Here are my comments (PDF) on the NTIA's recent Notice of Inquiry regarding ICANN's future.  

I have been an active participant within the Internet Corporation for Assigned Names and Numbers (ICANN) process since its inception as an intellectual property lawyer and information technology specialist.  Over the last ten years, I have served in a number of leadership positions within ICANN, including a three-year term on its Board of Directors (2003-2006).   I applaud the NTIA for using the broad scope of this NOI to refocus the global Internet community on the original intent/focus of ICANN's MoU/JPA with the Department of Commerce (USG).  Unfortunately, over the last few years, ICANN has strayed from its narrow mission as the technical coordinating body originally envisioned in the 1998 White Paper, and has instead become a quasi-monopolistic regulator accountable to no one but itself.  This NOI provides the global Internet community the opportunity to deconstruct the current 

"ICANN 2.0" governance model and refocus on a successor "ICANN 3.0" governance model.  I submit that ICANN 3.0 needs to be a mix of getting "back to basics" (restoring ICANN's original mission) and implementing important "lessons learned" since ICANN's creation about how to make the organization more effective and accountable.  I discuss four broad issues:

1. ICANN's Periodic Review of its internal operations and supporting organizations has failed, and has become nothing more than a "perpetual motion machine of public comments and documentation producing no meaningful results." Only a second Evolution and Reform Process can solve ICANN's current deficiencies;
2. ICANN must hardcode into its policies and its contracts the principle that its policies cannot supersede national laws;
3. ICANN must cease any operational role in technical infrastructure as required by its bylaws and focus instead on its mission as a technical coordinator; and
4. Congress must avoid "kicking the JPA can down the road" and instead provide much-needed leadership by creating a solid foundation for ICANN 3.0 in legislation after proper consultation with the Government Accountability Office.

It has been said, by someone far wiser than I, that there is a certain "firstness" about the First Amendment's protection of free speech. There is an undeniable primacy about the guarantee of freedom of speech in a democracy, and one would have thought that guardians of the "public interest" would all be on the same page about regulatory threats to this core value. And that is what made Public Knowledge Legal Director Harold Feld's recent post about the Supreme Court's decision in FCC v. Fox Television Stations so surprising.

During the recent ICANN Board meeting in Mexico City, the Board authorized the creation and funding of an Implementation Recommendation Team (IRT). This team was to be comprised of "an internationally diverse group of persons with knowledge, expertise, and experience in the fields of trademark, consumer protection, or competition law, and the interplay of trademarks and the domain name system to develop and propose solutions to the overarching issue of trademark protection in connection with the introduction of new gTLDs." This IRT is tasked to produce a report for consideration by the ICANN community at the Sydney meeting.

The IRT consists of 24 members:

• Chairwoman Caroline G. Chicoine; and
• Seventeen members; and
• Six ex officio members: Four IPC-elected officers and two-GNSO elected Board Directors (Bruce Tonkin and Rita Rodin Johnston). 

I've previously proposed a number of rights-protection mechanisms that IRT should consider. Today, I offer a few suggestions that I hope will guide IRT as they embark on their important work tomorrow. In particular, I hope they'll implement some of my suggestions intended to make the IRT process more transparent-so the rest of the global Internet can follow along with their important work and provide constructive input where possible.
.

TPI's Tom Lenard and Larry White released a study yesterday entitled ICANN at a Crossroads: A Proposal for Better Governance and Performance (PDF). ICANN is, indeed, at a crossroads: A number of critical Internet governance issues will be decided over the next 6-12 months-such as:

• How to roll out new gTLDs like .BLOG, which I've discussed here and here (PDF).
• ICANN's future as an increasingly independent organization, which I've discussed here.

But I strongly disagree with TPI's conclusion that:

ICANN should remain a nonprofit organization, but it should be governed by and accountable to its direct users: the registries and the registrars. The seats on ICANN's board could be rotated among the major operators in a manner that would reflect the diversity of viewpoints among the registries and registrars.

Having invested over 10 years of my life in ICANN's diverse and inclusive public/private partnership model, I speak from first-hand experience that ICANN is far from perfect as an organization. I've often feared that ICANN is heading in the wrong direction and I've never hesitated to say so. But despite these shortcomings, the various stakeholders I work with in the seemingly byzantine "ICANN process" remain as committed as ever to the principles set forth in NTIA's 1998 White Paper as the foundations of Internet governance. The staying-power of this shared belief in a common set of principles among all stakeholders reaffirms my faith in the public/private partnership-whatever other changes need to be made.

Lenard and White are right about one thing: We do need a new model for ensuring ICANN's accountability after the expiration of ICANN's current relationship with the U.S. Government. But the model they suggest isn't it--as Steve Delbianco has pointed out.

