The ICANN 49 public meeting is kicking off here in Singapore right now, and control of the domain name system is going to be the hottest of hot topics for the next four days.
Two Fridays ago the US government announced its plan to remove itself from oversight of key internet functions currently managed by ICANN, causing a firestorm of controversy in the US.
A lot of the media commentary has been poorly informed, politically motivated and misleading.
According to this commentary, the move means that regimes more repressive that the United States government are going to take over the internet, killing off free speech.
Here I present a backgrounder on the issue, a primer for those who may not be familiar with the history and the issues. ICANN addicts may find the latter half of the piece interesting too, but first…
Let’s go back to basics
The issue here is control over the DNS root zone file. Basically, the root zone file is a 454K text file that lists all the top-level domains that are live on the internet today.
Each TLD is listed alongside the DNS name servers that it is delegated to and control it. So .com has some name servers, .uk has some name servers, .info has some name servers, etc.
If an internet user in San Francisco or London or Ulan Bator tries to visit google.com, her ISP finds that web site by asking the .com zone file for its IP address. It finds the location of the .com zone file (managed by Verisign) in turn by asking the root zone file.
The root zone files are served up by 13 logical root zone servers named A through M, managed by 12 different entities. Verisign runs two. ICANN runs one. Most are US-based entities.
Every root server operator agrees that Verisign’s root is authoritative. They all take their copies of the root zone file from this server. This keeps the data clean and consistent around the world.
So Verisign, in terms of actually sitting at a keyboard and physically adding, deleting or amending entries in the root zone file, has all of the power over the internet’s DNS.
Verisign could in theory assign .uk or .xxx or .com to name servers belonging to Canada or the Vatican or McDonalds or me.
But in practice, Verisign only makes changes to the root zone when authorized to do so by the US National Telecommunications and Information Administration, part of the Department of Commerce.
That’s because Verisign’s power to amend the root zone comes from its Cooperative Agreement with NTIA.
Amendment 11 (pdf) of this agreement dates from 1999, a time before Verisign acquired Network Solutions (NSI) and before ICANN had a name and was known as “NewCo”. It states:
NSI agrees to continue to function as the administrator for the primary root server for the root server system and as a root zone administrator until such time as the USG instructs NSI in writing to transfer either or both of these functions to NewCo or a specified alternate entity.
While NSI continues to operate the primary root server, it shall request written direction from an authorized USG official before making or rejecting any modifications, additions or deletions to the root zone file. Such direction will be provided within ten (10) working days and it may instruct NSI to process any such changes directed by NewCo when submitted to NST in conformity with written procedures established by NewCo and recognized by the USG.
So the power to amend the root zone — and therefore decide which TLDs get to exist and who gets to run them — actually lies in NTIA’s hands, the hands of the US government.
NTIA says its role is “largely symbolic” in this regard.
That’s because the power to decide what changes should be made to the root zone has been delegated to ICANN via the “IANA functions” contract.
What you’re looking at here is a diagram, from the latest IANA contract, showing that whatever changes ICANN proposes to make to the root (such as adding a new gTLD) must be authorized by NTIA before somebody at Verisign sits at a keyboard and physically makes the change.
In the diagram, “IANA Functions Operator” is ICANN, “Administrator” is NTIA, and “Root Zone Maintainer” is Verisign.
What NTIA now proposes is to remove itself from this workflow. No longer would ICANN have to seek a US government rubber stamp in order to add a new TLD or change ownership of an existing TLD.
It’s possible that Verisign will also be removed from the diagram. ICANN runs a root server already, which could replace Verisign’s A-root as the authoritative one of the 13.
NTIA says that the Cooperative Agreement and the IANA contract are “inextricably intertwined” and that it will “coordinate a related and parallel transition in these responsibilities.”
If this all sounds dry and technical so far, that’s because it is.
So why is it so important?
An entry in the DNS root zone has economic value. The fact that the record for .com points to Verisign’s name servers and not yours means that Verisign is worth $7 billion and you’re not.
