ICANN headquarters in Playa Vista, Los Angeles, California. Wikicommons/ Coolcaesar. Some rights reserved.In March 2014, the US government announced that they were going to end the contract they have with the Internet Corporation for Assigned Names and Numbers (ICANN) to run the Internet Assigned Numbers Authority (IANA), and hand over control to the “global multistakeholder community”. They insisted that the plan for transition had to come through a multistakeholder process and have stakeholders “across the global internet community”.
Why is the US government removing the National Telecommunications and Information Administration (NTIA) contract?
The main reason for the US government's action is that it will get rid of a political thorn in its side: keeping the contract allows them to be called out as having a special role in internet governance (with the Affirmation of Commitments between the US Department of Commerce and ICANN, the IANA contract, and the cooperative agreement with Verisign), and engaging in unilateralism with regard to the operation of the root servers of the internet naming system, while repeatedly declaring that they support a multistakeholder model of internet governance.
This contradiction is what they are hoping to address. Doing away with the NTIA contract will also increase — ever so marginally — ICANN’s global legitimacy; this is something that world governments, civil society organisations, and some American academics have been asking for since ICANN’s inception in 1998. For instance, here are some demands made in a declaration by the Civil Society Internet Governance Caucus at WSIS, in 2005:
- ICANN will negotiate an appropriate host country agreement to replace its California Incorporation, being careful to retain those aspects of its California Incorporation that enhance its accountability to the global internet user community.
- ICANN's decisions, and any host country agreement, must be required to comply with public policy requirements negotiated through international treaties in regard to, inter alia, human rights treaties, privacy rights, gender agreements and trade rules.
- It is also expected that the multi-stakeholder community will observe and comment on the progress made in this process through the proposed [internet governance] Forum.
In short: the objective of the transition is political, not technical. In an ideal world, we should aim at reducing US state control over the core of the internet's domain name system. [i]
It is our contention that US state control over the core of the internet's domain name system is not being removed by the transition that is currently under way.
Why is the transition happening now?
Despite the US government having given commitments in the past that were going to finish the IANA transition by September 30, 2000 (the White Paper on Management of Internet Names and Addresses states: "the US Government would prefer that this transition be complete before the year 2000. To the extent that the new corporation is established and operationally stable, September 30, 2000 is intended to be, and remains, an 'outside' date.") and later by "fall of 2006" [ii], those turned out to be empty promises. However, this time, the transition seems to be going through, unless the US Congress manages to halt it.
However, in order to answer the question of "why now?" fully, one has to look a bit at the past.
In 1998, through the White Paper on Management of Internet Names and Addresses the US government asserted it’s control over the root, and asserted — some would say arrogated to itself — the power to put out contracts for both the IANA functions as well as the 'A' Root (i.e., the Root Zone Maintainer function that Network Solutions Inc. then performed, and continues to perform to date in its current avatar as Verisign). The IANA functions contract — a periodically renewable contract — was awarded to ICANN, a California-based non-profit corporation that was set up exclusively for this purpose, but which evolved around the existing IANA (to placate the Internet Society).
Meanwhile, of course, there were criticisms of ICANN from multiple foreign governments and civil society organisations. Further, despite it being a California-based non-profit on contract with the government, domestically within the US, there was pushback from constituencies that felt that more direct US control of the DNS was important.
As Goldsmith and Wu summarise:
Milton Mueller and others have shown that ICANN’s spirit of “self-regulation” was an appealing label for a process that could be more accurately described as the US government brokering a behind-the-scenes deal that best suited its policy preferences ... the United States wanted to ensure the stability of the internet, to fend off the regulatory efforts of foreign governments and international organisations, and to maintain ultimate control. The easiest way to do that was to maintain formal control while turning over day-to-day control of the root to ICANN and the Internet Society, which had close ties to the regulation-shy American technology industry.
And that brings us to the first reason that the NTIA announced the transition in 2014, rather than earlier.
The NTIA now sees ICANN as being mature enough: the final transition was announced 16 years after ICANN's creation, and complaints about ICANN and its legitimacy had largely died down in the international arena in that while. Nowadays, governments across the world send their representatives to ICANN, thus legitimising it. States have largely been satisfied by participating in the Government Advisory Council, which, as its name suggests, only has advisory powers. Further, unlike in the early days, there is no serious push for states assuming control of ICANN. Of course they grumble about the ICANN Board not following their advice, but no government, as far as I am aware, has walked out or refused to participate.
