5
The Domain Name System: Institutional Issues

The in stitutional framework of the Domain Name System (DNS), as described in Chapter 3, comprises a diverse group of organizations carrying out their various responsibilities with a high degree of autonomy. No single institution—not even the Internet Corporation for Assigned Names and Numbers (ICANN) or the U.S. Department of Commerce—has effective authority over all of the participating organizations. Nevertheless, this group of organizations has successfully managed the DNS through two decades of rapid growth of the Internet, and of the most significant applications on the Internet such as the Web and e-mail, which rely on it. However, as the Internet and its applications have grown in importance, so have the attention and the controversy that the DNS and its institutional framework have attracted. That critical scrutiny has raised a number of issues concerning the structure, governance, management, and operations of the organizations that manage the DNS.

Most of those issues are being actively addressed, but the organizations involved face the reality of multiple, often conflicting interests—both public and private—becoming more actively engaged in their activities. That makes achieving consensus decisions—in the tradition of the early Internet community—increasingly difficult and leaves a residue of dissatisfaction with any decision that is taken. Since attention to the institutional framework of the DNS can be expected to continue to increase with the Internet’s growing significance as a critical global communications infrastructure, so too can the critical institutional issues be expected to receive increasing scrutiny and to give rise to increasing controversy.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation 5 The Domain Name System: Institutional Issues The in stitutional framework of the Domain Name System (DNS), as described in Chapter 3, comprises a diverse group of organizations carrying out their various responsibilities with a high degree of autonomy. No single institution—not even the Internet Corporation for Assigned Names and Numbers (ICANN) or the U.S. Department of Commerce—has effective authority over all of the participating organizations. Nevertheless, this group of organizations has successfully managed the DNS through two decades of rapid growth of the Internet, and of the most significant applications on the Internet such as the Web and e-mail, which rely on it. However, as the Internet and its applications have grown in importance, so have the attention and the controversy that the DNS and its institutional framework have attracted. That critical scrutiny has raised a number of issues concerning the structure, governance, management, and operations of the organizations that manage the DNS. Most of those issues are being actively addressed, but the organizations involved face the reality of multiple, often conflicting interests—both public and private—becoming more actively engaged in their activities. That makes achieving consensus decisions—in the tradition of the early Internet community—increasingly difficult and leaves a residue of dissatisfaction with any decision that is taken. Since attention to the institutional framework of the DNS can be expected to continue to increase with the Internet’s growing significance as a critical global communications infrastructure, so too can the critical institutional issues be expected to receive increasing scrutiny and to give rise to increasing controversy.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation This chapter is a guide to the principal institutional issues that have already or can soon be expected to come to the fore. For each institutional issue, the principal alternatives that have been publicly identified are summarized, and the alternatives are compared. Where the committee is in agreement, its conclusions and recommendations are presented. In all cases, the intent is to provide a clear description of the alternatives and the arguments for and against them as background for current and future policy deliberations. Some of the issues, such as ICANN’s management structure, may appear to be resolved for the time being. In the committee’s view, understanding the conflicting proposals that preceded the present resolution illuminates the pressures that remain in the background and that may, in the future, force the issue once again onto the policy agenda. The following issues are addressed in this chapter: Governance of the DNS. How should the DNS be governed? What should be the role of the U.S. government, international organizations, and ICANN? Management of the DNS. What changes in ICANN, if any, are appropriate? Oversight and operation of root name servers. Is there a need for greater oversight of the root name server operators? If so, how might it best be conducted? Regulation of generic top-level domains (gTLDs): number and process. Can and should new gTLDs be added? If so, how many new gTLDs should be added, and how fast? What types should they be, and how should they and their operators be selected? Oversight of country code top-level domains (ccTLDs). Should anything be done to increase ICANN’s oversight of and authority over the ccTLDs? If so, what form should its increased authority take, and how can it be implemented? Resolution of conflicts over domain names. Does the Uniform Domain Name Dispute Resolution Process (UDRP) need to be improved? If so, how should it be improved? Provision and protection of Whois data. What is the appropriate balance among the various interests in Whois data? In contrast to most of the other chapters in this report, this one deals with issues for which opinion and values play a significant role. Consequently, many of the citations and references are to advocacy documents, not to peer-reviewed scientific or technical papers. These references serve as pointers to places where the proposals being summarized were presented. When there were multiple similar proposals, one or two have been

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation selected as references, either because they appeared to be the most representative or because they were the most readily accessible. The committee’s use of these references should in no way be considered an endorsement of the point of view expressed. 5.1 GOVERNANCE OF THE DOMAIN NAME SYSTEM Issues: How should the DNS be governed? What should be the role of the U.S. government, international organizations, and ICANN? As explained in Chapter 3, the U.S. government currently possesses the final authority to make key decisions affecting the DNS. Specifically, it must approve all changes in the root zone file and, thereby, controls the designation of top-level domains (TLDs) and the assignment of responsibility for their operation. In this way, it functions as the steward of the DNS, exercising its authority and making decisions for the larger Internet community. Through a memorandum of understanding (MoU) signed in November 1998, the U.S. government delegated day-to-day operational authority to ICANN, which makes recommendations to the U.S. Department of Commerce (DOC) for its decisions affecting the DNS. In this capacity, ICANN recommends the addition of new TLDs and redelegations of existing TLDs. (As noted in Chapter 3, ICANN has additional responsibilities for Internet Protocol (IP) addresses and protocols.) ICANN might be thought of as the registry for the root, sponsored by the U.S. government. ICANN