This article was originally intended to be a short one focused on indications that ICANN was exploring the establishment of a legal nexus outside the United States and discussing what that might mean—and whether it was consistent with the Affirmation of Commitments (AOC) entered into with the United States in 2009. Then, as completion neared, came the sudden and nearly simultaneous release of the October 7th Montevideo Statement and the announcement two days later of a proposed 2014 Brazil “Summit” focused on restructuring Internet governance. At that point the task vastly expanded.

So now this is intended to be an in-depth discussion of the broad and complex implications of these initiatives. It provides extensive and sometimes lengthy quotes from key individuals and documents so that readers have that background material readily at hand. There are also dozens of endnotes that provide links to the original sources, so that those so inclined can review them and form their own conclusions.

For those not inclined to wade through the full 17,000-words version [PDF], the following sums up the gist. The author hopes that this exploration makes a meaningful contribution to a very consequential Internet governance debate that, while not new, has just ascended to a new plateau of controversy and timeliness.

Overview

The last few weeks have witnessed startling developments related to Internet governance. A group of ten Internet technical organizations, including ICANN, issued a Montevideo Statement that collectively called for a globalization of the IANA function now performed under contract by ICANN with the United States. Immediately after its issuance ICANN’s CEO flew to Brasilia and subsequently announced with President Dilma Rousseff of Brazil a May 2014 “Summit” in Rio de Janeiro tasked to redesign Internet governance based upon principles contained in her September UN speech that also excoriated the U.S. for National Security Agency (NSA) cyber-espionage activities.

Two weeks later, during the Internet Governance Form (IGF) meeting in Bali, Indonesia, ICANN officials were peppered with questions about the purpose and agenda of the “Summit”. They responded with answers that included rhetorically downgrading it to a mere “meeting”, with an object not of finding solutions but simply establishing a framework and principles for further talks. But within weeks after the meeting’s announcement Brazil had taken over control of its planning, and it would come in a year already thick with official events related to Internet governance. An October 2014 International telecommunications Union (ITU) meeting will provide a platform for Russia, China, and other nations—including perhaps Brazil—to renew their push for UN/ITU entry into Internet regulation. A chaotic, divisive and inconclusive Rio meeting could well be a “Brazilian trap” that strengthens the hand of pro-UN forces. Overall, it may raise major risks in return for little in the way of new approaches or unique results.

The ostensible purpose of the meeting—to restore ‘trust’ in the Internet in the aftermath of NSA revelations—is a politically expedient but largely irrelevant “red herring”. The end game for Rio proponents appears to be the expedited termination of exclusive U.S. status as counterparty to the Internet Assigned Names Authority (IANA) contract controlling the authoritative root zone directory, the master address book of the Internet. But the cyber-espionage activities of the NSA and of every other technologically advanced nation make little use of the DNS as a spy tool, and changing the IANA counterparty will have no appreciable impact on any nation’s ability to monitor Internet communications or obtain state or industrial secrets through cyber-espionage. Unless there are more major new NSA revelations, by Spring 2014 their political fallout will likely have already been addressed by new arrangements and understandings between the US and EU nations, passage of a hortatory UN Resolution, and within the U.S. a combination of Executive and Congressional reform of the Agency’s domestic activities. These will render the NSA controversy even less relevant to any Brazil agenda.

No consensus proposal for replacing the U.S. counterparty role yet exists—and is unlikely to emerge from a meeting that eschews solutions. Yet the IANA contract provides crucial leverage for enforcing ICANN’s commitment to accountability and transparency contained in an Affirmation of Commitments (AOC) signed with the U.S. but benefiting the global Internet community. Absent an acceptable replacement regime ICANN could well become a richly self-funded organization that effectively answers to no one and can wield political influence via development contracts and other means.

