In Unix terminology a "daemon" is a program that has been detached from the process that created it and is now running autonomously.
There are those who believe that ICANN should be released from the control of the US Department of Commerce and allowed to act independently. (See Bret Fausett's well considered posting "Giving Up U.S. Control".) In other words, should ICANN become a daemon?
I believe that that would be a terrible thing to do. The problem is that ICANN's role is very poorly defined and there is no reason to believe that a released ICANN would not continue to bumble around and become an ever larger, more expensive, and heavier regulatory body that benefits no one other than those ICANN-entrenched incumbents who find ICANN to be a good way to promote their interests and hinder their competitors. We should not forget that the ICANN of today, through its price support system under DNS registries taxes internet users to the tune of several hundred million dollars of inflated prices every year.
It is bad enough that ICANN has become little more than a mouthpiece for the trademark and domain name selling industries. But in addition ICANN has shown that it has no regard for the actual operational stability of the internet's domain name system or IP address allocation systems.
And we should not forget that ICANN has created a Byzantine system that effectively locks the public and public interest out of its board of directors and other decision-making organs. In other words, who would oversee ICANN if the DoC were to hand the keys to ICANN? Whatever the answer might be we can be certain of at least one thing: the public interest and public representatives would be powerless observers.
It is already abundantly clear that ICANN has run off the rails. One one hand we see ICANN's foray into matters that bear no reasonable relationship to ICANN's role as a coordinator of certain technical internet functions. For example we have ICANN's intrusive system of regulation over domain name business practices and prices, and ICANN's UDRP (a de-facto supranational law of trademarks with no bearing whatsoever on technical stability of the net.) On the other hand ICANN has done little, if anything, to protect the domain name system of the internet from failures, from attack, or from operational errors.
ICANN has gone off course even while it is under the guiding hand of the US Department of Commerce. There is no evidence to indicate that ICANN will re-rail itself and start to do things right once that guidance is removed.
What do we want ICANN to be? I think the original conception of a body that coordinates certain technical aspects of DNS and IP address allocation would be an appropriate job description. Is ICANN even close to being that kind of body? The answer is clearly "no".
Who's watching the IP address allocation system? Not ICANN. That job is, instead, firmly in the hands of the regional IP address registries (RIRs).
Who's watching the domain name system to make sure that it runs 24x7x365? Not ICANN.
The DNS root server operators are a group of people and entities that are independent of ICANN and independent of one another.
The preparation of the root zone file appears to involve several cooks who do not talk to one another. For example Verisign announced the other day to NANOG that it intends to insert IPv6 records into the root zone. (This will cause the loss of certain IPv4 information that may, in turn, sometimes require DNS resolvers to take extra steps to obtain.) (Also see Adding IPv6 glue to the root zone that recommends that before adding IPv6 records to zones such as .com that "[o]perators of these zones need to change their their glue setup")
Was this Verisign's decision to make? No. It is ICANN's (or ICANN executing the IANA function) decision.
Was this change announced to the public? No, that is unless one considers the NANOG mailing list to a sufficient form of announcement.
Did ICANN or IANA inquire as to the safety of this change? No.
Has ICANN investigated the primary and secondary effects of the introduction of IPv6 DNS records into the root zone and TLD delegations? No. ICANN condemned Verisign for deploying Sitefinder without having a full comprehension of the side effects. Yet, here it is ICANN/IANA (with the implicit approval of NTIA) that is taking the internet community for a walk in the dark.
Is there a risk that the net could be destabilized? No one can say for sure. Certainly one might believe that the loss of DNS information that has been present and found operationally valuable will have some side effects. There is an internet-draft written by a well qualified person that concludes that those side effects are acceptable. But that draft is nothing but a draft and it is based on mental arguments without the benefit of monitored or controlled empirical testing. In other words, the live internet is the guinea pig. We do not know whether there is a risk and what its magnitude or symptoms might be. Nor do we know the metrics that were used to distinguish an acceptable level of side effects from an unacceptable level. Moreover, a golden opportunity to measure the before and after effects was lost when IPv6 records were installed in some ccTLDs. (See my notes IPv6 and root servers and Leaping Without Looking - And Taking the Internet Along for the Ride.)
