Amidst growing concern about the future independence of ICANN, the subcommittee of the U.S. Congress on Telecommunications and the Internet has expressed opposition to any move by the Commerce Department to alter its unilateral oversight of ICANN. Representative Edward J. Markey, the supposedly liberal Democrat from Massachusetts who chairs the Subcommittee, was joined by rightwing conservative Charles Pickering and 14 other members of the committee in the May 6 statement. The Congresspersons expressed their opposition to “any change that threatens the important U.S. role in promoting U.S. commercial and free speech principles on the Internet,” and implied that free speech principles would be threatened if NTIA “abandoned” its role “now or in the near future.”

The subcommittee members who drafted and signed this statement are badly misinformed – about ICANN, freedom of expression, NTIA oversight, and global Internet governance. We attempt here to set the record straight.   more »

If you’re reading this within an hour after it was posted, you’ve got about 17 hours to comment on an important change being proposed at ARIN, the manager of Internet Protocol addresses for the North American region. ARIN is proposing a new “Policy Development Process.” (Sound familiar?) A step by step description of the proposal can be found here. The essence of the change is that the ARIN Advisory Council would manage and dispose of all policy proposals. The new PDP proposal is an example of the increasing formalization of IP address policy making. This trend, which is probably inevitable, will continue. Everyone interested in Internet governance needs to understand that and be attuned to the consequences. ARIN’s Advisory Council will become more of a gatekeeper for policy proposals.   more »

In early April, Public Interest Registry (PIR) submitted a service proposal announcing its intention to begin offering secure DNS extensions in the 4th quarter of 2008, and seeking to amend its registry contract with ICANN. If approved by ICANN, .ORG would likely be the Internet’s first secure production gTLD zone. One interesting wrinkle is PIR's proposed language regarding data escrow of DNSSEC related data, specifically key material. PIR's request is another testament to the strength of a distributed, and not centralized, approach to DNSSEC.   more »

Thursday I spoke in Brussels at a well-attended seminar on "Net Neutrality and the [EU] Reform Proposals for the Electronic Communications Sector." The event had a number of sponsors, including two Belgian Universities (Namur and Leuven) the ISP Association of Belgium and some consultancies. It appears that the neutrality norm for internet governance is becoming widely discussed in Europe and is influencing the European Commission's implementation of its sectoral reform efforts. Indeed there is a Principle proposed in Article 8 that end users should be able to access and distribute content and use the applications of their choice.

Chris Boam of Verizon was there and made some interesting comments. One was that Verizon has no interest in Deep Packet Inspection technologies and has rejected the idea of implementing them. The other was that Verizon's Open Development Initiative, which supposedly loosened up its vertical leverage over wireless handsets on its network, was "not a change in policy" but simply a re-packaging and more aggressive public promotion of its prior policy, which was that any handset manufacturer or developer could approach Verizon and be approved if they met some basic criteria. Hmmm...   more »

The NTIA has released a short announcement about the mid-term review of ICANN. The announcement tells us very little except that the administration hasn't changed its position on anything important regarding its supervisory relationship to ICANN. The US is reasonably comfortable with the status quo and won't move until someone makes them very uncomfortable. Nothing they heard in February did so. Clearly, NTIA was not looking for information about what needs to be done, but seeking confirmation of its prior tendency to do nothing. It will leave to a future Presidential administration the issue of whether to continue to be the unilateral "ruler of the root"   more »

The website of Geert Wilders' upcoming film has been taken down by registrar Network Solutions, while they are “investigating whether the site’s content is in violation of the Network Solutions Acceptable Use Policy.” That message has been up for about five days now. One wonders how long it takes to investigate six words and a single picture.

Rather than deciding whether Network Solutions acted appropriately, the more interesting question is: Why did Network Solutions suspend Wilders’ website, given that it, so far, has not hosted offensive content and given that they do not suspend websites that are clearly more offensive? Why are they seemingly volunteering to take on the enormous task of policing the huge number of websites that are registered through them?   more »

It's "Sunshine Week" in Washington, a week devoted to "open government," but the light came a few days late for ICM Registry and Stuart Lawley, proponents of the .xxx top level domain for adult content. A US court dismissed ICM Registry's litigation to pry more information out of the US government about the pressure it put on ICANN to reject ICM's application to operate the .xxx top level domain. The court decision favoring darkness is posted here.   more »

