US govt tells ICANN: No accountability, no keys to the internet

We publish the 12 'stress tests' DNS overlord must prove it can handle before it keeps IANA


Read the "stress tests" for IANA transition and ICANN accountability obtained by The Register

Plausible scenarios, or stress tests, can help design and evaluate potential structures and mechanisms to replace the US government role in IANA oversight and ICANN accountability.

Today, ICANN is an effective organization that generally performs its core functions, so it can be uncomfortable to imagine a scenario where a future ICANN fails dramatically or is confronted with a serious threat. But we should consider challenging scenarios and develop mechanisms that could resolve those challenges in a way that's at least as effective as the mechanism we have today - where the U.S. government and technical communities ensure a stable root and where the threat of losing the IANA contract keeps ICANN accountable to its global stakeholders and to the public interest.

Below we suggest several scenarios/stress tests that could confront ICANN and IANA functions after the US Government has allowed its IANA contract to expire.

1. Scenario: ICANN unilaterally cancels the Affirmation of Commitments, which it may do with just 120 days notice. And if not outright cancellation, ICANN could refuse to implement recommendations of an Affirmation review. Presently, the discipline imposed by needing to win the IANA contract forces ICANN to adhere to the only external accountability it has today: the Affirmation of Commitments. If the Affirmation is to remain part of the new ICANN accountability framework, it's essential that the leverage formerly conveyed by the IANA contract be replaced with a new mechanism, which mayor may not include parties external to ICANN.

2. Scenario: ICANN takes steps to eliminate its legal presence in a nation where Internet users and domain registrants are planning to seek legal remedies for ICANN's failure to enforce contracts. This scenario is not about ICANN opening new offices around the world as part of its global outreach. Rather, it's about ICANN creating a new legal entity distinct from its present status as a California non-profit corporation, and eventually relocating its legal presence. ICANN's current corporate presence in California creates legal certainty for U.S. businesses; presence in a new jurisdiction might not.

3. Scenario: ICANN becomes financially insolvent, due to lawsuits or gross mismanagement. However unlikely, this scenario should explore the orderly continuation of IANA functions and ICANN contract enforcement in the event ICANN could not maintain the necessary qualified technical resources.

4. Scenario: ICANN expands scope beyond its limited technical mission by using domain registration fees to fund grants for developing nations or other worthy causes. ICANN has the power to determine fees charged to TLO applicants, registry operators, registrars, and registrants, so it presents a big target for any Internet-related cause seeking funding sources. This scenario should examine how a fully independent ICANN could be held to its limited technical mission, and whether its fees and spending are subject to external accountability.

5. Scenario: ICANN attempts to add a new top-level domain in spite of security and stability concerns expressed by technical community leaders. This scenario actually came close to occurring when ICANN management did not respond to recommendations of its own Security and Stability Advisory Committee (SSAC) regarding risks of new TLDs interacting with security certificates and internal domains already in use. SSAC recommendations from prior years were not acted upon until late 2013, after significant pressure from a root server operator, Internet service providers, and system integrators. In the actual event, ICANN responded with a collision mitigation plan. This scenario should assess how proposed new accountability mechanisms could respond to similar technical risks expressed before a TLD delegation, as well as reactive responses to problems reported after a delegation.

6. Scenario: Governments in ICANN's Government Advisory Committee (GAC) amend their operating procedures to change from consensus decisions to majority voting. Today GAC adopts formal advice according to its Operating Principle 47: "consensus is understood to mean the practice of adopting decisions by general agreement in the absence of any formal objection." But the GAC may at any time change its procedures to use majority voting, where each government has equal voting power, such as in the UN and ITU. (Notably, only 61 governments were present at the GAC meeting in Singapore during March 2014, where several GAC members expressed dissatisfaction with the multistakeholder process and consensus threshold for new gTLD program advice.) While ICANN's board is not strictly obligated to follow GAC advice, this scenario should assess how ICANN could respond to GAC advice with strong majority support. This scenario might also indicate need to amend ICANN bylaws regarding deference to GAC advice that is not supported by consensus.

7. Scenario: As described in scenario 6, the GAC might issue majority-supported advice instructing ICANN to suspend a TLO that refuses to remove domains with content critical of governments (e.g., .corrupt). Today, this kind of censorship routinely occurs at the edge of the Internet when governments block domestic access to websites, such as Turkey blocking Twitter. This scenario envisions censorship moving from the edge to the core of the internet - the root table of TLDs used by the entire world. The stress test would ask how a proposed IANA structure could respond if a future ICANN board bowed to GAC advice for censorship at the root of the DNS.