nominally has the same responsibilities as other registries: it registers entries into the zone file and sees to the distribution of that zone file to the name server operators. However, as noted in Chapter 3, unlike the TLD registries, ICANN does not directly contract for operation of the root name servers, nor does it have contracts with all the TLDs. In fact, in June 2005 it had agreements with only 10 of the 15 gTLDs and 12 of the 243 ccTLDs. However, because it recommends any new and revised entries into the root zone, because its agreements with the largest gTLDs set the rules for their operations and those of their accredited registrars, and because those rules strongly influence the operations of the other TLDs, ICANN is generally perceived to be the manager of the DNS. Against this background, the issue of the proper form of DNS governance can be divided into two separate but closely interrelated issues: (1) Where should the stewardship—the final authority for key decisions—of the DNS reside? and (2) How should management authority—the registry function for the root—for the DNS be exercised? Although these roles are distinct at present, one possible answer is that they be combined.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation 5.1.1 Relationship to Governance of the Internet Before addressing the questions of stewardship and management authority for the DNS, it is important to emphasize the distinction between governance of the DNS and governance of the Internet. Clarifying this distinction is necessary because the DOC’s and ICANN’s visible responsibility for a key part of the Internet’s infrastructure and the fact that decisions affecting the DNS have economic, social, and political consequences have tended to focus discussions of Internet governance on the DOC/ICANN and the DNS. However, there are many aspects of the Internet that are or might be subject to governance but that lie outside the DNS and the areas of responsibility of its managers.1 These include, for example, controlling spam; dealing with use of the Internet for illegal purposes; resolving the “digital divide” between developed and developing countries; protecting intellectual property other than domain names; protecting privacy and freedom of expression; and facilitating and regulating e-commerce.2 Furthermore, there are increasingly important aspects of the Internet that are currently subject to little public governance, such as search engines and directories. Thus, DNS governance is a part of, but does not include many aspects of, Internet governance. Since at the time of this writing in December 2004 there have been no practical proposals for broad governance of the Internet, this chapter focuses solely on governance of the DNS. (The institutional issues associated with Internet navigation are discussed separately in Chapter 8.) Conclusion: Governance of the DNS is part, but not all, of Internet governance. ICANN and the DNS are not the proper vehicles to address most Internet policy issues. 5.1.2 Where Should Stewardship of the DNS Reside? The U.S. government acquired responsibility for and authority over the DNS root by virtue of its historical initiative and financial investment 1   The issue of Internet governance, in general, has become the subject of intense scrutiny in preparation for the second phase of the World Summit on the Information Society (WSIS) in November 2005. The ITU held a workshop on Internet governance in February 2004 at which many views on the subject were presented. For an extensive discussion of Internet governance and the place of DNS governance within it, see, for example, Don McLean, “Herding Schrödinger’s Cats: Some Conceptual Tools for Thinking About Internet Governance,” ITU Workshop on Internet Governance, February, 2004, available at <http://www.itu.int/osg/spu/forum/intgov04/contributions.html>. In preparation for the WSIS meeting in 2005, the Working Group on Internet Governance (WGIG) was appointed in November 2004. 2   The ITU invited selected experts to present papers on Internet governance at a workshop. These papers, which present a variety of personal views on this broad range of issues, are available at <http://www.itu.int/osg/spu/forum/intgov04/contributions.html>.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation in supporting creation of the Internet and the DNS, as described in Chapter 2. However, as the Internet has become international in extent, support, and operation, the formal legitimacy of the U.S. government’s continued authority over the root has come under challenge, such as in the context of the World Summit on the Information Society (WSIS).3 Critics, including representatives of the governments of Brazil, South Africa, Russia, and China,4 have argued that the DNS is so central to the reliable and effective operation of the now fully global Internet that its control by a single nation is no longer justifiable. Some would prefer that the ultimate stewardship reside in an intergovernmental body, such as a U.N.-affiliated agency—for example, the International Telecommunication Union—or a new organization specifically negotiated by treaty, such as a “World Internet Organization”; others prefer an international body that includes governments, the private sector, and civil society. Many of the critics are national governments that have felt left out of the ICANN process, in which their representation is through the Governmental Advisory Committee (GAC),5 which until 2003 had advisory status only.6,7 Indeed, Brazil has asserted that “it is a myth that governments have a say in ICANN’s activities via the GAC … the influence of governments is comparable to the influence of non-shareholders in a private company.”8 3   For information about the World Summit on the Information Society, see <http://www.itu.int/wsis/>. 4   See “Global Fight Looms for Net Management,” Reuters, September 16, 2003, available at <http://news.com.com/2102-1028_3-5077101.html>. 5   As of March 2005, the Governmental Advisory Committee comprised the representatives of 94 nations, as well as several international and regional organizations with observer status—the African Telecommunications Union (ATU), Agence Inter-Gouvernmentale de la Francophonie, Asia Pacific Telecommunity (APT), Commonwealth Telecommunications Organization, Economic Commission for Africa, International Telecommunication Union (ITU), Organization for Economic Cooperation and Development (OECD), Pacific Islands Forum, and the World Intellectual Property Organization (WIPO). 6   For a history and analysis of the role of the GAC in ICANN, see Wolfgang Kleinwachter, “From Self-governance to Public-private Partnership: The Changing Role of Governments in the Management of the Internet’s Core Resources,” Loyola of Los Angeles Law Review 36(Spring): 1103-1126, 2003. 7   In September 2004, Norway argued, in a submission to a preparatory meeting for the WSIS, that the GAC needs stronger funding and “cannot continue to have a mere counseling role to the ICANN.” Norway called for a stronger and better-funded secretariat that would enable the GAC to focus on more strategic and political issues. See World Summit on the Information Society, Working Group on Internet Governance, written contribution from Norway, which is available at <http://www.itu.int/wsis/preparatory2/wgig/norway.pdf>. 8   As reported by ICANNWatch: “WGIG Will Reassess—or Reassert?—Governments’ Role in Internet,” which is available at <http://www.icannwatch.com/article.pl?sid=04/09/21/1812238&mode=thread>.