[news] The Internet: Who's in charge?

Thu Mar 18 23:24:04 CET 2004

The Internet: Who's in charge?
By Declan McCullagh
CNET News.com
March 18, 2004, 6:33 AM PT

http://zdnet.com.com/2100-1104_2-5175153.html

Who should run the Internet?

It's no longer merely an academic question. Since 1998,
responsibility for overseeing domain names and addresses has rested
with the Internet Corporation for Assigned Names and Numbers (ICANN),
a nonprofit group based in Marina Del Ray, Calif.

ICANN has enjoyed notable successes in the last six years. It has
created a way to resolve domain name disputes, formalized some ad hoc
arrangements the U.S. government created and approved a handful of
top-level domains like .aero and .museum. In between, ICANN has
weathered outbreaks of congressional enmity and, occasionally,
outright hostility from foreign governments.

But now, the governance structure of the Internet may have reached an
inflection point. ICANN is being assailed domestically by VeriSign,
which filed a federal lawsuit last month, complaining that it has
been repeatedly thwarted in trying to make money off its
government-granted right to run the master .com and .net database.
Internationally, ICANN is fending off a power grab from the United
Nations, which has wanted more involvement with the Internet, ever
since one of its agencies in 1999 proposed a tax of 1 cent per every
100 e-mail messages.

In charge of ICANN during this tumultuous period is Chairman Vint
Cerf, who is better known as one of the fathers of the Internet and
co-designer of the Internet's workhorse, Transmission Control
Protocol/Internet Protocol. CNET News.com spoke with Cerf about
future top-level domains, the United Nations and the future of ICANN.

Q: VeriSign CEO Stratton Sclavos recently told CNET that ICANN is
standing in the way of innovation. Any response?
A: I am actually a little surprised to hear that. Let me give you an
example. Not too long ago, the Internet Engineering Task Force (IETF)
began working on an idea that now goes by the term ENUM. That
represented a very significant addition to the functionality of the
domain name system (DNS), because it introduced this concept of the
naming authority pointer, which is a very general idea.

It is a new record type that has to be implemented, but it does not
have any impact on any pre-existing services. So there is an example
of a very substantial increase in functionality and a very innovative
way of using the DNS on which ICANN worked very closely with others,
including the International Telecommunication Union and the Internet
Architecture Board, to get the mechanisms in place for doing ENUM.

VeriSign says it's still waiting for a report from ICANN on technical
problems Site Finder caused. Should we expect one?
You should expect one. My understanding is that the committee is
looking for some additional clerical help in finishing its report. So
we are trying to deal with that.

Some observers view the lawsuit between VeriSign and ICANN as an
example of a broader cultural clash between the original architects
of the Internet and for-profit businesses. Where do you think the
truth lies?
To be honest with you, it looks to me like side effects associated
with the commercialization of different parts of the Internet. I was
a very strong proponent of that kind of commercialization as far back
as 1988, primarily on the grounds that if we did not build a
commercial model that generated enough revenue to make the network
self-supporting--that in the long term, the government would not be
in a position to support it forever.

The side effect, though, and the place from where the clash may be
coming, is that the Internet's architecture has a character to it
that determines what you can and cannot easily do to it. You can add
a great deal of functionality at the edges of the Net. It is a
layered architecture, and at the higher levels, it is fairly
straightforward to add a new function without interfering with the
operation of lower-level systems, but if you are trying to make
changes to the core of the system or core elements of the system, it
is much harder.

Can you give an example?
Look at how difficult it has been to go from IPv4 to IPv6. That is a
very central component of the Internet's design, and adding IPv6 is a
big challenge and it has been a slow process. We are starting to see
some motion, especially in Asia and in Europe--perhaps more so than
in North America. The closer to the core you go, the harder it is to
make changes.

