftnref2">[2]</a> See <i>ICANN Financial Statements As of and For the years ended June 30, 2014 and 2013</i>, pages 7, 19-20, <a href="https://www.icann.org/en/system/files/files/financial-report-fye-30jun14-en.pdf">https://www.icann.org/en/system/files/files/financial-report-fye-30jun14-en.pdf</a>.</p>
<p><a href="#_ftnref3">[3]</a> For instance, see <i>ICANN FY14 Financial Package: For the nine months ending March 2014</i>, pages 2-5, <a href="https://www.icann.org/en/system/files/files/package-fy14-31mar14-en.pdf">https://www.icann.org/en/system/files/files/package-fy14-31mar14-en.pdf</a>.</p>
<p><a href="#_ftnref4">[4]</a> <i>Supra</i> note 1, page 14.</p>
<p><a href="#_ftnref5">[5]</a> See Community Travel Support, <a href="https://www.icann.org/resources/pages/travel-support-2012-02-25-en#reports">https://www.icann.org/resources/pages/travel-support-2012-02-25-en#reports</a>.</p>
<p><a href="#_ftnref6">[6]</a> See CIS Comments on Enhancing ICANN Accountability, <a href="http://cis-india.org/internet-governance/blog/cis-comments-enhancing-icann-accountability">http://cis-india.org/internet-governance/blog/cis-comments-enhancing-icann-accountability</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/didp-request-1-icanns-expenditures-on-travel-meetings'>https://cis-india.org/internet-governance/blog/didp-request-1-icanns-expenditures-on-travel-meetings</a>
</p>
No publishergeethaICANNDIDPTransparencyAccountability2015-03-05T08:00:36ZBlog EntryWhere Does ICANN’s Money Come From? We Asked; They Don’t Know
https://cis-india.org/internet-governance/blog/where-does-icann2019s-money-come-from-we-asked-they-don2019t-know
<b>Just how transparent is ICANN? How responsive are they to requests for information? At CIS, we sent ICANN ten questions seeking information about, inter alia, their revenues, commitment to the NETmundial Principles, Globalisation Advisory Groups and organisational structure. Geetha Hariharan wonders at ICANN's reluctance to respond. </b>
<p> </p>
<h3>Why Is ICANN Here?</h3>
<p style="text-align: justify; ">The Internet Corporation for Assigned Names and Numbers (<a href="https://cis-india.org/internet-governance/blog/icann.org">ICANN</a>) is responsible for critical backbones of the Internet. It manages the root server system, the global allocation of IP addresses, protocol registries and the domain name system (management of gTLDs, ccTLDs, as well as the newly rolled-out “new gTLDs”).</p>
<p style="text-align: justify; ">ICANN was incorporated in California in 1998, and was intended as the technical coordination body for the backbone of the Internet. That is, it was to administer the Internet’s domain names and IP addresses, and also manage the Internet root servers.</p>
<p style="text-align: justify; ">As a result of <a href="http://www.ntia.doc.gov/page/iana-functions-purchase-order">an agreement</a> with the National Telecommunications and Information Administration (NTIA) in the US Department of Commerce, ICANN is the IANA functions operator. It carries out the <a href="https://www.icann.org/en/system/files/files/iana-factsheet-24mar14-en.pdf">IANA functions</a>, which include making changes to the <a href="http://en.wikipedia.org/wiki/DNS_root_zone">root zone file</a> (the backbone of the domain name system), allocation of IP address blocks to the five Regional Internet Registries (RIRs), and maintaining protocol parameter registries in collaboration with the Internet Engineering Task Force (IETF). The RIRs are responsible for allocating IP addresses (IPv4 and IPv6) to national and local Internet registries. The IETF develops Internet standards and protocols, such as those within <a href="http://en.wikipedia.org/wiki/Internet_protocol_suite">the TCP/IP suite</a>. To be clear, ICANN does not make policy for the IP address or Internet standards/protocols; those are the domains of RIRs and the IETF, respectively.</p>
<h3 style="text-align: justify; ">ICANN, Domain Names and All That Buried Treasure</h3>
<p style="text-align: justify; ">ICANN is the <i>de facto</i> policy-making body for domain names. Through ICANN’s community Supporting Organisations and Advisory Committees (SOACs) – largely a multi-stakeholder community – ICANN determines policies for dispute resolution (see, for instance, <a href="https://www.icann.org/resources/pages/help/dndr/udrp-en">the UDRP</a> for domain name disputes), maintaining the <a href="http://whois.icann.org/">WHOIS database</a>, etc. for domain names.</p>
