Home / Blogs

Underneath the Hood: Ownership vs. Stewardship of the Internet

As is well known to most CircleID readers—but importantly, not to most other Internet users—in March 2011, ICANN knowingly and purposefully embraced an unprecedented policy that will encourage filtering, blocking, and/or redirecting entire virtual neighborhoods, i.e., “top-level domains” (TLDs). Specifically, ICANN approved the creation of the “.XXX” suffix, intended for pornography websites. Although the owner of the new .XXX TLD deems a designated virtual enclave for morally controversial material to be socially beneficial for the Internet, this claim obfuscates the dangers such a policy creates under the hood.

Years of unequivocal and pervasive opposition from governments, businesses, and consumer groups shed doubt on ICANN’s plan to launch .XXX, and India has already announced plans to block reachability to XXX. Meanwhile, even ICANN acknowledges that it does not understand the economic and political consequences of legitimizing macroscopic blocking behavior.

In its 20-page defense of the decision, which anticipates defending lawsuits via financing set aside from .XXX registration fees, ICANN claimed there is no evidence that the result will be different from the blocking that already occurs. This assertion implies that ICANN has attempted to study who, what, where, and how domains are being blocked and what technical impacts are observable. This is simply not so.

Despite the explicit request for technical due diligence on the security and stability impacts of TLD blocking by its Government Advisory Committee (GAC)—a weak source of oversight and accountability—the ICANN board never consulted its own Security and Stability Advisory Committee (SSAC) before their decision. When asked by the GAC directly during the March 2011 ICANN meeting, SSAC pulled together a brief advisory just before the next meeting in June, acknowledging the lack of any data to make any judgments regarding blocking, but noting: “All approaches to blocking, and even more so attempts to circumvent it, will have some impact on the security and/or stability of users and applications, and on the coherency or universal resolvability of the namespace.” SSAC offered to investigate the issue further, and in the interim offered an ethical principle—“first do no harm”—to guide the development of blocking policies: “minimizing harm requires a concerted effort to not create circumstances where Internet users outside an organization’s policy domain are adversely affected by that organization’s policy or implementation.”

If ICANN had used such a principle to guide its .XXX decision, it would not have been approved. Putting .XXX into the root will likely lead to significant harms, including castrating free speech rights in countries with repressive regimes or agendas, and weakening Internet (i.e., DNS) security and stability as a result of attempts to both filter out and circumvent filtering of .XXX. This prediction draws support from the May 2011 publication of a paper by a group of leading DNS experts which foretold likely harms from DNS filtering requirements related to proposed U.S. legislation. The report echoed the admonition that filtering would threaten the long-run security, stability, and interoperability of the domain name system (DNS).

Worse, there is no clear public interest case for the inclusion of .XXX in the DNS root database, but rather a few private beneficiaries. The adult content industry has spoken out loudly against it, as have most other communities from across the political spectrum. Who then, does support this policy? A tiny minority of private industry Internet insiders—DNS registries and registrars. ICANN admitted and the industry it regulates proclaimed loudly that ICANN could not let anything further delay its ambitious plans to sell up to 1500 new TLDs a year (launched in June) until something about the Internet observably breaks. Enter the real driver of this policy. We need only reflect on our mortgage crisis to understand how history begs to repeat itself. Picture a digital real estate bubble consisting of infinite character strings (.yournamehere), monetized at $185,000 each, issued under the guise of genuine public debate and transparent policy process, and inevitably resulting in intractable disputes over geographic TLD real estate (does Russia or Florida get .StPetersburg?) and extortion of registration fees to prevent someone else from registering your brand in a new TLD. All done without consideration of the collateral effects on the 6.5B people expected to use the naming system.

But it gets worse—ICANN even acknowledges that .XXX would not meet today’s criteria for a TLD due to the overwhelming community objections, including from the intergovernmental GAC. Rather, ICANN justified its decision to move forward on the platform of consistency of process, clinging to the criteria originally set in 2004 despite their self-contradicting implications. As dissenting ICANN board member George Sadowsky eloquently explained, “it was victory of compulsory adherence to process, rather than a serious discussion regarding ICANN’s responsibility for the future of the DNS and the Internet.” It was a victory of process over goals and of means over ends, where ensuing harm will be met by an ICANN defense of, “But we were only following the process.”

