GAC

NOTE: Transcript and meeting summaries are typically only made available to .Nxt members. On similar pages if you are not a member (or are not logged in), this "Summary" box will not be visible. If you are interested in becoming a .Nxt member, please email us at member@dot-nxt.com.

Context:

At every ICANN meeting, the Board meets with the Governmental Advisory Committee (GAC). This is usually one of the most anticipated meetings at an ICANN meeting due to its high-level nature.

Agenda:

I. Applicant support for new gTLDs and the GAC and At-Large Advisory Committee Joint Applicant
Support Cross-Community Working Group (JAS-WG) report
II. Registry/registrar cross-ownership and relations to competition authorities
III. Root zone scaling and GAC's role in the early warning process
IV. ICANN's New Generic Top-Level Domain (gTLD) Communication Plan
V. Conflict-of-interest matters
VI. Law enforcement recommendations endorsed by the GAC

Results:

• GAC asks for clear timelines for implementation of Joint Applicant Support Cross-Community Working Group (JAS-WG) -- recommendations for ensuring needy applicants get full access to first application round for new gTLDs
• GAC waiting for full report from ICANN on combined impact of new gTLDs and other changes to root prior to opening of first application round
• GAC wants clarification on "batching" if more than 500 new gTLD applications
• GAC expects ICANN to promote new gTLD application round globally, including in developing countries, and assess and review awareness
• GAC welcomes Board assurances that conflicts of interest will be identified and avoided
• GAC requests publication of timeline with actions to deal with ethics and conflicts of interest policies
• GAC urges Board to effectively address recommendations made by law enforcement agencies (and endorsed by GAC) with respect to Registrar Accreditation Agreement (RAA)

Executive summary

The first two agenda items were handled with dispatch. The meeting began with a discussion of applicant support for new gTLDs and the JAS report.

Representatives of the ICANN board reported that they were impressed by the JAS report and taking it very seriously.

The report makes recommendations for developing a sustainable approach to providing support to entities requiring assistance in applying for and operating new gTLDs.

Portugal, Kenya and Nigeria spoke out on behalf of developing countries, asking that these recommendations be considered as soon as possible and that outreach be done, particularly in the African region where, according to Kenya, outreach has been lacking both on the new gTLD process and on ICANN processes in general.

ICANN Board Member Katim Touray called for a community-wide commitment to the implementation of as many of the JAS report recommendations as practically feasible.

Regarding registry/registrar cross-ownership and relations to competition authorities, the European Commission said a few words of thanks to the ICANN board for their answer to a submission the European Commission had made prior to the Singapore ICANN meeting. The submission set out a number of concerns about vertical integration policy issues and the European Commission planned to analyze the reply and follow up with ICANN.

The first headlines from this meeting were made in the discussion of root zone scaling and the GAC's role in the early warning process. The Netherlands launched the discussion by asking what impact a potentially large volume of gTLD applications would have on the root scaling agreement made in Brussels.

ICANN Chair Steve Crocker clarified that there would be no stress on name servers created by the addition of new names. "There seems to be some persistent confusion and misunderstanding, in my judgment, about that. The name servers, the few hundred Anycast instances around the world regularly process on the order of 10,000 queries a day -- per second... The [insertion] of a new one or two or a hundred or a thousand names into the root server system almost certainly will generate no measurable change that you can see."

ICANN Board Member Bertrand de La Chapelle explained further that "the stress on the root servers that are distributed are more related to the number of users than the number of TLDs."

In response to a number of questions about how the batching of applications might work, CEO Rod Beckstrom stated that there is no limit to the number of applications that will be submitted from January 12th to April 12th and, if the number of applications received is more than 500, the current plan is to process those applications in batches of around 500. But they will all be posted at the same time.

ICANN's senior vice president of stakeholder relations, Kurt Pritz, declared: "Given that we're publishing all the applications at the same time, we would expect the early warning to be issued at that time... I think the best duty to the applicant is to provide early warning advice to the applicant within 60 days so they can withdraw their application, if need be, and not -- you know, they'll be spending money on their ongoing operations."

The European Commission clarified that the expectation was that the GAC would analyze all the applications - no matter how many there are - and issue early warnings within 60 days. "And, yet, you're going to process those applications in batches of 500. So, I'm sorry to say, but this seems to put a little bit too [much] strain on the GAC while you, yourself, recognize that you are not going to be able to process 12,000 applicants, just to use the number I did. So why should we not tell you, well, we're going to process 500 applications maximum now and you tell us what those 500 applications are?" Rod Beckstrom promised to look at the issue and get back to the GAC on it.

Bertrand de La Chapelle urged the GAC to produce early warnings on an ongoing, state-by-state basis, rather than providing a single early warning, which would require agreement on every potential problem
beforehand. He suggested, instead, that the GAC adopt "a two-pass system to try to narrow down, very early on, what are the strings that you believe are causing a problem in themselves and identifying among them... those where there is a real obvious consensus on the GAC that there is a problem that needs to be addressed, and those where there is a problem for some countries and [not] others." The European Commission promised to take this recommendation into account.

But Germany believes that it might be difficult to make a distinction between the evaluation of the string and the applicant. "A string evaluation is rather easy to [make]...but [for] an evaluation of the
applicant... you need to know, what is the model he's following? What are the registration policies? What are the restrictions? I think this, frankly speaking, is not possible within a time frame of 60 days."

