The non-contracted parties of the ICANN community met in Reykjavík last week for their annual intersessional meeting, where at the top of the agenda were calls for more transparency, operational consistency, and procedural fairness in how ICANN ensures contractual compliance.

ICANN, as a quasi-private cooperative, derives its legitimacy from its ability to enforce its contracts with domain name registries and registrars. If it fails to implement the policies set by the community and to enforce its agreements with the contracted parties, the very legitimacy and credibility of the multistakeholder governance model would be threatened, and the ability of ICANN to ensure the stability and security of the Domain Name System could be questioned.

The Commercial and Non-Commercial Stakeholder Groups are not unified in their views on how ICANN should manage contractual compliance, but both largely agree that ICANN should be more open with the community regarding its internal operating procedures and the decisions that are made.

Some members of the Commercial Stakeholder Group desire an Internet policeperson, envisioning ICANN’s compliance department as taking an active role in content control, disabling access to an entire website on the mere accusation of copyright infringement. ICANN has previously said it is not a global regulator of Internet content, but there is a sentiment in some circles that through shadow regulation, well-resourced and politically-connected companies should be able to determine which domain names can resolve and which cannot.

The Non-Commercial Stakeholder Group believes that the Domain Name System works because Internet users trust it to redirect them to their intended destination. Likewise, if a registrant registers a domain name in good faith, they should expect to be able to use this Internet resource to disseminate the legal speech and expression of their choice. Domain names enable access to knowledge and opinions that sometimes challenge the status quo, but ultimately enable the fundamental human right to dissent and to communicate speech.

If a website is hosting illegal content, it is the courts that have the authority to make such a determination and to impose appropriate remedies—not private enterprises that have struck deals with registries, and certainly not ICANN.

The problem is, there is mission creep, and ICANN is indirectly regulating content by repossessing domain names from registrants sometimes without any investigation of fact.

During the intersessional, the Non-Commercial Stakeholders Group probed the compliance department to outline how complaints can be filed, how they are reviewed, and to describe how the interests of registrants are represented during the investigation of complaints.

The answers were very revealing: anyone can file a complaint with ICANN, even anonymously; there are no public procedures on the complaint process; and registrants can neither know that a complaint has been filed against them, nor can they feed into the decision-making process, nor challenge the decision. This is problematic, not least because ICANN staff admitted last November in Hyderabad that there has been abuse of the compliance department’s complaints form, with some entities having made bad faith attempts to have domain names taken down.

This is not a theoretical issue. In 2015, ICANN’s compliance department caused financial harm to a domain name registrant because of a minor, perceived inaccuracy in their domain name’s WHOIS records. In this instance, the registrant had a mailing address in Virginia and a phone number with a Tennessee area code. While both details were valid, and the registrant was contactable, a “violent criminal” filed a complaint with ICANN alleging that the details were inaccurate. The complaint was accepted by ICANN and passed along to the domain name registrar. The registrar, fearing a non-compliance notice from ICANN, suspended the domain name without performing any investigation into the claim, resulting in the registrant losing access to their business email account and website.

Representatives from the Non-Commercial Stakeholders Group argued during the intersessional that ICANN should not accept anonymous complaints. Anecdotally at least, there appears to be a pattern of domain names being taken down based on inaccuracies in WHOIS records, many of which the casual observer may perceive as being either very minor, or not a legitimate complaint. It is not simple to track patterns of abuse when you do not know who is submitting the complaints. Transparency does not necessarily mean transparency to the world. But it should be possible for the parties against whom a complaint has been made to request information on who has filed a complaint against them. They should also be able to feed into the complaint process, provide evidence, and have a mechanism of appealing the decision that a contracted party or ICANN’s compliance department has made. ICANN has been recruiting for a Consumer Safeguard Director for more than two years now; perhaps once this post is finally filled, registrants—the very parties paying for domain names year-after-year—will have more of a voice in ICANN’s complaint processes.

Because as things stand at present, if a domain name can be repossessed from a registrant for any reason at all, without any due process being followed, and in direct violation of Article 1 of the organisation’s bylaws, it might well be ICANN that is posing a threat to the security and stability of the Domain Name System.

Ayden Férdeline is a London-based Internet policy consultant. He was appointed to the Policy Committee of the Non-Commercial Stakeholders Group in January 2017.