[CWG-Stewardship] My concerns with the draft proposal and an alternative option

[Malcolm Hutty]

On 01/12/2014 03:50, Alan Greenberg wrote:
> Malcolm, can you be more specific on what accountability issues are
> critical to a successful transition, presuming that the current CWG
> proposal goes forward?

Certainly, I'd be pleased to set them out.

I'm afraid this is going to be a long message, so let me say up front
that I think the best way of dealing with the issues I raise is to
include in our draft placeholder text, intended to be replaced by
recommendations from CCWG-Accountability Workstream 1. This should be
accompanied by a statement that we believe that those recommendations
must be implemented as part of any successful transition of stewardship
of the DNS from NTIA to multistakeholder stewardship.


The reasoning and justification for that proposal now follows, at some
length I'm afraid.


I believe that in relation to the DNS, a proposal to transition from the
current NTIA stewardship to full community-based stewardship must
address three core issues.

1. To ensure the ongoing effectiveness of IANA as an 'executing' (i.e.
non-policymaking) entity, including such issues as ensuring its
operational performance, adherence to procedure, and the execution of
its responsibilities in a manner that preserves the operational
stability and resilience of the DNS structure within its purview, and
maintains their security.

2. To preserve the independence and policy-making authority of the
ccTLDs, and the right of the local communities they serve to determine
who should operate their respective ccTLDs, on what terms, and under
what policies, all in accordance with applicable (local) law. In
particular, any proposal must address how to avoid either the
operational control of IANA, or the policy-making authority of ICANN for
gTLDs, separately or in combination, ever becoming a means by which
ICANN or its successor could encroach upon the rights of ccTLDs.

3. To ensure the the policy-making authority for gTLDs (ICANN and its
successors, if such authority should ever be transferred) adopt only
community-consensus policy on the basis of bottom-up multistakeholder
policy-making.

   [Aside: what do I mean by this?

   Such a model sees ICANN a the vehicle by which the community
   develops its policy, with ultimate policy 'sovereignty' conceptually
   and morally lying within the community consensus as expressed
   through ICANN community processes; this is as opposed to a model in
   which ICANN seen a having a separate, corporate view on policy,
   where ICANN consults the community but is able and entitled to
   override it.]

Moreover, this model must be based on enduring commitment to certain
fundamental substantive principles as the paramount objectives of such
policy: these principles include maintaining the open Internet, enabling
interoperability and preserving universal reachability, and maintaining
the security, stability and resilience of the DNS. In particular, the
model must provide a means to ensure that ICANN cannot exploit its
control of the DNS root through IANA, and authority over gTLDs, either
to encroach upon ccTLDs nor to encroach upon other areas policy. The
latter is a particular concern to me, as registrant contracts are
essentially contracts of adhesion and would present an unconstrained
ICANN with a ready means to regulate registrants and the end-users of
their services in areas far outside the scope of DNS.




Please look indulgently on the precise wording I have used above; this
isn't a prepared statement. But I think the above conveys the essential
concept I am trying to get to across when I say that any proposal to the
NTIA that fails to set out, in a convincing manner, how each of these
three core objectives should be maintained, in an enduring fashion, when
NTIA is no longer able to step in to provide exogenous corrective
action, ought to be rejected by the community, and by NTIA.

This Cross-Community Working Group has declared that its scope is the
first area and, for the avoidance of doubt, I am reasonably content with
how it has gone about delivering against that objective. I don't think
the current proposal is anything like ready or finished (several people
have given detailed questions that deserve an answer, and I would draw
particular attention to Matthew Shears' very thoughtful list of
questions). I also worry that we are valuing the timetable too highly,
and allowing that to compromise the thoroughness of discussions. For
example, I am not at all persuaded by suggestions I have heard so far
that a legal entity to act as a contract counter-party can be dispensed
with - but I am conscious that the interventions on this point from ALAC
reps may be driven by entirely legitimate and credible underlying
concerns that can and should be addressed or mitigated in the proposal.
A more measured, deliberative process might draw these underlying points
out and uncover mitigations, resulting in a stronger consensus and an
improved proposal. Nonetheless, as it relates to the first of the three
areas I set out above, I believe this CCWG is on the right lines and I
am hopeful of an end result that would deserve support with regard to
this element.

