ICANN is clearly changing with the new CEO making immediate changes to the organizational structure and Compliance announcing a number more effective tools and procedures at Sunday’s At-Large Advisory Committee (ALAC) and Regional Leadership Meetings. It seems very ambitious and they will need to be because our year-long research, publicly distributed here for the first time, shows a complete breakdown in ICANN’s Compliance functions on every level possible. Our document, in essence, demonstrates that ICANN has been completely ineffective in handling rampant abuse of the Domain Name System. Now, this analysis does not concern a vague responsibility for ICANN to protect the Internet but rather details specific failings which have allowed spam, malware, drug trafficking, and brand abuse to run rampant with absolute impunity. The related impact cannot be understated as rouge pharmacy websites have recently been tied to counterfeit cancer drugs. Some tainted versions were found to contain Streptococcus. It is not believed that ICANN staff wants the DNS to be abused in such ways and has been clearly frustrated by an internal structure which did not appreciate the importance of the department or devote enough resources to it. Regardless, our analysis shows a staff unclear about actual policy, providing contradictory information, and going silent when asked tough questions. This in general has been a disheartening discovery process.

ICANN Compliance acknowledged in Sunday’s meeting that it had several non-aligned ticketing systems and that complaint submission interfaces without back-end processing or tracking. It is responding to this problem by centralizing its complaint processes and significantly enhancing its reporting capacity. Compliance is obviously trying to clarify its mission and build resources but is ultimately restricted by the fact that the RAA contract as written is unenforceable on WHOIS inaccuracy. At this time correcting this gaping hole in the contract is not part of the current contract negotiations. Any new contract will be just as useless without a change in section 3.7.8.

The new CEO should be applauded for his agenda and welcomed. Compliance should be encouraged in its mission. But as George Santayana famously said “Those who cannot remember the past are condemned to repeat it.” For us not to document these failings, regardless of the current improvements would be irresponsible. Our full research document is here: http://knujon.com/Knujon_ICANN_compliance_eval_09192012.pdf