ICANN chairman loses mind over his domain-name privacy shakeup
Outburst on conference call reflects efforts to control critical issue
The chairman of ICANN has been recorded ranting about domain-name privacy: the DNS overlord wants owners of "commercial" websites to reveal their personal details in the WHOIS database.
Steve Crocker appeared on a webinar last week with a working group looking at how to improve ICANN's accountability before it is handed control of the critical IANA contract – a contract that grants it full control of the world's DNS and IP address allocation. He asked to be given the microphone.
Crocker then proceeded to tell the group it was an "extreme mistake" to continue obeying a particular part of an agreement that ICANN has with the US government over how ICANN handles the WHOIS system – the database of contact information of domain-name owners.
When one of the group's leaders then explained what the group had decided to do in response to his previous demands to strike the agreement's wording, Crocker exploded: "That is completely unacceptable ... I understand you didn't really want to think hard about it but this is a destructive and inappropriate thing to do."
The outburst caused silence and then a "wow!" from one of the working group's members.
What's this about?
WHOIS is the name for the service ICANN oversees in which domain-name owners register their name, address, telephone number, and email publicly. The records are published online unless they pay a third party to provide their details instead, thus shielding their contact details from the public eye.
Last month, ICANN came under fire over plans to prevent any owner of a "commercial" website from using one of the so-called proxy services, effectively forcing them to publish their personal contact details online.
Under the agreement it has with the US government, ICANN is obliged to run an independent review into WHOIS every three years. The review team can make recommendations, and the ICANN board is expected to carry them out or explain why it doesn't agree with them.
The last review was carried out in 2012 and was damning in its conclusions and recommendations. It found that ICANN's compliance staff were under-resourced and unable to do their jobs effectively; that the organization was not accountable and there was very little transparency over its actions or budget; that the data that ICANN did have was very inaccurate and needed significant improvement; that there was no policy framework around privacy and proxy services; and that ICANN was lagging behind its own processes for creating new domain names in languages other than English by failing to have a standard way to register domains in other languages.
The review team's chairwoman Emily Taylor noted in a blog post that the team had met deliberate obstruction from ICANN's staff. She wrote: "We found it surprisingly difficult to get basic information from ICANN about its compliance function. Things like the number of staff and budget versus actual spend on compliance activities were shrouded in mystery.
"We were given conflicting information... It was also very difficult to tell what the compliance team had achieved. It was strange that an independent report which made damning findings about the poor level of data accuracy in Whois records was left to languish for years, and that the head of compliance seemed unaware of its existence."
In response, the ICANN board – led by chairman Crocker – appeared to do all it could to ignore the report, or find some way to disregard it. It put the document out to no less than three public comment periods where most reviews receive just one.
As Taylor later noted: "The board's response was both slow and unusually muted. It was as if the board were looking for a different answer."
The WHOIS review team published its final draft in December 2011 and its final report in May 2012. Four months later, the ICANN board used a response to the third comment period from its Security and Stability Advisory Committee (SSAC) to effectively throw the entire report out the window.
The SSAC – of which Crocker had been the chairman since its inception in 2002 through to 2010 – proposed a complete reevaluation of the WHOIS. The board seized on this paper and announced a new "expert group" that would do just that. The move was described by one commentator as "suspiciously like a pretext for further unwarranted, inordinate delay."
Sponsored: Becoming a Pragmatic Security Leader