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation However reasonable the move toward international stewardship might appear in theory, in practice any change can be made only with the acquiescence and active participation of the U.S. government. Not only would the U.S. government have to be an important party to any transfer, but it also holds an effective veto because all of the root name server operators would have to agree to accept the root zone file from a new source, yet 3 of the 12 operators are U.S. government agencies and 6 others are U.S.-based organizations that may well be reluctant to take actions contrary to the wishes of the U.S. government. 5.1.3 Alternatives In this light, an examination of three alternatives to U.S. government stewardship is instructive: an existing intergovernmental organization, a new international organization formed by treaty, or an international (but non-governmental) organization, such as ICANN or a successor. (Another possibility would be to divide DNS governance responsibilities among several organizations, each of which would have its own steward. Although that may be an outcome of DNS governance decisions, this section addresses the stewardship of the manager or managers of the DNS, whatever form it or they should take.) Alternative A: Existing Intergovernmental Organization—International Telecommunication Union Description Of all the existing intergovernmental organizations, the one that claims the most relevant experience and that has expressed the greatest interest in DNS governance is the Geneva-based International Telecommunication Union (ITU), a treaty organization affiliated with the United Nations.9 Its membership comprises about 190 nations as well as more than 650 firms and international organizations in the telecommunications and information technology industries. Its Standardization Sector (ITU-T) has long experience with the adoption and implementation of international telecommunications standards, primarily for telephony but also for some computer networking technologies that are now considered histori- 9   Other U.N. agencies have expressed interest in the broader question of Internet governance, among them the United Nations Educational, Scientific, and Cultural Organization, which prepared a position statement for the U.N. I.C.T. Task Force Global Forum on Internet Governance held in March 2004 in New York. See <http://www.itu.int/wsis/preparatory2/wgig/unesco.pdf>.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation cal in much of the world.10 A separate organization within the ITU, the Radiocommunication Sector (ITU-R), has responsibility for radio frequencies and some regulatory authority under the applicable treaties. Its processes and procedures are mature and, according to the ITU, “there are sufficient checks and balances in place to ensure that vested interests cannot misuse ITU processes for their particular interests.”11 All member governments and any interested private company (including registries, registrars, Internet service providers (ISPs), and equipment suppliers) can participate in ITU-T’s work, but unless there is general agreement, only governments can vote and only governments can be represented in ITU’s council, which has overall policy and strategy responsibility between ITU plenipotentiary conferences. Because the ITU is an intergovernmental organization, it has sovereign immunity, which obviates the need for liability insurance or worry about liability affecting its decisions. Since concerns about the legal liability it might be assuming appear to have affected ICANN’s willingness to, for example, enter into agreements with some ccTLDs that wanted to hold it to predefined performance standards, and could affect its ability to take on other roles, this advantage of an intergovernmental organization has some weight. Conversely, however, it may make the ITU a less attractive alternative to those ccTLDs and others that want to be able to hold a governing organization liable if it fails to perform its functions satisfactorily. The ITU members voted at its 2002 Plenipotentiary Conference in Morocco that it should play an active role in “discussions and initiatives” related to the DNS and IP address system with the goal of becoming the forum in which public policy issues of Internet naming and numbering are resolved. In its resolution from the meeting, the ITU identified “stability, security, freedom of use, protection of individual rights, sovereignty, competition rules, and equal access for all” as important public policy issues.12 Since that meeting, the ITU has campaigned for a more active role in governance of the Internet generally and the DNS specifically. Its 10   “The ITU-T performs world-wide administration, and acts as the forum for policy management, of a number of naming and address allocation systems that are essential for the good functioning of critical infrastructures, including the physical-layer infrastructure of the Internet itself … [and] such well-known examples as the E.164 numbering resource and the E.212 mobile numbering resource.” See Houlin Zhao, ITU-T and ICANN Reform, Telecommunication Standards Bureau, ITU, April 17, 2002, pp. 3-4, available at <http://www.itu.int/ITU-T/tsb-director/itut-icann/ICANNreform.html>. 11   Zhao, ITU-T and ICANN Reform, 2002. 12   ITU Resolution 102, Management of Internet Domain Names and Addresses, Marrakesh, Morocco, 2002, available at <http://www.itu.int/osg/spu/resolutions/2002/res102.html>. Also see Kevin Delaney, “Global Organization Seeks Voice in Internet Addressing System,” Wall Street Journal, October 21, 2002, p. B4.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation sponsorship of the Workshop on Internet Governance in February 2004 and its consultation on forming the Working Group on Internet Governance in September 2004 are indicative of its continuing active interest.13 Evaluation The principal arguments in favor of moving stewardship of the DNS to the ITU are the broad international participation in the ITU, both by governments and industry; its established processes for policy making; its secure funding and sovereign immunity; and its long experience with management of international telecommunications resources. Its international treaty status would, perhaps, also give it greater influence over the ccTLDs and the root name server operators. At the same time, ITU-T cannot make decisions affecting competing parties or take actions without agreement by its membership. If there is a disagreement between governments, aside from attempting to mediate, ITU-T can do nothing until a plenipotentiary conference acts to resolve the matter, since only it has the authority to make recommendations to governments (which, however, can still ignore them). Furthermore, the ITU’s charter does not allow intervention in disputes within countries, such as might occur over the delegation or redelegation of a ccTLD registry. There are, moreover, objections to the ITU’s assumption of the DNS stewardship role from the Internet technical and user communities and, significantly, from the U.S. government. The technical and user communities have a distrust of the ITU for its long record of opposing the Transmission Control Protocol/Internet Protocol (TCP/IP) and for its unwillingness to make its standards publicly available for use on the Internet. Additionally, they fear that the ITU’s bureaucracy and its structure and processes, which require that governments sign off on decisions, will lead to extremely slow decision making unable to keep pace with the requirements of managing the DNS. Many also fear that the large telecommunications companies, which have a long-standing interest in and presence at the ITU, will dominate the processes. It has generally been difficult for individuals and public interest groups to participate in the ITU’s processes, although the ITU has expressed a commitment to change. Although it engaged individuals and groups in the meeting on Internet governance that it sponsored in association with the WSIS,14 it excluded non-governmental organizations from the decisionmaking sessions and it has not moved to change the ITU’s charter or ITU-T’s internal rules to permit their active participation. 