The approval of .XXX marks a historical inflection point, where ICANN’s board formally abandoned any responsibility to present an understanding of the ramifications of probable negative externalities (“harms”) in setting its policies. The most potent effect of creating .XXX on the Internet will be to give credence to the destabilizing concept of multiple namespaces, with political, sociological and economic ramifications that weaken security and stability, whether or not the blocking is even effective. This is not something Wall Street, K-Street, or Main Street will be able to invest, lobby, or vote its way out of.

ICANN’s current arrangement with the U.S. government that aims for transparency, accountability, and the global public interest amounts to little more than hand-waving given the lack of incentives, legal enforceability or other formal accountability to achieve those objectives. The success of ICANN is important, because there is no good alternative. But responsible stewardship of the Internet is more important, and requires earnest and transparent effort to develop policy in the public interest, not only in the financial interest of ICANN and the domain name industry it regulates.

ICANN had every public interest justification, including an obligation and an opportunity with .XXX to demonstrate accountable policy development, to delay the new generic TLD program until it was demonstrated by independent peer-reviewed research that this decision was not antagonistic to the technical and economic security and stability of the Internet. That ICANN chose to relinquish this responsibility puts the U.S. government in the awkward position of trying to tighten the few inadequate controls that remain over ICANN, and leaves individual and responsible corporate citizens in the unenviable yet familiar position of bracing for the consequences.

[Disclosure: Dr. Claffy leads Internet research projects funded by the Department of Homeland Security and the National Science Foundation. She also serves on two advisory committees to ICANN: the Security and Stability and Root Server System Advisory Committees. The opinions here reflect only hers.]

By kc claffy, Director, CAIDA and Adjunct Professor, UC, San Diego

Filed Under


So you support a heckler's veto? Milton Mueller  –  Aug 23, 2011 9:29 PM

Of course it’s not good that some countries are choosing to block .xxx. But it makes no sense at all to suggest that we avoid the horrors of ex post blocked domains in a few countries by…blocking domains ex ante, everywhere for everyone, before they even have a chance to exist!

It’s amazing that folks like kc are completely deaf to the net neutrality and free expression implications of allowing ideas for domain names to be blocked simply because some people object to them. Whatever happened to the idea of permissionless innovation that the Internet community holds so dear? This is what gave the Internet its value and its innovation.

By Claffy’s logic, ICANN and the US Commerce Department should not allow Facebook, Google.com and YouTube to exist because somewhere around 30-40 governments choose to block them. And don’t talk to me about scale because there’s more DNS traffic to Youtube.com and facebook.com than there are to most of the world’s TLDs. There is no difference between a top level domain and a second level domain in this regard. The blocking techniques are the same. The technical effects are the same. If you want to salvage what is left of KC’s technical expert credentials, I hope she can explain how the effects of blocking TLDs are any different from blocking SLDs. If she can’t - and I know the answer to this - why not just come right out and support the use of ICANN for full-fledged censorship of all Internet domains at the scale of the Chinese Communist Party?

This is fundamentally a policy issue, not a technical or “security” issue. If you asked the governments posturing about .xxx - or thousands of other people - whether many other domains should be allowed to exist, whether second level or top level, I suspect that 80% of the Internet would be taken down. We don’t want ICANN to become a chokepoint that administers hecklers’ vetos on a global basis. ICANN did the right thing by ignoring that noise.

