ICANN using PRISM as excuse to break from the US

ICANN CEO Fadi Chehade, with backing from government leaders, is using the recent revelations about the PRISM mass surveillance program to try to speed up ICANN’s split from the US.
Speaking to an American radio station, Chehade said yesterday:

I think the current role the United States has with ICANN was always envisaged to change. The timing of that was the question — not if, it was just when. I think now it is clear that we need to talk about changing that role and evolving it to become a more global role where all stakeholders, not just governments, have an equal footing in the governance of the Internet. So the timing has been put into clear focus right now, that is what’s happening.

He was speaking from the latest Internet Governance Forum in Bali, where today he reiterated his calls for “all governments and all stakeholders” to work together “on equal footing”.
Similar rhetoric has been dribbling out of ICANN for the last couple of weeks.
Earlier this month, Chehade met in Montevideo, Uruguay, with the leaders of the five Regional Internet Registries, the World Wide Web Consortium, the IETF, ISOC and the IAB to discuss “current issues affecting the future of the Internet.”
They came out with the Montevideo Declaration, which states in part:

They reinforced the importance of globally coherent Internet operations, and warned against Internet fragmentation at a national level. They expressed strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance.
They identified the need for ongoing effort to address Internet Governance challenges, and agreed to catalyze community-wide efforts towards the evolution of global multistakeholder Internet cooperation.
They called for accelerating the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing.

The first and third paragraphs, taken together, suggested that ICANN was yet again ready to start talking about casting off the US government’s special oversight role, and that it would use Edward Snowden’s PRISM revelations as a way back into the conversation.
Milton Mueller of the Internet Governance Project first blogged about this, talking about ICANN “abandoning the US government”, prompting much media speculation about America’s future role in internet governance.
Chehade has been on the road, it seems, since Montevideo, first stopping off in Brazil to lend his encouragement to President Dilma Rousseff’s proposal for an April 2014 conference to discuss internet governance in light of the Snowden revelations.
Rousseff herself was targeted by the NSA and has become one of the most vocal government leaders in criticizing the US spy programs.
Lately it seems Chehade has been in India, where he told the Economic Times:

When any government decides to use a resource like the internet in ways that erodes the public trust, it is very regrettable. I feel like I’m the public trustee of the internet. All of us should be equal stewards of the public trust.
So when any one takes it away, it distresses all of us. It is not just by the recent revelations about PRISM, but there are other revelations that are coming out as well. Countries are employing millions of people to track the movements of their fellow citizens.
…
I would argue that the recent developments have emboldened people to make sure all stakeholders are participating on equal footing, including all governments.

All of this posturing raises a few basic questions, the first of which is: what does PRISM have to do with ICANN?
The answer, it seems, is “nothing”.
The PRISM revelations have implicated the likes of Google, Microsoft and Facebook — all apparently cooperating with the NSA’s mass gathering of data on civilian internet users — but no domain name players.
If the Guardian were to report tomorrow that major infrastructure players such as Verisign or Go Daddy were also involved, I would not be in the least surprised, but so far I have yet to see a connection between the domain name business and NSA spying.
In that light, if ICANN were to sever its special relationship with the US, there would be presumably no impact whatsoever on PRISM or any other surveillance program.
Chehade’s current campaign therefore seems to be politically opportunistic at best and a distraction from the underlying problem of US human rights violations at worst.
But what is meant when people speak of “splitting from the US” anyway?
It seems to me there are three important areas where the US government has undue power over ICANN: jurisdiction, the Affirmation of Commitments and the IANA contract.
ICANN is based in California and subject to US federal law. While that continues to be the case, it will always be subject to the possibility of having its work thwarted by a US court or spurious lawsuit.
It also hampers ICANN’s ability to do business with some nations unencumbered by US trade embargoes, though ICANN is usually able to secure the requisite licenses when it needs to.
It’s also always going to be at risk of being hauled over the coals by Congress every couple of years, due to lobbying by US special interest groups, which interferes with its credibility as a global organization.
ICANN has already started setting up shop in other parts of the world. New “hub” offices in Istanbul and Singapore are being characterized as being on equal footing with the LA headquarters.
But that characterization seems disingenuous.
The Affirmation of Commitments, signed by the US Department of Commerce and former ICANN CEO Rod Beckstrom in 2009 and largely negotiated under his predecessor Paul Twomey, is one of ICANN’s principal governing documents.
One of ICANN’s commitments under the AoC is to “remain a not for profit corporation, headquartered in the United States of America with offices around the world to meet the needs of a global community”.
Being US-based is baked into ICANN’s governance. If the US has to go, the AoC has to go, which means all the other accountability and review obligations in the AoC also have to go.
The third prong of US control is the IANA contract and the trilateral relationship between ICANN, Verisign and the US National Telecommunications and Information Administration.
The NTIA, essentially, controls the DNS root. Verisign actually manages the boxes it runs on, but it only makes changes — such as adding new gTLDs or redelegating ccTLDs to new registries — with NTIA authorization. That authorization, in turn, is basically a rubber stamp on an IANA/ICANN recommendation.
To the best of my knowledge, NTIA has never abused its authority to overrule an ICANN determination, or pressured ICANN into making a US-friendly recommendation.
But the process by which ICANN recommends changes to the root is pretty opaque.
I have to wonder why, for example, it took two years for Iran’s IDN ccTLD to get approved by ICANN’s board. Only the lack of any outcry from Iran suggests to me that the delay was benign.
When ICANN was founded in 1998, the original plan was for control of the root to enter ICANN’s hands before the end of the Clinton administration (ie 2000), but over the years that plan has been abandoned by the US.
The IANA contract was put up for renewal in 2011 — with a strict provision that only US-based organizations were able to apply — and then-CEO Beckstrom also pushed for more ICANN independence.
In 2011, Beckstrom was making many of the same noises Chehade is today, saying that the IANA function should be a looser “cooperative agreement” rather than a US procurement contract.
In March that year, calling for such an agreement he said at ICANN’s San Francisco meeting:

When all voices are heard, no single voice can dominate an organization – not even governments. Not even the government that facilitated its creation.

The NTIA’s response was, basically, to give Beckstrom the finger.
It said in June 2011 that it “does not have the legal authority” to do what was asked of it, then produced an IANA contract that gave itself and governments in general much greater powers to micromanage ICANN.
After delays, rejections and giving ICANN the general runaround, the NTIA finally signed off on its new IANA contract in July last year, on the final day of Beckstrom’s tenure as CEO.
It lasts until September 30, 2015, with two two-year renewals options.
If Chehade wants to unshackle ICANN from the US, the IANA contract will have to be a cornerstone of that project.
But NTIA’s past performance makes that possibility seem unlikely, unless Chehade can rally enough political pressure from the likes of Brazil and India to change his own government’s mind.
He faces an uphill battle, in other words, and at the end of the day whether breaking from the US government would be a good thing or not depends entirely on what, if anything, replaces it.
Whatever happens, let’s not pretend that ICANN’s independence has anything to do with PRISM, and let’s not allow ICANN to distract us from the wholesale violations of our rights that the US government is perpetrating.

Ralph Lauren can’t have .polo, panel rules

Ralph Lauren’s application for the dot-brand .polo is likely at an end, after the International Chamber of Commerce ruled that it would infringe the rights of polo players.
The Community Objection to the gTLD was filed by the US Polo Association, the governing body of the sport in the US, and supported by the Federation of International Polo, along with seven national and 10 regional US-based polo associations.
The FIP letter was crucial in ICC panelist Burkhard Hess’ decision to find against Ralph Lauren, persuading him that there was “substantial opposition” from a “clearly delineated” polo-playing community.
The word “polo” was often used in straw man arguments when the new gTLD program and its objection mechanisms were being designed. Who gets .polo? Ralph Lauren? Volkswagen? Nestle? The sport?
Well, now we know: according to the ICC, the sport will probably trump any dot-brand.
The precedent might be bad news for Donuts and Famous Four Media, which are facing Community Objections from the international governing bodies of rugby and basketball on .rugby and .basketball.
However, none of those applications are for dot-brand spaces.
Under the Community Objection rules, the objector has to show that the gTLD would harm its interests is delegated.
In the case of .polo, the panelist found detriment largely due to the fact that Ralph Lauren’s plan was for a single-registrant space from which the sports associations would be excluded.
With open, unrestricted .basketball and .rugby applications, it’s likely to be much harder for the objectors to prove that the gTLDs would damage the sport.

What does Neelie Kroes know about multistakeholderism?