Moving on to the next agenda item, ICANN's New gTLD Communication Plan, Rod Beckstrom provided a high-level summary of the communications outreach program for new gTLDs.

Uganda emphasized the importance of outreach in the African region and the United Kingdom defined broadcasting this opportunity in markets and stakeholder communities across the globe as critical to the success of the new gTLDs program - and to the credibility of ICANN.

The UK wanted to make sure that ICANN is monitoring levels of awareness and identifying large business communities, markets and communities that have not yet been reached, so that the outreach program can be adjusted to target communities that are still in the dark. Beckstrom assured the UK that ICANN is collecting a rich set of data, which will be published.

Adjustments have been made, he assured the UK, but "are limited based on the time that's allowed and permitted".

Fireworks started up again as the European Commission began the discussion of conflicts of interest. The European Commission's preference would be for an ICANN board that is fully independent from stakeholders that have a direct interest in the decisions of the organization.

But, in the meantime, the European Commission expects the board to adopt "a robust and substantive conflict-of-interest policy" that includes clear sanctions and penalties in case of breach. "We would very much urge the Board to take its political responsibility and put in place such a policy as soon as possible. Not turn this into [a] process with working groups, and engaging consultants, and advice and further discussion, and et cetera. But, before the end of the year... make sure that such a policy is in place."

Bertrand de La Chapelle made a distinction between conflicts of interest for the period during which somebody is on the board and for the period after they have served. Regarding conflicts of interest for current board members, "I think it's very, very important for all of you when this question is asked to take into account... the fact that we're not starting from scratch. And it is probably our fault, generally, to not have been posting clearly enough the existing conflicts-of-interest policy... And the first step that is absolutely clear, and that can be done, and it is probably already done, is to make this policy that exists visible."

Bertrand de La Chappelle and the Country Code Names Supporting Organisation (ccNSO) appointee to the ICANN board, Mike Silber, both regard the problem of the revolving door as a more complex one. Silber spelled out why: "When somebody is working within the industry and they're on the board, at least it's known. And the motivation can be understood and, if necessary, the person excluded from a vote or the room. But there's this possibility of a hidden motive to create an opportunity to be exploited as soon as the person has left the board."

But Bertrand de La Chappelle is concerned that, "If we get to a revolving door policy that is too rigid, we get the irony of having somebody who can be in the industry when this person is on the board and who shouldn't be in it when it leaves the board, which is very strange." There are, however, "distinctions that can be made regarding the kind of functions that you can have afterwards."

There is also, of course, the possibility of changing the ICANN model and requiring that board members become independent.

Cherine Chalaby contended that: "it isn't just enough to have the best policies and the best standards. What is also important is that the culture and DNA of individual board members also improves. And it isn't enough to be also independent... you could be an independent board member; you will not have any conflicts. But you could breach [ethics], and you could breach confidentiality."

Vice-Chair of the ICANN Board Bruce Tonkin reported that ICANN is trying to ensure that the existing conflicts policy and code of conduct are well understood.

Looking to improve on the policies already in place, the Board Governance Committee has asked the staff to commission external advice to review corporate and government best practices in conflicts and ethics so, in Bruce Tonkin's words, "it's not just us coming up with our own rules."

As far as the timing for putting new policies in place, "I wasn't sure. Were you suggesting that we don't put that out for comment before we would vote? Our normal practice is when we get advice, we update the policy and put it out for public comment... So I would expect we are talking of a time frame of a few months."

The European Commission declared that "patience is wearing thin. And we're really looking for a strong response from ICANN to show that it can self-correct at this point. That's why when we hear reviews, we hear we've engaged consultants and have had public consultations on it, it starts to itch a little bit." The European Commission is aware that there are policies in place at ICANN, but considers them to have been ineffective and without sanctions or penalties, without a cooling off period. "That's why the previous chairman did not break any rules, because there were not any rules in the first place."

"We're really looking to a commitment toward a result, not a commitment towards a process with an unclear timeline. We're going to enter into a very important and probably not - although we would not hope not - controversial period with the new gTLDs. It is absolutely critical that the board is above board on this... So, there's a sense of urgency that we would like to see and a strong signal from the board itself and from the chairman that what has happened in the past will not be repeated in the future."

In the course of this discussion, the European Commission also brought up the fact that ICANN relies on a limited number of parties for its funding, which "in itself, in our opinion, raises a fairly important issue of independence."

Bertrand de La Chappelle sought to "correct a very common misunderstanding... registries and registrars are not the one or the only ones that finance ICANN... they are conveying and channeling the contributions that are paid by the registrants."

But GAC Chair Heather Dryden questioned whether this addressed the real issue regarding registries and registrars, pointing out that it does not take into account "all those registrants are sitting on the board maybe creating opportunities for themselves. That's really the difference. That's really the point with registries and registrars being in a privileged position to influence business opportunities and so on."

The final showdown of the meeting was regarding law enforcement recommendations endorsed by the GAC to fight cybercrime. The United States of America expressed frustration with ICANN's failure to act on the GAC's endorsement and efforts on behalf of global law enforcement agency (LEA) proposals designed to help prevent and disrupt efforts by criminal groups to exploit domain registration procedures.

