ICANN can't hand over Iran's internet, bomb victims told
Why? Because nobody owns it
It's not possible to hand over Iran's internet because it doesn't own it, a Washington DC court has been told in a mind-boggling submission to terrorism victims.
Lawyers for nine US citizens injured in an Iran-financed bombing in Jerusalem back in 1997 have turned to the internet in an effort to recoup millions of dollars awarded to them against the government of Iran more than a decade ago.
Having tried and failed to seize US bank accounts, as well as valuable sculptures held at Harvard and Chicago universities, the well-funded case of Jenny Rubin et al (as well as a number of similar cases) has turned its eyes to the domain name system.
And it wants internet overseer ICANN to hand over control of Iran's entire dot-ir internet space as part payment.
Last month, the DC District Court subpoenaed ICANN to provide information about the country code top-level domain (ccTLD) and it put forward a "writ of attachment" that would connect the country's internet namespace to several outstanding US court cases that have found the Iranian government guilty of funding terrorism and so liable for hundreds of millions of dollars in damages.
Unsurprisingly, ICANN - a US corporation based in California - is resisting the request, not least because it would throw the entire global internet into disarray.
But the main legal reason it gives for why it cannot hand over dot-ir is perplexing: because Iran's internet namespace doesn't exist as property and no one owns it – not even Iran.
Following a long tradition of seeking to avoid liability by arguing that the internet is so amorphous that no one can put claim to it, ICANN argues that "a ccTLD cannot be physically held… and holds no intrinsic value" and so it is not property.
Plus, even if Iran's internet space was taken to be property, it is "not owned by the defendants – any more than a city or neighborhood 'owns' their zip code."
That argument is unlikely to make the Iranian government very happy - or the 530,000 people that have domain names ending in ".ir".
Ironically, in seeking to prevent Iran's internet from being handed over in a US court battle, ICANN is feeding the very fears that nations have over how the internet is currently governed: that it is all somehow on loan from the United States government.
Only the United States can transfer Iran's namespa... what?
Even more worryingly for nation states, ICANN argues that it cannot transfer over Iran's namespace… because only the US government has the authority to do so.
ICANN carries out a contract (the Internet Assigned Numbers Authority contract) awarded to it by the US government, but the US government has final say on changes. Adding to the confusion, that situation may soon change - possibly in the litigants' favour.
Earlier this year, the Department of Commerce asked ICANN to figure out how the authority to make changes to the top level of the internet could be given to someone else. ICANN is expected to decide that, um, it should be given that right and be granted the very authority that it currently claims prevents it from handing over Iran's internet.
As for the property argument put forward by ICANN - it has some significant problems. Similar notions were put forward (and won) by the owner of the dot-com top-level domain back in the late '90s - some of which ICANN quotes as legal defence. But that case law was blown apart following an epic fight between two would-be owners over Sex.com, where it was decided that domain names do in fact represent intangible property (by saying it is subject to state property law).
Similar claims to those put forward by ICANN in its filing this week were once roundly dismissed in the Sex.com case. That the domain name system relies on electronic records rather than physical ones, for example, was decided to be "immaterial" back in the 2004 Sex.com case.
Another argument put forward by ICANN for why it can't hand over Iran's dot-ir top-level domain – because it is not physically located in the United States – is also uncertain.
There are 13 root server operators on the internet, 10 of which are subject to US law. ICANN runs one of them. The root servers act as the top level of the internet, specifically identifying where country code top-level domains can be located online.
That this information is stored in several places rather than just one was dismissed in the Sex.com case, with the judgment noting that that "a share of stock, for example, may be evidenced by more than one document". So the ability to change where dot-ir is located online at all is likely to make it subject to US law.
Sign here - and pay up!
Next up, ICANN claims that because neither the government of Iran of the manager of the top-level domain has paid it any money that it does not have a contract with them. That argument is supported by the Sex.com decision. However, ICANN undermines the claims through its own behaviour. In the past, ICANN actively pressured ccTLD managers to sign contracts and to date it continues to ask for payments from them.
ICANN has some contracts with some ccTLD managers, and draws up the contracts for all the other internet registries. It takes regular fees for the work it does. And, while arguing that there is no intrinsic value in a top-level domain, it is currently auctioning off new internet namespaces with no current registrations to the highest bidder and for millions of dollars.
That leaves two legal arguments for why Iran's internet can't be handed over to the bomb victims.
One is that the court lacks jurisdiction in the case. The second is that by redelegating the ccTLD, any value in it would be lost.
The jurisdiction argument boils down to the fact that ICANN "is aware of no evidence" that the dot-ir registry is “used for a commercial activity in the United States" - something that would appear easy to prove thanks to the large Iranian population in the United States, the hundreds of thousands of dot-ir domain names, and the global nature of the internet.
The final argument is perhaps the most realistic. It notes that ICANN does not have the list of all dot-ir domains: it is only able to point to where they can be found.
As such, if it handed over control of dot-ir, unless the current operator in Iran agreed to work with the "new owners", the entire namespace would effectively disappear. In other words, the bulk of the "value" of the assets would immediately vanish as soon as they were handed over. The court could, of course, argue that this is not its concern.
Of course there is next to no chance that Iran's dot-ir namespace will actually be handed over in a civil case, in large part because the US government would never allow it.
When the same case's attorneys tried to seize artefacts held by US museums and universities, it ultimately became an abstract legal question that the US Supreme Court asked the Solicitor General to file an opinion on. The plaintiffs walked away empty handed.
With the entire world's gaze on the US government if the case did ultimately did get to the Supreme Court, it would never allow confidence in the global internet to be undermined by an asset grab. And that is irrespective of whether the technicians that keep the internet functioning would even accept the decision and make the necessary changes or do what the internet is so good at and simply route around the problem.
What the case does highlight, however, is that heated discussions over internet governance – particularly why the United States government and companies operating under US law have so much control over it – exist for good reason.
ICANN may find that its own court filing ultimately ruins its clear desire to take control of the internet's root zone file.
Sponsored: Becoming a Pragmatic Security Leader