I just returned from the “Internet of Things, Internet of the Future” conference sponsored by the French Presidency of the EU. At a panel on the privacy implications of RFID, I was struck by the way so many panelists, perhaps 4 or 5 out of 7, invoked “privacy by design” as a way of responding to RFID privacy threats. They all seemed to agree that it was somehow possible to pre-configure the technology in a way that privacy is structurally protected. Appropriately enough, the next day one of the chief intellectual promoters of this myth, law professor Lawrence Lessig, keynoted the conference.
I think people who put such stock in the ability of “design” or constructed “architectures” to solve or forestall social problems are wrong. Our ability to solve privacy problems depends on how strongly people value privacy, how well they mobilize politically and economically and whether they have the legal and regulatory tools to intervene in strategic areas of the value chain. There is no magic shortcut that allows a social objective to be inserted into the “genes” of a technology at the outset to save us from all that laborious work.
The FBI is soliciting vendor proposals to provide one-stop, turn-key access to Internet Zone files, domain WHOIS and DNS records. Posted July 22, with responses due yesterday, the solicitation details a system that would aggregate the data and provide it to the FBI for up to the next 5 years. On one hand, the open nature of the DNS makes this request mostly just a large data collection exercise, but it has some interesting wrinkles with respect to its scope and selection process, as well as implications for civil liberties.
This is the most intensely political ICANN meeting I have ever been in, with the possible exception of Berlin 1999. Part of the cause is the GNSO structural reform, which has the various constituencies snarling at each other about vote distributions. Multilingual domain names, which combines market pressures with geopolitics, adds to the mix. But one of the main causes is the escalating power of ICANN's Governmental Advisory Committee (GAC).
GAC is gradually inserting itself ever more persistently into the so-called bottom-up, nongovernmental policy making process of ICANN. As this happens, the politics of ICANN become ever more high-level and difficult for ordinary Internet users to access. As this happens, some of its more ambitious members of the GAC are chafing at its “Advisory” status. It is evident that many governments have trouble understanding the idea that their role is only to provide advice and guidance to ICANN on matters within their jurisdiction, and that they are (supposed to be) one of many “stakeholder groups.” Which goverment has the most trouble here? The answer may surprise you. It is not China or Russia, or some other authoritarian state. Nor is it Brazil or South Africa, or any other state that led the charge against ICANN during WSIS. No, it is the USA.
But fortunately, there are some people within ICANN willing to assert its autonomy and stand up to state pressure. The following dialogue between ICANN's Board Chair Peter Dengate Thrush reveals an unexpectedly stiff spine. In the following exchange, the US GAC representative, Commerce Department's Suzanne Sene, is badgering ICANN's Board about GAC's advice that it do “studies” on Whois – privacy. We repeat the exchange here with only a few excisions. It makes for delightful reading. The Board chair politely but firmly explains to the US government how ICANN — an organization it set up — is supposed to work.
The Security and Stability Advisory Committee (SSAC) has added a new wrinkle to the ongoing domain name Whois saga. In a document released late last week, it identified some well known and other less talked about problems with the Whois protocol and it called on ICANN and its community to pursue a more holistic approach involving policy recommendations. Interestingly, it also called for consideration of a new “formal directory service for the Internet” standard to serve domain name interests.
IGP Partner Milton Mueller, a scholar known for his work on global Internet governance and professor at the School of Information Studies (iSchool) at Syracuse University, has internationalized his academic post and strengthened ties to the Internet industry by accepting a chair at Delft University of Technology in the Netherlands. The three-year research position was created by the Dutch Internet service provider XS4ALL, and will be located in the Faculty of Technology, Policy and Management, Information and Communication Technology (ICT) section.
ICANN's GNSO Council stumbled and bumbled its way to a nonresolution of the Whois privacy controversy today (Wednesday, All Hallows Eve). On the surface, nothing changed. Despite ICANN's inertia, however, the “status quo” Whois is gradually being eroded by a combination of market forces, which allow registrants to buy a modicum of privacy protection from registrars, and the ongoing threat of legal assaults on Whois from outside the United States. A growing number of ccTLDs and gTLDs can be expected to force ICANN to adjust its Whois requirements to the data protection laws of other countries, the most current example being the TELNIC case. This means that the status quo equilibrium left in place by ICANN's inability to act is tilting slowly in favor of privacy. At the same time, law enforcement and takedown measures are taking new directions, pioneered by the Anti-Phishing Working Group, that also work outside the ICANN process.
Researchers at IGP have prepared a comprehensive timeline of the Whois service and the controversy over Whois and privacy, with links to relevant documents. The timeline was prepared by Dr. Milton Mueller and doctoral student Mawaki Chango as part of their draft paper for the annual Telecommunication Policy Research Conference at the end of September. Comments or suggested additions of important missing elements to the timeline are welcomed; use the reply function on the blog