Governments clash with registrars over law enforcement changes

You wouldn’t think it was too much to ask: companies that sell domain names being required to put their physical address on their website, and provide an email address for law enforcement agencies to contact them if they see illegal activity.

But despite registrars apparently agreeing to do just that, the issue became a full-blown argument at a meeting between governments (the GAC) and the domain industry policy body, the GNSO, on the first day of the ICANN meeting in Dakar.

“The GAC and their respective law enforcement representatives are, frankly, very, very disappointed,” US government representative Suzanne Radell bluntly told the meeting, suggesting that a lack of progress on simple changes put a question mark over the whole question of industry self-regulation.

USG representative Radell expresses her frustration. Photo: ICANN

Her comments were echoed in equally strong terms by the UK with representative Mark Carvell complaining that the process had “driftly so badly into inaction”. He also noted that it had bigger implications, pointing out that the alternative was a “heavy-handed, top-down legislative approach”.

The European Commission went so far to question to entire ICANN model of decision-making: “In order to defend the multi-stakeholder model against other pressures, it is necessary to ensure that it is politically sustainable. And in this particular case, it is our clear impression that the political sustainability is not there.”

Why the extraordinary reaction? The GAC view changes to the way registrars do things as high priority, and explained quite openly that their ministers are expecting progress reports on the issue. With no progress in two years, they are running out of patience.

Code and conduct

Even though the registrars were expecting a rocky ride, especially after a GNSO Council vote on just three of the 15 suggested measures was deferred (on 22 September) and then passed on 6 October - but only as an issues report where staff will look at the issue as the first stage in a lengthy and formal PDP * - the chair of the registrars constituency, Mason Cole, was nevertheless taken aback by the vehemence of the governments’ responses.

“The registrars are in agreement with law enforcement,” he argued, “I don’t think it’s accurate to say that support for proposals has dissipated. In fact, I would say that’s entirely inaccurate.”

The issue, Cole explained, was that law enforcement had asked for “binding, enforceable provisions” but the suggested ‘code of conduct’ “would not arrive at binding enforceable policy, and, therefore, probably wouldn’t achieve the outcomes that the law enforcement representatives were seeking.”

Cole assured governments that the registrars were not “roadblocking the situation” and claimed it was “simply a misunderstanding between the registrars and the GNSO about how to arrive at binding enforceable policy”. The best, fastest solution, he claimed, was going through the formal Policy Development Process (PDP).

He also noted however that things were currently “tense” between registrars and law enforcement – something that was “very regrettable”.

That response did not sit well with governments - no strangers to procedural delay and semantics themselves – with GAC chair Heather Dryden noting that the GAC was expecting a report from the GNSO/registrars outlining short, medium and long-term changes and pointing out that a “high-level recommendation” from the world’s governments was something to be taken seriously. “The GAC is looking for action,” she warned.

GAC chair Dryden (left) and GNSO chair Van Gelder (right) don't see eye-to-eye on the issue. Photo: ICANN

Insular

Markedly, the responses to that and to various other government representatives who continued to hammer away at the issue (Where is the report update? Why does it take two years to add an email address? Why does it take a formal 12-month PDP process to get registrars to do something?) was highly revealing of the insular GNSO Council.

Faced with direct questions about how things were moving forward, a series of GNSO Council members talked almost exclusively about the voting procedures of the Council and the reasons they voted for or against the most recent resolution. Then Council members started disagreeing with other Council members over the top of the GAC, including warning GAC members not to take their colleagues’ words as fact.

It is a measure of the self-absorption of the GNSO that they felt this would be an adequate explanation to government representatives – especially when the session opened with an explanation for how the GNSO runs its PDP process during which the GAC noted several times it didn’t understand the process (as well as providing several digs about the GNSO’s over-reliance on voting over consensus).

To the GNSO’s eyes, they were working through the issues, so the two-year delay in getting a ‘lawenforcement@example.tld’ email address created is regrettable but perfectly understandable. To the GAC – and let’s be honest, to everyone else in the world – it looks suspiciously like a broken bureaucracy.

A brief timeline

The fact of the matter is that there is a big dose of both miscommunication and arrogance on the part of both law enforcement and the registrars.

Law enforcements agencies are frustrated by what they see as lax policies on the part of registrars which are allowing and possibly even encouraging online crime.

Their initial attempt at fixing what they saw as the problems was not very multi-stakeholder: they wrote up a list of changes they wanted and then went direct to ICANN and direct to governments in an effort to force change through (having heard that registrars were likely to effectively block or delay any changes through GNSO processes).

At the time, the main contract that covers what registrars can and cannot do – the Registrar Accreditation Agreement (RAA) – was under review following the collapse of registrar RegisterFly. And so law enforcement saw a window of opportunity to get some contractual changes made.

