Long-awaited DNS Report from National Academy of Sciences Released

[cross-posted from ICANNWAtch.org]
Today the National Academy of Sciences’ National Research Council (NRC) released its report on
Internet Navigation and the Domain Name System.

The most important conclusion in the report is that it lays to rest, once and for all, any lingering technical controversies about the addition of new top-level domains.

The Committee did not find any purely technical reasons that the root name servers could not provide the same level of response with a much larger root zone file. Indeed, the ability of the .com name servers to respond to billions of queries a day against the .com zone file, with over 20 million entries, is a demonstration of the technical capacity that could be applied to the root zone, if necessary.

The only technical arguments put forward against new TLDs suggested that it was necessary to limit the rate of addition. The committee agreed that the acceptable rate is tens of TLDs – which means anywhere from 20 to 90 per period. The committee thus arrived at the following conclusion:

Considering technical and operational performance alone, the addition of tens of gTLDs per year for several years would pose minimal risk to the stability of the root.

Old hands in the DNS wars will immediately be reminded of two pieces of ancient history: First, that Jon Postel himself proposed adding 50 new TLDs per year to the root. Second, that in all the years of its operation, ICANN – – which claims to be a technical coordination body (when that suits it) – – and which is single-handedly responsible for the current artificial cap on new TLDs never once dared commission a study of what would be technologically safe…perhaps because it feared the answer.



Authorized by an act of Congress in year 2000 and not inaugurated until 2001, the committee took an unusually long time – four years – to complete its work, due to the complexity and controversy surrounding the issues.

Like most NRC products, the report is interesting not so much for new evidence or coherent arguments, but the political sport of seeing what the committee members could agree on. NRC Committees typically attempt to represent different sides of an issue. The NRC committees do not really do “research” but throw together experts from different perspectives who pool their knowledge and hash out agreed positions.

In a few significant instances, the report comes to some important conclusions or recommendations. These have to do with the addition of new gTLDs, methods of selecting new TLDs, and the relationship between WHOIS and privacy. Recommendations regarding most of the interesting governance issues are considered in Chapter 5.

New TLDs.

Despite its consensus that there is no serious technical obstacle to adding tens of TLDs at periodic intervals, the committee apparently could not agree on whether new TLDs should be added. This is not surprising, given the composition of the committee. However, the report does a decent job of summarizing the arguments on both sides. Since it is apparent that new TLDs are going to be added anyway, the report wisely goes into a detailed discussion of the different processes that could be used to add them.

The committee criticizes the “uncertainty” associated with ICANN’s irregular, politically-driven decisions to add TLDs. That “uncertainty makes it difficult for current and potential gTLD registries to develop and operate according to reasonable business plans and has the effect of overvaluing new gTLDs (because of the uncertainty of whether and when there will be any further additions).” A recommendation calls for “a regular schedule” for TLD addition. Aside from that, the committee comes to a rather tepid conclusion, although it does contain the “a”-word:

If new gTLDs are to be created, the currently-employed comparative hearing process should not be assumed to be the only process for selecting their operators. ICANN should consider alternate processes, including those that incorporate the use of auctions in some way.

Whois

The report explicitly recognizes that open access to WHOIS data poses a privacy problem, and endorses what is now called “tiered access” in the ICANN policy process. It states that the WHOIS requirements of ICANN’s RAA “entail actual and potential conflicts with differing national privacy laws.” More pointedly, it openly criticizes the US Congress for attempting to pass legislation imposing Whois accuracy requirements on the ICANN process. It concludes that

Whois data management and access should be designed to allow for gradations in access while maintaining some degree of free access to Whois information.

ICANN and Global Governance

The committee arrived at ICANN-friendly recommendations on the broader global governance issues. It recommends against governmental or intergovernmental control. It refers to the USG’s role as “stewardship” rather than “control,” and avoids confronting the issue of whether the bending of DNS to national interest applies to the USG’s special role. It does, however, note that:

“However reasonable the move toward international stewardship might appear in theory, in practice any change can only be made with the acquiescence and active participation of the U.S. government. Not only would the U.S. government have to be an important party to any transfer, but it holds an effective veto because all of the root name server operators would have to agree to accept the root zone file from a new source, yet three of the twelve operators are U.S. government agencies and six others are U.S.-based organizations that may well be reluctant to take actions contrary to the wishes of the U.S. government.” (Chapter 5)

It warns against “efforts to leverage [DNS] to influence broader Internet policy,” a warning that blithely ignores the fact that the UDRP and the Registrar Accreditation Agreement – and indeed almost all ICANN policies designed to protect intellectual property – do just that. It discusses, in carefully qualified phrases suggesting dissent within the committee, Commerce’s plans to “transfer its stewardship role” to ICANN itself.

The continued evolution of ICANN to attain legitimacy among its critical constituencies and, consequently, to receive stewardship responsibility from the U.S. government, appears to be the most feasible path to governance of the DNS that is broadly accepted as international.

