Months after it ordered a review into allegations of mismanagement, how's that ICANN accountability drive?
You'll never believe this, but…
Nine months ago – and just weeks before the US government handed it control of the critical parts of the internet – California-based DNS overlord ICANN was hit by just the latest in a decade-long series of scandals.
This time, an independent review concluded that the organization's board had not only broken its bylaws but that its staff had secretly and inappropriately interfered in what was supposed to be an independent evaluation of three new internet extensions.
The report was sufficiently damning that it led to the company that has applied for those extensions calling for ICANN's general counsel to be fired.
It was also just one of a number of reports that had previously raised serious questions about the organization's accountability, the degree to which its staff control and manipulate their own processes, and a continued failure by ICANN's board to provide adequate oversight.
With the saga threatening to derail ICANN's autonomy from the US government, on September 17, 2016 the board voted to carry out a review into what had gone wrong and "gather additional facts and information that may be helpful in addressing uncertainty about staff interaction with the [independent] CPE provider."
It is now nearly eight months later and people are starting to ask: where's the review?
The answer? According to the chairman of the self-same board committee that was criticized for its "cavalier treatment" of complaints and which the independent report said was "simply not credible," Chris Disspain, the review is "currently underway" and "will complete as soon as practicable."
That's not good enough for the six companies that currently have their applications on hold pending the outcome of the review, two of which have sent damning letters to the organization.
For one, both companies claim that they have yet to even be contacted by whoever is carrying out the review. They don't even know who is carrying out the review. Or what their criteria or scope is. In fact, the only person who seems to have any idea what is going on is the chair of the very committee at the center of the complaints.
"We write to protest ICANN's lack of transparency in its treatment of DotMusic's application and ICANN's failure to provide any sort of response to DotMusic's various inquiries about the status of its application," complains one of the two letters [PDF]. "We find ICANN's protracted delays in reaching a decision ... a clear violation of ICANN's commitments to transparency."
The letter notes that it asked three months earlier who the evaluator was and has received no response. In addition, "ICANN has not provided any details as to how the evaluator was selected, what its remit is, what information has been provided, whether the evaluator will seek to consult with the affected parties, etc."
After listing a long series of other failings, the letter notes that "the exclusion of directly affected parties from participation eerily reproduces the shortcomings of the EIU evaluations that are under scrutiny in the first place."
The second letter [PDF], from Dot Registry, is similarly critical and calls the review nothing but "smoke and mirrors." It includes excerpts from ICANN's most recent meeting in March, where questions were asked about the evaluation and met with vague responses from the board and staff.
Not only that, but the two people seemingly in charge of the review and answering questions about it are those whose own actions will be the main focus of the review and hence have the most to lose from a critical report: governance committee chairman Chris Disspain and ICANN general counsel John Jeffrey.
The letter concludes: "ICANN has had ten months [to] provide a meaningful remedy for the harms Dot Registry has suffered at the hands of the ICANN Board, ICANN Staff, and the EIU in the handling and treatment of Dot Registry's community Applications ... ICANN has managed to pass five fruitless Board resolutions without further action ... and caused undue delay after undue delay."
It argues that ICANN's "actions and inactions are not indicative, represent, or amount to anything close to representing good faith and fair dealings in the handling, treatment, and timeliness of bringing closure to this matter."
Both letters strongly imply that unless ICANN starts answering questions they will sue it.
In a letter that is dated two days earlier than the critical letters, but which was only published after they had already been sent, the chair of the board's governance committee (BGC) Chris Disspain gives little more than a rundown of the history of the review and provides none of the information that the applicants have asked for.
In fact it is not clear from the letter whether ICANN has hired an outside provider at all, or whether Jeffrey and Disspain are themselves carrying out the review into their own actions.
It notes only that the BGC has asked for "materials and research" carried out by the "independent" evaluators and that those materials will "help inform the BGC's determinations regarding certain recommendations."
One of the most extraordinary accusations made against ICANN's staff was that it had inserted text about "research" having been carried out by the evaluators – a claim that was pivotal in deciding to reject the applications. The independent review was unable to find any evidence of such research having been carried out.
"The review will complete as soon as practicable and once it is done, the BGC, and Board where appropriate, will promptly consider the relevant pending Reconsideration Requests," concluded Disspain, who will be stepping down from the ICANN board in October and was fired last year [PDF] from his position as CEO of Australia's .au top-level domain "over issues of process, transparency and accountability." ®
Sponsored: Becoming a Pragmatic Security Leader