February 9, 2005

Comments on the Working Papers of the Working Group on Internet Governance (WGIG)

I just sent my comments to the Working Group On Internet Governance (WGIG) in response to the working papers published by the group.  Here is a copy:

Comments of Karl Auerbach
Former North American Elected Director, ICANN
http://www.cavebear.com/
karl@cavebear.com

Clearly much effort has gone into these papers. The authors are to be thanked and applauded for these initial steps - and I personally hope that the authors will continue their efforts and continue their contributions. And I hope that my comments are accepted, as I intend them to be, as attempts to be constructive.

I wish there had been more time to digest them between the date of their publication and the date that comments are due.

As a general matter I find that there are certain weaknesses in all of the papers that I read:

  • Too little attention to general principles to shape the discussion and too much focus on easy descriptions of technology.
  • Unquestioning acceptance of the technological status quo as if it were a limitation of what could be in the future. For example, one paper blindly accepts the very unproven assertion that there may be but one DNS root as if that were fact despite years of continuous successful actual operational experience to the contrary.

On a broader scale the papers suffer from a more foundational weakness - they do not adequately articulate underlying principles and assumptions.

For example, many of the papers recite the phrase "public-private" partnership without any time being spent to examine what that phrase might mean. Does the phrase mean the transfer of plenary governmental power into the hands of private actors and entities? If so what is the scope of authority, where does that authority come from, and what sort of mechanisms of accountability can exist. The idea that governmental powers are best exercised by private actors is an idea that abandons much of what has been learned about the exercise of authority during the last three hundred years. Here in California, where the abandonment of governmental authority over a critical infrastructure (electrical distribution) has lead to service failures and billions of dollars drained from the economy, the idea of "public-private partnership" is often met with sceptical laughter. Yet the WGIG papers blindly adopt that phrase and assume that it is an axiom when, in fact, it is a highly uncertain and perhaps dangerous concept.

Similarly, the papers use the word "stakeholder" without asking the question why some people and industrial entities are to be given preferred roles in decision-making forums of internet governance? The idea that there are "stakeholders" is a system of preference and selectivity; it is an idea that is contrary to the concept of an even-handed democratic system in which an idea competes on the merits of the idea rather than on the status of the speaker.

We see in ICANN the result of credulous obedience to the concept of "stakeholder" - ICANN having come to be a body in which a privileged few industrial actors are admitted as "stakeholders" while the larger community of internet users are relegated to observe and endure.

Governance necessarily implies the authority and power to prevent some courses of action and to promote other courses of action. The core question of governance is whether that authority and power will be wielded with caprice and favouritism or whether that authority and power will be wielded with justice and due process. One of the main themes of human history has been the creation of means to constrain the intrinsic powers of governance into channels that meet our human need for fairness.

The WGIG has leapt over these issues of power, authority, and rules of fairness. And that leaves a vacuum that weakens the subsequent work of the WGIG and subjects it to the risk of being irrelevant.

The internet is still young yet the WGIG is not asking the all-important question of the balance between governance and change.

The power of governance contains the power to forbid - much of what is discussed in the various papers amounts to a foreclosure by fiat of certain courses of innovation. Yet the WGIG papers do not articulate any form to balance the competing needs for stability and innovation. At the risk of being repetitive let me once again suggest the following formulation (see 000059.html):

The First Law of the Internet

Every person shall be free to use the Internet in any way that is privately beneficial without being publicly detrimental.

  • The burden of demonstrating public detriment shall be on those who wish to prevent the private use.
    • Such a demonstration shall require clear and convincing evidence of public detriment.
  • The public detriment must be of such degree and extent as to justify the suppression of the private activity.

Name of the paper: Administration of Root Server System

1. The paper does not address the lack of service level definitions to measure the performance of root servers, the lack of an objective monitoring system or of a system to detect and respond to failures. Nor does the paper address the fact that the operators are free to sell their "franchises" to others and that operators are neither obligated to give equal treatment to all queries nor are prohibited from mining the queries to generate marketing data of significant value (to marketers if not to the data subjects.)

2. A better title would make the final word of the title a plural. Operational experience has shown that there can be more than one DNS root. There have been statements by the IAB and ICANN to the contrary but those statements seem more an expression of a yearning for a single catholic name space rather than a well-articulated technical proof. (And, if it were true that the existence of other DNS systems could harm the net then would that not indicate a vulnerability and weakness that ought to be repaired?)

