July 17, 1999

Welcome to As the CaveBear Growls.

This publication is an occasional newsletter covering topics of interest to the author, generally related to the Internet to a greater or lesser degree.

Over to the left of the screen is the catalog of issues, past and present.

What I would say to the House Commerce Committee were I invited to testify:

Good Afternoon.

I am Karl Auerbach.

I have been involved in the Internet since 1974 and in the issues of Internet Governance for several years.  I am a computer engineer and an attorney.  I have been a founder, principal, or first employee in several Internet related start-up companies.  I have been active in the IETF and was the co-chair of the IETF working group on policies and procedures.

I am currently employed as an engineer at Cisco Systems where I do work relating to the transmission of entertainment grade video across the Internet.  I neither represent nor speak for Cisco.  My opinions are my own.

I participate in these matters of Internet Governance at my own expense and I receive no reimbursement of those expenses from any third party.

I have been deeply involved during the last several years with the evolution of what has become ICANN.  I am a founding member of the Boston Working Group, one of the groups that submitted proposals to NTIA last fall in response to the so-called "White Paper."

I would like to discuss three matters:

  1. Whether ICANN is the product of community "consensus"

  2. Why the Internet Governance should permit the creation of multiple "roots" of the Domain Name System.

  3. The Domain Name System "whois" database.

1.  Is ICANN the product of community "consensus"?

Is ICANN the product of community "consensus"?


ICANN was not created through community consensus nor is there now a consensus that it is the best, or even a good, way of addressing the issues of set forth in the NTIA White Paper.

How do I know this?  I was there.  I've participated in the Internet Governance debates for many years and interacted with many of the principals.

The simple fact is that during the year of 1998, it became increasingly clear that the IANA proposals that became ICANN were the anointed plan, the only plan that would be accepted by NTIA.

Consequently, recognizing the futility of any alternative plan, the proponents of those alternatives, grudgingly acquiesced to the IANA plan and attempted to mitigate the worst excesses of the IANA plan.

The point to be noted is that no alternative to the IANA plan ever had a chance of success.

The IANA plan was created by insiders and was clearly given not only the inside track but was also given the checkered flag well before the race had even begun.

What evidence do I have of this?  I have nothing specific other than that the belief in the ordained selection of the IANA plan and the futility of alternatives was on everyone's lips or, rather, e-mail keyboards, during the late summer and fall months of 1998.

I might suggest to the committee that how this belief came to be and whether there is any real substance behind it might be a subject for deeper inquiry.

So, it is fair to say, that the purported "support" for ICANN (and its predecessor, the IANA plan) is not "support" at all, but merely an attempt to deal with the inevitable, to mitigate the damage, to make sure that one did not get "on the wrong side" of those who would soon be making decisions effecting billions of dollars of Internet resources.

Let's take a look at some history:

During late 1997 and through 1998 NTIA issued a series of documents culminating with the "White Paper" on June 5, 1998.  NTIA then went forward to recognize a submission from the Internet Assigned Numbers Authority (IANA), a branch of the University of California's Information Sciences Institute (USC/ISI) operating under various government contracts:

July 1, 1997 Request for Comments on the Registration and Administration of Internet Domain Names, Notice and Comments


January 30, 1998 Proposal to Improve Technical Management of Internet Names and Addresses (Green Paper)

Federal Register Publication (HTML) http://www.ntia.doc.gov/ntiahome/domainname/022098fedreg.htm
Federal Register Publication (.txt)

June 5, 1998

Management of Internet Names and Addresses (White Paper)


September 1998 ICANN is legally incorporated by the promoters of the IANA/ICANN proposal.
September 17, 1998 Joint IANA/NSI version of IANA/ICANN proposal published, apparently as the result of pressure from NTIA for IANA and NSI to work together.


End of September 1998 Responses to White Paper received by NTIA.


October 2, 1998 IANA/ICANN Response to White Paper received by NTIA


October 20, 1998 NTIA accepts IANA/ICANN response, implicitly rejecting the others.


November 6, 1998 ICANN submits revised proposal
November 10, 1998 NTIA issues press release reaffirming its selection of the IANA/ICANN proposal.


November 25, 1998 Memorandum of  Understanding Between the U.S. Department of Commerce and Internet Corporation For Assigned Names And Numbers


What was happening during this period?  Was IANA/ICANN the only group trying to wrestle with these problems?