The US asked the ICANN board, first, if the only way to make LEA-recommended policies binding is through a Policy Development Process (PDP). Secondly, the US asked if registrars attending the June meeting in Singapore were correct in saying that they are the "good guys" representing about 80 percent of the market, what could be done to decredit the "bad guys", the remaining 20 percent?

Kurt Pritz responded to the US' first question. "ICANN published a paper about a week ago to the GNSO that recommended in part that ICANN and registrars should start bilateral contract negotiations immediately in order to move the discussion forward... The paper also states that, you know, the GNSO can take up policy matters at any time to make policy binding on registrars."

Pritz identified a vote of the GNSO Council as "the fastest way to make those recommendations binding on all registrars. If we negotiate a set of agreements with registrars outside of that process, they'd have to be individually adopted by each registrar. And it's only binding on those registrars when their agreement expires."

The agreements are five years long, and the majority of them will not expire for another three or four years. More importantly, according to Pritz, "ICANN and the registrars have agreed that we should start negotiations right away on a more complete set of amendments that consider the LEA recommendations and the GNSO high-priority recommendations. And so the registry constituency met this morning and approved the initiation of those negotiations. So they are going to appoint a team to negotiate with ICANN, and similarly ICANN is going to have a team negotiating. We also committed to reporting out with each meeting the results of that meeting in a transparent way so that the community could monitor developments of those
negotiations."

As to the timeline, "the registrars and ICANN agreed that we'd work toward publishing a set of amendments by the Costa Rica meeting [March 2012]. I personally think that's very ambitious, but the registrars endorsed that and that's what we're working to."

The United States of America was unimpressed. "So, again, I think we have been lectured at great length as to the only way to make things stick is down this way. So again, that's a process. Now, it may be a fact, but it's a process."

Australia, too, expressed despair that "all that I have heard is process, process, process. And I am back to where I was the other day talking to the registrars that I don't see a clear and credible path to action, to be perfectly honest. All the processes that I've just heard require agreement and negotiation with registrars. I may be wrong here, but the registrars have known about this for some time, and we've seen no action. And, in a self-regulatory model, if the people we're trying to regulate can continually stifle or veto any progress, then I think we have a structural problem with the model."

Steve Crocker closed the meeting on a lighter note. He mentioned in his opening remarks that he had appeared before the GAC many times before as chair of the Security and Stability Advisory Committee (SSAC) and as a member of the ICANN board. On this, his first appearance as chair of the ICANN board, he didn't know "whether to feel completely comfortable or scared to death." The meeting ended with laughter as he observed, "Now I know."

Full Summary

Discussion of root zone scaling and the early warning process [full summary]

The Netherlands launched the discussion by asking what impact a potentially large volume of gTLD applications would have on the root scaling agreement [pdf] made in Brussels.

ICANN Chair Steve Crocker sought to clarify that there would be no stress on name servers created by the addition of new names. "There seems to be some persistent confusion and misunderstanding, in my judgment, about that. The name servers, the few hundred Anycast instances around the world regularly process on the order of 10,000 queries a day -- per second... The [insertion] of a new one or two or a hundred or a thousand names into the root server system almost certainly will generate no measurable change that you can see."

ICANN CEO Rod Beckstrom reminded everyone that, in accordance with an ICANN board resolution, "the maximum number of TLDs that could be delegated into the root under the new gTLD program on an annual basis is 1,000. And the number may not exceed that unless there is a formal review, or a new decision by the board."

ICANN Board member Bertrand de La Chapelle explained further that "the stress on the root servers that are distributed are more related to the number of users than the number of TLDs... It will increase a little bit, because it will take time for the mirrors and all the cache and all the replications to get all the addresses... The other stress, which is important, is the number of updates to the database that come from changing the servers, from changing the address of who manages the registry and so on. But this is a completely different type of load."

Steve Crocker assured GAC members that there will be no impact discernable either to users or the internal distribution processes within each of the root server operators, and this will be documented in a report. The European Commission asked that this report be published as soon as possible. GAC representatives need policy summaries for use in communicating with their countries, and the European Commission would want access to the full report - with all the technical data and methodology - in order to share it with their own experts and help ICANN "to be confident all together on the resilience of the system".

Several GAC members asked how the new gTLD applications would be processed, particularly if there were a great number of them. The European Commission asked whether the GAC would be presented with only 500 applications at a time. Rod Beckstrom responded that there is no limit to the number of applications that will be submitted from January 12th to April 12th. If the number of applications received is more than 500, the current plan is to process those applications in batches of around 500. But they will all be posted at the same time.

Switzerland asked how applications would be batched, which ones would be put in the first and which in the last. "Would that be according to the date that they actually hand in their applications, or those from A to G -- what is your reflection in how to divide these into batches?" Rod Beckstrom explained that there were legal and technical operational issues to be worked through and so there is not yet a specific batching algorithm. But when there is one, it will be shared.

As to the timing of the GAC's role in providing early warnings, Kurt Pritz, ICANN's senior vice president of stakeholder relations, declared: "Given that we're publishing all the applications at the same time, we would expect the early warning to be issued at that time. And so, working with these -- through these operational issues with the GAC, if the GAC doesn't think it can get through all the applications in the 60 days allotted, that we should discuss how the GAC input could match the batching input going forward. But... I think the best duty to the applicant is to provide early warning advice to the applicant within 60 days so they can withdraw their application, if need be, and not, you know, they'll be spending money on their ongoing operations."

