First we get scrod in the pocketbook. Even though we get no say in either ICANN or in this contract, we, the community of internet users, are going to have to pay higher domain name fees. The new built-in rate of inflation will compound at 7% per year on top of an already absurdly high base.
Second we get scrod in the stockroom. The new contract gives Verisign the explicit green light to data mine the domain name queries that hit its servers.
You might be thinking - huh, data mining? What you probably do not realize is that every time you enter a URL into a web browser, send an e-mail, or make a VOIP phone call the entire domain name part of the address goes into DNS and very frequently makes it all the way to Verisign's servers. The contract lets Verisign capture those domain names and your source IP address so that Verisign can know that you have been visiting the website of www.hampsters_n_ductape.com every night after the kids have gone to bed.
(Not every query will go to Verisign's servers - many will be handled by local caches in resolvers near the users. But with enough samples, and on the internet samples can accumulate very quickly, Verisign will be able to use statistical methods to generate rather revealing profiles of trends in mass and, with more work, preferences of individuals.)
The contract gives Versign the right to develop a real-time data mining feed of a value that can not be easily overestimated. Verisign, for example, can develop marketing data about the effectiveness of URL's in TV advertisements during sports games while the game is still in progress. The data mining ability now granted to Verisign by ICANN will allow Verisign to recognize almost instantly "what's hot and what's not". Advertisers and marketers are willing to pay big bucks for this kind of information. It's not only a potential gold mine for Verisign but it's also a large step in the transformation of the internet into nothing but a giant advertisement and internet users into nothing but consumers.
But wait, there's more! The real-time data mining capability that ICANN is giving to Verisign can also be used by governmental reconnaissance agencies. The flow of domain name queries is a kind of "chatter" which one can blend with other data sources to construct interesting intelligence. And whether intelligence is considered valuable very much depends on whether you are the observer or the observed.
And third, we get scrod in the waiting room. The new agreement imposes a plethora of service level obligations on Verisign for the benefit of domain name registrars and intellectual property lawyers digging through the privacy-busting whois. But the agreement imposes no similar service obligations on Verisign to provide accurate and prompt performance of the primary job of the domain name system - domain name queries. In other words, the contract subordinates the thing that internet users need - prompt and accurate domain name resolution - and elevates secondary concerns. The message is clear - ICANN has obligated Verisign to provide first class service to registrars and intellectual property lawyers while sending the interests of internet users into steerage.
To paraphrase Grouch Marx from Cocoanuts: "You can have any kind of a contract you want. You can even get scrod. Oh, how you can get scrod."
I'm very briefly skimming the ICANN-Verisign settlement papers. I'm reading it quickly and it is late, so what follows may contain substantial errors.
It isn't yet clear to me who really got what. ICANN clearly got money (lots of money) and an increased bureaucracy. The IETF gets to put the kabash on things it (whatever "it" is) doesn't like. Versign get gagged but it also gets ICANN's promise not to pull the rug out from under it.
From my skimming my feeling is that this agreement is like duct tape around dynamite - it feels like it's merely a temporary bottle trying to hold back a tremendous centripetal energy.
One thing for sure - the community of internet users loses. We get to pay more money; our internet taxation without representation is increased.
And, as Appendix 10 and 7 makes clear, neither ICANN nor Verisign consider uptime to users of DNS to be very important - all of the service level requirements are measured in terms of availability to registrars and consumers of "whois" (mainly the intellectual property industry.) In other words, .com could wobble widely out of control with 30 minute times to respond to DNS queries - and that would not violate the service levels required by this agreement. But if the registration system should go south for a few moments, then the SLAs in Appendix 10 and the obligations of Appendix 7 come into play. The agreement is deficient in its failure to impose clear service levels on the actual delivery of name resolution services to internet users.
And the agreement is also deficient in that it fails to allow internet users third party beneficiary status so that they could come in and enforce the terms of this agreement.
I see that the even though Versign might relinquish the actual job of editing a root zone file to ICANN, no change is contemplated regarding the USG's veto power over changes.
