June 16, 2014 | Backgrounder on Regulation
The U.S. should not end its role in the assignment of Internet names and numbers before adequate checks and balances are put in place to ensure that an independent Internet Corporation for Assigned Names and Numbers (ICANN) acting without U.S. oversight is transparent and accountable, and cannot be hijacked by governments or intergovernmental organizations. The conditions articulated by the National Telecommunications and Information Administration give little practical guidance or details on what would constitute an acceptable alternative mechanism. Congress should define and detail minimum protections, including protections to preserve freedom of expression and reforms designed to enhance ICANN accountability and insulate it from government capture, which must be in place before the U.S. will agree to the transition.
The U.S. National Telecommunications and Information Administration (NTIA) has contracted with the Internet Corporation for Assigned Names and Numbers (ICANN) to manage core functions of the Internet since ICANN was established in 1998. ICANN is a private nonprofit corporation created to manage policy and technical features of the Internet’s domain name system (DNS) in a multi-stakeholder manner. Since the establishment of ICANN, the federal government has expressed its intent to make governance of the DNS fully private—that is, free from government oversight. However, this transition has been repeatedly deferred due to a perceived value in retaining U.S. influence and concerns over ICANN’s ability to fulfill its responsibilities absent the oversight role played by the NTIA. Unexpectedly, on March 14, 2014, the NTIA announced that it did not intend to renew its contract with ICANN and mandated that the organization consult with “global stakeholders” to agree on an alternative to the “current role played by NTIA in the coordination of the Internet’s [DNS].” The existing contract expires on September 30, 2015. However, the contract permits the NTIA to exercise two renewal clauses, each for two-year periods, which could extend the current contract through September 30, 2019.
When making the initial announcement, the NTIA stated it would not withdraw from the process until an acceptable alternative mechanism is developed. This new mechanism, the NTIA stated, must: (1) “Support and enhance the multi-stakeholder model”; (2) “Maintain the security, stability, and resiliency of the Internet DNS”; (3) “Meet the needs and expectation of the global customers and partners of the IANA [Internet Assigned Numbers Authority] services”; and (4) “Maintain the openness of the Internet.” Additionally, the NTIA stated that it “will not accept a proposal that replaces the NTIA role with a government-led or an inter-governmental organization solution.” After concerns were voiced in Congress and the private sector, the NTIA clarified that the U.S. would renew the IANA contract with ICANN should the transition proposal fall short.
The NTIA’s conditions are a good start, but insufficient, giving little practical guidance or details on what is an acceptable new oversight mechanism. The Internet is too important to permit such ambiguity. Congress should work with the Administration to define and detail minimum protections, including protections to preserve freedom of expression and reforms designed to enhance ICANN accountability and insulate it from government capture, which must be in place before the U.S. will agree to the transition. Ensuring that this transition occurs correctly is of paramount importance to the future of the Internet as a free, stable, and dynamic arena for human expression and economic growth. As explained in more detail below, those minimum protections should include procedural mechanisms that:
The U.S. should not end its role in the assignment of Internet names and numbers before adequate checks and balances are put in place to ensure that the newly privatized system is sufficiently transparent and accountable and is not vulnerable to hijacking by governments or intergovernmental organizations opposed to a free and private Internet.
The DNS allows users to type a website name into an Internet browser and connect with that website; heritage.org, for instance, leads to The Heritage Foundation website. The suffix to the right of the “dot” is the web address at the top of the DNS pyramid. These are known as generic top-level domains (gTLDs) and country code top-level domains (ccTLD). Examples include .com, .org, and .clothing for gTLDs and .uk or .ru for ccTLDs.
The U.S. government has contracted with ICANN to administer this system—known broadly as the IANA—since 1998. This responsibility focuses primarily on the updating, expansion, and maintenance of the DNS root zone, essentially the address book of the Internet. The root zone is maintained on 13 sets of root servers. These 13 sets are not housed in 13 distinct locations, but are comprised of hundreds of root servers at over 350 sites in many different countries.
ICANN’s policy process for changing the DNS begins with consultation with the multi-stakeholder community. To change the root zone, a registry operator notifies ICANN of the proposed change. In order for a change to be made to the root, it must be in line with the consensus policies developed as a part of the multi-stakeholder process. ICANN, through a series of administrative and technical checks, makes the initial decision to make or reject the change. In most cases, changes to a root zone are routine maintenance and are non-controversial. More controversial issues—such as the creation of new gTLDs or ccTLDs—are opened for public comment and discussion until a consensus is reached.