A briefing last month to House and Senate members and staff of the Homeland Security Committee by VeriSign’s Vice President for Regulatory Affairs and Standards, the recent chair of the NRC’s Committee on Improving Cybersecurity Research in the US, and a former Chief Scientist of the FCC, raises some interesting questions and concerns about governance, competition policy, and civil liberties. In the joint presentation on international and domestic defenses against cyber attacks and supporting documents, VeriSign’s Tony Rutkowski argued that, “the widespread deployment of wireless platforms, Internet Protocol networks, and application-based services – combined with a government switch from common carrier to information services regulation by imposing only minimal public network service mandates – has produced some significant “cybersecurity” vulnerabilities.” According to Rutkowski, the absence of a built-in trust mechanism across the many providers that make up the communications network infrastructure worldwide is the core problem. In light of this, he said Congress should require the FCC, FTC and other agencies to institute a universal identity through a global Trusted Service Provider or SPID (Service Profile IDentifier) system.   more »

Three U.S. Senators, led by Maine Republican Olympia Snowe, have proposed a new, harsh law allegedly to combat phishing, the Anti-Phishing Consumer Protection Act of 2008. But since the Senators obviously pandered to major trademark holders during its drafting, the law does little more than attempt to expand the powers that brand holders have over domain names, while adding little or nothing to the fight against phishing -- which is already completely illegal.

The problem is that the bill focuses too much on the domain names used by phishers and adds little to efforts to prosecute phishing itself. It might better be renamed, "The Selective Anti-Typosquatting and antiWhois Privacy Act of 2008." A group representing small business interests in domain name policy, the Internet Commerce Association, has sounded the alarm against the bill, noting that:

"If enacted this bill would allow trademark and brand owners to encourage state and federal officials to bring what are in essence trademark infringement suits on their behalf without any need to allege, much less prove, that the targeted domain names were in any way involved with criminal phishing activities. It would also allow trademark owners to abandon use of the UDRP process and the ACPA since alleged “cybersquatting” could be targeted with lawsuits brought under this proposed law, with a lower burden of proof and the coercive power of far more substantial monetary penalties."

Worse, the bill mounts a legal attack on Whois proxy services designed to protect domain name registrants' privacy. According to one commentator not known for his solicitude for domain name privacy rights, the Snowe bill "basically says that if you provide WHOIS privacy, you have to lift the veil if anyone, anywhere, sends you a notice claiming that the domain has been misused. Since there is no provision for checking that the notice is real, and no penalty for making false claims, we can assume that should this act be enacted into law, within about five minutes robots will be scouring WHOIS databases and automatically mailing off robonotices."

A citizens group has mounted a petition against the bill, which you can read and sign at this address.

The Council of Europe is pushing to extend the Cybercrime Convention to impose criminal sanctions on what it considers to be unacceptable forms of political or religious expression. The Cybercrime Convention was originally negotiated to respond to transnational problems such as theft of data, breaking into computers, computer-based financial fraud and the like. But now the Council is engaged in bulk unsolicited emails to promote the idea that web site content that is insulting or xenophobic is a cybercrime of the same order.   more »

On Monday the NTIA released the agenda for the upcoming public meeting in Washington DC covering the Mid-term Review of the JPA between DoC and ICANN. And yesterday, in Geneva, the Internet Governance Forum opened its first preparatory meeting for the upcoming Forum in Hyderabad, India from December 3-6. It’s too early to draw conclusions, but the structure of the meetings suggests two distinct operational modes of Internet governance.   more »

The Internet Governance Project welcomes Dr. Michel J.G. van Eeten as a new member of its Scientific Committee. Dr. van Eeten joins the IGP from Delft University of Technology, the Netherlands, where he is an Associate Professor on the Faculty of Technology, Policy and Management. In addition to his responsibilities at TU-Delft, van Eeten also teaches in several executive education programs at the Netherlands School of Public Administration in the Hague.

His research focuses on the reliability and security of critical infrastructures, most recently on the issue of Internet security. Recent work as a policy analyst includes advice for a variety of infrastructure operators and service providers in telecommunications, rail transportation, electricity provision, water supply and financial services. Currently, he is a consultant for the Dutch Ministry of Economic Affairs and the OECD Working Party on Information Security and Privacy. Dr. van Eeten was the lead author on a 2008 OECD study (currently being declassified), the Economics of Malware: Security Decisions, Incentives and Externalities. van Eeten remarked, "Over the last couple of years, I've enjoyed reading the IGP's work and I look forward to joining the debate." Commenting on the new addition, Dr. Milton Mueller said, "In addition to strengthening IGP's global approach to scientific analysis of Internet policy issues, Dr. van Eeten brings expertise in the economic and organizational aspects of Internet security, adding a valuable perspective to the IGP's work. The IGP is privileged to benefit from his participation."

For some time it has been known that law enforcement authorities in Norway and Finland have prepared lists of alleged child pornography web sites, and demanded that local Internet service providers block access to them. This model of blocking access was avidly picked up by Internet law enforcement authorities in other countries, including the Netherlands, where pressure has been placed on ISPs to block these sites or risk being publicly smeared as aiding and abetting child abuse.