13   See materials at <http://www.itu.int/osg/spu/intgov/index.phtml/>. 14   See a list of participants at <http://www.itu.int/osg/spu/forum/intgov04/>.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation The user communities are also concerned that the ITU would become a vehicle for governments to exercise control over the registration of domain names and would use that control to enforce other policies such as the local taxation of Internet commerce, intellectual property protection, and the restriction of free speech and rights to privacy. From what is known of current U.S. government attitudes, both in the executive and legislative branches, transfer of DNS stewardship to an intergovernmental organization is not likely to be supported now or in the near future, although such attitudes can change. Conclusion: Despite the interest of the ITU and some of its national members in its assuming stewardship of the DNS root, that does not appear to be a realistic alternative for the near future. Alternative B: International Treaty Organization Description and Evaluation The negotiation of an international treaty to establish a special agency of the United Nations for Internet governance is also not likely to be supported by the U.S. government. The example of other such negotiations has shown that they take many years to complete, especially if governance or binding regulation are contemplated among its authority, rather than just coordination or standardization, and are unlikely to succeed in the absence of strong and sustained efforts by many nations, which despite the currently expressed concerns does not seem likely. So this alternative does not appear to be realistic in the near term either. Conclusion: Although it is possible that the U.N.-sponsored 2005 World Summit on the Information Society will lead to proposals for some form of internationally negotiated, quasi-governmental or multi-stakeholder organization with oversight or other influence over DNS governance, specific proposals are not yet (in December 2004) on the table and cannot be evaluated for either their practicality or their feasibility. This leaves the third alternative, which follows. Alternative C: Private Organization with International Participation Description The only institution to which the U.S. government has expressed its willingness to transfer its stewardship of the DNS is ICANN, or a similar

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation private, non-profit successor. Furthermore, this transfer of stewardship could occur only after ICANN (or a successor) had established its ability to operate effectively, reliably, and with wide international and constituency support for a number of years. Indeed, in its statement regarding the 1-year extension of its MoU with ICANN in September 2002, the DOC said: The Department of Commerce (Department) continues to support the goal of a private sector management of the Internet domain name system (DNS). Innovation, expanded services, broader participation, and lower prices will arise most easily in a market-driven arena, not in an environment that operates under substantial regulation. To this end, the Department has long maintained that a private sector organization is best able to respond nimbly to DNS issues in the rapidly evolving Internet space. Further, in order to garner international respect and function stably and soundly in the long-term, such an organization must be globally and functionally representative, operate on the basis of open and transparent processes, and possess robust, professional management.15 In September 2003, the DOC granted ICANN a 3-year extension of its MoU and indicated that if the agreement’s milestones are met, it is prepared to complete the transition of DNS management to the private sector at the end of that period.16 More recently, in conjunction with ICANN’s July 2004 meeting, the Assistant Secretary of Commerce for Communications and Information issued a statement expressing pleasure that “ICANN has timely met the MoU milestones to date. Clearly more work remains to be done for ICANN to achieve functional, sustainable independence. We look forward to continuing to work collaboratively with ICANN … as we complete the transition to independent, private sector management of the Internet Domain Name System.”17 Evaluation Although these statements indicate the U.S. government’s willingness to give up the ultimate stewardship of the root, they also demonstrate its 15   Department of Commerce (DOC), “Department of Commerce Statement Regarding Extension of Memorandum of Understanding with ICANN,” September 19, 2002, available at <http://www.ntia.doc.gov/ntiahome/domainname/agreements/docstatement_09192002.htm>. 16   See amendment 6 to ICANN/DOC Memorandum of Understanding, September 16, 2003, available at <http://www.icann.org/general/amend6-jpamou-17sep03.htm>; and DOC, “Department of Commerce Statement Regarding Extension of Memorandum of Understanding with ICANN,” September 16, 2003, available at <http://www.ntia.gov/ntiahome/domainname/agreements/sepstatement_09162003.htm>. 17   Department of Commerce, National Telecommunications and Information Administration, “Statement by Assistant Secretary Michael D. Gallagher on ICANN’s July Meeting in Kuala Lumpur,” press release, July 19, 2004, DOC, Washington, D.C.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation unwillingness to do so until it is assured that ICANN can manage the DNS “in a manner that promotes stability and security, competition, coordination, and representation.”18 The stewardship role of the DOC, while a matter of political concern to some nations, has not impeded ICANN’s governance role, with the important exception of sometimes substantial delays in approvals for routine changes in the root zone file, a situation that improved during 2004.19 (See “Approving the Root Zone File” in Section 3.3.3). For example, the DOC has not overridden any ICANN recommendations for reasons of U.S. national interest. The issues that have arisen about the governance of the root have, rather, concerned the way in which ICANN operates in preparing its recommendations to the DOC and not in the way that the DOC operates once it receives those recommendations. In that respect, the decision to establish an organization to take on the day-to-day administration of the root has successfully reduced those pressures on the U.S. government while, at the same time, preserving its ultimate stewardship. The Internet in general and the DNS in particular have been developed and governed with the goal of technically enabling equitable access to all locations on the Internet to users anywhere on the globe. To best serve the worldwide Internet and the DNS, the U.S. government’s influence needs to continue to be exercised carefully and, in particular, this influence should not be used as an instrument of U.S. domestic or foreign policy in areas far removed from the Internet. Conclusion: Governance of the DNS is not an appropriate venue for the playing out of national political interests. The technical legacy of the DNS’s development and initial implementation in the United States, such as the use of the ASCII character set for domain names and the concentration of root servers in the United States, has been a source of concern to some countries. Such concerns have been 18   DOC, “Department of Commerce Statement Regarding Extension of Memorandum of Understanding with ICANN,” September 16, 2003, p. 2. 