Many within the United States, and some without, believe that the US not only plays an exceptional role in the running of the internet — by dint of the historical development and dominance of American companies — but that it ought to have an exceptional role because it is the best country to exercise 'oversight' over 'the internet' (often coming from clueless commentators, and from dinosaurs of the internet era, like American IP lawyers and American 'homeland' security hawks, Jones Day, who are ICANN's lawyers, and other jingoists and those policymakers who are controlled by these narrow-minded interests.
The Snowden revelations were, in that way, a godsend for the NTIA, as it allowed them a fig-leaf of international criticism, with which to counter these domestic critics and carry on with a transition that they have been seeking to put into motion for a while. The Snowden revelations led Dilma Rousseff to state in September 2013, at the 68th UN General Assembly, that Brazil would "present proposals for the establishment of a civilian multilateral framework for the governance and use of the Internet", and as Diego Canabarro points out, this catalysed the US government and the technical community into taking action.
Given this context, a few months after the Snowden revelations, the so-called ‘I* organisations’ met — seemingly with the blessing of the US government [iii] — in Montevideo, and put out a 'Statement on the Future of Internet Governance' that sought to link the Snowden revelations on pervasive surveillance with the need to urgently transition the IANA stewardship role away from the US government. Of course, the signatories to that statement knew fully well, as did most of its readers, that there is no linkage between the Snowden revelations about pervasive surveillance and the operations of the DNS root, but still they, and others, linked them together. Specifically, the I* organisations called for "accelerating the globalisation of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing."
One could posit the existence of two other contributing factors as well.
Given political realities in the United States, a transition of this sort is probably best done before an ultra-jingoistic president steps into office.
Lastly, the ten-yearly review of the World Summit on Information Society (WSIS) was currently under way. At the original WSIS (as seen from the civil society quoted above) the issue of US control over the root was a major issue of contention. At that point (and during where the 2006 date for globalisation of ICANN was emphasised by the US government).
Why jurisdiction is important
Jurisdiction has a great many aspects. Inter alia, these are:
- Legal sanctions applicable to changes in the root zone (for instance, what happens if a country under US sanctions requests a change to the root zone file?)
- Law applicable to resolution of contractual disputes with registries, registrars, etc.
- Law applicable to labour disputes.
- Law applicable to competition / antitrust law that applies to ICANN policies and regulations.
- Law applicable to disputes regarding ICANN decisions, such as allocation of Generic top-level domains (GTLDs), or non-renewal of a contract.
- Law applicable to consumer protection concerns.
- Law applicable to financial transparency of the organisation.
- Law applicable to corporate condition of the organisation, including membership rights.
- Law applicable to data protection-related policies & regulations.
- Law applicable to trademark and other speech-related policies & regulations.
- Law applicable to legal sanctions imposed by a country against another.
Some of these, but not all, depend on where bodies like ICANN (the policy-making body), the IANA functions operator (the proposed "Post-Transition IANA", insofar as the names function is concerned), and the root zone maintainer are incorporated or maintain their primary office, while others depend on the location of the office (for instance, Turkish labour law applies for the ICANN office in Istanbul), while yet others depend on what's decided by ICANN in contracts (for instance, the resolution of contractual disputes with ICANN, filing of suits with regard to disputes over new generic TLDs, etc.).
However, an issue like sanctions, for instance, depends on where ICANN/PTI/RMZ are incorporated and maintain their primary office.
As Milton Mueller notes, the current IANA contract "requires ICANN to be incorporated in, maintain a physical address in, and perform the IANA functions in the US. This makes IANA subject to US law and provides America with greater political influence over ICANN."
He further notes that:
While it is common to assert that the US has never abused its authority and has always taken the role of a neutral steward, this is not quite true. During the controversy over the .xxx domain, the Bush administration caved in to domestic political pressure and threatened to block entry of the domain into the root if ICANN approved it (Declaration of the Independent Review Panel, 2010). It took five years, an independent review challenge and the threat of litigation from a businessman willing to spend millions to get the .xxx domain into the root.
Thus it is clear that even if the NTIA's role in the IANA contract goes away, jurisdiction remains an important issue.
