Now, back then I merely wanted the ability to write contracts using a structured language things like if-then-else clauses and subroutines with parameters - a kind of glorified templating language.

The SEC apparently has gone further and is considering expressing the dynamics of financial matters using the Python language in regulations.

That reminds me of something I came across a very long time ago:  Early Unix had a blackjack program.  It could be beaten 100% of the time by the simple technique of betting negative dollars and playing to lose.

Which is to say that unless the SEC is willing to engage in the very dark and arcane voodoo of program correctness, and even if it does, the SEC is going to find its regulations being hacked much as we hacked the blackjack game.

The context is the FCC's "National Broadband Plan".  I guess the FCC wants to gather data about the kind of internet users receive today so that the National Broadband Plan, whatever it may turn out to be, actually improves on the status quo.

The motivation is nice but the FCC's methodology is technically weak.

There are several goals to which the National Broadband Plan ought to aspire:

• That consumers have a subjective sense that their use of the internet is fast and without unacceptable delays.  I picked a subjective standard here for reasons to be discussed later in this note.
• That reliability of consumer access is high and that the time for providers to detect, diagnose, and repair problems is low (and not expensive to providers.)  It seems that these matters of reliability are routinely ignored, yet they are of paramount concern, particularly as the internet becomes more and more a part our health and safety systems; it will be a sorry day if someone picks up their internet based VoIP phone to call 911 and the link (or some necessary ancillary service, such as DNS) is down for an extended repair.
• That consumers' have a real foundation to believe that their use of the net is private and not being used either to generate marketing data about them.

This note will address only the first of these goals.

The first thing that is wrong is that the FCC's tools are not well focused with regard to exactly what parts of the internet they are measuring.  And second, the measurements that are taken are too vague to be of more than anecdotal value.

I've drawn up a simple diagram to illustrate.

This is a simplified diagram, it is intended to focus on that part of the net of concern to the National Broadband Plan.  In particular it looks at the part of the net that represents the "internet" product sold by today's Internet Service Providers (ISPs).  The arrows in this drawing are interfaces where these clouds join, they are not communications lines.

This diagram shows things as connected clouds because that more accurately represents the things that make up the way that user's connect to the internet.  The basic parts of the diagram are these:

• User Network: Many users today, and probably nearly all users in the future, will have networks, often wireless, within their homes.  The quality and traffic of those networks will have a substantial effect on consumer's perceptions of net quality (and ISPs will bear increasing non-reimbursed costs when their customers have troubles in his part of the net.)  However, except with regard to the maintenance issue, the user's home network cloud ought to be considered neither as part of either the National Broadband Plan or of the FCC's Consumer Broadband Test.
• User Access Link and User's ISP Cloud: I have shown the provider ISP's path as two parts.  First is the part that runs from the router of "modem" at the consumers home or office to the provider's first IP router.  The second part is the provider's internal "backhaul", i.e. the IP network inside the provider.  It is important to consider these two parts separately.
  • User Access Link: This is the part of that today's ISPs advertise to consumers; this is the part about which the claims of umpteen megabits/second download are made.  In general the User Access Link is the IP "hop" between the user's home modem or router and the first IP router within the ISP.  Often this "link" is composed of several communications technologies.  For example what appears to the consumer to be an Asymmetrical DSL link (ADSL) might be composed in full or in part of ATM or other non-IP switching technologies that exhibit many of the congestive and impairment behaviors found in IP networks.  There may be MPLS paths that simply do not show up in "traceroute".  Moreover, the User Access Link may have an IP Maximum Transmission Unit size that is less than the 1500 bytes that is presumed by a considerable amount of end-user network applications and protocol stacks; that difference can have a substantial negative impact on some forms of network traffic (video) and almost none on others (VoIP).  The User Access Link should not be considered as a private path that is not shared with other users' traffic.
  • User's ISP Cloud: This is that portion of the ISP that carries traffic to and from customers User Access Links.  Some resources that are critical to user perception of network speed may be located here, most particularly domain name system (DNS) resolvers, web caches, email servers, and the like.  For small ISPs the "ISP Cloud" might be as simple as a small Ethernet at the provider's facility; for larger ISPs the "ISP Cloud" might be an national or international network of substantial size and power.
• Internet: This is the vast landscape of the internet except for those content providers with which the ISP entered into special traffic exchange arrangements.
• Private Peering to large content providers: This is often where the largest of the large network traffic sources and sinks are to be found.  This is the land of Google/YouTube and of content distribution networks.  Content to/from users might be able to flow via the internet to those places but in order to provide faster access and to give the large content providers better control over the quality of their products both ISPs and large providers often prefer to create these kinds of special peering relationships.  This is a game for big players; small ISPs and smaller content providers are often not able to play at these tables.
  
  (Please note that I am using the word "peering" in a way that may be different from its use in settlement-free peering between ISPs.)

The portions of interest to the FCC's National Broadband Plan are the part between "A" and "B" and between "A" and "C".  These are shown inside the yellow box.

So what does all of this have to do with the National Broadband Plan in general and the FCC's Consumer Broadband test in particular?

First of all, we must recognize that a user's perception of network quality and speed is a complex function that involves the entire path between the user and the remote service.

Many protocol stacks and applications can degrade badly even if one seemingly small aspect changes.  For example, the speed with which domain name system (DNS) queries are answered is often a major, or even the dominant, component of how quickly web pages are fetched and rendered.  Indeed with the increasing number of "analytics" web bugs and links to "share" content the number of DNS queries involved in a page fetch can be quite surprising.  And DNS responsivity is a matter that involves more than mere bandwidth.

Other applications degrade for other reasons.  VoIP is often made incomprehensible by even small amounts of packet reordering, something that can occur quite often as a result of certain wireless technologies, load-balanced pathways, or routing behavior.  And applications that use large packets, applications such as high quality video, can be badly affected by fragmentation of packets due to link MTU values of less than about 1500 bytes.

