Current arrangements

Between the inception of ISOC in 1992 and the resolution of the Tunis Agenda in 2005, the Internet changed immeasurably: it grew more than four hundred times larger, and entire industries rose and fell around it. Yet formally, comparatively little changed over that period in the institutions by which it was governed. For example its peak body was still the non- governmental, non-profit civil society association, ISOC, and its technical standards were still primarily developed by one unincorporated technical body, the IETF, subject to the oversight of another, the IAB.

In general, the interrelationships between these organisations were not lines of authority but merely of informal oversight or “guidance,” mostly as posited in RFCs rather than in agree- ments or international instruments. The exceptions are the more recently-formed arrange- ments: ICANN’s with the NTIA, with its gTLD registries, and most recently—only since 200831_{—with the largest of the root server operators (whose role will be explained below).}

The concentration of effective power within the network of organisations, and its fluidity, may therefore be very different from what their formal arrangement suggests. With that proviso, a diagram summarising the various organisations and their relationships appears in Figure 2-1.

30. See http://www.icann.org/registries/listing.html.

31. ICANN, Milestone Agreement Reached Between ICANN, and F Root Server Operator, Internet Systems Consortium (2008)

Chapter 2. Internet governance as it was

Figure 2-1. Internet governance organisations

ISOC

IAB

ICANN IETF IRTF

IRSG Research Groups IESG _EditorRFC Areas Working Groups GNSO eg Verisign ASO eg APNIC CCNSO eg AUNIC ACs eg ALAC NTIA IANA

Whilst most of the organisations illustrated have been described above, a few more words must be said about ISOC, the IAB and ICANN—all of which operate on an international lev- el—before the organisations exercising governance of the Internet’s technical coordination on a regional and a national level are examined.

2.1.2.1. International

ISOC is a non-profit organisation incorporated in the United States with offices in Wash- ington, DC and Geneva. It has members in over 180 countries, divided into individual and organisational constituencies, and Chapters which are regional ISOC groups such as ISOC- AU, the Internet Society of Australia. ISOC is governed by a Board of up to twenty Trustees holding office for three years, most of whom are elected by ISOC’s members, but with three nominated by the IETF and up to five by the incumbent Board. The panel of candidates for election by members includes those nominated by a seven-member Nominating Committee, and those who are petitioned for candidacy by at least seven percent of the members in a given constituency. ISOC is the “organisational home” of the otherwise unincorporated IAB, IETF and IRTF.

Chapter 2. Internet governance as it was The IAB is constituted both as a technical advisory group of ISOC, and as a subcommittee of the IETF. The members of the IAB, and its Chair, are nominated by a voluntarily-convened nominating committee of the IETF (the Nomcom),32 _{and these nominations are approved}

by ISOC’s Board of Trustees. The IETF Chair also sits as an ex officio member of the IAB. The Chairs of both the IETF and IRTF and their Steering Groups (respectively the Internet Engineering Steering Group or IESG, and the Internet Research Steering Group or IRSG) are appointed by the IAB. Membership of the Steering Groups is by nomination of Nomcom, subject to the approval of the IAB. The IAB also acts as an appeal board for complaints of improper execution of the standards process by the Steering Groups. The IAB’s own decisions are published by RFC.

The third and best known international body involved in technical coordination of the Internet is ICANN. ICANN is a non-profit California corporation currently contracted to the NTIA to manage the DNS root and to perform related functions of the formerly-independent IANA. The MOU pursuant to which these services are performed (described in its latest revision as a “Joint Project Agreement” or JPA) is due to expire in September 2009.33 _{Following its}

expiry, it is planned that the Department of Commerce will pass most of those functions on to ICANN for it to perform on a fully privatised basis, though in November 2005—just prior to the second session of WSIS—the NTIA matter-of-factly noted that the United States intended to “maintain its historic role in authorizing changes or modifications to the authoritative root zone file.”34

The board of ICANN is composed of fifteen voting members: eight selected by a Nominating Committee (also known as NomCom, but distinct from the IETF committee of the same name), two each by ICANN’s three Supporting Organisations, and the President who sits ex officio. The ICANN NomCom is required to ensure that the directors it nominates display diversity in geography, culture, skills, experience, and perspective, which includes ensuring that the board contains at least one director, but no more than five, from each geographical region as defined in ICANN’s bylaws.35_{Officials of national governments or intergovernmental}

organisations are disqualified from serving as directors.