I also find KC’s suggestion that this process did not consider any alternatives to be so inaccurate as to be incredible. The debate over new TLDs has been going on within the GNSO since 1998. I have participated in the current proceeding since 2006. Every argument you raise has been debated at length. the new TLD program is a long, painful, ugly compromise. Every concern you have has led to some modification of the process, such as the GAC objections process. Now that the issue has finally been resolved, we see this really disgusting attempt to back out of the process and tear down the institution simply because some people didn’t get the policy they wanted. I was amazed to see, kc claffy’s comments on the NTIA FNOI, that she even supports corrupting the IANA contract by supporting the NTIA’s indefensible attempt to appease trademark owners by turning the IANA into a policy maker that does “public interest determinations” on each new TLD delegation. for shame. Enough of these backdoor attempts to undo what has been done. It’s over. It will happen. Given the alternatives, such as supporting global censorship via an objection veto or doing nothing at all, the ICANN program, for all its warts, is the better outcome.

I agree with Dr. Claffy's essay and George Kirikos  –  Aug 24, 2011 4:08 PM

I agree with Dr. Claffy’s essay and points. ICANN’s processes are clearly broken when the voices of a few self-serving entities outweigh those of the greater public. ICANN models itself after the regime of Muammar Gadaffi, with top-down decisions from an unaccountable Board, instead of the “bottom-up” process that it is supposed to be following.

ICANN wasn’t even close to coming up with optimal decisions or policies. Their own experts didn’t consider having regular tender processes, for example, to ensure that consumers would receive the maximum benefits, from both existing gTLDs and any new TLDs. When ICANN can explain and justify why dot-com wholesale prices are not below $2/yr, then perhaps they’d have a semblance of legitimacy. ICANN’s decisions cost consumers over $400 million per year in excess fees, and that number is growing annually. ICANN repeats the mistakes of the past, allowing new TLDs to be essentially “owned” by the monopolistic registry operators, rather than having them simply be temporary managers serving the registrants. Until things change for the better, ICANN remains a pariah, and not a steward of the DNS.

NTIA, DOC and DOJ should exercise their powers to ensure that ICANN’s poor decisions are not implemented. They remain the only true mechanism of ensuring accountability. ICANN should learn the lesson of Libya, and know that a rogue regime has a finite existence. Their poor decisions hasten their demise.

Responding to Milton Mueller's kc claffy  –  Aug 25, 2011 12:03 AM

Milton says, “It’s amazing that folks like kc are completely deaf to the net neutrality and free expression implications of allowing ideas for domain names to be blocked simply because some people object to them.” I have nowhere indicated that I am deaf to either net neutrality or free speech implications—on the contrary, these are the kind of implications that deserve exactly the sort of analysis that ICANN failed to pursue.  Mr. Mueller’s concept of “permissionless innovation” overlooks inevitable conflicts among rights.  The reality is that one person’s right, e.g., free expression, can abrogate the rights of another, e.g., security, privacy.  The relevant question is where that balance is, and more importantly who gets to decide between legitimate interests.

On the distinction between top-level and second-level blocking, I also linked to ICANN’s SSAC committee’s statement on this question, which concludes:

The SSAC understands that the subject of blocking of DNS comes in the wake of the addition of the XXX Generic TLD (gTLD) to the root. The SSAC does not have sufficient information to take a position regarding this action, however, the Committee wishes to make clear that, regardless of whether blocking applies to TLDs or sub-levels, minimizing harm requires a concerted effort to not create circumstances where Internet users outside an organization’s policy domain are adversely affected by that organization’s policy or implementation. Extending this organization-based ethical framework to sovereign nations would require greater understanding of the political landscape than the SSAC currently has. But we can also say with certainty that country-level blocking of entire TLDs fundamentally interferes with the goal of providing a single, unified naming system for Internet resources. If implemented without some formal ethical framework to minimize harm to external parties, blocking may induce more adverse effects than intended on broader communities, exacerbating the problem(s) that such blocking is intended to solve. In addition, blocking at the second and third level domains as well as the TLD level may give rise to alternative name systems and/or roots, which would be destabilizing and disruptive for the Internet.

Detailed criticisms of what ICANN has substituted for actual research of the technical and economic issues are easy to locate, I linked to several of them in the essay.  My comment is not a call to reverse course, but rather to objectively assess what happened, and to mitigate against the negative ramifications.