ICANN’s proposed changes to the root zone are sent simultaneously to the NTIA for authorization and to the root zone maintainer. The NTIA very rarely rejects decisions reached by ICANN, leaving Internet governance almost entirely to the private sector. It has, however, served an important role in ensuring that proper processes are followed. U.S. oversight has been light-handed, focusing on maintaining and developing Internet stability and reliability. This has allowed the Internet to grow and develop at a fantastic pace.
Once a root zone change is authorized by the NTIA, Verisign, a private company that has an agreement with the NTIA to act as root zone maintainer, performs technical checks on the proposed change, implements them and generates the updated root zone. Once the new updated root zone has been validated, it is distributed to the root servers. Typically a new root zone is propagated within minutes. A new root zone file is generated and propagated roughly every 12 hours.
The NTIA proposal to withdraw from its oversight role is in accordance with the federal government’s long-standing goal of privatizing Internet governance. As early as 1997, the Clinton Administration issued a directive instructing the Commerce Department to “support efforts to make the governance of the domain name system private.” Every Administration since has supported that goal, recognizing that the Internet, and the DNS system, is too important to be subject to government control.
Fulfillment of the goal of privatization, however, has been repeatedly delayed. As the Internet has grown in importance, concerns have arisen over what would fill the vacuum following the U.S. federal government’s exit from the field. Many nations, such as China and Russia, have made no secret of their desire to limit speech on the Internet that is critical of or damaging to their interests. Even some democratic nations have supported limiting undesirable speech, or limiting economic freedoms online. And international organizations such as the International Telecommunication Union (ITU), an arm of the United Nations, have expressed a strong interest in playing a role in Internet governance.
It should be stressed that ICANN presently has very limited power to actually “govern” the Web. Its job is focused on proposing and facilitating changes to the DNS. But even that power could be abused, by limiting or favoring certain domain names, or even by neglecting service of domain names of politically disfavored groups. Moreover, any government limits on Internet freedoms imposed through ICANN could serve as a precedent for limits elsewhere.
The Obama Administration implicitly recognizes that the decision to end the NTIA’s contractual role with ICANN poses a risk that the current system could be replaced by a less benign, government-led or intergovernmental-organization-led solution. The principles outlined by the Administration are basically guidelines for how to avoid that result. By their nature, however, they fall far short of the detail necessary to ascertain what would or would not be deemed acceptable alternatives.
The absence of clear, well-defined standards, checks, and requirements runs the risk that the NTIA will complete the transfer without adequately addressing these very real concerns because of a “pre-commitment” to a specific result or the natural momentum of the process. To ensure that adequate safeguards are adopted, Congress should work with the Administration through consultation and hearings to define and detail protections, checks, and balances required to pass muster under each of the broad principles identified by the NTIA. To guarantee that these protections are heeded by the Administration in deliberations over whether to renew or extend the ICANN contract, Congress should give them the force of law and make the expiry of the NTIA contract with ICANN contingent on their implementation.
Principle #1: The NTIA will not accept a proposal that replaces the NTIA role with a government-led or an intergovernmental organization solution.
The goal of reform should be an Internet that is free from governmental control, either individually or through inter-governmental bodies. Other nations have sought repeatedly, for example, to work through U.N. organizations such as the ITU to exercise greater authority in Internet governance. These countries can be expected to intensify their efforts in the wake of the U.S. government’s own withdrawal. Policymakers must ensure that ICANN, and any new bodies created in response to the NTIA withdrawal, represent private-sector users, with no government involvement beyond an advisory role. It is necessary that:
Principle #2: Maintain the openness of the Internet.
The Internet provides an unequaled forum for the exchange of ideas around the globe. Protecting the freedom of users to express their opinions or conduct online activities of their choosing should be a paramount goal of U.S. policymakers. Such free expression, however, is viewed as a threat by many authoritarian governments such as those in Russia and China. Domestically, these nations have long adopted policies limiting Internet freedom. The urge to censor is not limited to non-democratic regimes and institutions. The European Union, for example, recently required search engines, upon request, to remove links to categories of personal information, such as prior bankruptcies, which are considered no longer relevant or lack a compelling public interest meriting disclosure—in effect forcing search engines such as Google to censor content.
As a private corporation, ICANN does not have the power to directly limit speech globally. But freedom of expression could be hindered in more subtle ways. It could, for instance, refuse to allow specific domain names, such as “.falungong” or “.islam” to be entered into the root. More directly, governments can—and do—use the domain name system to shut down individual websites. Perhaps most troubling of all, an unfettered ICANN could include contractual terms in its agreements with registrars of domain names that would contractually oblige the registrars to limit Internet freedom or have that effect.