In addition, even if the risk is small should not ICANN/IANA be insisting on a post-change evaluation that things are still working well and roll-back contingency if they are not? Of course it should. But is ICANN/IANA doing so? No.
There are other occasions in which ICANN has shown that it has no concern whether the DNS is running or not.
For example we still do not have even a sign that ICANN noticed, much less cared, that the net lost the .org TLD a few months ago.
Is this the kind of ICANN/IANA that should be left alone without adult supervision? Not in my book.
ICANN has argued many times that internet users need not be admitted to ICANN because we users are represented by our governments. To the extent that that theory is valid then for the Dept of Commerce to release ICANN would be to lose the only remaining vehicle for public oversight of ICANN's activities. That would be a bad thing.
If the Department of Commerce were to let go of its oversight role over ICANN/IANA then the DoC should strip ICANN/IANA of those jobs that it is supposed to be doing - guaranteeing the stability of the DNS and IP address allocation systems - and vest those into some new body that actually cares that these jobs are actually performed and performed well.
When thinking about governance and, in particular, internet governance, it is kind of fun to look back to 1857 and read Chapter 10 of Dicken's Little Dorrit.
Below are the first two paragraphs. The entire chapter (and the entire book) are well worth reading.
My question for you is this: What body of internet governance best resembles the Circumlocution Office? (The answer is at the end of this entry.)
Containing the whole Science of Government
The Circumlocution Office was (as everybody knows without being told) the most important Department under Government. No public business of any kind could possibly be done at any time without the acquiescence of the Circumlocution Office. Its finger was in the largest public pie, and in the smallest public tart. It was equally impossible to do the plainest right and to undo the plainest wrong without the express authority of the Circumlocution Office. If another Gunpowder Plot had been discovered half an hour before the lighting of the match, nobody would have been justified in saving the parliament until there had been half a score of boards, half a bushel of minutes, several sacks of official memoranda, and a family-vault full of ungrammatical correspondence, on the part of the Circumlocution Office.
This glorious establishment had been early in the field, when the one sublime principle involving the difficult art of governing a country, was first distinctly revealed to statesmen. It had been foremost to study that bright revelation and to carry its shining influence through the whole of the official proceedings. Whatever was required to be done, the Circumlocution Office was beforehand with all the public departments in the art of perceiving--HOW NOT TO DO IT.
Next week will be a meeting of the Working Group on Internet Governance in Geneva. Unfortunately competing demands on my time prevent me from attending. (I do spend much of my time building real, running networking products.)
There are not a lot of submissions as of this time, so I thought that I'd put forth a few thoughts.
The concept of sovereignty of nations is changing - power is eroding from existing nation-states and flowing into the hands of other actors. This is an historical change and demands the articulation and examination of first principles.
Small thinking will lead to small results. Internet governance wrought only in terms of intellectual property protection or in terms of local economic interests will fail in a few years time leaving us in a no better, and probably worse, position than we are in today.
The question that must be answered is raw and blunt: How is the power to control the internet to be subordinated to the common good? This question is quite similar to those asked in the 18th century by those who wondered how democratic government can be established without it devolving into anarchy or concentrating into despotism.
I would suggest several principles:
1. This first is a meta-principle: Whatever is done about internet governance
will be imperfect. This suggests the following:
PRINCIPLE: Begin by undertaking small projects of internet governance where the harm caused by errors or failures will be constrained and relatively easily remedied.
This is consistent with my submissions to prior meetings at the ITU and UN in which I urged that we make a clear and dispassionate examination of the jobs that internet governance requires and around those jobs we tailor very closely fitting and highly constrained organizations focused solely and exclusively upon one particular job. This principle, that form should follow function, seemed very widely held by the attendees at those previous meetings.
It also seems prudent to establish a limited lifetime for these early bodies of internet governance. They should be formed with the clear knowledge that at some day in the future they will have to prove that they are useful else they will cease.