Let's answer those questions by looking at what IANA/ICANN was doing and then what others were doing.

Starting in early 1998, IANA at USC/ISI began publishing what would amount to a sequence of five successive versions of a plan for an organization that would eventually become the ICANN of today.  From the perspective of all but a small (and largely unknown) circle of insiders, here's is how those documents evolved:

A mailing list was established to which one who had comments could send e-mail.  This was essentially a "black-hole" because responses or questions were rarely, if ever, posted by those who were reading the comments.  (That is assuming that the comments were even read at all.)

Every few months a revised draft would be posted.  Why the drafts were changed in the way they were or what criteria were used or what tradeoffs were made, or even who contributed to the drafts was never known.  All we knew was that Jon Postel was involved and that he was supported by an attorney from the firm of Jones Day.  (On July 8, 1998, Jon Postel introduced me, via e-mail to Joe Sims, the attorney from Jones Day.)

In other words it was a closed process decorated with a placebo e-mail suggestion box that as far as anyone knows has never been read.  If one were drawing an computer icon to represent the IANA/ICANN process it would have been a picture of a closed room with cigar smoke pouring out from underneath the closed and locked door - the classic image of the smoke filled back room of Boss Tweed era special interest politics.

It is clear, however, that the IANA/ICANN drafters, whoever they were, were indeed interacting with some selected outsiders.  At one time, probably in late September 1998, in a telephone conversation I had with Joe Sims, Mr. Sims told me that various parts of the IANA/ICANN proposals were immutable because to change them would impinge on understandings with unnamed significant players who had bought-in to the then current proposal.

As an aside, I would like to mention that the current ICANN board proceeds in much the same closed fashion - it is just as opaque and receives (and never responds to) commentary via the same kind of suggestion box, and it issues its decrees with no explanation, no reasoning, no justification.

It was strongly rumored during this period that there were substantial interactions between NTIA and the drafters of this series of documents.  It was apparent to many of us that NTIA was grooming and shaping the IANA/ICANN proposals by coaxing its authors.

Indeed, the fourth draft published on September 17, 1998 was apparently a government induced shotgun marriage between IANA and Network Solutions.  This is still on the IANA web site at http://www.iana.org/description2.html  (Most of the earlier drafts have fallen away and are not easily located.)

At the same time as this IANA/ICANN "process" was occurring, there was a parallel, but far more open series of public discussions and meetings.  This was the IFWP - The International Forum for the White Paper.

The IFWP meetings started in July of 1998 in Reston Virginia.  The meeting was open to all comers and there was no charge to attend.  The "keynote" talk was by Ira Magaziner, the President's advisor in these matters.  Beckworth Burr of NTIA was also in attendance as was Joe Sims of the IANA/ICANN group.

As an aside, I have heard (from people inside the government) that there was an informal policy in various parts of the US Federal Government to discourage attendance at the IFWP meeting in Reston.  I have heard that this informal policy was designed to avoid creating any impression that the IFWP was to be taken seriously as an alternative to IANA/ICANN, a fact which would make it more difficult for the United States to eventually anoint IANA/ICANN.

Over the next couple of months, the IFWP held meetings in Geneva, Singapore, and Buenos Aires.  All in all several hundred, perhaps even as many as a thousand people from around the world met in open session to work through the White Paper and began to craft elements of a response.

For a summary of the work of the IFWP see the materials gathered on Ellen Rony's excellent web site at http://www.domainhandbook.com/ifwp.html

The IFWP process, being open to all was argumentative.  Being unfunded, it was somewhat rambling. Being asked to tackle an enormous topic - governance of the Internet, even in the limited form envisioned by the White Paper, it was slow, hesitant, and intermittent.

The IFWP meetings were open, focused, well attended, and substantive.   The meetings were, without doubt,  the most broadly based discussion of the matters set out in the White Paper in terms of both breadth of coverage and depth of analysis.

There are those who attempt to dismiss the IFWP as a pack of crazies, a loony bin, a body of arrogant juveniles.  There are no doubt some disruptive, perhaps even disturbed individuals who have participated in these debates.  However, the IFWP was attended by many of the people now involved in ICANN, by respected academics from respected institutions, by attorneys and government officials, and by many respected technologists from industry and academia.

It is true that the IFWP process created no specific responses to the White Paper.  It did however produce many ideas.