So the innovation that we have seen in the Net over the last couple
decades has largely come at higher levels of protocol at the edges of
the Net. The Web was not part of the original Internet design, and it
did not have to be, because it is layered on top of it. A lot of the
applications that sit on top of the Web--streaming audio and video,
even some VoIP functionality or instant messaging--are all things
that get added at high levels of protocol architecture, and that is a
lot easier. So, if there is a clash here, I do not think that it is a
culture clash. I think it is almost physics: The system has an
architecture capable of being stretched in certain dimensions and
difficult to stretch in others.

With the benefit of hindsight, did ICANN approve enough new top-level
domains, when you added just a few such as .aero, .biz and so on?
When I think about all the problems that arose at least for some of
those new TLDs (top-level domains), it is not clear that having a
larger number of them would necessarily have been helpful. We are
still seeing some side effects of introducing those new TLDs. For
example, there was a discussion during the Rome meeting about
continuing difficulties with some software that's having trouble
recognizing domain names that were longer than three characters,
because many software developers made the assumption that somehow,
all top-level domains were either two or three characters. We're
still uncovering places where .aero, for example, does not work.

At some point, we begin to wonder whether having 10,000 top-level
domains is actually a helpful tool. Some people think of TLDs as a
kind of index into the Internet--but it is a terribly crude index, if
it is that at all. We have already seen much more sophisticated
searching mechanisms. The search tools of Google and others are
probably more refined in their ability to discover any particular Web
site or domain name than using the top-level domains as a kind of
thesaurus. I am not arguing, by the way, that this means that we
should never create any new top-level domains. I am only saying that
is another consideration.

In the next round of considering top-level domains, how many do you
think that ICANN will approve? Does it depend entirely on the type of
submissions you receive?
There is no specific number that has been set for acceptance. So,
this is different from the proof of concept that took place before.
In this case, we are trying to put a more regular procedure in place
with a more clear process of evaluation, but my understanding is that
we have not put any limits on the number of applications, and that as
applications are qualified, that they would presumably be approved.

When is the earliest that forthcoming top-level domains would
actually become active?
The current timeline for this process starts generating results in
July or August. I think it depends on how well put together the
proposals were. If a proposal is very, very clear and all of the
other criteria clearly match, it might well be possible that the
evaluation for such a proposal would take less time. That does not
speak to how long it takes for the party that made the proposal to
actually turn the service on. That (involves) other questions, like
how long it takes to negotiate the contract that would go along with
having met the qualifications.

Now that ICANN has approved the Wait-Listing Service (WLS) what happens next?
The Wait-Listing Service itself was accepted by the board (a while
ago). We authorized the staff to proceed and then there were
discussions. My understanding was that a proposal was made for
implementation, for what the terms and conditions would look like.
There were five areas of concern, and so guidance was given to the
staff to discuss with VeriSign how to meet those five new terms and
conditions. We were satisfied (at the Rome meeting this month) that
ICANN and VeriSign had come to a satisfactory resolution of the terms
and conditions, and the board voted to authorize WLS. At this point,
the next step is to send this to the Department of Commerce for its
review.

Do you have any guidance from the department about how they are
likely to view it?
I have not had any specific discussions with the Commerce Department
folks, so I do not know how they are viewing this. I do not know that
there is any obvious reason for them to reject it.

Regarding Whois data, do you think there is a reasonable argument
that it implicates European data protection laws?
It is pretty clear that in some, perhaps even many jurisdictions,
concern over personal privacy is very visible and understandable. At
the same time, you can imagine circumstances where having knowledge
of who the registrant is might be very important. It might be for law
enforcement reasons; it might be for reasons of wanting to let that
party know that there is a problem with either their domain name or
with the way it is resolving or not resolving, and there may even be
reasons to want to contact the party because there is a dispute.

So there are a number of reasons why someone might need to know
information about a registrant in order to contact that person. So
that leaves you with this conundrum: Under what circumstances should
the information be available and under what circumstances should it
be protected. I know that modern databases have the ability to mark
information for differential access, but the other side of the coin
is figuring out how do I authenticate a party and then figure out
what authorizations they have. Does that make sense?

