|
The domain name system is not the place to police speech. ICANN is legally bound not to act as the Internet’s speech police, but its legal commitments are riddled with exceptions, and aspiring censors have already used those exceptions in harmful ways. This was one factor that made the failed takeover of the .ORG registry such a dangerous situation. But now, ICANN has an opportunity to curb this abuse and recommit to its narrow mission of keeping the DNS running, by placing firm limits on so-called “voluntary public interest commitments” (PICs, recently renamed Registry Voluntary Commitments, or RVCs).
For many years, ICANN and the domain name registries it oversees have given mixed messages about their commitments to free speech and to staying within their mission. ICANN’s bylaws declare that “ICANN shall not regulate (i.e., impose rules and restrictions on) services that use the Internet’s unique identifiers or the content that such services carry or provide.” ICANN’s mission, according to its bylaws, “is to ensure the stable and secure operation of the Internet’s unique identifier systems.” And ICANN, by its own commitment, “shall not act outside its Mission.”
But… there’s always a but. The bylaws go on to say that ICANN’s agreements with registries and registrars automatically fall within ICANN’s legal authority, and are immune from challenge, if they were in place in 2016, or if they “do not vary materially” from the 2016 versions.
Therein lies the mischief. Since 2013, registries have been allowed to make any commitments they like and write them into their contracts with ICANN. Once they’re written into the contract, they become enforceable by ICANN. These “voluntary public interest commitments” have included many promises made to powerful business interests that work against the rights of domain name users. For example, one registry operator puts the interests of major brands over those of its actual customers by allowing trademark holders to stop anyone else from registering domains that contain common words they claim as brands.
Further, at least one registry has granted itself “sole discretion and at any time and without limitation, to deny, suspend, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, hold, or similar status” for vague and undefined reasons, without notice to the registrant and without any opportunity to respond. This rule applies across potentially millions of domain names. How can anyone feel secure that the domain name they use for their website or app won’t suddenly be shut down? With such arbitrary policies in place, why would anyone trust the domain name system with their valued speech, expression, education, research, and commerce?
Voluntary PICs even played a role in the failed takeover of the .ORG registry earlier this year by the private equity firm Ethos Capital, which is run by former ICANN insiders. When EFF and thousands of other organizations sounded the alarm over private investors’ bid for control over the speech of nonprofit organizations, Ethos Capital proposed to write PICs that, according to them, would prevent censorship. Of course, because the clauses Ethos proposed to add to its contract were written by the firm alone, without any meaningful community input, they had more holes than Swiss cheese. If the sale had succeeded, ICANN would have been bound to enforce Ethos’s weak and self-serving version of anti-censorship.
The issue of PICs is now up for review by an ICANN working group known as “Subsequent Procedures.” Last month, the ICANN Board wrote an open letter to that group expressing concern about PICs that might entangle ICANN in issues that fall “outside of ICANN’s technical mission.” It bears repeating that the one thing explicitly called out in ICANN’s bylaws as being outside of ICANN’s mission is to “regulate” Internet services “or the content that such services carry or provide.” The Board asked the working group [pdf] for “guidance on how to utilize PICs and RVCs without the need for ICANN to assess and pass judgment on content.”
There’s a simple, three-part solution that the Subsequent Procedures working group can propose:
In short, while registries can run their businesses as they see fit, ICANN’s contracts and enforcement systems should have no role in content regulation, or any other rules and policies beyond the ones the ICANN Community has made together.
Guardrails on the PIC/RVC process will keep ICANN true to its promise not to regulate Internet services and content. It will help avoid another situation like the failed .ORG takeover, by sending a message that censorship-for-profit is against ICANN’s principles. It will also help registry operators to resist calls for censorship by governments (for example, calls to suppress truthful information about the importation of prescription medicines). This will preserve Internet users’ trust in the domain name system.
Sponsored byCSC
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byRadix
Mr. Stoltz,
One thing that I did not see addressed in your article is what to do when a domain name is being used solely for the purpose of spreading or facilitating the action of malware, such as is the case of many botnets. This is a matter of content that, in my view, is within the Internet community’s interests to be taken down as fast as possible by contracted parties. While I do understand that you are making a point mostly about Intellectual Property conflicts, the fact remains that some domain names are used solely to harm users.
Regards,
Mark, I think malware distribution can be placed on the technical or infrastructure side of the line. A group of registries did a pretty good job of articulating the infrastructure/content distinction in their DNS Abuse Framework. But the broader point is that even though there are some things that should be "taken down as fast as possible," that's a matter of local law, and ICANN should not be involved. The DNS Abuse Framework and similar things shouldn't be subject to enforcement by ICANN. That's because ICANN is not well served by becoming another battleground of content moderation as if it were Facebook.
Congratulations on your excellent penmanship that argues that any aspiration for DNS abuse mitigation is in itself an “abuse”, that ICANN’s “narrow” mission is to keep the DNS “running” (without any concern at all for what happens within the DNS), and that it should limit the ability of Registries to offer Public Interest Commitments. Public Interest is unlimited, so should the commitments be.