Fun stuff ahead for some website owners, thanks to a breakdown in the registration process. A Swiss security researcher has spotted bogus ICANN blacklist removal emails being sent to site owners containing a Word document that acts as a trigger for ransomware.
Ironically, the emails containing this malware inform recipients that their domain is "being used for spamming and spreading malware." The spam email invites site owners to download a malware-laced "report" for further instructions on how to remove their site from the blacklist, warning them they only have 24 hours to fall victim to ransomware respond.
The researcher is now "counting the hours (days?)" until either eNom or ICANN act in response to this spoofing/ransomware attack. Don't hold your breath. ICANN has yet to say anything publicly about this and, as of this point, eNom has yet to deactivate the account. For now, the fake ICANN still lives and breathes and poses a threat to recipients of this official-looking email.
Having spent part of the morning responding to clueless conspiracy theorists on my earlier post, I'm sure you're going to hear the standard ridiculous lizard people warnings about how this is enabling "the UN" or "leftists" and "globalists" to "takeover" the internet and how it will allow China to build the "Great Firewall" into the core functioning of the internet. None of that is even remotely true. What happens tonight at midnight is... nothing, basically. ICANN, which has managed the IANA function through its multistakeholder process for almost two decades... will continue to do so. Nothing changes. The only "change" is that the US Commerce Dept. no longer has to issue a contract to ICANN for the IANA functions. And that's it.
But, at a larger scale, what this does is preserve the way internet governance currently works, and makes sure that governments are not the one running the show. Under the ICANN setup, things are not decided at the whim of any government, but through a much more involved process, that allow lots of non-government players -- including the engineers who built the internet and keep it functioning -- to have a major say in what happens. This is good. ICANN is far from a perfect vehicle for internet governance, but this change is a good one.
Okay, this is really dumb. What is it about state attorneys general making totally bullshit claims? It seems to happen with fairly consistent frequency. The latest is that four state AGs (from Arizona, Texas, Oklahoma and Nevada) have filed a lawsuit to stop the IANA transition. If you don't recall, we've written about this a bunch. A bunch of people are up in arms over something they don't seem to understand. The IANA transition is a good thing. It's not the US government handing over the internet to Russia and China as you may have heard. It's the Commerce Department severing an almost entirely symbolic link between it and a very specific internet governance capability concerning top level domains. And it's important to complete the transition because other countries (including Russia and China) keep pointing to this symbolic link as a reason for why they should have more say in internet governance. Getting rid of the link keeps the internet functioning as it has for decades -- and takes away a weapon from Russia and China. More importantly, going back on the transition now actually gives even more ammo to Russia and China, allowing them to point to unilateral actions by the US gov't to block a process that everyone had agreed upon earlier.
Anyway, to the actual lawsuit. It's dumb. It's really dumb. If you live in Arizona, Texas, Oklahoma or Nevada, you should be embarrassed for your Attorneys General. Elect better ones next time, please. First of all, they have no standing whatsoever to file this lawsuit. The IANA/top level domain system is not those states' property. They have no claim here other than "HEY LOOK! POLITICAL FOOTBALL THAT WE CAN GRANDSTAND OVER!" That does not give them standing. The best they can come up with for claiming standing is... uh... "hey, we have some websites." No, really.
Plaintiffs operate multiple websites, including those that use the .gov and .com generic top level domains, to conduct their business and communicate with their citizens.
Yeah. That's not enough to get standing here, buckos. Also, in filing a lawsuit they don't allege any actual harms. That's kind of a big no no when filing a lawsuit. Instead, they sorta maybe kinda speculate that maybe possibly there could (sorta, maybe) be some (possible, maybe, not really) harm in the theoretical future. Maybe.
Second, the entire crux of the lawsuit is that the authoritative root zone file and the internet domain name system itself are somehow "property" of the federal government, and that this transition is, in effect, the giving away of government property without an act of Congress, violating the Property Clause of the Constitution. Except, as we just discussed recently, the Government Accountability Office studied this issue earlier this month and came to the conclusion that "nope, it's not property." In case you missed it then:
It is unlikely that either the authoritative root zone file—the public “address book” for the top level of the Internet domain name system—or the Internet domain name system as a whole, is U.S. Government property under Article IV. We did not identify any Government-held copyrights, patents, licenses, or other traditional intellectual property interests in either the root zone file or the domain name system. It also is doubtful that either would be considered property under common law principles, because no entity appears to have a right to their exclusive possession or use.