I also see that ICANN purchased in this agreement Verisign's silence in a number of areas even, perhaps, the question of ICANN's continued existence in the WSIS/WGIG debates. I can't see how that provision of the agreement can withstand: it is very vague and Versign's business interests will never coincide with ICANN's desires for very long particularly if the evolution of the WSIS/WGIG process turns ICANN into a sinking ship that threatens to take Verisign down with it.
Article III - Section 3.1(f) gives Verisign the very clear right under the contract to do data mining. I'm not sure whether that right was as clearly called out under the old agreements.
Data mining? Remember that the full domain name that a user utters is found in queries to root and TLD servers. This means that those who operate those servers are in a very advantageous position to mine those queries to learn "what is hot and what is not". Sure, caching out in the net will short-cut a large number of the queries before they hit the servers, but dealing with that kind of thing is old hat to those practiced in the arts of statistics.
I'm glad to see that after all these years they have finally defined "stability". (It's amusing to me how similar their definition is to the one that I have been suggesting for half a dozen years - that stability be measured in terms of impacts on end-to-end packet flows across the net.) However, I am bothered that the definition ensconces the IETF into a role that is potentially inappropriate for a standards body, particularly given that the IETF's role over internet technology is shrinking.. I can easily see this latter part of the definition turning into a tourniquet that slow and perhaps even prevent the flow of innovation into the NTIA/ICANN/Verisign DNS.
My sense is that this committee to define security and stability will become the new venue for the ICANN-Versign dual.
By-the-way, they seem to have once again failed to define what they mean by the word "Internet". If the net actually fragments more than has been the case so far (NATs are a kind of fragmentation) the question of which "internet" among many will become a real issue. For example, what if country, let's call it C***a, decides to create its own DNS hierarchy - will this agreement prevent Verisign from entering that marketplace?
Section 3.2(a) - ICANN once again promises to operate in an open and transparent manner. ICANN's history in this regard is pretty pathetic, I doubt it will improve.
Section 3.2.(b) - I like the word "an" in the phrase "an authoritative root server system" - is it a Freudian slip or does ICANN now actually understand that there can be multiple systems of roots, all of which can be "authoritative" (a word that is not defined in the agreement.)
I see that ICANN is taking an even larger slice out of domain name registrations - this amounts to a tax levied on exactly those domain name users who are not permitted any role in ICANN's decisions.
This morning Bret Fausett wrote a note that concerned the question whether there is US Government involvement in the choice to deploy .xxx. Bret's points are well taken but I believe they reflect the surface and not the substance.
It may be true that the decisions are independent, but what about the actions that transform those decisions into actual changes in the root zone file? Is that sequence of actions performed independent of the USG?
To put it another way, the question is whether the USG is in a position to approve, reject, or modify ICANN's decisions?
We have seen evidence that the USG is completely willing and able to bypass ICANN: A couple of years ago the United States Government ignored ICANN when the USG had the root zone file modified to reflect the USG's redelegation of the .us ccTLD.
Thus we have smoke - is there fire? It seems that we need to dig deeper to find the answer.
In the list of principles I wrote about the other day I listed this principle: "The first step towards governance is a clear understanding of what it is that needs to be governed and what the goals of that governance are."
So lets ask, what is really the ultimate step of adding a TLD?
More properly we should ask: whose fingers are they that will enter the letters "xxx" into the file or database that constitutes the root zone file?
That report describes the then existing mechanism through which TLDs are added to the root zone file. It is a process in which the USG is directly involved. And the body that ultimately makes the changes to the file is Verisign. Here's is how the CRADA describes this process:
In the current implementation, root-zone change requests from top-level domain (TLD) operators are received by ICANN, which is responsible for reviewing the appropriateness of these requests as part of its performance of the IANA function. Once their appropriateness is verified, ICANN sends these requests to the United States Department of Commerce for approval; these approvals are then transmitted to VeriSign, which makes the changes as requested by ICANN and approved by the Commerce Department.
That's what it was in 2003. I am not aware that the change suggested in the CRADA (to shift Verisign's role to ICANN [or IANA]) has ever actually been implemented.
But even if the CRADA change were to be implemented, the only thing that shifts is the responsibility for making the final "edits" from Verisign to ICANN. Here is the important part: the loop in which the USG must approve (which implies the power to reject) TLD changes remains with the USG.