Whoever has power over the root therefore has the ability to dictate terms to the entities that want their TLD listed.
ICANN’s contract with Verisign makes Verisign pay ICANN $0.25 for every .com name sold, for example.
The contract also forces Verisign to only sell its names via registrars that have been accredited by ICANN.
This gives ICANN, by indirect virtue of its control of the root, power over registrars too.
The Registrar Accreditation Agreement contains terms that require registrars to publish, openly, the names and addresses of all of their customers, for example.
Suddenly, control of the root is not only about lines in a database, it’s about consumer privacy too.
The same goes for other important issues, such as free speech.
Should people have the right to say that a company or a politician “sucks”? Most of us would agree that they should.
However, if they want to register a .sucks domain name in future they’re going to have to abide by rules, developed by ICANN and its community, that protect trademark owners from cybersquatting.
Over the course of many years, ICANN has decided that trademark owners should always have the right to preemptively register any domain name that matches their brands. This will apply to .sucks too.
If I, militant vegetarian that I am, wanted to register mcdonalds.sucks after .sucks becomes available, there’s a significant probability that I’m not going to get the opportunity to do so.
Of course, there’s nothing stopping you and I publishing our opinion of a worthless politician or corrupt company in other ways using other domain names, but it remains true that ICANN has essentially prioritized, for very good reasons, the rights of trademark owners over the rights of other internet users.
Theoretically, at some point in the future, ICANN could amend the Registrar Accreditation Agreement to require registrars to, for example, always deactivate a domain name when they receive a cease and desist letter, no matter how unfounded or spurious, from a trademark lawyer.
Suddenly, the web belongs to the IP attorneys, free speech is damaged, and it’s all because ICANN controls the DNS root.
I’m not saying that’s going to happen, I’m just using this as an example of how ruling the root has implications beyond adding records to a database.
What does US oversight have to do with this?
The question is, does the US removing itself from the root zone equation have any impact on what ICANN does in future? Has the US in fact been a good custodian of the root?
Commentators, many of them Republicans apparently seizing on the NTIA’s move as the latest opportunity to bash President Obama’s administration, would have you believe that the answer is yes.
I’m not so sure.
The US in fact has a track record of using its power in ways that would reduce free speech on the internet.
Back in 2005, there was a controversy about ICANN’s decision to add .xxx — a top-level domain for pornography — to the root zone. Whatever you think about porn, this is undeniably a free speech issue.
The US government, under the Bush administration, was initially ambivalent about the issue. Then a bunch of right-wing religious groups started lobbying the NTIA en masse, demanding .xxx be rejected.
The NTIA suddenly switched its position, and actually considered (ab)using its power over the root zone to block .xxx’s approval and therefore appease the Republican base.
This all came out due to .xxx operator ICM Registry’s Freedom of Information Act requests, which were detailed in the the declaration (pdf) of an Independent Review Panel — three neutral, respected judges — that oversaw ICM’s appeal against ICANN:
Copies of messages obtained by ICM under the Freedom of Information Act show that while officials of the Department of Commerce concerned with Internet questions earlier did not oppose and indeed apparently favored ICANN’s approval of the application of ICM, the Department of Commerce was galvanized into opposition by the generated torrent of negative demands, and by representations by leading figures of the so-called “religious right”, such as Jim Dobson, who had influential access to high level officials of the U.S. Administration. There was even indication in the Department of Commerce that, if ICANN were to approve a top level domain for adult material, it would not be entered into the root if the United States Government did not approve
US lobbying via ICANN’s Governmental Advisory Committee and other channels had the effect that ICANN rejected ICM’s .xxx application. It’s only because ICM was prepared to spend years and millions of dollars appealing the decision that .xxx was finally added to the root.
When you read an article claiming that the US government relinquishing its root oversight role will have a negative effect on free speech, ask yourself what the record actually shows.
