Original URL: https://www.theregister.co.uk/2007/04/24/icann_auerbach_interview_lisbon/

ICANN is the USSR of the internet - Karl Auerbach speaks out

Rococo meets West Virginia trailer park

By Burke Hansen

Posted in Policy, 24th April 2007 00:38 GMT

Interview Karl Auerbach, the last publicly elected board member at ICANN, has been involved with internet development almost since the inception of the internet itself, and served as North America's direct representative on ICANN's Board of Directors.

Always the iconoclast on the ICANN Board of Directors - and with the Lisbon meeting now squarely in the rear view mirror - we thought Auerbach would have some interesting things to say about recent developments at the controversial group that runs the internet we all know and love.

Could you tell us a little bit about your personal history before ICANN - I've been informed you helped develop the SNMP protocol?

I didn't invent SNMP. That honor (assuming it is an honor) goes to folks like Marty Schofstal and others. I was actually a fan of one of the alternative proposals for network management, a thing called HEMS. I did start one of the early SNMP companies, Epilogue Technology. And my wife runs the oldest (and, of course the best) SNMP testing company, Interworking Labs, which is where I work these days. I'm not involved with SNMP but, instead, with other products and projects.

Perhaps my main point of view regarding what I want to do for the net is expressed in my presentation (PPT) "From Barnstorming to Boeing - Transforming the Internet Into a Lifeline Utility" (speakers notes here (PDF)). I've long been interested in making the net a solid utility, and I have a great deal of sympathy for the folks who have to go out and fix things at 3am. I'm very interested in building tools for those folks.

But you did spend quite a bit of time developing internet architecture at Cisco before joining the Board at ICANN?

Back in the mid 1990s I was at a startup company and was the principal architect of a product we called "IP/TV". It was high quality audio/video over the internet. The company, Precept Software, was acquired by Cisco. Thus, I became a Cisco person and ended up in the Advanced Internet Architectures group. I'm not really a big-company person and, as you will note from the "Barnstorming to Boeing" paper, I tend to think of the net as a large distributed system. The model of many, perhaps most, Cisco people at the time was that that net is a collection of independent boxes. It became frustrating.

So when and how long were you on the ICANN board? What do you think of the way that ICANN has changed structurally over the years- there used to be a direct elections for board members?

ICANN - well, I've been associated with ICANN since before there was an ICANN. I was one of the Boston Working Group that submitted an alternative to the Jones-Day plan that NTIA had been running with and ultimately adopted (our original proposals are still up here).

I was elected in 2000 by the voters of North America. Compared to a US presidential election it didn't have all that many voters (although I did win by a larger margin than did the person elected President that year). And it was an election that was open to all people in North America. ICANN erased the board seats of the elected directors which is why I'm not on the board today.

It is impossible to overrate the system that ICANN substituted in lieu of the elections we had in year 2000. The current system, the ALAC, is designed to insulate ICANN from internet users and the ALAC's closest historical analogue is the system of village soviets, regional soviets, and supreme soviet that formed the "democratic" structure of the now defunct Soviet Union.

It is amazing how much ICANN resembles the old USSR. ICANN is very much like central bureaucracy that is drawing up five year plans for the internet. And like the USSR that had a never ending problem with getting the right products to customers, ICANN has warped internet innovation in the domain name space with enough red tape to choke a Godzilla or two.

I came onto ICANN's board about an hour after the infamous TLD beauty contest of 2000. That was when ICANN put 40 out of 47 applicants on hold (while granting such wonderful things as .pro and .coop) for reasons such as that one director could not pronounce "aye aye aye" (odd that, considering he came from the US Navy - I guess that third "aye" was just one too many).

By the way, ICANN is still stringing those 40 applicants along in limbo - neither denied nor accepted - and has been keeping their $2,000,000 in application fees. That does not strike me as ethical. I ended up spending much of my time on the ICANN board in my own bubble - other board members simply would not listen to anything I proposed. And I did propose several things. For example, on my very first day I proposed a DNS early-warning system that would watch DNS for problems so that we could react quickly. Inexpensive, easy, useful. But ignored. And when I went to do my duty as a director by taking a look at ICANN's financial status and operations - a right that under California law is "absolute" - ICANN blocked me and I had to sue. The case file is up on EFF's website.

I won, of course. But it wasted much of my term. I really annoyed other directors by not walling myself off from internet users. For example, I publicly recorded my thoughts and reasons about my votes on matters that came before the board.

Now it seems to be a much more amorphous kind of system - how do you think that has impacted the "accountability" of ICANN? ICANN has argued strenuously that the internet root should not be split. If you had your way - and I know you've spoken in front of Congress about this - what kind of organization, if any, would manage the backbone of the internet?

It really is still a very closed organization. Even from day one it has had a circled-wagon mentality of "us versus them". The stage was set during one of its early meetings in which one of the board members pretty much said that in order for them to be public they had to be private. 1984 Newspeak is alive in ICANN.