There are many characteristics that play a part.  Among these are Quality of Service (QoS) handling, queuing disciplines and drop policies in routers, and congestion handling in protocol stacks.  Moreover there are an increasing number of protocol "accelerators" that try to obtain better user performance by abandoning the protocol etiquette algorithms that are built into well implemented TCP stacks.  Those accelerators may create local benefits to their users, as long as the number of such users is small, but they damage the experience of other users.

The National Broadband Plan tends to be involved only with the "User Access Link" part of my drawing.  Yet the FCC's tests tend to lump all the parts of the drawing into one number thus masking the contribution of each part.

A national broadband build-out that does not deal with the entire system will be a waste of time and money.  A user whose ISP has a magnificent broadband User Access Link but inadequate backhaul and connectivity to the internet at large is a user who is going to be dissatisfied.

Thus for the FCC's tests to be meaningful they need to do two things:

• They need to isolate and separately report the attributes of the User Network, the User Access Link, the User's ISP Cloud, and the degree of private peering to large content providers.
• The attributes that are measured need to be much deeper than "bandwidth" and "latency" and "jitter".  I would recommend that the FCC look at the way that tools like PathChar and Pchar construct a detailed hop-by-hop analysis of network paths.  Those tools require many thousands of packets over many tens of minutes for each hop in a path.  In my own work I began (but never completed) a project to design a protocol to enable the fast and inexpensive measure of paths characteristics for proposed packet flows.  That work is visible on the net at http://www.cavebear.com/archive/fpcp/fpcp-sept-19-2000.html.

Now we all know that UPS and FedEx have different grades of service - Overnight, Two Day, Three Day, etc.  And faster deliver costs more.

Several years ago UPS and FedEx would frequently deliver a Two Day package the next day, i.e. they would effectively elevate the class of service.  A lot of us took advantage of that by sending almost everything using the lesser grade (and price) and often winning a higher grade (and price) delivery.

I am sure that that that did not please the bean counters at the shipping companies.

Today, with better tracking systems UPS and FedEx almost never deliver a package in advance of the delivery time for the paid class of service.  They will hold packages in their warehouses in order to make this so.  Today, if you want a given class of service you can get it only by paying for it; the old gambling trick no longer works.  I am sure that this has increased UPS' and FedEx' revenue.

The thing to note here is that UPS and FedEx can carry packages Overnight, but that they impose a delay, often an artificial delay, on packages that aren't paying the premium Overnight tariff.

So what has this got to do with Network Neutrality?

Consider an ISP that adopts the UPS/FedEx model.  In particular let's say that this ISP decides to impose a delay of 100 milliseconds on all standard class packets and does so in a way that is completly neutral as to source, destination, or protocol.  On a 10gigabit link that means holding about 125megabytes of traffic, in each direction, in a delay queue - that's a number readily within the range of today's technology.

Then that ISP could offer premium, i.e. more expensive, grades of service that bypass some or all of that 100 millisecond delay.

I have never heard anyone claim that either UPS or FedEx is not acting with neutrality.  It would seem that an ISP that acts as I have described would also be able to claim that it is just as neutral as UPS and FedEx.

I did not pick 100 milliseconds out of the air - rather I picked it because it can have a pernicious effect on VoIP. The ITU publishes 150ms as the time limit beyond which the users of a VoIP call to go into "walkie-talkie" mode.  100ms, one way, does not reach that amount, but it is close enough that other network delays could easily push the connection over the edge; and round trip time will certainly exceed the threshold.  In other words, a completely neutral application of 100ms to all packets, VoIP or not, will force VoIP users to upgrade to a premium service.

Other network activities would be impaired.  Domain name transactions would slow down causing user perceptions of sloggish service.

Bulk data transfers, such as web downloads of images, would only be marginally effected once TCP adapts to the round trip time.  But ISP's could "fix" that by adding some packet loss and some delay jitter to their "standard" quality.

The point of this exercise is to suggest that ISPs have a well stocked bag of tricks to induce users to pay more for what we used to get for free from "best effort" services on the internet.

• Her FIN has been ACKed.
• He's now a higher level abstraction.
• She has moved up the protocol stack.
• He is now a perfect packet traversing a loop free path of celestial ASN's.
• She has gone to the ultimate peering point.
• Her TTL went to zero.

The Anti-Counterfeiting Trade Agreement (ACTA) that is being "secretly" negotiated by the US and other nations would require signatory nations to impose a regime similar to the US DMCA, including Digital "Rights" Management (DRM) anti-cirumvention.

Under the United States Constitution (Article I, Section 8, Clause 8) the United States can only create copyright rights if those rights are constrained to exist only for "limited times".

DRM lasts forever.

DRM will make it difficult, often impossible, to make use of materials once the copyright term expires and the material enters the public domain.

DRM creates a perpetual right to prevent copying - a perpetual copyright.

And DRM will make it difficult, often impossible, for historians and archivists of the future to examine materials even long past the expiration of any copyright.

It thus of great importance that the ACTA adopt what I call "The Rule Against Digital Perpetuities":

No Digital Rights Management (DRM) limitation or anti-copying mechanism may endure longer than the copyright in the protected work.

See my prior notes on this subject:

• The Rule Against Digital Perpetuities
• The Rule Against Digital Perpetuities - A Reprise

Questioning Authority – Searching For Stability In Internet Governance

Pre-talk – Who I am (one slide)

Hello, I am Karl Auerbach.

I've been around the internet for a very long time.

If there is anything about the net that is constant it is that the net is always changing.

Introduction

A few months ago we discovered a hidden plumbing problem in my house. We hired a building inspector to take a look at the damage.

He told us that the supporting structure was badly damaged, that it was at risk of collapse, and that we'd have to replace some large supporting timbers.

Today much of our discussion has been about the more refined aspects of trademarks and domain names.

In this talk I'm going to take you in a different direction, down into the basement to take a look at the quality of the timbers that hold up trademarks, domain names, and internet governance.

Governance, Authority, and Technical Reality

Let's begin with the conflict between governance, authority, and technical reality.

The fabled anarchy of the internet is rapidly becoming a thing of the past.