<p style="text-align: justify; ">Under its contracts with Top Level Domain (TLD) Registries, ICANN receives payment for all registrations and/or renewals of domain names. For instance, under <a href="https://www.icann.org/sites/default/files/tlds/bharti/bharti-agmt-pdf-09jan14-en.pdf">the <strong>.bharti </strong>Registry Agreement</a>, ICANN receives a fixed annual registry free of US $6250. If there are more than 50,000 registrations or renewals of domain names under a TLD (say, <strong>.bharti</strong>) in a quarter, then ICANN also receives an amount equal to (No. of registrations or renewals <span>X</span> US $0.25). <a href="https://www.icann.org/resources/pages/registries/registries-en">TLD Registries</a> “own” TLDs like <strong>.com</strong>, and they maintain a list of all the domain names registered under that TLD. There are around <a href="https://www.icann.org/resources/pages/registries/registries-agreements-en">816 such Registry Agreements</a>, and in FY14, ICANN received over US $47 million in Registry fees [<i>see </i><a href="https://www.icann.org/en/system/files/files/financial-report-fye-30jun14-en.pdf">page 7</a>].</p>
<p style="text-align: justify; ">Similar agreements exist between ICANN and domain name Registrars accredited by it, too. Domain name Registrars are entities like <a href="https://in.godaddy.com/">Go Daddy</a> and <a href="http://www.bigrock.in/">Big Rock</a>, from whom people like you and me (or companies) can register domain names. Only Registrars accredited by ICANN can register domain names that will be included in the ICANN DNS, the most frequently used DNS on the Web. Each Registrar pays a <a href="https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#raa">yearly accreditation fee</a> of US $4000 to ICANN (see <span>Clause 3.9</span>). Each Registrar also <a href="https://www.icann.org/resources/pages/financials-55-2012-02-25-en">pays to ICANN</a> fees for every domain name registration or renewal. There are <a href="https://www.icann.org/registrar-reports/accredited-list.html">over 500 ICANN-accredited Registrars</a>, and in FY14, ICANN received over US $34.5 million in Registrar fees [<i>see </i><a href="https://www.icann.org/en/system/files/files/financial-report-fye-30jun14-en.pdf">page 7</a>].</p>
<p style="text-align: justify; ">Now, apart from this, in its IANA operator role, ICANN is responsible for the global allocation of IP addresses (IPv4 and IPv6). From the global pool of IP addresses, ICANN allocates to the five Regional Internet Registries (RIRs), which then allocate to National Internet Registries like the National Internet Exchange of India (<a href="http://www.nixi.in/en/contact-us/103-irinn">NIXI as IRINN</a>), local Internet registries or ISPs. For this, ICANN receives a combined contribution of US $823,000 each year as revenue from RIRs [<i>see, ex.</i>:<i> </i><a href="https://www.icann.org/en/system/files/files/financial-report-fye-30jun09-en.pdf">FY09 Financial Statements, page 3</a>].</p>
<p style="text-align: justify; "><span>And this isn’t all of it! With its </span><a href="http://newgtlds.icann.org/en/">new gTLD program</a><span>, ICANN is sitting on a large treasure trove. Each gTLD application cost US $185,000, and there were 1930 applications in the first round (that’s US $357 million). Where there arose disagreements as to the same or similar strings, ICANN initiated an auction process. Some new gTLDs were auctioned for </span><a href="http://www.circleid.com/posts/20141129_icann_new_gtld_auction_proceeds_approaching_30_million/">as high as US $6 million</a><span>.</span></p>
<p style="text-align: justify; ">So ICANN is sitting on a great deal of treasure (US $355 million in revenues in FY14 and growing). It accumulates revenue from a variety of quarters; the sources identified above are by no means the only revenue-sources. But ICANN is unaware of, or unwilling to disclose, all its sources of revenue.</p>
<h3 style="text-align: justify; ">ICANN's Troubling Scope-creep and Does Transparency Matter?</h3>
<p style="text-align: justify; ">At CIS, we are concerned by ICANN’s unchecked influence and growing role in the Internet governance institutional space. For instance, under its CEO Fadi Chehade, ICANN was heavily involved backstage for NETmundial, and has set aside over US $200,000 for Mr. Chehade’s brainchild, the NETmundial Initiative. Coupled with its lack of transparency and vocal interests in furthering <i>status quo </i>(for instance, both the names and numbers communities’ proposals for IANA transition want ICANN to remain the IANA functions operator, without stringent safeguards), this makes for a dangerous combination.</p>
