Now it seems to be a much more amorphous kind of system - how do you think that has impacted the "accountability" of ICANN? ICANN has argued strenuously that the internet root should not be split. If you had your way - and I know you've spoken in front of Congress about this - what kind of organization, if any, would manage the backbone of the internet?
It really is still a very closed organization. Even from day one it has had a circled-wagon mentality of "us versus them". The stage was set during one of its early meetings in which one of the board members pretty much said that in order for them to be public they had to be private. 1984 Newspeak is alive in ICANN.
The so-called "reforms" that ICANN adopted, which included erasure of the seats of elected board members, were designed to buttress ICANN's non-accountability rather than enhance it. What I find very bothersome is the common belief that somehow ICANN is important to the internet. It is not. Imagine if ICANN were to vanish in a poof of money-colored smoke. There would be a great deal of wailing and gnashing of teeth on the part of ICANN's beneficiaries, the trademark aggregation (as opposed to the trademark creation) industry and the incumbent DNS registries (mainly Verisign.) But apart from that, the internet would keep on going like an Energizer bunny without missing a beat - packets would still flow, names would still resolve, IP addresses would still be allocated.
As for structure: The great architect Louis Sullivan said that "form follows function". But there are exceptions: ICANN, a design that is perhaps described as Rococo meets West Virginia trailer park. ICANN has never defined its jobs; and it has been run by people who want to build empires and overseen by a board that looks upon itself as an advisory congregation of worthies rather than as a plenary body with a duty to actively direct ICANN policy and actions. If we actually look at the jobs that need to be done we find that all but one of them are really simple, non-discretionary, clerical functions that could be contracted out to an accounting firm to be done.
The hard one is the recognition of country code TLDs - that amounts to the internet recognition of nations. ICANN has done a very poor job of doing this, in one case accepting an assertion of country code legitimacy based on a unauthenticated handwritten note on an otherwise blank sheet of paper. It seemed to me that ICANN's staff was using ccTLD matters largely as an excuse to travel, and oh, did they ever travel. One staffer made several round-the-world trips in one year, on ICANN's dime. Allocation of TLDs can be a clerical task: Just require applicants to promise to abide by broadly accepted and used written internet technical standards. After that the problem is simply to regulate the rate at which applications are fulfilled. For that I and others have proposed that there be auctions for most slots and a lotter for some. The lottery would be there to give at least some small chance that those without huge funds could obtain a TLD. It's an imperfect system, but it's a whole lot better than the subjective beauty contests ICANN uses now.
Karl, what do you think of the ICANN - Verisign contract, which essentially provides for default renewal of the .com contract with Verisign? Do you think ICANN could have resolved its litigation with Verisign in a more favorable fashion?
As for Verisign - wow, ICANN and NTIA have been like Santa Claus and the Easter Bunny to Verisign. It was utterly outrageous how ICANN let its outside attorney give all of those gifts to Verisign in at least three distinct contracts. As I said on the phone, Verisign's negotiating team is so good at negotiating the pants off of ICANN and NTIA that we ought to send 'em to the Middle East to work out a peace settlement. It is amazing how ICANN and NTIA transformed Verisign's job to maintain .com, .net, and .org into permanent ownership. It's as if the US National Park service were to give the entire Grand Canyon to the company that was hired to run the hotel.
Privacy is a controversial issue for the intellectual property lobby. What's your feeling about the current Whois debate?
It is outrageous that the users of the internet are being required to give up their privacy because a few trademark owners are too cheap to use the legal system. And those "law enforcement" folks at the FTC and elsewhere are trying to do an end-run around the 4th amendment by getting ICANN to violate people's privacy rather than them doing their jobs and getting a subpoena.
Indeed "whois" is Megan's Law in reverse. Unlike Megan's law that publishes information about predators to the potential victims, the whois publishes the potential victims to the predators. I have my own TLD, .ewe, that is a business that will never be because ICANN, as a combination in restraint of trade, won't let me into the only viable marketplace to try my idea and risk my money. (See "The .ewe Business Model - or - It's Just .Ewe and Me, .Kid(s)" here.
In .ewe I would use public key based certificates to represent domain name ownership. Because those could be traded without my knowledge there is no way that .ewe could present a Whois. Folks who want to complain about a web provider or spammer ought to use the IP address information, not the DNS whois. The IP information is far more likely to be accurate and lead to a real person who can lay hands on the accused computer.
Security was a big issue at the Lisbon meeting. Do you think DNSSEC will provide adequate security? What do you think of the allegations that DHS [the Department of Homeland Security] wants the master keys? Would that really give them more control or information than they currently have? Doesn't the DoC [U.S. Department of Commerce] already audit the root zone?
DNSSEC - I don't know enough about all the details. I am concerned that if a large signed zone (such as a signed version of .com) has to be reloaded that it could take an excessively long time. As for "master keys". I can't really imagine other countries standing idle and accepting that. But given that those other countries have not yet objected to the fact that several of the DNS root servers are operated by the US military, a group whose obligation to protect the US supersedes that of protecting the internet (it would not surprise me if I were to hear that those military-operated root servers were being data mined with the data stream being piped into an intelligence agency. This is pure speculation, I have no information either way).
As to your question about the role of the DoC over the root zone - Yes, NTIA [National Telecommunications and Information Administration] really makes the choices, ICANN is merely a hired contractor that gives advice to NTIA. If .xxx were to be put into the root zone, it would be NTIA that would be the source of the order to do so (Verisign, as another NTIA contractor, actually has its fingers on the keyboard where the data is actually entered). NTIA can supersede ICANN, and indeed in the case of .us, it has done so.
Seems like the technical term for ICANN is "bag on the side".
So when will the current DNS system get some competition? After all, we are not talking "Internet" (basically a set of inter-carrier contracts) just "Domain Name Resolution" and, well, that's a task that's really not rocket science anymore.
Re: DHS wanting DNSSEC keys
My comment was not only based on this article, but also on earlier articles like these:
"The US Department of Homeland Security is pushing to get hold of the master keys for a proposed revision of the internet's domain name system."
It's just to inform readers about what exactly happened during this meeting, and that Heise.de jumped to conclusions about DHS wanting the keys.
You're right that we can't predict the future, but without mentioning it, you will see this false statement keep reappearing.
ICANN is a false authority con
You know the con, a guy with a clipboard and a fluorescent jacket, pretends to be a parking valet and steals your car while pretending to park it. The clipboard and jacket fool you into thinking he is the authority for that car park.
ICANN walk and talk the part, they have the parties and international jet set meetings. But what do they do? They defer all technical aspects to Verisign and all management choices to the US government. .xxx died the day Bush expressed reservations about it.
This is just not necessary. The top level domains don't change often, (once every 5, 10, 20 years?) the root server for each of those TLDs is well known and defined and the top level root simply isn't needed.
Any number of countries can meet to discuss what TLDs they want, there's no reason to hand that authority, let alone $2million in fees to ICANN.