<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Dear Milton:<div><br></div><div>I do not experience any FUD ('fear, uncertainty and doubt') in this context. It has become quite clear is that the current 'separability' lobby in CWG is a mirror image of the NSI lobby that we had to endure in the IFWP context in the 1990's.</div><div><br></div><div>Today, the issue is not whether ICANN might become commercial. The issue is that after separation, how would the community prevent IANA from becoming commercial.</div><div><br></div><div>Regards</div><div><br></div><div>Christopher</div><div><br></div><div>PS:<span class="Apple-tab-span" style="white-space:pre"> </span> Since 'separability' is <i>à la mode</i> in this corner of Internet governance, perhaps we could have a CWG proposal for separability of Registry and RZM functions.</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br><div><div>On 19 Jan 2015, at 05:38, Milton L Mueller <<a href="mailto:mueller@syr.edu">mueller@syr.edu</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Fouad<br>As a representative of the Noncommercial SG I think you were missing Chuck's point completely. Of course ICANN is _not_ a commercial, profit-making entity, nor does anyone want it to be. <br><br>The point is that private companies have much stronger, better accountability arrangements than ICANN. Verisign is subject to checks and balances in the following ways: <br> - it is subject to market competition (ICANN is not)<br> - it has shareholders who elect its board (ICANN has no members, which is the equivalent of shareholders in nonprofits)<br> - its modification of the root zone is subject to USG approval (ICANN still is, but some folks don't want it to be any more).<br><br>So if we are to make ICANN accountable, we need to develop similar mechanisms, such as: <br> - recurring, regular competitive bidding for the IANA contract (which sort of functions like competition, though more weakly)<br> - empowering ICANN's participants with real membership/voting status<br><br>You expressed concerns that Contract Co approach might make ICANN commercial. This is FUD. It won't. The contracting entity would have a very limited function - to award the IANA contract. ICANN's nature as the nonprofit California corporation wouldn't change, whether it got the IANA contract or not. <br><br><blockquote type="cite">-----Original Message-----<br>From: Fouad Bajwa [mailto:fouadbajwa@<a href="http://gmail.com">gmail.com</a>]<br>Sent: Sunday, January 18, 2015 7:42 PM<br>To: Gomes, Chuck<br>Cc: David Conrad; Milton L Mueller; <a href="mailto:cwg-stewardship@icann.org">cwg-stewardship@icann.org</a><br>Subject: Re: [CWG-Stewardship] NTIA's Role in Root Zone Management<br><br>Publicly owned business?<br>What do businesses do?<br>Businesses make profits through business and profitable activities in the<br>market?<br>Verisign is a business, it has a board, indeed, that also looks primarily at how<br>the company is performing and if its making money for its shareholders and<br>further on its stakeholders or further on its customers that are buying its<br>products or services?<br><br>I wonder how the analogy about a publicly owned company that sells and<br>generates profits for its shareholders, board members and customers can be<br>applied to ICANN?<br><br>This worries me, thats what contractor co. might think of the overall IANA<br>system in the first place.<br><br>Organisational behaviour of private/public companies is very different from<br>private/public organisations?<br><br>This discussion has actually made me very uncomfortable. This is a very<br>micro-view approach.<br><br>On Mon, Jan 19, 2015 at 5:04 AM, Gomes, Chuck <<a href="mailto:cgomes@verisign.com">cgomes@verisign.com</a>><br>wrote:<br><blockquote type="cite">Please excuse the much delayed response to this string of messages.<br>Like David, I have been super busy and I wanted to have a little more<br>time to respond, especially since Verisign was mentioned.<br><br><br><br>Thanks for raising this issue David. It presents an opportunity for<br>the community to study what kinds of accountability mechanisms work -<br>such as those that public companies in the US must comply with. I<br>think you’ll see from what follows that Verisign (and any public<br>company) is highly motivated to put in place and enforce mechanisms to<br>protect against anyone going “stark raving mad” and doing harm.<br><br><br><br>As a US public company, Verisign has shareholders who ultimately<br>control the company and can hold the company accountable. Those<br>shareholders elect a Board of Directors, who, under US law owe<br>fiduciary duties to the shareholders to manage the company<br>effectively. Any breach of those duties could result in lawsuits<br>against the Board of Directors by the shareholders or removal and<br>replacement of the Board by those same shareholders. For example, if<br>the Board has not provided oversight of important network functions<br>then the Board might be liable in court or might be replaced by the<br>shareholders. In addition, the Board appoints the executive officers<br>of the company, who also have fiduciary duties and under various<br>regulatory regimes such Sarbanes Oxley and Dodd Frank, have additional<br></blockquote>obligations and in some cases personal liability should they fail to uphold<br>their duties.<br><blockquote type="cite">So, if executive officers were negligent in hiring an employee, or<br>failed to establish proper network access controls, those officers<br>could be sued in court, or replaced by the Board, or both.<br>Furthermore, external and internal auditors review and investigate on<br>a regular basis compliance with key controls designed to ensure effective<br></blockquote>management of the company.<br><blockquote type="cite">Verisign is also subject to disclosure requirements under the<br>Securities and Exchange Act and other regulations that require<br>transparency of the company’s financial condition, compensation,<br>risks, legal proceedings, and more. If for example Verisign failed to<br>disclose a particular risk to its network that should have been<br>disclosed under the securities laws, then the shareholders or the SEC<br>could bring legal actions against the company, its Board, or individual<br></blockquote>employees for damages and to obtain management reforms.