ICANN has just released a second draft of its Applicant Guidebook, which would guide the creation of new generic topmore generic top-level domains (gTLDs) such as .BLOG, .NYC or .BMW. As ICANN itself declared (PDF), "New gTLDs will bring about the biggest change in the Internet since its inception nearly 40 years ago." PFF Adjunct Fellow Michael Palage and former ICANN Board member addressed the key problems with ICANN's original proposal in his paper ICANN's "Go/ No-Go" Decision Concerning New gTLDs (PDF & embedded below), released earlier this week.

ICANN deserves credit for its detailed analysis of the many comments on the original draft which Mike summarized back in December. ICANN also deserved credit for addressing two strong concerns of the global Internet community in response to the first draft:

• ICANN has removed its proposed 5% global domain name tax on all registry services, something Mike explains in greater detail in his "Go/No-Go" paper.


• ICANN has commissioned a badly-needed economic study on the dynamics of the domain name system "in broad." But such a study must address how the fees ICANN collects from specific user communities relate to the actual costs of the services ICANN provides. The study should also consider why gTLDs should continue to provide such a disproportionate percentage of ICANN's funding--currently 90%--given increasing competition between gTLDs and ccTLDs (e.g., the increasing use of .CN in China instead of .COM).

But ICANN simply "kicked the can down the road on the biggest concern": how to minimize abusive domain name registrations (e.g., cybersquatting, typosquatting, phishing, etc.) and reduce their impact on consumers.

David Margolick has penned a lengthy piece for Portfolio.com about the AutoAdmit case, which has important ramifications for the future of Section 230 and online speech in general. Very brief background: AutoAdmit is a discussion board for students looking to enter, or just discuss, law schools. Some threads on the site have included ugly -- insanely ugly -- insults about some women. A couple of those women sued to reveal the identities of their attackers and hold them liable for supposedly wronging them. The case has been slowly moving through the courts ever since. Again, read Margolick's article for all the details. The important point here is that the women could not sue AutoAdmit directly for defamation or harassment because Section 230 of the Communications Decency Act of 1996 immunizes websites from liability for the actions of their users. Consequently, those looking to sue must go after the actual individuals behind the comments which (supposedly) caused the harm in question.

I am big defender of Section 230 and have argued that it has been the cornerstone of Internet freedom. Keeping online intermediaries free from burdensome policing requirements and liability threats has created the vibrant marketplace of expression and commerce that we enjoy today. If not for Sec. 230, we would likely live in a very different world today.

Sec. 230 has come under attack, however, from those who believe online intermediaries should "do more" to address various concerns, including cyber-bullying, defamation, or other problems. For those of us who believe passionately in the importance of Sec. 230, the better approach is to preserve immunity for intermediaries and instead encourage more voluntary policing and self-regulation by intermediaries, increased public pressure on those sites that turn a blind eye to such behavior to encourage them to change their ways, more efforts to establish "community policing" by users such that they can report or counter abusive language, and so on.

Of course, those efforts will never be fool proof and a handful of bad apples will still be able to cause a lot of grief for some users on certain discussion boards, blogs, and so on. In those extreme cases where legal action is necessary, it would be optimal if every effort was exhausted to go after the actual end-user who is causing the problem before tossing Sec. 230 and current online immunity norms to the wind in an effort to force the intermediaries to police speech. After all, how do the intermediaries know what is defamatory? Why should they be forced to sit in judgment of such things? If, under threat of lawsuit, they are petitioned by countless users to remove content or comments that those individuals find objectionable, the result will be a massive chilling effect on online free speech since those intermediaries would likely play is safe most of the time and just take everything down.

What would it take to create a more secure Internet? That's what John Markoff explores in his latest New York Times article, "Do We Need a New Internet?" Echoing some of the same fears Jonathan Zittrain articulates in his new book The Future of the Internet, Markoff wonders if online viruses and other forms of malware have gotten so out-of-control that extreme measures may be necessary to save the Net. Compared to when cyber-security attacks first started growing over 20 years ago, Markoff argues that:

[T]hings have gotten much, much worse. Bad enough that there is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over.

The Internet's current design virtually guarantees anonymity to its users. (As a New Yorker cartoon noted some years ago, "On the Internet, nobody knows that you're a dog.") But that anonymity is now the most vexing challenge for law enforcement. An Internet attacker can route a connection through many countries to hide his location, which may be from an account in an Internet cafe purchased with a stolen credit card. "As soon as you start dealing with the public Internet, the whole notion of trust becomes a quagmire," said Stefan Savage, an expert on computer security at the University of California, San Diego.

A more secure network is one that would almost certainly offer less anonymity and privacy. That is likely to be the great tradeoff for the designers of the next Internet. One idea, for example, would be to require the equivalent of drivers' licenses to permit someone to connect to a public computer network. But that runs against the deeply held libertarian ethos of the Internet.

But what if we could apply such solutions in a narrower sense? That is, could we create more secure communities within the overarching Internet superstructure that might provide greater security? Markoff starts thinking along those lines when he suggests...

I used to have a (semi-crazy) uncle who typically began conversations with lame jokes or bad riddles. This sounds like one he might have used had he lived long enough: What do Thomas Jefferson, a moose, and cyberspace have in common?

