The “exceptional” status of IP address governance

Just today the Number Resource Organization released a review report of the Address Supporting Organization (ASO). Few people noticed or cared. But this report, which is objective and thorough if a bit dull, starts to raise issues that are of great significance to the future of ICANN and Internet governance. More specifically, it raises some unfinished business from 1998: the status of IP address governance in the ICANN regime.

Here is a clue, doubtless overlooked by most, as to why this report is interesting: Article IV, Section 4 of the ICANN Bylaws (Accountability and Review) provides for regular reviews of ICANN supporting organizations (SOs). The ASO is one of these SOs. ICANN’s Structural Improvements Committee (SIC) is in charge of conducting these reviews.

But the ASO Review was commissioned by the Number Resource Organization (NRO), not by the Board’s SIC. Indeed, the NRO, for all practical purposes, is the ASO. In other words, the reviewed entity was fully in control of who did the review and what the review said. Section 8 of the ASO MoU states that “with reference to the provisions of Article IV, Section 4 of the ICANN Bylaws [the bylaw that provides for regular reviews of SOs], the NRO shall provide its own review mechanisms.”  As the report itself says, “The RFP was drafted by the NRO, not the SIC; … The SIC did not create a Working Group for the ASO Review; and the ASO Review process was overseen by the NRO.”

There are other noteworthy differences:

What sets the ASO apart from the two other Supporting Organizations is that it is not an ‘organization’ as such within the ICANN structure, in the way that the ccNSO and the GNSO clearly are. Instead, ICANN Bylaws refer to the ASO as an ‘entity’, and it is presented as a set of functions to be fulfilled by the NRO, an organization associated with ICANN without being a fully-fledged part of it. Other differences include the fact that the ASO is not specifically required to coordinate with the other bodies that make up the ICANN system whereas the ccNSO and ALAC are explicitly called to do so by ICANN Bylaws.

And here is another intriguing instance of the exceptional status of the ASO noted in the report (p. 17):

Whereas the ASO is described as an entity which “shall advise the Board” on policy issues regarding IP addresses, the ccNSO and the GNSO are respectively described as “policy development bodies”, which “shall be responsible for developing and recommending” policies to the Board.

Interesting yet? Further, the report notes that “The [ICANN] Bylaws do not specify the organizational structure of the ASO, whereas the ccNSO and the GNSO’s organizational structures, including their governance structures are described in full.” (This is probably good, see below)

So when the review report asks: Are there regular and suitable communication and collaboration mechanisms in place between the ASO and other ICANN Supporting Organizations and Advisory Committees? The answer (p. 9):

Reviewers’ overall conclusion is that there are currently no mechanisms in place to ensure regular and productive interaction between the Address Council and the other SOs and ACs.

Yet another interesting, and highly significant, aspect of ASO “exceptionalism.” All the other SO Councils have representatives placed there by the ICANN Nominating Committee. But in this case…”The Bylaws do not specify that a number of councilors on the Address Council shall be selected by the NomCom…” Why not? According to the report “as the NRO Numbers Council which becomes the ASO Address Council with the ASO MoU, is an NRO body, it would have been difficult to concede that some of their members would be selected by ICANN’s Nominating Committee.” In other words, the NRO maintains that it is a separate governance entity and it is not appropriate to have an “outsider” organization like ICANN appoint members to its Council.

So what is going on here? The IP address governance regime seems to be almost completely independent of the ICANN/IANA structure that was set up to provide global governance of Internet identifiers.

To make sense of this situation, and to determine how to move forward, one must first be aware of the history behind the RIRs, ICANN and the NRO.  The people in charge of IP address governance have always held the ICANN structure at arms length. The three major RIRs (APNIC, ARIN and RIPE-NNN) predate ICANN as an organization. As is often the case, possession is 9/10th of the law, and because the

RIRs actually had ongoing control of address resources ICANN was not in a position to assert any hierarchical regulatory authority over them. The relationship between ICANN and the RIRs was a negotiated one, just as the relationship between ICANN and the ccTLDs turned out to be.