Others have walked through some of the other charges and find them all totally lacking. A judge is set to review this request for an injunction later today, and you never know how any individual judge might rule. So it's entirely possible that this will muck up the timing of the transition, but long term, this filing is not just a joke, but it's an embarrassment and a waste of taxpayer money in those four states.
So, yesterday, we noted that the Senate at least seemed to come (at least somewhat) to its senses in choosing not to include the ridiculous and dangerous proposal from Ted Cruz (and supported by Donald Trump) to block the transition of the IANA functions of internet governance away from the Commerce Department. I won't go into (once again) why this is important and not a problem, or even why Cruz's objections to it are so backwards that his plan will actually make it more likely that the "bad" result he keeps warning about will actually come to pass. You can reread the older articles on that.
However, with Democrats complaining about the Senate's Continuing Resolution and a vote on it being pushed off, the debate over the possibility of blocking the transition is still going on. Hell, Ted Cruz even pointed to Donald Trump's support of his plan as a reason to finally endorse Trump:
Internet freedom. Clinton supports Obama’s plan to hand over control of the Internet to an international community of stakeholders, including Russia, China, and Iran. Just this week, Trump came out strongly against that plan, and in support of free speech online.
Except, none of that is true. First, the plan does not hand over control to Russia, China and Iran -- and keeping IANA under the Commerce Dept. makes it A LOT MORE LIKELY that that coalition of countries is able to grab control of the IANA functions from ICANN and the US. But, uh, even more importantly, claiming that Trump is in favor of "free speech online" is laughable. This is the candidate who has repeatedly talked about "opening up our libel laws" to go after speech he doesn't like, has threatened to sue many publications for protected speech, and has flat out declared that we should turn off parts of the internet and anyone who responded with "freedom of speech" was "foolish."
But, that's still not the craziest argument I've heard recently concerning the transition. The award there goes to Theresa Payton, who was a top IT staffer at the White House under George W. Bush and now runs a "cybersecurity" firm. She wrote a bizarre opinion piece in The Hill that, frankly, calls into question whether she understands what ICANN even does. She tries to argue that the transition will somehow make it easier for Russia to hack our election... because [reasons].
Changing who controls the Internet Corporation for Assigned Names and Numbers (ICANN) so close to our presidential election will jeopardize the results of how you vote on Nov. 8 unless Congress stops this changeover. When the calendar hits Sept. 30, a mere 6 weeks before our election, the United States cannot be assured that if any web site is hacked, the responsible party will be held accountable. We cannot be sure if a web site is a valid. We cannot be sure if one country is being favored over another. These are all the things ICANN is responsible for and has worked perfectly since the Internet was created. Why change it now and so close to the election? Why does that matter to you as a voter?
Take a look at recent cyber activity as it relates to the election. The Democratic National Convention was breached comprising the entire party’s strategy, donor base, and indeed, national convention. Everything the DNC had done to prepare for a moment four years in the making (if not longer) was undermined by a hacker who had been in their system for some time but waited for the optimal moment to spring it on the DNC – opening day of the convention. The FBI and other U.S. agencies, as the headlines blare, suspect Russia is responsible for the hack. Recently, Vladimir Putin went so far as to say, "Does it matter who broke in? Surely what's important is the content of what was released to the public.”
Except, uh, ICANN has nothing to do with figuring out who hacks who. Nor is it the party that's figuring out if one country "is being favored over another" or if a "website is valid." That's not ICANN's job, and has nothing to do whatsoever with the IANA transition -- which will leave the internet working exactly as it has before. Honestly, this opinion piece does nothing to call the transition into question, but does a tremendous job in calling Theresa Payton's knowledge of technology and cybersecurity into question.
ICANN does more than just assign and/or approve your website’s domain. ICANN has its own Security and Stability Advisory Committee, which “engages in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and advises the ICANN community accordingly.” They are equivalent to your security guard at the bank. Why change the security guard now when voter data is more vulnerable – and prized - than ever?
If ICANN changes hands, so do the security measures taken to protect the rightful owner of your web site. If a site was hijacked today – not an uncommon crime in the cyber world - to reassert yourself as the rightful owner, you would go through law enforcement channels, your domain provider, and yes, ICANN.
