You are viewing a read-only archive of the Blogs.Harvard network. Learn more.

ICANN’s Constitutional Moment

essay by Susan Crawford, with a response by Kenn Cukier

The Internet Corporation for Assigned Names and Numbers, or ICANN, coordinates name and number identifiers for the Internet. In a nutshell, ICANN coordinates actors who make sure that there is only one .com in the list of top level domains (like .com, .net, .org, and .edu) to which most Internet access providers around the world refer. ICANN also makes sure that these top level domains are linked to the “right” Internet Protocol addresses of the machines that have information about second-level domains underneath them (like It’s also responsible for coordinating the allocation of IP addresses, although the Regional Internet Registries do the work. It has contracts with the registries and registrars who provide, respectively, wholesale and retail services in connection with registering domain names. (It has looser relationships with the country-code top level domains like .de and .fr.) ICANN’s source of contractual authority comes from its status as a provider of services to the U.S. Department of Commerce.

And that’s it. Names and numbers; very simple; and it used to be that just one man with a long white beard named Jon Postel did this work on his own. Now, as of mid-2008, ICANN has a US$61 million budget and more than 100 employees.

As one of very few structures on the landscape of internet governance, ICANN gets both more and less attention than it deserves. At ICANN’s founding, amidst a swirl of rumors and complicated myths (many of which were probably true), many people expressed concern about ICANN’s power to act as a chokepoint. The internet is just a logical architecture, not a network with a manager, but ICANN’s ability to condition registration or use of a domain name or number on compliance with particular content-related (or law-enforcement-related) rules provided a place for policing that seemed risky. Then, after a few years of articles about ICANN, U.S. scholarly interest in ICANN died down; indeed, writing about ICANN became a kind of career-poison. “Who cares about domain names?” became the refrain. “People use search engines to find online sources, so names don’t matter any more.” It is also extremely difficult to follow what ICANN is up to, because much of the work of ICANN happens at week-long meetings (three per year) held in always-different places around the world. Although ICANN’s web site is much better than it used to be, its complicated structure and insider’s jargon can be off-putting.

This year, 2008, is a constitutional moment for ICANN, and I suggest to you that ICANN is now getting less attention than it deserves.

ICANN is often pointed to as a model of private governance for internet resources. First, it adopts “consensus policies” that bind the private actors that provide domain name registration services, and the idea is that these policies are actually formed by consensus of relevant internet stakeholders rather than being crammed down by the Board. Second, it is supposed to open up new top level domains to encourage competition with .com, which gained an enormous advantage in the early years of domain name registrations. And third, it was designed to keep governments at bay. The idea was that the U.S. government would act as a good steward for the rest of the world, so that no government would be able to carry out its content-related desires by using the domain name system as a chokepoint. Kenn Cukier is right that the stated plan of the U.S. government at the time of ICANN’s founding ten years ago was that ICANN would eventually become a fully-private organization; as of mid-2008, it is not clear that this plan will actually be carried out in the near future.

I am personally concerned that ICANN’s actual operation is not matching its design in all three of these areas. This prompts a question: was the model unworkable, or has its execution not had adequate oversight? And a second question emerges: Is private governance of things that people think are “critical internet resources” possible?

First, on the “consensus policy” point. Right now, as a condition of registering a domain name individuals have to make public their address and other contact information. This seems like a lure for spammers and an affront to personal privacy, and there is no worldwide consensus in favor of retaining this policy. But because intellectual property interests and law enforcement authorities would like to keep this database public, and because the retention of such a public database is the status quo, it has been extremely difficult to change this policy. The idea behind the consensus policy regime was that ICANN would be a forum for the creation of those very few global rules that were necessary for stability and security of the internet, and everything else would be left to local control. Yet here we are, with a special-interest rule that imposes costs on people around the world and is seemingly impossible to change.

Second, ICANN does not have a very good track record with respect to opening new top level domains, and it is on the verge of adopting a thickly-restrictive, full-of-compromises regime for this process going forward. It is almost as if ICANN would like to perform desired censorship for anyone with an objection to a proposed string – to keep those objecting from being upset with ICANN. I find this difficult to understand; no one is forced to look at the list of top level domains to which network access providers point.

