What’s going on between NTIA, ICANN and Verisign?

Yesterday the US Government announced an extension of the IANA functions contract for another year. The move formally recognizes what everyone knew already, which is that the IANA stewardship transition and accountability reforms will not be completed in time for the September 30, 2015 target that we were aiming for when the transition was set in motion back in March 2014. The 1-year extension was for a longer period than some of us anticipated, but the contract can be ended sooner if the parties agree.

The most interesting part of the announcement, however, was not the extension itself but the way the NTIA has finally started to come to grips with the role of Verisign and changes in the root zone management process. Along with the extension announcement, NTIA published a proposal “Root Zone Administrator Proposal Related to the IANA Functions Stewardship Transition.” As we noted in a blog post back in March 2014, it is really the Verisign Cooperative Agreement, not the IANA functions contract, that gives the US government authority over all root zone file changes. It is Verisign, not ICANN, that has operational control of the root zone, so if the Cooperative Agreement with Verisign doesn’t go away, neither does U.S. control of the DNS root.

The procedures for modifying the root zone are one of the most vitally important aspects of the transition from an operational and security standpoint. The Cross-Community Working Group (CWG) on the domain names part of the IANA stewardship transition took a stab at defining the basic outlines of the changes. Its so-called “Drafting Team F” report called for the elimination of an authorization role altogether and a formal study be undertaken post transition to investigate whether there is a need to increase the robustness of the operational arrangements for making changes to the Root Zone.

It is good that the NTIA has finally started providing more detail about what kind of changes are in store for us regarding Verisign’s role. It is not unreasonable for it to have waited to see what kind of a transition proposal was taking shape before starting to figure out how to modify the Cooperative Agreement. At the same time, the announcement raises eyebrows. As has happened so often in ICANN-related matters, some of the most important issues end up being negotiated quietly and secretly rather than developed through an open multi-stakeholder process. This announcement is another example of that. The proposal was prepared by ICANN and Verisign at NTIA’s request. The request was never made public and no one involved in the CWG (other than Verisign, of course) knew this was happening.

The actual proposal is not inconsistent with the DT-F proposal. The operational detail largely covers “the parallel operation period,” i.e., the overlap between the old system and the new, which DT-F identified as an issue. In the proposal, the legally separated Post-Transition IANA (PTI) will take on an authentication role. It will be conducting the validation of Root Zone Change Requests (“RZCRs”) by top level domain operators, presumably according to set validation rules (did it come from an authenticated source, does it comply with data formats, etc.).

That’s probably a very good idea. But the acceptance and implementation of this proposal depends on the mutual agreement of NTIA, ICANN and Verisign alone, so it doesn’t matter what you or I think. Indeed, the proposal says that

“It should be noted that nothing in this proposal is intended to preclude alternative RZA transition mechanisms being jointly proposed by ICANN, Verisign, and/or NTIA. In the event an alternative RZA mechanism is identified in advance of the IANA stewardship transition, it can replace the mechanism proposed in this document by mutual agreement of all parties.”

So it is NTIA, ICANN and Verisign that matter in this negotiation, not the rest of us.

Even though this proposal adds some information to what was a total vacuum before, there are still a lot of unanswered questions. An important detail left hanging is the nature of the contract between ICANN and Verisign. The proposal states:

“It is anticipated that performance of the RZM function would be conducted by Verisign under a new RZM agreement with ICANN once the RZM function obligations under the Cooperative Agreement are completed…”

Is ICANN the principal of this contract? If so, could it choose to make someone other than Verisign the RZM manager? If it can not choose another operator, what kind of an agreement, and with whom, prevents it from doing so? Does Verisign get paid for doing this? Answers to these questions are a vital aspect of the transition, but the involved global multi-stakeholder community seems to have no role in answering them.

The announcement also suggests that NTIA and Verisign will continue to have a Cooperative Agreement post-transition:

“The Cooperative Agreement between NTIA and Verisign will continue. Once the parallel testing for root zone management has proven capable of performance in the absence of the RZA / NTIA role and the IANA Stewardship transition implemented, NTIA and Verisign will amend the Cooperative Agreement as appropriate.”

The CA will be amended? Not ended? What exactly does that mean? Perhaps the perceived need for a continued Cooperative Agreement comes from the problem of liability for root zone changes. Verisign is effectively immunized from antitrust liability for root zone changes under the current arrangement, where the U.S. government acts as a shield against a private actor being in control of an essential facility. If the U.S. goes away entirely, that immunity might be lost. That may or may not be why the NTIA says the Cooperative Agreement “will continue”  – but we don’t know, and neither NTIA nor ICANN nor Verisign is enlightening us.

To conclude, the NTIA-ICANN-Verisign triumvirate seems inconsistent with the overall ethos of open, bottom up development of a transition plan. There are reasons why this is a sticky issue, of course. Still, the U.S. government and ICANN have to be very careful about how they handle this. If the “global multi-stakeholder community” invoked by the original transition announcement goes through an arduous process to replace the IANA functions contract only to learn that Verisign and NTIA still have a compact that gives the U.S. control of root zone changes, their credibility – and the credibility of the entire process model used to develop the transition – will be shot, and the ‘transition’ will have done more damage than good to globalizing Internet governance.


Comments are closed.