<p style="text-align: justify; ">The clearest indication lies in the money, one might say. <a href="http://cis-india.org/internet-governance/blog/icann-accountability-iana-transition-and-open-questions">As we have written before</a>, ICANN budgets for less than US $10 million for providing core Internet functions out of a US $160 million strong budget (<a href="https://www.icann.org/en/system/files/files/adopted-opplan-budget-fy15-01dec14-en.pdf">Budget FY15, page 17</a>). It has budgeted, in comparison, US $13 million for travel and meetings alone, and spent over US $18 million on travel in FY14 (<a href="https://www.icann.org/en/system/files/files/adopted-opplan-budget-fy15-01dec14-en.pdf">Budget FY15, page 11</a>).</p>
<p style="text-align: justify; ">To its credit, ICANN <a href="https://www.icann.org/resources/pages/governance/financials-en">makes public</a> its financial statements (current and historic), and community discussions are generally open. However, given the understandably complex contractual arrangements that give ICANN its revenues, even ploughing through the financials does not give one a clear picture of where ICANN’s money comes from.</p>
<p style="text-align: justify; ">So one is left with questions such as the following: Which entities (and how many of them) pay ICANN for domain names? What are the vendor payments received by ICANN and who pays? Who all have paid ICANN under the new gTLD program, and for what purposes? Apart from application fees and auctions, what other heads of payment exist? How much does each RIR pay ICANN and what for, if <a href="https://www.arin.net/policy/nrpm.html#six41">IP addresses are not property to be sold</a>? For how many persons (and whom all) does ICANN provide pay for, to travel to meetings and other events?<span> </span></p>
<p style="text-align: justify; ">You may well ask why these questions matter, and whether we need greater transparency. <span>To put it baldly: ICANN’s transparency is crucial. ICANN is today something of a monopoly; it manages the IANA functions, makes policy for domain names and is increasingly active in Internet governance. It is without greater (effective) accountability than a mere review by the NTIA, and some teething internal mechanisms like the </span><a href="https://www.icann.org/resources/pages/didp-2012-02-25-en">Documentary Information Disclosure Policy</a><span> (DIDP), </span><a href="https://www.icann.org/resources/pages/accountability/ombudsman-en">Ombudsman</a><span>, </span><a href="https://www.icann.org/resources/pages/reconsideration-and-independent-review-icann-bylaws-article-iv-accountability-and-review">Reconsideration and Independent Review</a><span> and the </span><a href="https://www.icann.org/en/system/files/files/final-recommendations-31dec13-en.pdf">Accountability and Transparency Review</a><span> (ATRT). I could elaborate on why these mechanisms are inadequate, but this post is already too long. Suffice it to say that by carefully defining these mechanisms and setting out their scope, ICANN has stifled their effectiveness. For instance, a Reconsideration Request can be filed if one is aggrieved by an action of ICANN’s Board or staff. Under ICANN’s By-laws (</span><a href="https://www.icann.org/resources/pages/governance/bylaws-en#IV">Article IV, Section 2</a><span>), it is the Board Governance Committee, comprising ICANN Board members, that adjudicates Reconsideration Requests. This simply violates the principles of natural justice, wherein one may not be a judge in one’s own cause (</span><i>nemo debet esse judex in propria causa</i><span>).</span></p>
<p style="text-align: justify; ">Moreover, ICANN serves corporate interests, for it exists on account of contractual arrangements with Registries, Registrars, the NTIA and other sundry entities. ICANN has also troublingly reached into Internet governance domains to which it was previously closed, such as the NETmundial Initiative, the NETmundial, the IGF and its Support Association. It is unclear that ICANN was ever intended to overreach so, a point admitted by Mr. Chehade himself at the <a href="https://www.youtube.com/watch?v=Cio31nsqK_A">ICANN Open Forum</a> in Istanbul (IGF 2014).</p>
