A Disgraceful Dereliction of Duty

Posted on February 12, 2017 by John Carr

ICANN is the global ruling body for the worldwide web. It is an independent organization but every government in the world, including the UK’s, can influence its decisions through something called the Government Advisory Committee (GAC). The Brits have been particularly active on the GAC yet when it came to sticking up for children’s rights and children’s  interests, in a particularly important instance we had almost zero impact.  ICANN went ahead regardless. Maybe it’s time to review the level and nature of our engagement with ICANN. Sad to report the Economist Intelligence Unit (EIU) appears to have been a willing accomplice in ICANN’s disgraceful dereliction of duty in the case stated. How? Why?  Read on.

The Domain Name System

One of the things ICANN does is decide on domain names. A domain is signified by the letters immediately to the right of the dot as in “.com.” Ultimately ICANN makes the bulk of its money through the sale of new web addresses to us, the public, businesses and so on. In the jargon, we are known as “Registrants” and ICANN has an obvious interest in there being more of them.

Every domain has a “Registry”. For .uk, for example, it is Nominet. In the case of country level codes (.uk is again an example) in effect national governments decide who is going to be the Registry. For all the others – the vast majority – ICANN makes the decision, often following a competitive process that ends in an auction. One domain sold for a reported US$ 90 million and there are rumours of even larger sums in the offing. Owning a Registry can be extremely lucrative.

The law of contract rules

An entity becomes a Registry for a particular domain when it is awarded a contract to operate it by ICANN. Typically, once awarded a contract to be a Registry the Registry will then enter into agreements with potentially thousands of businesses known as Registrars who do the actual selling to Registrants.

ICANN requires the Registry to pass on certain terms to Registrars who must also pass them on to the Registrants.  The initial high-level contract between ICANN and the Registry is, therefore, crucial.  Inter alia, it sets out minimum standards for how the domain should be run. ICANN enforces its rules vis a vis the Registries and the Registries enforce theirs vis-a-vis Registrars and Registrants as appropriate. Simple law of contract.

Explosive growth in domains

Historically there were only a handful of domains e.g. .com, .net and .org but back in 2012 ICANN decided to promote a major expansion. One of the new ones it gave the green light to was “. kids”. Are alarm bells ringing in your head? Wouldn’t that be a domain that would be likely to lead to the creation of websites and services which, in turn, are probably going to have a specific appeal to or orientation towards, er, children?

No concessions to children

Clearly there is no issue of principle in relation to creating a domain for children. But perhaps, like me, you might have expected ICANN to insist that certain additional safeguards or requirements were built into the contract with whoever won the competition to become the .kids Registry? You’d be wrong.

No modifications or adjustments of any kind were made on the application form or in the associated processes to recognise or accommodate the fact that here we were pretty much exclusively discussing children. Applicants for .kids were required to submit the same information as applicants for .bank, .insurance, .pharmacy, .Wales and the rest. This is where the trouble began although that isn’t the whole story. Not by a long chalk. But first a short diversion to the immediate trigger for this blog.

A muck-up in Moscow

Who the Registry should be for .kids in the English language has still not been decided but I recently discovered that ICANN had awarded the contract to be the equivalent of .kids in Cyrillic script. It went to a Russian organization.  Phonetically the Russian .kids is called “. deeatey” (that being an approximation of how you pronounce the Russian word for “kids”).

I contacted the Russian Registry. I reproduce below the full script of the relevant part of an email exchange I had with them.

Do you make any stipulations about who may buy a .kids domain name e.g. nobody with criminal convictions, or convictions for child sex offences? And if you do, do you carry out any checks to make sure the people meet those criteria?

No.

Do you make any stipulations about who may work for a business  or organization operating a .kids domain name e.g. nobody with criminal convictions, or convictions for child sex offences? And if you do, do you carry out any checks to make sure the people meet those criteria?

No

The Economist Intelligence Unit blunders in

I haven’t been able to determine when, exactly, the Russian  .kids contract was awarded. The timing could be important. Enter the EIU.

How does the EIU get mixed up in this? In relation to .kids in the English language, there were three bidders to become the Registry: Amazon, Google and a children’s charitable organization in Hong Kong. Under ICANN’s complicated rules the charity’s application was separately assessed. Rather than ICANN doing the assessment itself, it paid the EIU to look at the papers.  Now I have been in the online child protection, child rights, child welfare space for quite a while and I have never heard the EIU mentioned in that context. Not for anything. Not once.

I asked the EIU if they had anyone on their staff with any expertise in children and the online world. They refused to answer on the grounds of client confidentiality. I’m guessing that’s a “no” because if they did have access to such a resource they would simply have said “yes” or something approximating to “yes” or they could have left some doubt as to whether or not the answer might be “yes”. Alas that was not the case despite the fact that, elsewhere, ICANN insists all processes should be “transparent”. Perhaps that should be corrected to say “transparent except where the transparency might cause embarrassment.”

Now, of course, it is true that the Russian Registry could have chosen to set its own detailed standards in relation to the matters I raised but they didn’t, whereas if ICANN had insisted they would have had no choice. If the EIU had seen the papers relating to .kids in English and had any knowledge or background in child protection it would have spotted this lacuna and drawn it to the attention of ICANN – whether it was asked to do so or not.

Thus if the EIU submitted its report to ICANN before ICANN awarded the Russian contract then the EIU must bear some of the responsibility for the Muscovite muck-up.

Horses for courses

ICANN should never have asked the EIU to look at anything to do with children and the online space and the EIU should never have agreed so to do because it is outwith their realm of expertise. Come to think of it does ICANN have any in house knowledge of online child protection and child welfare matters or ready access to such knowledge? Is that the root of the problem? If they know nothing about a subject how can they give a contract to someone else in such a way as to ensure they at least get it right on their behalf? Moreover, to go back to the matter of transparency, why is everyone reluctant to come clean about who did what for whom and when?

I have spoken to Google and Amazon. One or other is likely to be awarded the contract eventually, and, of course, they are seized of the importance of these issues and their responsibilities should they be the eventual winner. They will do the right thing. But that’s not really the point.

ICANN messed up elsewhere

In the same round in which .kids was created other groups objected to the way in which the application process did not meet the specific needs of their sector or situation. The banks, insurance companies and pharmaceuticals people spent millions of pounds and thousands of hours negotiating, lobbying and litigating to get Registry agreements that were fit for purpose. Children’s organizations do not have the money to enable them to do that. Look what happened. Children were marginalized and overlooked yet again, and perhaps put in danger as a result.

If governments cannot protect children who can they protect?

Which brings us back to the role of governments. If they cannot be effective interlocutors on behalf of children where does that leave us, and them?

Most galling of all is ICANN’s and the EIU’s arrogance in refusing to engage. They were both at fault and should feel ashamed of themselves. They had a duty of care to children and they failed to discharge it.

Footnote: there are plenty of web addresses that also pitch directly to children but do not end in .kids (in any language). Maybe logically the arguments I have set out here should apply equally to them? I have no problem with that but my rather obvious point is in this instance ICANN itself is proposing to intervene directly by promoting the creation of a wholly new space which is almost entirely about children.

 

 

 

 

 

About John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International and is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John is now or has formerly been an Adviser to the Council of Europe, the UN (ITU), the EU and UNICEF. John has advised many of the world's largest technology companies on online child safety. John's skill as a writer has also been widely recognised. http://johncarrcv.blogspot.com
This entry was posted in Default settings, E-commerce, ICANN, Internet governance, Regulation, Self-regulation. Bookmark the permalink.