The issue of DNS and its providers is not one of "one-root"-ness but rather of consistency. See my presentation on this distinction at http://www.cavebear.com/archive/rw/nrc_presentation_july_11_2001.ppt

The choice (and it is a choice) that there shall be but one root is effectively a decision to forego, and even suppress, innovation. And this is where the absence of a body of guiding principles hobbles the ability of the WGIG to work through issues of governance rather than simply rehashing the technological status quo. Innovation always disturbs that which came before - and the question of governance is one of choosing when that disturbance is acceptable and when it is not. Governance is not simply saying, as the WGIG paper does, "this shall never evolve", without stating the reasons for-, and the boundaries of-, that restriction on the freedom to innovate and to do a thing differently than everyone else does that thing.

Perhaps internet governance ought to enforce the existence of one catholic DNS root, perhaps internet governance ought to allow people to chose to chose the naming system that gives them the greatest ability to shape their own, and their families', view of the internet landscape. The choice is a choice of governance, but it is a choice that should not be made without a framework of principle in which the balance of equities and interests can be made.

3. In the "Opportunities" section appears the phrase "showcase and example of public/private partnership" - I find that very strange in the absence of any adopted principle of the WGIG that represents the acceptance and agreement by the WGIG of the idea that "public/private partnership" is actually an acceptable way to run a critical worldwide infrastructure or that it is not actually an abrogation of governance and governmental power into the unprincipled and unaccountable hands of private (and typically industrial) actors.

To my mind the issue of governance with regard to operation of root servers is the question of establishing an authority that establishes operational and performance standards, has the legal power to compel adherence to those standards, and that can ensure that root server operators have adequate financial resources to endure and recover from failures and disasters of human or natural causation.

Name of the paper: International Internet Connections

This paper focuses almost entirely on the question of financial settlements between packet carriers.

Is that really an issue for governance? Or is the question of settlements something that the carriers can work out among themselves, as they are now doing with apparent success?

There is a much larger issue looming with respect to the interconnection of carriers: Voice over IP (VOIP).

Conversational VOIP requires that the end-to-end flow of packets be speedy (about 150 milliseconds) and steady (low variation of the end-to-end delay) with relatively low rates of packet loss.

On much of today's internet we have a glut of bandwidth, much of which is left over from the dot-com collapse. However, even with that bandwidth the quality of VOIP calls is often well below that of telco toll grade.

Unless we are willing to adopt very retrograde standards of quality for VOIP, the technical demands of VOIP packet transport will require that there be means for users, or their representative carriers or VOIP-telcos, be able to obtain assurances (not necessarily "guarantees" but at least believable "assurances") of adequate end-to-end quality of packet transport.

This will affect the way that packet carriers establish their internal flows and routing. It will affect the way that packet carriers establish peering and transit relationships with one another. It may affect the exchange of routing information via BGP and the way that carriers use that information when routing packets.

These may be matters that require some degree of governance.

Name of the paper: Network and Information Security

This is a pretty good paper.

However, I believe that from the point of view of governance we need to consider security in the broader context of the internet as the internet becomes a utility infrastructure, particularly an infrastructure that has interdependencies with other utility infrastructures.

The governance question ought to consider issues such as:

  • Whether there can be, or ought to be, certification of devices that attach to the internet (e.g. mandating the use of reverse firewalls to protect the net against zombied-home computers.)
  • Whether software development practices in internet-attaching devices need to be formalized along the lines of software used in flight control and other such systems.
  • The development of information logging and collection practices so that there are proper legal evidentiary foundations and chains of custody so that when a malefactor is brought before the law it is possible to obtain a conviction.
  • The evolution of product liability and negligence law to impose liability on those who produce flawed internet products by failing to adhere to appropriate development and testing practices.

See my presentation in this regard: From Barnstorming to Boeing - Transforming the Internet Into a Lifeline Utility (http://www.cavebear.com/archive/rw/Barnstorming-to-Boeing.ppt ) [speakers notes at http://www.cavebear.com/archive/rw/Barnstorming-to-Boeing.pdf ]

Posted by karl at February 9, 2005 1:31 AM