8. Scenario: A new government instructs ICANN to redirect a country code TLO already in the DNS root. For example, if Russia were to annex the rest of Ukraine, it might request Ukraine's .ua country code TLO to be redirected to a Russia-based server. This scenario helps to answer how ICANN could respond to this request and how it could be held accountable if the global community disagreed with its decision.

9. Scenario: ICANN attempts to re-delegate a gTLD because the registry operator is determined to be in breach of its contract. The registry operator challenges the breach determination and obtains an injunction from a national court. What procedures or appeal mechanisms would be used by the entity charged with maintenance and publication of the root zone?

10. Scenario: For political or technical reasons, the entity charged with maintenance and publication of the root zone file fails to properly implement updated signatures derived from the DNSSEC Zone Signing Keys, a scenario that could affect all DNS resolutions. How - and how quickly - could the new IANA accountability and operating mechanisms respond in order to restore cryptographical protection for the root table of top-level domains?

11. Scenario: A court grants an injunction against delegation of a new gTLD that's a plural version of another TLO that has already been delegated. (for example, .hotels following after .hotel, or .coms following after .com) The court may have ruled on infringement of rights or on arbitrary and capricious behavior by ICANN, but that's beside the point. The point of this scenario is to ask how a 'post-US Government' ICANN and IANA would be empowered to respond to a court injunction granted by a jurisdiction where ICANN has a legal presence. Would ICANN/IANA be able to defer a delegation until court proceedings were concluded? How would ICANN/IANA be accountable for its decision if it ignored the court injunction?

12. Scenario: A government telecom minister instructs ICANN to re-delegate a country-code top-level domain (ccTLD), despite objections from many current registrants and user communities in the country concerned. Faced with this re-delegation request, what response options and measures could be available to ICANN and the entity charged with maintenance of the root zone?

Similar topics

Broader topics


Other stories you might like

  • Zuckerberg sued for alleged role in Cambridge Analytica data-slurp scandal
    I can prove CEO was 'personally involved in Facebook’s failure to protect privacy', DC AG insists

    Cambridge Analytica is back to haunt Mark Zuckerberg: Washington DC's Attorney General filed a lawsuit today directly accusing the Meta CEO of personal involvement in the abuses that led to the data-slurping scandal. 

    DC AG Karl Racine filed [PDF] the civil suit on Monday morning, saying his office's investigations found ample evidence Zuck could be held responsible for that 2018 cluster-fsck. For those who've put it out of mind, UK-based Cambridge Analytica harvested tens of millions of people's info via a third-party Facebook app, revealing a – at best – somewhat slipshod handling of netizens' privacy by the US tech giant.

    That year, Racine sued Facebook, claiming the social network was well aware of the analytics firm's antics yet failed to do anything meaningful until the data harvesting was covered by mainstream media. Facebook repeatedly stymied document production attempts, Racine claimed, and the paperwork it eventually handed over painted a trail he said led directly to Zuck. 

    Continue reading
  • Florida's content-moderation law kept on ice, likely unconstitutional, court says
    So cool you're into free speech because that includes taking down misinformation

    While the US Supreme Court considers an emergency petition to reinstate a preliminary injunction against Texas' social media law HB 20, the US Eleventh Circuit Court of Appeals on Monday partially upheld a similar injunction against Florida's social media law, SB 7072.

    Both Florida and Texas last year passed laws that impose content moderation restrictions, editorial disclosure obligations, and user-data access requirements on large online social networks. The Republican governors of both states justified the laws by claiming that social media sites have been trying to censor conservative voices, an allegation that has not been supported by evidence.

    Multiple studies addressing this issue say right-wing folk aren't being censored. They have found that social media sites try to take down or block misinformation, which researchers say is more common from right-leaning sources.

    Continue reading
  • US-APAC trade deal leaves out Taiwan, military defense not ruled out
    All fun and games until the chip factories are in the crosshairs

    US President Joe Biden has heralded an Indo-Pacific trade deal signed by several nations that do not include Taiwan. At the same time, Biden warned China that America would help defend Taiwan from attack; it is home to a critical slice of the global chip industry, after all. 

    The agreement, known as the Indo-Pacific Economic Framework (IPEF), is still in its infancy, with today's announcement enabling the United States and the other 12 participating countries to begin negotiating "rules of the road that ensure [US businesses] can compete in the Indo-Pacific," the White House said. 

    Along with America, other IPEF signatories are Australia, Brunei, India, Indonesia, Japan, South Korea, Malaysia, New Zealand, the Philippines, Singapore, Thailand and Vietnam. Combined, the White House said, the 13 countries participating in the IPEF make up 40 percent of the global economy. 

    Continue reading

Biting the hand that feeds IT © 1998–2022