ICANN should, to the greatest extent possible, avoid content-based judgments in the administration of the DNS. To date, it has generally done so, with the prominent—and understandable—exception of steps to protect intellectual property. Having ICANN headquartered in the U.S. or subject to U.S. law does not itself establish an obligation by ICANN, which is not and will not be a state institution after the transition, to protect freedom of expression. To ensure that maximum freedom of expression continues, the Administration and Congress should insist on the following protections:
Principle #3: Support and enhance the multi-stakeholder model.
Under the multi-stakeholder model, ICANN should be responsible to and accountable to the users of the Internet, and not to any governmental body. To ensure this accountability, policymakers should:
Principle #4: Maintain the security, stability, and resilience of the Internet DNS.
The United States, as well as the Internet community at-large, has an interest in ensuring that the Internet remains secure, stable, and resilient and does not suffer disruptions due to the transfer. To help ensure that outcome, the U.S. should insist the following be part of the transition:
Principle #5: Meet the needs and expectations of the global customers and partners of the IANA services.
It is often argued that ICANN is a monopoly. That is not strictly true. There are a number of small niche “alternative” DNS systems that operate at the margin of ICANN’s market power. Perhaps more importantly, ICANN’s market power is significantly curtailed by other Internet services that allow consumers to locate specific websites. For instance, while the domain name heritage.org is of particular value to The Heritage Foundation, it is not essential in a world dominated by search engines. Even without a memorable domain name, Internet users would have little problem navigating to The Heritage Foundation’s website through various search engines or links on other websites. Nonetheless, ICANN’s role as a user-run cooperative with sole power to allocate and regulate new gTLDs justifies safeguards against market power abuses. The U.S. should, as a condition of ending the current arrangement, require ICANN to:
To continue the vitality and freedom of the Internet, ICANN should be insulated from political pressure from governments, either directly or through intergovernmental organizations such as the U.N. or the ITU. Instead, it should be accountable to individuals and businesses that use the Internet as a vehicle for discourse, commerce, education, research, news, and other purposes. The Obama Administration has rightfully recognized the need for safeguards to be in place before any transition of ICANN is implemented. While unobjectionable, the Administration’s principles for what these safeguards should be lack the specificity to inform multi-stakeholder deliberations and fall short of the specificity needed to objectively determine if a proposal will or will not be acceptable. The Administration and Congress should address this ambiguity with legislation that establishes clear standards for each of the Administration’s announced principles, as discussed.
In addition, to address outstanding questions about whether the NTIA has the authority to decline to renew the current contract with ICANN absent congressional consent, Congress should tie these standards to a specific instruction to the NTIA to retain its current authority over the contract until an acceptable proposal is reached.
In the near future, this would involve exercising renewal clauses in the current contract. Under the terms of the NTIA’s current contract with ICANN, “The Government may extend the term of this contract by written notice to the Contractor [ICANN] within 15 calendar days before the expiration of the contract; provided that the Government gives the Contractor a preliminary written notice of its intent to extend at least 30 calendar days before the contract expires.” The NTIA must provide notice to ICANN by August 31, 2015, of its intent to extend the contract. In legislation identifying required standards, checks, and other changes necessary to assuage congressional and private-sector concerns about the transfer, Congress should instruct the NTIA to provide notice of extension of the contract before this deadline, should ICANN’s proposal prove inadequate.—Paul Rosenzweig is a Visiting Fellow in the Douglas and Sarah Allison Center for Foreign and National Security Policy, of the Kathryn and Shelby Cullom Davis Institute for National Security and Foreign Policy, at The Heritage Foundation. Brett D. Schaefer is Jay Kingham Fellow in International Regulatory Affairs in the Margaret Thatcher Center for Freedom of the Davis Institute. James L. Gattuso is Senior Research Fellow for Regulatory Policy in the Thomas A. Roe Institute for Economic Policy Studies, of the Institute for Economic Freedom and Opportunity, at The Heritage Foundation. David Inserra is a Research Associate for Homeland Security and Cybersecurity in the Allison Center.
 In its Affirmation of Commitments signed with NTIA, ICANN commits to “(a) maintain the capacity and ability to coordinate the Internet DNS at the overall level and to work for the maintenance of a single, interoperable Internet; (b) remain a not for profit corporation, headquartered in the United States of America with offices around the world to meet the needs of a global community; and (c) to operate as a multi-stakeholder, private sector led organization with input from the public, for whose benefit ICANN shall in all events act. ICANN is a private organization and nothing in this Affirmation should be construed as control by any one entity.” ICANN, “Affirmation of Commitments by the United States Department of Commerce and the Internet Corporation for Assigned Names and Numbers,” http://www.icann.org/en/about/agreements/aoc/affirmation-of-commitments-30sep09-en.htm (accessed June 3, 2014).