The ICANN NomCom itself comprises seventeen voting members, plus a chair and up to five other non-voting associates, advisers and liaisons. Nine of the NomCom’s voting members

32. See IETF, IAB and IESG Selection, Confirmation, and Recall Process: Operation of the Nominating and Recall Committees (2004).

33. See http://www.icann.org/general/JPA-29sep06.pdf.

34. NTIA, US Principles on the Internet’s Domain Name and Addressing System (2005) 35. ICANN, Bylaws (2006), article VI, section 5.

Chapter 2. Internet governance as it was

are selected by ICANN’s Supporting Organisations by reference to various criteria, with five others being nominated by ICANN’s At-Large Advisory Committee described below, and one each of the remainder being designated by the Board to represent academia, by the IETF, and by the Technical Liaison Group also referred to below.

ICANN’s three Supporting Organisations (SOs), along with five self-organised Advisory Com- mittees (ACs), serve to advise the ICANN board. Each of the Advisory Committees, and the IETF, appoint a non-voting liaison to the board. An Ombudsman is also appointed to carry out internal review of contested decisions of the board.

The three Supporting Organisations are the Address Supporting Organization (ASO), the Generic Names Support Organization (GNSO), and the Country Code Names Support Or- ganization (CCNSO), which respectively provide policy support to ICANN in the areas of IP addressing, gTLDs and ccTLDs.

The five Advisory Committees are the Governmental Advisory Committee (GAC), the Root Server System Advisory Committee, the At-Large Advisory Committee (ALAC), the Security and Stability Advisory Committee and the Technical Liaison Group. Of these, the first three are of particular note. They are ICANN’s liaisons respectively with DNS root server operators, governments and the Internet community at large. Being Advisory Committees, they have no direct vote on ICANN’s board, though as noted above ALAC does appoint five voting members to the ICANN NomCom.

The DNS Root Server System Advisory Committee, firstly, is formed of the operators of the DNS root servers. ICANN itself does not actually control these root servers, and never did. The root servers act as the authoritative source of DNS data for the TLDs. When ICANN makes a policy decision to add a new TLD to the root, and this decision is authorised by the NTIA, it is an entry in the DNS configuration files of one of the root servers that actually effects the change. There are thirteen classes of root server distributed throughout the world, under the control of a number of independent operators.36

As for the GAC, its mission is to

consider and provide advice on the activities of ICANN as they relate to concerns of govern- ments ... including matters where there may be an interaction between ICANN’s policies and various laws and international agreements and public policy objectives.37

Membership of the GAC is open to representatives of any national government. Unlike

36. See http://www.root-servers.org/.

Chapter 2. Internet governance as it was ICANN’s board, some of whose meetings are open to the public and all of which are min- uted online, the GAC has resolved to meet behind closed doors. As well as advising the ICANN board directly, the GAC may recommend that the board seek external expert advice, including reference of “issues of public policy pertinent to matters within ICANN’s mission to a multinational governmental or treaty organization.”38_{Since 2002, the GAC has also been the}

only Advisory Committee whose advice may not be rejected by the Board without providing written reasons.

Finally, and at the other end of the spectrum from the GAC, ALAC’s mission is to represent the interests of individual Internet users at large to the ICANN board. It is comprised of fifteen members; five selected by the ICANN NomCom, and two by each of five Regional At-Large Organizations (RALOs). The RALOs are umbrella organisations of Internet user groups, one in each geographic region as defined in the ICANN bylaws. APRALO is the RALO for the Asia-Pacific region including Australia, and ISOC-AU is one of its constituent sub-groups.39

2.1.2.2. Regional

Apart from the RALOs, the other organisations involved in technical coordination of the Internet on a regional level are the RIRs such as APNIC. These are non-profit organisations responsible for the administration of IP address allocations to ISPs or sub-regional Internet registries, under the coordination of ICANN. Although the RIRs set their own policies, in 2003 they formed a Number Resources Organization (NRO)40 _{to deal with issues of joint}

concern, from which membership of ICANN’s ASO is drawn.