It does. And it's not just the Europeans. Every country might have a
different set of rules.
What that translates into is that for the parties that maintain this
information, there might be some tension between what the ICANN
community wishes it to do and what the local jurisdiction allows it
to do. But I do not think that is very different from a lot of other
business circumstances, where companies find themselves having to
adapt their business rules to conform to local requirements. It is a
little bit like accounting rules. Some will vary from one
jurisdiction to another, and you just have to face that.

ICANN's budget is growing every year, with a staff of around 30 and a
budget growing to $10 million. At the same time, you're coming under
attack for going beyond ICANN's mandate of consensus-building and
coordination. Is there some sort of disconnect?
It would probably be useful for you to compare ICANN's size and
workload with some similar kinds of organizations like Ripe NCC or
some of the other players in the Internet environment. This (size) is
not unusual.

The other thing that I believe is missing from that formulation is
that while the mechanics may be fairly straightforward, figuring out
whether that particular entry in a database should be made is not so
simple. We get into policy questions. The most knotty are things like
re-delegation of a top-level domain. It is amazing how complex that
can get and the staff has started to document some of the historical
complexities associated with re-delegations.

Just to give some sense of how difficult and tricky it can be, .ng,
Nigeria for example was one of the more complicated ones. The
president of the country ultimately had to step in to try to resolve
disagreements within his own government as to which part of the
government should be responsible for the top-level domain. And there
were a lot of other complexities in between.

Is that a one-time episode? Once ICANN resolves the .ng problem, you
can leave it alone?
No, it is not. A re-delegation could happen to the same top-level
domain more than once. So, in other words, the fact that you have
gone through every delegation one time does not mean you will never
have to go through it again. We have had situations where an
organization was delegated the responsibility for a TLD and then that
organization went out of business, and then the question is, "What do
we do now?" And it takes time for new parties to make themselves
known and qualified to serve in that role.

In the VeriSign lawsuit, GoDaddy offered you $100,000. Will you take it?
That has not come to me as a policy question, so you might want to
ask the staff.

Did the VeriSign lawsuit have anything to do with the board voting on
the Wait-Listing Service a few days ago?
No, that had absolutely nothing to do with it. The Wait-Listing
Service has been in play for almost two years and so that particular
action was part of the next step in the process.

The lawsuit was filed Thursday, and the meeting began on Sunday. Was
it timed to get your attention?
I will let you draw that conclusion. I would point out that we spent
our week doing what we thought was our work. I did not find the
lawsuit to be a particular distraction, except for the fact that we
felt somewhat constrained as to what we could or could not say in the
course of our meetings.

The United Nations' International Telecommunication Union seems
increasingly interested in this area. Do you view them as a rival, or
a collaborator?
This is a reflection of how governments are beginning to awaken to
the importance of the Internet to their economic interests. Since
ICANN is the only visible body that has clear policy responsibility
for part of the Internet, a lot of attention has been focused on
ICANN. I hope that the UN task force that Kofi Annan, the secretary
general, just set up will look at this question of Internet
governance and recognize that it is an extremely broad topic that
covers a considerable amount of territory well beyond what ICANN is
responsible for.

Certainly in my role as chairman, I have absolutely no desire to
expand any further ICANN's responsibilities beyond its current
mandate, but I do think that there are a lot of issues associated
with the use of Internet that are of public interest and are the
proper province of government.

Are there any areas that ICANN should withdraw from and cede to a UN agency?
Not that I can see right now, as long as we stay well within the
ambit of our responsibilities.

--

-----------------------------------------------------------------
Frannie Wellings
Policy Fellow, Electronic Privacy Information Center
Coordinator, The Public Voice
1718 Connecticut Ave. N.W., Suite 200
Washington, D.C.  20009   USA
wellings at epic.org
+1 202 483 1140 extension 107 (telephone)
+1 202 483 1248 (fax)
http://www.epic.org
http://www.thepublicvoice.org
-----------------------------------------------------------------