North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Registrars serve no useful purpose

  • From: David M. Besonen
  • Date: Wed Jan 19 12:17:23 2005

[a dated, biased (what isn't?), insightful, and 
relevant interview]


Published on Policy DevCenter 
(http://www.oreillynet.com/policy/)
 http://www.oreillynet.com/pub/a/policy/2002/12/05/karl.html


Karl Auerbach: ICANN "Out of Control"
by Richard Koman
12/05/2002

Editor's note: Strong forces are reshaping the 
Internet these days. To understand these forces--
governmental, business, and technical--Richard Koman 
interviews the people in the midst of the changes.

This month, Richard talks to Karl Auerbach, a public 
board member of ICANN and one of the Internet 
governing body's strongest critics.

October's distributed, denial-of-service attack 
against the domain name system--the most serious yet, 
in which seven of the thirteen DNS roots were cut off 
from the Internet--put a spotlight on ICANN, the 
nongovernmental corporation responsible for Internet 
addressing and DNS. The security of DNS is on ICANN's 
watch. Why is it so susceptible to attack, when the 
Internet as a whole is touted as being able to 
withstand nuclear Armageddon?

It's religious dogma, says Karl Auerbach, a public 
representative to ICANN's board. There's no reason DNS 
shouldn't be decentralized, except that ICANN wants to 
maintain central control over this critical function. 
Worse, Auerbach said in a telephone interview with 
O'Reilly Network, ICANN uses its domain name dispute 
resolution process to expand the rights of trademark 
holders, routinely taking away domains from people 
with legitimate rights to them, only to reward them to 
multinational corporations with similar names.

Auerbach--who successfully sued ICANN over access to 
corporate documents (ICANN wanted him to sign a 
nondisclosure agreement before he could see the 
documents)--will only be an ICANN director for a few 
more weeks. As part of ICANN's "reform" process, the 
ICANN board voted last month to end public 
representation on the board. As of December 15, there 
will be zero public representatives on the ICANN 
board.

How does ICANN justify banishing the public from its 
decision-making process? Stuart Lynn, president and 
CEO of ICANN, said the change was needed to make 
ICANN's process more "efficient." In a Washington Post 
online discussion, Lynn said: "The board decided that 
at this time [online elections] are too open to fraud 
and capture to be practical, and we have to look for 
other ways to represent the public interest. It was 
also not clear that enough people were really 
interested in voting in these elections to create a 
large enough body of voters that could be reflective 
of the public interest. This decision could always be 
reexamined in the future. In the meantime, we are 
encouraging other forms of at-large organizations to 
self-organize and create and encourage a body of 
individuals who could provide the user input and 
public interest input into the ICANN process."

Former ICANN president Esther Dyson is also supporting 
the move away from public representation on the board. 
"I did believe that it was a good idea to have a 
globally elected executive board, [but] you can't have 
a global democracy without a globally informed 
electorate," Dyson told the Post. "What you really 
need [in order] to have effective end-user 
representation is to have them in the bowels (of the 
organization) rather than on the board."

Auerbach isn't buying. "ICANN is pursuing various spin 
stories to pretend that they haven't abandoned the 
public interest," he says in this interview. "ICANN is 
trying to create a situation where individuals are not 
allowed in and the only organizations that are allowed 
in are those that hew to ICANN's party line."

In this interview, Auerbach makes a number of strong 
criticisms of ICANN, beyond the issue of public 
access:

    * ICANN uses its domain name dispute resolution 
process to expand the rights of trademark holders, 
routinely taking away domains from people with 
legitimate rights to them, only to reward them to 
multinational corps with similar names, Auerbach says.
    * ICANN unnecessarily maintains the domain name 
system as a centralized database, making it vulnerable 
to attack.
    * ICANN has failed to improve network security 
since September 11 and has ignored Auerbach's 
suggestions for improving DNS security.
    * ICANN staff takes actions without consulting the 
board, withholds information from the board, and 
misleads board members.
    * Finally, Auerbach charges that ICANN is guilty 
of corporate malfeasance.

Koman: On October 21, there was a denial-of-service 
attack on DNS, which was widely reported as the most 
serious yet. Something like seven of the thirteen root 
servers were unavailable for as long as three hours. 
What is ICANN's responsibility for DNS, and how 
vulnerable is it to attack?

Auerbach: On the Internet, there are a couple of areas 
that arguably need some centralized authority. One of 
these is IP address allocation--addresses need to 
handed out with some notion of how they comport to the 
physical topology of the network.

