In a recent video interview conducted while he attended the World Economic Summit in Davos, Switzerland, ICANN CEO Fadi Chehade stated “legitimacy comes from accountability”.

That statement is correct. It is also troubling, in that many of ICANN’s recent policies and activities raise serious questions regarding whether it is sufficiently accountable and therefore perceived as acting in a legitimate manner—as well as whether it is continuing to faithfully abide by the Affirmation of Commitments (AOC) it entered into when the US government terminated direct oversight of ICANN in 2009.

One thing is very clear: ICANN’s President & CEO, with the full knowledge and backing of its Board, has seized on Edward Snowden’s unauthorized revelations of NSA intelligence activities involving the Internet as a rationale for seeking to sever its remaining tie to the U.S government embodied in the contract to operate the IANA function. His “foreign policy” activities have included public endorsement of harsh criticism of the U.S. voiced by Brazil’s President in a September 2013 UN address. ICANN’s Internet governance initiatives have bewildered many observers, as ICANN’s remit is limited to coordination of the Internet’s unique identifier systems, particularly the DNS namespace, with security and stability its top priority.

ICANN has also attained “international status” in Switzerland that may presage its intent to abrogate the AOC and transfer its headquarters from Los Angeles to Geneva. ICANN may terminate the AOC at any time by providing 120 days’ notice but is constrained from doing so as long as the U.S. remains counterparty on the IANA functions contract.

In reality the designated counterparty for the IANA contract has no bearing on any government’s ability to conduct intelligence activities via the Internet. Yet the ICANN-led initiative has now resulted in multiple developments focused on calls to “globalize” ICANN and the IANA function. However, the IANA contract is a strategic asset of the United States and cannot be transferred without U.S. acquiescence; such “globalization” could even require Congressional authorizing legislation.

But such globalization also raises profound legal and political issues—as well as the central question of whether a successful quest to transform ICANN into an International Organization with greatly diminished or even no U.S. ties would result in an organization with very substantial self-funding capabilities—but without meaningful accountability and accompanying transparency. Central to all these issues is the question of whether ICANN presently is and will remain sufficiently accountable and transparent. That is a particularly critical question given that ICANN need not rely on appropriations from any government of international organization—with a current operating budget exceeding $180 million and initial revenues from the new gTLD program already in excess of $300 million and quite possibly rising to more than $500 million once public auctions are held to resolve gTLD contention sets. Indeed, so long as there is interest among future applicants—whether it is voluntary or not, as could be the case for generic word brands seeking to protect their trademark at the top level of the DNS—ICANN can proceed to further increase its revenues through additional rounds of new gTLDs.

ICANN’s initiatives to sever its historic ties with the U.S, as well as five top-down mandated ICANN Presidential Strategy Panels undertaken absent any prior consultation with its own stakeholder community, have caused consternation within that community. While ICANN rhetoric focuses on maintaining and strengthening its multi-stakeholder model, its current practices indicate a management intent on redefining the structure and operations of the model. Intentionally or not, ICANN’s Internet Governance and Strategy Panel initiatives have also diverted the focus of its community and the public from the ongoing implementation of ICANN’s largest and most challenging program in history—the delegation of more than one thousand new gTLDs. While more than one hundred new gTLDs have launched to date their impact on security and stability, trademark rights, and consumer protection and competition authorities is just beginning to be recognized and evaluated—and early signs are worrisome.

All of these developments should raise concerns among policymakers, particularly within the U.S., and demonstrate the need for focused oversight, investigation, analysis and decision-making before the situation evolves past the point of no return.

For readers who are not inclined to wade through the full, nearly 24,000-words version [PDF] of this article, the following Executive Summary provides its main points. The full-length version contains extensive additional exploration and documentation of the topics addressed. The author hopes that this report and analysis makes a meaningful contribution to the very consequential Internet governance debate that is reaching a new plateau of engagement in 2014.

* * *
Executive Summary

Montevideo Statement

• ICANN’s CEO led the effort to organize the October 2013 meeting in Montevideo that asserted that revelations concerning NSA activities required accelerated globalization of ICANN and IANA functions. He did so pursuant to a secret September 2013 Board resolution that was not revealed until mid-November 2013.
• No consultation effort was engaged in with ICANN’s stakeholders and constituencies before these decisions were made.
• Secret Board resolutions are not consistent with ICANN’s commitment to transparency.
• ICANN Board actions have become more opaque in recent years. Steps should be taken to open Board meetings and actions to real-time public scrutiny.