2. PRINCIPLE: People and nations have a right to shape their own internet experience according to their own values and preferences. This does not mean that the rights of one supersede the rights of others. Rather it means that there is a balance. Every person, every culture, every religion, every nation, has an equal right to step forward and participate in the making of that balance.
Some may take this as a strong assertion of power. It is not. Rather it is the converse, it is an expression of the right of people and nations to be free from the arbitrary imposition of power without giving them full access to the forums in which internet policy is made.
This lack of access and participation has been a fundamental, and to my mind, fatal flaw, in existing experiments of internet governance. ICANN, for example, has so greatly distanced itself from the opinions and participations of the community of internet users that ICANN has degenerated into little more than a petty regulatory body, a guild, setting trade rules, establishing prices, imposing fees (taxes), and protecting incumbents from competitive forces.
The role of the individual person should not be dismissed or submerged. Many people, perhaps the majority of people, are willing to allow their viewpoints to be represented indirectly through governments and Civil Society actors. However, the door should not be closed against those who have the motivation, skill, and resources to act alone. We must remember that ultimately, the atomic unit of every collegiate entity, every government, every corporation, and every other human endeavor is the individual human being.
3. I of course have to raise what I call "The First Law of the Internet":
PRINCIPLE: Every person shall be free to use the Internet in any way that is privately beneficial without being publicly detrimental.
The burden of demonstrating public detriment shall be on those who wish to prevent the private use.
Such a demonstration shall require clear and convincing evidence of public detriment.
The public detriment must be of such degree and extent as to justify the suppression of the private activity.
This is a refinement of principle #2 in that it begins to describe the structure in which the balance is struck between competing internet uses and policies.
In the near future I will expand this list of principles. But there is also the very real question of doing concrete and pragmatic things.
In my previous submissions I urged that there be established certain highly limited and highly focused bodies to deal with certain easily identifiable matters of internet operation and governance. It seems clear to me that there is little question as to what some early experimental bodies of internet governance could be. It seems that the question we face is how to structure these bodies so that they are in accord with our body of principles and are well formed so that they begin and continue to exist as transparent, open, and accountable entities.
I see that ICANN's ASO - a body composed mainly of the regional IP address registries (RIRs) - has submitted a document entitled INTERNET ASSIGNED NUMBERS AUTHORITY (IANA) POLICY FOR ALLOCATION OF IPv4 BLOCKS TO REGIONAL INTERNET REGISTRIES
It is an interesting document. And I won't do more than mention in passing that it was written mainly by those who receive the allocations described by the policy.
As for the policy expressed in the document: There is no doubt in my mind that the policy itself as articulated in the document is a rational one and appears based on the lessons of years of RIR experience.
In terms of its impact on the overall internet this policy is of much greater import than all of ICANN's DNS policies and DNS task force reports and UDRP's put together.
Nearly all of ICANN's DNS impositions can be bypassed simply by innovating at a lower level of the domain name hierarchy.
However, IP addresses are the sine qua non of existence on the internet; a computer is not on the internet unless it has an globally valid and routable-to IP address (or is behind a NAT that has one.) If a region, a country, an ISP, a business, or a person can not get a usable number of addresses, then they are not really on the internet. In some future political or economic competitive situations the winner may well be the entity that has better access to IP address resources.
There are two points about the document that strike me as interesting.
First is that is purports to be an IANA policy. Where is the adoption of this policy, by IANA or ICANN's board playing stand-in for IANA. Or is this merely a suggested policy?
Second is that this document is giveth-only, it has no taketh-away. This policy does not seem to envision any recovery of addresses by IANA from the RIRs or any re-allocation of address blocks.