European Commission vice president Neelie Kroes wants “your ideas on how the Internet should be governed and what Europe’s role should be.”
In a survey launched last week, Kroes, who has special responsibility for the “digital agenda” in Europe, criticized ICANN’s “multi-stakeholder” process.
She solicited suggestions on how governments should be treated within ICANN, and asked “How can a move from unilateral to multilateral accountability be realised?”
Kroes said on her blog (link in original):

we also must have a clearer view of what we mean when we speak of “multi-stakeholder processes”. I worry that without a clear definition, everyone will claim that their decision processes are inclusive and transparent, when in practice they are not – as was shown recently, when the Governmental Advisory Committee of ICANN pressed on regardless – in spite of the EU’s legitimate concerns on new domain names.

Let’s parse this.
On the one hand, Kroes is stating that ICANN’s process is not “inclusive and transparent”.
On the other, she’s linking to her own demands for special privileges for the European Commission in the debate over whether wine producers need special protections in the new gTLDs .wine and .vin.
I reported on Kroes letter a month ago.
As the letter and the public record makes plain, the GAC had originally asked ICANN for more time in order to consider whether the .wine protections were warranted.
In the end, the GAC was unable to reach a consensus on the matter and advised ICANN accordingly.
With no GAC consensus, ICANN has no mandate to act.
But Kroes wants ICANN to delay the .wine and .vin applications anyway, based on little more than the European Commission’s unilateral demands.
Is her definition of a “multi-stakeholder” process one in which individual governments get to override the consensus of dozens of governments? It certainly looks that way.
And it wouldn’t be the first time Kroes has tried to usurp the multi-stakeholder process in order to get what she wants.
Back in June 2011, she called for ICANN to be reformed because she didn’t like the fact that ICANN did not accept all the GAC’s advice when it approved the new gTLD program.
A month earlier, she privately wrote to the US Department of Commerce — which controls the DNS root server — to ask that it refuse to delegate the recently approved .xxx gTLD.
That would have been an unprecedented and worrying move by Commerce, and naturally it declined.
But the fact that Kroes even asked makes me wonder how serious she is about “multistakeholderism”.
It’s a newish term, poorly defined, but reason dictates that it means you can’t always get what you want.
Kroes blog post is available here. More information about her call for comments can be found here.

Reconsideration is not an appeals process: ICANN delivers another blow to Amazon’s gTLD hopes

Amazon has lost its appeal of a ruling that says its applied-for new gTLD .通販 is “confusingly similar” to .shop, with ICANN ruling that its Reconsideration mechanism is not an appeals process.
The e-commerce giant lost a String Confusion Objection filed by .shop applicant Commercial Connect in August, with panelist Robert Nau ruling that the two strings were too confusing to co-exist.
That’s despite one of the strings being written in Latin script and the other Japanese. The ruling was based on the similarity of meaning: 通販 means “online shopping”.
Amazon immediately filed a Reconsideration Request with ICANN.
Days earlier, Akram Atallah, president of ICANN’s Generic Domains Division, had described this process as one of the “avenues for asking for reconsidering the decision”.
Atallah was less clear on whether Reconsideration was applicable to decisions made by third-party panels — the new gTLD program’s Applicant Guidebook contains conflicting guidance.
ICANN’s Board Governance Committee, which handles Reconsideration Requests, has now answered that question: you can ask for Reconsideration of a new gTLD objection ruling, but you’ll only win if you can prove that there was a process violation by the panel.
In its decision, the BGC stated:

Although Commercial Connect’s Objection was determined by a third-party DRSP, ICANN has determined that the Reconsideration process can properly be invoked for challenges of the third-party DRSP’s decisions where it can be stated that either the DRSP failed to follow the established policies or processes in reaching the decision, or that ICANN staff failed to follow its policies or processes in accepting that decision.

That’s moderately good news as a precedent for applicants wronged by objections, in theory. In practice, it’s likely to be of little use, and it was of no use to Amazon. The BGC said:

In the context of the New gTLD Program, the Reconsideration process does not call for the BGC to perform a substantive review of DRSP Panel decisions; Reconsideration is for the consideration of process- or policy-related complaints.
…
As there is no indication that either the ICDR or the Panel violated any policy or process in accepting and sustaining Commercial Connect’s Objection, this Request should not proceed. If Amazon thinks that it has somehow been treated unfairly in the process, and the Board (through the NGPC) adopts this Recommendation, Amazon is free to ask the Ombudsman to review this matter.

While the BGC declined to revisit the substance of the SCO, it did decide that it’s just fine for a panelist to focus purely on the meaning of the allegedly confusing strings, even if they’re wholly visually dissimilar.

The Panel’s focus on the meanings of the strings is consistent with the standard for evaluating string confusion objections. A likelihood of confusion can be established with any type of similarity, including similarity of meaning.