First of all, the "transition" in question isn't about transitioning all of ICANN. Just its IANA functions, which only have a symbolic connection to the US government. Second, Payton seems to not understand what ICANN does, what the ICANN SSAC does, or how internet security works. They are not the equivalent of the "security guard at the bank." You'd think the CEO and founder of a "cybersecurity" company would know that. And, after the IANA transition takes place, ICANN itself doesn't "change hands" nor does it change what the SSAC does, which isn't anything even remotely close to what Payton seems to think it does.
Don't trust me? How about Stephen Crocker, who heads ICANN's Board of Directors -- and also helped create the damn internet. You know how much of the internet was designed through "RFCs" -- "Requests for Comments" -- well, Crocker invented the RFC and wrote the very first one. I think he knows what he's talking about. And he and the head of ICANN's SSAC, Patrik Fallstrom, have responded to Payton with a nicer version of "you have no idea what you're talking about."
The SSAC is not a “security guard” for the Internet. The SSAC has no enforcement power, and the value of its advice is based on the strength of the facts underlying such advice.
The Security and Stability Advisory Committee advises the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems. Our recent work include advisories on a wide range of topics such as internationalized domain names, protecting domain name owners and operators, best practices for domain name registrars, analysis on the changing nature of IPv4 address semantics, and advice on matters pertaining to the correct and reliable operation of the root name system and other issues (see https://ssac.icann.org/ for more details). The SSAC neither operates as a security guard for the Internet, nor does it aspire to.
The IANA transition has no practical effect on the work and activities of the SSAC. Nor does the transition have any effect on the security and stability of website owners worldwide. The risk of compromise of a website owner does not increase as a result of the IANA transition, since ICANN and IANA do not control either the ownership of websites or the content on websites. Leading technical experts, industry associations, and civil society groups agree that allowing the IANA contract to expire is the best possible way to protect and promote the continued integrity of the Internet.
There is simply no relationship between ICANN and the current U.S. election process. Assertions of this sort are misleading and irresponsible. On the other hand, attempt to connect ICANN to the U.S. political process play directly into the hands of the enemies of an open Internet who would like to see ICANN and other Internet bodies put under the control of the United Nations or, worse yet, broken up into separate, government-controlled networks that do not interoperate smoothly around the world.
So, yeah. It seems that as we get closer to the transition, and since this issue has become "political," we're seeing stupider and ever more clueless attacks -- but they seem to only serve to make the people behind them look worse and worse. This shouldn't be a partisan issue. It shouldn't be a political issue. It shouldn't be an issue. Severing the minor link connection between IANA and the Commerce Department changes nothing practical in how the internet is governed, but takes a big weapon away from Russia and China in their quest to take control over those functions.
So, just a few hours ago, the reports were still spreading that the Senate would absolutely include Ted Cruz's preferred language that would block the (largely symbolic, but really important) transfer of control over the IANA functions of ICANN away from the Commerce Department. We've explained over and over and over again why this is important -- including once this morning in response to Donald Trump suddenly taking a stand (an incredibly ignorant one, but a stand) on the issue.
And then... poof. The Senate Appropriations Committee released its "short term continuing resolution" (CR for short) and it does not include any language on blocking the IANA transition. So... all the talk and (misleading) hype was apparently a bunch of grandstanding and hot air over nothing. It may have just been posturing and used to negotiate something else. Or, maybe (just maybe) people who actually understood what was happening with the IANA transition were actually able to explain to those in charge how stupid all this rhetoric was. That would certainly be a nice explanation for this -- though it seems tragically unlikely.
But, for the short term, this means a very dangerous thing for the internet, pushed for by Ted Cruz (and, as of yesterday, Donald Trump) has been avoided. It's possible that the House could try to somehow move to block the transition, but that seems unlikely. So, we may have actually won one here and narrowly avoided political grandstanding mucking up a piece of the internet. Phew.
We've been explaining this since it was first proposed two years ago: but the IANA transfer away from the Commerce Dept. is a good thing on a variety of important levels. Earlier this year, we did a more thorough explaination on why it was a good thing, and then a further post earlier this month explained why Ted Cruz, who was leading the charge in blocking the transition, was basically wrong on every point about it. And not just wrong, dangerously so. Cruz keeps claiming that the transition makes it easier for Russia, China and the UN to "take control" over internet governance. The exact opposite is true. But we'll get there.