Even though this CCWG has stated that its scope is limited to this first
area, it has chosen also to address the issues contained in the second
of the three areas I set out, the preservation of the independence and
authority of ccTLD operators. I do not see a valid conceptual reason for
addressing this and not the third, but the ccTLD reps have managed to
press their key priorities here successfully. Since I support them in
this, I am content that the final proposal is likely to address this
second area appropriately.

The third area is the most difficult one. Since a separate CCWG on
Accountability has been convened (even though it has not yet started
work), all matters that even remotely touch upon its purview have been
declared out of scope for this CCWG.

I am content that CCWG-Accountability Workstream 1 should have the job
of defining the matters in this third area, and deciding what should be
done about them. However, even if so, what is the mechanism for making
those findings part of the eventual transition proposal that NTIA will
receive on behalf of the entire community?

This raises a basic question about the duty of this CCWG and the
expectations of the ICG. I see two possibilities, and really only two:

i) The duty of this CCWG is to prepare that part of the transition
proposal that NTIA has requested related to DNS related issues. The role
of the ICG will be limited to combining this with the proposals from the
numbers and protocol communities, and to establish that each of us has
indeed built a community consensus for our proposals. However the
document from this CCWG is intended to be complete answer in respect of
the naming community, and ICG is not expecting to amend it to
incorporate other DNS-related proposals relating to issues that we have
chosen to ignore.

ii) The duty of this CCWG is only to prepare for ICG that element of a
transition proposal that relates to IANA operational functions, leaving
CCWG-Accountability not only to develop those elements to relating to
ICANN accountability, but also to write to ICG with its own report on
Workstream 1. Under this possibility, ICG would never receive a complete
proposal for DNS-related issues from anybody, and would be responsible
for combining the recommendations of CCWG-Stewardship and
CCWG-Accountability into a unified proposal for naming-related issues.

These two possibilities seem to me to be the only ways in which ICG can
present a single unified proposal to NTIA, as NTIA has requested.
Moreover, I believe that the first approach is greatly to be preferred
as closer to the request and expectations of ICG, and most likely to
enable this CCWG and CCWG-Accountability to liaise and coordinate so as
to avoid the ICG inadvertently damage the proposals made by each, as
would be a risk if ICG is forced to take responsibility for integrating
the two proposals, rather that us taking that responsibility for ourselves.

Allow me, if you will, to elaborate on this issue of integration of our
work with that of CCWG-Accountability by posing a practical question.

One of the scenarios CCWG-Accountability Workstream 1 is likely to
address is the case of what happens should the ICANN Board, unilaterally
and without community support, decide to dissolve or systematically
ignore gNSO Council, and take instructions for gTLD policy largely or
exclusively from someone else (for example the GAC).

What might CCWG-Accountability want to put in place to preclude such an
undesirable event?

I suspect that CCWG-Accountability will decide (and intend to attempt
persuade it, when the time comes) that two measures need to be
established to cover this scenario:

i) ICANN needs to be made subject to a binding commitment of principle
to the multistakeholder model for bottom-up community consensus policy.
This is needed to prevent the Board being able to say in the future "We
believe that it is correct and justified that DNS policy ought to be
determined by governments, not by a multistakeholder process". An
exogenous policy commitment would take that question of principle out of
their hands, and make it possible to be decide that in rejecting that
principle they are not exercising the proper authority with which the
Board has been entrusted, but reneging on its commitments;

and secondly

ii) An effective mechanism needs to be created for enforcing the binding
commitments into which the Board has entered.

Assuming I am correct as to what CCWG-Accountability might want, what
might constitute an effective mechanism for enforcement? I think it very
likely that CCWG-Accountability will reach the same conclusion as this
group (not least *because* it is the decision of this group, and there
will be a desire to align with it).

So if CCWG-Stewardship, notwithstanding your own current misgivings,
finally settles on the PRT+ContractCo mechanism for establishing and
enforcing ICANN's obligations as IANA Functions Operator,
CCWG-Accountability is likely to want to employ the same mechanism for
establishing and enforcing ICANN's obligations as gTLD policy maker (and
had this group not already chosen to protect the ccTLDs to the
satisfaction of their reps, I am sure CCWG-Accountability would also
propose similar requirements to meet the same ends).

   (BTW, if there were such an external mechanism, it would be necessary
   to design it so as to avoid setting up a recursive chain of
   authority. This would be part of CCWG-Accountability's job in
   designing it; I do believe it is possible).