In other words, Nau’s over-cautious decision stands: .通販 and .shop will have to enter the same contention set.
That’s not great news for Amazon, which will probably have to pay Commercial Connect to go away at auction, but it’s also bad news for increasingly unhinged Commercial Connect, whose already slim chances of winning .shop are now even thinner.
Commercial Connect had also filed a Reconsideration Request around the same time as Amazon’s, using the .通販 precedent to challenge a much more sensible SCO decision, which ruled that .shop is not confusingly similar to .购物, Top Level Domain Holdings’ application for “.shopping” in Chinese.
The BGC ruled that the company had failed to adequately state a case for Reconsideration, meaning that this objection ruling also stands.
The big takeaway appears to be that the BGC reckons it’s okay for objection panels to deliver decisions that directly conflict with one another.
This raises, again, questions that have yet to be answered, such as: how do you form contention sets when one string has been ruled confusingly similar and also not confusingly similar to another?

dotShabaka Diary — Day 17, Collisions plan is a dog’s breakfast

The seventeenth installment of dotShabaka Registry’s journal, charting its progress towards becoming one of the first new gTLDs to go live, written by general manager Yasmin Omer.

Thursday 10 October 2013
As regular readers of this journal will know, we have been frustrated by the lack of certainty surrounding the new gTLD program.
Other industries would have picketed the building of the regulator with suitably angry placards being waved and a catchy song. Unfortunately in the domain name industry, angry blogs serve as a replacement to chaining ourselves to Fadi’s swivel chair.
So as a compromise, I ask readers to hum their favourite protest tune while reading our latest tale of woe.
Flippant commentary aside, the document ICANN released on name collisions yesterday (New gTLD Collision Occurrence Management) is a perfect example of what many applicants find challenging about ICANN staff’s use of the public comment process.
Despite the many detailed studies undertaken by a number of applicants and reported through the public comment process, it would appear that many of the recommendations or proposed solutions have been ignored by ICANN staff and the NGPC in favour of something that resembles a ‘dog’s breakfast’.
You’ll recall that ICANN made some suggestions to mitigate the risk of name collisions. There were three categories: High (dead men walking), Uncategorised (deer in headlights) and Low (phew ).
There was going to be a study about something at sometime that would decide stuff and the aforementioned deer would roam free. There was going to be a TLD tasting period during which time registries got to play spammer to unsuspecting ISPs (I wonder if I can get a refund like domain tasters used to, if I don’t get enough traffic?).
A comment period was had and people duly commented. Neither the original suggestions nor the comments seem to have any connection with what appeared in the document we read yesterday. The actions and processes discussed in the document are completely new. Oh, and the Board approved them.
A thought for those in the industry: are we so inured to this kind of procedural disdain that one more example simply doesn’t make us angry anymore?
So what of the document? Is it good for us and the industry? Well there is no low or uncategorised risk grouping anymore. Everyone is in the same bucket of riskiness. Depending on who you are, that might be good for you.
The TLD tasting period, where a TLD was delegated and emails were sent to every poor soul who made the mistake of looking up a non-existing TLD, is gone. That is definitely good. An outreach program with network operators and ISPs seems like an eminently sensible idea. A spam campaign chasing random DNS queries seems like a mad idea.
Now to the grim news – there will be another study (isn’t there always) and another process (if it’s implementation can we just… oh never mind).
The study will tell us which strings from the DITL data set (and other unnamed sets) are risky and why and what we should do with them. Such risk will be contextual to the TLD in question. There’s no detail on how many strings we are talking about. There’s no criteria for the string’s presence in the list (number of queries, type of queries, known risks etc). That sounds like a large chunk of work. No matter how it is automated.
The process to be determined is how the strings and suggested mitigations are delivered to and managed by registries. There’s potentially a lot of future system development and labour costs on the horizon for TLD operators.
Many TLDs will not need to wait for this completed work to delegate. However they must accept from ICANN a list of names they can’t delegate until the process/study and their personalised list of names is completed.
Firstly ICANN has to decide if you can take this option up. How will they do that you ask? I would point you to the very clear decision tree located within the document, only it appears to have been left out. Coming soon.
Second, ICANN has to create and send you the standby extra cautious list. Now we are getting nervous. Just how many names will be on this list? Will there be any filtering or common sense applied? Is the extra cautious list subject to comment? Does it exist already?
There’s also a new process that allows someone who suffers harm from the delegation of a second level domain to have it blocked for a period of up to 2 years. When one thinks through such a process it seems most likely that this harm is only determined after the delegation, not prior. Therefore Registries may be in a position where they need to un-delegate a domain already in use by a registrant.
That could be a rude shock to some innocent registrants. The principle of doing this bothers us. The practical and legal implication of doing this bothers us. And the lack of any detail around how this process is managed, most definitely bothers us.
Whenever I hear process and study I also hear delay. In fact the modus operandi of those opposing the gTLD program has not been to fight it, but to suggest one more study and another process, knowing the effect such activities will have.
So here we are, certain in our uncertainty that one day – soon or not so soon – we will be delegated.
We can’t be the only ones who have internal jokes about the randomness of ICANN policy development. They help us make light of the otherwise business crippling proclamations we receive with no warning.
Don’t you wish, just for once, those jokes weren’t so true?