The European Commission clarified that the expectation was that the GAC would analyze all the applications - no matter how many there are - and issue early warning within 60 days. "And, yet, you're going to process those applications in batches of 500. So, I'm sorry to say, but this seems to put a little bit too [much] strain on the GAC while you, yourself, recognize that you are not going to be able to process 12,000 applicants, just to use the number I did. So why should we not tell you, well, we're going to process 500 applications maximum now and you tell us what those 500 applications are?" Rod Beckstrom promised to look at the issue and get back to the GAC on it.

Kurt Pritz offered to make the data as accessible as possible. "We will publish the applications, which are, essentially, the information in questions 1-13... So, there will be the string, and then the
applicant, and the purpose of the application and the answer to many of the questions, so that the GAC can use that to make its determinations... perhaps you could get back to us with a way that we could sort that data so it would be more helpful to you so you can kind of run your finger down it easily."

Bertrand de La Chapelle agreed that the bandwidth required for an early warning process with 1,200 applications will be much greater than the bandwidth required by only 500. He urged the GAC to produce early warnings on an ongoing, state-by-state basis, rather than providing a single early warning, which would require agreement on every potential problem beforehand.

He suggested, instead, that the GAC adopt "a two-pass system to try to narrow down, very early on, what are the strings that you believe are causing a problem in themselves and identifying among them" those where there is a real obvious consensus on the GAC that there is a problem that needs to be addressed, and those where there is a problem for some countries and [not] others." The European Commission promised to take this recommendation into account.

Germany, however, believes that it might be difficult to make a distinction between the evaluation of the string and the applicant. "A string evaluation is rather easy to [make]...but [for] an evaluation of the applicant... you need to know, what is the model he's following? What are the registration policies? What are the restrictions? I think this, frankly speaking, is not possible within a time frame of 60 days."

Switzerland agreed in principle with Bertrand de La Chappelle's suggestion, but wondered, what if there is a string that does not look problematic, the applicant, business models and registrar conditions do not look problematic, and then it turns out that "something is not applicable to our law in our country? And then you issue an early warning saying that, basically, everything would be fine, but we have a problem there. We cannot accept this. What is the use of this, if I get this right, that, if the applicant cannot modify this application, he can only withdraw it?"

Kurt Pritz explained that ICANN is "loathe to allow applicants to fully change their application, because that would allow applicants to abuse the system. Get an application in as a test. And, if that test sort of fails, they can sort of get around the system by amending it. But there are ways an applicant can address government concerns. For example, in the case of a geographic name, it can secure the approval of the government. Or there may be conditions a government would have before it would otherwise approve delegation of a name. So it can put the applicant on notice that the GAC will probably give GAC advice or encourage an objection in some way. So there are ways for governments to use the early warning effectively. And then, of course, the other use for GAC advice is to put the applicant on notice that there is going to be GAC advice or an objection to it and give him or her the opportunity to withdraw early for a higher refund. So we're trying to encourage the applicants to heed the GAC early warning in that way."

The Netherlands asked if it would be possible to enact a stricter policy if it were required to alleviate concerns of specific governments or the GAC as a whole. "I think just one very essential question about remediating an application. I understand that you don't want to have applicants gaming the system and changing their application.

"But, in certain cases, which are not only geographic but also others like dot sector and example of whatever sector, imagine, just to be very concrete example, imagine that, after talks with GAC members, after an early warning, that the registry would then maybe make a stricter policy and say, for example, that on the second level there's organization.sector. And he would say, okay, I want this to have stricter, for example, registered name for the organization on the second level. But with the minimum of 10 countries existent or regions."

Kurt Pritz would not respond to this specific example "because we want to maintain the goals of making it not gameable. But we also understand that you know, a registry might want to further restrict its application, make it more narrow in order to bring it into the goals of what the government has. So there's some limited opportunity to adjust how they're going to operate the registry without amending their application."

Bertrand de La Chapelle talked a little bit about the thinking behind the early warning system. "What we're trying to put in place is a communication channel. And the whole discussion we had during the elaboration of the applicant guidebook is to identify tools for interaction... What was attempted was to provide a way for intervening at different stages. And there are, as Thomas has said, there are different types of problems that may emerge... But what I'd like to highlight here is the notion of a continuous process that will move all along the evaluation the objections and all those components that have been put in the program as protections."

Discussion of conflicts of interest [full summary]

The European Commission explained how important this issue is to the European Commission, to the European Union and its member states and to many, if not all, of the GAC members. ICANN is an organization whose mission is to serve the global public interest and, in order to do so, "it must meet the highest corporate governance standards: those of accountability, transparency and independence. This goes to the heart of the multistakeholder model, because, of course, if the model is seen as not meeting those standards, then the legitimacy of the decisions that the model produces will be called into question."

The European Commission characterized as embarrassing the previous ICANN chairman's joining a company with a direct interest in the decision on new gTLDs that he had just overseen. "But that is, in our view, merely a symptom of a deeper problem, which is a structural problem of ICANN. If you look also at the recent audit report, we see that at least eight members of the board have declared conflicts of interest in the pursuit of their activities. And... there is no substantial conflict-of-interest and ethics policy in place. And, as this is a structural problem, we believe that structural solutions are in order."