US doublespeak on jurisdiction
In March 2014, when NTIA finally announced that they would hand over the reins to “the global multistakeholder community”. They’ve laid down two procedural conditions: that it be developed by stakeholders across the global Internet community and have broad community consensus, and they have proposed 5 substantive conditions that any proposal must meet:
- Support and enhance the multistakeholder model;
- Maintain the security, stability, and resiliency of the Internet DNS;
- Meet the needs and expectation of the global customers and partners of the IANA services;
- Maintain the openness of the Internet; and,
- Must not replace the NTIA role with a solution that is government-led or an inter-governmental organisation.
In that announcement there is no explicit restriction on the jurisdiction of ICANN (whether it relate to its incorporation, the resolution of contractual disputes, resolution of labour disputes, antitrust/competition law, tort law, consumer protection law, privacy law, or speech law, and more, all of which impact ICANN and many, but not all, of which are predicated on the jurisdiction of ICANN’s incorporation), the jurisdiction(s) of the IANA Functions Operator(s) (i.e., which executive, court, or legislature’s orders would it need to obey), and the jurisdiction of the Root Zone Maintainer (i.e., which executive, court, or legislature’s orders would it need to obey).
However, Mr. Larry Strickling, the head of the NTIA, in his testimony before the US House Subcommittee on Communications and Technology, made it clear that,
Frankly, if [shifting ICANN or IANA jurisdiction] were being proposed, I don't think that such a proposal would satisfy our criteria, specifically the one that requires that security and stability be maintained.
Possibly, that argument made sense in 1998, due to the significant concentration of DNS expertise in the United States. However, in 2016, that argument is hardly convincing, and is frankly laughable. [iv]
Targeting that remark, in ICANN 54 at Dublin, we asked Mr. Strickling:
So as we understand it, the technical stability of the DNS doesn't necessarily depend on ICANN's jurisdiction being in the United States. So I wanted to ask would the US Congress support a multistakeholder and continuing in the event that it's shifting jurisdiction?
Mr. Strickling's response was:
No. I think Congress has made it very clear and at every hearing they have extracted from Fadi a commitment that ICANN will remain incorporated in the United States. Now the jurisdictional question though, as I understand it having been raised from some other countries, is not so much jurisdiction in terms of where ICANN is located. It's much more jurisdiction over the resolution of disputes.
And that I think is an open issue, and that's an appropriate one to be discussed. And it's one I think where ICANN has made some movement over time anyway.
So I think you have to ... when people use the word jurisdiction, we need to be very precise about over what issues because where disputes are resolved and under what law they're resolved, those are separate questions from where the corporation may have a physical headquarters.
As we have shown above, jurisdiction is not only about the jurisdiction of "resolution of disputes", but also, as Mueller reminds us, about the requirement that ICANN (and now, the PTI) be "incorporated in, maintain a physical address in, and perform the IANA functions in the US This makes IANA subject to US law and provides America with greater political influence over ICANN.
In essence, the US government has said that they would veto the transition if the jurisdiction of ICANN or PTI's incorporation were to move out of the US, and they can prevent that from happening *after* the transition, since as things stand ICANN and PTI will still come within the US Congress's jurisdiction.
Why has the ICG failed to consider jurisdiction?
Will the ICG proposal or the proposed new ICANN by-laws reduce existing US control? No, they won't. (In fact, as we will argue below, the proposed new ICANN by-laws make this problem even worse.) The proposal by the names community ("the CWG proposal") still has a requirement (in Annex S) that the Post-Transition IANA (PTI) be incorporated in the United States, and a similar suggestion hidden away as a footnote. Further, the proposed by-laws for ICANN include the requirement that PTI be a California corporation. There was no discussion specifically on this issue, nor any documented community agreement on the specific issue of jurisdiction of PTI's incorporation.
Why wasn't there greater discussion and consideration of this issue? Because of two reasons: First, there were many who argued that the transition would be vetoed by the US government and the US Congress if ICANN and PTI were not to remain in the US. Secondly, the ICANN-formed ICG saw the US government’s actions very narrowly, as though the government were acting in isolation, ignoring the rich dialogue and debate that’s gone on earlier about the transition since the incorporation of ICANN itself.
While it would be no one’s case that political considerations should be given greater weightage than technical considerations such as security, stability, and resilience of the domain name system, it is shocking that political considerations have been completely absent in the discussions in the number and protocol parameters communities, and have been extremely limited in the discussions in the names community. This is even more shocking considering that the main reason for this transition is, as has been argued above, political.