No doubt this conclusion will be interpreted by ICANN itself as something of an endorsement. But it is a conditional, less than ringing one. And it is, of course, based on a completely circular argument: “feasibility” is the standard used, and whatever the USG accepts becomes “the most feasible” path because the USG holds veto power over the outcome. But note that the conclusion does not say this is the best path. Indeed, it comes with a pretty large caveat, one which inverts the entire meaning:

Recommendation: Before completing the transfer of its stewardship to ICANN (or any other
organization), the Department of Commerce should seek ways to protect that organization from undue
commercial or governmental pressures and to provide some form of oversight of performance.

If that’s taken to heart and implemented in a meaningful way, even I can live with that.

The report recognizes the salience of the World Summit on the Information Society (WSIS), but avoids either praising or condemning the WSIS process:

Although it is possible that the U.N.-sponsored World Summit on the Information Society will lead to proposals for some form of internationally-negotiated, quasi-governmental or multi-stakeholder organization with oversight or other influence over DNS governance, specific proposals are not yet (in December 2004) on the table and cannot be evaluated either for their practicality or their feasibility.” (Chapter 5)

With respect to root server operators, the report comes out in favor of the status quo. It suggests that the Commerce Dept. should consider relaxing its MoU requirements about pushing ICANN and the RS operators into contractual agreements. It calls vaguely for “more formal coordination” of RS operation by ICANN instead of centralized contractual agreements.

The ccTLDs

The report reaches a surprising and very interesting conclusion about ccTLDs. This one is likely to raise eyebrows at the Commerce Department. The report notes that “resolution of ICANN’s role vis a vis the ccTLDs is one of the critical steps on the path to establishing an ICANN that is viewed as a legitimate and appropriate steward for the DNS.” After presenting evidence that ICANN has not yet attracted the support of many ccTLD operators, the report comes to the following Conclusion:

If the creation of the ccNSO does not result in increased participation by the ccTLDs in ICANN policy making, then ICANN may find itself subject to increasing pressures to constrain its role to that of gTLD management and root zone file record-keeping.

This flat recognition of reality, unusual given its political sensitivity, will no doubt be greeted happily at the ITU, which has long angled for a role in handling the ccTLD delegation process. In effect, the report comes quite close to recognizing that ICANN’s powers may have to be shared if things don’t change.

UDRP

The report’s handling of the UDRP assessment typifies the inability of NRC reports to make coherent or useful statements when vested interests are represented on their committees. The report combines ringing endorsements (“UDRP has generally satisfied the need for an effective and cost-efficient means of resolving disputes concerning domain names”) with grave concerns for the future: (“however, it has weaknesses that should be addressed.”)

The discussion of evidence regarding the UDRP reveals what must have been a tough and inconclusive battle inside the committee. Consider statements like “Some critics have also alleged that providers, seeking to increase their chances of being selected by future complainants, purposely choose arbitrators who are more likely to favor complainants, but little concrete evidence supporting this allegation have been established.” In fact, massive amounts of statistical and case-based evidence have been amassed supporting this allegation. The studies by Prof. Michael Geist at U. Ottawa showed that WIPO and NAF hand-pick arbitrators, and that the most frequently used panelists are commonly (but not always) also the most complainant-friendly. ICANNWatch’s own Milton Mueller issued a study in 2000 that showed a statistical correlation between a dispute resolution service provider’s tendency to find for the complainant and its share of UDRP cases. The studies that criticize the UDRP are social science and subject to blind review in peer-reviewed journals, or published in top law journals; the literature supporting UDRP’s fairness and efficiency are lightweight, non-empirical, and not published in top journals.

Personally, I am disappointed that the committee so easily glossed over the patently obvious denials of due process occurring in a system authorized by the US government. It’s a pity there was not a single public interest lawyer on the panel, to complement the trademark types. [Correction: Sharon Nelson (attorney and member of the board of Consumers Union) was on the committee — which just makes the outcome that much more disappointing….]

In addition to the above issues, the report makes a big deal about Sitefinder, and comes down squarely on the side of ICANN in the VeriSign-ICANN dispute. It also and calls for rapid adoption and deployment of DNSSEC.

One of the last conclusions of the report, so far at the end as to seem unimportant and even innocuous, is actually one of the most important the committee reached:

Both the Domain Name System and Internet navigation services will be significant elements of the Internet for the foreseeable future….The preservation of a stable, reliable, and effective Domain Name System will remain crucial both to effective Internet navigation and to the operation of the Internet and most of the applications that it supports.” (Concluding lines of Chapter 9).

The conclusion is important because back when this study was commissioned (2000), many people were still saying that the DNS might be superseded or replaced by other technologies. We know better now.

[Full disclosure: I served as an outside reviewer for the NRC on this report and commented on an earlier draft of it, and then again on a later draft of certain chapters. ICANNWatch editor Milton Muller served on the committee, and is thus barred from discussing its inner workings…more’s the pity…]

[corrected]

This entry was posted in Law: Internet Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.