The European Commission's preference would be for an ICANN board that is fully independent from stakeholders that have a direct interest in the decisions of the organization, a board that is professional and adequately remunerated. But, in the meantime, the European Commission expects the board to "take a very strong stance in favor of the highest standard of corporate governance."

The Board has begun to move in that direction, but it has taken "at least a couple of months before the board put this issue on its own agenda." The Board needs to adopt, "as soon as possible, a robust and substantive conflict-of-interest policy."

This policy should include: "a prior declaration of conflict of interest; an appropriate scope, i.e., not just in the case of transactions or in the case of decisions, but the whole phase from policy shaping to decisions; and, clear sanctions and penalties in case of breach. From our own experience, we know that if you can breach conflict-of-interest rules with impunity and there are no consequences, the whole policy isn't worth anything."

The European Commission also strongly recommended a cooling off period, precluding board members from immediately going to work for interested parties after their board service ends.

"We would very much urge the board to take its political responsibility and put in place such a policy as soon as possible. Not turn this into [a] process with working groups, and engaging consultants, and advice and further discussion, and et cetera. But, before the end of the year... make sure that such a policy is in place."

Bruce Tonkin, vice-chair of the ICANN board, agreed that conflict of interest was "a very serious issue", and promised to provide links to both ICANN's Conflicts of Interest Policy and Code of Conduct. "We also have fairly elaborate confidentiality provisions within our code of conduct and guidelines on how they should be used. So we do have something in place. But having said that, we also recognize that as the organization is taking on more responsibility, it needs to review those and improve those."

Tonkin said that they pre-declare conflicts of interest and, "if it's a serious issue, we leave the room and we don't vote on it." The strength of the multistakeholder body, he said, is in the multiple regions and areas of experience the 16 voting board members represent. This ensures that only one or two of the directors are likely to have a conflict of interest at any one time, and the absence of only one or two directors from a discussion has no real impact.

Bertrand de La Chapelle made a distinction between conflicts of interest for the period during which somebody is on the board and for the period after they have served. Regarding conflicts of interest
for current board members, "I think it's very, very important for all of you when this question is asked to take into account what Bruce mentioned regarding the fact that we're not starting from scratch. And it is probably our fault, generally, to not have been posting clearly enough the existing conflicts-of- interest policy, which... is conducted on a regular basis and is clearly done very thoroughly every time there is a discussion within the board that addresses a point that concerns a board member that has a conflict of interest... And the first step that is absolutely clear, and that can be done, and it is probably already done, is to make this policy that exists visible."

Bertrand de La Chappelle and the ccNSO appointee to the ICANN board, Mike Silber, both characterized the problem of the revolving door as a more complex one. Silber explained, "When somebody is working within the industry and they're on the board, at least it's known. And the motivation can be understood and, if necessary, the person excluded from a vote or the room. But there's this possibility of a hidden motive to create an opportunity to be exploited as soon as the person has left the board."

But Bertrand de La Chappelle is concerned that, "If we get to a revolving door policy that is too rigid, we get the irony of having somebody who can be in the industry when this person is on the board and who shouldn't be in it when it leaves the board, which is very strange." There are, however, "distinctions that can be made regarding the kind of functions that you can have afterwards." There is also, of course, the possibility of changing the ICANN model and requiring that board members become independent.

Portugal sought to disassociate itself "from the perception that having a board that is remunerated would solve these issues. I don't think it will. It is something that can be looked at. But it's a completely different matter. Ethics is not solved by professionalizing."

Cherine Chalaby contended that "it isn't just enough to have the best policies and the best standards. What is also important is that the culture and DNA of individual board members also improves. And it isn't enough to be also independent. I'm going to tell you why. Because there are three things that matters here: conflicts, [ethics] and confidentiality. You could be an independent board member; you will not have any conflicts.

"But you could breach [ethics], and you could breach confidentiality. So, the most important thing here is, once we have these policies on board... you have to, every year and all the time, refresh yourself, read them, make yourself more aware. And you'll be up to date with these policies as they develop and as they improve. And that's a very, very important thing that we must do as board members to make sure that these policies are being used and are being implemented."

Bruce Tonkin reported that ICANN is trying to ensure that the existing conflicts policy and code of conduct are well understood. "And so we had a board training session a few weeks ago, and we spent several hours, actually, going through the existing conflicts policy and the code of conduct and the confidentiality provisions. And we went through various scenarios of how they should apply to different situations that might emerge in the coming year. So that's part of actually building it into the culture."

Looking to improve on the policies already in place, the Board Governance Committee has asked the staff to commission external advice to review corporate and government best practices in conflicts and ethics, "so it's not just us coming up with our own rules." As far as the timing for putting new policies in place, "I wasn't sure. Were you suggesting that we don't put that out for comment before we would vote? Our normal practice is when we get advice, we update the policy and put it out for public comment... So I would expect we are talking of a time frame of a few months."

Rod Beckstrom weighed in with a list of the outside experts being consulted by ICANN. ICANN's corporate law firm is formally reviewing the conflicts-of-interest policies, code of conduct and employee handbooks "to enhance the focus on best practices for conflicts and ethics."

