Last week, the Administration announced its plan to devolve governance of the Internet’s naming function (which goes by the acronym IANA) to a non-profit organization, the Internet Corporation for Assigned Names and Numbers (or ICANN). If implemented, the Administration’s plan will remove the last vestiges of direct American legal control over the Internet. This is, as I have said, a pretty big deal.
Given the magnitude of the proposed change, the Administration needs to proceed with some caution, and with a willingness to pull the plug if the transition looks to go awry. How, then, to define “awry?”
In announcing the proposed transition, the Department of Commerce insisted that it would only cede control if ICANN could demonstrate the ability to maintain the network, consistent with five principles: They insisted that ICANN would have to “support and enhance the mult-istakeholder model”; “maintain the security, stability, and resiliency of the Internet DNS”; “meet the needs and expectation of the global customers and partners of the IANA services”; and “maintain the openness of the Internet.” The NTIA also clarified that it would “not accept a proposal that replaces the NTIA role with a government-led or an inter-governmental organization solution.”
But those principles, while salutary in nature, are (save for the last one) more in the nature of aspirations than concrete requirements. It is useful, I think, to ask the question with greater specificity and granularity – what affirmative commitments should the US government require from ICANN before finalizing its transition of control of the IANA function?
To answer that question, we must first consider what our concerns with the transition might be. It is useful to lump those concerns into three distinct buckets:
- Competence – Can ICANN do the job?
- Candor – Is ICANN sufficiently transparent and accountable?
- Control – Do the mechanisms ICANN puts in place support its independence from authoritarian control?
If we contextualize our concerns along those lines, then we can begin to think of some of the commitments that out to be required of ICANN.
First, the multi-stakeholder model developed by ICANN for management of the IANA function should (as the Administration notes) prohibit any governmental, inter-governmental or U.N. control. Indeed, sovereign or quasi-sovereign multilateral organizations should have only an advisory role in any process. Instead, the multi-stakeholder control system should reflect the interests of those who develop and use the network – a representative sampling of large, medium, and small businesses and industry groups should either manage the IANA or have authority to veto ICANN decisions that threaten the openeess or viability of the Internet. There will be difficulties (and politics, with a small “p”) in defining the composition of the new institution, but at a minimum it needs to be a) broadly representative; and b) peopled only by those with a demonstrable and verifiable commitment to a free and open network.
Second, ICANN will need to be fully accountable for its actions and its operations. It will need to accept the establishment of an independent auditing body comprised of government, business, and NGO representatives to monitor its finances and activities. The authority to manage the IANA function brings with it significant financial benefits. We should not allow ICANN to, in effect, develop a taxation authority over network expansion without, at the same time, demanding a public accounting of how the money received is spent. ICANN should, likewise, be required to implement an Inspector General-equivalent function with authority to discipline its own officers and employees – for there is no other institution to which that authority could be given and the lack of an internal checking mechanism would be problematic.
Third, before the root zone management function is transitioned to ICANN (or to a subcontractor employed by ICANN) it will need to demonstrate to our satisfaction its technical capability to manage the root zone. This will mean a highly technical examination of ICANN’s capabilities, including, for example, the process controls it requires before implementing any root zone change, and the security and redundancy of its root zone facilities.
Finally, we need to think of a mechanism for locking in any mandatory requirements. After all, they would be useless if six months after committing to them ICANN were free to disregard the obligations it had undertaken. Since the most obvious means of enforcing such commitments (through a contractual obligation to the US government) is, per force, no longer on the table, other, more creative binding mechanisms need to be developed.
That’s easier said than done. Indeed it may not be possible at all – and that thought is, itself concerning. For, as I’ve noted, though the US influence over the network has not been wholly benign, I am convinced it has been a net positive. In the absence of that influence, we will have to trust that the governance architecture we develop to constrain ICANN is effective. And that’s a bit of a risky bet.
About the only creative thought I have right now is the implementation of dual-key authority to modify the IANA function – in other words, split the IANA function off completely from ICANN into a separate organization and require both ICANN and the new-IANA organization to concur in any significant policy modifications. Or leave the IANA function with ICANN but create a second IANA-oversight body that must concur in any changes (sort of like a House of Lords). That sounds cumbersome and perhaps even unwise, but it’s the best idea I have right now.
And we do need a good idea. Put simply, not only is this transition a “big deal” but it is also a vitally important one. It may, indeed, prove to be one of the most consequential decisions this Administration has made. It would be terribly tragic if the decision went wrong – if the openness of the Internet were to suffer or if control of the network function were to devolve to irresponsible (or, worse, venal) hands. Caution is required. More importantly, the Administration needs to clearly articulate its objectives and set a “red line” standard that ICANN must meet before the transition occurs.