Taking a Hard Look at the “Affirmation”



The new agreement involving the U.S. Commerce Department and ICANN really does constitute a new phase in ICANN’s existence. It is a step away from unilateral U.S. oversight, and that is a good thing. (Of course, the IANA contract, which still gives the U.S. a unilateral, life-or-death power over ICANN’s authority over the DNS root zone file, is unchanged by this.)

The Obama administration NTIA is to be commended for making changes that attempt to address longstanding issues regarding unilateral U.S. oversight of ICANN. They also get an A for effort, as they consulted broadly with other governments and big business (though not so much with civil society). Whatever its flaws may be (see below), the AoC is better than its predecessor. The prior instrument, an ICANN-Commerce Department MoU, failed to make ICANN more accountable, subjected its policy making process to parochial U.S. lobbying, and was insufficiently internationalized to be anything but a provocation to the Internet community outside the U.S.

While acknowledging this effort to move forward, we believe that there are serious design flaws in the approach taken. More fundamentally, we are surprised by the approach to accountability that seems to underlie the AoC. What ICANN needs, and has always needed, is to adhere to basic liberal-democratic norms about rule by law, not rule by men. As we have stated time and again, ICANN’s accountability problems derive not from a lack of “oversight” by specific people or stakeholders, but from a lack of membership and globally applicable rules that define the parameters within which ICANN must operate – and from the lack of procedural mechanisms to enforce such constraints. Any oversight panel must have specific, well-defined laws, rules or principles to use as a standard against which to judge ICANN’s performance. Those rules must be known to all participants and relied upon by all as the basic rules of the game. If those rules don’t exist (and they still don’t), a “review panel” can become just another layer of politics and second-guessing superimposed upon an already messy and diffuse process.

With that preamble in mind, let’s review the substance of the Affirmation. The AoC establishes three-year review cycles in four areas of concern: 1) accountability-transparency-public interest; 2) security-stability-resiliency; 3) competition-consumer trust-consumer choice; and 4) Whois (which is grouped under the consumer trust heading but has its own review process). These reviews are conducted by panels appointed by agreement of the Chair of ICANN’s Governmental Advisory Committee (GAC) and the ICANN Board Chair or President. The review teams develop nonbinding recommendations, and the Board must act on these recommendations within 6 months. Each review panel must include the Chair of the Governmental Advisory Committee, the ICANN Board chair or President, and representatives of ICANN’s Supporting Organizations and Advisory Committees. They can also include a sprinkling of independent experts.

Note well: the concept of “freedom of expression” is not included as a relevant concern in any of these Commitments. Sadly, the Commerce Department has maintained its longstanding indifference to basic civil liberties concerns, and we fault the new AoC on this basis.

At any rate, these review panels are selected by two people at the top of the decision making chain in ICANN. The appointment of these panels is (thank God) subject to a public comment process. But aside from that the panels are selected by the very people who are responsible for what ICANN does; moreover, the people selected as reviewers will be representative of ICANN’s existing policy making organs. In other words, the people who are being reviewed select the reviewers, from among the ICANN subunits already responsible for making policies. And because of that, any review panel is likely to reproduce the politics of ICANN at any given moment. It might have been better to work within the UN Internet Governance Forum to conduct this kind of a soft review, as we suggested last year.

If the selection process was neutral and impartial, and if the review process was confined to issues of Accountability, Transparency and the Public Interest, this would not be so bad. The ICANN bylaws and basic norms of good governance provide applicable criteria to be applied in the review. Indeed, it is good to see the AoC charge the Accountability review panel with “an ongoing evaluation of Board performance, the Board selection process, the extent to which Board composition meets ICANN's present and future needs, and the consideration of an appeal mechanism for Board decisions.” We like the idea of “assessing the role and effectiveness of the GAC,” and, given the ICANN staff’s propensity to become partisans in policy debates and to ignore public comment it does not like, it is nice that the Accountability review panel is charged to ensure that ICANN provides “adequate explanation of decisions taken and the rationale thereof.”

But the other three areas constitute policy domains. That is, they pertain to ICANN’s outputs rather than its process. It is not clear what function these “reviews” of policy outputs serve. Are they intended to allow review panels to second-guess the policies made by ICANN? Or are they intended to make judgments about the process followed in the making of its policies? Or are they intended to assess the degree to which ICANN’s policies serve the specified objectives? Whatever the intent, we see a real danger that these top-down review panels could become substitutes or short-circuits for the bottom-up policy making process that is supposed to be conducted by the Supporting Organizations. And since the reviews are all conducted by ICANN insiders, it is not clear what new perspectives will be added or what real checks and balances will be put into place by such a process.

