Community revolts over ICANN’s auction proceeds power grab
Parts of the ICANN community have revolted over ICANN’s move to make it easier to turn off the mechanisms used to appeal its decisions.
Both registries and registrars, along with their usual opponents in the business and intellectual property communities, have told the Org that a proposal to change its foundational bylaws are overly broad and creates new powers to diminish ICANN’s accountability.
Meanwhile, the Intellectual Property Constituency seems to have escalated its beef with ICANN related to the proposals, entering into a Cooperative Engagement Process with ICANN. CEP is usually, but not always, a precursor to an expensive, quasi-judicial Independent Review Process case.
The row relates to the Grant Program, which launched a month ago and will see ICANN hand out $217 million it gained from auctioning registry contracts during the 2012 new gTLD program application round.
The rules of the program were developed by the Cross-Community Working Group on New gTLD Auction Proceeds.
The CCWG was afraid that ICANN might wind up frittering away most of the money on legal fees unless unsuccessful grant applicants, and third parties, were banned from appealing grant decisions they didn’t like. So its Recommendation 7 proposed a bylaws amendment that would prevent the Independent Review Process and Request for Reconsideration process from being used with reference to the Grant Program.
What ICANN came up with instead is a bylaws amendment that could be applied not only to the Grant Program, but also potentially to any future activities.
Specifically, ICANN’s proposed amendment gives future CCWGs, assuming they have sufficient community representation, the ability to recommend exceptions to the accountability mechanisms, which ICANN could then accept without having the amend the bylaws every time.
But almost every constituency that has filed an opinion on the proposals so far thinks ICANN has gone too far.
The IPC said says ICANN’s proposal is “unacceptably broad and exceeds what is necessary to give effect to Recommendation 7” adding:
The IPC is also concerned that making such a broad Bylaws amendment could have the consequence of normalizing the idea of removing access to accountability mechanisms, rather than this being an exceptional event. This is not something that should be encouraged.
The Registries Stakeholder Group said the proposal “creates an alternative path for amending the Bylaws that contradicts the existing amendment processes”
“The Accountability Mechanisms are foundational to ICANN’s legitimacy. Access to Accountability Mechanisms should be prevented only in rare circumstances with the clear support of the Empowered Community,” it added.
The Registrar Stakeholder Group concurred, writing:
Robust Accountability Mechanisms are a lynchpin of ICANN’s broader accountability structure. They should only be disallowed, if ever, in very specific circumstances, and as a result of the full bylaw amendment process. The proposed bylaws amendment vests CCWGs with the power to disallow Accountability Mechanisms which we believe is inappropriate.
Several commenters pointed out that CCWGs are less formal ICANN policy-making structure, with fewer checks and balances than regular Policy Development Processes.
The only dissenting view came from the At-Large Advisory Committee, which said it “strongly supports” ICANN’s proposed amendment, writing:
Although any limitation in accountability is potentially onerous, the ALAC is comfortable that the three conditions proposed in the amendment only allow such limitations in situations where a more specific Bylaw limitation would also be approved by the Empowered Community.
In a related development, the IPC has taken the highly unusual move of entering CEP with ICANN, suggesting it is on the IRP path.
The IPC had filed a Request for Reconsideration late last year, at a time when it appeared that ICANN had outright rejected Recommendation 7 (having previously approved it), but ICANN’s board threw it out mostly on the grounds that the IPC could not show it had been harmed, which the IPC found curious.
If the IPC were to go to IRP, it would be unprecedented. The mechanism has only ever been used by companies defending their commercial interests, never by one of ICANN’s own community groups on a matter of principle.
ASO uses super powers to demand ICANN turn over .org buyout docs
In an unprecedented move, ICANN’s Address Supporting Organization has exercised its special powers to demand ICANN hand over documents relating to the Ethos Capital acquisition of .org’s Public Interest Registry.
There’s a possibility, however small, that this could be the first shot in a war that could see the PIR acquisition scrapped.
Fair warning, this story is going to get pretty nerdy, which may not be compatible with the fuzzy-headedness that usually accompanies the first working day of the year. We’re heading into the overgrown weeds of the ICANN bylaws here, for which I apologize in advance.