Using ISPs as intermediaries for censorship is a bad idea because mandated site blocking violates the principle of net neutrality. Truly illegal content should be handled by prosecuting the producers, publishers and hosts of the content rather than through attempts to block and control Internet access on a territorial basis. Governments, however, claim that they must block access because of the heinousness of child abuse and because the heinous sites were out of the reach of local law enforcement. Many people have bought that argument.

Until now. Recently, Finnish activists got their hands on the Finnish government's official list of blocked sites. The results of their discovery are astounding. Most of the censored sites are located either in the United States or EU countries -- and thus are not outside the reach of child protection laws. Equally disturbing, most of the sites on the blocking list are not child pornography sites at all, but legal adult pornography sites. And many are not even porn sites at all.   more »

Just who will be "it" and control the secure DNS root took another turn this week at ICANN-Delhi, when VeriSign unexpectedly announced it would implement a DNSSEC test bed for the root zone either later this year or the beginning of next year. In a discussion that covered root zone management process improvement and DNSSEC test bed implementation, VeriSign's Ken Silva acknowledged that the current process is somewhat of a "black box." The 20+ year telecommunications and security industry exec and former executive technical director at the NSA, cited their current role as publisher of the root zone and its need to be familiar with all the anticipated components that will go into future root zone database management as reason for the initiative.   more »

The Security and Stability Advisory Committee (SSAC) has added a new wrinkle to the ongoing domain name Whois saga. In a document released late last week, it identified some well known and other less talked about problems with the Whois protocol and it called on ICANN and its community to pursue a more holistic approach involving policy recommendations. Interestingly, it also called for consideration of a new “formal directory service for the Internet” standard to serve domain name interests.   more »

Bret Fausett's blog has cast new light on the ICANN JPA question. Many of us had assumed that the JPA was a replacement for the earlier, more prescriptive Memorandum of Understanding between ICANN and the US Commerce Department. The MoU was first drafted in November 1998 and was amended six times from 1999 to 2003. Ending the JPA, it is widely assumed, would eliminate all forms of Commerce Department oversight over ICANN's policy making and leave in place only the more important IANA contract, which is completely separate from the JPA/MoU. Doubts are now raised about this assumption.

As IGP warned an uncomprehending press corps back in 2006, the shift from MoU to JPA was much less of a "dramatic step" away from US control than ICANN's PR effort made it out to be. Now, if Fausett is right, it appears that getting rid of the JPA is less important than ICANN is making it out to be.

It all depends on what we mean by "the JPA."   more »

IGP today responded to a U.S. Department of Commerce proceeding seeking comment on the future of its political oversight over ICANN. The proceeding is part of a mid-term review of ICANN's 3-year Joint Project Agreement (JPA) with U.S. Commerce Department NTIA.

In a move that is likely to attract attention and debate we called for ICANN and the IGF to forge an agreement to institute a bi-annual review and public consultation concerning ICANN’s record and accountability. These ideas will be raised both at the U.S. Commerce Department public meeting February 28 and at the public consultation of the U.N. Internet Governance Forum in Geneva February 26.   more »

We were discussing how governments could take over ICANN. This was in response to a new meme gaining popularity within the Beltway: the idea that we need to retain the Commerce Department’s leash on ICANN (the JPA) because if we don’t, other governments (autocratic Russians, Chinese commie hordes, turbaned Islamo-fascists or languid, dirigiste Europeans) will somehow “interfere” with DNS.

But the future of the JPA has virtually nothing to do with ICANN’s subordination to other governments. It's about ICANN's subordination to the US government. The people advancing this meme have not specified how a government takeover is supposed to happen, much less how retaining the JPA would prevent it. As I started to argue yesterday, it is hard to conceive of a single plausible scenario for governments to exert more power over ICANN that isn't either a) already happening, and being aided and abetted by the USG; b) more likely to happen the longer the US stays in control or c) require the US government’s consent.

To prove this point, here are some plausible scenarios and mechanisms through which national governments could put pressure on ICANN. By examining these, we can better appreciate just how far off base the CDT and others are.   more »

"War is peace, freedom is slavery, and ignorance is strength." And, according to the Center for Democracy and Technology, ICANN's Joint Projects Agreement giving the US government the ability to tell ICANN what to do is a way of "protecting the DNS against governmental interference." Hmmm...   more »

The European Parliament has issued a resolution which illustrates the growing interplay of global Internet governance and domestic or regional polities. It also hints at how we might begin to incorporate the broad array of interests affected by global Internet policies.   more »