Read previous and future diary entries here.

ICANN director quits, no reason given

Judith Vazquez has resigned from ICANN’s board of directors, a year before her term was due to expire, but ICANN has provided no explanation.
Vazquez joined the board in 2011, when she was appointed by the Nominating Committee. She had served two years of her three-year ICANN term and had one year left.
This week ICANN said, in a notice from general counsel John Jeffrey:

Judith Duavit Vasquez has formally notified me, as Secretary, that she has resigned from the ICANN Board. She has indicated that the effective date of her resignation will be Monday, 7 October 2013.

ICANN didn’t say why Vazquez, who was recruited by the Nominating Committee in 2011, had resigned.
Vazquez is a Filipino businesswomen with, according to her ICANN resume, experience developing the internet in her native country.
Vasquez was on the New gTLD Program Committee, which makes decisions for the board about new gTLDs.
Her company had originally applied for a new gTLD, which excluded her from the committee on conflict of interest grounds, but the the application was withdrawn before Reveal Day.
It will be up to this year’s Nominating Committee to find a replacement to fill in for the remainder of her term.

Jones distances herself from racy Go Daddy ads

Former Go Daddy general counsel Christine Jones has said she “didn’t particularly like” the company’s wildly successful, if sexually provocative, TV advertising.
Jones is one of several candidates for the Republican gubernatorial nomination in the company’s home state of Arizona.
She began her campaign officially this week, having come out on Twitter in August, and spoke to The Republic.
Asked about the “racy” TV spots, which were often focused on a large-chested woman with the Go Daddy logo emblazoned on her skimpy attire, Jones told the paper:

A lot of people have asked me about the Go Daddy ads, and to be candid, I didn’t particularly like those ads, either. If I had been running marketing, the ads would’ve been very different. But in the grand scheme of things, the ads ended up being pretty harmless. The ads really made that company successful, and that success allowed me to focus my personal time on developing policy, which made the Internet a better and safer place for users, especially children. Once people get to know me and they differentiate the marketing spin, which is this kind of edgy, Go Daddy-esque style, from my role there — which was running a place that had a lot of serious people doing a lot of serious work — they’ll understand there is a difference.

Some locals seem to be assuming that Go Daddy will support Jones’ campaign, with the paper reporting that “Jones’ entry into the race has political insiders — and opponents — intrigued and even unsettled by her resume and potentially hefty financial backing.”
There’s not a great deal of information about Jones’ positions in the interview, however.

Still no closure on GAC new gTLD advice

ICANN board members met again to discuss the Governmental Advisory Committee’s advice on new gTLDs at the weekend and, again, made baby steps towards addressing it.
The main update in a just-published New gTLD Program Committee resolution is that dozens of previously frozen applications for “closed generic” gTLDs have been thawed.
These applicants will be able to proceed to contracting with ICANN, as long as they agree to sign a version of the Registry Agreement that prohibits use of the string as a closed generic.
Closed generics haven’t been killed off, but anyone still planning to operate one is still in GAC limbo.
The NGPC said in its latest scorecard (pdf):

ICANN has received communications from many of the applicants for strings mentioned in this advice, stating that they are prepared enter the Registry Agreement as approved by the NGPC, which prohibits exclusive registry access for generic strings. Since moving forward with these applicants is consistent with the GAC advice, the NGPC directs staff to move forward with the contracting process for applicants for strings identified in the Category 2 Safeguard Advice that are prepared to enter into the Registry Agreement as approved.