"Donald J. Trump is committed to preserving Internet freedom for the American people and citizens all over the world. The U.S. should not turn control of the Internet over to the United Nations and the international community. President Obama intends to do so on his own authority – just 10 days from now, on October 1st, unless Congress acts quickly to stop him. The Republicans in Congress are admirably leading a fight to save the Internet this week, and need all the help the American people can give them to be successful. Hillary Clinton’s Democrats are refusing to protect the American people by not protecting the Internet.
The U.S. created, developed and expanded the Internet across the globe. U.S. oversight has kept the Internet free and open without government censorship – a fundamental American value rooted in our Constitution’s Free Speech clause. Internet freedom is now at risk with the President’s intent to cede control to international interests, including countries like China and Russia, which have a long track record of trying to impose online censorship. Congress needs to act, or Internet freedom will be lost for good, since there will be no way to make it great again once it is lost." - Stephen Miller, National Policy Director
First of all, here's Trump going on and on about "internet freedom" and "free speech." And yet... this is the very same candidate just a few months ago who talked about "shutting down parts of the internet" and mocking those who would say "oh freedom of speech" claiming anyone who fell back on that claim were "foolish people."
So, apparently it's okay to shut down parts of the internet, and those talking about free speech are "foolish people," but a symbolic effort over who controls the domain name system must be stopped because internet freedom and free speech are too important.
More importantly, almost everything the Trump campaign says in those two short paragraphs about the transition is wrong. And it's a really, really stupid and dangerous position to take for the internet. First off, as we've explained, the current link between the Commerce Department and ICANN and its IANA functions is more theoretical than real anyway. The US government really doesn't have any official control here. It's symbolic and that symbolism is doing a hell of a lot more to hurt the internet than to help it. Yes, Russia and China have, in the past, tried to take more control over internet governance via the UN/ITU, but that was stopped. But -- and this is the important part -- a big part of their rationale for trying to do so was the US's "control" over IANA via the Commerce Dept. That is, keeping this small bit of internet governance loosely connected to the US government adds fuel to the fire for authoritarian governments to seek more control over the internet. And that doesn't even get into the backlash that it will create if we go back on our word and refuse to complete the transfer of IANA away from the Commerce Dept (again, a largely symbolic move anyway).
But, don't trust me. Trust basically anyone and everyone with any actual knowledge on the situation. Here's Tim Berners-Lee, the guy who invented the web itself, explaining why the transition must go forward and why Cruz (and, by extension now, Trump) are totally wrong:
The global consensus at the heart of the Internet exists by virtue of trust built up over decades with people from all over the world collaborating on the technical design and operation of the network and the web. ICANN is a critical part of this global consensus. But if the United States were to reverse plans to allow the global Internet community to operate ICANN independently, as Sen. Cruz is now proposing, we risk undermining the global consensus that has enabled the Internet to function and flourish over the last 25 years.
Contrary to the senator’s view, ICANN is no “mini-United Nations.” ICANN is a vital part of the voluntary, global network of private organizations that provides Internet stability and the ability to innovate free from government interventions around the world.
Berners-Lee makes it clear that going back on the transfer will put the US gov't in the same kind of dangerous category that Cruz (and Trump) put Russia and China in:
But by forcibly undermining the global Internet community’s ability to make decisions about ICANN, the United States would stoop to the level of Russia, China and other authoritarian regimes that believe in the use of force to limit freedom online.
If not them, how about Kathryn Brown, who runs the Internet Society. She also argues that delaying the transition is what helps the case for Russia and China, rather than the other way around:
Some warn that if the plan to transition authority on Oct. 1 is delayed, countries like Russia and China could try to shift domain name responsibilities to the United Nations, giving those nations more influence over global internet policy.
"Any delay would add a degree of instability and make the prospect of government control of the internet more likely, not less," said Kathryn Brown, president of the Internet Society, a nonprofit organization that advocates open internet policies.
It vaguely suggests that the transition might create “an opportunity for an enhanced role for authoritarian nation-states in Internet governance,” but provides no evidence as to how or why it does. In fact, if the U.S. is forced to abort the transition now it would play right into the hands of authoritarian states. Killing ICANN’s reforms through impulsive and arbitrary American action would fatally undermine the global Internet governance model rooted in nonstate actors. It would strengthen the case for national sovereignty-based Internet models favored by authoritarian states. “Look,” they will say, “the U.S. wants to control the Internet, why can’t we?” ICANN’s independence from unilateral U.S. government control is a logically and politically necessary consequence of its independence from all governments. By getting in the way of that, it is the Congressmen, not the Commerce Department, who are creating an opportunity for authoritarian states to enhance their influence in Internet governance.