The RIRs presently in operation are ARIN (American Registry for Internet Numbers) serv- ing North America, RIPE NCC (R´eseaux IP Europe´ens Network Coordination Centre) which covers Europe, Central Asia and the Middle East, APNIC which covers most of Asia, plus Oceania, LACNIC (Latin America and Caribbean Internet Addresses Registry) whose cover- age is as its name suggests, and AFRINIC, which covers Africa.

APNIC41_{, much like the other RIRs, is constituted as a non-profit membership organisation.}

Since 1998 it has been registered as a corporation in Queensland, Australia. The majority of members are ISPs and large corporations from the Asia-Pacific region who receive resources

38. ICANN, Bylaws (2006), Article XI-A. 39. See http://www.apralo.org/. 40. See http://www.nro.net/. 41. See http://www.apnic.org/.

Chapter 2. Internet governance as it was

from APNIC, such as allocations of IP addresses or Autonomous System (AS) numbers. The members elect APNIC’s seven-member Executive Council from an open panel of nominees. The Executive Council elects APNIC’s Director General who heads its General Secretariat. Much like the Areas of the IETF (to be discussed in greater detail below), APNIC has a num- ber of Special Interest Groups (SIGs) which specialise in particular policy areas. SIGs devise their own charters and procedures for reaching and recording consensus. Each SIG’s work takes place on public electronic mailing lists which are open to all interested participants, not only to APNIC members. A SIG may also create short-term Working Groups to tackle specific projects on the SIG’s behalf.

Two Open Policy Meetings per year are held by APNIC at which the members present ratify any policy proposals developed by the SIGs since the preceding meeting. The proposals are then subjected to a final period of public comment on the SIG mailing list before they are endorsed by the Executive Council.42_{BOF (Birds of a Feather) sessions are also held at Open}

Policy Meetings, and it is at these sessions that new SIGs may be formed if sufficient interest exists from within the membership.

2.1.2.3. National

On a national level, the most prominent organisations involved in technical coordination of the Internet are ISOC chapters such as ISOC-AU, and ccTLD registries such as auDA, which administers the au ccTLD.

auDA is a non-governmental organisation established in 1999 to take over administration of the au ccTLD from an individual, Robert Elz.43_{There are a startling number of histor-}

ical parallels between the transfer of administration from Elz to auDA and the transfer of administration of the DNS root from IANA and NSI to ICANN.

Most obviously, both transfers were the product of the explosion in popularity of the Internet during the mid 1990s, which overwhelmed the resources of the incumbent administrators. In Elz’s case, his initial response was to sub-delegate control of the edu.au and gov.au second- level domains (2LDs) in 1990, then net.au and asn.au in 1994. Finally in October 1996 Elz awarded Melbourne IT Ltd a five year contract to administer com.au. Much like NSI, the new monopolist immediately began charging for registration of com.au names amidst widespread dissent from the Australian Internet community.

42. For more detail on the APNIC policy development process, see Section 4.4.3.2. 43. See generally Caslon Analytics, auDA Profile (2005).

Chapter 2. Internet governance as it was Echoing the efforts of the gTLD-MoU, there were attempts to regulate Melbourne IT’s lucra- tive monopoly over the most popular Australian 2LD by establishing a ground-up organisation to be called the Australian Domain Name Administration (ADNA), which was incorporated in May 1997. However mirroring the opposition to the gTLD-MoU mounted by incumbents such as NSI, ADNA’s position became untenable when it failed to win support from most of the 2LD administrators.

To resolve this impasse, ADNA’s board requested NOIE (now AGIMO—essentially the NTIA’s counterpart in Australia) to hold a summit on the future of administration of the au ccTLD. The result of this was the formation of Australia’s equivalent to the IFWP: a dot-AU Working Group (auWG) containing public sector, private sector and civil society represen- tatives. Following community consultation, the auWG recommended the creation of auDA, a non-profit corporation, to act as the new ccTLD administrator. Reflecting the view of ICANN’s GAC (whose secretariat at the time was NOIE), auDA’s constitution accepted “that the Internet Domain Name System is a public asset, and that the .au ccTLD is under

the sovereign control of the Commonwealth of Australia.”

