Full-scale audit of the organization that controls Internet policy (ICANN)?

With just over a week left before the expiration of the Joint Project Agreement (JPA) between the Internet Corporation for Assigned Names and Numbers (ICANN) and the Department of Commerce, the Coalition Against Domain Name Abuse (CADNA) urges the US government to closely re-examine ICANN’s structure, governance, and oversight mechanisms before committing to any further long-term cooperation.

Significant adjustments must be made to the JPA in order to remedy the egregious problems CADNA has found with ICANN. According to Josh Bourne, President of CADNA, “ICANN is broken. We’re releasing our ‘Top Ten List’ of things wrong with ICANN and proposing a full- scale audit of the nonprofit organization that controls Internet policy.”

CADNA suspects that an examination of ICANN would find the following issues:

1. ICANN is a captured regulator: ICANN’s Generic Names Supporting Organization (GNSO), which develops ICANN’s policy, is aligned with business models such as registrars and registries that stand to profit or lose from ICANN’s choices. Counter to what ICANN will attest, they do not fairly and accurately represent the interests and needs of all Internet users.

2. ICANN is not independent: Its Board of Directors is poorly structured, allowing for rulings that align with what the captured policy-making group proposes, and ICANN lacks the internal accountability mechanism found in most private not-for-profit organizations that ensures they are operating honestly.

3. ICANN is not transparent: ICANN refuses to release transcripts of its board meetings, thereby shrouding the rationale behind its policy decisions and avoiding public accountability.

4. ICANN is more interested in making a profit than working for the benefit of Internet users: ICANN’s funding structure, which raises revenue through fees on every registered and renewed domain name, creates conflicts of interests and forces ICANN to support policies favoring the sales of domain names.

5. ICANN is not accessible: ICANN lacks an easily understood manual that explains its operations for those that work within it. Clearly defining the roles and responsibilities of staffers and volunteers would allow them to better communicate amongst themselves and to be more effective within the parameters of their positions. In addition, there is no means by which the general public — Internet users — is informed about ICANN’s operations. Such improved accessibility would increase participation by the Internet community and improve feedback.

6. ICANN is failing to address numerous issues corrupting the Internet: ICANN often ignores issues regarding the safety and stability of the Internet, such as the proliferation of cybersquatting, which can enable phishing, malware deposit schemes, and the sale of unwanted counterfeits. ICANN has also largely ignored the problem of inaccurate WHOIS information, which encumbers the identification and prosecution of bad actors. Rather than helping to make the Web more secure, ICANN is increasing the online risks that businesses and consumers face by irresponsibly releasing new generic top-level domains (gTLDs).

7. ICANN’s proposed gTLD rollout is poorly conceived: ICANN has not properly vetted this decision in an objective fashion. This rollout expands the size of the Internet exponentially without first performing a sound cost/benefit and security and risk analysis to determine both desirability among and risk to Internet users.

8. ICANN is not looking at itself critically: Former ICANN CEO, Paul Twomey, made it clear at Congressman Boucher’s hearing that even with the renewal of the JPA, it would be business as usual for ICANN. Unfortunately, business as usual would do nothing to improve the domain name space.

9. ICANN is risking cybersecurity, national security, and global security: Expanding the number of gTLDs, the latest of a series of risky policies, will make it easier for those who pose threats to national security to conceal their online operations and identities.

10. ICANN’s relationship with the US government does not span all relevant agencies: Given the security implications of ICANN’s role in the Internet, the Department of Homeland Security should have joint jurisdiction over the JPA and IANA contract with the Department of Commerce.