It appears to me, backed by the language of ICANN and the US Government, that the USG retains a significant authority the addition, removal, and alteration (and thus redelegation) of Top Level Domains. To my mind the only open question is whether the the USG is willing and able to act in this process independently of a change request from ICANN (and the .us situation suggests that the USG is willing and able.)
Way back in 1999 ICANN entered into several very important agreements that had the effect of gifting a huge economic benefit on Versign and an greatly altering the rights of then existing domain name registrants.
That action was done in a way that was in clear and overt violation of ICANN's own by-laws.
I submitted a "Request for Reconsideration" on November 17, 1999.
As has been the case since ICANN's inception these requests were cavalierly dismissed by ICANN.
So I filed a request that that rejection be handled by ICANN's then existing, but never implemented, policy for independent review.
That request disappeared into the bowels of ICANN; in fact I can't seem to find it on their mutable web site.
(ICANN's positions that demand "stability" of internet names are strongly belied by the rot of URL's into ICANN's website.)
My request, however, still stands. ICANN owes me an answer to the question why it violated its own procedures in order to race into an agreement that has had substantial negative effects on the community of internet users.
ICANN never implemented the Independent Review mechanism. This was because one of the people that ICANN chose to be on the committee to select review members never even bothered to show up electronically, much less in person.
ICANN's fancifully named "reform" replaced the never-born Independent Review mechanism with a placebo "ombudsman". However that person seems to have shirked his role and become simply another "yes" man.
So ICANN, when are you going to live up to your promises upon promises about your willingness and ability to be introspective of internal procedural failures and to remedy those failures? You've had six years to do what you said you would do.
ICANN's history of breaking promises to the internet community is reminiscent of the way the US government treated aboriginal (Indian) groups in the late 1800's. What, for example, ever happened to ICANN's oft repeated promise that at least half of its board of directors would be chosen by individual internet users?
Is there any wonder why today ICANN today has no credibility?
Suddenly internet governance has become a hot topic.
Words and phrases fly back and forth but minds rarely meet. We do not have discussion, we have chaos.
We are not moving forwards towards a resolution.
Its time to step back and review some basic principles.
1. Principle: The internet is here to serve the needs of people (and organizations of people); people are not here to serve the internet.
Corollary: If internet technology does not meet the needs of users and organizations than it is technology that should be the first to flex and change.
Of course there are times when human practices deserve to change, but that change ought to be driven by human needs rather than being coerced in order to preserve a mutable, but ossified, technology.
For example, consider the arguments over competing DNS roots. There are those who say that there must be one catholic root and name space. There those who advocate overlapping name spaces that are consistent within each top level domain but in which there may be greater or fewer top level domain choices provided by different roots. This argument is driven in part by concerns that flexibility in name spaces will cause failures of a technical nature. The argument is also driven in part by social concerns over the potential ability of people to communicate with one another should there be flexible (and thus to a larger or lesser degree different) name spaces. That latter, social, argument is where the debate should occur; we should all accept the premise that if we want flexibility that the technology of DNS should adapt (assuming that DNS is, in fact, fragile and susceptible to failure - which, if true, would raise questions about the adequacy of DNS technology given the fact that anybody, anywhere can, without permission from anyone, set up a DNS root and name space.)
Corollary: People are the atomic unit of governance.
People may form themselves into groups - such as for-profit corporations or churches - but those are merely derivative forms. We should allow people to speak for themselves in the forums in which decisions of internet governance are made and not require that they act through artificial proxies.
The term "stakeholder" ought to be abandoned because it forgets that at the bottom of things, all organizations and groupings are aggregations of individual people each with his/her own point of view. Such organizations ought to have authority to express an opinion in the forums of internet governance only to the degree that that organization can obtain voice by convincing individual people of the worth of that opinion. The term "stakeholder" is a mental straitjacket that presupposes and prejudges that some people (by virtue of the organizations with which they are associated) are more equal than other people who lack such associations.
