Just today the Number Resource Organization released a review report of the Address Supporting Organization (ASO). Few people noticed or cared. But this report, which is objective and thorough if a bit dull, starts to raise issues that are of great significance to the future of ICANN and Internet governance. More specifically, it raises some unfinished business from 1998: the status of IP address governance in the ICANN regime.
Here is a clue, doubtless overlooked by most, as to why this report is interesting: Article IV, Section 4 of the ICANN Bylaws (Accountability and Review) provides for regular reviews of ICANN supporting organizations (SOs). The ASO is one of these SOs. ICANN’s Structural Improvements Committee (SIC) is in charge of conducting these reviews.
But the ASO Review was commissioned by the Number Resource Organization (NRO), not by the Board’s SIC. Indeed, the NRO, for all practical purposes, is the ASO. In other words, the reviewed entity was fully in control of who did the review and what the review said. Section 8 of the ASO MoU states that “with reference to the provisions of Article IV, Section 4 of the ICANN Bylaws [the bylaw that provides for regular reviews of SOs], the NRO shall provide its own review mechanisms.” As the report itself says, “The RFP was drafted by the NRO, not the SIC; … The SIC did not create a Working Group for the ASO Review; and the ASO Review process was overseen by the NRO.”
There are other noteworthy differences:
What sets the ASO apart from the two other Supporting Organizations is that it is not an ‘organization’ as such within the ICANN structure, in the way that the ccNSO and the GNSO clearly are. Instead, ICANN Bylaws refer to the ASO as an ‘entity’, and it is presented as a set of functions to be fulfilled by the NRO, an organization associated with ICANN without being a fully-fledged part of it. Other differences include the fact that the ASO is not specifically required to coordinate with the other bodies that make up the ICANN system whereas the ccNSO and ALAC are explicitly called to do so by ICANN Bylaws.
And here is another intriguing instance of the exceptional status of the ASO noted in the report (p. 17):
Whereas the ASO is described as an entity which “shall advise the Board” on policy issues regarding IP addresses, the ccNSO and the GNSO are respectively described as “policy development bodies”, which “shall be responsible for developing and recommending” policies to the Board.
Interesting yet? Further, the report notes that “The [ICANN] Bylaws do not specify the organizational structure of the ASO, whereas the ccNSO and the GNSO’s organizational structures, including their governance structures are described in full.” (This is probably good, see below)
So when the review report asks: Are there regular and suitable communication and collaboration mechanisms in place between the ASO and other ICANN Supporting Organizations and Advisory Committees? The answer (p. 9):
Reviewers’ overall conclusion is that there are currently no mechanisms in place to ensure regular and productive interaction between the Address Council and the other SOs and ACs.
Yet another interesting, and highly significant, aspect of ASO “exceptionalism.” All the other SO Councils have representatives placed there by the ICANN Nominating Committee. But in this case…”The Bylaws do not specify that a number of councilors on the Address Council shall be selected by the NomCom…” Why not? According to the report “as the NRO Numbers Council which becomes the ASO Address Council with the ASO MoU, is an NRO body, it would have been difficult to concede that some of their members would be selected by ICANN’s Nominating Committee.” In other words, the NRO maintains that it is a separate governance entity and it is not appropriate to have an “outsider” organization like ICANN appoint members to its Council.
So what is going on here? The IP address governance regime seems to be almost completely independent of the ICANN/IANA structure that was set up to provide global governance of Internet identifiers.
To make sense of this situation, and to determine how to move forward, one must first be aware of the history behind the RIRs, ICANN and the NRO. The people in charge of IP address governance have always held the ICANN structure at arms length. The three major RIRs (APNIC, ARIN and RIPE-NNN) predate ICANN as an organization. As is often the case, possession is 9/10th of the law, and because the
RIRs actually had ongoing control of address resources ICANN was not in a position to assert any hierarchical regulatory authority over them. The relationship between ICANN and the RIRs was a negotiated one, just as the relationship between ICANN and the ccTLDs turned out to be.
Moreover, it wasn’t clear whether ICANN was going to succeed or fail. Indeed around 2000, as ICANN reached the nadir of its existence under former CEO Stuart Lynn, there seemed to be a real risk that it would fail. That was when the address registries formed a separate organization, the NRO. The NRO is basically a trade organization of address registries. It is the OPEC of the IP address space, a group of private suppliers that holds exclusive control of an important resource. The NRO provided the RIRs with an incorporated entity that would allow them to coordinate address management among themselves and to interface with ICANN in a way that would not collapse if ICANN itself failed. As a result, the NRO’s relationship to ICANN is relatively loose and informal.
Lest one think my characterization of this is tendentious, the NRO report, to its credit, explicitly confirms that point (p. 19):
The formation of the NRO by the RIRs came about as a result of the need to address the following challenges:
• It was clear that the RIRs needed a contingency solution in case of failure of the ICANN system;
• The RIRs needed to act collectively in the framework of the WSIS, where the management of the Internet’s critical resources was increasingly becoming one of the main issues; and
• The RIRs also needed to act collectively in relation to the amendment of the first ASO MoU, as a result of the Evolution and Reform being adopted by ICANN at the time.
The MoU between ICANN and the NRO thus assigns a narrowly-defined and passive role to the ASO. As the report notes, “This is limited to verifying that global policy proposals have been adopted across all RIR regions, checking that the PDP in each RIR has been duly followed and, if so, to forward this global policy proposal to the ICANN Board for ratification. A global policy is defined as a policy that needs action by IANA to be implemented…”
Here is the big question. While the NRO/ASO/RIR governance structure is clearly anomalous, we have to be careful what is done to “fix” that. In particular, fully incorporating IP address governance into the centralized and hierarchical ICANN regime could create more problems than it solves. Look at the difference between ccTLDs, which are relatively autonomous players in the ICANN regime, and gTLDs, which are completely subordinate to its contractual governance model. Whereas ccTLDs can enact diverse policies, the gTLD regime is incredibly politicized, over-regulated, bureaucratized and slow. GAC and law enforcement agencies are able to exert illegitimate kinds of pressures on the board to circumvent the bottom up policy process, precisely because the regime is so centralized. Do we really want to bring ip address management into that?
On the other hand, the NRO/ASO regime is little more than an RIR club. It is unclear whether this club has the capacity to make the kind of sweeping policy changes that may be needed in the future, because such changes would threaten the cartel-like control of the RIRs over the address space and introduce new forms of competition. It is also unclear whether the regional model is able to make global policies at all, when globalization is in the public interest but not in the sectional or organizational interest of individual RIRs. The need for further globalization of address policy becomes evident as two things happen: 1) IPv4 depletes, leading to a globalized market in which policies regarding transfers of address blocks need to be harmonized and address block Whois needs to become integrated; and 2) the gigantic IPv6 address space gains traction, creating a situation in which there is no longer any rationale whatsoever for regional policy making regarding addresses. The inability of the ASO/RIR regime to make systematic, globally applicable reforms in the governance of address resources could ultimately lead to the intervention of the US government.
So that boring report is a good harbinger of things to come.