19   There has been dissatisfaction among the ccTLD managers over the length of time required by ICANN and the DOC to approve routine changes to the root zone file. In response, ICANN prepared a revised process designed to cut the time substantially and to keep requesters informed of progress in the approval process. See Internet Assigned Numbers Authority (IANA), “Procedures for Handling Requests by ccTLD Managers to Change Nameservers,” May 13, 2003, available at <http://www.iana.org/cctld/nameserver-change-procedures-13may03.htm>. These revised procedures and other changes have significantly reduced the time taken to make changes in the root zone file as reported by the general manager of ICANN/IANA at the Kuala Lumpur meeting of ICANN. His full report, including specific data, is available at <http://www.icann.org/presentations/barton-forum-kl-22jul04.pdf>.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation • Improved training and self-help tools. In many UDRP proceedings the focus is on the use of domain names in Web addresses (URIs). The role of domain names in e-mail addresses and in other applications is often ignored by the panelists, even though the effects can be different from those in Web addresses. One possible reason for this oversight is that some panelists may lack a technical understanding of how the DNS and the Internet operate. Thus, some believe, UDRP proceedings could be improved by enhancing the training requirements for panelists in the technology underlying the DNS, the manner in which domain names can be used, and the application of the policies and rules applicable to domain name disputes. Improvements in the process might be developed to help panelists verify the manner in which domain names are used, either through self-help mechanisms or by changing the rules to request this information from the respondents. Dispute resolution providers could provide training for panelists on a regular basis, with such training being a requirement to maintain panelist status with that provider. Thorough and detailed self-help tools might also be developed to enable respondents to better understand the UDRP process itself, the timeline involved, and the substance and format of an effective response to better comprehend and respond to a UDRP action.122 • Revised funding and compensation structures. Under the current funding structure, the revenue for panelists depends on the volume of cases, thereby either creating a disincentive to spend a sufficient amount of time reviewing the facts in a case and writing a well-thought-out opinion, or creating an incentive for marketing strategy and tactics to attract cases by defining lucrative niches, which may or may not correspond to justice in dispute resolution proceedings. Observers assert that such niches exist and that complainants often forum shop—selecting dispute resolution service providers based on their past record of favorable (to the complainant’s position) rulings. Since some parties believe that the $1150 to $1500 fee for filing a complaint regarding a single domain name is already expensive, there is some resistance to any proposed increase. In addition, increasing the fees paid to resolve or avoid a dispute raises the likelihood that, on the one hand, individual domain name holders would be discouraged from employing dispute resolution processes, while, on the other hand, well-financed domain name holders might be discouraged from filing large numbers of not completely justified complaints. 122   Early in 2005 the World Intellectual Property Organization posted on its Web site an “informal overview of panel positions on key procedural and substantive issues,” including references to decisions supporting each line of opinion. The “WIPO Overview of WIPO Panel Views on Selected UDRP Questions,” which is not binding on the panelists, is available at <http://arbiter.wipo.int/domains/search/overview/index.html>.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation On the compensation side, the fee paid to panelists, typically $1000 to $1750, is below the level that highly qualified attorneys and consultants say is needed to attract them to serve or continue to serve as panelists. While it may never be possible to set the level high enough to attract and retain highly paid specialists on the basis of compensation alone, it may be worth examining the fee schedule to see whether a higher level could be established while retaining the low cost of the UDRP. Recommendation: Arbitral domain name dispute resolution processes, rather than national courts, should continue to be encouraged as the initial and primary vehicle for resolving most disputes associated with the rights to domain names. Recommendation: The feasibility and desirability of five specific UDRP improvements should be further considered by ICANN: improving consistent use of arbitral precedents, establishing an internal appeals process, using three-member panels, improving panelist knowledge about the technology underlying the DNS, and improving the nature and structure of incentives in the process. 5.6.3 Disputes Concerning Internationalized Domain Names The widespread deployment of internationalized domain names (IDNs)123 may well compound the difficulty of resolving disputes over domain names by increasing the possibility that domain names will be created that appear to be the same, but are not. The introduction of non-ASCII characters introduces a number of opportunities for conflicts, not about domain names themselves, but about characters that look alike. As the most trivial of examples, the upper-case Greek alpha and its Cyrillic equivalent are indistinguishable on the printed page from Roman upper case “A,” but the three have different Unicode code points and strings containing them will compare differently. There are several similar combinations involving Roman, Greek, and Cyrillic scripts, but other examples appear in almost all pairings of alphabetic scripts. Another problem occurs because of the overlap between, for example, Simplified and Traditional Chinese, where the characters look different but have the same meanings. These concerns about similar-appearing, or similarly interpreted, domain names are compounded by the observation that, in some circum- 123   See Section 4.3 for discussion of internationalized domain names.