2. Principle: Every person shall be free to use the Internet in any way that is privately beneficial without being publicly detrimental. The burden of demonstrating public detriment shall be on those who wish to prevent the private use. Such a demonstration shall require clear and convincing evidence of public detriment. The public detriment must be of such degree and extent as to justify the suppression of the private activity.
(I have frequently called this "The First Law of the Internet".)
Corollary: Innovation may come from users as well as from standards bodies.
The internet is not yet done; innovation should be accepted. Innovation ought to be not merely allowed but it should also be encouraged. There is always a downside risk from innovation, but the mere assertion that there might be, or even is, a risk is not enough by itself to deny the right of innovation to anyone.
3. Principle: The first step towards governance is a clear understanding of what it is that needs to be governed and what the goals of that governance are.
Today there are a lot of people who talk about "technical coordination" or "technical management" without understanding what those terms mean, if anything, when taken out of the clouds and reduced to concrete actions.
We should clearly understand, for example, that the role of establishing terms of registration contracts for domain names and setting domain name registry prices is economic regulation, not technical regulation. In fact the whole model of domain name registries and registrars is an economic and business choice, not a technical one. (See, for example, my note on an alternative structure - The .ewe Business Model - or - It's Just .Ewe and Me, .Kid(s))
It is as important to define the goals of governance as it is to define the subject to be governed. Without a clear goal an institution of governance may easily misconstrue its mission.
Corollary: It is appropriate to question an assertion about whether a matter is "technical coordination" or is really economic or political policymaking traveling in disguise or is an assertion made to avoid handing the reins of innovation over to a new generation.
Internet governance is a high stakes game. There is much to be gained and much to be lost. We are observing today a face-off between the United States and much of the rest of the world gathered in the WSIS/WGIG proceedings. It is obvious to all, but few will say it, that in this confrontation the issues of internet governance are stalking horses for concerns of national power, national prestige, national security, cultural protection, and economic dominance.
4. Principle: Form follows function.
Each institution of internet governance should be designed to fit tightly around one clearly articulated issue. Broadly defined institutions of governance are an invitation to "mission creep". Tightly defined institutions are more easily monitored and they will cause less damage should they wobble off course.
[For a deeper view see my 2004 presentation Governing the Internet, A Functional Approach. Also see my 2002 note A Plan To Reform ICANN: A Functional Approach. Similar suggestions have been put forth my several other observers.]
The question of governance and how the powers of governance should be shaped and limited have been considered by many brilliant minds. Might it be useful to re-open the books of the history of these 18th century thinkers and refresh our understanding of how institutions of governance ought to be shaped so that their internal tensions and procedures lead to stable and limited behavior?
Corollary: Sometimes a job of internet governance is already the responsibility of an existing entity or set of entities.
There is a tendency on the part of some to consider that anything associated with the internet is new and unique. In some few cases that may be true, but for the most part the internet simply adds a new shade to an existing portrait.
Take for example the so-called "Uniform Dispute Resolution Policy", the UDRP. This has become a de facto law of internet domain names. The UDRP is often the first, and too often the last, stop in a dispute over a domain name. Yet this UDRP was formulated and imposed by a body that has no authority to enact legislation for any one, much less all, nations. It is often forgotten that there do exist many bodies in which the authority for enacting such laws has been vested: the national legislatures of the individual nations. In many regards the imposition of the UDRP was an act in which the authority of existing nations was to a degree overthrown and replaced. The imposition of the UDRP was not so much an act of governance as it was an act of revolution.
ICANN is having a strategic planning meeting in Marina del Rey.
Mind if I yawn?
If its "Strategic Planning Issues Paper" is any guide ICANN will be wandering even further into the wilderness of irrelevance.
As I have said many times in the past, ICANN has virtually nothing to do with internet technology. ICANN's strategic plan seems hell bent on continuing that legacy.
Let's look at just one of ICANN's strategic "Major Factors" - ENUM.
ENUM is already obsolete; ENUM is going to fade away into the archives of good ideas that never quite made it big-time.
I have been working with Voice over IP (VOIP) for a couple of years now and there has been a resounding disinterest in the VOIP community about ENUM. (The Session Initiation Protocol, SIP, does specify the optional use SRV and NAPTR DNS records, but does not utilize them in the worldwide numeric hierarchy that most people associate with ENUM.)