Moreover, it wasn’t clear whether ICANN was going to succeed or fail. Indeed around 2000, as ICANN reached the nadir of its existence under former CEO Stuart Lynn, there seemed to be a real risk that it would fail. That was when the address registries formed a separate organization, the NRO. The NRO is basically a trade organization of address registries. It is the OPEC of the IP address space, a group of private suppliers that holds exclusive control of an important resource. The NRO provided the RIRs with an incorporated entity that would allow them to coordinate address management among themselves and to interface with ICANN in a way that would not collapse if ICANN itself failed. As a result, the NRO’s relationship to ICANN is relatively loose and informal.

Lest one think my characterization of this is tendentious, the NRO report, to its credit, explicitly confirms that point (p. 19):

The formation of the NRO by the RIRs came about as a result of the need to address the following challenges:
• It was clear that the RIRs needed a contingency solution in case of failure of the ICANN system;
• The RIRs needed to act collectively in the framework of the WSIS, where the management of the Internet’s critical resources was increasingly becoming one of the main issues; and
• The RIRs also needed to act collectively in relation to the amendment of the first ASO MoU, as a result of the Evolution and Reform being adopted by ICANN at the time.

The MoU between ICANN and the NRO thus assigns a narrowly-defined and passive role to the ASO. As the report notes, “This is limited to verifying that global policy proposals have been adopted across all RIR regions, checking that the PDP in each RIR has been duly followed and, if so, to forward this global policy proposal to the ICANN Board for ratification. A global policy is defined as a policy that needs action by IANA to be implemented…”

Here is the big question. While the NRO/ASO/RIR governance structure is clearly anomalous, we have to be careful what is done to “fix” that. In particular, fully incorporating IP address governance into the centralized and hierarchical ICANN regime could create more problems than it solves. Look at the difference between ccTLDs, which are relatively autonomous players in the ICANN regime, and gTLDs, which are completely subordinate to its contractual governance model. Whereas ccTLDs can enact diverse policies, the gTLD regime is incredibly politicized, over-regulated, bureaucratized and slow. GAC and law enforcement agencies are able to exert illegitimate kinds of pressures on the board to circumvent the bottom up policy process, precisely because the regime is so centralized. Do we really want to bring ip address management into that?

On the other hand, the NRO/ASO regime is little more than an RIR club. It is unclear whether this club has the capacity to make the kind of sweeping policy changes that may be needed in the future, because such changes would threaten the cartel-like control of the RIRs over the address space and introduce new forms of competition. It is also unclear whether the regional model is able to make global policies at all, when globalization is in the public interest but not in the sectional or organizational interest of individual RIRs. The need for further globalization of address policy becomes evident as two things happen: 1) IPv4 depletes, leading to a globalized market in which policies regarding transfers of address blocks need to be harmonized and address block Whois needs to become integrated; and 2) the gigantic IPv6 address space gains traction, creating a situation in which there is no longer any rationale whatsoever for regional policy making regarding addresses.  The inability of the ASO/RIR regime to make systematic, globally applicable reforms in the governance of address resources could ultimately lead to the intervention of the US government.

So that boring report is a good harbinger of things to come.


2 comments

  1. John Curran

    Milton –

    An solid assessment of the situation, and I would concur on many aspects of your article except for two significant points of departure:

    1) The use of the term “anomalous” for describing the ASO structure would imply that the ASO is deviating from the expected norm in terms of its structure. That's actually quite amusing, as the ASO is actually structured as a Supporting Organization in conformance with ICANN's original design goals, and serves as the reference model for how ICANN's technical coordination was to operate.

    Per the White Paper, the goal was to have “separate, diverse, and robust name and number councils responsible for developing, reviewing, and recommending for the board's approval policy related to matters within each

    council's competence. Such councils, if developed, should also abide by rules and decision-making processes that are sound, transparent, protect against capture by a self-interested party and provide an open process for the presentation of petitions for consideration.”