Bodies and rules internet governance are quickly becoming a framework around which we structure our internet businesses and our internet lives.

If that framework lacks a firm foundation it could warp, be manipulated, or collapse.

Such a collapse would, in turn, have a ripple effect on all of the relationships and rights that we have constructed on that framework.

The effects of a crack in the foundation of internet governance could be significant, far flung, and painful.

---

When it comes to governance of the internet there are two foundation-stones: authority and technical reality.

Without authority, internet governance loses its power to command. Without authority a body of internet governance becomes nothing more than a small stone that barely disturbs the river flowing around it.

And without technical reality a body of internet governance will find itself superseded and become irrelevant.

We as a community of lawyers and technologists have been surprisingly willing to assume that authority exists or that technology will not someday be used in ways different than is the current norm.

The point of this talk is that we need to step back and examine our assumptions.

It is my contention that we will find the foundations of internet governance are lacking, weak, and in conflict with technical reality.

I believe that is time to put out the cautionary yellow flag in the race for internet governance.

We need to take a time-out to establish a firm foundation of legitimacy, authority, and technical relevance.

ICANN

Our focus here is Domain Names and Online Trademarks – which puts us squarely in the bailiwick of ICANN.

A considerable portion of the rights that people believe they have in domain names and in trademarks associated with domain names derives from ICANN's provisions embedded in ICANN contracts.

Without ICANN many of our perceived rights in domain names and trademarks could vanish.

---

ICANN's foundation reminds me of a friend who lives in New Hampshire in a house built in 1763.

In the process of exploring a drainage problem he discovered that the house had been built on nothing more substantial than a few stones that had been piled up to support the wooden sills upon which the house was framed.

It cost a small fortune to jack the house up, insert a real foundation, and then cure the warping that had accumulated over the years.

I'm afraid that ICANN has put us into a similar position.

ICANN hits the double jackpot.

ICANN lacks a source of authority. And ICANN is based on a technical fantasy.

Unless these are cured we may have to jack-up our existing rules of domain names and trademarks, build a new foundation, and deal with the accumulated warpage.

To make matters worse the method of control used by ICANN will amplify the extent of the damage should ICANN begin to wobble.

ICANN sits at the vertex of a pyramid of contracts.

That guarantees that uncertainties about ICANN will quickly propagate.

ICANN's lack of authority means that it may be vulnerable on the grounds that it is an unlawful combination or conspiracy in restraint of trade.

We are here in Cleveland, home to J.D. Rockefeller and the Standard Oil Company.

J.D.R justified his monopolistic practices on the grounds they eliminated the harmful effects of competition. That certainly sounds like the arguments that INTA has advanced its arguments against new top level domains.

ICANN may eventually have to face the same questions that were faced in the 19^th century by the Standard Oil Company.

And ICANN might have to answer those questions not only in the US but also in non-US jurisdictions such as the European Union.

--

ICANN's lack of technical reality means that ICANN will find itself high-and-dry should someone chose to establish a new DNS root.

--

These cracks in the stability and clarity of ICANN's role in internet governance will become wider and deeper as ICANN attempts to splatter itself into multiple legal entities in multiple countries using specialized national legal structures.

---

So let's examine the foundations that underlie our existing ICANN based regime of trademarks and domain names.

Where Is ICANN's Source of Authority?

Where is ICANN's source of authority?

Many believe that ICANN's source of authority is like the Seven Cities of Cibola – illusory.

Does ICANN's glamor of authority exist only because internet users have, for the moment, chosen to avoid asking the hard question?

ICANN began and remains merely a California corporation. ICANN has no special legal status.

The authority that ICANN wields must come from some external source.

Did ICANN's authority come from the US Government?

ICANN's governmental companion, the National Telecommunications and Information Administration, has never been able to articulate a clear statement of its own authority to act as a regulator of domain names nor that if it had such power that it has the power to delegate it to a private corporation.

No less an authority than the US Congress' GAO has looked at ICANN – twice - and has come away without being able to find that either the Department of Commerce or NTIA has adequate authority.

Not long ago, in September of this year, ICANN and NTIA signed an “Affirmation” that purports to reduce the degree to which ICANN can be viewed as an instrumentality of the United States government.

That agreement was notable for the absence of any statement that could be construed as a delegation of authority to ICANN.

Alternatively was ICANN's authority somehow derived from Jon Postel or the function that Jon filled, that of the Internet Assigned Numbers Authority (IANA)?

If so, how did that task, a task performed via the University of Southern California, leap to ICANN

Assuming that Jon or IANA had the powers that ICANN now wields, an assumption that is not particularly solidly grounded, there is neither a trail of documents nor an oral history to support an argument that a transfer did occur.

Where else might we look for the source of ICANN's authority?

NTIA did issue a zero dollar purchase order under which ICANN performs an undefined “IANA function”.

It is hard to reconcile a government purchase order, the same process that the government uses to purchase janitorial services, as amounting to a delegation by the US government of discretionary authority over a large part of the internet.

Did that purchase order delegate to ICANN a right to charge internet users what cumulates to a large amount of money for the privilege of using certain parts of the net?

Did that PO give ICANN the power to assign very lucrative parts of the net to third party operators for time periods that are effectively perpetual?

---

If ICANN's authority did somehow come from the US Government, then what happens to that delegation as ICANN and the US Government try to distance themselves from one another?

---

These are not situations that create a sense of stability. Rather it suggests that ICANN has been nailed together too quickly.

We've all seen Road Runner cartoons.

Is ICANN in a situation like that of Wylie Coyote when he has run off a cliff and is standing in mid air? We all know what comes next - he looks down, realizes his predicament, and then crashes to ground.

ICANN Versus Technical Reality

It was once believed that the seas were too vast to be controlled.

And it has been said that the internet must have exactly one domain name system.

The idea that the seas were too vast was demolished in the latter 1800's by Captain Alfred Mahan of the United States Navy.

Is ICANN about to crash on the reef of technical reality?

