The U.S. Commerce Department recently announced that it is prepared to relinquish its contracting role with ICANN for the provision of the IANA (Internet Assigned Numbers Authority) services. IANA provides a crucial function for the internet by processing and approving changes in the root zone file. This will likely reduce the power of U.S. government unilaterally to oversee or regulate ICANN’s processes for making policies that bind internet registries, registrars and registrants by means of mandatory flow down contracts.
When ICANN (Internet Corporation for Assigned Names and Numbers) was created in 1998, the US Government simultaneously entered into an agreement with Network Solutions (later acquired by Verisign) to distribute the “authoritative” and mission critical root zone file. ICANN (through its IANA department) was to specify any changes in the root zone and then, as directed by the U.S. Government itself, Network Solutions was to publish them. This gave the United States de facto control over the decision to recognize ICANN as the authoritative source of policy for the domain name system.
The U.S. offer to relinquish its role was made with conditions. The U.S. made clear it would not acquiesce to any arrangement that is not broadly supported by the stakeholders of the internet community, that threatens the security or stability of the internet, or that fails to maintain and enhance the “multi-stakeholder model” for policy making. And, in particular, the U.S. has said it will not accept any solution that involves governmental control or leadership of policy-making. In other words --The UN and ITU (International Telecommunication Union) need not apply.
Neelie Kroes of the EC has in the past called strongly for the US to step away from its role as the steward of the domain name system and potential source of ICANN accountability. She got her wish and applauded the US Government’s decision. She said: “the U.S. decision clears the way for the development of global Internet governance, where multiple stakeholders can have their say. The move will also ensure the web remains open, and is managed in a transparent way.” And the American government agreed with the EC position that ICANN should do whatever governing it does by means of a “multi-stakeholder” model that is open, transparent and accountable. But this leaves the core question: accountable to whom? And it presents the embarrassing anomaly that many countries calling for some global form of “governance” by ICANN have refused to agree to abide by ICANN policies.
With the U.S. divesture some wonder if ICANN will be accountable to anyone other than itself. An “affirmation of commitments” between ICANN and the U.S. government remains in place, but it is not really a binding contract and can be terminated on 120 days notice by either party. The root zone servers could in theory refuse to recognize the ICANN root as authoritative if ICANN were to “go rogue.” And the ICANN Board will doubtless argue that it is in various ways accountable to the community of stakeholders who participate in the policy development process in ICANN’s Generic Name Supporting Organization (and other internal advisory bodies). But John Curran of the American Registry for Internet Numbers (ARIN) has made the penetrating observation that it is very hard, perhaps impossible, for any organization to be “accountable” to itself.
Milton Mueller of Syracuse University has proposed the creation of a new non-profit organization, a Domain Name System Authority (DNSA), to perform the IANA functions, to be owned and controlled by all top level registries (including ccTLDs i.e. country codes like .uk) and the root zone operators. This DNSA would contractually agree to abide by ICANN policies. But it could condition that agreement on ICANN’s promise to refrain from regulating content or making rules that are not supported by consensus or that are not designed solely to preserve the stable and secure operation of the domain name system. Such a contract would help to prevent ICANN from becoming an unaccountable “internet governance” organization that might use denial of domain name registrations as a means of prohibiting actions otherwise lawful under local law.
Some European governments, even while invoking international human rights doctrines, would like to see ICANN do more to regulate online behavior. And ICANN has already partially crossed that “red line” by imposing conditions in “Specification 11” of contracts with new gTLD registries (e.g. .guru) that require them to require registrars to prohibit registrants (domain name holders) from, inter alia, infringing copyright or engaging in activities that “violate any applicable law”. Fadi Chehade, president of ICANN, stoutly denies that ICANN regulates content. But some “applicable laws” do so and some may argue that a registrar is in breach of Specification 11 if it does not revoke the domain name registrations of violators. Pressure on ICANN to become more accountable to the people who use the net will only intensify if ICANN forces the domain name industry to become global policemen.