    Note the absence of the word “constituency” in the above. Further note also these councils were envisioned to produce fully developed policy to the ICANN Board for approval, i.e. the Board's primary role was oversight; to make sure that coordination happened among its supporting organizations and that any policy was developed by sound and transparent means. This makes for a nice small ICANN, with a fairly boring job of insuring coordination between the Name and Number supporting organizations and approving the occasional consensus policy that emerged from those bodies.

    Alas, we completely departed from original blueprint, when in Singapore the ICANN Board decided that rather than select among initial DNSO proposals received from the community (and as called for in its Bylaws), that the Board would instead specify the structure of new DNSO based on staff input, and then simply modify the Bylaws to make this possible (reference

    http://www.icann.org/en/meetings/singapore/singapore-statement.htm, and http://www.icann.org/en/minutes/minutes-04mar99.htm) for details.)

    The result: instead of having singular DNS Support Organization which would have had to first achieve internal consensus in order to recommend policies to the Board, we have an abundance of constituencies all directly vying for the Board's attention to their particular needs. As you note in the article, the very concept of having “constituencies” implies people aligned behind particular positions, as opposed to the White Paper's model of a standards setting body whereby individuals and entities are equally “able to participate by expressing a position and its basis, and having that position considered.”

    People ask me: Why is the Address Support Organization (ASO) so quiet compared to mechanisms for setting DNS policies? Where is all of the policy development happening? My answer is always the same: the ASO is operating according the original ICANN model as specified by the White Paper and ICANN's bylaws; policy development happens continuously throughout the year in geographically diverse locations with onsite & remote participation and via open & transparent processes, and it is only the consensus result of this process that the ASO brings forth to the ICANN Board for its consideration. We coordinate with the technical folks in the IETF when we or they have need, and while it is painful at times that we must have complete alignment in order to advance policy, you'd be amazed what is does for encouraging actual listening to others and really considering their views.

    2) The second issue your article is regarding “the inability of the ASO/RIR regime to make systematic, globally applicable reforms in the governance of address resources”, and I will note again (as I have on several occasions in this forum) that ARIN is on record welcoming “any and all discussions regarding how to best evolve the Internet number registry system, and would consider ICANN instrumental in leading such discussions in forums globally as appropriate.” I do believe that the RIR processes would provide for fair and equitable consideration of any proposed changes to the Internet number registry system, but also recognize that discussion in other forums may be preferable to some, and ARIN is willing to participate in such discussions in any applicable forum.

    Despite these differences in views, I would like to thank you for noting the ASO Review Report, and encouraging thoughtful discussion of it.

    Best wishes,

    /John

    John Curran

    President and CEO

    ARIN

  2. Milton Mueller

    John,

    Thanks for your response. I frankly agree that it would be highly undesirable for the current ICANN to attempt to dictate the structure of the ASO in the way that it micromanages the structure and processes of the GNSO. (That does not, however, mean that it won't happen.)

    You are also historically correct that the original plan of ICANN as developed by Postel and his lawyer envisioned the ASO and PSO as more like the current ASO than the existing GNSO, although due to the controversies swirling around domain names at the time their plan for the GNSO was much more detailed.

    However, we do disagree on the second point, in fact one of the main points i was trying to make is that insofar as there is a political demand for reform of IP address governance that goes beyond the traditional RIR communities, the ASO will be unable to meet it. This could easily lead to intervention via the Commerce Department & US Congress via the IANA contract.

    Another issue with the article has been brought to my attention in a private email from someone else: I state that “The NRO provided the RIRs with an incorporated entity…..” This seems to be inaccurate, as the NRO is not, as far as I can tell, incorporated. It has no legal status, to be found in any given country, to be sued or investigated. It does not seem to be a legally recognized entity under any jurisdiction, including ICANN’s.