---

ICANN's control over DNS depends upon the belief that the internet must have exactly one domain name system and that whoever controls the top level text file called “the root zone” controls that DNS.

That belief is technically inaccurate.

There already exist competing domain name systems.

Most of them are run very poorly and have given a bad name to the concept.

But good operators, needing only an investment of a few hundred thousand dollars, easily and without needing any permission can establish competing roots.

And despite the common wisdom, and the self-preserving statements of ICANN, the existence of competing roots no more destabilizes the internet or causes user confusion than the existence of competing mobile telephone companies.

There are significant impulses that are inducing the creation of competing roots.

First is the profit motive – there are considerable opportunities to derive positive cash flow from a well run competing root.

Second is that it provides a market-driven answer to the Gordian knot of new top level domains.

Third is that ICANN is perceived, even after the recent “Affirmation” as an instrument of United States hegemony over the net, thus suggesting to other nations the possibility of establishing their own roots as a kind of internet declaration of independence.

Should competing roots arise, ICANN will lose its ability to dictate the terms of the domain name marketplace, including the UDRP, Whois, and new TLDs.

Conclusion

In conclusion there are several reasons to be concerned that the foundation underpinning ICANN and today's domain name word is brittle and could suffer catastrophic collapse through a successful lawsuit or the establishment of competing DNS roots.

This does not mean that we should panic.

The absence of clear authority can be remedied through national legislation and international treaty.

Competing DNS roots can be viewed not as a threat but as an opportunity to allow market-driven deployment of new top level domains.

In the longer term today's domain name wars may become nothing more than sound and fury signifying nothing.

All of this may become moot because technical innovation, particularly with the rise of better search and directory systems, is eroding domain names as indicators of sources of goods and services.

In other words, the idea that domain names are trademarks may be an idea that has as much place in the future internet as a dial-up modem.

--

I'll be happy to take questions.

Thank you.

So I'll start off with something indisputable - the latest version of the Thunderbird email tool (version 3.0b2) is really awful.

This new version of Thunderbird locks up, seems to spend an inordinate amount of time loading and reloading mailboxes, becomes non-responsive to clicks, can't delete mail, and sometimes even refuses to close.

This new Thunderbird is a big step backwords.

It makes me pine for my favorite email tool, pine/alpine.

Update, Aug 23, 2009:Thunderbird 3.0b3 is just about as bad.  It continues burn enormous amounts of CPU time, it continues to become non responsive to user input, and it posts far too many gratuitous messages that it is to busy doing something else.  The authors should be ashamed at how badly they have bungled a once useful tool.

The panel on "The Future of ICANN and Control of the Web" looks rather intriguing and, given the panelists, might cause a few sparks to fly.

People who diagnose and repair networks have long experienced the truth of that title - no matter where you happen to be, the test data you need to know can only be acquired by being somewhere else.

In my own experience at Wells Fargo in the 1980's I more than once had to run back and forth through the streets of the San Francisco financial district, often at 3am, to check circuits and devices on a malfunctioning network path.

Telco people long ago learned to incorporate "remote loopback" and remote testing capabilities into their devices.  Internet people have not been as smart.

Today's state of the art of network troubleshooting is a individual practitioner, a person who has deep knowledge and experience with the net from the bottom to the top, who carries his/her own ad hoc toolkit of favored hardware widgets and software packages, and who is tired of being called at 3am to fix some routine network outage.

Today's net is filled with sorry excuses for equipment that can't recover from routine outages.  How many home ADSL modems lock up every few days or whever the telco drops the phone circuit for a few moments?  The usual repair is the old-fashioned, brute force, but quite effective power cycling of the unit.  Why are not these devices designed so that they recycle themselves when they fail to perceive a flow of IP packets for an extended period of time?  A little self-introspection and self-recovery could go a long way.

I've long been on the quest to build the Internet Buttset.  My 1993 product Dr. Watson, The Network Detective's Assistant (DTWNDA) was a first step.  (The sad story of why that product disappeared is something for another day.)

It strikes me that one thing that could be incorporated into internet devices, particularly devices used for testing and diagnostics, is something that I call "Serendipitous Data Collection".

The basic idea is quite simple - When a device needs a chunk of data, that device publishes a request in a well known directory.  Other devices periodically look at the published requests.  If one of those other devices happens to be in, or later happens to travel to, a part of the net where the requested data can be obtained that other device collects the data and holds it.  That other device, if it comes near the directory, deposits that data into the directory.  The original device may (or may not) subsequently notice the published data, pick it up, and use it.

The words "directory" tend to imply something more glorified than is really necessary.  Consider handheld network testing devices that live in a charging/docking unit when not in use and that, when in use, are carried by network operations staff to various parts of an Enterprise network.  The charging/docking station then becomes the interface to a simple repository of requests and answers.

It is a simple bulletin-board model.  Security is not strong - which is why I tend to think of this in the context of network testing and diagnostic devices.

Network diagnostic and repair tools must often be exempt from the constraints of network security.  This means that many of these tools would have to designed only to engage in intrusive or risky operations only when used by by people who are both trustworthy and skilled.

A surgeon's scalpel must be very sharp.  A surgeon's scalpel can cause a lot of harm if misused.  Network troubleshooting and repair require invasive tools that are able to cut into the network to reveal the inner workings.  These tools could cause a lot of harm if misused.  None of us would want a surgeon to operate with a dull scalpel; we accept that the value outweighs the risks.  Similarly, we should not want the internet to be denied good repair tools just because those tools, if misued, could cause harm.

I saw in the newspaper that Bea Yormark has died.  Too soon.

I first met Bea back in 1981 at Interactive Systems in Santa Monica.  I remember her Mercedes - dark blue paint and light blue smoke.  And I remember one evening at softball when she was pitching; I hit a hard line drive that barely missed her - it brushed her ear ring.

I remained in contact with Bea after she moved to Washington DC with my Gaithersburg based co-worker at Interactive, Justin Walker, Curmudgeon at Large.