Third, ICANN can no longer be said to be keeping governments at bay. Both the U.S. government and other governments exert a great deal of power within ICANN through the Governmental Advisory Committee, a sort of mini non-treaty organization of governments that must be consulted in detail before ICANN can do much of anything. The most recent step down this path is an apparent agreement to short-circuit ICANN’s policy processes in favor of governments who would like a “fast track” for adoption of internationalized (non-ascii) top level domains that they would control. This is a superficial summary of a long story, but the reality remains: governments have a great deal of say over ICANN’s processes.

So: was the model unworkable? Should centralized resources of internet names and addresses become subject to government control, because this is the kind of thing for which governments are traditionally responsible? Was the private model subject to such non-democratic pressure by large companies that it could never have worked in the first place? Or has the implementation of the ICANN model been the problem?

Let me try to answer the questions I’ve posed. Is the theory that rules imposed globally should be rare and supported by almost everyone wrong? No. Is the mechanism of using contracts to ensure enforcement on a global basis wrong? No. Is the theory that non-governmental parties will be better at developing dynamic policies that reflect knowledge of the technology wrong? No. Is the theory that opening up more competition for top level domains would be good wrong? No. So what’s the problem?

The creators of the ICANN model may have underestimated both the tendency of people to turn institutions to their own ends and the tendency of governments to ensure that their needs are addressed. ICANN the institution may have had the right theories at its core, but it needed to be peopled with those who cared about preserving the free flow of information online and were willing to put energy behind a private model. Kenn Cukier is right that ICANN is continuing to muddle along; its budget continues to grow, and its meetings are well-attended. But what is it accomplishing, and how are its activities undermining the “avoid chokepoints” model? There are great challenges ahead. At any rate, before the ICANN experiment is pointed to as a model of private internet coordination it should be examined carefully. Its actions this year are likely to be revelatory.

Susan Crawford is currently a Visiting Professor of Law at Yale Law School, teaching internet law and communications law. She is a member of the board of directors of ICANN and is the founder of OneWebDay, a global Earth Day for the internet that takes place each Sept. 22. She is the author of the Susan Crawford blog.

Comments 3

  1. Jon Garfunkel wrote:

    re: “now, as a condition of registering a domain name individuals have to make public their address and other contact information. This seems like a lure for spammers and an affront to personal privacy, and there is no worldwide consensus in favor of retaining this policy.”

    Well, you can pay for a proxy as GoDaddy supports.

    I followed the debate in the GNSO Whois WG on OPOC (Operational Point of Contact). Here was our brief exchange during the June ICANN meetings. It seemed to me that the larger debate should have received more attention.

    Where is this today, btw?

    Posted 20 May 2008 at 8:49 pm
  2. Derick Harris wrote:

    I believe there is an alternative (additional) model. The model mimics the dual use public/private broadcasting systems, specifically in the U.K. and in Canada, although I have contemplated that what follows here could also replicate PBS here in the U.S. in connection with broadband.

    Here’s the text of a related comment that
    I sent to Circle ID in reference to an item on “dual Internets” by journalist, Bill Thompson, who references
    Jon Zittrain’s recent book. Please keep in mind that what follows here is a doable model that’s “doable” today BECAUSE its impervious to ICANN and the related network has in fect been layered across the public internet in the dot-com name space for the better part of the last decade.

    “It’s entirely possible to build the equivalent of a public/private “red” zone and a “green” zone right now, notwithstanding the DNS.
    The “tethering” problem referred to by Jon Zittrain is both structural by design and required by competitive pressures occasioned by so-called “walled gardens”, primarily in the U.S.

    “The structural impediment is the DNS itself which maintains and reinforces ICANN’s monopolization of the global Internet on the CORRECT premise that technical oversight of the DNS ensures reliable TECHNICAL management of the root. Arguably in-country authorities could manage that themselves, which they happily did before ICANN existed (c 1998-99). However, the DNS by design nonetheless requires as a technical minimum than anything that ultimately resolves at level one must conform with the DNS protocol (Mockapetris et al).

