The IANA stewardship transition: what is happening? (Part II)
by Sorina Teleanu, DiploFoundation, September 16, 2016.
Ms. Teleanu provides a summary of the arguments that have been made by proponents and opponents of the transition.
Packets in a data stream conform to a communications protocol, that is, a set of rules for formatting and interpreting data. Some protocols allow packet loss while others do not. Those protocols that prevent loss require that the destination acknowledge receipt of each packet to the source so that it can repeat lost packets. If an acknowledgement packet arrives late due to network latency, a packet will be repeated, in which case multiple copies of a packet will be in the network at the same time. Packet-switched networks must address many challenges including how to process copies of a single packet and how to determine if a packet is caught in a loop and must be dropped.
Each packet has a header that contains the addresses of the packet source and destination, the sequence number of the packet so that packets can be reassembled in order, and other information such as the name of the protocol used to interpret packets. Destination addresses are used by routers to decide to which neighboring router a packet should be sent so that it reaches its destination quickly. Source addresses exist in case a response is needed or the source must be identified, perhaps for security reasons.
Source and destination addresses are strings of either 32 or 128 bits, depending on whether the older IPv4 or the newer IPv6 addressing scheme is used. Because humans cannot be expected to remember long bit strings, sources and destinations are identified by human-readable text strings called domain names, such as www.cs.brown.edu. The string on the right end of a domain name is the name of the top-level domain (TLD) associated with it. Thus, edu is the TLD in this example. cn, ru, uk, org, wine, and shop are examples of other TLDs. The first three are called country code TLDs (ccTLDs) and refer to China, the Russian Federation, and the United Kingdom and the last three are called generic TLDs (gTLDs). A second-level domain is the string that appears to the immediate left of a TLD that is separated by (dot). For example, brown is the second level domain of the domain name www.cs.brown.edu and cs is its third-level domain.
Domain names must be translated into binary addresses before they are inserted into packet headers. When the Internet was in its infancy, each domain and its corresponding binary address were recorded on a 3x5 card. As the space of domain names grew, a computerized Domain Name System (DNS) was invented whose purpose is to translate or resolve domain names into binary addresses. Each TLD is assigned to an organization called a registry. Registries are responsible for the translation of their subdomains to binary addresses. For example, www.cs.brown.edu is a subdomain of TLD edu.
Each network must announce to its neighbors the blocks of IP addresses for which it is responsible. Neighbors must then forward this information to their neighbors, eventually propagating the block addresses throughout the Internet. Each such announcement adds the identification of the forwarding network to the announcement. Network gateway routers use these announcements to construct routing tables so that packets are directed toward destination networks efficiently. Typically, a router would send a packet along the shortest path to its destination.
Prior to the invention of packet-switched networks, telecommunication companies established connections between two parties via a dedicated channel that remained open, whether the parties had anything to communicate or not, until one party terminated the session. Packet switching networks make more efficient use of channels by allowing others to use channels during quiet periods. Such networks are also more robust; they allow traffic to be routed around broken connections and hot spots, areas of the Internet that are carrying a lot of traffic.
ARPAnet, a packet-switched network, was the precursor to the Internet. It was a self-contained network (not a network of networks) that was designed by Larry Roberts, who was influenced by the work of Kleinrock and Davies. The first demonstration of ARPAnet occurred in 1969 when a packet was sent from Kleinrock's lab at UCLA to the Stanford Research Institute (SRI) in northern california. The French engineer Louis Pouzin developed the CYCLADE packet-switched network that became operational in 1973. His design introduced new ideas that were incorporated into ARPAnet.
Bob Kahn joined ARPA in 1972 and assumed responsibility for ARPAnet development when Larry Roberts left ARPA in 1973. He and Vint Cerf developed the TCP/IP packet communication protocols, which they published in 1974. The first demonstration of the Internet, a network of networks, was given in 1976; it used the new TCP/IP protocols to connect computers in San Francisco and Norway via three networks, a packet radio network, ARPAnet, and a satellite radio network. Kahn and Cerf are considered "Fathers of the Internet." The Internet has profited immensely from the work of many engineers and scientists from all over the world. For example, the World Wide Web was designed by the English computer scientist Tim Berners-Lee at CERN in Switzerland.