The fact of the matter was that between the publication of the White Paper in June 1998 and the September 1998 deadline, there simply was not enough time for an organization to bootstrap itself into existence and reach closure on these difficult issues.

But then, if one looks at the White Paper, it is vague, it is imprecise.  It was not at all clear what the White Paper was asking for.  Was it looking for a corporation in-being to assume the mantle of "NewCo"?  Or was it looking for a plan?

As compared to the IFWP, the IANA/ICANN proposal had the advantage of having a closed group to reach decisions and create a more complete response to the White Paper.  The IANA/ICANN proposal also may have had the advantage of insider knowledge of what was being asked for by NTIA.

Towards end of August 1998, it became apparent to many of us that the IANA/ICANN proposal would receive the government's blessing.

When the September 17th draft of the IANA/ICANN proposals were published, there was no doubt left in many of our minds that no other proposal, no matter what the merits, stood any chance of being accepted by NTIA.

As a result small groups of people spun off from the IFWP effort and attempted to distill what had come from those worldwide meetings and thousands of opinions.  One of these groups was the Boston Working Group (the BWG.)

I was one of the founding members of the Boston Working Group.

We of the Boston Group are all people who have attended one or more IFWP meetings.   Many of us submitted comments to the NTIA Green Paper.  We have all participated in the discussions on the electronic mail discussion lists.  We have all read the various proposals made by other bodies.

In other words, despite the relatively small size of our working group in Boston, we represent an immense constituency and bring to bear a significant compendium of pertinent knowledge and experience.

On September 19, 1998 we met in open session in Boston, Massachusetts.   That meeting had a single focus -- to review and critique the most recently proposed (September 17th) IANA/NSI document and report back to the community, IANA/NSI, and the US government within the short time allowed for comments.

Many of us of the BWG would have preferred to create a new proposal, but we all recognized the futility of attempting to swim against the obvious pre-concluded acceptance of the IANA/ICANN proposals.  So we limited our work to mitigating the worst parts of the IANA/ICANN proposals.

We sent our comments to IANA/ICANN, we spoke to Joe Sims, we spoke to NTIA.  We were rudely and condescendingly rebuffed by IANA/ICANN.  We therefore packaged our work and sent it to NTIA as the BWG's response to the White Paper.

Let me be clear -- our support of the IANA/ICANN proposal was not based on our "consensus" that it was a good proposal, but rather that IANA/ICANN was the pre-selected winner and that we had either hop on and try to fix its worst elements or be left behind altogether.

We were not the only group to try to react to this situation.  Other proposals were submitted to NTIA (http://www.ntia.doc.gov/ntiahome/domainname/domainhome.htm) in a last minute attempt to mitigate the IANA/ICANN proposal.  Indeed, at least one group, the ORSC went so far as to actually legally incorporate so it could be a clear, fully formed, operational alternative to IANA/ICANN.

I might add that both the BWG and ORSC proposals were reasonably conservative adjustments to the IANA/ICANN proposals rather than fundamentally new ideas.  Both groups were constrained by the knowledge that the most that could be expected was that a few changes could be made to the IANA/ICANN juggernaut.

Over the next month, IANA/ICANN, under pressure from NTIA, did incorporate some of our suggestions.  As a practical matter, however, these have been largely ignored by ICANN or put on such a slow track that they may never come to pass.

My final comment on this part of my testimony is this: I have met few people who were fully supportive of ICANN.  I have met many people who were attempting to mitigate its built in flaws and its structural biases.  These people were not part of a consensus in support of ICANN, rather they were simply accepting the fact that IANA/ICANN was going to be imposed with or without their consent and that they would be better off fixing it from the inside rather than being outsiders and shouting into the wind.

Back To Top


2.  Multiple Roots are "a good thing"

It wasn't that many years ago in the United States when there was one big, monolithic telephone company.

It was taken as gospel by many that the stability of the telephone network depended on there being one unified, monolithic telephone company.

We've seen through that.  Today we have a flourishing competitive telephone system filled with all kinds of commercial and technical offerings that were inconceivable during the days of "Ma Bell".

We routinely use directory services in a multiplicity of forms -- telephone books published by local telephone companies or entrepreneurs, 411 services in various shapes and forms,  web pages, or even on CD-ROMs (indeed a well known Supreme Court case involved a telephone directory published on CD-ROM).