Mr. Mueller makes it clear that he shares ICANN’s presumption that this policy decision deserves to be played out without documenting a concerted effort to understand its ramifications for the spectrum of affected parties.  My claim is that this presumption is not only unethical, but given ICANN’s recently introduced “do no harm” ethic, it is also hypocritical.  Mr. Mueller’s own analysis of how ICANN substitutes public participation mechanisms for accountability is perfectly applicable to this episode of ICANN policy-making, and sheds his histrionic exaggerations and fallacious analogies in his defense of “...a long, painful, ugly compromise” in a similarly hypocritical light.

Thanks for conceding nearly all my points Milton Mueller  –  Aug 25, 2011 8:08 PM

Let’s take care of the easy stuff first.
1. The SSAC statement you cite confirms that there are no distinctions to be made between SLDs, TLDs and even third-level domains. Ergo, insofar as you wish to remain logically consistent, you are in fact suggesting that ICANN or other organizations pre-approve all web site names and SLDs and even content globally, in order to pre-empt the need for any government, no matter how authoritarian, to block them. Because, in case you or SSAC haven’t noticed, there are now tens of thousands of such domains blocked.
2. Your contention that none of the policy decisions underlying the TLD program have been analyzed or documented remains jaw-droppingly out of touch with reality. The .XXX debate consumed years (2004 - 2007) of debate. Take a look at it when you have a spare month or two. Then there was a formal independent review panel decision involving a record with thousands of pages of documentation. Got another month? While that was happening, in reaction to the .XXX incident ICANN staff and GAC moved to place restrictions on strings and appropriate delegees of strings, which became known as the “morality and public order” (MAPO) objections and the “community” objections. Have you even _read_ the Applicant Guidebook (AG) and its manifold predecessor versions, stretched out over years? I suspect not. So if it is your contention that the AG represents a decision made out of the blue that fails to “documen[t] a concerted effort to understand its ramifications for the spectrum of affected parties”, you are so far off base it is not worth discussing it with you any further. When the Trademark interests say such things, at least we know they are lying and why they lying. I truly have no idea what your explanation is.
No time for more here, but in some other time and place I will need to explain to you why a threat by a government to censor and repress Internet expression in its territory does not impose an “ethical” obligation on the rest of the world to pre-censor the speech of those they threat to block. And I (one who has forgotten more about ICANN’s accountability problems than you probably will ever know) will make an effort to explain to you why the .xxx decision represents ICANN’s most important and most significant act of accountability - an agreement to follow its own designated rules and procedures and to admit its mistakes. I would also explain how the game you are playing - claiming that a 5-6 year long process that many many people invested countless time and effort into didnt really happen or didn’t matter - is fundamentally inimical to ICANN accountability

Milton is an articulate if lonely voice Michael Roberts  –  Aug 26, 2011 8:13 PM

Milton is an articulate if lonely voice for laissez faire capitalism and libertarian politics.  But kc’s superb dissection of the foibles and missteps of ICANN’s tortuous path to the wrong decision on .xxx stands by itself.  A modern morality tale of the Internet.

The plain fact is that societies, for better or worse, and frequently both, have always placed constraints on private and commercial speech.  ICANN, as steward for a global enterprise, faces a myriad of such limits.  Fortunately, many of them can be safely ignored.  On the other hand, as ICANN struggles for institutional credibility and a permanent - if anything in the Internet world can be considered permanent - niche among the NGOs and intergovernmental entities out there, it ignores the common sensibility of humans at its peril.

Not only does an organized brothel for virtual porn offend many, but as kc points out, the proposal doesn’t pass muster under ICANN’s not-yet-final regulations on new TLDs.  I doubt that it meets the public interest test in the AOC either.

There is a particular strain of cultural arrogance on community standards among Americans that is offensive to many around the world.  What we think in the U.S. is not necessarily the “best” thinking on a subject, although we are all too prone to consider it such.  Dot xxx is an example of a scheme that could command only an astoundingly low percentage of support if measured on a global basis.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com

Domain Names

Sponsored byVerisign