According to ICANN’s web site its next public meeting is the 50th in the series and it’s being held in my home town – London. A golden moment of sorts. This set me thinking about ICANN’s record in relation to issues affecting children’s and young people’s safe use of the internet. It is not impressive. That’s a great pity because there is much that could be done to make things better if ICANN was so minded.
xxx
Many children’s organizations supported the idea of establishing a xxx domain. It had the potential to help shield minors from age inappropriate pornographic content. For different reasons not everyone in the free speech community or in the porn business agreed. Nonetheless steady progress was made through the ICANN machinery. xxx was moving towards approval. Late in the day President George W Bush heard about it. The US government fired a shot across ICANN’s bows.
Then as now ICANN is meant to be an independent body but they ran scared. There followed roughly seven years of consultation, arbitration, litigation and all manner of exceptionally detailed investigation but in the end, in March 2011, the red light got the green light. The key point to grasp here, however, is that substantial commercial and political interests had become engaged. They captured ICANN’s attention big time.
child oriented domains
The contrast between the story of xxx and what happened with a new raft of child oriented domains could not be sharper.
In 2011 ICANN announced a process to expand the number of generic Top Level Domains (gTLDs). This is now drawing to a close. A great many gTLDs appear to have been approved and others are still wending their way through.
At the commencement ICANN issued general guidelines to all potential applicants informing them of the conditions they would need to fulfill to become a Registry for one of the new domains. ICANN’s starting point was that, fundamentally, all entities applying to become a Registry would have to meet the same criteria.
Major players zeroed in. Lawyers, lobbyists and governments got involved. Bankers and pharmacists, for example, became concerned about who might be given the right to sell domain names ending in .bank or .pharmacy and on what terms. Without strict controls and strong vetting they worried all kinds of cowboys might end up with a .bank or .pharmacy web site and hold themselves out as being legitimate banks or pharmacies, perhaps with disastrous consequences for millions of people and for legitimate enterprises.
Complex, protracted negotiations took place. At least in respect of .bank and .pharmacy a good outcome was finally achieved.
What happened with the child oriented proposals e.g. .kids, .games, .toys, .juegos, and others of similar stripe? Not a lot. ICANN ignored every communication sent to them by at least one major children’s organization which is full of people with a great deal of expert knowledge in this area. Informal conversations took place with a friendly ICANN insider but that was all. It quickly became clear the procedures had already gone way too far. Even ICANN’s Government Advisory Committee made some sympatico observations but these seemed to gain no traction or the comments on children were simply lost in a welter of wider and (for them) bigger issues they had raised.
Maybe if some of the children’s organizations had had the time and resources to track ICANN’s Byzantine ways they could have intervened in a timely manner, or if they’d had buckets full of cash they might have hired lawyers and lobbyists to go in to bat on their behalf. Things may have turned out differently. But they didn’t. ICANN itself obviously never thought children’s interests were important enough for them, prompted or unprompted, to act to ensure that the right issues were properly considered. No doubt negligence lawyers will be making careful notes should there ever be a case arising from this lack of appropriate oversight.
Thus, for example, while ICANN made general stipulations about not allowing people with criminal convictions to be involved in owning a Registry it gave no indication as to how it intends to ensure this rule is honoured either in relation to the Registry itself or any entities which might subsequently buy and use a domain issued under its auspices.
Could a convicted paedophile end up owning a domain name that directly appealed to children? What about the employees of companies running one of the new child focused domains? Will there be any rules or stipulations about levels of security, supervision or training? In every other area of activity connected with children such provisions are commonplace but ICANN showed no awareness of this dimension and, much worse, no inclination to find out.
Web addresses as illegal advertisements
Some time back in the UK an authoritative legal opinion was obtained by the IWF which made clear that a web site name is, among other things, an advertisement.