A new independent law firm is looking at the presentation of those documents and making recommendations based on similarly situated non-profit organizations. Their first recommendation has already been implemented: all key ICANN corporate governance documents are now posted at www.icann.org/documents. An international experts group will review documents and practices and make recommendations focused on ICANN's global function and the best practices of other international organizations.

Beckstrom welcomed recommendations of organizations to do this work and, "when we find and retain those experts, if any of you would like to have a conversation with that expert, we're happy to arrange it on an individual country-by-country basis, or for the GAC, or subsets of the GAC."

ICANN Board member Erika Mann spoke in regards to the Audit Committee, which she chairs. "We provide guidance in the financial and internal control of ICANN, and we fully understand the concern
with the new gTLD round, and the new work ICANN will have to do in the future, that there is concern with regard to such kind of oversight role....We will do a review of all the applicable international standards available. Of course, not all of them will work because we are not a purely commercial operation. So we will have to be very careful what we adopt and what we cannot adopt. We will do the review and we will consult, of course, with all of you."

Bertrand de La Chappelle emphasized that, in pursuing external expertise, "we have paid great attention to include a request to have information on practices that are done not only in not-for-profit or for-profit corporations, but also in public entities, including regulators and things like that. Because the whole landscape must be covered, and it's very important to take it into account."

The United Kingdom was encouraged by statements of commitment to address conflicts of interest and asked, again, for a timeline for the process. "I really need a timeline to send out to my Minister. If I could have that by the end of this week - I'm sorry to be so [demanding, but] it has exercised ministers. And that's our job as officials: to act on their concerns, and to engage, and to discuss, and then go back to the ministers and say, 'this is what we have agreed.'"

Rod Beckstrom invited everyone to a Thursday
afternoon session on this topic. "We will be seeking to develop a roadmap on a timely basis. And that will depend in part on the discussions and the feedback we get, because, for example, I just offered to allow any country here to have a conversation with the expert. [Depending] on how many of those conversations we're going to have, and what your recommendation or request is, for example, that could affect that timeline. And there will be other inputs. But we will begin working on a road map, and I think we are all taking this very seriously. But we also want to make sure that we respect the consultative processes of the community."

Mike Silber believes "it's clear that this is an issue that worries many of us on the board. We've done an analysis. I think what we're hearing is we've identified gaps. We've identified that the current
policies are good, but they're missing certain areas. And those areas, unfortunately, can be squeezed through by a rugby team, not just by a thin piece of paper, which means that we're doing work to close those gaps. What I'm hearing you say is, 'Give us something real as an outcome this week.' In terms of giving you policies, as has been indicated, I don't think anybody around this table would like such a rushed process that nobody around this table gets an opportunity to engage in comment on drafts as they come out. But, instead, I think what you're looking for is an acknowledgment that there are gaps and that those gaps need to be addressed."

The European Commission declared that "patience is wearing thin. And we're really looking for a strong response from ICANN to show that it can self-correct at this point. That's why when we hear reviews, we hear we've engaged consultants and have had public consultations on it, it starts to itch a little bit." The European Commission is aware that there are policies in place at ICANN, but considers them to have been ineffective and without sanctions or penalties, without a cooling off period. "That's why the previous chairman did not break any rules, because there were not any rules in the first place."

"We're really looking to a commitment toward a result, not a commitment towards a process with an unclear timeline. We're going to enter into a very important and probably not - although we would not hope not - controversial period with the new gTLDs. It is absolutely critical that the Board is above board on this, that you can point to this absolutely, when we take our decisions, we are crystal clean: these decisions are not influenced by particular interests that are represented on the board. So, there's a sense of urgency that we would like to see and a strong signal from the board itself and from the chairman that what has happened in the past will not be repeated in the future. And that, I think, we can then take back to our ministers. And they will no doubt be satisfied to see that something is actually moving. But, at the moment, I don't get that impression. I mean, I'm not sure I can debrief my Commissioner in that sense."

GAC Chair Heather Dryden asserted that "the new gTLD program opening does provide a certain pressure, a certain timeline for these rules to be clear. And I think that that's what GAC members have been saying today."

Rod Beckstrom promised GAC members "something you can take back that's very concrete." He referenced his speech made in June at the opening meeting of Singapore. He said, "we're moving from one chapter in new gTLDs to another." The first chapter was the policy development process, during which the community and the ICANN board and staff worked together. The second chapter was the development of the applicant guidebook, which was marked by "intense interaction between potential applicants, the board and members of the staff and executive team... In approving the program, we're now moving to a different phase. And we have to close one chapter and develop a new set of practices and a higher level of handling conflicts of interest. Because the same applicants who were at the table negotiating, discussing, sharing their expertise - appropriately - with staff and the board could no longer interact, with, for example, our new gTLD processing team. Because that team needs to be extremely separate, independent. And we need to make sure there are clean lines."

Beckstrom provided examples of what he was doing in this current phase to handle conflicts of interest at a higher level. "I did not have people from the new gTLD processing team participate in the road show. Even though some community members and others wanted them to participate in the road show, I said, 'no, because they're processing applications.' The last thing I want is them interacting with potential applicants. So that line was drawn.