The ASO — the arm of the ICANN community concerned with IP address policy — has asked ICANN Org for access to records concerning the $1.135 billion acquisition of PIR, which has attracted lots of criticism from non-profits, domainers and others since it was announced.
It’s unprecedented, and of interest to ICANN watchers, for a few reasons.
First, this is the ASO making the request. The ASO comprises the five Regional Internet Registries, the bodies responsible for handing out chunks of IP address space to ISPs around the world. It doesn’t normally get involved in policy related to domain names such as .org.
Second, it’s invoking an hitherto untested part of ICANN’s new bylaws that allows the certain community entities that make up the “Empowered Community” to make “Inspection Requests” of ICANN Org.
Third, and perhaps most importantly, there’s a hint of a threat that the ASO and other members of the EC may use their extraordinary powers to attempt to prevent the PIR acquisition from going ahead.
Before we unpick all of this, this is what the ASO has sent to ICANN, according to its December 31 statement:
As a Decisional Participant in the Empowered Community and pursuant to ICANN Bylaws section 22.7, the ASO hereby submits this Inspection Request to inspect the records of ICANN, including minutes of the Board or any Board Committee, for the purpose of determining whether the ASO’s may have need to use its empowered community powers in the near future relating to the potential assignment of the .org Registry Agreement. For this purpose, the ASO seeks to inspect any ICANN records which pertain to or provide relevant insight to the process by which ICANN will consider (and potentially approve) the assignment of the .org Registry Agreement, including the process by which input from the affected community will be obtained prior to ICANN’s consideration and potential approval of the assignment.
The Empowered Community is the entity that replaced the US government as ICANN’s primary overseer, following the IANA transition in late 2016.
Its members cover the breadth of the ICANN community, comprising the ASO, Generic Names Supporting Organization, Country Code Names Supporting Organization, Governmental Advisory Committee and At-Large Advisory Committee. Each member is a “Decisional Participant”.
Since the transition, its only real functions have been to approve appointments to the ICANN board of directors and to rubber-stamp the budget, but it does have some pretty powerful tools at its disposal, such as the nuclear ability to fire the entire board.
One of the powers enjoyed by each Decisional Participant, which has never been invoked publicly, is to make an Inspection Request — a demand to see ICANN’s accounts or documents related to the board’s decisions.
In this case, the ASO wants “records which pertain to or provide relevant insight to the process by which ICANN will consider (and potentially approve) the assignment of the .org Registry Agreement”.
But will it get this information? It seems the Inspection Request bylaw is a little bit like ICANN’s longstanding freedom-of-information commitment, the Documentary Information Disclosure Policy, with some key differences that arguably make the IR process less transparent.
Like DIDP, the IR process gives ICANN Org a whole buffet of rejection criteria to choose from. It can refuse requests for reasons of confidentiality or legal privilege, for example, or if it thinks the request is overly broad.
It can also reject a request if “is motivated by a Decisional Participant’s financial, commercial or political interests, or those of one or more of its constituents”, which makes the fact that this request is coming from the ASO particularly interesting.
If the GAC or the GNSO or the ccNSO, or even the ALAC, had made the request, ICANN could quite reasonably have thrown it out on the basis of “commercial or political interests”.
That’s not the case with the ASO, which makes me wonder (aloud, it seems) whether the ASO had received any nudges from other members of the EC before filing the request.
Inspection Requests also differ from DIDP in that any documents that are turned over are not necessarily published, and ICANN can also force the Decisional Participant to file a non-disclosure agreement covering their contents.
ICANN can even demand that an ASO member shows up at its Los Angeles headquarters in person to read (and, if they want, copy) the docs in question.
In short, ICANN has a lot of wriggle room to refuse or frustrate the ASO’s request, and it has a track record of not being particularly receptive to these kinds of demands.
The grey-hairs out there will recall that Karl Auerbach, one of its own directors, was forced to sue the organization back in 2002, just in order to have a look at its books.
But what’s perhaps most tantalizing about the ASO’s request is its excuse for wanting to inspect the documents in question.
It says it need the info “for the purpose of determining whether the ASO’s [sic] may have need to use its empowered community powers in the near future relating to the potential assignment of the .org Registry Agreement”.
One way of interpreting this is that the ASO needed to state a reason for its request and this is pretty much all it’s got.