Not long afterwords I had my own romantic adventure; I became involved with a woman who lived in DC.  It was a very complicated and very stressful time.  But it was a time made much easier with the caring friendship offered by Bea and Justin.

I later moved to San Francisco  A while later Bea and Justin also came west to Palo Alto.  Even though we were only an hour drive apart, we did not remain in contact.

I've always intended to resume the contact.  But always I was too busy.

But now she is gone.  It is too late.

We've lost a good person.

When Comcast sends a TCP Reset packet the TCP connection instantly dies.  TCP Resets are internet ricin.

The BitTorrent application uses several TCP connections, so it is somewhat robust against Comcast's TCP-murderous rampages.  But most other applications are not - a TCP Reset stops those applications dead in their tracks.

The sending of forged TCP Reset packets has as much to do with "network management" as shooting a bullet into the head of a hyper-active child has to do with "day care".

Is Comcast simply being too cheap to install in-band equipment that would do the the right thing, the thing consistent with the internet architecture: dropping packets while congestion is occurring and thus allowing the TCP connection to remain alive, albeit with reduced data flow?  One such right way is called Random Early Detection - RED.

Comcast's behavior suggests that has installed much less expensive out-of-band equipment that can only shoot deadly TCP Reset packets.  In other words it may well be that cause of Comcast's problems is that Comcast is too cheap to "do it right".

There is a branch of fiction known as "Alternative History". These are stories of what might have been.  What might have been had the British intervened on the side of the South in 1863? What might have happened had Khrushchev not backed down in Cuba in 1963? What might have happened had the Supreme Court not stepped into (onto?) the Florida presidential vote count in 2000?

In that vein I am about to engage in a bit of alternative history.

I am going to speculate about how the last ten years of internet history might have been had the US government, rather than deciding to renew the Network Solutions contract, had, instead, opted to drop its marionette strings and allow the forces of competition, innovation, and consumer choice to operate as we expect them to operate in an open, unregulated, competitive economy.  In other words, what if the US government had not created ICANN?

Being an untrained and clumsy writer, I'm going to be blunt about foreshadowing the tale: Without an ICANN we would today have greater innovation in the internet name space.  Domain name prices would be lower, consumer choice would be greater, and the internet would have greater resilience to failures than it has today.

The road we did not take would have been the better choice.

Is the dead hand of the past so strong that we are forced to live forever with that mistaken choice and never seek correction?

Shakespeare wrote, "[w]hereof what's past is prologue, what to come in yours and my discharge." Is the future really in our hands? Can we treat the choices of 1997 as mere prologue to a story not yet written?

Before starting, let us detour a bit and review the events that led to the ICANN of today.

There were two intertwined stories:

First was the story of the Cooperative Agreement with Network Solutions (a company that was subsequently acquired by Verisign and then, shrunk to a mere registrar, and sold off, with Verisign retaining the registry role.)

Second was the story of Jon Postel's test of the internet's domain name system.

Let's look at these stories:

The Story Of The Cooperative Agreement

The increasingly lucrative cooperative agreement under which Network Solutions (Verisign) was managing .com, .net, .org, and .edu was scheduled to expire in 1998.  Under that agreement Network Solutions was obligated to deliver back to NTIA the tools and data necessary to transfer operations to another contractor or to the public.

In 1997 the US government agencies became concerned - some might say they began to panic.  They felt compelled to chose between three ill alternatives:

• Extending the Network Solutions contract.
• Replacing Network Solutions as a contractor much as the US National Park Service occasionally replaces the concessionaires it uses to run the government owned hotels at the Grand Canyon, Yellowstone, and Yosemite national parks.
• Relinquishing the government's role over the internet's domain name, IP address, and protocol parameters assignment systems.

The government felt that the second of these three choices - replacement of Network Solutions with another contractor - would require a formal procurement process that could take several years. Consequently this option was never seriously considered.  One could wonder why the government did not consider combining the first and second options - one term of extension in order to give time to engage in a formal procurement.  Whatever the answer, the fact is that replacement of Network Solutions was never seriously pursued.

This left two options - extend or relinquish.

The government people chose what they believed was the lesser of two evils - they chose to extend the Network Solutions contract. This choice was not unreasonable - the people who made the choice are well-intentioned, smart, and informed; but the option to relinquish would have required that they convince many less informed people in the executive and legislative branches of the US government that the nascent internet would be better left to private enterprise and choice.  It seems that even those who hew to a "small government is a better government" point of view have a hard time letting go of government control over the internet.  And few civil servants would risk being branded as "the man who lost the internet".

So, rather than ending the Cooperative Agreement, a product of a much different internet era, NTIA decided to give it a face-lift. In fact, the agreement has had its face lifted nearly a dozen times.  The resulting miracle of bureaucratic plastic surgery remains in force to this day, a lifespan increase of over 300% so far and with no clear sign that it will ever end.  This extension represents a government backed gift to Network Solutions, and its successor, Verisign, that by some estimates amounts to an income stream of nearly half a billion dollars every year.

The Story of John Postel's Test

In early 1998 Jon Postel decided to do a very good thing.   Postel wanted to validate that the DNS was as robust as it was purported to be.  Postel decided to run a limited test in the IP address from which root servers obtain their "zone files" would be altered.  This was not a particularly radical test and, should things have gone awry, backing out would be both fast and easy.  Also remember, this was in years before internet had obtained massive public visibility.  What Postel did was quite in keeping with the pragmatic approach from which the internet grew - an approach in which one tests, learns, and improves.  Nonetheless, the government went ballistic.  Postel was threatened with severe legal, even criminal, sanctions.  Postel, an employee of USC-ISI asked his employer for help; USC-ISI refused.  Postel felt what anyone would feel - alone and afraid.

So Jon Postel, a California resident, asked for help.  An attorney from Washington DC showed up on his doorstep; an attorney who does not seem to be able to demonstrate having a license to practice law in California.  But despite that apparent lack, Postel accepted this attorney.

This attorney was from the Washington DC office of the Cleveland Ohio firm of Jones Day.