My last conversation with Jon Postel was on exactly this issue of recovery and re-allocation. The RIRs make sense as an allocation mechanism because they coarsely correspond to chunks of internet connectivity. In other words, the connectivity within a region covered by a RIR tends to be more intensive than the connectivity between regions covered by different RIRs. (As I said, this is merely a course correspondence and is being increasingly leavened by concessions to regional pride.) As the connectivity of the internet evolves over time the modularity of today's connectivity may change and the efficient aggregation of address blocks might then suggest an equally evolved RIR structure. Jon and I were in agreement that the RIR system and the systems of allocations made to RIRs ought not to be considered immutable but rather to be considered as flexible and subject to periodic re-evaluation. This policy seems as if it leaning towards immutability rather than towards flexiblity.
I cought Tucows' announcement of their "perfect information" system. (More information here.) Elliot and Ross continue to be among the most constructive and creative players in the domain name business. Ross' note is a most useful exposure of the back-room games, and money flows, that most domain name registrants do not see, even though, in the long run, they do pay for.
What Tucows is doing is a nice patch to a system that has been created out of the reaction to ICANN's excessively intense and excessively detailed regulatory scheme.
Why, for example, has ICANN imposed a registration system on domain names that requires names to be acquired in one year increments up to ten years maximum? There is no rhyme or reason why a ten year maximum or why it has to be in one year units. Those were arbitrary impositions - ICANN, acting as the Caesar of Domain Names, simply declared these by fiat.
There is a real need for short-term domain names, for ephemeral things like movies or political events. Yet ICANN says "one year period, minimum."
And there is a real need for very long term names. Does anyone think that "ibm.com" is going to be relinquished anytime soon? There could easily be established a system of very long term name acquisitions, say 100 years or even indefinite, in which the "owners" would be free to retain the name, or to buy and sell, the name through their own channels. And the registrar/registry system would be relieved of the churn and expense caused by unnecessary expiration billing and processing.
Tucow's "Perfect Information" system appears at first glance to be a worthwhile local improvement. But it can remain nothing more than a mere local improvement until ICANN stops being an example of worst kind of heavy, excessive, and pointless regulatory body and returns to its original purpose, that of ensuring that the upper layer of the domain name system answers name queries quickly, efficiently, and accurately 24x7x365.
Or, and perhaps easier, ICANN could simply admit that it has no role in technical matters and that is merely a body that shapes and constrains the business of buying and selling domain names and relinquishes its role of ensuring technical stability to new bodies, yet to be formed.
In either case, ICANN should get out of the way.
Netburg is a nice place to live. It barely existed a decade ago. Today it is home to millions of people and corporations worldwide are moving their headquarters.
Netburg is built of wood, nice dry wood; the kind that catches fire easily.
Netburg has a problem. There are people and groups around the world who send incendiary devices into Netburg 24 hours a day, seven days a week, 365 days a year. So far only small parts of Netburg have burned. But everyone knows that a big fire could happen at any time.
Netburg does not have a fire department. It has thirteen self-appointed fireman who have invested their own money in trucks and equipment. But those fireman aren't obligated to put out fires or to be impartial about choosing whose fires to put out and whose buildings it will let burn. To date these fireman have had the self motivation, the resources, and good will to do the job.
Six years ago, back in 1998, Netburg's traffic department empanelled a board of fire commissioners and instructed them to professionalize Netburg's fire prevention and firefighting systems. Nobody has ever explained why it was the traffic department rather than the city counsel or mayor rather that set up the fire commission . And nobody is sure whether the traffic department's actions are within its scope of authority or not. But that is another tale for another day.
To help get things started, the traffic department gave Netburg not only the right to decide who can build a home or business on each street in Netburg but also to charge a fee for making that decision. The traffic department told the fire commissioners that they could also levy a yearly charge on every home and business in Netburg. Few complained at the time: the traffic department had formerly been charging a $35 yearly fee and the fire commissioners lowered it to about $15 and practically nobody noticed that that $15 amount was an arbitrary figure and much higher than could be justified.
The traffic commission, the fire commissioners, and the firemen have worked to create a public belief that no other firemen ought to be allowed into Netburg. And the commissions have ceaselessly encouraged the public to believe that the commission is protecting Netburg against fires and that everything is safe and under control.