Another problem here is that the AoC attempts to hardwire into ICANN’s future a narrow policy favored by the U.S. government and a few special interest groups. The fourth area of review, Whois, simply doesn’t belong in this document. Its presence constitutes an embarrassingly obvious concession to trademark lobbyists. Most people can agree that security, stability and resiliency constitute important objectives that policies should uphold. Likewise for competition, consumer trust and consumer choice. But Whois is, at best, a means to either of those ends; it is a specific policy approach to handling identification and user directories which may or may not be the best way to achieve those basic policy objectives and which may or may not be compatible with other objectives such as privacy and free expression. The idea that one of ICANN’s basic governing documents instructs it to “include[e] registrant, technical, billing, and administrative contact information” is a disappointing reminder of the lobbying game that underpins U.S. involvement. Which leads to the interesting question of how the Affirmation itself might be amended or changed…

However, to look on the optimistic side, the Affirmation can be considered a set of guidelines that leaves practical implementation to the community of participants in ICANN. During the implementation process, it should be possible for some of the concerns we have expressed above to be addressed, and perhaps improved. We look forward to further discussion of this at the upcoming Seoul meeting.

22 comments

  1. Anonymous

    The only thing ICAN has to actually do now is make new tlds. It would be interesting to construct a “before” and “after” flowchart diagram that shows the approvals that need to be obrained before two lines of code can be added to the legacy root. Tony R used to make things like this, maybe somebody else can step up to the post.

  2. Anonymous

    I've been waiting to read a good critical analysis of the affirmation after the general good feeling of the JPA ending.
    Unfortunately this isn't it.
    The Affirmation is a vote of confidence in an open model of decision-making. Part of that confidence is that you don't need to go to outside groups or individuals to figure out the way forward for the organization.
    Those that wish to review ICANN are encouraged to get involved in ICANN – that's the whole point – that's the model that ICANN represents under this Affirmation.
    This insiders world is one that existed in part because of the JPA. It is a part of the old ICANN, part of the system that will be left behind as ICANN matures and progresses. You'll be left behind too if don't grasp that.
    In that sense, this analysis is rushed: it doesn't consider the inevitable changes that the affirmation will cause.
    Certainly there is plenty of work to be done in planning how to do the reviews, but if you look at who will be on the panel, it is representatives from across the model. The whole process is a self-strengthening exercise.
    There is no single body or group so insightful, so brilliant, so authoritative that they can grasp what makes this model work – and be in a position to tell everyone else what to do. So why argue that the lack of inclusion of a non-existent group is a weakness?
    Like the Internet itself, ICANN's strength is drawn from there not being someone in charge, from there not being a single authoritative voice. The less control each individual has, the stronger the model becomes.
    That realization was what was memorialized in the Affirmation of Commitments today.
    Kieren McCarthy
    General manager of public participation, ICANN

  3. Anonymous

    Milton, I agee completely with your insight that “the other three areas constitute policy domains. That is, they pertain to ICANN’s outputs rather than its process. It is not clear what function these “reviews” of policy outputs serve. Are they intended to allow review panels to second-guess the policies made by ICANN? Or are they intended to make judgments about the process followed in the making of its policies?”
    This is symptomatic of a longstanding, chronic problem: ICANN has never shown any ability or willingness to distinguish substantive from procedural issues or complaints. The erroneous assumption implicit in ICANN's pattern of action has been that a that a good-faith belief by ICANN staff or other insider decision-makers in the merits of the *outcome* is sufficient to justify any defects in the *process* by which that outcome was or is reached.
    No progress will be made on this as long as ICANN continues to munge substantive reconsideration of the merits wof decisions with due process and review of compliance with procedural rules.
    The AoC completely fails to address this need.

  4. Anonymous

    The AoC completely fails to address the need for due process and review of compliance with procedural rules?
    I hope not completely, and I read section 7 of the AoC as a starting point for due processes.

  5. Anonymous

    What the AoC completely fails to address is the need to *separate* the issues and reviews of (1) the substance and wisdom of ICANN's decisions and (2) the procedures by which those decisions are made.
    Section 7 of the AoC mixes together review of “ICANN's progress against ICANN's bylaws, responsibilities, and strategic and operating plans”. The Bylaws define procedures; the strategic plan defines substantive goals. These should be reviewed separately by separate entities.
    Combining these reviews steers the reviewers toward legitimizing any procedural failures on the grounds of their approval of the substantive results, and giving an overall “grade” to the combination of substance and procedure. This is the same thing ICANN has been doing for years in response to critics of its procedures.
    In a democracy, no amount of faith in the rightness of the results justifies an unfair process. By claiming that it needs to bypass due process in order to get what it (or staff or some insiders) think is the right result, ICANN shows an elitist and/or authoritarian contempt for democracy.