<p style="text-align: justify; ">Finally, despite its professed adherence to multi-stakeholderism, there is evidence that ICANN’s policy-making and functioning revolve around small, cohesive groups with multiple professional inter-linkages with other I-Star organisations. For instance, a <a href="http://cis-india.org/internet-governance/blog/ianas-revolving-door">revolving door study</a> by CIS of the IANA Coordination Group (ICG) found that 20 out of 30 ICG members had close and longterm ties with I-Star organisations. This surely creates concern as to the impartiality and fairness of the ICG’s decision-making. It may, for instance, make a pro-ICANN outcome inevitable – and that is definitely a serious worry.</p>
<p style="text-align: justify; ">But ICANN is <i>intended </i>to serve the public interest, to ensure smooth, stable and resilient running of the Internet. Transparency is crucial to this, and especially so during the IANA transition phase. <a href="http://singapore52.icann.org/en/schedule/sun-iana-stewardship-accountability">As advisor Jan Scholte asked at ICANN52</a>, what accountability will ICANN exercise after the transition, and to whom will it be accountable? What, indeed, does accountability mean? The CCWG-Accountability is <a href="https://twitter.com/arunmsukumar/status/564269949237985280">still asking that question</a>. But meanwhile, one among our cohorts at CIS <a href="http://openup2014.org/privacy-vs-transparency-attempt-resolving-dichotomy/">has advocated</a> transparency as a check-and-balance for power.<span> </span></p>
<p style="text-align: justify; ">The DIDP process at ICANN may prove useful in the long run, but does it suffice as a transparency mechanism?</p>
<h3 style="text-align: justify; ">ICANN's Responses to CIS' DIDP Requests</h3>
<p style="text-align: justify; ">Over December ’14 and January ’15, CIS sent 10 DIDP requests to ICANN. Our aim was to test and encourage transparency from ICANN, a process crucial given the CCWG-Accountability’s deliberations on ways to enhance ICANN’s accountability. We have received responses for 9 of our requests. <b>We summarise ICANN’s responses in a table: <a href="https://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file">please go here</a></b>.</p>
<p style="text-align: justify; ">A glance at the table above will show that ICANN’s responses are largely negative. In 7 requests out of 9, ICANN provides very little new information. Though the responses are detailed, the majority of information they provide is already identified in CIS’ requests. For instance, in the response to the <b><a href="https://www.icann.org/resources/pages/20141228-1-netmundial-2015-01-28-en">NETmundial Request</a></b>, ICANN links us to blogposts written by CEO Fadi Chehade, where he notes the importance of translating the NETmundial Principles into action. They also link us to the Final Report of the Panel on Global Internet Cooperation and Governance Mechanism, and ICANN’s involvement in the NETmundial Initiative.<span> </span></p>
<p style="text-align: justify; ">However, to the query on ICANN’s own measures of implementing the NETmundial Principles – principles that it has lauded and upheld for the entire Internet governance community – ICANN’s response is surprisingly evasive. Defending lack of action, they note that “ICANN is not the home for implementation of the NETmundial Principles”. But ICANN also responds that they <i>already implement</i> the NETmundial Principles: “Many of the NETmundial Principles are high-level statements that <i>permeate through the work of any entity </i>– particularly a multistakeholder entity like ICANN – that is interested in the upholding of the inclusive, multistakeholder process within the Internet governance framework” (emphasis provided). One wonders, then, at the insistence on creating documents involving such high-level principles; why create them if they’re already implemented?<span> </span></p>
<p style="text-align: justify; ">Responses to other requests indicate that the DIDP is, in its current form, unable to provide the transparency necessary for ICANN’s functioning. For instance, in the response to the <b><a href="https://www.icann.org/resources/pages/20141228-1-ombudsman-2015-01-28-en">Ombudsman Request</a></b>, ICANN cites confidentiality as a reason to decline providing information. Making Ombudsman Requests public would violate ICANN Bylaws, and topple the independence and integrity of the Ombudsman.</p>
