I see that ICANN is advertising for applications to its nominating committee.
Isn't it interesting how ICANN changes its description of itself over the years? ICANN's self description is becoming even more vague about the specific nature of its job, and the words "technology" and "technical" in reference to "ensuring stability' are becoming increasingly rare.
ICANN has become a place where directors and officers seem to abandon their talent for independent thought and decision and become just part of a herd of rubber stamps ready to moo quietly and then approve whatever ICANN's staff puts before them. For a body that is pulling several hundred million dollars per year out of the pockets of internet users, this kind of amateur behavior is, to put it mildly, extremely disappointing.
I will repeat my advice from two years ago:
Any person who is considering becoming a Director of ICANN (or any other corporate entity) ought to consult with his or her own personal legal counsel.
(Although I am a licensed California attorney, the above is not intended to be, nor is it, legal advice; you should consult with your own personal legal counsel on these matters.)
I see that ICANN's Board approved several resolutions concerning IP address allocations.
Among these resolutions was one in which ICANN's Board unanimously adopted an "IPv4 Global Allocation Policy".
IP address allocation policy is the most crucial matter ever to come before ICANN's board. IP addresses are the fuel on which the internet runs. Without an IP address a person or computer is simply not part of the internet. A policy that says who can get addresses and under what terms has a breathtaking impact on the shape of future internet growth. Such a policy will have a significant impact on what enterprises survive and what enterprises fail. The economic and social ramifications of IP address policy vastly overshadow the effects of ICANN's domain name policies.
Any policy regarding IP address allocation, therefore, ought to be made only with the greatest degree of lucidity and with the greatest attention to its technical, economic, and social effects.
Unfortunately, once again, ICANN fiddled and danced - and made jokes - and avoided the difficult, but necessary, work of actually engaging with the issues of this extremely important matter.
The resolution adopting this policy asserts the following "facts":
"the Board has considered the public comments that were submitted to the forum"
[the Board] "determined that existing procedures adequately address the issues that were raised
[N]o objection was raised by the Security and Stability Advisory Committee or other ICANN advisory bodies
There were four comments made on this policy during its comment period. All of these comments cited substantial concrete concerns about fundamental aspects of the policy.
ICANN has never responded to any of these comments. There is no reason to believe that ICANN's Board or any board member is even aware of those comments.
I challenge ICANN to demonstrate that any board member ever read these comments, much less considered them when making his or her decision on the IPv4 address policy.
As for the board's assertion that "existing procedures adequately address the issues that were raised". Hogwash. There is no indication that the board or any of its members actually reached this conclusion except by being led to it by the nose by "staff". And the assertion is also factually incorrect. Not one of the concerns raised is covered by any existing procedures.
And finally - as for objections by the so-called "Security and Stability Advisory Committee": Because that committee operates in total secrecy how can anyone tell what that committee says or does?
Once more we have the members of ICANN's board acting as nothing more than mindless monkeys who respond with affirmative noises to whatever is put in front of them.
There is no indication that any ICANN Board member actually performed his or her duty to make an independent and informed judgment on what is, in truth the most critical, and in fact the only truly technical, matter ever to come before ICANN: IP address allocation policy.
ICANN has many flaws, but perhaps its greatest flaw is that the members of its Board of Directors again and again and again insult the internet community and violate their duties by refusing to take the time to try to comprehend and understand the issues put before them and refusing to make their own independent decisions.
ICANN's Board, both as a body and as individuals, has demonstrated once again that even when compared to the extremely lax standards of the past board's of Enron, Tyco, and MCI/Worldcom, ICANN's board and its members comes out gravely wanting.
ICANN's directors should be ashamed of themselves. Not even one director has indicated that he or she is treating his or her role with the kind of attention and respect that the community of internet users deserves and which the law requires.
Update: April 13, 2005:
Below is the entire body of material given to the board to rebut the public comments on this critical policy. No member of the board asked for any clarification or raised any other question or concern.
THE SUBSTANCE OF THE OBJECTIONS RAISED TWO ISSUES IN DIFFERENT FORMS. THE FIRST WAS THAT THERE WAS NO MECHANISM FOR RECOVERING ADDRESS ALLOCATIONS, AND IANA'S ANALYSIS OF THIS WAS THAT THE PROVISIONS FOR SUBSEQUENT ADDRESS BLOCK ALLOCATIONS ALREADY TAKE INTO ACCOUNT ALL ELEMENTS OF THE UTILIZATION OF THE ADDRESS SPACE. SO IF A GIVEN RIR IS NOT USING THEIR SPACE EFFECTIVELY, THAT WILL SHOW UP IN A SUBSEQUENT ALLOCATION REQUEST. THE SECOND FORM OF THE COMPLAINT IS THAT THERE WAS INSUFFICIENT OVERSIGHT OF THE RIRS. AND AGAIN, IANA HAS REVIEWED THIS AND SAID THAT THE IAB HAS DELEGATED RESPONSIBILITY FOR MANAGING THE IPV4 ADDRESS SPACE TO IANA; THEREFORE, IANA HAS THE RESPONSIBILITY TO WORK WITH THE RIRS TO RESOLVE ANY QUESTIONS THAT MAY ARISE FROM A PARTICULAR REQUEST. THE SUPPORTING ISSUE, WITH A MINOR REQUEST FOR CHANGE, HAS BEEN RESOLVED THROUGH ADDRESS ALLOCATION NOTIFICATION PRACTICES. SO IT'S NO LONGER AN OUTSTANDING REQUEST FOR A CHANGE.