The Congressmen suggest that “this irreversible decision could result in a less transparent and accountable Internet governance regime.” But how? No reference is made to the actual reform plans. In fact, the transition brings with it major corporate governance changes that would significantly improve ICANN’s accountability and transparency. The transition brings with it a new set of bylaws that gives the public enhanced rights to inspect ICANN’s books, the right to remove board members, and the power to prevent the board from unilaterally modifying its bylaws. Under U.S. government supervision for the past 18 years, ICANN has been almost completely unaccountable – yet this is the status quo they want to retain. By opposing the transition, the Congressmen are getting in the way of reforms that address the very things ICANN critics have been complaining about.
The congressmen claim that “Questions have been raised about ICANN’s antitrust status.” Well, what questions, and what are their implications for the future of Internet governance? No answer. This is a phony issue. ICANN is not, and never has been, exempt from antitrust liability.
And so forth and so on. Part of the attempt to throw a wrench into the transition was Cruz claiming that Congress needs to approve the transition, as it has the power to determine if the government can "dispose of... property." But the Government Accountability Office (GAO) just released a report basically saying that doesn't apply here and the Commerce Dept is free to move ahead with the transition. Specifically, the GAO finds it to be ridiculous that the entire domain name system should be considered "property of the US government" because it's not.
It is unlikely that either the authoritative root zone file—the public “address book” for the top
level of the Internet domain name system—or the Internet domain name system as a whole, is
U.S. Government property under Article IV. We did not identify any Government-held
copyrights, patents, licenses, or other traditional intellectual property interests in either the root
zone file or the domain name system. It also is doubtful that either would be considered
property under common law principles, because no entity appears to have a right to their
exclusive possession or use.
In short, there's a legitimate concern that Russia and China would like more control over the internet. But that's the only point that Trump and Cruz get right. What's astounding is that their preferred course of action -- delaying or even blocking the IANA transition away from the Commerce Dept actually supports Russia and China in their efforts to gain control over the internet. So if you care about the future of the internet and how it is governed, could someone please educate Cruz and Trump that they're doing exactly the kind of damage they claim to be trying to stop?
Just a few months ago, we wrote up a decently long post explaining why the upcoming "transition" of a piece of internet governance away from the US government was both a good thing and not a big deal. You can read those two posts on it, but the really short version is twofold: (1) the Commerce Department's "control" over ICANN's IANA (Internet Assigned Numbers Authority) was always pretty much non-existent in the first place; and (2) even having that little connection to the US government, though, only provided tremendous fodder for foreign governments (mainly: Russia & China) to push to take control of the internet themselves. That's what that whole disastrous UN/ITU/WCIT mess was a few years back. Relinquishing the (non-existent) control, with clear parameters that internet governance wouldn't then be allowed to jump into the ITU's lap, helps on basically every point. It takes away a key reason that other countries have used to claim they need more control, and it makes it clear that internet governance needs to remain out of any particular government's control.
As we noted, this is all a good thing.
But for unclear reasons, Senator Ted Cruz keeps insisting that this "transfer" is about the US giving control over the internet to the UN. He's ramped up this rhetoric lately as the transition gets closer:
"Today our country faces a threat to the internet as we know it. In 22 short days, if Congress fails to act, the Obama administration intends to give away the internet to an international body akin to the United Nations," Cruz said in a speech on the Senate floor Thursday. "I rise today to discuss the significant, irreparable damage this proposed internet giveaway could wreak not only on our nation but on free speech across the world."
Except that's hogwash. The plan does exactly the opposite. We've made this point over and over again, and thankfully others are doing so as well. Fusion has a long and detailed article that highlights that Cruz's claims are a fantasy and have no basis in reality. It goes through the whole history of IANA (if you don't know the story of Jon Postel and Joyce Reynolds, and how the two of them basically kept the internet running in their spare time for a few decades, you should...), but then points out that Cruz is just wrong:
To be clear: ICANN has about as much control over the internet as Ted Cruz has a grasp on how DNS actually works–which is to say, very little. But the perpetuation of the fiction that ICANN controls the internet is representative of the completely understandable human impulse to try and assign control of the internet to someone or something, particularly in a time where the systems that shape most users’ experience of the internet are increasingly opaque and unaccountable to users.