It is noteworthy that ICANN’s push for a meeting ostensibly aimed at strengthening mult-stakeholderism was undertaken without advance consultation with ICANN’s stakeholders. Apparently, even though there is no more consequential ICANN policy issue, the much-vaunted bottom-up, multistakeholder model needed to be bypassed in order to save it. It is also unclear to what extent ICANN’s Board had a detailed understanding of the CEO’s plans or has subsequently ratified them. All these events must be evaluated in the light of ICANN’s long quest to reduce accountability and litigation risk—especially potential legal and tax liability—including recent revelations that it was seeking to establish a legal presence outside the U.S., in Switzerland and perhaps other nations.

Fissures rapidly emerged at the subsequent Bali IGF meeting over the purpose and composition of the Rio event. Business groups were generally opposed, technical organizations were skeptical but willing to pursue a narrow technical agenda, and civil society entities were pushing for a broad agenda focused on human rights matters. This predictable infighting over a hastily conceived and vaguely defined event indicates that it could well produce little but an aftermath of disappointment and recriminations.

The Obama Administration has yet to indicate its views on the proposed Rio meeting but Congress may well start asking questions soon. Given the outsized risks and minimal foreseeable rewards it might be prudent for the U.S. to clarify that, while open to discussions on the future of Internet governance and encouraging continuation of annual IGF gatherings—especially in 2014—it has no intention of attending an event when its only consistently stated purpose is to bring political pressure to bear for surrender of the IANA contract in advance of any consensus proposal for a replacement counterparty. The U.S. could also state that it intends to hold ICANN to its contractual commitment and to remain the contract’s sole counterparty through at least its current term ending in October 2015. That would allow all involved in Internet governance to step back from the Rio proposal and initiate a more deliberative approach to this critically important issue.

Introduction

Visitors to the ICANN home page now encounter an “ICANN@15” logo, which links to a webpage where individuals may post their own pictures and recollections of ICANN’s historic first decade and a half. Those taking that trip down ICANN’s memory lane read:

On September 30th, 1998, The Internet Corporation for Assigned Names and Numbers filed Articles of Incorporation in the State of California, the first step toward ICANN becoming the global steward of the Internet’s system of unique identifiers—the Domain Name System.

Indeed, throughout ICANN’s history it has been an American creation—spun out of the U.S. Department of Commerce, incorporated in California, with unique ties to the U.S. government. While formal U.S. oversight was terminated in 2009 and replaced by the AOC , the U.S. still retains a central role through its control of the contract for operation of IANA. The IANA contract is the vehicle through which ICANN coordinates the unique global identifiers of the domain name system (DNS) and provides it with the authority to pursue such initiatives as the new gTLD program, as its administration of the contract gives it the ability to recommend the addition of new gTLDs to the authoritative root zone. But those recommendations are then reviewed by the Department of Commerce (DOC) and, after it grants approval, technically consummated by VeriSign under a separate DOC contract.

The U.S. also serves as counterparty to the AOC, which helps all users of the DNS by committing ICANN to minimum levels of transparency and accountability to the global Internet community by “including commitments to: (a) ensure that decisions made related to the global technical coordination of the DNS are made in the public interest and are accountable and transparent; (b) preserve the security, stability and resiliency of the DNS; (c) promote competition, consumer trust, and consumer choice in the DNS marketplace; and (d) facilitate international participation in DNS technical coordination.” NetChoice Executive Director Steve DelBianco has observed that “the need to re-earn IANA every few years is all that keeps ICANN from walking away from the Affirmation of Commitments—the only document holding ICANN accountable to the community it serves, including users, governments, the private sector, and civil society. Reviews for the IANA Contract are a powerful reminder that ICANN serves at the pleasure of global stakeholders and has no permanent lock on managing the Internet’s name and address system.” So it is important to have a vigilant and empowered counterparty to the IANA contract for the AOC to be meaningful.