The hundreds of “Category 1” strings — those, such as .law, .health and .games, that the GAC believes need extra regulation before being approved — are still on hold.
The NGPC said: “The NGPC is working on an implementation plan for the advice and will inform the GAC of the details upon approval by the NGPC.”
Does that mean ICANN will be accepting the advice? Right now, that’s not clear.
There was no movement on Amazon’s application for .amazon and transliterations, which were put on hold following the GAC’s advice at the Durban meeting in July.
Amazon submitted a lengthy argument challenging the legal basis of the GAC’s advice, which the NGPC is still mulling over.

New gTLD delegations probably not delayed by US government shutdown

If the US government shuts down tonight, would that delay the delegation of new gTLDs?
Probably not, from what I gather.
For reasons beyond the ken of most sane people*, the US legislature is currently deadlocked on a bill that would provide the funds to keep the executive wing of the government running.
It’s looking increasingly likely that the government is to shut down.
That’s a big deal for a whole range of important reasons, obviously, but it also has implications for new gTLD applicants.
The DNS root zone belongs to the US government, remember.
It’s managed by Verisign and ICANN’s IANA department suggests appropriate changes, but without USG the tripartite relationship that enables new TLDs to be delegated falls apart.
Without the NTIA in the mix, ICANN can make all the root zone change requests it wants and Verisign lacks the authority to execute them.
So there’s a reason to be worried if you’re a new gTLD applicant. If the National Telecommunications and Information Administration is out of the office for an indeterminate period, you may be looking at more delays.
However, it looks like the NTIA may have got that covered.
According to the Department of Commerce’s “Plan for Orderly Shutdown Due to Lapse of Congressional Appropriations”, (pdf) a “Telecomm. Policy Specialist”, tasked with “Emergency protection of internet management (ICANN)” is on the list of “Excepted Positions”.
I gather that this means that there’s going to be an NTIA person working during any possible shutdown to manage root zone changes, including gTLD delegations.
* It’s been several years since I lived in the States, and my grasp of the nuance of American political life has waned accordingly, but I gather the shutdown is somehow related to protecting insurance companies’ profit margins. Or defending the constitutional right to get better healthcare than people poorer than yourself. Something like that.

Name Collisions: Unanticipated Effects [Guest Post]

I attended the TLD Security Forum sponsored by Artemis in San Francisco five weeks ago. By happenstance, I became involved in a small group formed after the meeting that dedicated themselves to replicating the Interisle study (“Name Collisions in the DNS”) and carrying on with the next step in the analysis.
The work among competitors that occurred over the next four weeks was collaborative, intensive, and competent: an excellent example of how the multi-stakeholder model can accomplish significant work and publish it to the broad internet community in an effort to resolve an issue. It brought the right people together to accomplish more, faster than any other governance model would achieve.
Their work is easily identifiable among the many comments submitted on the name collision issue. Without offering an opinion on conclusions here, I note that the competence of work shines through and should be carefully considered.
The Interisle study sounded an alarm because it reported a potentially high number of domain name “collisions” that might result from the delegation of new gTLDs. The term “collision” is somewhat of a misnomer and the key issue, I think, is the use of search-list processing by companies in configuring their networks.
The Interisle report published the volumes of NX Domain responses by TLD and described possible harms but did not link harms to specific types of queries nor delve into the data in order to draw firm conclusions or propose mitigations.
There is nothing wrong with this –- the report was competently executed given the time available.
This is where several interested parties, mostly applicants, jumped in. In an impromptu meeting after the conference a half-dozen companies coordinated: the purchase of servers to analyze previously collected root-zone data (the “Day In The Life” or DITL data); acquisition of memberships in OARC, to whom the servers were donated; and the analysis of vast amounts of data.
Considerable time was spent redesigning queries in order to replicate the Interisle results from the DITL data so that the next step in the analysis would be seamless as the work transitioned from Interisle to this collaborative group.
Hypotheses were developed, queries written, data summarized and statistically tested. Every difference between the Interisle data and the newly analyzed data was discussed until the team was satisfied it would withstand public scrutiny.
The team met twice weekly in conference calls and traded numerous emails to flesh out technical details. Data scientists learned about the DNS, DNS experts learned about z-tests and the effects of non-standard distributions.
The team agreed to publish the data, which it has, so that anyone could perform analysis similar to that done by this team.
For me, these technical discussions brought to mind the reaffirmation of the effectiveness of the ICANN model that occurred as a result of this issue. Work continues and will be discussed at the next TLD Security Conference on October 1st in Washington, DC.
This is a guest post written by Kurt Pritz, ICANN’s former chief strategy officer. He is currently an independent consultant working with new gTLD applicants and others.