Saying any one group controls the internet is as absurd as saying who “controls” capitalism or globalization itself. But everyone has their version of control. Silicon Valley billionaires may insist we surrender to the invisible hand of the network, which simply chooses disruption and convenience over accountability and ethics. For the federal government, it’s far easier to accuse the private sector of being in control and thwarting national security than admit that mass surveillance is an expensive and incompetent tactic. For critics (or those who’d prefer that control be in their hands), it would be far simpler to point at a single oligarch or Bohemian Club or ICANN that needs to be overthrown; it might redeem what today at times seems like a fractal trainwreck of an internet, and somehow bring us back to John Perry Barlow’s never-realized promise of an independent cyberspace.
And it also points out that the biggest "threat" to how internet governance is handled is if Cruz actually succeeds in blocking the transition:
Mostly, when I asked people at ICANN about worst-case scenarios with the transition, they pointed to Ted Cruz’s efforts. The transition not going through–either through a blocking action from this current Congress through some legislative action or Congress just delaying until the next president comes into office–would not only undermine the work that a lot of people have already put into the transition plan, it also would create even further mistrust and frustration among countries like Brazil that continue to be frustrated by US control. Maybe that would be enough to justify a fragmentation of the root zone. Or it could just make it harder for the multistakeholder model to function by undermining trust in the community as a whole, making consensus harder to achieve. Which is kind of to say it could start to look a lot more like the US Congress.
In other words, as we've explained before, Ted Cruz's concerns over the internet here are completely backwards. Up is down, black is white, night is day kind of stuff. Keeping the IANA connection to the US government is the kind of thing that opens up the possibility for Russia/China to exert more control over internet governance by routing around ICANN and its flawed, but better than the alternative, "multistakeholder" setup. Moving ICANN away from the US government, with strict rules in place that basically keep it operating as is, takes away one of the key arguments that foreign countries have been using to try to seize control over key governance aspects of the internet.
If Cruz fears foreign governments taking control of internet governance, he should do the exact opposite of what he's doing now. Let the Commerce Dept. sever the almost entirely imaginary leash it has on ICANN. Otherwise, other countries' frustration with the US's roles is a much bigger actual threat to how the internet is managed.
A little over two years ago, when the Commerce Department officially announced plans to "relinquish control" over ICANN's IANA (Internet Assigned Numbers Authority) we tried to explain why people should stop freaking out. There were a bunch of people up in arms, claiming that the US government was "giving away the internet." That was, and still is, complete hogwash. There are two important things to understand in this. First, the Commerce Department's "oversight" over ICANN and IANA is already basically non-existent. It was always more on paper than in reality, as the Commerce Department, rightly, took a totally hands off approach. Second, there has been a big effort by foreign governments, mainly Russia and China, to take control over the internet, and strip it from ICANN, and putting it in the ITU, a confusing mess of an organization that's a part of the UN, but heavily controlled by governments without input from actual technologists or public interest groups.
A key part of the Commerce Department's "transition" plan was that it would basically erase the almost entirely imaginary link between IANA and the Commerce Department, but only if a plan was created that kept IANA independent and not as a part of the UN or any organization that would lead to mostly government control, as opposed to what everyone (unfortunately) likes to call a "multistakeholder process" (which just means not just government in the room). And with that plan in place, the Commerce Department's National Telecommunications & Information Administration (NTIA) has now come out in support of this plan.
The U.S. Commerce Department’s National Telecommunications and Information Administration (NTIA) announced today that the proposal developed by the global Internet multistakeholder community meets the criteria NTIA outlined in March 2014 when it stated its intent to transition the U.S. Government’s stewardship role for the Internet domain name system (DNS) technical functions, known as the Internet Assigned Numbers Authority (IANA) functions.
The announcement marks an important milestone in the U.S. Government’s effort to complete the transition of the Internet’s domain name system and ensure that the Internet remains a platform for innovation, economic growth, and free speech.
For the last 18 years, the United States has worked with businesses, technical experts, governments, and civil society groups to establish a multistakeholder, private-sector led system for the global coordination of the DNS. To accomplish this goal, in 1998, NTIA partnered with the Internet Corporation for Assigned Names and Numbers (ICANN), a California-based nonprofit, to transition technical DNS coordination and management functions to the private sector. In 2014, NTIA initiated the final step in the privatization process by asking ICANN to convene global stakeholders to develop a plan to complete the transition away from NTIA’s remaining legacy role.