Brazilian Internet Governance Meeting

• Immediately after concluding the Montevideo meeting, and after traveling to Brasilia and receiving Brazilian President Dilma Rousseff’s agreement to host an Internet Governance conference in that nation, ICANN’s CEO Fadi Chehade remarked that “she spoke for all of us, she spoke for the world” when she lambasted the United States over NSA intelligence activities in a September 2013 UN general Assembly address. Again, this meeting and request had the support of ICANN’s Board and was undertaken per their secret September Resolution. Chehade has agreed to be co-chair of the meeting and ICANN is contributing substantial funds to it.
• The United States, while rejecting any linkage between NSA activities and challenges to the current Internet governance model, has nonetheless agreed to be a co-host of the upcoming April meeting in Sao Paulo. No public explanation for this decision has been offered.
• While the primary goals of the meeting are Internet governance principles and a “roadmap for the future evolution of the Internet governance ecosystem”, NSA surveillance activities and divesting the U.S. of the IANA contract are inevitable additional subjects of discussion given the Montevideo call for ICANN and IANA globalization, and other factors.
• ICANN stakeholders and other interested parties are struggling to organize and provide meaningful input to the conference organizers before the March 8th cutoff they have set for receiving it.
• Although proponents of the meeting portray it as an opportunity to build support for the multi-stakeholder model in advance of the late fall 2014 ITU meeting in South Korea, the Secretary-general of the ITU and nations that support placing ICANN functions within the UN orbit will be attending Sao Paulo and in a position to influence its deliberations and outcome.

European Commission Declaration

• On February 12, 2014 the EC declared that, due to NSA revelations, that ICANN and the IANA functions must be globalized per a clear timeline.
• While the EC reaffirmed support for the multistakeholder model and rejected transfer of key functions to the International Telecommunications Union—declaring that “top-down approaches are not the right answer”—it did not propose an alternative that would assure ICANN accountability.
• The EC’s position on jurisdiction and choice of law could lead to imposition of the European Union’s approach on data protection, cybersecurity, and other matters on entities outside its direct jurisdiction—including U.S. companies.

Potential Consequences of ICANN and IANA Globalization

• It is now being recognized that ICANN has embarked on a general campaign linked to the NSA revelations in order to sever its remaining U.S. ties and accompanying oversight.
• Any transfer of authority over the IANA contract raises questions regarding effective ICANN accountability; politicization of IANA control; choice of law for contracts between ICANN and the contracted registry and registrar parties; and other important matters.
• ICANN’s Board has just approved the creation of several President’s Globalization Advisory Groups (GAG) in order to further support ICANN globalization. The GAG will address the issues of the Affirmation of Commitments (“AOC”); policy structures; legal structure; root server system; the IANA multistakeholder accountability; and, Internet governance.

ICANN and IANA “Globalization” Requires U.S. Government Acquiescence

• The IANA contract is a critical asset of the United States and cannot be transferred to any other entity absent U.S. agreement.
• The Department of Commerce arguably lacks the authority to facilitate such a transfer absent authorizing legislation enacted by Congress.
• Given this open legal question and the importance of a stable and secure Internet to global economic activity, as well as the current state-of-play, it would be prudent for relevant Congressional committees to immediately initiate a dialogue with DOC/NTIA on this matter as well as undertake independent inquiries and oversight activities.

ICANN’s Quest for “international Status”

• In addition to utilizing the NSA revelations as leverage to transfer the IANA contract and accompanying accountability, ICANN has diminished the status of its Los Angeles office to almost nominal headquarters status—possibly in violation of letter, and almost certainly the spirit, of its 2009 Affirmation of Commitments with the United States. The LA office is now one of three co-equal “hubs”, with the others located in Asia—Istanbul and Singapore. ICANN’s CEO will be based in those Asian hubs for the majority of 2014.
• At the January 2014 Davos World Economic Forum, CEO Chehade stated that the “time has come” for the US to pass on its ICANN stewardship because it is “no longer sustainable”.
• ICANN has openly declared its intention to seek International Organization status, and has obtained some form of “international status” from Switzerland. It has also stated it is seeking legal status in other nations. While ICANN staff originally portrayed the Swiss move as only being in contemplation of relocating certain functions out of LA, recent press reports and subsequent statements indicate that ICANN may be planning to move its headquarters to Geneva.
• There has been no dialogue with the ICANN community’s stakeholders regarding such a fundamental change, and there has been no transparent revelation of any discussion by the ICANN Board of these plans and their implementation.
• International status could render ICANN impervious to litigation and the accountability it brings. This is particularly troubling for an organization with very substantial self-funding capabilities, with an annual budget now exceeding $180 million and revenues from new gTLD applications exceeding $300 million. Subsequent rounds of new gTLDs are being contemplated and would raise substantial additional revenues.
• ICANN is free to formally abrogate the AOC at any time by simply providing 120 days’ notice. Many observers think it will likely do so upon transfer of the IANA functions contract away from the U.S. to another entity.

