Will the supplementary rules for ICANN’s Independent Review Process become the first big FAIL in the Accountability Reforms? ICANN’s response to a critical public comment period, which ends in two weeks, will provide the answer to that question.
Revising ICANN’s mission statement and improving its Independent Review Process (IRP) were key parts of the ICANN Accountability reforms. The new mission statement was intended to keep ICANN’s powers narrowly confined to domain name coordination policies. The IRP was intended to provide the equivalent of a constitutional court with binding decision making authority to adjudicate claims that ICANN was straying beyond those boundaries.
Section 1.1(a) of ICANN’s new bylaws defines the mission. Section 1.1(b) states simply: “ICANN shall not act outside its mission.” Section 1.1(c) was added to the mission statement at the insistence of free speech advocates, to further strengthen the limitations. It says:
ICANN shall not regulate (i.e., impose rules and restrictions on) services that use the Internet’s unique identifiers or the content that such services carry or provide, outside the express scope of Section 1.1(a).
This “ICANN First Amendment” provides one of the most important safeguards against any attempt to turn the DNS coordinator into a global Internet regulator by leveraging its exclusive control of the domain name root. Domain name regulations can only be used to make policies “to facilitate the openness, interoperability, resilience, security and/or stability of the DNS,” and only when “uniform or coordinated resolution is reasonably necessary” to advance those goals.
But that important check on abuse of ICANN’s power is threatened by the proposed supplementary rules that have been released by the Implementation Oversight Team. Those rules say that a user has a very limited time to challenge an ICANN policy as violating the mission. The challenge must be made within 45 days of the time the person becomes aware of the harm it has caused her but — far more important — after one year from its passage, a decision or policy becomes completely exempt from any IRP challenge. So if ICANN uses a policy to regulate content or or otherwise violate core principles in the bylaws a year after the policy is passed, nothing can be done about it! The proposed supplementary rules time-limit IRP challenges to a maximum of one year after ICANN’s action, thereby immunizing it from any subsequent challenges. This is an extraordinary loophole.
These time limits make sense when one is dealing with commercial contractual disputes, such as disputes between ICANN and a new top level domain applicant or a registrar. Those disputes pertain to specific decisions of ICANN, not to its overall mission and not to consensus policies that might violate the mission or core commitments. Clearly, we don’t want commercial actors to be able to hold ICANN in a state of perpetual uncertainty regarding decisions or actions in the narrow domain that it regulates. But the time limits make no sense at all when applied to disputes over consensus policies that are alleged to transgress mission limitations. The mission limitations are meant to protect fundamental individual rights, and to permanently constrain ICANN’s mission. They are not matters of expediency and are not time-dependent. There is no reason for there to be a time limit. If a policy allows ICANN to expand its mission beyond its intended remit, the actions it takes under that policy should be subject to challenge at any time.
Suppose for a moment that the U.S. government told us that we couldn’t rely on the U.S. Constitution to challenge laws, regulations, or governmental actions more than a year after they were enacted? This would certainly be seen as drastically curtailing the scope of our constitutional rights.
Remember, in the ICANN case it could easily take 2-3 years after a policy is adopted for it to actually be implemented and to cause harm. Under these proposed supplementary rules, no one could challenge the rule if the harms were caused a year after it was passed.
Making matters worse, these problems were pointed out on the email list of the working group during the ICANN CCWG process. Indeed, there was general agreement that the time limit was a problem and should be changed. But through a series of unfortunate coincidences and bad decisions, those objections were ignored completely. The Implementation Oversight Team (IOT) pressed ahead with the originally proposed text. Why?
Key leaders in the IOT admitted that they hadn’t even read the email thread about this issue. The people who raised the issue assumed, due to the obvious support they had gotten on the list, that the supplementary rules would be changed to reflect their objections. But the rule was never changed. The IOT did not meet, and did not discuss, the numerous objections to the time limits between when they were made and the plenary in Hyderabad. Hence the original text was deemed to be approved by the plenary in Hyderabad.
In attempt to downplay the significance of this problem, certain members of the IOT have argued that if ICANN passes a policy, one year after that policy is passed it is entirely immune to IRP challenge; however, if there is an action implementing an ICANN policy that is itself a violation of the mission limitations or bylaws, that is a separate event. Hence the clock would start again, and we would have another year to challenge the implementing action.
There are many flaws in this interpretation. One obvious one is that such an IRP challenge would not be against the policy itself, it would only challenge the implementing action. This means that a successful challenge would not prevent any future implementations of the policy that might transgress mission limitations. Furthermore, the immunity of the policy itself from challenge would stack the deck against challengers.
Even worse, if the implementing action is by a Registry the action cannot be challenged at all under the IRP. Only ICANN actions can be IRP’d, not registry actions. This almost takes us back to the pre-transition position where only Registries are protected by the IRP, and any other “materially affected parties” are not. Registries, who are acted on by ICANN, would always be able to challenge the implementing action done to them by ICANN. But Registrants, who are acted on indirectly through Registries and Registrars, would quickly run out of time to challenge the policy behind the Registry action and cannot challenge the Registry’s implementation.
So this is, potentially, a double fail – a failure in procedure as well as substance.
Procedurally, the IOT not only ignored critical e-mails when finalizing the supplementary rules for the IRP; it also failed to call a meeting between the CCWG plenary call and the Hyderabad plenary. This meant that IOT did not have a formal occasion to consider the objections. Each IOT member must bear responsibility for having passively waited for such a meeting to be called, when they could have noticed that Hyderabad was coming and demanded such a meeting. ICANN staff also played a role in the procedural fail. When certain IOT members noticed the problem they asked to draft a minority statement for the public consultation. But ICANN staff insisted that this should not be allowed because such a statement would have to be approved by the plenary, and the plenary had already acted. There are also those who believe that the decision to go to public comment was not properly taken in Hyderabad, because the CCWG process requires approval by two meetings (first and second “reading”) before such a decision. Here again, the IOT failed to follow this procedure in time to prevent publication.
The ICANN accountability reforms are not meaningful unless they are implemented properly. In the critical IRP supplemental rules, we have seen serious failures in the ability of the implementation team to take account of legitimate input, and serious flaws in the design of the procedures.
All is not lost yet – there is still the public comment period, which can create the necessary amendments to the rules. We urge everyone concerned with a fair and effective IRP appeals process, and everyone concerned with keeping ICANN’s mission limited and barred from censorship, to file comments in this public comment emphasizing the following points:
- The IRP has to protect registrants, not just contracted parties.
- There should be no fixed time limit on the rights of Internet users to challenge a policy that is alleged to take ICANN beyond its mission or otherwise violate the fundamental bylaws. Policies can literally take years to be implemented and it’s impossible to prove harm or have standing unless the policy is implemented. Further, implementations can change over time.
- IRP challenges need to be able to challenge policies, not just implementations, otherwise registrants are unprotected against registries and registrars.
- While it is reasonable to set a limit on the period in which a registrant is harmed by a policy and files an IRP challenge to the policy, 45 days is too short. Three months is more appropriate given the need for ordinary registrants to consult with lawyers and assess the damage caused by a policy.
Send public comments to this email address:
The deadline is 25 January, 2016.