A lot of people look at the domain name system as 
equally in need of centralized control. They look at 
DNS and see there's a root on top and some number of 
names underneath and they say, "Whoa, we need an 
organization to manage that." From a technical point 
of view, that's completely untrue. The DNS is really 
an optional service on top of the basic functionality 
of the Internet. We could have many different versions 
of DNS. The only concern is they be consistent with 
one another. People have elevated this argument for 
consistency to the idea that we can only have one, 
catholic source of names. That's a leap of logic that 
does not exist in reality; nevertheless ICANN uses 
that leap to justify its existence.

By some religious dogma, we have come to the 
conclusion that there must be one ICANN sitting on top 
of the domain name space. It's a false conclusion but 
many people believe it, and it's a very useful 
conclusion for trademark interests, who have found 
that enforcing trademarks through the court system is 
just plain expensive. They found ICANN to be a very 
convenient tool to expand the law of trademarks, so 
trademark holders can exert control over non-trademark 
holders in a much less expensive way, and in a way 
that happens to lack all the protections of due 
process and judicial review. That's a dream for the 
trademark holders; they love ICANN.

Koman: Let's talk about the recent denial-of-service 
attack.

Auerbach: The interesting thing is, September 11 was 
more than a year ago and ICANN formed this high-level 
plenary committee to go and deal with DNS security, 
and to date not a single peep has come out of that 
committee. Yet I proposed in early October 2001 a set 
of several concrete, specific things that people could 
do to protect DNS, and more importantly, to recover 
from a DNS outage. And also to go after the bad guys 
to deter others from doing it.

ICANN, because they refuse to admit I exist, deep-
sixed the entire set of suggestions and hasn't even 
admitted that they exist. ICANN has intentionally 
disregarded things it could have done to protect DNS 
security, which possibly, had they been adopted, would 
have either slowed, prevented, or more quickly 
deflected this most recent attack. ICANN does not have 
the public interest at heart.

ICANN isn't doing a diddly thing about network 
security. The committee itself has great people on it, 
but they're great people in a very narrow sense. 
They're technical experts but they know nothing about 
how to recover from a disaster. How do you lock a 
door? They know nothing about collection of evidence. 
They know nothing about how to recover from a 
disaster.

Koman: How insecure is DNS; how susceptible is it to 
attack?

Auerbach: Well, I don't disagree with the assessment 
of Bruce Schneier that DNS is probably the most 
vulnerable point of the Internet. ICANN has proclaimed 
as a matter of religious dogma--and it's nothing more--
that there shall be but one DNS root. Well that means 
ICANN is declaring the Internet shall have one single 
point of failure and here it is. ICANN has by that 
dogma condemned the Internet to vulnerability.

Koman: The whole Internet is based on its 
decentralized nature, on redundancy, on the lack of 
single points of failure.

Auerbach: Except in the domain name system. And the 
domain name system need not be that way. ICANN is 
making a lot of assertions that are not justified by 
technology and are not consistent with the public's 
desire to control its own Internet experience.

Public Representation on ICANN

Koman: On October 31, ICANN approved new bylaws that 
removed the five publicly elected board members, 
leaving no public representation on the board, as of 
December 15.

Auerbach: That's right. Now ICANN is pursuing various 
spin stories to pretend that they haven't abandoned 
the public interest. One is that they have governments 
participating in ICANN and the governments represent 
the people of their nations, and because governments 
are an advisory group within ICANN, we don't need mere 
people. That argument is fallacious; governments not 
only represent their citizens; they also represent 
businesses and other entities within their borders. 
But ICANN gives special privileges to those businesses 
in its forums, and businesses still do get to elect 
board members. They've also created these so-called at-
large advisory committees (ALACs)--note that they're 
called "at-large" as if the public could join, but 
membership is not open to the public; membership is 
only open to organizations. ICANN is trying to create 
a situation where individuals are not allowed in and 
the only organizations that are allowed in are those 
that hew to ICANN's party line.

You have no way to vote against ICANN directors. You 
have as much right to vote against ICANN directors as 
the peasants in France had of voting against Louis 
XIV.

Koman: What is ICANN's attitude to the idea that the 
Internet is a public resource and that the public has 
some justifiable interest in being involved in its 
governance?

Auerbach: ICANN is an oligarchy. ICANN claims it's a 
private organization yet it claims immunity from 
things like antitrust because it derives its powers 
via contracts with the government. It has decided that 
things like decentralizing the domain name space 
should not be done because the public should not be 
confused. ICANN has made all these decisions based on 
the concept of what the public should have and what it 
should not without ever asking the public what it 
wants or allowing the public to have its 
representatives among those who decide these issues.

Koman: So doesn't the public have a reasonable right 
of governance of this critical public resource?

Auerbach: The public does have an expectation--ICANN's 
purpose is to benefit the public and yet ICANN has 
done nothing but promote business. There are public 
interests that are really important on the Internet. 
Like making sure the domain name system works reliably 
day in and day out, that it's reasonably protected and 
stable. ICANN has not done any of that. The public's 
expectations of what ICANN ought to be doing have been 
unfilled and the public's expectation of what ICANN 
ought not to be doing have been quite well fulfilled. 
ICANN is squishing out of the seams in jobs it ought 
not to be doing.