Accountability and Transparency

• The AOC is the key leverage by which ICANN is required to undertake sweeping period reviews to ensure continued accountability and transparency.
• Any transfer of the IANA function would likely be accompanied by abrogation of the AOC. Thus it is a critical issue by what means ICANN accountability and transparency would be enforced in the wake of that development.

Presidential Strategy Panels

• In another top-down management move at odds with ICANN’s professed devotion to bottom-up consensus policymaking, CEO Chehade announced the creation of five separate strategy panels in July 2013. No advance consultation with the ICANN community regarding the need or potential focus and output of these panels ever took place.
• Early indications are that the recommendations of the panels may be highly disruptive to ICANN’s present internal organization.
• Many members of the ICANN community feel that management’s Internet Governance and Strategy Panels initiatives are overwhelming its stakeholders.

Conflicts of Interest

• Ethical concerns are inherent within ICANN because Board members must have substantial technical DNS expertise to guide and constrain management, but such expertise is often tied to relationships with entities that can directly profit or be harmed by ICANN decisions.
• In response to public concerns, ICANN adopted a revised Conflicts of Interest Policy in May 2012. Yet there continues to be a lack of transparency regarding what activities or affiliations cause Board members to recuse themselves on certain votes, or from service on key Board subcommittees.
• A strong case can be made for greater disclosure of the business and investment activities of ICANN Board members to heighten public confidence that Board decisions are consistent with the global public interest. Ethical concerns would be substantially diminished if Board meetings were open to public view and if the minutes memorializing Board meetings provided far greater detail than at present.

New gTLD Second Level Trademark Protections

• After receiving significant community input, ICANN created two new rights protection mechanisms to assuage trademark owners’ concerns regarding potential cybersquatting resulting from ICANN’s unlimited new gTLD program—the Trademark Clearinghouse (TMCH) trademark registration database and the Universal Rapid Suspension (URS) expedited arbitration procedure. While these new tools are generally sound ICANN’s implementation has been questionable.
• Registrations in the TMCH—at $150 per trademark—have been far below expectations. Deloitte, which operates the TMCH under contract, has tried to spur registrations by expanding TMCH functions beyond those originally authorized. It has also embarked on what some regard as a scare campaign, warning US rights holders “that some of the biggest American brand names are at risk of intellectual property infringement online as the new TLDs are rolled out… This potentially compromises the reputation of each brand targeted”. The Deloitte “strategic consultant” issuing these warnings also serves as Chairman of ICANN’s GNSO Council, which makes policy decisions for all gTLDs.
• The URS is just beginning to be tested and appears to be operating as planned.
• Initial reports of new gTLD registrations indicate substantial cybersquatting activity at such new “strings” as .guru and .bike. The potential cost of dealing with intentional infringement at new gTLDs was a major concern of Senate Commerce Committee Chairman Jay Rockefeller when he urged ICANN to restrict the first round of the new gTLD program to a limited number of strings. Similar limitations had been urged by ICANN’s Governmental Advisory Committee (GAC).
• Multiple internal factors contributed to ICANN’s insistence on proceeding with an new gTLD program that allowed for an unlimited number of total applications as well as no limitation on the number of applications that could be submitted by a single entity.

New gTLD Top Level Protections

• The four separate grounds for objections to new gTLD strings were characterized by ICANN as protections provided to prevent abuse at the top level of the DNS through the new gTLD program. In practice they have proven to be expensive, generally ineffective, and resulting in conflicting decisions.
• One noteworthy failure was that of the Republican State Legislative Committee, the successful applicant for .gop, against a “portfolio applicant” for .republican. This failed objection should arguably never have been necessary because provisions in the program’s Applicant Guidebook (AG) barred entities with a history of cybersquatting from participating in the program, and ICANN received copious documentation of that history for the particular portfolio applicant. ICANN has never explained why that AG provision was found to be inapplicable to this applicant.
• ICANN, to the consternation of most of its community, accepted “expert advice” that the existence of singulars and plurals of the same gTLD, differing only by the letter “s”, would not be confusing to the public.
• ICANN has taken only the most limited action to reconcile inconsistent decisions of objection panelists. These inconsistencies were foreseeable given the failure to consolidate applications to identical strings, the latitude given to arbitration panelists, and the broad scope of the new gTLD program.