 News release, “NTIA Announces Intent to Transition Key Internet Domain Name Functions,” National Telecommunications and Information Administration, March 14, 2014, http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions (accessed June 3, 2014).
 The U.S. government may extend the contract by written notice to ICANN by 30 calendar days prior to the expiration of the contract. ICANN approval is not required. U.S. Department of Commerce, Award to Internet Corporation for Assigned Names and Numbers (ICANN), Contract No. SA1301-12-CN-0035, Effective September 1, 2012, Sections I.59 and I.70, pp. 58 and 65, http://www.ntia.doc.gov/files/ntia/publications/sf_26_pg_1-2-final_award_and_sacs.pdf (accessed June 3, 2014).
 News release, “NTIA Announces Intent to Transition Key Internet Domain Name Functions.”
 Assistant Secretary for Communications and Information and NTIA Administrator Lawrence E. Strickling, “Promoting Internet Growth and Innovation Through Multistakeholder Internet Governance,” March 19, 2014, http://www.ntia.doc.gov/blog/2014/promoting-internet-growth-and-innovation-through-multistakeholder-internet-governance (accessed June 3, 2014).
 The most notable instance of NTIA interference with an ICANN decision involved the approval of the “.xxx” gTLD, which had been under consideration by ICANN since the early 2000s. In a 2005 letter, the Department of Commerce asked ICANN to delay this decision to allow further consideration of concerns by citizens and governments. ICANN eventually approved the gTLD in 2011 without opposition from the NTIA, even though the Obama Administration publicly disagreed with the decision. Lennard G. Kruger, “Internet Governance and the Domain Name System: Issues for Congress,” Congressional Research Service Report for Congress No. R42351, May 23, 2014, http://www.fas.org/sgp/crs/misc/R42351.pdf (accessed June 3, 2014).
 News release, “Memorandum for the Heads of Executive Departments and Agencies; Subject: Electronic Commerce,” The White House, July 1, 1997, http://www.fas.org/irp/offdocs/pdd-nec-ec.htm (accessed June 3, 2014).
 News release, “An Internet Search Engine Operator Is Responsible for the Processing that it Carries Out of Personal Data Which Appear on Web Pages Published by Third Parties,” Court of Justice of the European Union, May 13, 2014, http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-05/cp140070en.pdf (accessed June 3, 2014).
 Governmental Advisory Committee, “About the GAC,” https://gacweb.icann.org/display/gacweb/About+The+GAC (accessed June 4, 2014).
 Under ICANN bylaws, the GAC “may adopt its own charter and internal operating principles or procedures to guide its operations,” which currently recognize that the GAC is not a decision-making body, that its communications are advisory, and that advice should be provided only if consensus exists among GAC membership or as a “full range of views expressed by members.” See Governmental Advisory Committee, “GAC Operating Principles,” https://gacweb.icann.org/display/gacweb/GAC+Operating+Principles (accessed June 3, 2014).
 Governmental Advisory Committee, “GAC Operating Principles,” Principle 47.
 Dave Piscatello, “Thought Paper on Domain Seizures and Takedowns,” ICANN blog, March 8, 2012, http://blog.icann.org/2012/03/thought-paper-on-domain-seizures-and-takedowns/ (accessed June 3, 2014).
 Milton Mueller and Brenden Kuerbix, “Roadmap for Globalizing IANA: Four Principles and a Proposal for Reform,” Internet Governance Project, undated, http://www.internetgovernance.org/wordpress/wp-content/uploads/ICANNreformglobalizingIANAfinal.pdf (accessed June 4, 2014).
 This approach would mean that some governmental entities would have a supervisory role through their ownership of root servers. These entities include the U.S. Department of Defense, the National Aeronautics and Space Administration, and the University of Maryland. These entities would play a role only to the extent that they are users of the system, not as government regulators per se. As the Internet expands and the number of TLDs increases, the number of root server operators and registries will likely also increase, diluting the influence of individual representatives.
 The commitments generally require ICANN to (a) ensure that decisions made related to the global technical coordination of the DNS are made in the public interest and are accountable and transparent; (b) preserve the security, stability, and resilience of the DNS; (c) promote competition, consumer trust, and consumer choice in the DNS marketplace; and (d) facilitate international participation in DNS technical coordination. ICANN, “Affirmation of Commitments by the United States Department of Commerce and the Internet Corporation for Assigned Names and Numbers,” September 30, 2009, https://www.icann.org/resources/pages/affirmation-of-commitments-2009-09-30-en (accessed June 4, 2014).