<p style="text-align: justify; ">These are, perhaps, valid reasons to decline a DIDP request. But it is also important to investigate these reasons. ICANN’s Ombudsman is appointed by the ICANN Board for 2 year terms, under <a href="https://www.icann.org/resources/pages/governance/bylaws-en#V">Clause V of ICANN’s Bylaws</a>. The Ombudsman’s principal function is to “provide an independent internal evaluation of complaints by members of the ICANN community who believe that the ICANN staff, Board or an ICANN constituent body has treated them unfairly”. The Ombudsman reports only to the ICANN Board, and all matters before it are kept confidential, including the names of parties and the nature of complaints. The Ombudsman reports on the categories of complaints he receives, and statistics regarding decisions in his <a href="https://www.icann.org/resources/pages/reports-96-2012-02-25-en">Annual Reports</a>; no details are forthcoming for stated reasons of confidentiality and privacy.<span> </span></p>
<p style="text-align: justify; ">This creates a closed circle in which the Ombudsman operates. The ICANN Board appoints the Ombudsman. He/she listens to complaints about unfair treatment by the ICANN Board, Staff or constituency. He/she reports to the ICANN Board alone. However, neither the names of parties, the nature of complaints, nor the decisions of the Ombudsman are publicly available. Such a lack of transparency throws doubt on the functioning of the Ombudsman himself – and on his independence, neutrality and the extent of ICANN’s influence on him/her. An amendment of ICANN’s Bylaws would then be imperative to rectify this problem; this matter is squarely within the CCWG-Accountability’s mandate and should be addressed.</p>
<p style="text-align: justify; ">As is clear from the above examples, ICANN’s DIDP is an inadequate tool to ensure transparency functioning. The Policy was crafted without community input, and requires substantial amendments to make it a sufficient transparency mechanism. CIS’ suggestions in this regard shall be available in our next post.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><i>CIS' Annual Reports are <a href="http://cis-india.org/about/reports">here</a>. Our audit is ongoing, and the Annual Report for 2013-14 will be up shortly. <i>Pranav Bidare (<i style="text-align: justify; ">3rd year)</i> of the National Law School, Bangalore assisted with research for this post, and created the table of CIS' DIDP requests and responses.</i></i></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/where-does-icann2019s-money-come-from-we-asked-they-don2019t-know'>https://cis-india.org/internet-governance/blog/where-does-icann2019s-money-come-from-we-asked-they-don2019t-know</a>
</p>
No publishergeethaAccountabilityICANNIANA TransitionTransparencyDIDP2015-03-05T07:43:45ZBlog EntryICANN’s Documentary Information Disclosure Policy – I: DIDP Basics
https://cis-india.org/internet-governance/blog/icann2019s-documentary-information-disclosure-policy-2013-i-didp-basics
<b>In a series of blogposts, Vinayak Mithal analyses ICANN's reactive transparency mechanism, comparing it with freedom of information best practices. In this post, he describes the DIDP and its relevance for the Internet community.</b>
<p style="text-align: justify; ">The Internet Corporation for Assigned Names and Numbers (“ICANN”) is a non-profit corporation incorporated in the state of California and vested with the responsibility of managing the DNS root, generic and country-code Top Level Domain name system, allocation of IP addresses and assignment of protocol identifiers. As an internationally organized corporation with its own multi-stakeholder community of Advisory Groups and Supporting Organisations, ICANN is a large and intricately woven governance structure. Necessarily, ICANN undertakes through its Bye-laws that “<i>in performing its functions ICANN shall remain accountable to the Internet community through mechanisms that enhance ICANN’s effectiveness</i>”. While many of its documents, such as its Annual Reports, financial statements and minutes of Board meetings, are public, ICANN has instituted the Documentary Information Disclosure Policy (“DIDP”), which like the RTI in India, is a mechanism through which public is granted access to documents with ICANN which are not otherwise available publicly. It is this policy – the DIDP – that I propose to study.</p>
<p style="text-align: justify; ">In a series of blogposts, I propose to introduce the DIDP to unfamiliar ears, and to analyse it against certain freedom of information best practices. Further, I will analyse ICANN’s responsiveness to DIDP requests to test the effectiveness of the policy. However, before I undertake such analysis, it is first good to know what the DIDP is, and how it is crucial to ICANN’s present and future accountability.</p>