Unfortunately, Netburg's fire commissioners want to be real estate commissioners.
As a consequence the fire commission has done nothing to protect against fires. Netburg's fire commission has no fire station, no fire trucks, no hoses, no ladder. Netburg is about as well protected against burning down as Chicago was protected from Mrs. O'Leary's cow.
In the meantime, the fire commission has proven itself rather poor at the real-estate game. They have allowed only seven new houses to be constructed in Netburg during the last six years. And those houses are mostly small, shabby affairs. Some are so ill conceived that they are barely able to stand without being propped up.
Netburg is suffering from a dual curse: it is unprotected against fire and its real-estate industry is an over-regulated shambles with business practices that would embarrass even a used-car salesman.
I hope the reader recognizes Netburg as the internet and the fire commission as ICANN.
What's the point of this tale? It is this: ICANN has done nothing, absolutely nothing, to protect the internet from disaster.
instead, ICANN has squandered its entire existence pretending to be the Pooh-Bah of domain-name trademark rules and the Grand High Commissioner of domain name business practices.
ICANN has not suffered from its digression - ICANN's budget now wants to be $15,000,000(US) a year. ICANN's directors and staff flit around the world (and most do not fly coach class!) to be wined and dined and flattered and partied. And how the law firm that created ICANN is raking in the legal fees!
The internet, on the other hand, has been left unprotected and vulnerable.
ICANN has not done anything to improve the technical stability of the internet or to make the upper layer of DNS less vulnerable to attack or failure. The only protection has come from the efforts of an amazing cadre of independent actors who, perceiving the vacuum, have stepped in and assumed the job that ICANN promised that it would do.
These actors, however, are mortal or are institutions that have goals and budgets that may not always coincide with the level of effort required to continue in this role.
ICANN, by pretending that it is protecting the net, has created a grave danger.
The community of internet users has been misled by ICANN to believe that the net is being guarded. Yet ICANN, because it is engaged in other matters, has left the internet at risk, protected only by a few volunteers who are free to walk away at any time.
Netburg, the community of internet users, deserves better.
ICANN seems to be neither willing nor able to do what it was supposed to do in the first place, which is to ensure that the upper layer of the domain name system runs reliably, accurately, and efficiently 24 hours a day, 7 days a week, 365 days a year.
A city that has a fire department that doesn't care about putting out fires ought to replace its fire department.
ICANN has had six years to get its act together; there is no sign that it is improving. The internet community is paying for an ICANN that ensures the stable technical operation of DNS. We are not getting what we are paying for. How much longer are we willing to tolerate a status quo in which the entire internet is put at risk?
I just saw the latest news on John Gilmore's case concerning the requirement to present ID before boarding a commercial aircraft.
There are lots of opinions on both sides of the main issue. But I'm not going to try here to elaborate, much less address, those opinions.
Rather, what I am writing about here is the assertion by the government that they can make their arguments in secret, not even telling Gilmore what those arguments are.
That assertion screams of Kafka. Is John Gilmore a modern day Joseph K who is never to learn why his rights are being removed, much less to have a real means to make a challenge?
I will soon be writing some thoughts engendered by a book I just read - Sinclair Lewis' 1935 novel It Can't Happen Here When I read of actions and assertions by the present so-called "Justice" Department - assertions such are being made here in the Gilmore case, redaction of case citations in decisions, as well as assertions recently made (but fortunately rejected by the courts) of executive power to hold prisoners incommunicado for indefinite periods, I wonder whether the book could be re-issued under the title It Is Happening Here?
We as citizens deserve more from our government than "trust us". Citizens can not exercise their rights as citizens without information. A democracy can not survive in secrecy. A government that hides behind secrecy is a government that has repudiated the principles upon which this country was founded.
We may not all agree with John Gilmore's claim that he can board a commercial airliner without showing ID. But I believe that we all can agree that secret trials are wrong and are permissible only in extreme cases after a clear, complete, and compelling public showing by the government that a secret proceeding is necessary in a specific case and that there is no less burdensome alternative.