 ICANN, “Bylaws for Internet Corporation for Assigned Names and Numbers,” as amended 7 February 2014, Article X, Section 3 (9) and Appendix A, Section 12, https://www.icann.org/resources/pages/bylaws-2012-02-25-en (accessed June 4, 2014).
 ICANN, “Bylaws for Internet Corporation for Assigned Names and Numbers,” Article XIII, Section 2.
 Specifically, eight of the 16 voting directors are selected by the Nominating Committee, two by the Address Supporting Organization, two by the Country-Code Names Supporting Organization, two by the Generic Names Supporting Organization, one by the At-Large Community. The President ex officio serves as the 16th voting member. In addition to a diversity of “skills, experience, and perspective,” the directors are also supposed to represent a diversity of geography and culture. As an example of cross-pollination, the nominating committee, which selects eight ICANN board members, has a chair and chair-elect, who are appointed by the ICANN board. Five voting members of the Nominating Committee are selected by the At-Large Advisory Committee, which also independently selects one director for the ICANN board. Seven voting delegates to the Nominating Committee are selected by the Generic Names Supporting Organization, which also independently selects two directors of the ICANN board. The Nominating Committee also has mandatory delegates selected by the Address Supporting Organization and the Country-Code Names Supporting Organization, which independently select directors for the ICANN board. The Internet Engineering Task Force, which interacts with some ICANN advisory committees, also selects one delegate. ICANN, “Bylaws for Internet Corporation for Assigned Names and Numbers,” Articles VI–XI, February 7, 2014, https://www.icann.org/resources/pages/bylaws-2012-02-25-en (accessed June 4, 2014).
 ICANN, “Adopted Fiscal Year 2004–2005 Budget,” October 6, 2004, http://www.icann.org/en/about/financials/budget-fy04-05-06oct04-en.htm (accessed June 3, 2014), and ICANN, “FY14 Budget Approval,” board meeting, August 22, 2013, http://www.icann.org/en/about/financials/adopted-opplan-budget-fy14-22aug13-en.pdf (accessed June 4, 2014).
 The ICDR provides international arbitration and dispute resolution services and has headquarters in Bahrain, Ireland, Mexico, Singapore, and the U.S. See International Arbitration, “International Centre for Dispute Resolution (ICDR) (AAA Arbitration),” http://www.internationalarbitrationlaw.com/arbitral-institutions/icdr/ (accessed June 3, 2014).
 For instance, among other exemptions, information provided to or by a government is off-limits if ICANN believes that there was an expectation of confidentiality or if it could harm relations with the government; internal documents, memoranda, or other communications from ICANN directors, staff, consultants, contractors, or others that “would or be likely to compromise the integrity of ICANN’s deliberative and decision-making process by inhibiting the candid exchange of ideas and communications” can be excluded; any draft “correspondence, reports, documents, agreements, contracts, emails, or any other forms of communication” are excluded; and any requests deemed by ICANN to be unreasonable, overly burdensome, unfeasible, or made by a person deemed “abusive or vexatious” or considered to be made with that intent can be denied.
 The recommendations in this Backgrounder are broadly consistent with the principles that underlie a recent report by the Panel on Global Internet Cooperation and Governance Mechanisms, “Towards a Collaborative, Decentralized Internet Governance Ecosystem,” May 2014, http://internetgovernancepanel.org/panel-report (accessed June 4, 2014). That panel, consisting of international luminaries from across the globe, has recommended a broad transition to forms of distributed Internet governance for all issues relating to the domain, not just the IANA function. Where the recommendations differ, principally, is in a view that some permanent structures are operationally necessary for real-world implementation of broadly decentralized governance. While a wholly decentralized system might be theoretically preferable, some form of structure is a practical necessity. See Paul Rosenzweig, “Governing a Distributed Network: Common Goods and Emergence,” The Hague Institute for Global Justice Working Paper, April 27, 2014, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2429885 (accessed June 4, 2014).
 U.S. Department of Commerce, Award to Internet Corporation for Assigned Names and Numbers (ICANN), Contract No. SA1301-12-CN-0035, Effective September 1, 2012, Section I.59, p. 58, http://www.ntia.doc.gov/files/ntia/publications/sf_26_pg_1-2-final_award_and_sacs.pdf (accessed June 3, 2014).