I was amused to see the explict transfer of ultimate authority over IP address space policy out of ICANN's hands and into that of the IAB. The ICANN-IANA-IAB-NTIiA shell game about who is in charge has continued for far too long.
I see that ICANN's so-called security committee has decided to move forward with deployment of DNS Security (DNSSEC [beware - may take a long time to reach if you don't have IPv6 connectivity]) in the legacy set of root servers. That's probably a good idea.
However, I have concern that DNSSEC will then be uncritically adopted by the big (and frequently changing) zones - .com, .net, .de, .ewe... without answering the following question:
How long will it take to do a cold restart of a name server if it has to load a large (e.g. .com sized) signed zone?
It has long been public knowledge that a sucessful attack on TLD servers will have a larger impact than a sucessful attack on root servers.
In many emergency situations the most pressing need is for fast recovery of communications services.
So the question is this: How long would it take to recover a large DNSSEC signed zone (e.g. .com) should its servers be compromised and have to reloaded afresh?
If the time is large then the effects of a sucessful attack on a signed TLD would be exacerbated by the extended time to recover.
I am here in the town of Banff in the Canadian province of Alberta. The purpose of the gathering here (SIPit 16) is to do multi-implementer and multi-vendor interoperability testing of Voice over IP (VOIP) equipment that uses the IETF Session Initiation Protocol (SIP).
I can't say anything about the successes and failures of the event here - like the TCP/IP Bake-Offs of 15 years ago and other interoperability events since then, the goal is to improve technology and interoperability and not to embarrass anyone about errors. I can, however, say that my hope is to increase the scope and depth of the suite of SIP protocol tests that I am creating.
I'll probably post some observations about SIP itself and my experiences with it over this coming week.
A few years ago I suggested that we know more about how the college of cardinals selects a new pope than we know about how ICANN makes its decisions. (My suggestion was picked up and repeated by Representative Edward Markey of Massachusetts.)
It is sad when anyone passes. And the loss of a major world figure, particularly one with a strong sense of ethics and morality (even if we individually may differ on certain specific issues) is not a matter to be taken lightly.
Nevertheless, such things do happen. We now have an opportunity to put my claim to the test.
ICANN is meeting in Argentina this week. If anything ICANN has become even more opaque and closed than it was back in year 2000 when I first made the comparison between the selection of a new pope and ICANN's opaque and closed processes.
Perhaps ICANN can demonstrate that it can leap over the exceedingly low hurdle of being more open and transparent than the college of cardinals.
But the outlook is poor.
There is already reason to believe that ICANN won't be successful in that effort. Already it has been reported that a major amount of time was spent, or rather wasted, trying to seal a meeting that is supposed to be open to public inspection, if not to public participation.
The internet is not governed by a Pope and ICANN is not a College of Cardinals. We the community of internet users deserve better than the secrecy and unaccountability that ICANN has been feeding us ever since it was formed.
An agency of the US Department of Commerce, the NTIA, has decreed that domain name registration information ("whois") for the .us top level domain must be made available to all comers, for any reason, at any time.
The Privacy Act of 1974 defines the obligations and duties of Federal agencies that control databases containing personally identifiable information. That act may be found at 5 USC 552a (be careful about that trailing 'a' else you end up with a related, but entirely different chunk of law, the Freedom of Information Act.)
The act covers systems of records - which section (a)(5) the act defines as:
a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual
For purposes of the .us whois database perhaps the most important words in the above definition are "under the control".
Back in 1997 I raised the issue whether the National Science Foundation was under Privacy Act obligations with respect to the whois of that era. After much heming and hawing (and a failure to meet statutory deadlines) the NSF excused itself by claiming that the whois database of that pre-ICANN era was the property of Network Solutions and was not under the control of the National Science Foundation. (The NSF letter is an excellent example of bureaucratic gobbledygook and slight-of-hand - it tried to use Freedom of Information Act law - a completely distinct law - to claim that it had nothing to do with "whois".)
Well times have changed and now we have NTIA, the Federal agency that has stepped into NSF's role with respect to the internet.
And NTIA has exercised considerable control over the .us top level domain and over the policies under which it operates. Most importantly, NTIA has mandated not only that "whois" information be collected but has also dictated the information privacy rules under which the .us whois operates.
It seems to me that NTIA is exercising sufficient control over the .us top level domain and over the associated registration records ("whois") to trigger Privacy Act obligations on NTIA and Privacy Act rights in individuals who may or may not be named in that database. Even if we were to use the agency-excusing standards that NSF used in its letter to me in 1997, it is hard to see that that NTIA can escape being subject to the act.
It would be an interesting exercise to make a request (similar to the one I made in 1997 to NSF) to NTIA and see how the agency reacts. A current-day request would need to indicate the factual situation so that NTIA would not be able to easily wiggle away from the fact that it does, in fact, control the whois database affiliated with the .us top level domain.
By-the-way, there's a petition protesting NTIA's policy over the .us TLD.