  6. Anonymous

    The need the AoC fails to address is the need to *separate* oversight of (1) the substantive outcomes and (2) the procedures of decision-making.
    Section 7 of the AoC contemplates a single “annual report that sets out ICANN's progress against ICANN's bylaws, responsibilities, and strategic and operating plans.” The same report, and its preparers, would evaluate both the substance of ICANN decisions (strategic and operating plans) and procedural due process (bylaws).
    Having these reviewed by the same entity in the same report steers the outcome of the review toward an overall judgment that munges substantive and procedural concerns (at best), and trades off violations of due process in some sort of balancing or weighing against desires substantive outcomes (at worst).
    It's the same problem as in the proposed new independent review Bylaws, which would munge together substantive and procedural bases for review. The result would be to blur the distinction between a recommendation by an independent review panel based on disagreement with ICANN's judgment on a substantive or factual question, and a recommendation based on a finding that ICANN had violated its procedural rules for transparency, due process, etc.
    In a democracy, getting the result you want doesn't justify failure to play fair and follow the ground rules.
    By using, “But we got a good substantive result” as their answer to criticisms that, “You didn't follow the decision-making rules you've set for yourselves,” ICANN revaels an essentially arrogant and elitist (or, worse, authoritarian) concept of governance.

  7. Anonymous

    Milton,
    I agree that this a positive step forward but I must disagree that it is flawed, bearing in mind the constraints of ICANN, the DoC, and the US government more generally. Relinquishing ultimate authority or a first among equals position was and under present conditions is not an option for the US government. It would violate over fifty years of precedent going back to the Nixon administration on the relationship between ICTs and national security. The new agreement is an incremental step in which the US cedes control over areas which are not critical to it's national security interests.

  8. Anonymous

    OK, you picked a single element of section 7 while there are six (actually I wanted to exclude the one you picked, but I assumed you would comment on the impact of the other five).
    Here is section 7 in point form:
    A- transparent and accountable budgeting processes
    B- fact-based policy development
    C- cross-community deliberations
    D- responsive consultation procedures
    Note: A-B-C-D to provide detailed explanations of the basis for decisions, including how comments have influenced the development of policy consideration
    E- an annual report that sets out ICANN's progress against ICANN's bylaws, responsibilities, and strategic and operating plans
    F- a thorough and reasoned explanation of decisions taken, the rationale thereof and the sources of data and information on which ICANN relied
    My hope for ICANN management improvements is that the review teams in clause 9 will review the decision making process according to A-B-C-D-F separately from the substantive outcome. As far as I can tell, in a state of law, when an appeal body reviews a decision, it reviews jurisdiction, decision-making process, rules compliance, analysis, and (usually to a lesser extent) factual evidence collection. Section 7 A-B-C-D-F gives the review teams a starting point for decision-making process review. They would err if they don't use it.
    I am the only one who reads it that way?
    The community, stakeholders, and interested parties may use the section 7 as the ICANN processes charter clause, plead it to the greatest extent, and give no excuse for ICANN to remain as incompetent wrt decision-making as it has been so far.
    With due respect for other opinions, notably I claim no special expertise in governance.

  9. Anonymous

    Kieren,
    Of course this analysis is “rushed,” it came out the same day as the announcement. But it's better than yours!
    As I noted, this is a big step away from U.S. unilateral oversight and the Obama admin really deserves credit for taking that step, and Beckstrom and PDT get credit for negotiating it.
    Kieren, I hope you would see this as more than a PR exercise in which you are paid to defend in a the “ICANN position” and to throw up flak against anyone who seems to make even the most deliberative and careful critical analysis. This is a matter of institution-building, law and political science, not PR games.
    It is really odd that you accuse me of calling for a “single authoritative group that can tell everyone else what to do.” That is precisely the opposite of our approach, and there is more of that approach in the current arrangement (Chair of the GAC and ICANN are given centralized power to choose reviewers). I, and I think everyone at IGP, is looking for rule by law, not by men. That phrase is right in the article. I honestly don't know what you're talking about when you talk about “the lack of inclusion of a non-existent group.” Possibly you are arguing against some preconceived idea about governmental oversight that was not advanced in this piece. The point is not WHO is on the panel, the point is WHAT rules and criteria are applied. Hope that distinction is now clear to you.
    I also note that you don't seem to “get” our concerns about second-guessing or reversing the bottom up process. Since ICANN has a long history of doing that (remember the IRT?) one must greet the addition of a new layer of review by essentially the same people with some concern.