ENUM is a mechanism to drag telephone numbers into an internet filled with textual URLs, URIs, and domain names.
People who use VOIP place calls using things that look and smell a lot like email addresses or instant message handles: email@example.com. Even when numbers are used they still are coupled to a domain name: firstname.lastname@example.org. (Some systems hide the domain name part, but it's there under the covers.)
ENUM is an attempt to make the internet, and its users, conform to the technology of 1880.
ENUM is an answer to a problem that has disappeared.
Yet ICANN is gearing up to become the uber-manager of ENUM.
What's even more sad is that the WSIS/WGIG effort seems to be chasing after the same false scent.
Now, personally I don't normally mind people and organizations wasting their time and money regulating buggy whips and other relics of the past. However, the internet is not the past and neo-governments such as ICANN have a way of oozing out from their cubicles of authority and getting in the way of real innovation - like VOIP that allows people to make calls using user-selected words rather than assigned numbers.
ICANN once had a vibrant public sector. But that period ended several years ago when meaningful public participation in ICANN was eliminated during a process that ICANN, in its best NewSpeak, called "reform."
Today ICANN's palace eunuch, the "interim" ALAC, sent forth it latest missive. It is a pathetic document devoid of content yet filled with phrases of submission and dependency.
ICANN's purpose is to serve the public, the community of internet users. Yet ICANN's ALAC, and much less ICANN itself, remembers ICANN's purpose and ICANN's promises.
ICANN's ALAC was crippled at at its conception. We of the community of internet users have patiently stood aside hoping that perhaps we would be proved wrong and that the ALAC might actually grow into something of value. During this time ICANN plied the ALAC with money and staff support. Attempts were made to froth-up up membership; but few signed on.
The ALAC was given a fair chance to succeed. But it has not done so.
It is time to write off ICANN's ALAC as the failure it is.
I see in several news items and blogs that some people are finding the WSIS/WGIG effort to be tainted because either businesses or ICANN's President are excluded from certain meetings.
I wonder where those people and blogs were when ICANN kept people out of many of its meetings? Why is the WSIS/WGIG considered so horrible when it is merely engaging in practices that are the norm in ICANN?
Indeed, ICANN still has several meetings that in which the doors are locked against outsiders. And much of ICANN's work is done, as it always has been done, behind closed doors by a secretive and closed "staff".
In fact ICANN has gone so far as to lock its own directors out from inspection of its own financial records. It took a successful lawsuit to overturn that unlawful practice of ICANN.
Those who are complaining about the UN cite its bureaucracy, secrecy, exclusion of participants, and behavior of a questionable nature.
On a dollar-per-dollar basis ICANN serves up more bureaucracy, secrecy, exclusion of participants than the WGIG/WSIS effort. And ICANN has engaged, in the opinion of the judge who handed down the decision, in clearly unlawful behavior.
I can't give much credit to those who are complaining about WSIS/WGIG and holding ICANN up as some sort of superior entity. Their credibility would be greatly improved if they were to demand improvements in ICANN, improvements such as:
- The majority or more of ICANN's Board of Directors must be elected by the public (using a relatively direct system such as was used in year 2000 to elect 5 directors.)
- All board meetings and all other meetings of ICANN decision-making bodies should be either open to the public or fully recorded and those recordings available to the public except when matters of employment or contract negotiation are being discussed.
- ICANN must properly represent itself by giving a clear and honest definition of ICANN's role of regulator of the domain name business, making it clear that ICANN does not oversee or manage domain name technology.
- A clear recognition that ICANN's role with respect to IP address has been effectively abandoned and left to the regional IP address registries (RIRs).
- A clear recognition that ICANN provides no oversight of DNS root server operations.
- A clear recognition that most of IANA is merely a secretarial function performed for the benefit of the IETF.
- The word "stakeholder" should be recognized for what it is: a preferential status endowed on those selected few who are given a voice in the ICANN system.
I just saw a pointer to an editorial in The Economist.
I am getting very tired of editorials by people who, to be blunt, have no clue.