The so-called "reforms" that ICANN adopted, which included erasure of the seats of elected board members, were designed to buttress ICANN's non-accountability rather than enhance it. What I find very bothersome is the common belief that somehow ICANN is important to the internet. It is not. Imagine if ICANN were to vanish in a poof of money-colored smoke. There would be a great deal of wailing and gnashing of teeth on the part of ICANN's beneficiaries, the trademark aggregation (as opposed to the trademark creation) industry and the incumbent DNS registries (mainly Verisign.) But apart from that, the internet would keep on going like an Energizer bunny without missing a beat - packets would still flow, names would still resolve, IP addresses would still be allocated.

As for structure: The great architect Louis Sullivan said that "form follows function". But there are exceptions: ICANN, a design that is perhaps described as Rococo meets West Virginia trailer park. ICANN has never defined its jobs; and it has been run by people who want to build empires and overseen by a board that looks upon itself as an advisory congregation of worthies rather than as a plenary body with a duty to actively direct ICANN policy and actions. If we actually look at the jobs that need to be done we find that all but one of them are really simple, non-discretionary, clerical functions that could be contracted out to an accounting firm to be done.

The hard one is the recognition of country code TLDs - that amounts to the internet recognition of nations. ICANN has done a very poor job of doing this, in one case accepting an assertion of country code legitimacy based on a unauthenticated handwritten note on an otherwise blank sheet of paper. It seemed to me that ICANN's staff was using ccTLD matters largely as an excuse to travel, and oh, did they ever travel. One staffer made several round-the-world trips in one year, on ICANN's dime. Allocation of TLDs can be a clerical task: Just require applicants to promise to abide by broadly accepted and used written internet technical standards. After that the problem is simply to regulate the rate at which applications are fulfilled. For that I and others have proposed that there be auctions for most slots and a lotter for some. The lottery would be there to give at least some small chance that those without huge funds could obtain a TLD. It's an imperfect system, but it's a whole lot better than the subjective beauty contests ICANN uses now.

Karl, what do you think of the ICANN - Verisign contract, which essentially provides for default renewal of the .com contract with Verisign? Do you think ICANN could have resolved its litigation with Verisign in a more favorable fashion?

As for Verisign - wow, ICANN and NTIA have been like Santa Claus and the Easter Bunny to Verisign. It was utterly outrageous how ICANN let its outside attorney give all of those gifts to Verisign in at least three distinct contracts. As I said on the phone, Verisign's negotiating team is so good at negotiating the pants off of ICANN and NTIA that we ought to send 'em to the Middle East to work out a peace settlement. It is amazing how ICANN and NTIA transformed Verisign's job to maintain .com, .net, and .org into permanent ownership. It's as if the US National Park service were to give the entire Grand Canyon to the company that was hired to run the hotel.

Privacy is a controversial issue for the intellectual property lobby. What's your feeling about the current Whois debate?

It is outrageous that the users of the internet are being required to give up their privacy because a few trademark owners are too cheap to use the legal system. And those "law enforcement" folks at the FTC and elsewhere are trying to do an end-run around the 4th amendment by getting ICANN to violate people's privacy rather than them doing their jobs and getting a subpoena.

Indeed "whois" is Megan's Law in reverse. Unlike Megan's law that publishes information about predators to the potential victims, the whois publishes the potential victims to the predators. I have my own TLD, .ewe, that is a business that will never be because ICANN, as a combination in restraint of trade, won't let me into the only viable marketplace to try my idea and risk my money. (See "The .ewe Business Model - or - It's Just .Ewe and Me, .Kid(s)" here.

In .ewe I would use public key based certificates to represent domain name ownership. Because those could be traded without my knowledge there is no way that .ewe could present a Whois. Folks who want to complain about a web provider or spammer ought to use the IP address information, not the DNS whois. The IP information is far more likely to be accurate and lead to a real person who can lay hands on the accused computer.

Security was a big issue at the Lisbon meeting. Do you think DNSSEC will provide adequate security? What do you think of the allegations that DHS [the Department of Homeland Security] wants the master keys? Would that really give them more control or information than they currently have? Doesn't the DoC [U.S. Department of Commerce] already audit the root zone?

DNSSEC - I don't know enough about all the details. I am concerned that if a large signed zone (such as a signed version of .com) has to be reloaded that it could take an excessively long time. As for "master keys". I can't really imagine other countries standing idle and accepting that. But given that those other countries have not yet objected to the fact that several of the DNS root servers are operated by the US military, a group whose obligation to protect the US supersedes that of protecting the internet (it would not surprise me if I were to hear that those military-operated root servers were being data mined with the data stream being piped into an intelligence agency. This is pure speculation, I have no information either way).

As to your question about the role of the DoC over the root zone - Yes, NTIA [National Telecommunications and Information Administration] really makes the choices, ICANN is merely a hired contractor that gives advice to NTIA. If .xxx were to be put into the root zone, it would be NTIA that would be the source of the order to do so (Verisign, as another NTIA contractor, actually has its fingers on the keyboard where the data is actually entered). NTIA can supersede ICANN, and indeed in the case of .us, it has done so.