Now, you would think that "small government" types would be happy about the US government completing its "privatization" of internet governance. But, that's because many "small government" types are only small government types when it suits them. Senate Ted Cruz and Rep. Sean Duffy have rushed out a bill, called the "Protecting Internet Freedom Act" that would block the Commerce Department from completing the privatization of the internet. This is both silly and counterproductive.
The Commerce Department's flimsy and never really used "control" over NTIA is basically meaningless yet it's frequently used by foreign governments and the ITU/UN as a reason for taking complete control over the IANA process. And that's only ramped up in recent years due to concerns about the NSA and surveillance. In other words, the US having any official control over internet governance is actually helping authoritarian governments by making the argument that US "control" over the internet is only helping the NSA. By separating IANA from the US government, but keeping the overall process as one that is not controlled by any government, you actually have a better chance of keeping the internet functioning in an open manner. Leaving it under the US government control, no matter how flimsy that link really is, only gives foreign governments useful fodder for a more complete move to take over control themselves.
Eli Dourado, who has spent a ton of time digging into and being involved in internet governance issues, has a great and detailed post about why this transition is a good thing and should be supported. It has all of the relevant history here (including my favorite point about how prior to ICANN, the IANA functions were controlled one dude, Jon Postel, who more or less declared himself the czar over how the domain name system was managed). But he also gets directly to the point: Congress forcing the US government to keep this "control" over IANA would do much more harm than good:
In truth, authoritarian regimes would love nothing more than to see the IANA transition fail. It would give them another shot at taking the issue to the ITU, this time with the added ammunition of pointing out that the United States does not keep its word regarding Internet governance. Oddly, this places Cruz and Duffy on the same side as Russia and China, against the world’s democracies, the Obama administration, sober Republicans, virtually every US tech company, the Internet Society, and virtually every freedom-loving intellectual or activist I have met who has participated on a US delegation to the ITU.
Separately, he also points out that for all the hype over this, the IANA function is actually not nearly as important as some make it out to be. The US government losing whatever sense of "control" it had over it is unlikely to have a huge impact on the internet itself. So the "costs" to this transition are basically nil. The cost to keeping the paper control in place, however, may be very large, in that it provides tremendous ammunition to foreign authoritarian regimes to push for much more extreme changes to internet governance that would be much, much worse.
As we wrote at the time, even though the critic had used Register.com's privacy guard tool, when Carreon showed up, the company coughed up his identity, and Carreon used that to threaten the critic, making it quite clear that he was doing so just to piss off the critic. In a letter to the critic's lawyer, Paul Levy at Public Citizen, Carreon noted "there is essentially no statute of limitations on this claim" and "I have the known capacity to litigate appeals for years." Eventually, Carreon was forced to cough up money for the bogus legal threats.
Gellis was co-counsel with Levy in defending Carreon's critic and her Popehat post details how that experience makes it even clearer as to just how bad ICANN's proposal is:
It is a proposal that is extraordinarily glib about its consequences for any Internet speaker preferring not to be dependent on another domain host for their online speech. First, it naively pre-supposes that the identifying information of a domain name holder would only ever be used for litigation purposes, when we sadly already know that this presumption is misplaced. As this letter to ICANN points out (linked to from the independently expressive domain name “icann.wtf”), people objecting to others’ speech often use identifying information about Internet speakers to enable campaigns of harassment against them, sometimes even with the threat of life and limb (for example, by “swatting”).
Secondly, it pre-supposes that even if this identifying information were to be used solely for litigation purposes that a lawsuit is a negligible thing for a speaker to find itself on the receiving end of, when of course it is not. In the case of Carreon’s critic he was fortunate to be able to secure pro bono counsel, but not everyone can, and having to pay for representation can often be ruinously expensive.
Thirdly it pre-supposes that there is somehow an IP-related exemption to the First Amendment, when there most certainly is not. Speech is speech and it is all protected by the First Amendment. Attempts to carve out exemptions from its protections for speech that somehow implicates IP should not be tolerated, particularly when the consequences to discourse are just as damaging to speech chilled by IP owners as they are by anyone else seeking to suppress what people may say.
If you haven't yet seen it, that icann.wtf letter to ICANN is worth reading. It's not only a rare case where anti-harassment advocates and free speech advocates can actually come together and agree on a really, really bad idea, but it lays out the arguments for why this Hollywood-backed proposal is just incredibly stupid and dangerous.