But what powers does the Empowered Community have that could potentially cover the acquisition of PIR by Ethos? It certainly does not have the power to directly approve or reject the transfer of control of a gTLD contract.
The EC has nine bulleted powers in the ICANN bylaws. Some of them are explicitly about things like budgets and bylaws amendments, which could not possibly come into play here. I reckon only four could feasibly apply:
(i) Appoint and remove individual Directors (other than the President);
(ii) Recall the entire Board;
…
(viii) Initiate a Community Reconsideration Request, mediation or a Community IRP; and
(ix) Take necessary and appropriate action to enforce its powers and rights, including through the community mechanism contained in Annex D or an action filed in a court of competent jurisdiction.
Short of lawyering up or having the entire board taken out and shot, it seems like the most likely power that could be invoked at first would be the Community Reconsideration Request.
Judging by the bylaws, this is virtually identical to the normal Request for Reconsideration process, a process which very rarely results in ICANN actually reconsidering its decisions.
The major difference is that at least three of the five members of the Empowered Community has to vote in favor of filing such a request, and no more than one may object.
If they manage to muster up this consent — which could take many weeks — the fact that the reconsideration request comes from the “Community” rather than a single entity appears to make substantially no difference to how it is rejected considered by ICANN.
Threatening ICANN with a Community Reconsideration Request is a little like threatening to jump through an increasingly narrow series of hoops, only to find the last one leads into a pit filled with ICANN lawyers with laser beams attached to their heads.
A Community Independent Review Process, however, is a different kettle of snakes.
It’s substantially the same as a regular IRP — where ICANN’s fate is decided by a panel of three retired judges — except ICANN has to pay the complainant’s legal fees as well as its own.
ICANN’s track record with IRPs is not fantastic. It can and does lose them fairly regularly.
Could the ASO’s letter be the first portent of a community-led IRP bubbling up behind the scenes? Could such a move delay the PIR acquisition, putting Ethos’ plan for a profit-driven, price-raising .org on hold for a year or two? It’s certainly not impossible.
ICANN flips off governments over Whois privacy
ICANN has formally extended its middle finger to its Governmental Advisory Committee for only the third time, telling the GAC that it cannot comply with its advice on Whois privacy.
It’s triggered a clause in its bylaws used to force both parties to the table for urgent talks, first used when ICANN clashed with the GAC on approving .xxx back in 2010.
The ICANN board of directors has decided that it cannot accept nine of the 10 bulleted items of formal advice on compliance with the General Data Protection Regulation that the GAC provided after its meetings in Puerto Rico in March.
Among that advice is a direction that public Whois records should continue to contain the email address of the registrant after GDPR goes into effect May 25, and that parties with a “legitimate purpose” in Whois data should continue to get access.
Of the 10 pieces of advice, ICANN proposes kicking eight of them down the road to be dealt with at a later date.
It’s given the GAC a face-saving way to back away from these items by clarifying that they refer not to the “interim” Whois model likely to come into effect at the GDPR deadline, but to the “ultimate” model that could come into effect a year later after the ICANN community’s got its shit together.
Attempting to retcon GAC advice is not unusual when ICANN disagrees with its governments, but this time at least it’s being up-front about it.
ICANN chair Cherine Chalaby told GAC chair Manal Ismail:
Reaching a common understanding of the GAC’s advice in relation to the Interim Model (May 25) versus the Ultimate Model would greatly assist the Board’s deliberations on the GAC’s advice.
Of the remaining two items of advice, ICANN agrees with one and proposes immediate talks on the other.
One item, concerning the deployment of a Temporary Policy to enforce a uniform Whois on an emergency basis, ICANN says it can accept immediately. Indeed, the Temporary Policy route we first reported on a month ago now appears to be a done deal.
ICANN has asked the GAC for a teleconference this week to discuss the remaining item, which is:
Ensure continued access to the WHOIS, including non-public data, for users with a legitimate purpose, until the time when the interim WHOIS model is fully operational, on a mandatory basis for all contracted parties;
Basically, the GAC is trying to prevent the juicier bits of Whois from going dark for everyone, including the likes of law enforcement and trademark lawyers, two weeks from now.
The problem here is that while ICANN has tacit agreement from European data protection authorities that a tiered-access, accreditation-based model is probably a good idea, no such system currently exists and until very recently it’s not been something in which ICANN has invested a lot of focus.