It is possible for multiple DNS resolvers to be in operation simultaneously on the Internet. While this may appear to be innocuous, serious problems my arise as a consequence. For example, if the same domain name D appears in two different domain name resolvers, say DNS_A and DNS_B, with two different binary addresses, say, Addr_D and Addr_D*, respectively, then the IP address for D is is translated to Addr_D by DNS_A and to Addr_D* by DNS_B. Thus, the address for D is not uniquely defined by its domain name. It follows that a source S that wishes to reach binary address Addr_A using domain name D but uses DNS_B to resolve D will send its packet to the wrong destination.
If domain names do not map to unique IP addresses, data can be stolen; a sender who uses the wrong DNS to resolve a domain will send his/her data to a site other than the intended site and confidentiality may be violated. If done deliberately by a criminal, it is known as domain name hijacking. Because the DNS is not fully secured, it is possible to hijack domain names within the existing universal domain name system.
A registrar is an organization that reserves domain names for domain name registrants in return for a fee. A registrar must be accredited with a gTLD or ccTLD if it is going to assign subdomains of these TLDs to clients. A regional Internet registry (RIR) allocates and records Internet resources, namely, IP addresses and autonomous system numbers, within in a region of the world. (There are five RIRs.) An autonomous system is an administrative unit that is responsible for assignment of an IP address to each computer under its jurisdiction from the block of addresses assigned to it by an RIR. Such a block is also called a domain. Because autonomous systems communicate with one another over the Internet to announce the introduction and deletion of domains, they must be uniquely identified. An announcement by an autonomous system specifies the path that will take a packet to its destination. Routers choose between announced paths to decide to which neighboring router it should send a packet. Usually, a router chooses the shortest path.
The Internet Assigned Numbers Authority functions or IANA functions are the DNS clerical functions that are handled by ICANN. They include root zone management; maintenance of databases of unique Internet identifiers for TLD registries, Internet protocols and autonomous systems; and handling security extensions to the DNS, known as DNSSEC. ICANN's IANA department currently executes the IANA functions under contract to NTIA.
ICANN is managed by a 16-member Board of Directors, eight members appointed by the Nominating Committee, six by ICANN's Supporting Organizations, one by the At-Large-Committee, and the President/CEO, appointed by the Board. Four others are non-voting liason members. The Nominating Committee (NomCom) has twelve voting members representing all ICANN constituencies.
ICANN's three Supporting Organizations are the Address Supporting Organization (ASO), the Country Code Names Supporting Organization (ccNSO) and the Generic Names Supporting Organization (GNSO).
ICANN's four Advisory Committees offer advice to the Board. They are the At-Large Advisory Committee (ALAC), DNS Root Server System Advisory Committee (RSSAC), Governmental Advisory Committee (GAC), and the Security and Stability Advisory Committee (SSAC).
ICANN operates under a set of Bylaws. They specify the makeup of committees and supporting organizations but allow these bodies to choose their own operating rules. The term "nominate" as used by ICANN really means to appoint in the sense that one person is put forward for a position, not a slate of candidates. Thus, there does not appear to be a process for nominations to be contested.
Membership in the GAC is open to national and and multinational governments, "distinct economies," and treaty organizations. If advice that is offered to the Board by the GAC is not accepted, the Board is obligated to explain its action to the committee but is otherwise not constrained. ICANN's advisory committees and supporting organizations are free to adopt their own rules for governing their operations. They are only required to publicize them.
DNS Fragmentation is an instance of Internet fragmentation, the situation that arises when the original Internet design objective is violated, namely, that "every device on the Internet should be able to exchange data packets with any other device that was willing to receive them."
The Global Commission on Internet Governance estimates that DNS Fragmentation could seriously impact economic growth. It could also interfere with Internet communication, possibly result in serious criminal activity, and, in the worst case, could lead to chaos. To avoid this, nations would need to strictly coordinate their identifiers, in which case there would be no real justification for the fragmentatione.