I realise I am piling supposition upon supposition here, but they are
not very strained. When CCWG-Accountability sees that CCWG-Stewardship
proposes an external body to set and enforce requirements on how the
IANA functions are carried out, it is surely very likely that it will
want an external body to set and enforce essential requirements to
maintain ICANN's fundamental accountability to the community.

If I am correct and that is indeed what CCWG-Accountability ends up
proposing, how would *their* proposal and *our* proposal be combined?
They clearly relate to each other.

Should the PRT take on both responsibility for setting the new IANA
functions contract (in our current draft, newly stripped of requirements
relating to ICANN qua gTLD policy-maker) and for setting and enforcing
ICANN's obligations as policy-maker? NTIA combined both elements in the
same contract, so this is far from unexpected. If so,
CCWG-Accountability would effectively be modifying our proposal, by
taking the organs we designed and extending their functions. Would that
not suggest some coordination between us and CCWG-Accountability would
be sensible, rather than leaving it to ICG (or even to NTIA) to try to
interpret the our respective proposals and provide for their consequences?

On the other hand, surely it is obvious that if CCWG-Accountability
proposes a *different* contract counter-party be created to deal with
ICANN accountability issues, then that might create new risks, at least
in the event that that counter-party ever put ICANN's role as convenor
and vehicle for building community-consensus policy out for open-bid
RFP? These risks might not be limited to policy, but raise the
possibility of more operational issues with (e.g.) stability - risks
whose mitigation is absolutely the declared concern of this CCWG. Again,
it seems some coordination between the two groups would be indicated.

Do you really want to leave questions like this to be resolved by ICG
alone? Surely, if the combined result is to be successful and
supportable, it would be better if we coordinate with
CCWG-Accountability ourselves?

If you agree, then I suggest it is this CCWG's responsibility to
integrate their recommendations with its own, and present ICG with a
combined proposal that it might find has broad support. Hence my
proposal that placeholder text be inserted today, to make this intention
clear.

That is a rather long-winded answer to your question, for which I
apologise. I realise it is built on some suppositions and assumptions,
and I have tried to be explicit about them, so that you may easily
examine the assumptions I have made. Nonethless, I think it unwise for
this CCWG to operate in a vacuum - it behooves us to think about how our
work fits into the bigger picture, and to seek to make our output
contribute towards the combined whole.

So for now, I will be satisfied with placeholder text in this report,
text that is intended to be replaced with recommendations from
CCWG-Accountability. When they have provided such a replacement, I think
it will also be our responsibility to ensure our final report is
integrated into a coherent whole, such that our recommendtions and those
from CCWG-Accountability could be implemented, without either
undermining the other.

Finally, I will call attention to one other assumption I have made, upon
which all of the above rests. If anyone is of the view that NTIA
transition does not raise any vital issues of accountability for ICANN
in its policy-making role, and that the development of ICANN
accountability mechanisms can continue through ICANN's own internal
structures without any need to place them on the critical path for NTIA
transition, then that person would be in disagreement with a core axiom
for my argument, and everything I have written above will fall away. In
response, all I can say is the community view agrees with me: when ICANN
originally proposed to treat accountability as a separate issue there
was an outcry in the community. This was only satisfied when
CCWG-Accountability was told to create Workstream 1 specifically for
issues that *had* to be addressed before or as part of NTIA transition.
I take the creation and definition of that Workstream as a community
consensus decision. Somehow or other, the NTIA must be presented with a
proposal that includes proposals to address issues from Workstream 1. I
think that is beyond dispute.

For the reasons I have given, I believe it would be wise for us to
include those Workstream 1 proposals in the report of this CCWG, to form
part of a combined draft proposal on behalf of the naming community for
transition of NTIA's role in relationship to DNS to multistakeholder
stewardship.

To make it clear that that is our intention, let us include placeholder
text today.

-- 
            Malcolm Hutty | tel: +44 20 7645 3523
   Head of Public Affairs | Read the LINX Public Affairs blog
 London Internet Exchange | http://publicaffairs.linx.net/

                 London Internet Exchange Ltd
           21-27 St Thomas Street, London SE1 9RY

         Company Registered in England No. 3137929
       Trinity Court, Trinity Street, Peterborough PE1 1DA