These telephone directories are not published by any unified authority, there is no regulatory body sitting over them.  And we as consumers are not damaged or harmed by this.  And the telephone system continues to work just fine.

Yet, on the Internet there are those who wail and gnash their teeth at the thought that the Domain Name System, the Internet's "white pages" might have multiple points of entry.

Indeed, the whole series of documents from NTIA -- including the Green and White Papers -- and the existence of ICANN is founded on the notion that there is but one root system for the Domain Name System.

I assert that those nay-sayers are wrong.

I assert that just like the telephone system can have multiple publishers of telephone directory services, the Internet can have multiple roots to the Domain Name System.

There is no doubt that as a purely technical matter, the Internet can have multiple root systems for the DNS.  It has had these for years.

The question is whether to recognize the value and use of multiple root systems and not foreclose them.

Let's get a bit more specific.

When I say "multiple root systems", I mean a regime in which you, or I, or anybody can set up a set of computers to serve as a suite of root servers for the DNS.

In other words, you, or I, or anybody could establish a group of computers to operate in parallel with, and not necessarily in administrative coordination with, the legacy A-L.root-servers.net computers now operated by NSI, IANA, ICANN and others.

From a technical point of view all that a root server group does is to give its users a way to find the DNS servers that handle the various Top Level Domains (TLDs).  The root servers do not themselves answer queries about what names are inside the various TLDs.  Those questions are passed on to the TLD servers themselves.

That is a subtle point and a point that is often lost when discussing the DNS.

It bears repeating -- all that a root server does is to answer queries about how to find a server handling a TLD named in the query.  In other words, a root server only answers queries such as "Where do I find a server that contains the list of names in .com?".

Now that we know that root servers and root server systems are nothing more than the doorway through which one enters the Domain System, we can ask this question:

What happens when we begin to think of the Domain Name System not as an intrinsic core service of the Internet, but rather as an elective service that can be offered by many providers and among which customers and user select based on the packages offered by the providers?

I'll give you a preview of the answer: We end up with a stable Internet with no loss of reachability.  We get a system of competitive root operators who make business decisions about what TLDs they want to incorporate into their "inventory".  We get rid of questions about "how many TLDs should be created?".  We don't need complicated ICANN-like quasi-governmental agencies overseeing the DNS and the Internet.  And we end up with a means for communities of users to fine tune the view of the Internet Landscape that they want to allow into their communities.

So, you should be asking yourselves, how does this Nirvana come about?

Imagine each operator of a root server system as a store.  The shelves contain the store's inventory.  In this case the inventory consists of TLDs that the root server system knows about.

Thus, a user of a root server system will perceive a Domain Name name space composed of the TLDs in the store (the root server system) that that user has elected to use.

Now, I should mention, that when I say "user has elected to use", I don't really usually mean the end-user directly.  In most cases, the end-user will have delegated the choice to that user's ISP or to his or her organizational information manager.  Of course, the technically inclined, such as myself, will tend to make the choice for ourselves.

How does a root server operator select the inventory of TLDs that it wishes to offer?  The answer is "whatever satisfies the needs and demands of the operator's customer base."

If we look at this through the eyes of a businessman operating a root server system, we realize that there are two elements that the customers will care about: TLD coverage and value added services.

As a general rule, customers of a root server system will act much like subscribers to a cable TV system -- they will want as many TLDs (or as many channels) as they can get.  This will drive the root server system operators to include as many viable TLDs as they can into their inventory.

The net result of all the root system operators following this strategy will be that they all attempt to trump one another by each including more TLDs.  The end of this is that all root server operators will incorporate all viable TLDs.  The benefit of this is that the domain names of all people and organizations who have registrations in these TLDs will be essentially universally resolvable no matter which root server system us being used.

I've used the phrase "viable TLDs" to describe those which are of a character that most reasonable root system operators would feel that they could incorporate that TLD into their inventory without undue risk of problems.  It is easiest to define "viable TLDs" by listing what kind of TLDs would be non-viable.  TLDs that are being contested are not very viable.  Thus, if two or more claimants were offering different versions of a TLD named ".foo", it would be unlikely that any root system operator would add any version of ".foo" to the inventory.

This tends to remove the issue of TLD ownership from the current ICANN regulatory framework and place it where it belongs -- in the traditional give and take world of business and open market economics.