The registrars, having been initially cowed by the RegisterFly debacle, quickly recovered and sought to water down the RAA changes, some of which would cause them to have to change their procedures and some of which would cost them money. When it came to the law enforcement recommendations, they took the tack of focusing on the impracticality of some of the requests (which in some cases was perfectly true).

Due to the registrars’ strong voice within ICANN (the organization receives 46 percent of its $60m budget from the domain sellers), the law enforcement agencies (LEAs) were persuaded that they needed to open dialogue with the registrars if they were going to be effective in their fight against online crime.

It was a perfectly reasonable request. Few people have an understanding for how the domain name registration actually works and registrars have faced a decade of people drawing up plans that are effectively castles in the sky. The LEAs were skeptical but saw the logic.

Meetings, meetings, meetings

And so began a long consultation between LEAs and registrars: the first in June 2010 at the ICANN meeting in Brussels. Then the two groups met just among themselves (as well as registries) in Washington DC in September 2010. A series of open meetings followed: Cartagena in December 2010; Brussels in February 2011; San Francisco in March 2011 and finally Singapore in June 2011.

You have to love a big meeting. Photo: ICANN

The first meeting in Brussels saw the registrars go through each of the 15 recommendations and provide in-depth comments on each. The results were published in a report [pdf] a few weeks later that was sent to the GAC and the Board.

It is worth noting that in that report – dated 11 March 2011 – registrars recognized concerns about them delaying changes and rising levels of impatience.

Registrars have heard that they are resistant to needed changes. However, registrars want to emphasize that they are seeking the most effective means to assist the community without needlessly disrupting their own operational stability.

The most effective step toward getting the assistance of registrars is to approach them and describe a problem and discuss ways to address it. Such a process will intelligently inform everyone involved as to the best path forward, and will prevent frustration by others when registrars helpfully point out the possible operational shortcomings of proposals.

In this instance, dialogue with registrars began following LEA proposals and their endorsement by the GAC and others. Registrars understand the current impatience of the community; however, it is better to directly address the operational issues now, when there is an opportunity to ensure thoughtful and correct execution, than risk further frustration later if policies are not adequately vetted.

But fast-forward nearly eight months and nothing substantive has happened. Faced with a wide range of self-regulation concerns, the LEAs eventually settled on the idea of a ‘Code of Conduct’. That proposal was then critiqued out of existence with contradictory arguments: registrars argued both that it wasn’t enforceable AND that it might be used as a way of introducing policy by the backdoor.

Shortly afterwards, the LEAs decided that what they had been warned about two years’ earlier was true: that registrars would effectively block or delay any changes through discussion and procedure. And so they revisited their initial decision to go direct to governments and ICANN staff, and over the past month have been contacting their GAC members and using their other government contacts to complain about the lack of progress. The result: the GAC-GNSO argument yesterday.

Meanwhile, the registrars continue to insist they want to work with law enforcement and are just trying to find the best way to do it - and in some cases that is genuinely the case. The problem however is that registrars know that nothing can get past them without their approval thanks to the way ICANN’s decision-making procedures are set up and so there is no real sense of urgency – especially when some of the changes are likely to cost them money.

Getting dangerous

What the LEAs may not have realized is that even the three proposals that the registrars have tentatively agreed to (although still not implemented) are nothing new and could easily already form part of the 2009 revised RAA agreement that most of them have already signed.

There is a growing sense that despite the rhetoric, registrars are giving governments and law enforcement the bare minimum in order to keep them happy, and then pushing everything else into procedures and processes that they can ultimately control.

With governments getting increasingly vocal and angry about being ignored within ICANN’s processes, the issue is a potential powder keg.

Meanwhile, having grown extremely comfortable within the ICANN construct, and particularly within the GNSO where decisions (or disagreements) are frequently mistaken for action, registrars appear to have become overwhelmed with their own importance. Rather than make changes and then view procedures as a way of formalizing them; the procedures themselves have become the deciding force.

But as the GAC members made quite clear yesterday: if we can’t make headway within ICANN, we will do it outside ICANN. And once you step outside ICANN, domain name sellers become a very small group of companies in a very small industry, faced with an angry and frustrated government. It’s not a fight they can possibly hope to win.


*: Please note: we originally wrongly stated that the resolution had been voted down. In fact, the proposal was to open an issues report (rather than simply approve the measures) and passed with its low voting threshold of 25 percent. Four Councillors voted against it: Kristina Rosette, David Taylor (IPC), Zahid Jamil (CBUC), Debbie Hughes (NCSG)

AttachmentSize
Registrars response to the LEAs 15 suggested changes (Mar 11)53.63 KB