The answer to that question can be found in a new book, In Search of Jefferson's Moose: Notes on the State of Cyberspace, by David G. Post, a Professor of Law at Temple University. Post, who teaches IP and cyberspace law at Temple, is widely regarded as one of the intellectual fathers of the "Internet exceptionalist" school of thinking about cyberlaw. Basically, Post sees this place we call "cyberspace" as something truly new, unique, and potentially worthy of some special consideration, or even somewhat different ground rules than we apply in meatspace. More on that in a bit.

[Full disclosure: Post's work was quite influential on my own thinking during the late 1990s, so much so that when I joined the Cato Institute in 2000, one of the first things I did was invite David to become an adjunct scholar with Cato. He graciously accepted and remains a Cato adjunct scholar today. Incidentally, Cato is hosting a book forum for him on February 4th that I encourage you to attend or watch online. Anyway, it's always difficult to be perfectly objective when you know and admire someone, but I will try to do so here.]

Post's book is essentially an extended love letter -- to both cyberspace and Jefferson. Problem is, as Post even admits at the end, it's tough to know which subject this book is suppose to teach us more about. The book loses focus at times -- especially in the first 100 pages -- as Post meanders between historical tidbits of Jefferson's life and thinking and what it all means for cyberspace. But the early focus is on TJ. Thus, those who pick up the book expecting to be immediately immersed in cyber-policy discussions may be a bit disappointed at first. As a fellow Jefferson fanatic, however, I found all this history terrifically entertaining, whether it was the story of Jefferson's Plow and his other agricultural inventions and insights, TJ's unique interest in science (including cryptography), or that big moose of his.

OK, so what's the deal with the moose? When TJ was serving as a minister to France in in the late 1780s, at considerable expense to himself, he had the complete skeleton, skin and horns of a massive American moose shipped to the lobby of his Paris hotel. Basically, Jefferson wanted to make a bold statement to his French hosts about this New World he came from and wake them up to the fact that some very exciting things were happening over there that they should be paying attention to. That's one hell of way to make a statement!

ICANN recently proclaimed that the "Joint Project Agreement" (one of two contractual arrangements that ICANN has with the U.S. Department of Commerce (DoC) governing ICANN's operations) will come to an end in September 2009. ICANN's insistence on this point first became clear back in October 2008 at ICANN's Washington, D.C. public forum on Improving Institutional Confidence when Peter Dengate Thrush, Chair of ICANN's Board declared:

the Joint Project Agreement will conclude in September 2009. This is a legal fact, the date of expiry of the agreement. It's not that anyone's declared it or cancelled it; it was set up to expire in September 2009.

ICANN's recently published 2008 Annual Report stuck to this theme:

"As we approach the conclusion of the Joint Project Agreement between the United States Department of Commerce and ICANN in September 2009..." - His Excellency Dr. Tarek Kamel, Minister of Communications and Information Technology, Arab Republic of Egypt

"Concluding the JPA in September 2009 is the next logical step in transition of the DNS to private sector management." - ICANN Staff

"This consultation's aim was for the community to discuss possible changes to ICANN in the lead-up to the completion of the JPA in September 2009." - ICANN Staff

ICANN's effort to make the termination of the JPA seem inevitable is concerning on two fronts. First, ICANN fails to mention that the current JPA appears to be merely an extension/revision of the original 1998 Memorandum of Understand (MoU) with DoC, which was set to expire in September 2000. Thus, because the JPA does not appear to be a free-standing agreement, but merely a continuation of MOU-as Bret Fausset argues in his excellent analysis of the relationship between the MoU and the JPA (also discussed by Milton Mueller). Therefore, it would be more correct to talk about whether the "MoU/JPA"-meaning the entire agreement as modified by the most current JPA-will expire or be extended.

ICANN's plan to begin accepting applications for new generic top-level domains (gTLDs) in mid-2009 may have been derailed by last week's outpouring of opposition from the global business community and the United States Government (USG). Having been involved with ICANN for over a decade and having served on its Board for three years, I've never seen such strong and broad opposition to one of ICANN's proposals.

This past June, the ICANN Board directed its staff to draft implementation guidelines based upon the policy recommendations of the Generic Names Supporting Organization (GNSO) that ICANN should allow more gTLDs such as .cars to supplement existing gTLDs such as .com. In late October, the ICANN staff released a draft Applicant Guidebook detailing its proposal. The initial public forum on this proposal closed on December 15-with over 200 comments filed online.

In its December 18 comments, the USG questioned whether ICANN had adequately addressed the "threshold question of whether the consumer benefits outweigh the potential costs." This stinging rebuke from the Commerce Department merely confirms the consensus among the 200+ commenters on ICANN's proposal: ICANN needs to do more than merely rethinking its aggressive time-line for implementing its gTLD proposal or tweaking the mechanics of the proposal on the edges. Instead, ICANN needs to go back to the drawing board and propose a process that results in a responsible expansion of the name space, not merely a duplication of it.