A hundred or so members of the ICANN community, led by IP lawyers who won’t take no for an answer, are currently working off-the-books on an interim accreditation model that could feasibly be used, but it is still subject to substantial debate.
In any event, it would be basically impossible for any agreed-upon accreditation solution to be implemented across the industry before May 25.
So ICANN has invoked its bylaws fuck-you powers for only the third time in its history.
The first time was when the GAC opposed .xxx for reasons lost in the mists of time back in 2010. The second was in 2014 when the GAC overstepped its powers and told ICANN to ignore the rest of the community on the issue of Red Cross related domains.
The board resolved at a meeting last Thursday:
the Board has determined that it may take an action that is not consistent or may not be consistent with the GAC’s advice in the San Juan Communiqué concerning the GDPR and ICANN’s proposed Interim GDPR Compliance Model, and hereby initiates the required Board-GAC Bylaws Consultation Process required in such an event. The Board will provide written notice to the GAC to initiate the process as required by the Bylaws Consultation Process.
Chalaby asked Ismail (pdf) for a call this week. I don’t know if that call has yet taken place, but given the short notice I expect it has not.
For the record, here’s the GAC’s GDPR advice from its Puerto Rico communique (pdf).
the GAC advises the ICANN Board to instruct the ICANN Organization to:
i. Ensure that the proposed interim model maintains current WHOIS requirements to the fullest extent possible;
ii. Provide a detailed rationale for the choices made in the interim model, explaining their necessity and proportionality in relation to the legitimate purposes identified;
iii. In particular, reconsider the proposal to hide the registrant email address as this may not be proportionate in view of the significant negative impact on law enforcement, cybersecurity and rights protection;
iv. Distinguish between legal and natural persons, allowing for public access to WHOIS data of legal entities, which are not in the remit of the GDPR;
v. Ensure continued access to the WHOIS, including non-public data, for users with a legitimate purpose, until the time when the interim WHOIS model is fully operational, on a mandatory basis for all contracted parties;
vi. Ensure that limitations in terms of query volume envisaged under an accreditation program balance realistic investigatory crossreferencing needs; and
vii. Ensure confidentiality of WHOIS queries by law enforcement agencies.
b. the GAC advises the ICANN Board to instruct the ICANN Organization to:
i. Complete the interim model as swiftly as possible, taking into account the advice above. Once the model is finalized, the GAC will complement ICANN’s outreach to the Article 29 Working Party, inviting them to provide their views;
ii. Consider the use of Temporary Policies and/or Special Amendments to ICANN’s standard Registry and Registrar contracts to mandate implementation of an interim model and a temporary access mechanism; and
iii. Assist in informing other national governments not represented in the GAC of the opportunity for individual governments, if they wish to do so, to provide information to ICANN on governmental users to ensure continued access to WHOIS.
Concern as ICANN shuts down “independent” security review
Just a year after gaining its independence from the US government, ICANN has come under scrutiny over concerns that its board of directors may have overstepped its powers.
The board has come in for criticism from almost everyone expressing an opinion at the ICANN 60 meeting in Abu Dhabi this week, after it temporarily suspended a supposedly independent security review.
The Security, Stability and Resiliency of the DNS Review, known as SSR-2, is one of the mandatory reviews that got transferred into ICANN’s bylaws after the Affirmation of Commitments with the US wound up last year.
The review is supposed to look at ICANN’s “execution of its commitment to enhance the operational stability, reliability, resiliency, security, and global interoperability of the systems and processes, both internal and external, that directly affect and/or are affected by the Internet’s system of unique identifiers that ICANN coordinates”.
The 14 to 16 volunteer members have been working for about eight months, but at the weekend the ICANN board pulled the plug, saying in a letter to the review team that it had decided “to suspend the review team’s work” and said its work “should be paused”.
Chair Steve Crocker clarified in sessions over the weekend and yesterday that it was a direction, not a request, but that the pause was merely “a moment to take stock and then get started again”.
Incoming chair Cherine Chalaby said in various sessions today and yesterday that the community — which I take to mean the leaders of the various interest groups — is now tasked with un-pausing the work.