At different times it had been suggested to ICANN that they should adopt a policy which, through their contracts with Registries, would prohibit all Registrars from allowing anyone to create a domain name which appeared to advertise, promote or facilitate the distribution of child abuse images. These entreaties were ignored. One ICANN main Board member was adamant such matters could not be made the subject of an ICANN policy because that would involve ICANN in matters of content and content was none of its business.
This argument is baloney. Content is what you find on web sites. Domain names are, as commonsense dictates and the UK lawyer suggests, advertisements for or pointers to that content. Moreover, even if you reject that distinction, since 1999 ICANN has had a disputes resolution procedure to determine apparent conflicts between trademarks and domain names. Clause 3 (b) (ix) (3) asks the complainant to say why the domain name(s) should be considered as having been registered and being used in bad faith. How can anyone make a judgement about bad faith without looking at more than the words themselves? Context is everything and you cannot take a view of that without also having regard to the content itself.
If someone creates a web site called http://www.wildbananas.com then fills it with child abuse images there is probably little or nothing ICANN, any Registry or Registrar could have done to anticipate such an eventuality. They are entirely free of blame.
But if an entity is permitted to register and maintain a domain name which makes it plain one is likely to find child abuse images at the site then all three links in the chain are culpable. It is not good enough to say that the domain would eventually be deleted when law enforcement or someone else reports it. That might take years or never happen. The system is at fault for allowing it in the first place.
There is no jurisdiction anywhere in the world where it is legal to advertise the availability of child abuse images. ICANN can and should therefore create a mandatory policy for the whole of the internet banning any domain names which on the face of the record appear to advertise or promote child abuse images, and they should make sure it is enforced. Will it be easy? No. But that is not a reason for refusing to make the effort. The .uk Registry (Nominet) operates such a regime and jackboots are not marching down British streets.
Incidentally, the same principle could be applied to other types of sites that are openly promoting other types of illegal behaviour e.g. in relation to copyright theft and drugs. It is difficult to say what sort of impact such a policy would have but symbolically it would be extremely important: ICANN would be saying it was not prepared to stand idly by and let the domain name system be abused by criminals. Speaking of which…..
The never ending saga of WHOIS
From the beginning the WHOIS directory was intended to be a publicly available virtual document which contained accurate information about who owned which domain names and how to contact them.
As recently as 2009, in the important-sounding Affirmation of Commitments, ICANN solemnly undertook to turn WHOIS into the thing it had always been meant to be.
Along with the FBI and the UK’s Serious and Organized Crime Agency in 2010 I appeared before ICANN’s Government Advisory Committee to plead for urgent action on WHOIS. The inaccuracies and failure to undertake any systematic checking of domain name owners’ credentials was giving a variety of criminals – including those who distribute child abuse images, copyright thieves, drug runners and others – a great helping hand.
However, an ICANN official later revealed that if the promise about WHOIS had not been written into the Affirmation paper the US Government would never have agreed to sign off on it. So much for solemnity. ICANN never intended to keep its word and now they are delaying action for as long as they can.
Today when you ask anyone involved in ICANN what is happening on WHOIS you are told we all need to rethink the modern relevance of WHOIS. A convenient rationalization. Meanwhile dodgy characters register crooked domains because they know in many areas no one will bother to determine their real world identity or whereabouts.
Once again it should be noted that .uk does not do things this way but for such an approach to be taken up globally ICANN has to want it to happen. Obviously it doesn’t. And it’s not too hard to work out why. The fear is the extra bureaucracy and cost of having robust identity verification in place would lead to a reduction in registrations or renewals or to an erosion of profit margins, probably both, for ICANN’s paymasters.
Follow the money
Despite all its breezy rhetoric about being a multistakeholder environment the fact is that, at least until recently, almost all of ICANN’s cash came from two sources: the Registrars and the Registries. The decision to create new gTLDs also helped boost their coffers to a substantial degree. They received 1,920 applications, each of which cost US$185,000, just to submit. That’s over US$350,000,000. Not bad work if you can get it.
