The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 20 Issue 96

Sunday 23 July 2000

Contents

o PFIR Statement on Internet Policies, Regulations, and Control
Lauren Weinstein and Peter G. Neumann
o Info on RISKS (comp.risks)

PFIR Statement on Internet Policies, Regulations, and Control

Lauren Weinstein <lauren@vortex.com>
Sun, 23 Jul 2000 22:24 PDT
         PFIR Statement on Internet Policies, Regulations, and Control
                            July 23, 2000
                http://www.pfir.org/statements/policies


Executive Summary
 -----------------

It is increasingly clear that the Internet, as embodied by the World Wide
Web and a wide variety of other Net-based services and technologies is
rapidly becoming a critical underpinning and foundation to virtually every
aspect of our lives, from the very fundamental to the exceedingly mundane.
It is likely that few aspects of commerce, education, communications,
government, entertainment, or any other facets of our daily existence will
be unaffected by this exceedingly rapid change that is sweeping the globe
far more rapidly than would have been anticipated only a few years ago.

These global and interconnected developments, unprecedented in human
history, suggest that decisions regarding policies, regulation, control, and
related Internet activities will be of crucial concern to the *entire*
world's population.  Consequently, the proper representation of many varied
interests regarding such activities must be respected.

It is our belief that the current mechanism for making many key decisions in
this regard, as embodied in The Internet Corporation for Assigned Names and
Numbers, "ICANN" (http://www.icann.org), is proving to be inadequate to the
task at hand.  We believe that this is the result primarily of structural
and historical factors, not the fault of the individuals directing ICANN's
activities, whom we feel have been genuinely attempting to do the best
possible job that they could with highly complex, contentious, and thankless
tasks.

We are convinced that the Internet's future, and the future of humanity that
will be depending upon it to ever increasing degrees, would be best served
by consideration being given to the establishment of a new, not-for-profit,
voluntary, international organization to coordinate issues of Internet
policies and related matters.  This organization would be based on a
balanced representation of private-sector commercial and non-commercial
interests, and public-sector interests including governmental bodies and
organizations, educational institutions, and other enterprises.

Although the proposed course of action is expected to be difficult, the
risks of inaction are enormous and likely to increase dramatically in the
coming years.


The Historical Basis
 --------------------

The historical path that has led us to the current juncture is well
summarized in a recent U.S. General Accounting Office (GAO) Report
(http://www.pfir.org/gao-icann.pdf).  It details how the late Dr. Jon Postel,
Director of the Computer Networks Division of the USC Information Sciences
Institute (USC-ISI), nearly singlehandedly managed many of the core aspects
of Internet number assignments, hostname and domain management, and related
tasks reaching back decades to the early days of the Internet's ancestor the
U.S. Department of Defense ARPANET.

As one of the Net's earliest pioneers, he conducted this work under
Department of Defense contracts related to the Net's ongoing development and
support, and given that there were few (if any) commercial pressures related
to the Net over most of those years, he was pretty much left alone to handle
matters as he saw fit, ultimately as the IANA -- the Internet Assigned
Numbers Authority.  He did a remarkable job without which the development of
the ARPANET and Internet would have been far less successful than they were
as a result of his efforts.

Dr. Postel's untimely and unexpected death in 1998, less than two years ago,
left both a professional and personal gap for many of us.  It also raised the
specter of many potential problems, given the rapidly changing nature of the
Internet.  We now see that many of these concerns were indeed well-founded.
Before his death, Dr. Postel had been instrumental in the creation of ICANN,
as an entity to fulfill the U.S. Federal Government mandate that Internet
operational policy and control matters be fully privatized.  The interim
ICANN board of directors which he selected constituted itself as the formal
board of the corporation after his death.

The GAO report discusses in detail the sequence of events through which
various authority has been invested in the resulting ICANN non-profit
corporation.  While as recently as 1996 the IANA and other groups were
proposing an international consortium to be based in Switzerland to deal
with these issues, the existing incarnation of ICANN is headquartered in
Marina Del Rey, California, in the same office building tower that has long
housed the USC-ISI facilities where Dr. Postel labored throughout the years.


The Current Situation and Problems
 ----------------------------------

ICANN takes pains to describe itself as not "controlling" the Internet, but
in practice the decisions and functions that it performs exert a degree of
influence over existing Internet operations that may be difficult to
differentiate from "control" except in a linguistic sense.  However, it is
certainly the case that by and large, there is no general rule of law
*requiring* Internet-connected entities, from businesses to educational
institutions, and from Internet Service Providers (ISPs) to individual
Internet users, to conform to the structure of the existing network and the
currently defined policies.