If DNS Fragmentation becomes a reality, search engines would need to inform users that a domain name is associated with multiple IP addresses and ask them which mapping to use. The confusion that this would produce could greatly reduce the value of search, sow distrust in the Internet, and expose the ensuing chaos to users.
Note: Today states that seek to censor Internet access of their citizens can require that domestic users resolve domain names using a DNS system that maps prohibited domains to special IP address that result in discarding of packets.
The announcement stipulated that NTIA would not accept any transition proposal that would replace the NTIA role with that of a government-led or an intergovernmental organization. In addition, NTIA said that the transition proposal must have broad community support and address the following four principles:
In its March 14, 2014 announcement, NTIA asked ICANN to convene an inclusive, global discussion to determine a process for transitioning the stewardship of these functions to the multistakeholder community. It also announced its intention to let its contract with ICANN expire on September 30, 2015 if a satisfactory proposal could be prepared by that time. It is now expected that the transition will occur on October 1, 2016, although NTIA has warned ICANN that the transition may be further delayed.
The following short video describes the ICANN-led IANA Transition review process.
The IANA Transition Proposal was produced by ICANN following two tracks, the IANA Stewardship Process and the ICANN Accountability Process.
The ICG decided that the domain name, numbering resources, and protocol communities constituted the stakeholders responsible for the IANA functions. Accordingly, ICG asked these communities to form committees, which they called CWB-Stewarship, CRISP Team, and IANAPLAN Working Group, respectively.
After receiving public comment on the reports from these committees, the ICG prepared their 210-page stewardship proposal, which it submitted to NTIA on March 10, 2016. Shown below is the ICG Proposal Summary in which is embedded links to the reports of the three committees.
Under the combined proposal, PTI would perform all of the IANA functions currently covered by the NTIA contract, with the necessary staffing and resources to do so. ICANN would contract with the PTI for the performance of the naming functions. The IETF would maintain its existing Memorandum of Understanding with ICANN for the performance of the protocol parameters functions. The RIRs would establish a Service Level Agreement with ICANN for the performance of the numbering functions. ICANN would sub-contract the performance of the protocol parameters and numbering functions to PTI. Each of the three operational communities would maintain independent authority over its own processes for performance review and for considering a change of IANA Functions Operator for the functions within their purview. All three communities have explicitly committed to coordinate with each other and ICANN to ensure the stability and smooth operation of the IANA functions in the event of such a change.
The ICG assessed the proposals individually and collectively and determined that:
On May 6, 2014 a call for comments on Enhancing ICANN Accountability was announced that introduced the problem, summarized previous discussions, gave an inventory of ICANN's accountability efforts, and proposed next steps. In that document, links are provided to studies of ICANN's accountability that in 2011 and 2013. The ICANN accountability measures currently in place include the Reconsideration Process, the Independent Review Process and the Ombudsman.
A charter for a new group to study this issue, called the Cross Community Working Group on Enhancing ICANN Accountability (CCWG-Accountability), was published by ICANN on November 3, 2015. An early conclusion was that the existing ICANN accountability mechanisms (did) not ... meet stakeholder expectations and that new mechanisms would be needed.
Soon after the CCWG-Accountability convened it was decided that some accountability issues had to be resolved before the transition, called Work Stream 1, while others could wait until the transition had been completed, called Work Stream 2.
It was acknowledged by the CWG-Stewardship committee that their recommendations were contingent on successful deliberations within the CCWG-Accountability committee on Work Stream 1. The chairs of these two committees were in regular consultation.
On March 10, 2016 the ICG submitted to NTIA the CCWG-Accountability Supplemental Final Proposal on Work Stream 1 Recommendations. The proposal states that its recommendations were not designed to change ICANN's multistakeholder model, the bottom-up nature of policy development, or significantly alter it's day-to-day operations.
The following is a summary of the changes proposed in the Work Stream 1 recommendations:
The Empowered Community (EC) will be a new California unincorporated association that will play the role of Sole Designator of the ICANN Board of Directors. Members of the association would be some of the SOs and ACs. Under California law a sole designator is a legal person whose only statutory rights are to appoint and remove individual board members or the entire board. Under new Fundamental Bylaws it would also have the ability to directly or indirectly execute the Empowered Community Powers.