  10. Anonymous

    Ed, you have elaborated the point even better. I agree with Thierry that the AoC contains some very good language about procedural accountability but you and I are correct to emphasize that given the overall fabric of the AoC it will be all too easy for substantive outputs to become mixed up with procedural/accountability review

  11. Anonymous

    My intent is to debate the actual ideas and arguments so please do your best to refrain from personal insinuation.
    So:
    Since the wording of the Affirmation makes clear that there will have to be representatives of the different advisory committees and supporting organizations, the matter is not one of group structure but of who gets to pick the panelists.
    Under the Affirmation, that is the CEO of ICANN, sometimes the Chairman of ICANN, and the Chair of the Governmental Advisory Committee.
    I think those are good choices. If you had more people involved, you would have an entire political process in choosing the people who choose the people.
    What's more, the more political a selection process becomes, the more politicized the reviews become and the process becomes. That is not in anyone's interests.
    So the safeguard in the process is that the panelists will be put out to public review – that way it is possible for the community to indicate concern with any choices.
    Now this strikes me as a pretty elegant, pragmatic solution to getting review teams in place.
    What I took away from your analysis was that you didn't feel that way – that the review needed external advisers to put people in place. My response was intended to ask: well, who exactly?
    Are you against it being the CEO, Chairman and GAC chair who make panelist decisions – and then put them out for review?
    If so – who else is better qualified?
    My feeling is that one just has to accept that organizationally, it is the Chairman and CEO who get to decide these matters – that's why they are the Chairman and the CEO. As for the GAC chair -I think that's a good choice.
    The disadvantage of governments being less responsive and more conservative than other groups is that groups of governments are also much more stable and come with a greater degree of authority.
    Let's not forget, this is just the choosing of panellists here. A process of important guidance, but not the work itself.
    I think it's a good, workable and stable system. That's why I don't subscribe to your analysis: I don't see – nor do you propose – a better alternative.
    Again, please refrain from personal insinuation or attack if you choose to respond or I'll discuss these important matters with others elsewhere.
    Kieren McCarthy

  12. Anonymous

    “ICANN's strength is drawn from there not being someone in charge”
    Many suspected that to be the case. Thanks for
    putting it in writing.
    It must be a great place to draw a check from.
    Who signs the checks ?

  13. Anonymous

    Dear Kieren,
    It's really becoming annoying to read your reactions to every single comment that may express a different view or opinion. As you may know ICANN is not a perfect organization and there is a lot of work to do and we need the different views to facilitate the dialog and make the organization better and stronger.
    To be totally frank and honest, your constant attitude being the person in charge of public participation does not encourage or invite people to participate, and being a paid ICANN employee it feels offensive to people that do not have any interest beyond contributing to make Internet and ICANN better, perhaps you are not the right guy for the job.
    Never forget where the money to pay for your salary comes from.
    Respectfully
    Jorge

  14. Anonymous

    “It's really becoming annoying”
    It has been annoying for a very long time. Since
    ICANN continues to employ Kieren, as well as
    annoyances, one has to conclude: that is part of
    their “strategy”.
    IF the U.S. Government had been able convince
    ICANN to become absorbed into the next big
    thing being built in America, ICANN would have
    had to clean house. That is not happening.
    Instead, the U.S. Government has (wisely) decided
    to distance itself from The Hot Rod's next big
    thing. Some people will be attracted to that just
    like the ITU and some of the people they employ.
    Others, mostly Americans, will now attempt to
    avoid ICANN at all cost. If necessary, people will
    be deported and put on no-fly lists. New firewall
    technology will be rolled out and Americans will
    be advised how to protect themselves.

  15. Anonymous

    I sense a thoughtful response to this a few days ago – but it hasn't turned up.
    With respect to the various responses to my post – they have mostly been about me and not about the points I made. Which is a shame and of little real value to an important issue.
    Broadly my earlier response pointed out that having the CEO, Chairman and GAC chair pick panellists and then put them out for public review was actually a pretty good system.
    Certainly better than alternatives – which, tellingly, people haven't provided.
    Kieren

  16. Anonymous

    Fascinating talk you all. I'm glad people are so passionate about the technical aspects of organizing the web. However, I can't help put think that all this effort is just fighting the inevitability of the web just self organizing itself. When the complexity of the web necessitated DNS, it emerged. When TLDs made sense, ICANN emerged. Now that Google is entering the DNS business and China has enough people to have their own, personal Internet, something new will emerge. Not a perfect solution or even a good one, but a new one.
    Anyway, a long but good read.

  17. Anonymous

    All of this is ultimately irrelevant to the real future of the internet.

  18. Anonymous

    ICANN is already an irrelevant Museum Piece.
    ICANN is fabricating Theater such as DNSSEC Key Ceremonies. Fools think it matters.

  19. Anonymous

    ICANN is already an irrelevant Museum Piece.
    ICANN is fabricating Theater such as DNSSEC Key Ceremonies. Fools think it matters.

  20. Anonymous

    What worries me is the recent report about the internet being out of IP addresses next year.