While there are technical considerations making it impractical for large
portions of the network to migrate quickly to different domain naming
servers and other related mechanisms, it would at least be theoretically
possible, essentially by system administrators and users editing a few files
on their systems.  This underscores the remarkable fact that ICANN's role
(as documented in the GAO report) is derived from only broad statutory
authorities of various U.S. Government Agencies, since the U.S. Congress has
not enacted legislation addressing these specific matters.

Unfortunately, even a few years ago it was not possible to accurately foresee
the degree to which the Internet would very quickly permeate so many aspects
of domestic and international commerce, education, privacy, security, law
enforcement, and so many other facets of our societies.  Nor was it clear
how rapidly large commercial interests and incredibly vast sums of money
would move into the Internet, in many cases resulting in attempts to
redefine the network in a purely commercial context.

The resolving of the resulting tensions, problems, and disputes present an
immense challenge that the fundamentally informal and ad hoc nature of ICANN
does not appear well-suited to undertake.  ICANN's style of decision-making
and "making up the rules as we go" that worked so admirably as the
ARPANET and Internet were in their relatively slow, gradual stages of
non-commercial development now seem to be contributing to the strains of
Internet policy, rather than alleviating them.

Some examples of these continuing problems and the resulting troubling
changes are obvious even from the most recent ICANN meeting, held in
Yokohama, Japan in mid-July, 2000.  Even though many observers had felt that
the registration and voting plan chosen by ICANN to facilitate the election
of "At Large" directors was inherently flawed, it was still alarming at this
late stage to see the ICANN board backpedaling on the election schedule for
some of the At Large directors.

Also troubling is the manner in which the board plans to start a new
study concerning the entire concept of At Large directors and how they would
be handled in the future.  While it is worthwhile that ICANN has apparently
recognized that some of their previous decisions in this regard may be
flawed, it is of concern to see such important decisions made, altered, and
subjected to major reevaluations in such short order.  Such rapid changes in
direction are not conducive either to the confidence or the understanding of
those persons in either the public or private sectors who necessarily view
this process from afar.

Similarly, the contentious issue of domain names (which seems to attract
much of the attention and time, but ultimately is likely to be one of the
least important issues relating to the future of the Internet) still seems
to be spinning like a top.  While ICANN announced that new Top Level Domain
Names (TLDs) would be assigned, they left the world pretty much hanging in
the wind concerning most details, which were put off until later in the year.

One detail that they did establish is among the most questionable -- the
assignment of a USD $50,000 *non-refundable* "application fee" payable by
any entity that wishes to be the registrar for a new TLD.  While ICANN's
desire to deal with organizations that would be able to provide stability to
domain name handling is laudable, an essentially arbitrary fee of this
nature has the effect of "locking out" organizations (especially of a
non-commercial nature) who might very well be ideally suited to handling a
TLD, but who don't have a spare $50K laying around to irretrievably devote
to an application fee that might well lead nowhere.  Meanwhile, concerns
over the fairness of the existing domain-name resolution dispute policies
continue to bubble up on a seemingly daily basis.

Again, we wish to emphasize that we consider these and similar problems to
relate to the fundamental history and structure of ICANN, not to a lack of
concern or positive intentions on the part of its directors.  However, we
feel that it has become clear that the foundation of ICANN is inappropriate
for the sort of entity that is needed to appropriately lead the Internet in a
direction to benefit the totality of the world's populations into the future.


A Proposal for a Different Approach
 -----------------------------------

We suggest that only a *completely new*, more formally structured,
not-for-profit, internationally-based organization is suited to this task,
with clearly and precisely-defined delegations to represent a broad range of
concerns and interests.  We explicitly feel that existing domestic and
international organizations, such as the Internet Engineering Task Force
(IETF) or the United Nations, are unsuited to this purpose -- because they
would inevitably bring too much historical "baggage" and existing conflicts
to the table.  An effective framework for dealing with these issues needs to
start from first principles.

This new organization would exist solely for the purposes of helping to
resolve and manage the range of complex issues relating to the global
Internet, many of which are impossible to even begin to effectively approach
without international cooperation and broad agreements.  We believe that
this organization could thus play a major role towards helping to ensure
that the Internet evolves in a manner to best benefit people around the
world.  Freedom of choice and the encouragement of diversity are extremely
important factors when dealing with these issues.  The organization would
neither desire nor seek the power to impose outside decisions upon any
national government or other governmental bodies, whose participation would
be completely voluntary and who would always maintain sovereignty over their
own decisions regarding the manner in which they and their citizens would
access or otherwise use the Internet.

We do not intend this document as a blueprint for the detailed structure or
operations of such a newly constituted organization, but rather as a
starting point for further discussions and consideration of this concept --
as a first step.  With that in mind, we proceed to offer some foundational
assumptions regarding such an organization.

