STUART LYNN TACKLES HOME DEFENSE

On Thursday November 8th, in a teleconference arranged by ICANN's Publicity Office, members of the press were invited to question CEO, Stuart Lynn, on this week's meeting at Marina del Rey, which will focus exclusively on Security issues. "There is overwhelming support for this security agenda in the community", Lynn said. Surprising that most questions then followed a different agenda, the one that ICANN set aside in response to the September 11th attacks.

"A few people who don't have anything to offer" was Lynn's definition of those who objected the original agenda being summarily dismissed, "There is nothing that could not wait a month or two." A month or two? Surely, that would mean that the Board would be making decisions in advance of its next meeting in March, 2002. Would decisions be made on The At Large Study Committee (ALSC) Report that addresses the need for involvement of the general public in the decision making process? The ccTLD agreements that deal with the country specific domain names? "No action will be taken on ccTLDs" Lynn assured us, and "No decision could be taken on the ALSC." ICANN's ByLaws require a period for comment from it's Supporting Organizations and that would be the case whatever the agenda next week.

So what decisions was Lynn referring to exactly? Apparently the International Domain Name (IDN) issue for one, and "Formally accepting it (the ALSC) and sending it out for feedback and some other things we won't know about until next week." Whether by "it" he meant the contents of the ALSC Report, or passing the contentious Resolution it has prepared for the Board to rubber stamp was not entirely clear, but according to Lynn, "nothing will be slowed down" and ICANN will meet its timetable for new Directors to be seated in November next year. It's somewhat fuzzy at the moment how that can be achieved.

This week's meeting will deal primarily with the Domain Name System (DNS), in terms of technical, managerial and policy concerns. "We are not talking about overall security of the internet" Lynn said, but would not be drawn on the details. "It's not a good idea to talk about these things in a football field." I guess he hasn't been reading the mailing lists of late. One well known security concern is data escrow and the question that needs to be answered is whose obligation it is to back up the records kept by Registries and Registrars on each domain name. So far, neither ICANN or its Registries have taken responsibility for this critical infrastructure, but the pressure is now on.*

"Our registries are very careful and conscientious" Lynn stressed, and "We could end up saying, hey, we're fine, we're in good shape," adding that he expected both panel sessions would bring things into the security agenda because "ICANN encourages bottom-up participation" in the process. The ALSC Report published on Monday at least acknowledges a lack of bottom-up participation in the ICANN process, yet ICANN sees fit to continue the facade that it does not, even in the face of a report that highlights this inadequacy in its current structure. How many At Large Members will be at the panel sessions?

Despite earlier predictions that few would attend this week's meeting because of what many perceived as an amateur attempt at a security agenda, Lynn is predicting a huge turnout from the technical community and government organizations, including "An important government official from a foreign country"** who will give the welcome address. The name of this individual is obviously a security issue in itself. ICANN's website pre-registration indicates fewer participants than normal, so one has to wonder who these vast crowds will be and whether ICANN will be now able to accommodate all who turn up. Those who may fly several thousand miles only to be turned away at the door could find themselves in good company. ICANN's own Supporting Organization, the DNSO, with its General Assembly, Names Council and Constituencies, have all been restricted to meeting space in the main venue on the first day of the conference only, after which the party is across the road at The Best Western, where the Civil Liberties Groups, The dot.ORG lobbyists, and NAIS will all be open for business.

Will security now be the main focus of all ICANN meetings? Lynn thinks not, but expects it certainly to form a part of future agendas. Some would say that this is ICANN's last attempt to convince the government that it can create an industry that is self-enforcing, but realistically, ICANN has little hope of doing so when the only step that it can take against it Registrars is dis-accreditation, and it has no such provision for sanctions against its Registries. While ICANN has an obligation to police its contracts, nothing has been said to indicate that it wants the job, and now faced with a government willing to intervene in policing private operations, it's no wonder that Lynn would want to bolster the reputation of its Registries and Registrars.

In times of war, it's good PR for a leading industry figure to engage in a flag waving session and ICANN's CEO is in his element with the global rallying cry to attend to the security of the internet's critical infrastructure, but it will be a hollow victory if he cannot roll the War on Terrorism forward on every front of the Domain Name System, and in some areas of public interest, he seems to be failing.

Public interest in not served by ICANN securing the means by which terrorists can further their aims. If the financial services sector can be expected to root out accounts that are the source of terrorist funding, then equally the internet community can be expected to root out websites that facilitate the work of terrorists in other ways.

ICANN has been given the responsibility by the US Government to accredit Registrars and Registries. At the very least, it should be expressing deep concern that some of its main players could be selling domain names to individuals who are members of terrorist organizations, such as Hamas, or to registrants from countries where US trade embargoes are in force, such as Afghanistan. It is Lynn's position that ICANN has no role to play in such matters which are the responsibility of national governments. "ICANN is not a legal enforcing organization." No surprises there. Enforcement, accountability and socially responsible policy making are not ICANN's forte.

Trust ICANN if you must to secure the industry against catastrophic technical failure, but trust it to thwart terrorism at your peril. ICANN is waving its flag at half mast.


Editor's Notes:

* ICANN announced on November 8th, after the press conference, a Data Escrow Program. Neither Ms. Lane nor anyone else knew of the program because even though maillist committee activity was apparently completed last April, it was conducted in secret. No calls for participation, no open task force deliberations, typical of ICANN's "transparent, open, bottoms-up" processes.

** On November 9th ICANN CEO Stuart Lynn invited the 18-member DNSO Names Council to a reception for "keynote speaker ... Senior Vice-Minister Kosaka of Japan's Ministry for Public Management, Home Affairs, Posts and Telecommunications." Kosaka's name was added to the agenda on ICANN's website, but no general announcement was made. ICANNWatch weighed in on Kosaka's participation here.

Copyright © 1995 - 2007 ICB. Inc. All rights reserved. "ICB Toll Free News" is a trademark of ICB Inc. ICB Inc. assumes no responsibility for use or misuse of information contained herein and / or accessible via this site. ICB Inc. cannot and does not vouch for the accuracy and / or usability of any of the contained or linked-to information, and assumes no responsibility for any errors or omissions.