Corporate Malfeasance?

Koman: Stuart Lynn says they made this change to 
streamline the efficiency of the organization.

Auerbach: Since when has efficiency of ICANN been an 
important goal? ICANN has been the most inefficient 
organization in the world; it's only created seven top-
level domains in its four years of existence. And it 
only had elected members for half of that period, and 
only a partially elected membership. ICANN doesn't 
need efficiency; it needs to examine itself and 
discover, for example, that its staff is utterly out 
of control. Stuart Lynn in Shanghai got up and 
announced to the world that ICANN is going to have 
three new top-level domains of the sponsored type. Who 
decided that's what we need or that we need only three 
of them? Stuart Lynn did. He didn't consult with the 
community yet he declared the future business 
landscape of the Internet. He decided who is going to 
be on the main street of the Internet and who is going 
to be forced into the back alley. That's not a 
decision that arose out of elections and non-
elections; that arose out of the fact that ICANN has 
an irresponsible staff that doesn't account to the 
board, much less to the public, and the board doesn't 
do anything about it. Insubordination is rife 
throughout ICANN and the board simply chooses to be 
powerless and not do anything about it. Elections are 
a non sequiteur. They have nothing to do with this 
issue.

In terms of corporate governance, ICANN makes Enron 
look like a saint. I had to sue them to look at the 
most basic information a board member should look at, 
and what's amazing is that out of the lawsuit, we 
discovered that no other board member had bothered to 
do it, including ICANN's own audit committee. I can't 
even believe the auditors signed off on ICANN's annual 
report because I looked at the raw data and it's 
unauditable. You can't verify that an expense that was 
paid was actually tied to an expense requisition--they 
were just paying random invoices.

Koman: But there's a congressional committee that 
oversees ICANN, is there not?

Auerbach: No. ICANN plays this shell game--it claims 
to be a private corporation but it's not really 
private because it's a public benefit corporation of 
California. ICANN is in fact, a 501(c)3, which means 
it's exempt from federal taxes. ICANN is not a 
governmental organization so Congress's role is not to 
oversee ICANN but rather to look at it and then 
determine whether or not Congress needs to pass 
legislation that controls how the executive branch--
the Department of Commerce--acts in situations like 
this. Yes, Congress can put pressure on the Department 
of Commerce, but it's indirect pressure. Commerce has 
chosen to blind itself to the foibles of ICANN. 
Commerce has not held ICANN to its commitments. It has 
not audited ICANN to see that ICANN is doing the job 
it's supposed to do. As far the financial aspects go, 
Commerce has really no role because ICANN is a private 
organization. That's what the directors' role is, to 
oversee the finances, yet ICANN's management has tried 
to make it so the directors can't do that.

Koman: So in the absence of ICANN directors asking for 
accountability ...

Auerbach: There is none.

Koman: There is no other layer?

Auerbach: Well, there is one other person who can hold 
ICANN accountable, but his name is rarely mentioned--
Bill Lockyer, the attorney general for the state of 
California. He can hold ICANN accountable if the board 
members do not. I imagine the IRS can as well. I've 
pointed out certain problems in ICANN whereby the 
board members may be personally liable for millions of 
dollars for certain acts of ICANN; and even with that 
sort of sword of Damocles hanging over ICANN and its 
directors and their pocketbooks, they're not willing 
to take action. It's an organization that's just 
unbelievable.

Koman: Karl: In testimony to Congress, you said, if 
ICANN ceased to exist ...

Auerbach: The Internet would run perfectly. The 
Internet addressing is now being administered by four 
groups called the RIRs (Regional Internet Address 
Registries), and they issued what amounts to a 
declaration of independence from ICANN--they presented 
it in Shanghai. That's the critical function. 
Addresses would continue to be allocated by these 
groups even if ICANN were to disappear. Verisign takes 
care of the DNS part--it still prepares the root zone 
file every day and publishes it--that's where it comes 
from. ICANN does not have its fingers on the keyboard 
editing that file--that's still inside Verisign. And 
that would still happen if ICANN disappeared.

Koman: So the existence of ICANN is in fact a threat 
to the Net?

Auerbach: Well, as we've seen in the security case, 
had they not been there we might have reacted more 
quickly to the threats coming out of September 11. But 
ICANN has said, "Oh huff and puff, we'll establish 
these grand glorious committees that will solve the 
problem. And because so many other things are 
happening, people have a sense of complacency; they 
say, "Oh, ICANN's handling that." But ICANN's not. 
ICANN's far more willing to give .com to Verisign in 
perpetuity, and deal with reassigning .org, than it is 
in dealing with what it needs to do to make sure the 
DNS root level runs responsibly and reliably. For 
example, my first day on the board I suggested ICANN 
put in place a monitoring system so that we can learn 
when DNS servers at the root start to go south. They 
simply didn't want to consider it. Verisign does that 
on their own. The security stuff--they don't want to 
hear about it.