A primary tenet would be that this proposed organization be truly and
*formally* international in nature.  This means that the delegations, with
decision-making powers, would be chosen in a formal manner from "day one" to
provide balance to the deliberations amongst the many varied domestic and
international entities and interest groups around the world.  A defined
procedure would also exist for the bringing of new groups and interests into
the formal process in an appropriate manner.

The organization should be constituted in such a way as to not only
represent the needs and desires of the existing developed countries where
most Internet activity is currently taking place, but also the needs of the
underdeveloped and developing worlds, who are in some cases already being
thrust onto the Internet, but find themselves with few if any avenues
to impact its directions or orientations.  Similarly, the needs of
economically-disadvantaged persons and groups in any countries must have
consideration and weight in the process (relating to the aptly-named
"digital divide"), not just the economically-advantaged to whom the bulk of
the existing attention regarding Internet policies and development have been
skewed.

The desires of the commercial arena are of course of great importance to the
growth, development, and use of the Internet, but they cannot continue to be
of *overriding* precedence as increasingly now appears to be the case.  To
that end, the organization would include delegations to balance the
interests of for-profit and non-profit, commercial and non-commercial groups
and persons, with all facets having a relatively equal voting share
towards the outcome of deliberations.  Should educational and non-profit
research institutions and focused public service groups have a formal say
towards the Internet's future as well as billion-dollar for-profit
corporations?  We say yes.

A third balancing but *not* dictatorial element of the proposed organization
would be public sector participation by domestic governments and their
various institutions.  While we realize that this is a controversial
element, we feel that it is absolutely crucial.  Privatization may be all
the rage, but it is unrealistic in the extreme to expect successful
management of the Internet, its resources, and the many competing concerns
of the world's citizenries without at least some government involvement in
the process.  Neither the for-profit nor non-profit worlds can be expected
to adequately fulfill this role on their own.

The lack of a formal role for governments and the interests of government
agencies in the *global* process of Internet policymaking is already
resulting in all manner of unfortunate and even dangerous abberations.  The
national governments of many countries are already implementing unilateral
rules, restrictions, and sometimes bizarre policies, many of which are
nonsensical when taken in the international borderless context of the
Internet.  The result is confusion all around, for individual users,
businesses, non-profit organizations, and everyone else.  International
disputes, such as the continuing disagreements between the European Union
and the United States over consumer and Internet privacy policies, are
another example of the problems that result when these issues are not dealt
with adequately on a continuing, developmental basis, with input from
national governments *and* the other groups we've defined above, on a
*cooperative* basis all throughout the process.

Attempts to keep the Internet policymaking process free of government input
have often resulted in governments swooping in later, frequently with what
might be characterized as "knee-jerk" reactions, often to the detriment
of the Internet and its global community.  It would be far better to define
the participatory role of governments in the first place, and have them as
part of the team, rather than as an after-the-fact "spoiler" kept on the
sidelines for most of the deliberations process.  They deserve to be
involved, and they should be involved.

Of course, the various participatory categories as defined above are not the
only manner in which the range of involved interests could be organized.
Educational institutions, for example, can fall into for-profit, non-profit,
public, and private classifications, suggesting other possible ways to
structure or define these categories.  The important point is that whatever
detailed organization is chosen, it be formally structured in a manner that
guarantees balanced and appropriate participation by all involved parties.

Will the creation and operation of this proposed organization be simple or
without any conflict?  No and no -- without doubt, it will be an extremely
difficult undertaking, without any guarantee of success.  Determining the
details of a fair system for representation and voting by the many diverse
persons, interests, groups, and institutions who would be involved will be
challenging to say the very least, and there will be many other difficult
issues to resolve.

On the other hand, it is obvious that the existing process is not working,
and appears to be leading us ever farther down a path of increasing
conflicts, rising confusion, growing concerns, and simmering anger on the
part of users and organizations -- plus ever more radical reactions.  The
internationally-focused, formally-balanced approach proposed herein may have
a chance of helping to steer the incredible hybrid of people and machines --
the Internet -- onto a course that will benefit *all* of humanity.

The Internet is undoubtedly one of the most powerful tools that has come to
pass in human history -- for good or ill.  To squander it, to allow
short-sighted attitudes or the self-interests of any particular groups or
individuals to divert its course to the detriment of society, would earn us
the condemnation of the future.  How much better it would be to instead earn
the future's thanks, for doing what we knew was right, when we had the
opportunity to do so.

   - - - - -

Lauren Weinstein
lauren@pfir.org or lauren@vortex.com or lauren@privacyforum.org
Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy

Peter G. Neumann
neumann@pfir.org or neumann@csl.sri.com or neumann@risks.org
Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
Moderator, RISKS Forum - http://catless.ncl.ac.uk/Risks
Chairman, ACM Committee on Computers and Public Policy
http://www.csl.sri.com/neumann

Please report problems with the web pages to the maintainer

Top