In November 1999 Elz transferred control of the com.au 2LD to auDA, but retained control over the au root and its other 2LDs. Once again recalling international events, the nascent auDA was criticised by Elz and the incumbent com.au monopolist Melbourne IT, as not having demonstrated its capacity and representativeness sufficiently to justify receiving control of the ccTLD. ICANN proceeded to redelegate the au ccTLD to auDA regardless of these objections in 2001.44

Much as the NTIA has retained ultimate authority of the DNS root, the Commonwealth was careful to assert ultimate control over the ccTLD management function through Division 3 of Part 22 of the Telecommunications Act 1997 (Cth), which provides for the regulation of “electronic addressing” by ACMA and the ACCC (Australian Competition and Consumer Commission). This provision was passed as a precursor to the request of the Australian Government through the Minister for Communications, Information Technology, and the Arts, to ICANN to effect the transfer of control over the au ccTLD to auDA,45_{and reserves}

to ACMA and the ACCC the power to take over management of the au ccTLD.

In July 2002 AusRegistry Ltd was appointed by auDA as wholesale registry operator for all of the 2LDs that were open for registrations by the general public (then com.au, net.au,

44. See IANA, IANA Report on Request for Redelegation of the .au Top-Level Domain (2001). 45. See http://www.iana.org/cctld/au/alston-to-lynn-04jul01.htm.

Chapter 2. Internet governance as it was

org.au, asn.au and id.au), a role akin to that of Verisign in respect of the com and net gTLDs. Melbourne IT was thereby relegated to the status of one of numerous registrars accredited by auDA to accept such registrations.

auDA is a corporation limited by guarantee, containing two classes of members: supply-side (that is, those who supply domain names to the public) and demand-side (that is, consumers of domain names). Each class of member elects four directors to auDA’s board from a panel nominated by that class. The CEO is an additional non-voting member, and the board itself may appoint an additional two independent directors, a prerogative first exercised in 2000.46

auDA draws upon the work of a number of ad hoc advisory and review panels and committees staffed by volunteers drawn from within and outside auDA’s membership. Nominations for membership of a panel or committee are approved by auDA’s Chief Policy Officer, an unelect- ed staff position. There have to date been nine such panels and committees, the last of which to sit was the 2007 Names Policy Panel. The panels and committees generate proposals and recommendations which are released for public comment on auDA’s Web site before being submitted to the board for its approval.

auDA’s public policies are reviewed on a cyclical basis. During policy reviews, public sub- missions are received and published on auDA’s Web site. auDA also had an active mailing list, open to non-members, on which issues of policy were (often very robustly) publicly dis- cussed and debated, but in 2003 it disassociated itself from that list which is now hosted independently.47

2.1.3. Criticisms

ICANN has been the most-criticised of all institutions of Internet governance from the moment of its inception. Those criticisms may be grouped into four common categories, all of which, bar perhaps the first, are instructive in their broader application for other entities engaged in Internet governance:

ˆ criticisms of the manner of ICANN’s formation;

ˆ objections to the legitimacy of its assumption of public policy authority;

ˆ disputes as to its ability to operate by consensus; and

46. See http://www.dotau.org/archive/2000-12/0014.html. 47. See http://www.dotau.org/.

Chapter 2. Internet governance as it was

ˆ criticisms of its failure to act in accordance with the consensus principles by it claims to operate.

The Machiavellian circumstances surrounding its incorporation, as described above at Section 2.1.1.1, sowed the seeds for the first barrage of criticism ICANN received, particularly over the opaque process by which its initial board was appointed. IANA’s pedigree notwithstanding, the IFWP process more closely adhered to the Internet’s values of openness and egalitarianism than the IANA process that trumped it by presenting the ICANN bylaws and board of directors as a fait accompli .48

The second common criticism of ICANN is that it has exceeded its mandate by straying into areas of national and international public policy. A good example of this is found in ICANN’s UDRP or Uniform Domain Name Dispute Resolution Policy, which was established in 1999 in response to the report that the US Government’s White Paper solicited from WIPO setting out a procedure for the resolution of claims by trademark owners that a registered gTLD in- fringed their rights.49

Complainants in UDRP proceedings who seek to have a registered domain name cancelled or transferred to them must prove that the disputed “domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights,” that the reg-