Incoming vice-chair Chris Disspain told community leaders in an email (pdf) yesterday:
The Board has not usurped the community’s authority with respect to this review. Rather, we are asking the SOs and ACs to consider the concerns we have heard and determine whether or not adjustments are needed. We believe that a temporary pause in the SSR2 work while this consideration is under way is a sensible approach designed to ensure stakeholders can reach a common understanding on the appropriate scope and work plan
Confusion has nevertheless arise among community members, and some serious concerns and criticisms have been raised by commercial and non-commercial interests — including governments — over the last few days in Abu Dhabi.
But the board’s concerns with the work of SSR-2 seem to date back a few months, to the Johannesburg meeting in June, at which Crocker said “dangerous signals” were observed.
It’s not clear what he was referring to there, but the first serious push-back by ICANN came earlier this month, when board liaison Kaveh Ranjbar, apparently only appointed to that role in June, emailed the group to say it was over-stepping its mandate.
Basically, the SSR-2 group’s plan to carry out a detailed audit of ICANN’s internal security profile seems to have put the willies up the ICANN organization and board.
Ranjbar wrote:
The areas the Board is concerned with are areas that indeed raise important organizational information security and organizational oversight questions. However, these are also areas that are not segregated for community review, and are the responsibility of the ICANN Organization (through the CEO) to perform under the oversight of the ICANN Board.
…
While we support the community in receiving information necessary to perform a full and meaningful review over ICANN’s SSR commitments, there are portions of the more detailed “audit” plan that do not seem appropriate for in-depth investigation by the subgroup. Maintaining a plan to proceed with detailed assessments of these areas is likely to result in recommendations that are not tethered to the scope of the SSR review, and as such, may not be appropriate for Board acceptance when recommendations are issued. This also can expand the time and resources needed to perform this part of the review.
This does not seem hugely unreasonable to me. This kind of audit could be expensive, time-consuming and — knowing ICANN’s history of “glitches” — could have easily exposed all kinds of embarrassing vulnerabilities to the public domain.
Ranjbar’s letter was followed up a day later with a missive (pdf) from the chair of ICANN’s Security and Stability Advisory Committee, which said the SSR-2’s work was doomed to fail.
Patrick Falstrom recommended a “temporarily halt” to the group’s work. He wrote:
One basic problem with the SSR2 work is that the review team seems neither to have sufficient external instruction about what to study nor to have been able to formulate a clear direction for itself. Whatever the case, the Review Team has spent hundreds of hours engaged in procedural matters and almost no progress has been made on substantive matters, which in turn has damaged the goodwill and forbearance of its members, some of whom are SSAC members. We are concerned that, left to its own devices, SSR2 is on a path to almost certain failure bringing a consequential loss of credibility in the accountability processes of ICANN and its community.
Now that ICANN has actually acted upon that recommendation, there’s concern that it sets a disturbing precedent for the board taking “unilateral” action to scupper supposedly independent accountability mechanisms.
The US government itself expressed concern, during a session between the board and the Governmental Advisory Committee in Abu Dhabi today.
“This is unprecedented,” US GAC rep Ashley Heineman said. “I just don’t believe it was ever an expectation that the ICANN board would unilaterally make a decision to pause or suspend this action. And that is a matter of concern for us.”
“It would be one thing if it was the community that specifically asked for a pause or if it was a review team that says ‘Hey, we’re having issues, we need a pause.’ What’s of concern here is that ICANN asked for this pause,” she said.
UK GACer Mark Carvell added that governments have been “receiving expressions of grave concern” about the move and urged “maximum transparency” as the SSR-2 gets back on track.
Jonathan Zuck of the Innovators Network Foundation, one of the volunteers who worked on ICANN’s transition from US government oversight, also expressed concern during the public forum session yesterday.
“I think having a fundamental accountability mechanism unilaterally put on hold is something that we should be concerned about in terms of process,” he said. “I’m not convinced that it was the only way to proceed and that from a precedential standpoint it’s not best way to proceed.”
Similar concerns were voiced by many other parts of the community as they met with the ICANN board throughout today and yesterday.
The problem now is that the bylaws do not account for a board-mandated “pause” in a review team’s work, so there’s no process to “unpause” it.
ICANN seems to have got itself tangled up in a procedural quagmire — again — but sessions later in the week have been scheduled in order for the community to begin to untangle the situation.