The .xxx case is the only example I’m aware of the US leveraging or preparing to leverage its oversight role in any way. On free speech, USG is 0 for 1.
The US is also a powerful member of the Governmental Advisory Committee, the collection of dozens of national governments that have a strong voice in ICANN policy-making.
Under the rules of the new gTLD program, the GAC has right to veto any new gTLD — prevent it being added to the DNS root zone — if all the governments on the GAC unanimously agree to the veto.
Currently, there’s a controversy about the proposed gTLD .amazon, which has been applied for by the online retail behemoth Amazon.
Latin American countries that count the Amazonia region and Amazon river as part of their territories don’t want it approved; they believe they have the better rights to the .amazon string.
Despite this outrage, the GAC initially could not find unanimous consensus to veto .amazon. It transpired that the US, no doubt protecting the interests of a massive US-based corporation, was the hold-out.
In its position paper (pdf) announcing the .amazon veto block reversal, NTIA said the US “affirms our support for the free flow of information and freedom of expression”.
By its own definitions, the US made a decision that harmed free expression (not to mention Amazon’s business interests). It seems to have done so, again, in the name of political expediency.
I’m not saying that the US decision was right or wrong, merely that the record again shows that it’s not the great protector of free speech that many commentators are making it out to be.
What should replace the US?
The question for the ICANN community this week in Singapore and over the coming months is what, if anything, should replace the US in terms of root zone oversight.
The NTIA has been adamant that a “multi-stakeholder” solution is the way to go and that it “will not accept a proposal that replaces NTIA’s role with a government-led or an inter-governmental solution.”
The weirdness in this statement, and with the whole transition process in general, is ICANN is already a multi-stakeholder system.
In light of the US’ longstanding “hands off” approach (with the aforementioned exception of .xxx), does ICANN even need any additional oversight?
Today, legislative power in ICANN resides with its board of directors. The ICANN staff wield executive control.
In theory and under ICANN’s extensive governance rules, the board is only supposed to approve the consensus decisions of the community and the staff are only supposed to execute the wishes of the board.
In practice, both board and staff are often criticized for stepping beyond these bounds, making decisions that do not appear to have originated in the community policy-making process.
The ruling on vertical integration between registries and registrars, where the community could not even approach consensus, appears to have originated with ICANN’s legal department, for example.
There has also been substantial concern about the extent of the power handed to hand-picked advisory panels created by CEO Fadi Chehade recently.
In that light, perhaps what ICANN needs is not oversight from some third party but rather stronger community accountability mechanisms that prevent capture and abuse.
That’s certainly my view today. But I don’t have any particularly strong feelings on these issues, and I’m open to have my mind changed during this week’s discussions in Singapore.
Verisign’s share price is down around 8% in early trading today, after analysts speculated that the US government’s planned move away from control of the DNS root put .com at risk.
The analyst firm Cowan & Co cut its rating on VRSN and reportedly told investors:
With less US control and without knowledge of what entity or entities will ultimately have power, we believe there is increased risk that VRSN may not be able to renew its .com and .net contracts in their current form.
It’s complete nonsense, of course.
The US announced on Friday it’s intention to step away from the trilateral agreements that govern control of the root between itself, ICANN and Verisign. But that deal has no dollar value to anyone.
What’s not affected, as ICANN CEO Fadi Chehade laboriously explained during his press conference Friday, are the contracts under which Verisign operates .com and .net.
The .com contract, through which Verisign derives most of its revenue, is slightly different to regular gTLD contracts in that the US has the right to veto terms if they’re considered anti-competitive.
The current contract, which runs through 2018, was originally going to retain Verisign’s right to increase its prices in most years, but it was vetoed by the US, freezing Verisign’s registry fee.
So not only has the US not said it will step away from .com oversight, but if it did it would be excellent news for Verisign, which would only have to strong-arm ICANN into letting it raise prices again.
