Underneath the Hood: Ownership vs. Stewardship of the Internet

August 23rd, 2011 by kc

[I posted the following on CircleID today:]

As is well known to most CircleID readers — but importantly, not to most other Internet users — in March 2011, ICANN knowingly and purposefully embraced an unprecedented policy that will encourage filtering, blocking, and/or redirecting entire virtual neighborhoods, i.e., “top-level domains” (TLDs). Specifically, ICANN approved the creation of the “.XXX” suffix, intended for pornography websites. Although the owner of the new .XXX TLD deems a designated virtual enclave for morally controversial material to be socially beneficial for the Internet, this claim obfuscates the dangers such a policy creates under the hood.

Years of unequivocal and pervasive opposition from governments, businesses, and consumer groups shed doubt on ICANN’s plan to launch .XXX, and India has already announced plans to block reachability to XXX. Meanwhile, even ICANN acknowledges that it does not understand the economic and political consequences of legitimizing macroscopic blocking behavior.

In its 20-page defense of the decision, which anticipates defending lawsuits via financing set aside from .XXX registration fees, ICANN claimed there is no evidence that the result will be different from the blocking that already occurs. This assertion implies that ICANN has attempted to study who, what, where, and how domains are being blocked and what technical impacts are observable. This is simply not so.

Despite the explicit request for technical due diligence on the security and stability impacts of TLD blocking by its Government Advisory Committee (GAC) — a weak source of oversight and accountability — the ICANN board never consulted its own Security and Stability Advisory Committee (SSAC) before their decision. When asked by the GAC directly during the March 2011 ICANN meeting, SSAC pulled together a brief advisory just before the next meeting in June, acknowledging the lack of any data to make any judgments regarding blocking, but noting: “All approaches to blocking, and even more so attempts to circumvent it, will have some impact on the security and/or stability of users and applications, and on the coherency or universal resolvability of the namespace.” SSAC offered to investigate the issue further, and in the interim offered an ethical principle — “first do no harm” — to guide the development of blocking policies: “minimizing harm requires a concerted effort to not create circumstances where Internet users outside an organization’s policy domain are adversely affected by that organization’s policy or implementation.”

If ICANN had used such a principle to guide its .XXX decision, it would not have been approved. Putting .XXX into the root will likely lead to significant harms, including castrating free speech rights in countries with repressive regimes or agendas, and weakening Internet (i.e., DNS) security and stability as a result of attempts to both filter out and circumvent filtering of .XXX. This prediction draws support from the May 2011 publication of a paper by a group of leading DNS experts which foretold likely harms from DNS filtering requirements related to proposed U.S. legislation. The report echoed the admonition that filtering would threaten the long-run security, stability, and interoperability of the domain name system (DNS).

Worse, there is no clear public interest case for the inclusion of .XXX in the DNS root database, but rather a few private beneficiaries. The adult content industry has spoken out loudly against it, as have most other communities from across the political spectrum. Who then, does support this policy? A tiny minority of private industry Internet insiders — DNS registries and registrars. ICANN admitted and the industry it regulates proclaimed loudly that ICANN could not let anything further delay its ambitious plans to sell up to 1500 new TLDs a year (launched in June) until something about the Internet observably breaks. Enter the real driver of this policy. We need only reflect on our mortgage crisis to understand how history begs to repeat itself. Picture a digital real estate bubble consisting of infinite character strings (.yournamehere), monetized at $185,000 each, issued under the guise of genuine public debate and transparent policy process, and inevitably resulting in intractable disputes over geographic TLD real estate (does Russia or Florida get .StPetersburg?) and extortion of registration fees to prevent someone else from registering your brand in a new TLD. All done without consideration of the collateral effects on the 6.5B people expected to use the naming system.

But it gets worse — ICANN even acknowledges that .XXX would not meet today’s criteria for a TLD due to the overwhelming community objections, including from the intergovernmental GAC. Rather, ICANN justified its decision to move forward on the platform of consistency of process, clinging to the criteria originally set in 2004 despite their self-contradicting implications. As dissenting ICANN board member George Sadowsky eloquently explained, “it was victory of compulsory adherence to process, rather than a serious discussion regarding ICANN’s responsibility for the future of the DNS and the Internet.” It was a victory of process over goals and of means over ends, where ensuing harm will be met by an ICANN defense of, “But we were only following the process.”

The approval of .XXX marks a historical inflection point, where ICANN’s board formally abandoned any responsibility to present an understanding of the ramifications of probable negative externalities (“harms”) in setting its policies. The most potent effect of creating .XXX on the Internet will be to give credence to the destabilizing concept of multiple namespaces, with political, sociological and economic ramifications that weaken security and stability, whether or not the blocking is even effective. This is not something Wall Street, K-Street, or Main Street will be able to invest, lobby, or vote its way out of.

ICANN’s current arrangement with the U.S. government that aims for transparency, accountability, and the global public interest amounts to little more than hand-waving given the lack of incentives, legal enforceability or other formal accountability to achieve those objectives. The success of ICANN is important, because there is no good alternative. But responsible stewardship of the Internet is more important, and requires earnest and transparent effort to develop policy in the public interest, not only in the financial interest of ICANN and the domain name industry it regulates.

ICANN had every public interest justification, including an obligation and an opportunity with .XXX to demonstrate accountable policy development, to delay the new generic TLD program until it was demonstrated by independent peer- reviewed research that this decision was not antagonistic to the technical and economic security and stability of the Internet. That ICANN chose to relinquish this responsibility puts the U.S. government in the awkward position of trying to tighten the few inadequate controls that remain over ICANN, and leaves individual and responsible corporate citizens in the unenviable yet familiar position of bracing for the consequences.


[Disclosure: Dr. Claffy leads Internet research projects funded by the Department of Homeland Security and the National Science Foundation. She also serves on two advisory committees to ICANN: the Security and Stability and Root Server System Advisory Committees. The opinions here reflect only hers.]

This article also appeared in ACM Sigcomm CCR October 2011.

Leave a Reply