If you want to contact ICANN to explain why this policy is a problem please do so today -- as it's the last day they're accepting comments on the proposal.
If you follow internet governance issues at all, you know that ICANN is a total freaking mess. It's a dysfunctional organization that has always been dysfunctional, but remains in charge because of the lack of any reasonable alternatives. ICANN frequently seems to be driven by powerful interests that are just focused on squeezing as much money as possible out of the domain system, and appears to have little appetite for being what it should be: an independent body protecting the core of the internet. As if to put an exclamation point on that, it appears to now be going to war against basic privacy. Here are two separate, but somewhat related, examples.
First up, we have EasyDNS, who last month didn't beat around the bush in explaining just how ridiculous ICANN's new Whois Accuracy Program (WAP) is. The company noted that it regretted renewing its ICANN accreditation, even though it's necessary to register domain names. As EasyDNS notes, the whole WAP program is insane, and is almost designed to force domain owners to lose their domains -- especially if they want to keep a modicum of privacy. Under the program any time you change or renew your domains, you now will get an email requiring you to "verify" your whois data. As EasyDNS notes, since it's an email, it's designed in a way that looks very much like a phishing attempt, meaning many domain holders will ignore it. And if you ignore it... within 15 days, your registrar is supposed to suspend your domain. That program went into effect yesterday, and I imagine it won't be long before we hear the shrieks of pain as it impacts website owners. As EasyDNS notes:
You can thank ICANN for this policy, because if it were up to us, and you tasked us with coming up with the most idiotic, damaging, phish-friendly, disaster prone policy that accomplishes less than nothing and is utterly pointless, I question whether we would have been able to pull it off at this level. We're simply out of our league here.
But, that's not all! The good folks at Namecheap (who have sponsored us in the past here on the blog) have sent out an alarm (along with the EFF and Fight for the Future) over another proposal from ICANN concerning privacy and proxy services that many domain owners use to keep their information private. This is necessary these days, in part, because as anyone who owns a domain knows, that information gets scraped and you get spammed. A lot. And also, sometimes, people say things on the internet that they want to be anonymous in saying. And proxy services help you do that. But ICANN is effectively trying to kill that. Namecheap has put together the site RespectOurPrivacy.com to explain the issue and to ask people to tell ICANN to reject this proposal -- which was put together by MarkMonitor. Yes, MarkMonitor, the company famous for being engaged in all sorts of bogus censorship and takedown requests:
Under new guidelines proposed by MarkMonitor and others who represent the same industries that backed SOPA, domain holders with sites associated to "commercial activity" will no longer be able to protect their private information with WHOIS protection services. "Commercial activity" casts a wide net, which means that a vast number of domain holders will be affected. Your privacy provider could be forced to publish your contact data in WHOIS or even give it out to anyone who complains about your website, without due process. Why should a small business owner have to publicize her home address just to have a website?
We think your privacy should be protected, regardless of whether your website is personal or commercial, and your confidential info should not be revealed without due process. If you agree, it’s time to tell ICANN.
That site has more info and shows you how to contact ICANN to protest this move.
You can also look directly at the proposal itself, which notes that this view is not universal and there is disagreement over where the final rules will end up, but some have argued that:
for online financial transactions for commercial purpose should be ineligible for privacy and proxy registrations."
If MarkMonitor's involvement didn't tip you off, this is really a proposal of Hollywood who hates the fact that people can be anonymous online. It was presented to Congress last month by Steve Metalitz under the guise of the "Coalition for Online Accountability" -- a "coalition" made up of the MPAA, RIAA, ESA and SIIA (all copyright extremists). If you recognize Metalitz's name, it's because it's come up before. He's one of the entertainment industry's favorite lawyers, who helped push ACTA, SOPA and other bad copyright proposals. And now suddenly he's "concerned" about online accountability? Really? The main goal of the proposal is to destroy anonymity online by only allowing it in cases Hollywood approves of. In his presentation, Metalitz noted that there is only a "legitimate role for proxy registrations in limited circumstances." Have you applied for your special license to be anonymous yet? The MPAA and ICANN need to approve it first...
Hopefully ICANN backs away from these plans and starts to get its act together. ICANN could and should be a powerful force in favor of an open internet with strong privacy protections -- and not encouraging programs that require giving up your privacy just to have a domain name.