Renewal of the .com and .net contracts shouldn’t be an issue either. The main rationale for putting .com up for rebid was to improve competition, but the new gTLD program is supposed to be doing that.
If new gTLDs, as a whole, are considered successful, I can’t see Verisign ever losing .com.
Verisign issued a statement before the markets opened today, saying:
The announcement by NTIA on Friday, March 14, 2014, does not affect Verisign’s operation of the .com and .net registries. The announcement does not impact Verisign’s .com or .net domain name business nor impact its .com or .net revenue or those agreements, which have presumptive rights of renewal.
Members of the domain name industry and ICANN community reacted generally positively to the news Friday night that the US will step aside from its central role in ICANN oversight.
Several companies, organizations and individuals issued early statements in response. We present a summary of those to hit the wires so far here.
First, the so-called I* organizations (IETF, IAB, RIRs, ccTLD ROs, ISOC, and W3C), which manage the internet’s various technical functions and standards, issued a joint statement via ICANN:
Our organizations are committed to open and transparent multi-stakeholder processes. We are also committed to further strengthening our processes and agreements related to the IANA functions, and to building on the existing organizations and their roles. The Internet technical community is strong enough to continue its role, while assuming the stewardship function as it transitions from the US Government.
The Domain Name Association’s executive director Kurt Pritz said this:
The DNA welcomes a deliberate, thoughtful process, inclusive of all stakeholder views to determine the future of the IANA function. As our members are some of the most widely recognized customers of IANA, we will be playing an active role in the process moving forward. The US government performs admirably in this role and it is important that any new oversight mechanism perform as reliably and consistently, and in a manner that prevents the Internet from onerous regulations and/or content controls.
New gTLD portfolio applicant Donuts said:
The IANA function is very important to Internet stability, and Donuts supports the multistakeholder approach to managing this vital resource. As the largest applicant for new top-level domains, we look forward to providing a constructive contribution in this multi-stakeholder discussion. It’s critical that any new mechanisms for IANA oversight ensure not only stability and accountability but also uphold the vital public sector role in promoting Internet innovation and openness.
Lisa Hook, CEO of back-end registry provider Neustar, said in a press release:
We share the US government’s view that the time has come for ICANN to convene global stakeholders to develop the policies, procedures, and accountability framework needed to transition ultimate responsibility for the IANA functions, and we look forward to participating in that process.
Back-end and portfolio applicant Afilias said in its own press release:
We endorse the statements of the NTIA and the organizations noted above [the I*s] with respect to the maturation of these organizations and processes, and we are committed to continuing to contribute to the stewardship of the Internet as part of a globally inclusive, open and transparent multi-stakeholder community.
Michele Neylon, CEO of domain name registrar Blacknight Solutions said:
This is an incredibly historic and important day for Internet governance. As a member of the International governance and infrastructure communities I applaud this move away from a single government to a regulating body that represents the interests of the global community. However, the real challenge now lies ahead in identifying and implementing a strong, diverse community to oversee these crucial organizations.
Milton Mueller, the principal academic behind the Internet Governance Project blogged:
IGP has been leading the call for the US government to be consistent about its non-governmental approach to Internet governance since 2005. Naturally, we were gratified to see the Commerce Department finally come around to that position. Far from “giving up” something or “losing control,” the U.S. is sure to find that its policy has gained strength. We have just made it a lot harder for opponents of a free and open Internet to pretend that what they are really against is an Internet dominated by one hegemonic state.
The news broke rather late on a Friday night, with an NTIA press release and hastily convened ICANN press conference, after the story was leaked to the Washington Post.
There hasn’t been much time for formal written reactions yet, but I’m sure more will be forthcoming as people get into work on Monday morning.
In what can only be described as an historic announcement, the United States government tonight said that it will walk away from its control of the DNS root zone.
ICANN CEO Fadi Chehade said during a press conference tonight that the organization has begun a consultation to figure out “accountability mechanisms” that will replace the US role as ICANN’s master.