Furthermore, the Articles of Incorporation are to be amended to clarify that the global public interest will be determined through a bottom-up, multistakeholder process and ICANN's commitments under this agreement incorporated into the Bylaws. Finally, the Articles of Incorporation and the Fundamental Bylaws can only be created or modified by agreement between the ICANN community (via the EC) and the Board.
ICANN would also be required to show respect for Human Rights in the Bylaws.
The Fundamental Bylaws will define the following:
A new Standard Bylaw will be added acknowledging that ICANN respects International Human Rights but has no obligation to enforce them unless or until the Work Stream 2 recommendations are complete and approved by the Board.
The proposed Community Powers are:
The Community Powers and associated processes were designed to ensure that no stakeholder can singlehandedly exercise any power, and that under no circumstances, would any individual segment of the community be able to block the use of a power.
Adding an ICANN Bylaw to provide for an interim board in the even that the entire Board is recalled.
Adding exceptions to the process of rejecting Standard Bylaws when they result from a Policy Development Process.
The CCWG-Accountability recommended changes to the ICANN Bylaws to assure that the Bylaws reflect the CCWG-Accountability recommendations.
The new Mission Statement shall make clear that
ICANN's Core Values and Commitments. ICANN shall
The CCWG-Accountability recommends that the revised Mission Statement, Commitments and Core Values be constituted as Fundamental Bylaws.
It is proposed to include a Bylaw that will commit ICANN to respect internationally recognized Human Rights as required by applicable law but without creating an additional obligation to respond to or consider any complaint, request, or demand seeking the enforcement of Human Rights by ICANN. This provision would not enter into force until a Framework of Interpretation for Human Rights is completed in Work Stream 2 and approved by the ICANN Board.
The Independent Review Process should be strenghtened by ensuring that has the authority to
Currently any person or entity may submit a Request for Reconsideration or review of an ICANN action or inaction.
The CCWG-Accountability proposes the following reforms:
The CCWG-Accountability makes the following recommendations for the two Work Streams:
Paragraph j of Article XI, Section 2 of the ICANN Bylaws at the time of the review says that the Board must take into account advice given by the GAC and if it chooses not to accept the advice, it must so inform the GAC, explain its decision, and attempt to find a mutually acceptable solution.
The CCWG-Accountability recommends modifying this recommendation by adding the following sentence to this paragraph.
The CCWG-Accountability observes that the "GAC has the autonomy to refine its operating procedures to specify how objections are raised and considered ... (but when) transmitting consensus advice to the ICANN Board for which the GAC seeks to receive special consideration, the GAC has the obligation to confirm the lack of any formal objection." It also recommends that advice provided by an AC should be accompanied by a rationale.
The CCWG-Accountability also recommends adding the following language to the Bylaws:
The CCWG-Accountability recommends adding an interim Bylaw that would task the group with creating further enhancements to ICANN's accountability limited to the followin list of issues:
The CCWG-Accountability believes that
What Are the Concerns about Ending the U.S. Contractual Relationship with ICANN?, the Heritage Foundation, July 7, 2016
Bret Schaefer: Momentous decision that has received surprisingly little scrutiny.
Senator Cruz: (quote from video)
"The Obama Administration wants to give away control of the Internet to foreign countries. ... It could limit our freedom speech. ... Pose a great threat to our country's freedoms and national security. ... ICANN could (put) ... foreign countries in charge of what you can say online, prohibiting speech that they disagree with. Foreign countries are already planning to take ICANN and move it overseas so that it not only escapes US law but in effect turns into a mini United Nations. Unfortunately, Congress has not been affirmatively able to act to prevent this giveaway before the transfer date of September 30 2016. That's why I have introduced the Protecting Internet Freedom Act to immediately stop this transfer and protect American sovereignty."
2016 Internet Governance Forum-USA, July 14, 2016, posted by Imagining the Internet Center at Elon University.
IGF_USA sponsored a panel discussion on this topic on July 16, 2016 in Washington, DC. At this link you will find a transcript of the presentations and links to other resources.