US Congress was soothed Wednesday morning over the fundamental shift of the IANA contract, which oversees the running of the global internet, from the US government to non-profit domain overlord ICANN, but significant questions remain.
In a hearing called by the House Energy and Commerce Committee, ICANN's smooth-talking CEO Fadi Chehade and the US official in charge of the transition, assistant commerce secretary Larry Strickling, both assured representatives that the process was going well and that their concerns were being heard and acted upon.
With the expectation that the Dotcom Act will pass into law, both Chehade and Strickling will soon require Congressional sign-off on the transfer of power that will have been more than two years in the making. As a result, Chehade began his testimony by repeatedly thanking and praising the politicians for inserting themselves into the process. He almost sounded sincere.
While one representative – Marsha Blackburn (R-TN) – did continue to question whether ICANN was "ready for prime time," others were mollified by the witnesses' assurances that all was well.
From the House of Representatives' perspective, there are four main issues:
- Whether ICANN will remain headquartered in the US.
- Whether other governments will be prevented from taking control.
- Whether ICANN is enforcing its contracts sufficiently.
- Whether ICANN will be made sufficiently accountable before the IANA transition occurs.
The first two are easy. No one has seriously suggested that ICANN move outside the United States, mostly because they know the US government would not approve the IANA transition if they did.
IANA: What's at stake?
The US government contracts non-profit ICANN to run the so-called IANA functions – a body that runs the highest level of the world's DNS, allocates IP addresses, and ensures that developers can agree on the same numbers and protocols when writing software that communicates over the 'net. It's what keeps the internet as we know it glued together.
That crucial contract is coming to an end. After Edward Snowden's revelations of NSA spying, the US government decided it needed to step away from its traditional role of controlling the contract in order to keep the internet globally accessible.
The IANA contract itself comprises three main functions: names, numbers, and protocols. Transition plans for the latter two are largely agreed upon, but the most complex issue of names is being explored by a panel of experts called the Community Working Group (CWG). ICANN, of course, would love to run IANA all by itself, simply put.
Chehade made it plain that ICANN will continue to be based in California and that any change would require a future two-thirds vote by the Board to do so. Strickling stated simply that the US Department of Commerce's telecoms body NTIA would not accept a move, since it would impinge on the "security and stability" of the current system.
As for the big political bogeyman of other governments like Russia or China using the transition to take greater control of the internet, both Chehade and Strickling walked through the fact that ICANN's governmental advisory committee (GAC) remains advisory only and that there are no plans to change that, or even introduce voting within the GAC. "I do not see this as a likely or even possible outcome," Strickling said in response to a question of whether governments might ultimately take over.
That leaves two big issues in Congress' eyes: compliance and accountability.
Not a good record
Chehade repeatedly mentioned the fact that ICANN now has more than 30 compliance staff when only a few years ago it had just six, but he was notably unable to provide much of a defense of ICANN's compliance department.
For the past few months, ICANN's response when quizzed over its sloppy compliance efforts has been to argue that it is "not the content police" in the hope that people wouldn't notice that the organization continues to do a terrible job of enforcing its own contracts.
Strickling wasn't even minded to come to ICANN's defense, pointing out that the US government has repeatedly noted that ICANN falls down on compliance and continues to try to get it to do a better job.
Compliance at ICANN has been a long and torrid affair. Its first proper head of compliance, hired in 2008, was fired in 2010 when he complained that other departments in ICANN were preventing him from doing his job properly.
The compliance department was then put under ICANN's legal department – a situation that eventually led to near public revolt after the department was able to do even less than before. ICANN was then repeatedly caught out telling half-truths and manipulating data to make it look as though the compliance department had more staff than it did and was doing more work than it was.
Eventually, the head of compliance was given a VP position and sufficient autonomy and resources to do the job properly. For the past two years, it has started doing that, but even so it remains far behind where it should be and will likely continue to lag for a number of years.