The news comes in the wake of Edward Snowden’s revelations about US spying, but Chehade and ICANN chair Steve Crocker said that the changes would have been made sooner or later anyway.
So what just happened?
Earlier this evening, the US National Telecommunications and Information Administration announced its “intent to transition key Internet domain name functions to the global multistakeholder community.”
That’s basically referring to the IANA contract, the US government procurement contract under which ICANN has the ability to make changes — essentially by recommendation — to the DNS root zone.
The current version of the contract is due to expire next year, and the hope is that when it does there won’t be any need for a renewal.
Between now and then, the ICANN community (that’s you) is tasked with coming up with something to replace it.
It’s going to be the hottest topic at the ICANN 49 meeting in Singapore, which kicks off a week from now, but it’s expected to be under discussion for much longer than that.
Chehade said during the press conference tonight that the idea is not to create a new oversight body to replace the NTIA. We seem to be talking about “mechanisms” rather than “organizations”.
He also said that the US government has made it plain that any attempt to replace the US with an intergovernmental body (ie, the International Telecommunications Union) will not be considered acceptable.
Whatever oversight mechanism replaces NTIA, it’s going to have to be “multistakeholder” — not just governments.
The root zone is currently controlled under a trilateral relationship between the NTIA, ICANN and Verisign.
Essentially, ICANN says “add this TLD” or “change the name servers for this TLD” and, after the NTIA has approved the change, Verisign implements it on its root zone servers. The other root zone operators take copies and the DNS remains a unique, reliable namespace.
The NTIA has said that it’s going to withdraw from this relationship.
One question that remains is whether Verisign will retain its important role in root zone management.
Chehade appeared slightly (only slightly) evasive on this question tonight, spending some time clarifying that Verisign’s root zone management contract is not the same as its .com contract.
I assume this prevarication was in order to not wipe billions off Verisign’s market cap on Monday, but I didn’t really get a good sense of whether Verisign’s position as a root zone manager was in jeopardy.
My guess is that it is not.
A second question is whether the US stepping away from the IANA function means that the Affirmation of Commitments between the US government and ICANN also has its days numbered.
Apparently it does.
Chehade and ICANN chair Steve Crocker pointed to the ICANN board’s decision a few weeks ago to create a new board committee tasked with exploring ways to rewrite the AoC.
And they said tonight that there’s no plan to retire the AoC. Rather, the idea is to increase the number of parties that are signatories to it.
The AoC, it seems, will be ICANN’s affirmation to the world, not just to the US government.
Neustar has been awarded a new three-to-five-year contract to manage the .us ccTLD, under a deal with the US Department of Commerce announced today.
It’s a renewal of a role that Neustar has held since .us was relaunched in 2001, but the new contract come with a few notable new provisions.
First, it seems that the company is now obliged to bring some “multi-stakeholder” oversight into the management of the TLD. Neustar said in a press release:
In 2014, Neustar plans to launch a new multi-stakeholder council including members representing localities, registrars, small businesses and non-profit organizations as well as entities involved with STEM education and cybersecurity. The .US TLD Stakeholder Council will provide a vibrant, diverse, and independent forum for future development of the .US TLD, working directly with .US TLD stakeholders and helping Neustar to identify public needs and develop policies, programs, and partnerships to address those needs while continuing to enhance America’s address.
Second, it looks like .kids.us might not be dead after all.
The third-level service was introduced as a result of the poorly considered Dot Kids Implementation and Efficiency Act of 2002, which forced Neustar to operate a child-friendly zone in .us.
Notwithstanding the June 2012 determination to suspend operation of kids.us domain under the current contract, DOC seeks proposals to rejuvenate the kids.us space to increase utilization, utility and awareness of the kids.us domain.
The contract has several more references to Neustar’s obligation to promote the SLD. At the time it was killed off, there were just a handful of registered names in the space.
The contract also says that .us currently has just shy of 1.8 million names under management.