One irony in the gradual expansion of ICANN controls into areas not strictly related to the technical operation of the domain name system, and the imposition by the board (via contracts) of rules that are not supported by a consensus among stakeholders, is that many ccTLD registries have refused to sign contracts with ICANN or to promise to abide by policies developed in the ICANN policy development process. (Some do provide funding for the IANA functions pursuant to an exchange of letters.) Even though the whole idea of ICANN was to provide for the development of policies on issues the uniform resolution of which was needed for sound operation of the domain name system, many European registries, United Kingdom (.uk), France (.fr) and Germany (.de) among them, refused to sign up to the kinds of contracts that ICANN has imposed on new gTLDs. The ccTLDs already had their delegations, from early internet pioneer Jon Postel, so ICANN couldn’t force them to agree to abide by policies ICANN might develop in the future.
The European Commission has strongly called for the US Government to step out of its supervisory role. At the same time, ccTLDs, including those in Europe, have argued that they are overseen by their local government authorities. (Of course, gTLDs also have to abide by the laws of the countries in which they are located.)
This leaves ICANN as a very odd duck. It often purports to deal only with narrow technical matters, but it has begun to create rules governing content and behavior online. It enforces its rules by contracts, but doesn’t have such contracts either with root server operators or with a large number of ccTLDs. It claims to be accountable, but it has no membership and its board is selected by a nominating committee that is itself selected by the board and subsidiary ICANN organizations.
U.S. Government review of root zone files under the IANA contract relationship was largely symbolic, but it did preserve the possibility that a “rogue” ICANN might be held in check by the possibility that the government would give the contract to someone else and decline to treat ICANN’s decisions regarding the conditions to be imposed on registries as authoritative. The Syracuse proposal is designed, in part, to create another powerful body (a non-profit owned by all registries) that might be able to hold ICANN to contract terms that limit its board’s power unilaterally to impose its own view of the global public interest (at least insofar as that relates to what content and behaviors can or must be regulated by domain name intermediaries by means of a threatened suspension of a domain name or of a registrar’s “accreditation”).
Some rules are in fact needed to assure the sound operation of the domain name system and its registration processes. But we are not ready for a global government regulating online content or behavior that does not threaten the operation of the net itself. There are too many diverse views on what constitutes the global public interest. ICANN has no mechanism to assure consent of the governed when it uses its monopoly control of the root zone file to impose mandatory, flow down adhesion contracts on domain name holders. If ICANN is not overseen by the U.S., it will face increasing pressure from various sources to use the technological affordances under its control (and the registries and registrars who contract with it) to regulate content. Control over ICANN’s powers, and meaningful consent of the governed by a global polity of netizens, can only be assured if all of the top level registries, including the ccTLDs, sign contracts that include agreement to abide by ICANN’s policies on particular topics directly relating to operation of the Domain Name System), but only when these policies are supported by consensus among all stakeholders. Such a contract would not supervise detailed ICANN decisions, but it would keep ICANN within its “constitutional” bounds.
Europeans must decide whether to back some new institutional arrangement (like the Syracuse DNSA plan) that enables ICANN to promise not to require registries and registrars to become general purpose internet governance policemen -- and thus credibly rebuff pressures to regulate content by responding that it does not have that power. And, once ICANN is safely back inside the box that was envisioned at its founding (making only policies supported by consensus and only policies dealing with the operation of and threats to the domain name system itself), the countries of the EU will have to decide whether to support the new arrangement by signing contracts that commit EU ccTLD registries to abide by policies developed by the “multi-stakeholders” in the ICANN policy development process.
The ccTLD’s will no longer have the excuse that they cannot compromise their country’s sovereignty by agreeing to abide by rules indirectly controlled by a single (U.S.) government. Some may be worried that an ICANN re-delegation decision could give the “country code” to another registry. But the question at issue relates primarily to regulation of the actions of registries through contracts regarding policies that flow down on registrars and registrants -- re-delegation policies would remain unchanged. By calling for the end of US government oversight and a global ICANN that can make some rules that are needed to secure the operation of the internet (when supported by consensus among all those affected), the EU governments have solidified the case that EU registries should agree to be bound by those rules -- and that they should join with all other top level domain registries to assure that root zone decisions cannot be used for political purposes and that ICANN remains narrowly focused and at least indirectly accountable to the global community of internet users.
David Johnson is former Chairman of the Electronic Frontier Foundation. He currently serves as a member of the High Level Multistakeholder Committee at the upcoming meeting on Internet Governance in São Paulo, Brazil.
 . The GNSO may or may not be viewed as a subservient part of ICANN, but it doesn’t have the ability to hold the Board to any standard of conduct.