"Secondly, at the staff meeting here on Sunday, when we gathered our entire staff, we had a communication from our legal team about how we were going to interact with new gTLD applicants here in Senegal at ICANN 42. And we implemented new practices that we have not used in the past, such as don't accept any drinks, or a meal, or anything else from a new gTLD applicant. The next thing is we told our staff members you need to report on any discussions with potential applicants, if they brought up their application or their idea and they want to discuss that with you. You need to report that into the organization. In writing.

"Thirdly, we told our staff: do not meet alone with any new gTLD applicants that want to speak with you. If they're speaking with you and they want to talk at all about the program in any fashion, or their application, don't be there alone because you need to record that communication.

"Now, this is a different level of implementation of our policies than we've ever done before. And it's what we're delivering - I'm delivering to you as a CEO of this organization."

Bruce Tonkin walked through the new gTLD application process phase by phase, describing how conflicts of interest will be avoided. Information about new gTLD applications submitted between January the 12th and April the 12th will not be available to the Board until published publicly.

Security information will be held by only a few ICANN staffers. During the evaluation phase, there will be strict separation between any board members and external evaluators or staff involved in the process. Any board member involved with any application will not be in the room when that application is discussed and will not have a vote on that application. Tonkin also offered to "document our board processes to what information the board has and with respect to the involvement of any board director in either discussing an application, discussing an application with staff, or, ultimately, voting on the application."

Steve Crocker acknowledged" "That statement by itself is not enough for you to take back," and explained that the ICANN board's reaction was not simple, clean and quick because, "It's intended more toward how do we understand how to apply this and build the processes and fit it to the actual situation. So, you've heard from Rod about all of the rules that are being put in place with respect to the prosecution of applications and the behavior of the staff. You've heard from Bruce Tonkin about both the combination of the advice we're taking on and also the rules that we have in place for the role of the board during these processes and so forth... we can and we will document these. We have documented a lot of this. But I think would be helpful to package all of this up in a form that you can see a comprehensive collection and the assemblage of the details and how they fit into the whole of an organized program that has both the clear statement of principles and objectives with respect to conflict of interest and ethics and also the implementation and how seriously we've taken that and how we've marbled that into the body and operation of ICANN."

In the course of this discussion, the European Commission also brought up the fact that ICANN relies on a limited number of parties for its funding, which "in itself, in our opinion, raises a fairly important issue of independence. It is not enough in our view to have a robust conflict-of-interest policy in terms of the behavior - and not only of the board members, but also of the staff - but also the issue of funding and financing needs to be looked at."

Bertrand de La Chappelle sought to "correct a very common misunderstanding... registries and registrars are not the one or the only ones that finance ICANN. They do finance ICANN for a portion. But they are conveying and channeling the contributions that are paid by the registrants. And so, in that respect, the funding of ICANN in majority comes from a very, very distributed number of people. Millions of people are actually contributing to the funding. This doesn't reduce the question of what kind of weight the ones who channel in this regulation process. But I want to take this opportunity to correct this misunderstanding the registrants are the source of funding of ICANN."

Heather Dryden questioned whether this addressed the real issue regarding registries and registrars, pointing out that it does not take into account "all those registrants are sitting on the board maybe creating opportunities for themselves. That's really the difference. That's really the point with registries and registrars being in a privileged position to influence business opportunities and so on."

Discussion of law enforcement recommendations endorsed by the GAC [full summary]

Heather Dryden requested that the United States, as the committee's lead on the issue of cybercrime, begin the discussion and she emphasized that the view of the US was "the consensus view of this committee."

The United States of America provided a quick history of GAC involvement with the issue of cybercrime. The GAC endorsed global law enforcement agency
(LEA) proposals [pdf], made in 2009 and designed to help prevent and disrupt efforts by criminal groups to exploit domain registration procedures.

"We conveyed that full GAC endorsement to you, brought that to your attention and asked you for your assistance in implementing them. GAC and law enforcement then engaged in a considerable amount of outreach and exchanges, bilateral exchanges with registrars. And in fact we felt in June, in Singapore, that we had had a very productive exchange that seemed to be moving in the right direction of a voluntary approach that could probably accommodate up to nine out of the 12 law enforcement recommendations. So you can imagine our disappointment that, not too long afterwards, we understand the registrars had tabled the motion and we learned on October 6, the Generic Names Supporting Organization (GNSO) Council approved it. That addresses only three of the original law enforcement recommendations and frankly addresses some of the ones that look suspiciously similar to the proposal the GAC included in our scorecard for new gTLDs that the board was able to simply accept... we are bringing this to your attention now as partners. We see this directly linked to the five Accountability and Transparency Review Team (ATRT)] recommendations that pertain to the role of the GAC within ICANN. And as you know, some of those refer to making sure the GAC is effectively able to interact in policy processes.

"So from our perspective, regrettably, this is an example of an inability for the GAC to engage effectively. And we need your support as a partner to advance the concerns that we have been expressing now for well over a year - almost two years - and we are looking for immediate visible and credible action to mitigate criminal activity using the Domain Name System."