Public Protections for New gTLDs relating to Regulated Industries and Professions

• In April 2013 the GAC urged ICANN to impose a long set of stringent safeguards on new gTLDs associated with regulated industries and professions, lest domains in them be registered by bad actors for the purpose of perpetrating scams and attacks.
• A February 2014 ICANN Resolution on this subject fails to implement the GAC safeguards in a comprehensive or effective manner. The NTIA, which does not often publicly criticize ICANN,  has just advised it that requiring domain applicants to merely “represent” that they possess necessary authorizations, charters, licenses or other credentials “is different from the affirmative obligation for the registry operator to verify or validate the credentials of domain names registrants that indicate participation in certain professional and regulated sectors, as the GAC requested”.
• ICANN has rebuffed requests to solicit comment on other protective measures relating to such regulated sector strings, such as a Policy Advisory Board model supported by members of its Business Constituency and At-Large Advisory Council.
• ICANN’s main requirement for public protections – Public Interest Commitment specifications (PICs), while containing four mandatory measures, generally leave registry operators to propose the details of their own PICS without adequate accountability or safeguards. The PICs proposed by the applicant for the largest number of new gTLDs – including the particularly exploitable .charity – are weak and reserve the right of full cancelation as of January 2016.
• Absent effective safeguards and their enforcement by ICANN, the costs of problems emanating from these domains will be borne by the public and by governmental consumer protection and competition authorities.

Name Collisions

• Collisions between internal system administrative labels and new gTLD strings can lead to system crashes and vulnerabilities to hacking.
• Notwithstanding that its primary job is technical management of the DNS, and that the potential problem had been raised by ICANN’s own security and stability advisers in 2009, ICANN management failed to recognize or begin to address the issue of name collisions until it had closed the new gTLD application window.
• ICANN’s review process for security and stability issues raised by individual gTLD applications were based on criteria that excluded consideration of name collisions.
• ICANN has yet to comprehensively address the name collisions issue but is allowing new gTLDs to commence operation under an “alternative path to delegation”. This alternative path did not result from an open technical effort and has not been publicly analyzed by ICANN’s Security and Stability Advisory Committee (SSAC); ICANN has never disclosed what entity developed or influenced the adoption of the alternative approach.
• There are continuing questions regarding the effectiveness of ICANN’s efforts to educate the IT community regarding name collisions and the steps to be taken to ameliorate their effects.

Use of Auctions to Resolve Contention Sets

• ICANN decided after receiving community input that in lieu of qualitative evaluation of competing applications for the same gTLD it would utilize public auctions as the contention resolution method of last resort. This translates into the wealthiest applicant taking control of the string regardless of the merits of its proposed business model or the public benefits that could flow from competing applications.
• These public auctions could provide ICANN with tens or hundreds of millions of dollars in additional revenues, with the costs to be eventually recouped from registrants in the encompassed strings. ICANN has not yet determined or announced how these potentially very large auction proceeds will be used or provided firm assurances that they will not be added to general revenues.
• As one example, the result of this reliance on applicant monetary resources as the ultimate determinant resulted in the October 2013 withdrawal of the DotGreen charitable organization applicant for the .green gTLD when faced with the possibility of an auction against three well-funded portfolio applicants.
• The European Union (EU) recently advised ICANN that this use of auctions “is at odds with the “diversity and innovation” policy that ICANN seeks to promote” and urged ICANN to develop a more level playing field.
• In September 2013 ICANN entered into a contract with an auctions manager that was not the subject of publicly solicited competing bids. The contract will be extremely lucrative for the provider, guaranteeing four percent of the first $10 million bid in any auction. A public tender and competing bids would almost surely have resulted in a less generous agreement for the selected contractor.

Conclusions and Next Steps

This status report has documented a wide range of concerns and questions regarding ICANN’s current operations and future plans. Central to all of them is the issue of whether ICANN is currently operating with sufficient accountability and transparency, through a bottom-up consensus process, and in the interest of the global Internet-using public. The answers to these questions will determine the future stability and security of the domain name system and the growing global e-commerce that it supports.

As ICANN has deliberately precipitated a new global debate on the question of whether the IANA function contract should be transferred from the United States to another entity, it is incumbent that the U.S. government engage in an open and public discussion of the legal requirements for and implications of such action. Given the likelihood that any such transfer may require implementing legislation, and in any event should only be undertaken by the Executive Branch with the unmistakable backing of Congress, there is a clear and present need for all of the Congressional committees with jurisdictions and responsibilities related to this critical issue to begin to engage in focused oversight, investigation, analysis and decision-making. Given the history of the development of the DNS this responsibility falls upon the U.S. and should not be shirked.