While marking its fifteenth anniversary there are indisputable signs that ICANN has become a rebellious teenager. Recent controversy generated by revelations of the NSA’s Internet-abetted data gathering and espionage activities provides the unsettled political context for recent developments. Yet upon examination it is clear that the NSA disclosures have no relevant connection to ICANN’s past, current or future governance structure.

There could be serious consequences if ICANN management pursues a course of rapidly terminating residual U.S. control, much less severing or at least substantially diluting its corporate legal ties to its native land. What choice of law will govern ICANN’s contractual ties to registries and registrars if it departs U.S. jurisdiction? What will replace the rather benign oversight exercised by the U.S. through the IANA contract, and will it lead to a more open Internet or a more politicized one? Will assertive governments usurp the central role now played in ICANN by the private sector and civil society?

And, perhaps most importantly, has there been adequate involvement with and approval of pending initiatives by ICANN’s Board—much less sufficient exercise of the bottom-up, multi- stakeholder consensus policy process it ostensibly seeks to strengthen—as ICANN’s senior management pursues what appears like an independent foreign policy? Answers to these questions should precede any alteration of ICANN’s present accountability and empowerment arrangements.

Conclusion

Regardless of whether the Brazil “Summit” transpires, who attends, or what it produces, the NSA revelations have clearly raised questions about the acceptable limits of cyber-surveillance. They have also provided an opportunity for the many parties—including, clearly, ICANN—who want to remove the final vestiges of U.S. control over ICANN to push toward that goal. Yet intelligence reform has no connection to the future course of Internet governance other than near-term expediency.

Ultimately, the most relevant question for members of the ICANN community, especially those hailing from the business and civil society sectors, is “Who will find ICANN?” That is, in what form will ICANN ultimately emerge in the wake of these developments—and subject to what, or any, control and accountability? The answers are too important to be addressed hastily.

Until these recent developments occurred one would have thought that the upcoming November ICANN meeting in Buenos Aires would be largely focused on the final stages of the new gTLD program, including the “name collision” issue. On the same day that the Montevideo Statement was issued, ICANN’s new gTLD Program Committee approved a New gTLD Collision Occurrence Management Plan that calls for yet more study on this critical issue involving collision occurrences between new gTLDs and existing private uses of the same “strings”. Entities experiencing such collisions could encounter a “broken Internet” that no longer functions predictably, and that exposes confidential data to theft. If such problems are widespread they could threaten ICANN’s credibility as technical manager of the DNS.

That ongoing search for collision solutions, undertaken even as new gTLDs begin to launch, is a strong reminder that the technical and marketplace success of the new gTLD program is far from assured, and that substantial problems, much less failure, could jeopardize ICANN’s future viability. CEO Chehade is also overseeing a vast expansion of the organization through the establishment of multiple new management hubs and outreach offices around the globe and a planned doubling of staff ranks by the end of FY 2014. Senior ICANN management already had more than a full plate—diverting management and stakeholder attention from these uncompleted tasks to take on politically charged matters of Internet governance could be a very risky course for ICANN. Indeed, during the GNSO call CEO Chehade conceded that addressing these new concerns was consuming a large amount of senior management time, stating, “I’ve had, on average, about 22 briefings a day, since Montevideo. I counted. So we’re, all of us, (inaudible) is doing them.”

Near the conclusion of the Webinar, CEO Chehade said, “We should all step back, take a deep breath, and consider what’s at stake here—an open Internet.” On that point we agree, but respectfully believe that those very high stakes argue for stepping back from the meeting in Brazil before stepping forward more deliberatively with plans more likely to preserve the multistakeholder model and a fully accountable ICANN.

Note: Other than direct quotes, the views expressed in this article are solely those of the author.

Copyright © 2013 by The Bureau of National Affairs, Inc.
Reproduced [or Adapted] with permission from Electronic Commerce & Law Report, Volume 18, No. 44 (Nov. 13, 2013). Copyright 2013 The Bureau of National Affairs, Inc. (800-372-1033) www.bna.com.