It can also be argued that the certain IANA functions such as Root Zone Management function have a considerable political implication. It is imperative that the political nature of the function is duly acknowledged and dealt with, in accordance with the wishes of the global community. In the current process the political aspects of the IANA function has been completely overlooked and sidelined. It is important to note that this transition has not been a necessitated by any technical considerations. It is primarily motivated by political and legal considerations. However, the questions that the ICG asked the customer communities to consider were solely technical. Indeed, the communities could have chosen to overlook that, but they did not choose to do so. For instance, while the IANA customer community proposals reflected existing jurisdictional arrangements, they did not reflect on how the jurisdictional arrangements should be post-transition, while this is one of the questions at the heart of the entire transition. There were no discussions and decisions as to the jurisdiction of the Post-Transition IANA: the Cross-Community Working Group on Internet Governance’s (CCWG) lawyers, Sidley Austin, recommended that the PTI ought to be a California non-profit corporation, and this finds mention in a footnote without even having been debated by the "global multistakeholder community", and subsequently in the proposed new by-laws for ICANN.
Why the by-laws make things worse & why "Work Stream 2" can't address most jurisdiction issues
The by-laws could have chosen to simply stayed silent on the matter of what law PTI would be incorporated under, but instead the by-law make the requirement of PTI being a California non-profit public benefit corporation part of the *fundamental by-laws*, which are close to impossible to amend.
While "Work Stream 2" (the post-transition work related to improving ICANN's accountability) has jurisdiction as a topic of consideration, the scope of that must necessarily discount any consideration of shifting the jurisdiction of incorporation of ICANN, since all of the work done as part of CCWG Accountability's "Work Stream 1", which are now reflected in the proposed new by-laws, assume Californian jurisdiction (including the legal model of the "Empowered Community"). Is ICANN prepared to re-do all the work done in WS1 in WS2 as well? If the answer is yes, then the issue of jurisdiction can actually be addressed in WS2. If the answer is no — and realistically it is — then, the issue of jurisdiction can only be very partially addressed in WS2.
Keeping this in mind, we recommended specific changes in the by-laws, all of which were rejected by CCWG's lawyers.
The transition plan fails the NETmundial statement
The NETmundial Multistakeholder Document, which was an outcome of the NETmundial process, states:
In the follow up to the recent and welcomed announcement of US Government with regard to its intent to transition the stewardship of IANA functions, the discussion about mechanisms for guaranteeing the transparency and accountability of those functions after the US Government role ends, has to take place through an open process with the participation of all stakeholders extending beyond the ICANN community
It is expected that the process of globalization of ICANN speeds up leading to a truly international and global organization serving the public interest with clearly implementable and verifiable accountability and transparency mechanisms that satisfy requirements from both internal stakeholders and the global community.
The active representation from all stakeholders in the ICANN structure from all regions is a key issue in the process of a successful globalization.
As our past analysis has shown, the IANA transition process and the discussions on the mailing lists that shaped it were neither global nor multistakeholder. The DNS industry represented in ICANN is largely US-based. 3 in 5 registrars are from the United States of America, whereas less than 1% of ICANN-registered registrars are from Africa. Two-thirds of the Business Constituency in ICANN is from the US. While ICANN-the-corporation has sought to become more global, the ICANN community has remained insular, and this will not change until the commercial interests involved in ICANN can become more diverse, reflecting the diversity of users of the internet, and a top-level domain like .com can be owned by a non-American corporation and the PTI can be a non-American entity.
What we need: jurisdictional resilience
It is no one's case that the US is less fit than any other country as a base for ICANN, PTI, or the Root Zone Maintainer, or even as the headquarters for 9 of the world's 12 root zone operators (Verisign runs both the A and J root servers). However, just as having multiplicity of root servers is important for ensuring technical resilience of the DNS system (and this is shown in the uptake of Anycast by root server operators), it is equally important to have immunity of core DNS functioning from political pressures of the country or countries where core DNS infrastructure is legally situated and to ensure that we have diversity in terms of legal jurisdiction.
Towards this end, we at the Centre for Internet and Society (CIS) have pushed for the concept of "jurisdictional resilience", encompassing three crucial points:
- Legal immunity for core technical operators of internet functions (as opposed to policymaking venues) from legal sanctions or orders from the state in which they are legally situated.