<br><blockquote type="cite"><br><br><br>Of course, ICANN has little or no such mechanisms in place, only the<br>AoC (which can be ended by ICANN) and the IANA non-renewal threat,<br>which is why we’re all here. While no one expects ICANN to become a<br>public US company, the accountability imposed on public companies like<br>Verisign should inform the community as to what ‘good’ can look like.<br>For Verisign, that accountability has led to an excellent operational<br>record of 17 years of uninterrupted uptime for .COM.<br><br><br><br>I want to again thank David for bringing this important issue to our<br>attention. What can the CWG learn from this? ICANN has stated clearly<br>that it sees its obligations being to the corporation, which has no<br>members or shareholders, so the accountability mechanisms for public<br>companies, or those with shareholders or members, are not available to<br>us, and so we cannot expect ICANN to behave as if they were. What<br>stops an ICANN employee from going 'stark raving mad’ or a<br>post-transition ICANN from going ‘stark-raving-greedy’? It's obvious<br>that the accountability that drives Verisign and other US public<br>companies would be welcome here. How can the CWG learn from this and<br></blockquote>apply similarly effective accountability to ICANN?<br><blockquote type="cite"><br><br><br>Chuck<br><br><br><br>From: <a href="mailto:cwg-stewardship-bounces@icann.org">cwg-stewardship-bounces@icann.org</a><br>[mailto:cwg-<a href="mailto:stewardship-bounces@icann.org">stewardship-bounces@icann.org</a>] On Behalf Of David Conrad<br>Sent: Friday, December 19, 2014 12:53 PM<br>To: Milton L Mueller<br>Cc: <a href="mailto:cwg-stewardship@icann.org">cwg-stewardship@icann.org</a><br>Subject: Re: [CWG-Stewardship] NTIA's Role in Root Zone Management<br><br><br><br>[Sorry for the slow response — a bit busy]<br><br><br><br>Milton,<br><br><br><br>You are asserting that the RZM (currently, Verisign) can unilaterally<br>change the root zone? But of course this is not true because of its<br>cooperative agreement with NTIA.<br><br><br><br>Actually, it is true. Technically, the only entity on the planet<br>today who can change the root zone is Verisign. They<br><br><br><br>1. Maintain the root zone database ("the root zone file");<br><br>2. Hold the Zone Signing Key<br><br>3. Run the hidden master from which the root server operators pull<br>the root zone<br><br>This gives the Root Zone Maintainer the unilateral ability to both<br>modify the root zone and have that zone published. Currently, there<br>are NO technical limitations on what they can do with the root zone,<br>only administrative limitations — if Verisign went stark raving mad<br>and (say) decided to remove all competing TLDs from the root zone,<br>they could do so (for those resolvers that query the root servers<br>while the edited zone remained up). Of course, it is likely that in<br>very short order, they would<br>(a) no longer be the Root Zone Maintainer and (b) no longer be a<br>viable going concern due to the myriad of lawsuits that would instantly<br></blockquote>appear.<br><blockquote type="cite">However, pragmatically speaking, the fact that the Root Zone<br>Maintainer would turn into a smoldering crater is a bit like closing<br>the barn door after the horse has bolted.<br><br><br><br>Perhaps that is what you mean by “legal repercussions.”<br><br><br><br>Yes. While it is true that the Root Zone Maintainer is under<br>contractual terms to get explicit authorization from the Root Zone<br>Administrator prior to making changes, there is no technical mechanism<br>by which that is enforced.<br><br><br><br>In terms of how the accountability model changes, I think many of us<br>are viewing the Verisign Cooperative Agreement as a legacy arrangement<br>that should disappear after the transition.<br><br><br><br>An interesting assumption.<br><br><br><br>Which means that the IANA functions operator would either be the<br>contracter for the RZM function, or the Contract Co would contract for it<br></blockquote>directly.<br><blockquote type="cite">Between those two options it’s clear that there are significant<br>differences in the accountability model, and either of those is<br>significantly different from the status quo, which relies on the NTIA.<br>So again I don’t quite grasp what you are asking about.<br><br><br><br>I was asking about Jordan's response to the scenario in which the IANA<br>Function Operator and the Root Zone Maintainer are merged (which<br>again, I neither support nor oppose), thus creating a single entity<br>that receives, validates, and implements change requests. I gather he<br>feels the accountability mechanism would be vastly different than if<br>the IFO and RZM are separate. Since there is a single entity in both<br>scenarios that, pragmatically speaking, holds all the cards and that<br>entity is restrained only by contractual terms which would presumably<br>be essentially the same in both cases, I'm not seeing a whole lot of<br></blockquote>difference.<br><blockquote type="cite"><br><br><br>Regards,<br><br>-drc<br><br><br><br><br>_______________________________________________<br>CWG-Stewardship mailing list<br><a href="mailto:CWG-Stewardship@icann.org">CWG-Stewardship@icann.org</a><br>https://mm.icann.org/mailman/listinfo/cwg-stewardship<br><br></blockquote><br><br><br>--<br>Regards.<br>--------------------------<br>Fouad Bajwa<br>ICT4D and Internet Governance Advisor<br>My Blog: Internet's Governance: <a href="http://internetsgovernance.blogspot.com/">http://internetsgovernance.blogspot.com/</a><br>Follow my Tweets: <a href="http://twitter.com/fouadbajwa">http://twitter.com/fouadbajwa</a><br></blockquote>_______________________________________________<br>CWG-Stewardship mailing list<br><a href="mailto:CWG-Stewardship@icann.org">CWG-Stewardship@icann.org</a><br>https://mm.icann.org/mailman/listinfo/cwg-stewardship<br></blockquote></div><br></div></body></html>