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation stances, a single registered domain name might have dozens, or even hundreds, of such variations. A cybersquatter could turn such conflicts into a potentially lucrative business by offering to sell such variant names to the “legitimate” owner at a fee just below the cost of a UDRP proceeding. Some of the registries and communities that would be most affected have concluded that it is preferable to shift the problem, to the degree possible, from conflict resolution to conflict avoidance by imposing restrictions on the registration of domain names that would conflict or otherwise cause confusion. ICANN has reinforced this approach by creating a guideline that requires that an IDN must be registered only with regard to a specified language, which eliminates some of the difficulties encountered with mixed scripts.124 This approach is discussed in more detail in Section 4.3. One view is that the potential for confusion in these cases is not really different from that of existing similar-appearing domain names, for which it has been suggested that UDRP-based name conflict resolution is adequate and appropriate. But variations among similar-looking domain names are such as to generate, potentially, hundreds of possible conflicts with a given character string. The Joint Engineering Team (JET) guideline model (see Section 4.3.3) addresses this problem by preventing some large fraction of the potential conflicts, rather than devising remedies for them after they occur. The JET guidelines take the position that IDN packages are atomic, and that there should be no mechanism for moving domain names in or out of one once it is created (see Section 4.3 for discussion of IDNs). Under that model, if a domain name conflict arises in the creation of such a package, the conflicting (already-registered or reserved) domain name is simply not placed in the new package. But if the conflicting domain name is later deleted, it does not become part of the later IDN package unless the domain names associated with that package are explicitly deleted and reregistered. That may or may not be the best possible model, but the alternatives, such as having domain names appear as reserved in two or more packages, with a priority order, lead to administrative, policy, or database management nightmares. But there are constituencies that oppose such systems, some of them on the grounds that dispute resolution is adequate and others, perhaps, on the more cynical grounds that letting things go to dispute resolution permits them to collect registrar and registry fees on the names whether they are valid or not and encourages even more business in defensive registrations. 124   Guidelines are available at <http://www.icann.org/general/idn-guidelines20jun03.htm>.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation Conclusion: The deployment of internationalized domain names introduces new sources of potential conflict over domain name rights. Reduction of such conflicts through guidelines and registration policies should be encouraged. 5.7 PROVISION AND PROTECTION OF WHOIS DATA Issue: What is the appropriate balance among the various interests in Whois data? As noted in Chapter 2, the Whois service began as a vehicle for network operators to find and contact those responsible for the operation of an Internet host when, for example, an operational problem arose. However, with the commercialization of the Internet, the Whois service has become an important and valuable tool for intellectual property owners and is often used by trademark owners to determine the identity of suspected infringers and cybersquatters. In addition, it is used by law enforcement agencies, such as the Federal Trade Commission in the United States, to track down the sources of fraudulent or other illegal uses of the Internet. At the same time, there has been concern about its real and potential exploitation by marketers and others who find the information about domain name registrants valuable. These uses have, in turn, given rise to significant and strongly held privacy concerns. Thus, while the ability to search the Whois database has always been limited, because of privacy concerns access and searching of Whois information have become more and more restricted over time. 5.7.1 Assessment of Whois Data Issues In the early days of the DNS, there were few, if any, concerns about the misuse of Whois data, just as ensuring the integrity of DNS data was deemed to be unnecessary. However, the population of users of Whois data has increased markedly in scale and scope, and assumptions about the good intent of all users have become unfounded. Furthermore, under the UDRP, giving false Whois information and not responding to requests for information have led to a presumption of bad faith by the respondent. For example, when Whois was used as a Unix command, trademark owners were able to retrieve a wide range of information, including contact information of the domain name registrant and a list of all domain names registered by one particular registrant. Later, and until 2001, Network Solutions, Inc. (NSI) allowed Internet users to retrieve a list of up to 50 domain names registered by a particular registrant, but then changed the maximum number to 10 registrations. Currently, none of the registrars allow Internet

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation users freely to query their Whois databases to determine which domain names a particular registrant has registered. Many registrars charge a fee for each request for a list of domain names registered by one of their registrants. In addition, some of the registrars do not provide a domain name registrant’s e-mail address in the contact information, but instead assign each registrant a generic e-mail address125 that is linked to the e-mail address the registrant provided in registering its domain name. Data Accuracy Whois information can be inaccurate, out of date, or false. Indeed, registrants may provide fictitious names and addresses and fail to update any of their contact information promptly, if ever. ICANN’s Registrar Accreditation Agreement contractually binds each of its accredited registrars to investigate and correct any reported inaccuracies in contact information for the domain names they maintain. ICANN established in September 2002 the Whois Data Problem Reports System (WDPRS) to receive public reports of inaccurate or absent Whois data. The sixth amendment to its MoU with the DOC requires that ICANN publish an annual report containing an analysis of the received reports. According to its March 2004 report,126 over the 18-month period from September 2002 through February 2004, the system received about 24,000 confirmed Whois inaccuracy reports, concerning about 16,000 different domain names. Of these, 82 percent concerned .com; 13 percent, .net; and 5 percent, .org. (An enhanced version of the system that will cover the new gTLDs as well as the legacy ones was launched in 2004.) The complaints received by each registrar were generally proportional to the number of names it registered. On average, each registrar received 4.8 complaints per year per 10,000 names managed. Somewhat more than a third of these complaints resulted in the correction of data or the removal of a domain name. As a further step to improve Whois data accuracy, ICANN adopted the Whois Data Reminder Policy (WDRP) on March 27, 2003.127 Since November 2003, all ICANN-accredited registrars must comply with the 125   This could cause problems in a UDRP proceeding since the generic e-mail address could be interpreted as false and, consequently, a contributor to the presumption of bad faith on the part of the respondent. 126   ICANN, “Community Experiences with the InterNIC Whois Data Problem Reports System,” March 13, 2004, available at <http://www.icann.org/whois/wdprs-report-final-31mar04.htm>. 127   ICANN, “Whois Data Reminder Policy,” June 16, 2003, available at <http://www.icann.org/registrars/wdrp-htm>.