Of course ICANN plays an essential role in maintaining the domain name system and the internet’s technical infrastructure but nothing that will materially affect the revenues of its major sources of finance happens, either at all or at any rate quickly. Multistakeholderism plays straight into that space by slowing everything down.
It’s quite likely ICANN will get away with the present arrangements for some time because the politics of unpicking them or finding an alternative are too fraught with difficulty. But I wouldn’t say it is guaranteed to last forever. Hubris will have its way.
The challenges of multistakeholderism
There is no doubt there are many selfless, dedicated people who, often on a volunteer basis, devote a great deal of time and energy to ICANN because they broadly adhere to and support the liberating idea that the internet embodies.
However, as a close observer of ICANN described it
Most of the ICANN processes are so complex and arcane that only the purebloods, supernerds and those involved in making money out of them are capable or motivated to keep up to speed
On closer inspection even many of those people involved in ICANN who seem to be volunteers – pitching in for the reason given earlier – when you look more closely you find they are either directly or indirectly in the internet business. For that reason, it must be questionable whether or to what extent the ICANN community is truly representative of any sort of broader public interest.
A UK-based company – InterConnect Communications – looked at this issue, reporting in late 2013. In a uniquely ICANN-esque way, which in part explains a deeper problem, the less than riveting title of the report was
ATRT2 GNSO PDP Evaluation Study
That has to win a prize of some sort. It described its purpose in the following way
This document is an attempt to assist ICANN’s Accountability and Transparency Review Team 2 (ATRT2) in its assessment of the Generic Names Supporting Organization (GNSO) Policy Development Process (PDP). ATRT2 was convened, in part, to review the GNSO PDP with a view toward identifying its strengths and weaknesses, differences between defined process and actual practice, and the extent to which it incorporates the views, advice and needs of all stakeholders, both those active in ICANN and those not typically present for ICANN deliberations.
Here is one of their key findings, to be found on page 51
In the last five years:
- The vast majority of people who participate in (policy development) Working Groups participate only once.
- A small number of participants who have economic and other support for their ongoing engagement have dominated (policy development) Working Group attendance records.
This has a set of clear implications for policy development. Having such a small pool of regular participants poses accountability, credibility, and resource risks for the policy development process. At the same time, that small pool of regular participants are carrying the load of the PDPs. Of particular concern is the fact that there is a very small pool of potential participants who have the experience to lead, moderate and bring to completion the difficult work of guiding participants and policy through the (policy development process)
If only a way could be found to bring genuine civil society organizations more into the ICANN processes and similar internet governance entities, but it would have to be meaningful not tokenistic. And if this cannot be done maybe we should rethink the whole model or at the very least call it something else.
Remote participation is not a serious way to engage in any sort of complex discussions on a sustainable basis, particularly in multilingual environments. So, first off, at present to be a real part of the ICANN world you need be able to jump on aeroplanes, fly to exotic locations and stay for several days. Flights and hotels cost money, often a lot of money. You also need time to read the tons of emails and the threads that whizz about. The whole business can rapidly become all-consuming and if it doesn’t the risk is you will serve an ornamental rather than an instrumental purpose because you will be completely surrounded by people whose livelihoods depend on them keeping on top of everything and knowing everybody.
Looked at from the outside it seems pretty much that many of the processes of internet governance have become a justification for their own continuation. As we have seen, the people involved speak their own language largely to themselves. Multistakeholderism as an idea is therefore becoming discredited because it turns out it is anything but. And, to make the point one last time, everything moves at a snail’s pace or not at all which suits many interests down to the ground. Meanwhile, in a parallel universe sometimes known as the real world, companies in Silicon Valley, Seattle and elsewhere, governments and their security services around the world get on with doing their thing, creating, managing and snooping on the internet as it is actually experienced by end users.
The Guardian and Edwards Snowden had more impact on internet governance debates than any number of regional, national or global convocations of the already converted.
Desiderata 