The Stories Intertwine

In 1997 NTIA began to emit strong pheromones that it wanted the law firm of Jones Day to create a nominally private corporation to assume the powers that NTIA was exercising, albeit without any apparent source of legal authority for the exercise of those powers.  In other words, NTIA, an agency of the Executive Branch, wanted to induce the creation of a private body to do things that NTIA wanted done but for which NTIA did not have the legal authority to do itself.  (The reader would not be alone if this suggests that NTIA uses ICANN in much the same way that the US State Department uses Blackwater.)

Jones Day responded (much to the benefit of its balance sheet: Jones Day's response has turned into a revenue stream that floods ever larger with every passing year.  As ICANN's largest creditor, Jones Day yearly reaps millions of dollars in legal fees from the corporation that Jones Day created to serve NTIA.)

Postel's attorney from Jones Day started circulating drafts of a plan to form a body to be called ICANN.  Each successive draft seemed to be the result of yet another hidden agreement with yet another round of unknown parties.  Midway through this sequence, Jon Postel died.  But his attorney survived.  And further iterations appeared (as presumably more secret back room promises were made.)

NTIA, in an effort to appear open to other plans did allow other plans to be submitted; but it was pretty clear from various inchoate emanations that none of these had any hope and would have no weight except, perhaps, to slightly nudge the Jones Day plan. One of the most influential of these other plans was that of the Boston Working Group, a group with which I am affiliated.  Our proposal is still visible on the net at http://www.cavebear.com/bwg/ As expected, the Jones Day plan won NTIA's nod of approval.

The fruit of this NTIA-Jones Day cultivation was a strange creation: ICANN, a thing neither fish nor fowl, not clearly private yet not clearly governmental, and like Prospero's Ariel able to operate beyond the normal constraints that restrain governmental agencies and the laws and economic forces that channel and limit private action.

A small number of incumbent interests find ICANN to be highly satisfactory and lucrative.  However, most of us end up with something rather less pleasant: Anyone buying a domain name now pays a private internet tax to ICANN and domain name prices are massively inflated (by perhaps 35,000%) with regard to the actual costs.  Others find ICANN as a body that restrains trade by denying their completely legal enterprises entre into the domain name marketplace or by subjecting their businesses processes to a small mountain of contractual gobbledygook.

NTIA and ICANN have effectively allowed the .com and .net top level domains to become the private property of Verisign.  It is not often that a caretaker, like Network Solutions, is allowed to reward itself with ownership of the estate.  By way of analogy it is as if the company that was hired to run the hotel at the Grand Canyon has been allowed to become owner of the hotel and the Grand Canyon.  This is a rather bizarre twist, yet that is what has happened.

The cost to the community of internet users is enormous - Every year more than half a billion dollars is paid by internet users in the form of inflated and arbitrary domain name fees.  And if that were not bad enough, internet innovation and imagination have been smothered on the altar of registry profits and trademark protectionism.

So much for the real history.

The Alternative History

Let us turn back the calendar to 1997.  Let us posit that NTIA has decided to let the cooperative agreement expire and has required Network Solutions (Verisign) to return the materials and data that it is obligated to return under the terms of that agreement.

And let us posit that NTIA has decided not to merely replace one face with another and instead has decided to open the door to enterprise and innovation by providing that name registration data to any and all comers.

And let us suppose that when Jon Postel ran his very sensible test that the US government did not cluck itself into a Chicken Little frenzy and demand that the net must be wrapped with a Procrustean regulatory system.

At this point perhaps you are hearing a voice in your head suggesting, or perhaps screaming, "there would have been chaos", this is an unbelievable alternative history.

Is it really unbelievable?  It certainly was possible.  What is chaos to one is often opportunity to another.  Is it not one of the foundation stones of our social system that individual choice is to be preferred to both monopoly markets and government regulation?

What is unbelievable to this writer is that the US Government leapt to the conclusion that heavy regulation of the net was required without ever really considering how the net might be nudged, rather than bludgeoned, towards greater commercial stability.

J.  D.  Rockefeller, one of the greatest monopolists of all time, justified his destruction of his competitors, his imposition of rigid controls over the petroleum refining and transport industries, and his nearly imperial control of distribution channels and products on the grounds that he was merely "rationalizing" and "standardizing" the oil business.

Those who argue in favor of ICANN often use Rockefeller's argument - they justify ICANN's rigid regulation as a way to rationalize the marketplace of internet names so that the incumbents in that marketplace can be spared the discomfort of competition and the buyers of domain names relieved of the burden of having to make a choice between different offerings.

Do we want to "rationalize" the internet in same way that Rockefeller "rationalized" the petroleum refining industry of the 1870's?

I think not.

But I digress; let us return to our story:

Suppose that in 1997 NTIA decides it will allow the cooperative agreement to lapse at the end of 1998 and that six months prior to the expiration, and again at the time of expiration, NTIA will make a copy of the operational data available without charge or encumbrance.  NTIA decides that 1998 would be a year of transition.

NTIA's decision does not eliminate Network Solutions; it merely removes Network Solution's monopoly.  If Network Solutions chose to do so, it could continue its operations.  But it would no longer be alone or given any preference or special privilege.

In other words, NTIA decides that at the end of 1998, at the end of the agreement, anybody who wants to run .com, .net, .edu, and .org would be free do so, using his/her own capital, using his/her own business plan, and at his/her own risk.

Remember the movie Spartacus?  The rebelling slave army is captured and the Roman general asks "Who among you is Spartacus?" One by one every slave stands up and says "I am Spartacus".

In our tale the ending of the cooperative agreement would cause a similar scene: New vendors, and Network Solutions - everyone - would have stood up and said "I am .com", "I am .org", "I am .net".

None would be and all would be.  There would be no legal ground to distinguish among the claimants.  The would have to compete among themselves.  Network Solutions would, however, been the Goliath.

How precisely this competition would have resolved itself none can say.  But we can say with certainty that it would have quickly resolved itself as it always does when there is a lot of money on the table.