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation WDRP with respect to registrations they sponsor in all top-level domains for which they are accredited. At least annually, a registrar must present the current Whois information to registrants and remind them that provision of false Whois information can be grounds for cancellation of their domain name registration. Registrants must review their Whois data and make any corrections. Data Privacy ICANN posted a staff manager’s issues report on privacy issues related to Whois on May 13, 2003,128 that spelled out a catalog of the issues, the stakeholders, and their apparent positions on the issues. The issues concerned the data collected, including its quality, handling, disclosure, and use; the classification of registrants (i.e., political, commercial, individual); and commercial confidentiality and rights in data. The various stakeholders were viewed as placing emphasis on different issues. Non-commercial users were viewed as focusing on privacy, whereas commercial users were seen as concerned with accessibility to enforce accountability of uses. The intellectual property interests were understood to stress the importance of ready access to support investigations of intellectual property abuse, while ISPs support it to facilitate resolution of network problems and identification of the sources of spam. Registrars and registries view registrant data as an important business asset that should not be made available to competitors, while at the same time registrars need to access registrant data of competitors to confirm authorization of transfers. Registrars and registries both bear the expense of providing the services and, therefore, have strong incentives to reduce the cost of doing so. As a consequence of these differences in emphasis among stakeholders, the policy issues surrounding Whois services (as opposed to the Whois protocol) are often framed in adversarial terms. On the one hand, trademark holders and their representatives want comprehensive and free access to all Whois data and would like improvements in Whois services, such as higher quality in the Whois data and the ability to consolidate data across Whois services more easily. They see Whois data as an essential resource in the pursuit of those who compromise their trademarks in 128   ICANN, “Staff Manager’s Issues Report on Privacy Issues Related to Whois,” May 13, 2003, available at <http://www.icann.org/gnso/issue-reports/whois-privacy-report-13may03.htm>.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation domain names.129 On the other hand, those who are concerned about individual privacy highlight the problems that could be associated with unconstrained access to Whois data—from junk mailers and marketers to those who may use such data to facilitate more serious, illegal activities such as identity theft. In recognition of the complexity of the issues and interests involved, the ICANN staff manager’s issues report recommended as the next step the formation of a Whois/privacy steering group in the Generic Names Supporting Organization (GNSO) to conduct a fact-finding and issues definition process. Following on the work of that steering group, the Names Council of the GNSO in October 2003 launched three simultaneous task forces on various aspects of Whois privacy. The council intended to align their recommendations for submission to the ICANN board. Task Force 1 (TF1) was charged with examining what contractual changes (if any) would be required to allow registrars and registries to protect domain name holder data from data mining130 for marketing purposes. Task Force 2 (TF2) was asked to address issues concerning the data to be collected from registrants, their options to restrict access to the data and be informed of its use, and their ability to remove certain data elements from public access and receive notice if it is accessed. Task Force 3 (TF3) was tasked with looking at verification of the data collected, considering both errors and deliberate falsification. The three task forces presented their preliminary reports at the end of May 2004. They have been posted on the ICANN Web site for comment.131 Among the significant issues and positions identified were the following. Local law.132 In some cases, national privacy laws conflict with the provisions of ICANN’s agreement requiring the registrars to collect and 129   In a UDRP proceeding, for example, trademark owners are often required to show a “pattern of conduct” by the respondent of registering domain names incorporating the trademarks of other parties. Unless a trademark owner can guess the domain names registered by the respondent, it can incur considerable costs in obtaining this information, since the respondent may have used several different registrars in registering its domain names or provided slightly different contact details for each registration. 130   “Data mining” as used here means the use of computerized techniques to extract data about registrants from registrar Whois files in large quantities. Often these techniques are designed to overcome specific limitations imposed by registrars on the number of names that may be requested. The lists are then used for unsolicited mailings (spam) and other possibly illicit (identity theft) purposes. 131   Links to the preliminary reports are available at <http://gnso.icann.org/issues/whois-privacy/index.shtml>. 132   For this and the next two items, see the report of TF2 available at <http://gnso.icann.org/issues/whois-privacy/index.shtml>.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation make accessible certain data elements about registrants. The ICANN registry/registrar agreement should be modified to exempt registrars who obey local law from the conflicting provisions of the agreement. Data elements. All of the data elements currently collected are considered by at least some constituencies to be required, although some constituencies dispute the needs for some of them. No consensus exists on whether new elements are needed and whether some existing elements should be made voluntary. The issue is less what should be collected by registries/registrars and more what data should be made available for public access. Publication of data. Whois data has a wide range of uses (as discussed above.) It is also subject to abuses—telemarketing, identity theft, spamming, stalking, and abuse and harassment have been reported, though not quantified. There is a need to achieve a balance between accessibility and privacy. Possible approaches include tiered access, in which different types of users would have access to different subsets of the data; proxy registration services that would substitute third-party for registrant data and control access to the latter; and the ability of registrants to opt out of publication of certain data on a case-by-case basis. The latter approach has been adopted by some ccTLDs. Data mining and marketing.133 If only non-sensitive data (generally, technical information) were to be available via Whois, it would have little value, be unlikely to be data mined, and have little impact on privacy. However, to the extent that sensitive data (generally, personal contact information) is publicly available through registry/registrar Whois services, TF1 members agreed that at a minimum the requestor of Whois information should be required to identify (and authenticate) itself to the Whois provider together with its reasons for seeking the data. They left open the issue, however, of whether notice to the registrant of such a request should be required. They also left open the question of whether and under what conditions automated access to Whois data could be allowed and to whom. Among the possibilities would be enabling a restricted license that would provide data to approved requestors for recognized purposes in human-readable format only. Requestors could be approved generally and centrally (a white list) or locally and specifically (an individual use list). 