My speech given at the 15th ICANN Studienkreis in Amsterdam on 14 August.

ICANN’s mission, and the avoidance of “mission creep”, is currently the subject of intense debate in the Internet community. Multiple cross-community working groups are dealing with the proposal by an agency of the United States government, NTIA, to give up the last vestiges of its control of the IANA function. Many of the new organizational structures under consideration purport to deal with ICANN’s expanding mission.

Even before the creation of ICANN, mission creep was an issue on the Internet. In 1996, Jon Postel made the wishful statement: “Domain names are intended to be an addressing mechanism and are not intended to reflect any trademark, copyright or other intellectual property rights.” The White Paper in 1998 changed all that by giving ICANN the mandate to develop a trademark protection policy primarily to deal with the problem of cybersquatters (or “cyberpiracy”). The consensus at the time excused this broadening of ICANN’s mission because cybersqatting was viewed as an unjustified abuse of the domain name system itself. The White Paper warned against getting involved in “conflicts between trademark holders with legitimate competing rights.” Even so, the UDRP, as developed by ICANN, has become deeply involved in such conflicts and provides a good example of mission creep as we now know it.

ICANN purports to be very conscious of its mission. The ICANN Charter granted by the state of California makes ICANN responsible for the “operational stability” of the Internet; it gives the corporation specific technical functions and responsibilities as well as the power to engage in “lawful activity” related to them. ICANN’s Mission and Core Values, the first two sections of its Bylaws, focus on ICANN’s technical functions.

In some specific areas, ICANN acknowledges its limits. As examples, “Spam complaints are outside of ICANN’s scope and authority.”

Also, “Complaints regarding trademark infringement due to website content and domain names are outside of ICANN’s scope and authority.”

The same wording applies to copyright infringement.

ICANN currently deals with difficulties relating to transfers of domain names with a partial hands-off policy. “Disputes between registrars over alleged violations of the Inter-Registrar Transfer Policy may be initiated by any ICANN-accredited registrar” (but not by the victim of the violation, the domain name registrant).

Mission creep continues, however, in areas such as the expansion of the domain name system by creation of new generic top level domains. The lack of a technical limitation on the numbers of domain names in the root zone (subject to some practical limits) has always been the underlying rationale for expanding the DNS. It would require serious economic or legal justification to impose limits on what is otherwise technically feasible. No consensus has been reached on the economic justification, or lack thereof, for putting new top level domains in the root. Trademark owners have argued that expanding the DNS has simultaneously expanded the opportunities for cybersquatting, but their arguments have been blunted by the development of new rights protection mechanisms. The Trademark Clearinghouse and the new Uniform Rapid Suspension System (URS) have moved ICANN more deeply into complex questions of trademark law, providing further justification for expanding its budget and broadening its mission.

Possibly the greatest expansion of ICANN’s mission stems from the process of creating new generic top level domains. The selection process—what names to put in the root, how to select new registries and the technical requirements for them—is pretty clearly within the legitimate technical functions of ICANN. In any event, the White Paper set the stage for this effort by ICANN:

“At least in the short run, a prudent concern for the stability of the system suggests that expansion of gTLDs proceed at a deliberate and controlled pace to allow for evaluation of the impact of the new gTLDs and well-reasoned evolution of the domain space. New top level domains could be created to enhance competition and to enable the new corporation to evaluate the functioning, in the new environment, of the root server system and the software systems that enable shared registration.”

After a limited first run of DNS expansion in 2000 and 2003, the second round (launched in 2012) created new opportunities for ICANN’s growth and new grounds for an increased budget. The new selection processes embodied in the New gTLD Applicant Guidebook demanded massive increases in ICANN’s budget, including substantial new fees for applicants and the new registries.