It doubt we’ll see a resolution this week. This is likely to run for a while.
ICANN ditches plan to give governments more power
ICANN has quietly abandoned a plan to make it harder for its board of directors to go against the wishes of national governments.
A proposal to make a board two-thirds super-majority vote a requirement for overruling advice provided by the Governmental Advisory Committee is now “off the table”, ICANN CEO Fadi Chehade told a US Senate committee hearing today.
The threshold, which would replace the existing simple majority requirement, was proposed last August as a result of talks in a board-GAC working group.
At the time, I described the proposal as a “fait accompli” — the board had even said it would use the higher threshold in votes on GAC advice in advance of the required bylaws change.
But now it’s seemingly gone.
The news emerged during a hearing of the Senate Committee on Commerce, Science, and Transportation today in Washington DC, which was looking into the transition of US oversight of ICANN’s IANA functions to a multi-stakeholder process.
Asked by Sen. Deb Fischer whether the threshold change was consistent with ICANN’s promise to limit the power of governments in a post-US-oversight world, Chehade replied:
You are right, this would be incongruent with the stated goals [of the IANA transition]. The board has looked at that matter and has pushed it back. So it’s off the table.
That came as news to me, and to others listening to the hearing.
The original plan to change the bylaws came in a board resolution last July.
If it’s true that the board has since changed its mind, that discussion does not appear to have been documented in any of the published minutes of ICANN board meetings.
If the board has indeed changed its mind, it has done so with the near-unanimous blessing of the rest of the ICANN community (although I doubt the GAC was/will be happy).
The public comment period on the proposal attracted dozens of responses from community members, all quite vigorously opposed to the changes.
The ICANN report on the public comments was due October 2, so it’s currently well over four months late.
UPDATE 1: An ICANN spokesperson just got in touch to say that the board decided to ditch its plan in response to the negative public comments.
UPDATE 2: Another ICANN spokesperson has found a reference to the board’s U-turn in the transcript of a meeting between the ICANN board and GAC at the Los Angeles public meeting last October. A brief exchange between ICANN chair Steve Crocker and Heather Dryden, then chair of the GAC, reads:
DRYDEN: On the issue of the proposed bylaw changes to amend them to a third — two-thirds majority to reject or take a decision not consistent with the GAC’s advice, are there any updates there that the Board would like to — the Board or NGPC? I think it’s a Board matter? Yes?
CROCKER: Yes.
Well, you’ve seen the substantial reaction to the proposal.
The reaction embodies, to some extent, misunderstanding of what the purpose and the context was, but it also is very instructive to all of us that the timing of all this comes in the middle of the broader accountability question.
So it’s — I think it’s in everyone’s interest, GAC’s interest, Board’s interest, and the entire community’s interest, to put this on hold and come back and revisit this in a larger context, and that’s our plan.
So it seems that the ICANN board did tip its hand a few months ago, but not many people, myself included, noticed.
Governments to get more power at ICANN
Governments are to get more power to influence ICANN’s board of directors.
Under a proposal launched late Friday, ICANN plans to make it harder for the board to reject the often-controversial advice of the Governmental Advisory Committee.
Today, the board is able to reject GAC advice with a simple majority vote, which triggers a consultation and reconciliation process.
Following the proposed changes to the ICANN bylaws, the threshold would be increased to a two-thirds majority.
The change is to be made following the recommendations of the Board-GAC Recommendations Implementation Working Group, made up of members of the board and the GAC.
The new rule would bring the GAC into line with the multistakeholder Generic Names Supporting Organization. The ICANN board also needs a two-thirds vote to reject a formal GNSO recommendation.
The differences between the GAC and the GNSO include the lack of detailed industry awareness GAC members regularly demonstrate during their public meetings, and the fact that GAC advice regularly comprises deliberately vague negotiated language that ICANN’s board has a hard time interpreting.
That disconnect may improve in future due to the recent creation of a GAC-GNSO liaison position, designed to keep the GAC up to date with policy goings-on between the thrice-yearly ICANN meetings.
The proposed bylaws change is open for public comment, but appears to be a fait accompli; the board has already said it will use the higher voting threshold if called to make a decision on GAC advice prior to its formal adoption.
Recent Comments