<h3><strong>What is the DIDP?</strong></h3>
<p style="text-align: justify; ">One of the core values of the organization as enshrined under Article I Section 4.10 of the Bye-laws note that “in performing its functions ICANN shall remain accountable to the Internet community through mechanisms that enhance ICANN’s effectiveness”. Further, Article III of the ICANN Bye-laws, which sets out the transparency standard required to be maintained by the organization in the preliminary, states - “ICANN and its constituent bodies shall operate to the maximum extent feasible in an open and transparent manner and consistent with procedures designed to ensure fairness”.</p>
<p style="text-align: justify; ">Accordingly, ICANN is under an obligation to maintain a publicly accessible website with information relating to its Board meetings, pending policy matters, agendas, budget, annual audit report and other related matters. It is also required to maintain on its website, information about the availability of accountability mechanisms, including reconsideration, independent review, and Ombudsman activities, as well as information about the outcome of specific requests and complaints invoking these mechanisms.</p>
<p style="text-align: justify; ">Pursuant to Article III of the ICANN Bye-laws for Transparency, ICANN also adopted the DIDP for disclosure of publicly unavailable documents and publish them over the Internet. This becomes essential in order to safeguard the effectiveness of its international multi-stakeholder operating model and its accountability towards the Internet community. Thereby, upon request made by members of the public, ICANN undertakes to furnish documents that are in possession, custody or control of ICANN and which are not otherwise publicly available, provided it does not fall under any of the defined conditions for non-disclosure. Such information can be requested via an email to <a href="mailto:didp@icann.org">didp@icann.org</a>.</p>
<h3><strong>Procedure</strong></h3>
<ul style="text-align: justify; ">
<li>Upon the receipt of a DIDP request, it is reviewed by the ICANN staff.</li>
<li>Relevant documents are identified and interview of the appropriate staff members is conducted.</li>
<li>The documents so identified are then assessed whether they come under the ambit of the conditions for non-disclosure.
<ul>
<li>Yes - A review is conducted as to whether, under the particular circumstances, the public interest in disclosing the documentary information outweighs the harm that may be caused by such disclosure. </li>
<li>Documents which are considered as responsive and appropriate for public disclosure are posted on the ICANN website.</li>
<li>In case of request of documents whose publication is appropriate but premature at the time of response then the same is indicated in the response and upon publication thereafter, is notified to the requester.</li>
</ul>
</li>
</ul>
<h3><strong>Time Period and Publication </strong></h3>
<p style="text-align: justify; ">The response to the DIDP request is prepared by the staff and is made available to the requestor within a period of 30 days of receipt of request via email. The Request and the Response is also posted on the DIDP page <a href="http://www.icann.org/en/about/transparency">http://www.icann.org/en/about/transparency</a> in accordance with the posting guidelines set forth at <a href="http://www.icann.org/en/about/transparency/didp">http://www.icann.org/en/about/transparency/didp</a>.</p>
<h3><strong>Conditions for Non-Disclosure</strong></h3>
<p style="text-align: justify; ">There are certain circumstances under which ICANN may refuse to provide the documents requested by the public. The conditions so identified by ICANN have been categorized under 12 heads and includes internal information, third-party contracts, non-disclosure agreements, drafts of all reports, documents, etc., confidential business information, trade secrets, information protected under attorney-client privilege or any other such privilege, information which relates to the security and stability of the internet, etc.</p>
<p style="text-align: justify; ">Moreover, ICANN may refuse to provide information which is not designated under the specified conditions for non-disclosure if in its opinion the harm in disclosing the information outweighs the public interest in disclosing the information. Further, requests for information already available publicly and to create or compile summaries of any documented information may be declined by ICANN.</p>