The Economist editorial accepts the very tired, and very wrong, urban legend that "ICANN's work is .. technical".
In truth, ICANN does practically nothing of a technical nature.
ICANN never took up its role of oversight of IP addresses and has let that job fall to the regional IP address registries (RIRs.)
ICANN does nothing with the technology of the domain name system. ICANN neither defines nor applies any technical standards to the operation of DNS at any level.
That tiny bit of ICANN that is, in fact, of a technical nature is largely a secretarial job, called "the IANA function", performed on behalf of the IETF. Every other body that creates internet standards (such as the IEEE, ITU, and W3C) operates (and pays for) its own number-keeping secretariat. There is no reason why ICANN should be providing that same kind of service to the IETF and passing the costs onto the backs of domain name customers, particularly given ICANN's ejection of those customers from any role in ICANN's process of making decisions.
The preponderance of ICANN's work is decidedly non-technical. ICANN's dominant work is that of being a place in which domain name businesses and the intellectual property industry gather to establish domain name product specifications, set domain name prices, and to decide who may and who may not enter the domain name marketplace. In other words, ICANN is simply a guild of domain name businesses. A more modern phrase is that ICANN is a combination of business interests that act in concert to restrain, shape, and limit the trade of domain names.
The Economist editors ought to recognize a combination in restraint of trade when they see one. But for some reason they are blinded by the glamour of purported, but actually absent, technology.
In June of 2002 I testified before a sub-committee of the US Senate on matters concerning ICANN. In part of that testimony I addressed the question of what might happen should ICANN simply cease to exist. My conclusion was that "Were ICANN to vanish the Internet would continue to run. Few would notice the absence."
Here is the main body of what I said:
What Would Happen To The Internet If ICANN Were To Vanish?
Much of the debate over ICANN is colored by the fear of what might occur were there to be no ICANN.
ICANN does not have its hands on any of the technical knobs or levers that control the Internet. Those are firmly in the hands of ISPs, Network Solutions/Verisign, and those who operate the root DNS servers.
Were ICANN to vanish the Internet would continue to run. Few would notice the absence.
Were there no ICANN the DNS registration businesses would continue to accept money and register names. With the passage of time the already low standards of this business might erode further.
The UDRP (Uniform Dispute Resolution Policy) system runs largely by itself. The Federal ACPA (Anti Cybersquatting Consumer Protection Act) would remain in place.
ICANN has already established a glacial pace for the introduction of new top-level domains. ICANN's absence will not cause perceptible additional delay in the creation of new top-level domains.
ICANN has already abrogated the making of IP address allocation policy to the regional IP address registries; those registries will continue to do what they have always done with or without ICANN.
ICANN has no agreements with the root server operators; the root servers will continue to be operated as an ad hoc confederation, as has been the case for many years.
The only function that would be immediately affected would be the IANA function. IANA is an important clerical job, particularly with regard to the country-code top-level domains (ccTLDs.) IANA is not a big job, nor does it have real-time impact on the Internet. (In fact there is a credible body of evidence to suggest that ICANN delays certain clerical tasks on behalf of ccTLDs for months on end in an effort to coerce ccTLDs to sign contracts with ICANN.)
There are those who will try to divert outside reforms of ICANN by asserting that touching ICANN will cause the Internet to collapse or otherwise be damaged. The truth is quite the reverse - ICANN's ties to the technical and operational stability of the Internet are tenuous at best. A full inquiry into ICANN, a full reform of ICANN, or a complete rebid of the agreements under which ICANN operates would not damage the Internet.
There's a lot of talk about competing root systems these days. So I thought I'd point out a note I wrote on the topic back in 1999.
Most of those who are commenting on the matter are mixing two separate issues: That of multiple roots and that of singularity of content of the various top level domains (TLDs.)
It is quite possible to have multiple root systems that are entirely consistant with one another. The key to this is that the TLDs have the same content no matter which root system is used to find them: .com, .net, .ewe, etc would all have the same content.
Here's that reference to my 1999 note: Multiple Roots are "a good thing"
Update: I have tried to further clarify these matters in a note to the Politech list: http://www.politechbot.com/2005/10/06/karl-auerbach-replies/