Despite IANA storm, ICANN shows just why it shouldn't be allowed to take over internet's critical functions
Self-serving organization simply incapable of admitting fault
Internet overseer ICANN has responded to allegations of mismanagement, opaque decision-making, and an institutional lack of accountability by launching a review.
That review, however, will not touch on the most serious charges leveled at the organization, including the fact that its staff deliberately misled companies seeking approval for new internet extensions, and developed secret legal opinions in which ICANN's staff exempted themselves from the organization's bylaws on openness and transparency.
It will also fail to look into why the board's own governance committee (BGC) failed to investigate allegations against staff, or why the committee claimed – falsely – that it had in fact carried out such an investigation.
Instead, the sole subject to be researched is the "process by which ICANN staff interacted with the CPE provider" – the CPE provider being the company that ICANN hired to "independently" evaluate certain applications, but which a review found was in fact "under supervision" from ICANN staff.
Central to the review will likely be why and how ICANN's staff inserted text about "research" having been carried out by the independent evaluators in order to bolster a conclusion giving one applicant low marks, when in fact no such research had ever been carried out.
Although the review was decided at a special meeting of the board on September 17 – held in a luxury chateau in Belgium – the decision was only posted to the ICANN website three days later. No other details of the meeting have been released.
Although a governmental body would call for a special prosecutor and a corporation would be expected to hire an outside law firm to carry out a proper investigation, the ICANN board has left it up to its CEO to decide who should carry out the review, how long it should take, what form it should take and what aspects are to be looked at.
The report will also pass through ICANN's staff before being delivered to the board, raising the strong likelihood that those at the heart of the allegations will have the ability to influence the final wording before it is seen by anyone else.
It is notable that that very concern – the interference with a report from a supposedly "independent" source – is the very thing that sparked the review in the first place.
The board has not committed to publishing either the full report or any of the documents that the review uncovers.
This approach not only falls drastically short of a full and proper accounting of what went wrong within the organization and why its internal checks and balances failed, but it also goes against the norms of good corporate governance.
What makes the decision not to seek a more thorough and properly independent investigation all the more surprising is that ICANN has been fiercely criticized in recent months – including by four senior Congressional chairmen – for its continued lack of accountability.
At the end of the month, ICANN is expected to assume control of the critical IANA functions contract and one of the main concerns of those opposed to the transition is the fact that ICANN does not have adequate measures to prevent abuse of its new powers.
At a recent Senate hearing, several witnesses testified that new accountability measures – most of which have yet to be implemented – would bring that additional level of accountability.
It is worth noting, however, that none of those new powers – even the ones that have yet to be discussed – would enable anyone but the board to order a fuller investigation. Even following all changes, ICANN's staff would not be obliged to hand over any documentation, and in fact it refused to do so with the independent review panel that found against the organization, citing legal privilege.
The new powers would also not allow the internet community to force the board to act, short of running through a year-long process in which they threatened to sack the entire board – a scenario so unlikely that it's not even worth considering.
In short, ICANN has reacted to the finding that it is an unaccountable organization that repeatedly breaks its own bylaws and goes to significant lengths to hide behind its own processes – even to the extent of developing secret legal memos that excuse it from telling anyone what those processes are – by doing exactly what an unaccountable organization would do: order a strictly controlled internal review of its own behavior.
For that reason alone, with the organization in the spotlight and control of the IANA contract mere days away, ICANN has proven itself to be, as the independent review report put it, "simply not credible." ®
Sponsored: Becoming a Pragmatic Security Leader