Public Action

Koman: What can people do? No amount of public 
agitation will bring about change?

Auerbach: No, agitation will work. The Department of 
Commerce might realize, hey, their little baby is out 
of control. More congresspeople might realize 
something's rotten in Denmark and start accumulating 
the pressure on Commerce. And, of course, there are 
people outside the U.S. who might realize that ICANN 
is, for example, advocating wholesale violations of 
privacy by publishing the whois databases to anybody 
and anyone, with preference to trademark people, and 
that includes your personal ID; you've entered into a 
contract to buy a domain name; you didn't enter into a 
contract to publish your name, address, phone number, 
company affiliation, and email address to everybody in 
the world, including spammers. But ICANN says it has 
to be that way.

Privacy is a balance between somebody's need to know 
and your need for privacy. There are a lot of 
principles that have come up over the years about how 
this balance is to be struck, and ICANN has 
disregarded all of those, because the trademark people-
-in their race to accuse people of being trademark 
violators and obtain their names, addresses, and phone 
numbers--have insisted that ICANN make all this stuff 
widely available. I know a woman who's been stalked 
because her name was listed in the whois database; 
it's not that uncommon. And all of us have received 
spam and phone calls.

Koman: What can outraged citizens do about this?

Auerbach: Well, be outraged, first of all. Participate 
in ICANN. I displayed a photo showing that the 
meetings were empty, and they said, "here we are in 
the most populous nation in the world and the fact 
that nobody shows up means that we're doing a good 
job!" Wait a minute, maybe it's that people have 
become totally disenchanted with you and have figured 
out that showing up doesn't make any difference. But 
we can't give them that excuse; people still have to 
participate in ICANN and ensure that we have a firm 
record of ICANN constantly and repeatedly going 
against the demonstrated consensus of opinion; also 
what the public needs to do is keep up constant 
pressure on their representatives, and also on Don 
Evans in the Department of Commerce. I'd make noises; 
if you're in California, write to the attorney 
general, and ask how come we have this public benefit 
corporation in California that receives all these 
benefits yet seems to operate in complete defiance of 
the principal of benefitting the public.

Koman: When ICANN demands that DNS be centralized when 
it could very well be decentralized; when P2P 
technologies themselves, rather than "pirate users" 
are attacked by the record companies and Hollywood ... 
doesn't it seem that there is a battle for control of 
the infrastructure of the Net, and that the battle is 
drawn on lines of how centralized or decentralized the 
Internet shall be?

Auerbach: There's definitely a battle for control. A 
lot of people are fearful of chaos. ICANN's attitude 
is that we are technologists; we know better about how 
the world should run than you do. And these are people 
who can't even run a small business and keep it 
afloat. Yes, they're smart people and they are very 
condescending to other people who have other 
backgrounds and other points of view. But you know, 
technology isn't everything; dispute resolution is 
important; knowing how to keep finances is important.

Koman: Were some directors filled in and others left 
in the dark?

Auerbach: There was definitely an inner circle. Very 
definitely. I hear from the budget committee, "Oh, 
we're watching that." Yet I have never been able to 
find out whether there's information to be watched. 
There's some information flowing that I've not yet 
found. When Stuart Lynn announced his grand plan for 
change--I don't want to call it "reform" because it's 
not reform--several board members had already heard 
it, had seen it; I was just appalled that members had 
sent people around the world to talk to outsiders, 
without validating that the board wanted this. And 
Stuart Lynn gets up there and announces we're going to 
have three new top-level domains. He never asked the 
board for that. He just did it.

He has given me and the whole board information that 
he knew was false. I believe that his intent was to 
mislead. I have instances where he's knowingly made 
false statements to the board. I think he should be 
fired for insubordination, as well as incompetence. 
And the same for their law firm. Joe Sims--he's the 
secret director--he's unelected but he's party to 
everything. He's made more money through ICANN than 
anyone else.

Koman: Through his law firm?

Auerbach: Yes, and he's a partner.

Auerbach: He's the one who brokered the gift of .com 
to Verisign in perpetuity, privately. And he went to 
ICANN and said, "here's what I've done--adopt it." And 
ICANN said OK. Even over the advice of its own 
advisory group.

Koman: Amazing.

Auerbach: The public interest is not being served.

Richard Koman is a freelance writer and editor, and 
former O'Reilly editor. Read his blog 
[http://rkoman.blogspot.com/]