I suspect it, too. Registerfly was a major topic of discussion there as well. What about Registerfly - have you followed the Registerfly mess at all? What kind of role does ICANN have to play in situations in which domain names are being lost through fraud or negligence, as in the Registerfly case?

I only saw the complaints and poked a few board members about Registerfly to elicit action. I think ICANN is doing the right thing here. However, it does raise the question why ICANN so steadfastly resists giving domain name registrants the right as third party beneficiaries to enforce the provisions of ICANN's Registrar and Registry contracts. ICANN has given (in an amicus brief) an excuse that says that things would be more consistent if ICANN were to enforce its contracts. But given that Registerfly indicates that ICANN does not enforce its contracts, it seems rational to give the power of enforcement to the people who ultimately get burned by ICANN's derelictions.

The recent price increases by Verisign have definitely raised some eyebrows. How much does domain registration and maintenance really cost a registry like Verisign?

Don't you think that ICANN should be asking that question before it gives Verisign [the right] to charge the internet community an extra $30,000,000 a year in domain name fees? By my estimates it costs Verisign about $0.03 per year to perform the registration of a domain name in .com, to perform the normal load of updates each year to that registration (i.e. changes in the NS records associated with the name), to maintain that name in the .com zone file, and to operate the .com name servers.

You might think that that is about $18m a year, but we ought to remember that Verisign is also operating .net using the same infrastructure and servers, so we need to add the revenues for .net to those received for .com. By way of confirmation, we have recently seen several other TLDs drop their prices down into the sub $0.25 per year range.

Moreover, Verisign has had 12 years of running .com. What this means is that Verisign is not facing a spike in high first-year costs but, rather, is running a mature stable operation. And we ought not to forget that Verisign has been able to do this in a period in which the costs for processors and communications has fallen to tiny fractions of what it was when the $6/year fee was first put into place. It is amazing that in the area of domain names, prices are rising while on every other part of the internet they are falling. It's pretty clear that ICANN and NTIA jump to the service of Verisign like a marionette jumps to the commands of its puppet master.

It's also pretty clear that ICANN has been derelict in its responsibilities; and that dereliction is costing the community of internet users roughly $380,000,000 every year, year-in, year-out. And that does not count the tax that ICANN imposes onto the internet community, a tax that cumulates to tens and tens of millions of dollars every year.

ICANN likes to say that it is not a governmental body. But with performance like ICANN's, and with its system of taxation, not to mention its closed doors and user-exclusionary processes, ICANN certainly looks and smells like a governmental body. Have you ever read book 1, chapter 10 of Dickens' Little Dorrit? It is a wonderful chapter, entitled "Containing the whole Science of Government". I find it to be an excellent description of the NTIA/ICANN system of oversight. (You can fetch the whole book here.)

One last one - where does ICANN go from here? There seems to be some discussion of ICANN becoming an "international" organization along the lines of the IOC?

It will go nowhere. ICANN is an arm of the US government in everything except an entry in the US Government Manual. And after watching the .xxx mess, it's pretty clear that neither the US Dept of Commerce nor the Dept of State will let ICANN be unsupervised. Moreover, the path to become such a body is a path that requires many years of doing good things very well. To usurp and paraphrase: I've seen the Red Cross, and ICANN is no Red Cross.

We can measure the effect of ICANN on the stable operation of the internet by conceiving what would happen were ICANN to vanish into a puff of money colored smoke. At first we would be deafened by the wailing of the trademark industry. But then we would notice that the net had not even stuttered; not one packet would fail to reach its intended destination and DNS registration and renewal would continue as if nothing had happened.

ICANN is almost irrelevant - except for the fact that it is collecting monopoly rents and controlling a marketplace for the massive benefit of the trademark and DNS registry industries and the mirror-image massive detriment of the community of internet users. Apart from the financial costs and the damage that ICANN is causing to internet innovation, the great potential damage that ICANN can cause is to be a model for future institutions of internet governance. ICANN is best conceived of as a sign that says "do not take this road". I have written quite a bit about how bodies of internet governance should be designed.

The primary design principle is to know what we want to be done. From that we can create an institution that has exactly the authority it needs in order to accomplish that job and no more. For many of the jobs that we need done on the internet, the jobs are mainly clerical and non-discretionary - they could be hired out to a consulting firm. There are only a very few jobs of internet governance that deal with discretionary choices over matters in dispute.

Some people think that new TLDs is one of those matters. But why should TLD choice be any more discretionary than the decision whether to approve the sale of a new line of automobile tires - if they pass the technical safety requirements and publish the necessary traction and longevity information, then they can be put up for sale. Otherwise they can't be sold.

Same for TLDs - if the applicant is willing to abide by broadly accepted and used written internet technical standards then the applicant ought to get the TLD, otherwise not. There is no need for massively expensive and massively subjective beauty contests.

ICANN is smothering the internet in a way not far different from the way that J D Rockefeller smothered the oil industry. Where is our Ida Tarbell? ®