September 30, 2004

The ICANN Daemon

In Unix terminology a "daemon" is a program that has been detached from the process that created it and is now running autonomously.

There are those who believe that ICANN should be released from the control of the US Department of Commerce and allowed to act independently.  (See Bret Fausett's well considered posting "Giving Up U.S. Control".)  In other words, should ICANN become a daemon?

I believe that that would be a terrible thing to do.  The problem is that ICANN's role is very poorly defined and there is no reason to believe that a released ICANN would not continue to bumble around and become an ever larger, more expensive, and heavier regulatory body that benefits no one other than those ICANN-entrenched incumbents who find ICANN to be a good way to promote their interests and hinder their competitors.  We should not forget that the ICANN of today, through its price support system under DNS registries taxes internet users to the tune of several hundred million dollars of inflated prices every year.

It is bad enough that ICANN has become little more than a mouthpiece for the trademark and domain name selling industries.  But in addition ICANN has shown that it has no regard for the actual operational stability of the internet's domain name system or IP address allocation systems.

And we should not forget that ICANN has created a Byzantine system that effectively locks the public and public interest out of its board of directors and other decision-making organs.  In other words, who would oversee ICANN if the DoC were to hand the keys to ICANN?  Whatever the answer might be we can be certain of at least one thing: the public interest and public representatives would be powerless observers.

It is already abundantly clear that ICANN has run off the rails.  One one hand we see ICANN's foray into matters that bear no reasonable relationship to ICANN's role as a coordinator of certain technical internet functions.  For example we have ICANN's intrusive system of regulation over domain name business practices and prices, and ICANN's UDRP (a de-facto supranational law of trademarks with no bearing whatsoever on technical stability of the net.)  On the other hand ICANN has done little, if anything, to protect the domain name system of the internet from failures, from attack, or from operational errors.

ICANN has gone off course even while it is under the guiding hand of the US Department of Commerce.  There is no evidence to indicate that ICANN will re-rail itself and start to do things right once that guidance is removed.

What do we want ICANN to be?  I think the original conception of a body that coordinates certain technical aspects of DNS and IP address allocation would be an appropriate job description.  Is ICANN even close to being that kind of body?  The answer is clearly "no".

Who's watching the IP address allocation system?  Not ICANN.  That job is, instead, firmly in the hands of the regional IP address registries (RIRs).

Who's watching the domain name system to make sure that it runs 24x7x365?  Not ICANN.

The DNS root server operators are a group of people and entities that are independent of ICANN and independent of one another.

The preparation of the root zone file appears to involve several cooks who do not talk to one another.  For example Verisign announced the other day to NANOG that it intends to insert IPv6 records into the root zone.  (This will cause the loss of certain IPv4 information that may, in turn, sometimes require DNS resolvers to take extra steps to obtain.)  (Also see Adding IPv6 glue to the root zone that recommends that before adding IPv6 records to zones such as .com that "[o]perators of these zones need to change their their glue setup")

Was this Verisign's decision to make?  No.  It is ICANN's (or ICANN executing the IANA function) decision.

Was this change announced to the public?  No, that is unless one considers the NANOG mailing list to a sufficient form of announcement.

Did ICANN or IANA inquire as to the safety of this change?  No.

Has ICANN investigated the primary and secondary effects of the introduction of IPv6 DNS records into the root zone and TLD delegations?  No.  ICANN condemned Verisign for deploying Sitefinder without having a full comprehension of the side effects.  Yet, here it is ICANN/IANA (with the implicit approval of  NTIA) that is taking the internet community for a walk in the dark.

Is there a risk that the net could be destabilized?  No one can say for sure.  Certainly one might believe that the loss of DNS information that has been present and found operationally valuable will have some side effects.  There is an internet-draft written by a well qualified person that concludes that those side effects are acceptable.  But that draft is nothing but a draft and it is based on mental arguments without the benefit of monitored or controlled empirical testing.  In other words, the live internet is the guinea pig.  We do not know whether there is a risk and what its magnitude or symptoms might be.  Nor do we know the metrics that were used to distinguish an acceptable level of side effects from an unacceptable level.  Moreover, a golden opportunity to measure the before and after effects was lost when IPv6 records were installed in some ccTLDs.  (See my notes IPv6 and root servers and Leaping Without Looking - And Taking the Internet Along for the Ride.)

In addition, even if the risk is small should not ICANN/IANA be insisting on a post-change evaluation that things are still working well and roll-back contingency if they are not?  Of course it should.  But is ICANN/IANA doing so?  No.

There are other occasions in which ICANN has shown that it has no concern whether the DNS is running or not.

For example we still do not have even a sign that ICANN noticed, much less cared, that the net lost the .org TLD a few months ago.

Is this the kind of ICANN/IANA that should be left alone without adult supervision?  Not in my book.

ICANN has argued many times that internet users need not be admitted to ICANN because we users are represented by our governments. To the extent that that theory is valid then for the Dept of Commerce to release ICANN would be to lose the only remaining vehicle for public oversight of ICANN's activities.  That would be a bad thing.

If the Department of Commerce were to let go of its oversight role over ICANN/IANA then the DoC should strip ICANN/IANA of those jobs that it is supposed to be doing - guaranteeing the stability of the DNS and IP address allocation systems - and vest those into some new body that actually cares that these jobs are actually performed and performed well.

Posted by karl at September 30, 2004 1:36 PM