<h3><strong>Grievance Redressal Mechanism </strong></h3>
<p style="text-align: justify; ">In certain circumstances the requestor might be aggrieved by the response received and so he has a right to appeal any decision of denial of information by ICANN through the Reconsideration Request procedure or the Independent Review procedure established under Section 2 and 3 of Article IV of the ICANN Bye-laws respectively. The application for review is made to the Board which has designated a Board Governance Committee for such reconsideration. The Independent Review is done by an independent third-party of Board actions, which are allegedly inconsistent with the Articles of Incorporation or Bye-laws of ICANN.</p>
<h3><strong>Why does the DIDP matter?</strong></h3>
<p style="text-align: justify; ">The breadth of ICANN’s work and its intimate relationship to the continued functioning of the Internet must be appreciated before our analysis of the DIDP can be of help. ICANN manages registration and operations of generic and country-code Top Level Domains (TLD) in the world. This is a TLD:</p>
<p style="text-align: justify; "><img src="https://cis-india.org/internet-governance/blog/TLD.jpg/@@images/1bb21859-d1aa-41c6-b5e0-4041ae099f54.jpeg" alt="TLD" class="image-inline" title="TLD" /></p>
<p style="text-align: justify; ">(<i>Source</i>: <a class="external-link" href="http://geovoices.geonetric.com/wp-content/uploads/2013/11/parts_of_a_domain_name.jpg">here</a>)</p>
<p style="text-align: justify; ">Operation of many gTLDs, such as .com, .biz or .info, is under contract with ICANN and an entity to which such operation is delegated. For instance, Verisign operates the .com Registry. Any organization that wishes to allow others to register new domain names under a gTLD (sub-domains such as ‘benefithealth’ in the above example) must apply to ICANN to be an ICANN-accredited Registrar. GoDaddy, for instance, is one such ICANN-accredited Registrar. Someone like you or me, who wants to get our own website – say, vinayak.com – buys from GoDaddy, which has a contract with ICANN under which it pays periodic sums for registration and renewal of individual domain names. When I buy from an ICANN-accredited Registrar, the Registrar informs the Registry Operator (say, Verisign), who then adds the new domain name (vinayak.com) to its registry list, and then it can be accessed on the Internet.</p>
<p style="text-align: justify; ">ICANN’s reach doesn’t stop here, technically. To add a new gTLD, an entity has to apply to ICANN, after which the gTLD has to be added to the root file of the Internet. The root file, which has the list of all TLDs (or all ‘legitimate’ TLDs, some would say), is amended by Verisign under its tripartite contract with the US Government and ICANN, after which Verisign updates the file in its ‘A’ <a href="http://root-servers.org/">root server</a>. The other 12 root servers use the same root file as the Verisign root server. Effectively, this means that <i>only </i>ICANN-approved TLDs (and all sub-domains such as ‘benefithealth’ or ‘vinayak’) are available across the Internet, on a global scale. Or at least, ICANN-approved TLDs have the most and widest reach. ICANN similarly manages country-code TLDs, such as .in for India, .pk for Pakistan or .uk for the United Kingdom.</p>
<p style="text-align: justify; ">All of this leads us to wonder whether the extent of ICANN’s voluntary and reactive transparency is sufficient for an organization of such scale and impact on the Internet, perhaps as much impact as the governments do. In the next post, I will analyse the DIDP’s conditions for non-disclosure of information with certain freedom of information best practices.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><i>Vinayak Mithal is a final year student at the Rajiv Gandhi National University of Law, Punjab. His interests lie in Internet governance and other aspects of tech law, which he hopes to explore during his internship at CIS and beyond. He may be reached at vinayakmithal@gmail.com.</i></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/icann2019s-documentary-information-disclosure-policy-2013-i-didp-basics'>https://cis-india.org/internet-governance/blog/icann2019s-documentary-information-disclosure-policy-2013-i-didp-basics</a>
</p>
No publisherVinayak MithalInternet GovernanceAccountabilityICANNDIDPTransparency2014-07-01T13:01:34ZBlog Entry