Like everyone else, former ICANN board members have been preoccupied by the horrific November 13th, 2015 attacks on Paris, France, by a bunch of cold-blooded mass murderers. Our email list discussion of the Paris attacks covered a number of issues, including the inevitable question: what, if anything, should ICANN do in response?

Some list subscribers concluded that the events had nothing to do with ICANN’s mission, and that we should just sigh and move on. Others, on the other hand, said: not so fast, it would serve ICANN well to take a closer look at the matter, and its ramifications on wider world of ICANN. This later group (to which I belong) argued that some aspects of the reaction to the attacks on Paris might have significant bearing on ICANN’s mission, as narrowly-defined as it is. The discussion, which over 3 days ran in a flurry of some 56 emails, reminded me of an African story about a cock and a goat ...

The cock and the goat

Once upon a time, a cock was in a pen it shared with a goat and a sheep, and engaged in a discussion with them about a war that was raging in a neighboring country. The goat and the sheep lamented the loss of lives, and devastation caused by the war. The cock told them they were wasting their time, and wondered why they should bother about a war so far away, a war between human beings, and one that had nothing to do with them. Still, the goat and the sheep said, they felt bad about the war, and prayed it would end soon. The cock said it would not be bothered, and could not care less about the duration or outcome of the war.

A few weeks after this discussion, their owner received their relatives fleeing the war from the neighboring country. A day later, they overheard their owner’s wife asking her husband, “What do we cook for our guests?” Without hesitation, he replied, “Why don’t you kill the cock for them?” She promptly agreed, and so was sealed the fate of the cock who had concluded the war next door had nothing to do with him. In the aftermath of the attacks on Paris, the question then is: does ICANN run the risk of suffering the fate of the cock by staying aloof of the response to the events in Paris, and future events of global significance?

The war against terrorism

Whatever position ICANN takes, the rest of the world, especially the Western world, has firmly decided to combat the scourge of terrorism. In an address to a joint session of parliament in the Palace of Versailles, President Hollande of France said that “France is at war,” and that France would take internal measures, and engage its international partners in its fight against terrorism. Accordingly, Hollande has held talks with France’s allies around the world to drum up support for a strong response to the attacks on Paris.

The G20 leaders (including the US, China, and Germany), who met Turkey around the time of the terrorist attacks on Paris, pledged their support for France, and engaged in a flurry of consultations to develop strategies for fighting the terrorists. The US, for one, has decided to share targeting information, and facilitate intelligence sharing with France. In the same vein, the UK recently announced a 5-year £1.9 billion investment plan to protect Britain from cyber attacks, and develop their capabilities in cyberspace.

Already, the Internet is being drawn into the debate. Some have concluded that the Internet is increasingly becoming an important tool for terrorists, and hence, a major challenge in developing an effective response to the terrorist attacks on Paris. Although some have tempered this argument, the reality is that governments are building more facilities, spending more money, and recruiting more people in readiness for a battle royal on the Internet. ICANN might very well be caught in the cross-fire.

Suffering terrorism

Although it will be crazy to expect ICANN to be front and center in the fight against terrorism, it will also be foolhardy for it to pretend all of this has nothing to do with it. The case for ICANN taking more than a cursory look at events such as the attacks on Paris is multifaceted. First, security experts concede that it is almost impossible to prevent future terrorist attacks, and “we cannot kill our way out of this war.”

In the two weeks since the attacks on Paris, Mali and Tunisia both suffered terrorist attacks with significant loss of lives. Terrorism (or horrorism as I prefer to attacks of the ilk of those on Paris) is now more than ever a fact of life. Each attack presents its own set of problems and challenges, and ICANN must evaluate them accordingly.

Second, ICANN has in the past been directly affected by mere threats of terrorism. ICANN 37 was held in Nairobi, Kenya in 2010 under a pall of fear about the risk of a terrorist attack or attacks. In 2011, ICANN 41 was moved from Amman, Jordan, to Singapore because of fears about the so-called Arab Spring protests then raging in the Middle East. I was on the ICANN board when the ICANN 37 and 41 meetings were held, and I recall the difficulties in making decisions about the venues of these meetings, the impact the decisions had on ICANN’s relation with countries in these sub-regions, as well as the associated costs and inconveniences.

ICANN’s mission was also impinged in the aftermath of the Boston Marathon bombing of April, 2013. According to a Cisco report, two botnets were launched after the bombings. The botnets rode on a massive spam campaign that lured victims to links with videos of the bombing, and malicious .jar files. The spam generated by the botnets accounted for up to 40 percent of the total spam during that period. The same report also said that the Boston Marathon bombing also led to the registration of “hundreds” of domain names related to the tragedy. The Cisco report shows that terrorist attacks often have a direct impact on the security and stability of the Internet, and hence impinge on ICANN’s core mission.

ICANN: cock or goat?

Against this background, my opinion is that the question should not be whether or not ICANN should react to terrorist and similar incidents of global impact, but how it should. In this regard, the starting points should be ICANN’s strategic plan and the enterprise-wide risks identified by ICANN, as well as the Risk Committee of the ICANN board. The 2016-2020 strategic plan for ICANN has 5 strategic objectives, each with its associated goals, outcomes, and risks to its attainment.

ICANN can use its strategic plan to prepare a matrix to evaluate the impact of major global events on its strategic objectives, goals, outcomes, and associated risks. This way, the assessment of each event will be based on ICANN’s mission and priorities, and guard against mission creep. The task of evaluating the impact of terrorist attacks and other global events on ICANN can be crowd-sourced to the community by establishing an interactive version of the strategic plan for people to suggest any risks and opportunities they see as pertinent to the organization. ICANN can then shift through and assess these suggestions, just as they presently manage public comments.

Although some might argue that such on-going assessments might be distracting, the fact of the matter is that these global events not only have direct impacts on ICANN (as with the case of the choice of meeting locations), but also indirect effects such as a poisoned atmosphere for be debate about Internet governance. Having a system in place to give these events the attention they deserve, and involving the community in evaluating their impacts will be money and time well-spent for ICANN.

The alternative is for ICANN to act like the cock in our story, and not bother one bit about events around it. Although it might have been easy to argue in early 2011 that the self-immolation of an unemployed youth in Tunisia had nothing to do with ICANN’s core mission, the fires that event started ultimately ended up costing ICANN. By ignoring the world around it, ICANN might wake up one day to find that the global war against terror has been brought into its narrowly-defined turf, and then just like the cock, be had for dinner.