    “Which brings me to Bill Thompson’s reference (after Zittrain) to what amounts to “tethered” and “untethered” Internets: ie., two Internets, one open and unsecured, and one closed and (therefore) secure. The argument for technical management and supervision of the DNS root zone will, perhaps but not necessarily, trump the idea that two separate Internets (tethered and untethered – public and private) are nonetheless a good thing.
    Moreover, there’s no logical or even technical reason that precludes this. It’s an artifact of the way that Postel and others originally viewed the model. Moreover, ICANN in its own interest will always argue that two Internets are both administratively and technically incompatible. Both arguments are false. Here’s why that is the case.

    “It’s called “Interchangeable Master Channels (IMCs). IMCs are level three networks that consist of uniform and coherent aggregations of level two master channels to which level three sub-channels are attached. Simple as that. Level two is NOT tethered while level three IS tethered and, thus, the security ramifications that stem from what amounts to a private Internet inside of the public Internet where all level two master channels perfectly resolve.

    “An example of how IMCs do what they do can can found today, layered across the public Internet in the dot-com name space where the network has been located since before ICANN (c 1997-98). The EXISTING Network does have some limitations: ie., the number of master GENERIC channels (750) that were previously procurred. Be that as it may, the design of the world’s only existing network of IMCs is quite interesting.

    “Namely, ALL level two master channels (IMCs) perfectly resolve in the dot-com name space and therefore the dot-com DNS root. All level three “brand channels” (which are interchangeable in real time) are managed. Accordingly, innumerable brand channels ( can simultaneously occupy the level two master channels. The number of existing master generic channels was originally set up so as to accommodate almost every conceivable brand name product or service anywhere in the world and, thus, brand name entities around the world which are the “default” owners of their own brand name channels can support the master public channels to which they are attached.

    “The result of this particular model is a contemporary and doable method for creating tethered and untethered (dual) Internets: one public, one private, and impervious to ICANN. Call them “red” zones or “green” zones, or whatever. IMCs exist and can be used.

    “The real problem that confronts the model is ICANN itself which will always resist the IMCs innovation because IMCs by design bring no revenue whatsoever to ICANN beyond the level two registration tariff(s). If ICANN would open itself to the fact that numerous IMC networks are doable (and, thus dual Internets; one public and one private, much like TV and radio broadcasting in the U.K. and in Canada), then the issue of tethered or untethered Internets would evaporate. At any rate it’s doable now. Anyone can obtain information about IMCs by simply sending an email with IMCs in the subject line to”

    Posted 23 May 2008 at 10:04 pm
  3. Andy Oram wrote:

    The key difference between ICANN and earlier coordination efforts on the Internet (notably the IETF) lay in the unity of the domain name system. Earlier standards were voluntary. If you didn’t like the resulting protocol, you just didn’t use it, and hundreds of proposed standards went into the dust-bin through passive rejection.

    But the domain name system is not optional. Attempts were made to set up alternate root servers, but none ever became more than an intriguing curiosity.

    In a sense, the functions performed by Jon Postel were the first and only true governance, because no one could reject them while staying on the Internet.

    The consequences of the non-optional character of participation in DNS were that ICANN was set up in a near-paranoid manner in a back room (precisely to avoid public input into its governance model) and that public input was filtered through a myriad of bureaucratic strata instead of being open in the manner of the IETF.

    (It’s worth pointing out that many people find the IETF slower and its results less valuable these days, as the kinds of large players Crawford mentions throw their weight around.)

    But for all its flaws, ICANN shows signs of responding to pressure from below. The board has evolved and now has real participants such as Crawford. ICANN’s inconsistent responsiveness to public pressure would certainly not improve were the company cut loose from the Department of Commerce, but it’s not clear whether the responsiveness would worsen either.

    Posted 24 May 2008 at 7:57 am