I suppose that those of you who are still with me will be reminded of
the cartoon in which some scientists have filled a blackboard with equations.  And in the middle of the board is a cloud with the words "Then a miracle occurs".

Am I suggesting that NTIA should have bet the internet of 1997 on a miracle? Yes, I am.

But it is no less betting on a miracle than we do every day when we allow electricity, food, fuel, and many other aspects of our normal lives to be handled by the miracle of private innovation and competition within the limits set by law.

Would there have been an uncomfortable bump? Yes, there probably would have been a period during 1997 when internet users wanting to acquire domain names would not know clearly from whom to buy them. Network Solutions, the former incumbent, would with almost certainty obtain the lions' share of the business, not unlike the way that the Baby Bells inherited most of the former Ma Bell (AT&T) customers when AT&T was split apart.

What forms might have coalesced out of this temporary period of fog and uncertainty?

Competing root systems?  Cooperative, truly non-profit, registries?  Co-op registries that operate by N of M consensus systems?

All of these, probably.  Not all would have survived.  Some would have failed.

Some internet users would have had an experience similar to that of people who bought tickets on low fare airlines and charters during the 1970: the carrier failed and they got stuck with a worthless ticket and a claim in bankruptcy court on the remaining assets of the bankrupt carrier.

In our alternative history some internet users will find that they have acquired domain names that do not resolve.  There will be lawsuits for fraud.  Domain name providers who are smart will quickly change their practices and contracts so that every domain name buyer is made fully aware of the risks in much the same what that buyers of securities in the US are provided with enough information to make informed choices, should they chose to do so.

January 1, 1999 would have dawned on a more stable situation:

Network Solutions would be the dominant provider of domain names with a firm grip on the .com, .net, .org, and .edu top level domains.  Network Solutions would have simply bought out the competition.

The suite of root server operators would still have been unaffected, no one would have yet seen the Google-like opportunity that root and TLD servers provide.

However, and remember that this was during the height of the .com bubble, money was available for just about anything.  And a lot of people would have thought that having their own top level domains would be profitable.  (Even outside of our alternative history, we can see from ICANN's actual year 2000 new-TLD process that there was, in fact, a quite substantial interest in new TLDs.)

These new TLDs would have soon discovered that they would not even appear on the horizon of internet users until their TLDs were incorporated into the root zone published by Network Solutions - and Network Solutions would, understandably, not be quite willing to give that kind of aide and comfort to their would-be competitors.

By mid 1999 those who aspired to create new TLDs would have recognized that Network Solutions was not going to allow them a place in the sun and that the operators of the legacy root servers weren't particularly interested in making changes.

So by September 1999 we would have seen the deployment of the first competing root system run with as much capacity and competence as the legacy roots.  However, given the venture funding behind the new TLDs, these new root operators would have had access capital for expansion and would have been created with the attitude to aggressively reach for opportunities.

One of those opportunities would be what we today know as the Google Model - selling marketing and advertising opportunities while creating a positive feedback loop to increase those opportunities by giving users a share of the proceeds.

In year 2000 the You-Root corporation, a privately owned, for-profit, root consortium, comes into operation in competition with the legacy root.

You-Root has a multi-faceted business plan:

• You-Root mines the DNS queries that arrive at its servers to generate a real-time feed of usage data that it sells to market research firms, corporate marketing groups, and national intelligence agencies.
• It drives traffic to its DNS servers by paying ISP's to aim their DNS resolvers at You-Root.  ISP's receive a monthly check from You-Root that is based on the number of queries that the ISP sends to You-Root.  (You-Root finds, however, that it must quickly design mechanisms to detect synthetic traffic that is sent for no reason except to drive up the query counts.)
• You-Root sells space in its root zone file to aspiring TLDs, much as brick-and-mortar stores sell high visibility (such as end-of-aisle) shelf space.
• You-Root includes all of the TLDs, along with the information to their name servers, into its root zone file so that users who are switched from the legacy root are not surprised with name resolution failures.
• You-Root uses "anycast" routing to deploy name servers where the traffic concentration warrents (or where customers are willing to pay for a local root server.) You-Root also maintains a high degree of internet connectivity so that its servers are perceived as highly responsive.
• You-Root will, for a fee, elevate a TLD's zone data so that it is serviced by one of You-Root's own root servers and thus save a DNS query round trip time, thus making web pages under that TLD appear more responsive.  You-Root allows these TLDs to offer a pass through service in which the TLD's name registrants can also have their zone data elevated into You-Root's servers, thus saving even more DNS query round trip times and making those registrants' web sites appear even more responsive.

You-Root gains market share as several ISP's, attracted to the idea of payments for sending DNS queries to You-Root, re-aim their servers.  And large websites seeking to improve user perceptions of performance push to have their DNS zone data elevated into You-Root's servers.

You-Root cuts a deal with Microsoft in which, for exchange for real-time data for use in MSN, Microsoft will ship Windows with You-Root as the default root server group rather than the legacy root servers.  A similar deal is made with Apple.  In neither deal is it disclosed to the public in which direction any money payments were made.

Now other aspiring root operators want to get into the game. They follow You-Root's business model.

Soon the relationship between root server operators and TLDs begins to shift - those TLDs that are more successful at gaining registrants find that they become "must haves" and that they can get root server operators to pay them for inclusion rather than vice versa.

And all the while the Network Solutions/NTIA root zone becomes less and less popular because it has become like a cable TV system that only carries the ABC, CBS, and NBC television networks and does not carry new content like CNN, Comedy Central, or HBO.

By the latter part of 2001 several root systems are in full fledged competition, each trying to be carry more TLDs than its counterparts.  The result of this competition being that every root system carries all available TLDs except those few that are stigmatized, as for example might happen if there is a trademark dispute over who has the right to use a given name as a TLD.

As the pornography industry expands communities of users realize that one way they can protect themselves is by asking root providers to offer tailored views of the DNS name space.  You-Root and others begin to offer "family friendly" collections of TLD - they will, for example, include the .Disney top level domain but not .Sleeze.