As well as justifying budget increases, the new processes have broadened ICANN’S mission. For example, the Guidebook allows four grounds for a formal objection to an application:

1. String Confusion Objection – The applied-for gTLD string is confusingly similar to an existing TLD or to another applied for gTLD string in the same round of applications.
2. Legal Rights Objection – The applied-for gTLD string infringes the existing legal rights of the objector.
3. Limited Public Interest Objection – The applied-for gTLD string is contrary to generally accepted legal norms of morality and public order that are recognized under principles of international law.
4. Community Objection – There is substantial opposition to the gTLD application from a significant portion of the community to which the gTLD string may be explicitly or implicitly targeted.

The objection processes led to the creation of new dispute resolution procedures, relying on supposedly objective and independent decision makers. The net result is expansion of ICANN’s role as de facto justice provider on the Internet, accompanied by legal challenges that justify more budget increases.

The new application fees and related new charges have been a financial bonanza. ICANN was able to establish a one hundred million dollar risk reserve fund and is now wrestling with the question of who controls the spending of the proceeds of the last resort auctions that are held to determine the winners of contested applications for new domains.

Now that hundreds of new domains have been launched, mission creep at ICANN continues. Compliance with contractual obligations undertaken by registries and registrars has always been a legitimate interest of ICANN. It would be difficult to argue that ICANN should take no action concerning a registry or registrar that fails to live up to its technical obligations related to security and stability. The problem, however, lies in the breadth of obligations in those contracts. Since many obligations are vague in scope, their enforcement by ICANN implicitly raises the question whether ICANN is becoming a global consumer protection agency.

Although ICANN explicitly rejects this role, some of its recent activities make it look increasingly like a global regulator.

In response to comments from the Governmental Advisory Committee (GAC), ICANN adopted a policy requesting, but not requiring, Public Interest Commitments (PIC) specifications from new domain applicants. Although specifications would be received from any applicant, the focus is on domains serving regulated or professional activities and domains committed to serving particular communities. To enforce the commitments, a PIC Dispute Resolution Procedure was established. ICANN’s mission now includes regulation of registry conduct related to public interest commitments.

In 2014, there was also a proposal to establish Mandatory Policy Advisory Boards (PABs). According to the ICANN announcement, a group of community members asserted “...that PABs are able to address what are perceived to be substantial public-interest deficiencies in the current implementation of ICANN’s gTLD expansion program.” Although the proposal has not advanced, it illustrates the sentiments of a faction that sees no problem in ICANN becoming a global enforcer of what ICANN perceives to be the public interest.

Other recent developments regarding content control show where ICANN is headed.

1. In 2013, ICANN provided personnel to investigate and ultimately take down a Russian child pornography ring. No one could dispute the desirability of the result, but the question remains whether the task more appropriately should have been handled entirely by law enforcement bodies.
2. ICANN recently ordered the new .doctor domain to refrain from registering any names from persons other than medical doctors. The rationale for the decision stems from GAC advice regarding “highly regulated” market sectors. The registry operator has asked for reconsideration on several grounds, including the fact that “doctor” is a widely used term outside the medical profession.
3. The new Base Agreement for registry operators requires the operators to require, in turn, their registrars to prohibit domain name holders from “distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name.” Whether or not this will turn registries into subsidiary law enforcement agencies remains to be seen. It clearly injects content control into ICANN’s mission.

Finally, if ICANN has a grand plan to engage in Internet governance, the best evidence is its sponsorship of a study by Boston Consulting Group on “Reducing efriction—or a country’s obstacles to full participation in the global digital economy.” The study reports: “The five major causes of e-friction identified in the 2015 update are wealth, population density, the urban-rural population mix, literacy, and English-language skills”. The study has it merits, but its connection to ICANN’s original mission of technical administration of the DNS is difficult to discern.

The evidence is clear; ICANN’s mission has crept beyond anything envisioned in the White Paper. It now extends to content control, and is fueled by a budget that inevitably grows without restraint.

The cross-community working groups on the transition from NTIA control are clearly aware of mission creep. Some want it limited; others do not. Can they do anything about it? If they can, then ICANN will be removed from functions it was never intended to perform. If not, a new global bureaucracy will have emerged, theoretically accountable to its stakeholders, but mainly charting its own mission.