By Milton Mueller, Internet Governance Project, Georgia Institute of Technology
ICANN 60 showed that NCUC is playing an increasingly prominent role in ICANN. In the past, we were mainly reacting to policy initiatives from other stakeholder groups – usually proposing things we oppose. At this meeting, we were setting an agenda and influencing the rest of the environment in several areas. This blog will cover only those areas in which I was able to directly observe what was going on. There were several other NCUC activities at ICANN 60 that I was not able to observe (notably I missed most of the GNSO Council meetings and most of the geonames meeetings).
A joint outreach meeting of NCUC and At Large on Saturday was a very productive event. It drew a large audience, including many of the new fellows and supported travelers. ICANN is drawing many new people into its processes, but many of them are confused by the complex organizational structures within ICANN, and some have vague or inaccurate ideas about what ICANN does. NCUC Chair Farzaneh Badii clarified that NCUC, as part of the GNSO, is focused exclusively on policy development for generic domain names, whereas AL can offer advice about anything. She also made it clear that NCUC is for noncommercial interests within ICANN, whereas At Large membership can include both commercial and noncommercial end users. Some differences in the attitudes of NCUC and At Large emerged during the discussions, particularly around Whois/privacy issues, where NCUC takes more of a rights-based approach and At Large positions are driven more by those who want to regulate users.
This meeting also featured a discussion between me and the current and future heads of ICANN’s Security and Stability Advisory Committee, Patrik Faltstrom and Rod Rasmussen, on the topic of “DNS abuse.” We discussed what was the line between forms of abuse that involve domains only, and abusive or illegal content, which is outside of ICANN’s mission. We may have succeeded in making the SSAC people more sensitive to this distinction.
NCUC was also prominent in discussions of the jurisdiction issue. Led by Internet Governance Project colleagues Farzaneh Badii and myself, but with participation and support from NCUC members Claudio Lucena and Tatiana Tropina, we pushed for mitigating the effect of OFAC sanctions on ICANN’s neutrality as global domain administrator. Recommendations to commit ICANN to obtaining OFAC waivers whenever needed, and to push for a general OFAC license, were accepted by the subgroup. Opposition to the subgroup’s report developed within GAC, however. The problem, as Brazil’s GAC representative made clear, was not that they were “against” the OFAC-related recommendations. They are “very useful, very helpful,” he said. They feared that if they support the final report they are condoning the idea that the discussion of jurisdiction is over. Brazil and other countries still want to discuss further immunities. In meetings with the GAC, NCUC played a role in smoothing over the dissent by making it clear that we are not against continued discussion of immunities and the subgroup report was modified to allow this continued discussion.
ICANN and content regulation
NCUC actors made a major push against pressures to turn ICANN towards content regulation. Just before the meeting, NCUC member Internet Governance Project released a paper on registrar’s terms of service and their power to suspend domains based on their content. Member organization Electronic Frontier Foundation continued its campaign asking registrars not to “take up the censor’s pen.” These papers were discussed at the NCUC and NCSG meetings on constituency day and helped to inform members about the issue.
We continued the pressure in our meeting with SSAC representatives, as noted above, and in our meeting with the ICANN board. Content regulation via ICANN was featured in one of the questions we asked of the board. We received a very strong and reassuring response from board member Becky Burr, which, due to its importance and the need to keep a record of the commitment, I copy from the transcript below:
BECKY BURR: And the Board has resolved, …to be very clear in everything we do to articulate why we think what we’re doing is consistent with our mission. We want to put that out there to start a conversation, a dialogue with the community to make sure … that we all have mission at the top of mind. The purpose of that is to make sure that we collectively have a very clear understanding of what ICANN’s mission is, and we are consciously thinking about whether we are acting within ICANN’s mission at all times. That, really, to me, is a critical piece of making sure that everything we do goes back to ICANN’s mission, which, obviously, clearly excludes content control.
MUELLER: Well, I think that’s as satisfactory an answer as I could expect Becky to give. And I do think that there are going to be some of these borderline questions. The thing that I like that I’m hearing is, going forward, a PIC (registry Public Internet Commitment) that strays into [content regulation] would not be considered something that ICANN would have to enforce through its compliance. Can we get a clear statement on it? New PICs?
BECKY BURR: Well, I think it’s pretty clear that…that was the understanding of the community that new PICs going forward have to be — have to fall within ICANN’s mission.
MUELLER: Okay. And then the registry itself might offer PICs — or even they wouldn’t be PICs, just policies that would allow them to regulate content within their own top-level domain. But ICANN wouldn’t be responsible for enforcing those commitments, right?
BECKY BURR: No. So, for example, a number of registries are working with organizations on different ways of resolving disputes about copyright-related issues. Those are not within ICANN’s remit. ICANN is not involved in those. Those are private arrangements, private dispute resolution arrangements.
MILTON MUELLER: Thank you.
MARKUS KUMMER: So it seems we’re on the same page here, which is good.
We also had a good meeting with the Registrars Stakeholder Group where we discussed the “registrar neutrality” ideas contained in the IGP paper. While there was general agreement about the need to detach domain administration from content regulation, it was clear that we will have trouble getting registrars to reduce discretion available to them. While sympathetic to neutrality, registrars would want carve outs for when they need to protect themselves for liability reasons.
The issue of domain abuse vs. illegal content came up again on a panel about ICANN’s new Domain Abuse Activity Reporting data collection process. GNSO Council member Tatiana Tropina participated in this panel and reminded them of the need for due process and for not conflating domain abuse with website content.
We were also active in the never-ending Whois/privacy issue. Whois is being re-branded as RDS (Registry Directory Services) but all the issues are the same. In a Sunday meeting of the RDS working group, NCUC members Stephanie Perrin, myself and Farzaneh Badii succeeded in challenging a false premise that much of the early work of the group has been based on, namely that the “purpose” of Whois can be derived from a list of all of its uses by various interests. The anti-privacy interests always approach the Whois purpose issue from this standpoint. They assert that because they are currently using their indiscriminate public access to personally identifiable information in a certain way, that that use should be considered as one of the “purposes” of Whois. NCUC advocates, on the other hand, noted that for a data collector such as ICANN, the purpose of Whois relates only to those functions ICANN needs the data for to perform specific purposes. The purpose of Whois restricts what data is legitimately collected. If the “purpose” of whois is to facilitate law enforcement, for example, then registrars should be collecting and publishing passport or social security numbers, as that would certainly make LEA’s job easier. But that is in fact NOT ICANN’s purpose for collecting Whois data. By the end of this meeting, we seem to have driven this point home, and people in the RDS group seemed to better appreciate the important distinction between “use cases” and “purpose” in data collection. Whether that will affect the RDS group’s final recommendations remains to be seen.
(Posted by Renata Aquino Ribeiro)