Root providers will also offer TLD packages tailored for various religious, political, and social groups who, for whatever reason, want to build walls between themselves and those who are not part of their communities.

Some TLD operators will amplify this customer push for differentiation by by using contracts with their registrants as a means include or exclude certain types of content on websites found under their TLDs.

TLD operators begin to start looking for more ways to differentiate their offerings:

• Some start offering name registrations for short periods for use with one time events.
• Some sell names for very long periods for those who want to latch onto an internet name for as long as the TLD remains.
• Some will sell via resellers (registrars), some will sell direct.
• Some will give names away in order to increase the traffic they get and thus increase the value of the marketing data that they can derive.  (Most of these go the way of the Cue Cat and disappear.)
• Some start selling names using digital certificates to represent ownership, thus providing a means for both permanent and anonymous registrations.  Revenue will be obtained by charging for specific services (such as updating name server records) rather than yearly domain name rent.  This will induce the creation of independent exchanges in which domain names can be bought and sold, often anonymously.

Eventually root zone files will begin to bulge as every large corporation decides that it wants its name to be a TLD.  This will present technical challenges to root server operators to disseminate updates to root zone files.  (However, as we know from real-life .com, this is a problem that is manageable, at least up to the present size of .com - over 70,000,000 names as of the date of this writing, January 2008.)

Competition among TLDs and root providers drives prices down and down and down.

By 2007 typical price to a consumer for a domain name falls to less than $0.25 per year, reflecting the actual mass scale of economies that obtain in DNS, particularly when there is no regulatory body imposing fiat registry rates an imposing its own tithe on name transactions in order to fund itself.

DNS resiliency is improved: In 1997 DNS was a single point of failure and attack for the internet.  By 2007 there is a multiplicity of competing roots that provide deep redundancy against failure from natural or human causes.

DNS responsivity is improved - TLD operators recognizing that DNS query/response time is a significant component of the user perception of web site responsivity begin to push data and servers closer to users.

New TLDs are no longer an issue - those who want to deploy a new TLD can do so.  But as with nearly every other kind of product offering, those who do this will have to expend time and effort to build their TLD visibility and do so with their own money (or that of their venture backers) at risk.  Consumers of domain names will grow more aware of the risks of buying a name in these new TLDs.

Some TLDs will never grow beyond boutique offerings that are found in only a few root zones.  Most of these will fade.  Others will grow so that they become visible in nearly all root zones.

In the end we will have a marketplace that allows new TLDs to be born, to grow, to spread, and to die without any central regulatory apparatus.

It will be a marketplace much like that found in the world of cable TV, in which TLDs are similar to new TV channels.  In the cable TV industry new channels must find a way to be included in the offerings of the cable and satellite providers.  In some cases these new channels will obtain visibility and become viable, in other cases they will never obtain adequate acceptance and will either disappear or be merged into another.  In the DNS industry, new TLDs must find a way to be included in the offerings of root providers else they will not gain sufficient visibility and use to survive.

And so ends our alternative history - a history in which we reach a stable, reliable DNS, both technically and economically, but without the heavy hand and cost of regulation.

Is this alternative now impossible or could we turn away from the regulatory system that has been imposed onto the internet by the US Department of Commerce via ICANN?

There are many people who think that DNS must be regulated and ossified into a single "authoritative" root.

There were many people who once thought the same thing about the voice telephone network.  History proved them wrong.

And to finish on a final note that is neither hypothetical nor an alternative history:

One of the things that neither ICANN, nor governments, nor many users are not realizing is that someday enough people might wake up, question the dogma of the single "authoritative" catholic root. They, just like Dorothy in the Wizard of Oz, already have the power to overturn the status quo.  Users of the net can simply, and without the need to ask permission from anyone or coordination with anyone, turn the technical knobs on their DNS software and make the entire legal, regulatory, and governance edifice fall to the ground - while the net keeps on running without missing a beat.

Normally I would have stayed, participated, and written about what happened.

But, instead, last night I had to race home.  This morning my wife and I had to make an excruciating choice.  And, as a result, this afternoon a friend died.

My friend is cat, Moliere.  He was almost 11 years old and came down suddenly with renal failure.  We had to decide whether he would live (a short while) or die.

I held and comforted him as the injection was administered.

I felt him die.

He is dead; I am in shock.

At least it was fast - only a few seconds - and it seemed to be painless, rather in contrast to the reported effects of the method used on humans.

Yes, he is a cat, "only" a cat, merely a cat, not a person.  I can only imagine the greater pain of those who have to face such decisions about human friends and loved ones.

So tonight Moliere lies buried between two trees on a small rise above Carbonera Creek in the woods where he so much loved to hunt and be a cat.

He lies buried with a copy of Tennyson's Crossing the Bar.

We miss him.

ICANN continues to espouse an internet that exists only in its own image.  An internet in which innovation and enterprise are forced to conform to ICANN standards of goodness.

In other words ICANN is attempting to impose onto the internet a set of constraints that would deny to new innovators the creative rights - in Jonathan Zittrain's words, the generative rights - that gave rise to the internet in the first place.

For example, ICANN's outgoing chairman made it quite clear that he believes that top level domain used for political purposes would be highly suspect.

ICANN continues to require that an applicant's finances and business plans must undergo ICANN investigation and approval.

ICANN continues to require that names be sold through ICANN accredited registrars - a requirement that makes utterly no sense except as a protectionist measure to maintain ICANN hegemony and ICANN revenue - not unlike the way that certain states require alcoholic beverages to be sold through state-run stores.  It is a requirement that has absolutely nothing to do with the stability of the internet.

Right now I'm listening to ICANN's policy to replace the legal system with its own policy to decide who on the internet has the superior right to use a name as a TLD.  ICANN is creating law; yet ICANN is not a legislature.

Moreover ICANN's policy creates a veto power for organized interests, particularly trademark interests, to throw so much chaff into the air that no new TLDs will ever survive the gauntlet.

What is particularly galling is that ICANN's new policy is the product of incumbents that have a strong interest in preventing any new TLDs.