133   See the report of TF1 available at <http://gnso.icann.org/issues/whois-privacy/index.shtml>.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation 5.7.2 Whois and Internationalized Domain Names134 Just as it does for the UDRP, the introduction of internationalized domain names (IDNs) raises technical and institutional issues for the Whois service. For the most part, these are issues about the languages in which Whois queries will be posed and responded to. At the basic query level, the current Whois service expects to receive ASCII characters only; it cannot receive queries in Unicode (which is used to encode the many different character sets of contemporary human languages), and its responses are similarly in ASCII. But in an internationalized environment, domain names will not all be written in ASCII (although, as explained in Section 4.3, they will all be mapped into ASCII strings). This raises the first question: What character sets should be acceptable in a query? The choices include not only Unicode, but also IDNA puny code (see Section 4.3) and local character sets, or some combination of them. Similarly, responses to Whois queries are currently provided in ASCII. This raises the second question: What language should be acceptable in a response, and how should it be encoded? The choices of language include the language of the nation in which the registrar or the registrant is located or English. Or one might permit some “international languages,” such as English, Chinese, French, Spanish, Russian, Arabic, and so on. If the response is to be useful to most questioners on the international Internet, then would it be reasonable to expect them to have to hire translators? Or should the Whois registrant be required to list its information in some commonly accepted language? If the language is other than English, then issues about coding arise that are similar to the question regarding queries. For example, should Unicode be required and, if so, which encoding form of Unicode? Or should local character encodings, which might be in much more general use with the particular relevant language or script, but less easily accessible internationally, be permitted? A third question arises since IDN practices for complex languages actually create packages of reserved names (see Section 4.3). In such cases, how much information should Whois provide about other names in the package in response to a query about one of them? None of these issues had been resolved by September 2004. However, as IDNs are more widely adopted, the lack of their early resolution will increase the likelihood of problems arising and the difficulty of introducing the necessary changes. 134   This section draws on material in John C. Klensin, “‘Whois’ Internationalization Issues,” presentation at the ICANN meeting in Carthage, Tunisia, October 2003, available at <http://www.icann.org/presentations/klensin-whois-carthage-29oct03.ppt>.

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation On the other hand, the work on a new protocol to replace Whois (see Section 5.7.3) has explicitly addressed some internationalization issues. Although that work does not address all of the issues raised above, it at least makes it possible to transmit and receive Unicode characters without somehow encoding them into ASCII form and, if it is desired to support local character encodings, to construct a framework for identifying and using them. Recommendation: The IETF and ICANN should address Whois data internationalization issues with high priority in order to enable their resolution and implementation of the results together with the widespread introduction of IDNs. 5.7.3 Conclusion and Recommendation The issues concerning the accuracy of and access to Whois data engage the interests of many stakeholders with legitimate but sometimes conflicting interests. They entail actual and potential conflicts with differing national privacy laws. Furthermore, the ICANN agreements with registrars and registries obligate them to accept only consensus policies. Consequently, the best way to achieve improvements in the Whois policies and practices appears to be through the consensus policy development process in which ICANN is engaged. Attempts by individual governments to impose specific requirements on Whois, such as recent legislative initiatives in the U.S. Congress,135 can interfere with these efforts and have counterproductive consequences by inducing registrants to find ways to hide their identities. Conclusion: Legislative or technical initiatives that construe Whois narrowly will not be productive in the long run and serve only to energize those constituencies that perceive their interests as being compromised. The committee agrees that access to Whois data should be viewed as a tiered decision, and not as a binary decision. Gradations should exist, as they do in local telephone directories where entries are included by default, but where unlisted numbers can be obtained. Moreover, under certain conditions, law enforcement officials can obtain an individual’s information, even if the individual has opted not to be included in the public directory. Alternatively, individuals can sometimes embellish their ge- 135   H.R. 3754, 108th Congress, Fraudulent Online Identities Sanctions Act (FOISA).

OCR for page 187
Signposts in Cyberspace: The Domain Name System and Internet Navigation neric entry (for a fee). Thus, changes to the Whois process need to be conceived in a systematic way that accounts for the varying legitimate perspectives. The example of local telephone directories is offered for illustrative purposes only. The committee is not recommending this specific model per se, although the analogy can also be helpful since personal data (name, address, and phone number) are made publicly available through printed (and now online) directories, just as they are through Whois services. Recommendation: Future systems that support Whois data management and access should be designed to allow for gradations in access while maintaining some degree of free access to Whois information. The Whois protocol will have to be replaced to accommodate the desired gradations in access.136 136   The IETF had, by October 2004, approved as “standards-track” documents (see Box 3.3) several elements of a proposed replacement protocol, which is called IRIS and defined by the CRISP Working Group, that will implement this capability. The protocol also addresses most or all of the other perceived deficiencies of the Whois protocol, including its inability to deal with non-ASCII characters. More detail on those deficiencies is available in the statement of requirements for the new protocol in A. Newton, “Cross Registry Internet Service Protocol (CRISP) Requirements,” RFC 3707, February 2004, available at <http://www.rfc-editor.org>. However, in May 2005 it was still unclear how long it would take for all the elements to be approved, published, and implemented.