Since all root server systems will tend to eventually incorporate all viable TLDs into their inventory, value added services will tend to become the differentiating factor between root server systems.  One might well ask how a root server system can offer value added services?  It does seem an odd concept at first, but then again, a few years ago, the notion of value added long distance telephone services was an odd concept.

An example of a value added service would be that of filtration -- A root server system operator may offer a service in which customers who use that root will be able to have the responses cleaned of any answers that are sources of pornographic material.  This could be a valuable tool for communities that wish to tailor their view of the Internet Landscape according to their own community standards.  And it is a mechanism which allows any member to opt out of the community, and its restrictions, simply by selecting another root server operator.

Yes, there are other ways to achieve the same kind of filtering, but who are we to say which methods are the most viable?  Indeed, we should be careful not to dismiss, or worse to foreclose, an area of Internet entrepreneurship simply because we don't see the immediate value.

I'd like to finish this discussion about multiple roots with a few observations.

Multiple root systems add to the stability of the internet by removing a dependence on a single root system for the Domain Name System.

Multiple root systems eliminate the need to face questions such as "what new gTLDs should be added" - multiple root systems permit the marketplace to provide the answer.

Multiple root systems provide means for inventors and entrepreneurs to create new ways of packaging DNS servers.  And I've suggested one such extension that could add a new means for individuals or communities to shield themselves from the tidal wave of questionable material on the Internet.

So, why have multiple root systems not evolved?

One of the reasons is that the existing system has so far worked reasonably well, so there has been little pressure.  But there is a very strong secondary reason -- those who have advocated or established a multiple root system have been shunned by the technical community.

But the biggest reason why it hasn't happened is that ever since the NTIA process started, the idea that there could be multiple roots has been swept aside with an administrative flick of the wrist and an offhand repetition of the stale legend: "oh that would never comport with network stability".

Back To Top


3.  The Whois database

One of the most important elements in these Domain Name System matters is that of the so-called "whois" or "contact" database.

This database is essentially the name, address, phone number, and organizational affiliation of every person on the Internet who has a registered domain name or block of IP address space.

Its contents not only have major privacy implications, but also represent a marketing database of prodigious value, not only to net-marketers, but also to those who wish to create DNS registries or become DNS registrars.

NTIA may be proposing the transfer of the reins of the Domain Name System to ICANN or some other body.  However, unless the whois/contact database is part of the body of material transferred, ICANN or that other body will having nothing but a useless and unmaintainable lump of numbers.

This critical database was built by a contractor operating under contract, or rather a "Cooperative Agreement" between the National Science Foundation, an agency of the United States.  The contract indirectly called for the creation, maintenance, and public publication of this database.

5 USC 552a is the "Privacy Act of 1974".  That Act covers databases containing personally identifiable information when such databases are under the control of an agency of the United States.

In late 1997 I sent a request to the National Science Foundation exercising my rights under the Privacy Act of 1974.

The response was, to my mind, astounding.  The National Science Foundation disclaimed all control of the whois database, indicating that that database was essentially the private property of Network Solutions, the contractor.

This, despite the fact that NSF paid money to NSI for the performance of this task.  A later amendment to the cooperative agreement replaced direct payments from NSF with permission from NSF for NSI to obtain compensation from domain name registrants in lieu of payments from the United States.  Thus, payment for creation and maintenance of the whois database continues to this day, albeit via an indirect payment mechanism rather than the original direct fee-for-services form of the non-amended original Cooperative Agreement.

This action is doubly astounding when one considers that it effectively eviscerates the ability of NSF's successor, NTIA, in the Cooperative Agreement, to exercise its contractual right under the Cooperative Agreement to obtain all information needed to transfer the domain name registration function from Network Solutions to a successor, such as ICANN.

And the action is triply astounding when it was made at the same time that many in the United States Legislative and Executive branches were calling for stronger privacy measures to be applied to private business.

I would suggest to the committee that before we can expect private bodies to protect the privacy of users of the Internet, the United States Government ought to live up to the laws already on the books that protect the privacy of citizens from governmental abuses.

In particular, I recommend to the committee that it inquire more deeply into the creation and handling of the "whois" database, its status under the Privacy Act of 1974, and whether NSF and NTIA have given away the "crown jewels" of the domain name system in their attempt to avoid the Act.

Back To Top

Updated June 20, 2001 12:45:34 AM -0700