- Division of core internet operators among multiple jurisdictions
- Jurisdictional division of policymaking functions from technical implementation functions
Of these, the most important is the limited legal immunity (akin to a greatly limited form of the immunity that UN organisations get from the laws of their host countries). This kind of immunity could be provided through a variety of different means: a host-country agreement; a law passed by the legislature; a UN General Assembly Resolution; a UN-backed treaty; and other such options exist. We are currently investigating which of these options would be the best option.
And apart from limited legal immunity, distribution of jurisdictional control is also valuable. As we noted in our submission to the ICG in September 2015:
Following the above precepts would, for instance, mean that the entity that performs the role of the Root Zone Maintainer should not be situated in the same legal jurisdiction as the entity that functions as the policymaking venue. This would in turn mean that either the Root Zone Maintainer function be taken up Netnod (Sweden-headquartered) or the WIDE Project (Japan-headquartered) [or RIPE-NCC, headquartered in the Netherlands], or that if the IANA Functions Operator(s) is to be merged with the RZM, then the IFO be relocated to a jurisdiction other than those of ISOC and ICANN. This, as has been stated earlier, has been a demand of the Civil Society Internet Governance Caucus. Further, it would also mean that root zone servers operators be spread across multiple jurisdictions (which the creation of mirror servers in multiple jurisdictions will not address).
However, the issue of jurisdiction seems to be dead-on-arrival, having been killed by the US government.
Unfortunately, despite the primary motivation for demands for the IANA transition being those of removing the power the US government exercises over the core of the internet's operations in the form of the DNS, what has ended up happening through the IANA transition is that these powers have not only not been removed, but in some ways they have been entrenched further! While earlier, the US had to specify that the IANA functions operator had to be located in the US, now ICANN's by-laws themselves will state that the post-transition IANA will be a California corporation. Notably, while the Montevideo Declaration speaks of "globalisation" of ICANN and of the IANA functions, as does the NETmundial statement, the NTIA announcement on their acceptance of the transition proposals speaks of "privatisation" of ICANN, and not "globalisation".
All in all, the ‘independence' that IANA is gaining from the US is akin to the "independence" that Brazil gained from Portugal in 1822. Dom Pedro of Brazil was then ruling Brazil as the Prince Regent since his father Dom João VI, the King of United Kingdom of Portugal, Brazil and the Algarves had returned to Portugal. In 1822, Brazil declared independence from Portugal (which was formally recognised through a treaty in 1825). Even after this ‘independence’, Dom Pedro continued to rule Portugal just as he had before independence, and Dom João VI was provided the title of "Emperor of Brazil", aside from being King of the United Kingdom of Portugal and the Algarves. The ‘independence’ didn't make a whit of a difference to the self-sufficiency of Brazil: Portugal continued to be its largest trading partner. The ‘independence’ didn't change anything for the nearly 1 million slaves in Brazil, or to the lot of the indigenous peoples of Brazil, none of whom were recognised as ‘free’. It had very little consequence not just in terms of ground conditions of day-to-day living, but even in political terms.
Such is the case with the IANA Transition: US powers over the core functioning of the Domain Name System do not stand diminished after the transition, and they can even arguably be said to have become even more entrenched. Meet the new boss: same as the old boss.
[i]: It is an allied but logically distinct issue that US businesses — registries and registrars — dominate the global DNS industry, and as a result hold the reins at ICANN.
[ii]: As Goldsmith & Wu note in their book *Who Controls the Internet*: "Back in 1998 the US Department of Commerce promised to relinquish root authority by the fall of 2006, but in June 2005, the United States reversed course. “The United States Government intends to preserve the security and stability of the Internet’s Domain Name and Addressing System (DNS),” announced Michael D. Gallagher, a Department of Commerce official. “The United States” he announced, will “maintain its historic role in authorizing changes or modifications to the authoritative root zone file.”
[iii]: Mr. Fadi Chehadé revealed in an interaction with Indian participants at ICANN 54 that he had a meeting "at the White House" about the US plans for transition of the IANA contract before he spoke about that when [he visited India in October 2013](http://articles.economictimes.indiatimes.com/2013-10-22/news/43288531_1_icann-internet-corporation-us-centric-internet) making the timing of his White House visit around the time of the Montevideo Statement.
[iv]: As an example, [NSD](https://www.nlnetlabs.nl/projects/nsd/), software that is used on multiple root servers, is funded by a Dutch foundation and a Dutch corporation, and written mostly by European coders.