The US asked two questions of the ICANN Board. "In taking the step that registrars have proposed, we have been informed that... the only way to make policies binding is through a PDP. So we ask for your guidance, is that really the case?" Secondly, at the June meeting in Singapore, "those registrars in attendance confirmed to us that they represent about 80 percent of the market and they also represented, quote, 'the good guys,' so leaving us with the understanding that about 20 percent of accredited registrars seem to fall in the category of bad guys. So we note that our law enforcement recommendations actually don't address the bad guys, but we decided it's important for us to ask you: how can you decredit that 20 percent immediately?"

"At the end of the day, what we really need is to meet the very high expectations in each of our capitals that this model is an effective partner for governments in addressing criminal activity. So we look to the model to self-regulate, to self-improve, to reach out."

Steve Crocker, again, recognized the urgency and importance of the issue at hand and said, "One of the things that is our responsibility at the board level is not only to oversee the process, not only to make sure rules are followed and that everything is fair, but at the end of the day, that it's effective. If all we have is process, process, process, and it gets gamed or it's ineffective just because it's not structured right, then we have failed totally in our duty and our mission... It's a balancing act, of course, because, you know, we're not going to intercede at every given moment and micro manage. That would be the failure of the other kind."

But, "In the sequence of meetings today, we met with the GNSO and segments of the GNSO - including, particularly, the registrars - and they... reported about their meeting with you, with the GAC. And they were of a somewhat different frame and seemed quite willing and eager, actually, to make the changes along the line. So we asked what the problem had been over all these years and they said, 'Nobody had ever explained it to us like that before.'"

"We do know that of the... 900-plus registrars that we have, the number that are customer-facing are a relatively small number, and of those there are a relatively small number that have a dominant part of the market. It ought to be possible in a situation like that to have leadership from within that community. And I'm hopeful that we can push that or encourage that very quickly and forcefully."

As far as immediately decrediting 20 percent of the registrars, Crocker turned to Kurt Pritz for a response.

Kurt Pritz responded to the US' first question regarding how these recommendations could be made binding on all registrars in a timely manner. "ICANN published a paper about a week ago to the GNSO that recommended in part that ICANN and registrars should start bilateral contract negotiations immediately in order to move the discussion forward. And I think this is in line with Steve's comment about moving the discussion from process into substance and, you know, succeeding at getting things done rather than talking about process... The paper also states that, you know, the GNSO can take up policy matters at any time to make policy binding on registrars."

Pritz identified a vote of the GNSO Council as "the fastest way to make those recommendations binding on all registrars. If we negotiate a set of agreements with registrars outside of that process, they'd have to be individually adopted by each registrar. And it's only binding on those registrars when their agreement expires." The agreements are five years long, and the majority of them will not expire for another three or four years.

More importantly, according to Pritz, "ICANN and the registrars have agreed that we should start negotiations right away on a more complete set of amendments that consider the LEA recommendations and the GNSO high- priority recommendations. And so the registry constituency met this morning and approved the initiation of those negotiations. So they are going to appoint a team to negotiate with ICANN and, similarly, ICANN is going to have a team negotiating. We also committed to reporting out with each meeting the results of that meeting in a transparent way so that the community could monitor developments of those negotiations."

As to the timeline, "the registrars and ICANN agreed that we'd work toward publishing a set of amendments by the Costa Rica meeting [March 2012]. I personally think that's very ambitious, but the registrars endorsed that and that's what we're working to."

The United States of America was unimpressed. "So, again, I think we have been lectured at great length as to the only way to make things stick is down this way. So again, that's a process. Now, it may be a fact, but it's a process." Initially, amendments were going to be made to the RAA, but it was going to take too long, so a voluntary agreement was sought. "Now we are told nothing can happen even on a voluntary basis. Frankly, we find that absolutely stunning that a registrar cannot agree to put their name on their Web site without a PDP."

Kenya mentioned that, in the meeting with the GNSO, they said the policy development processes take between one and two years. But Bruce Tonkin said, "The PDP process I think can get done in about 90 days. I have to check that, but it can be quite a bit faster. And it really depends on the community, right? And... registrars can voluntarily sign up to changes in the Registrar Accreditation Agreement and have, in fact, done so back in 2009."

Australia expressed despair that "all that I have heard is process, process, process. And I am back to where I was the other day talking to the registrars that I don't see a clear and credible path to action, to be perfectly honest. All the processes that I've just heard require agreement and negotiation with registrars. I may be wrong here, but the registrars have known about this for some time, and we've seen no action. And, in a self-regulatory model, if the people we're trying to regulate can continually stifle or veto any progress, then I think we have a structural problem with the model."

The United Kingdom recommended that, since the Draft 2012-2015 ICANN Strategic Plan, covers abuse, "Let's get some action to underpin the strategic plan so that we can, again, go back to our ministers with a very positive development to report."

According to Mike Silber, approximately 80 percent of registrars are currently following the recommendations set out in the guidelines. What we're talking about here is the solution for the remaining 20 percent. But a representative from the Serious Organised Crime Agency in the U.K. disagreed and underscored the necessity for urgent action. When it comes to the 80 percent "we are still trying to get them to follow even the most basic of recommendations in terms of reporting an abuse point. I must follow that with many of them are; however, there are a number that aren't... There is unanimity across all governments now that we really must address the growing issue of cybercrime across the Internet, which is ever increasing. And with all the issues that are being discussed within the ICANN board with new gTLDs and IDNs, it's going to become even more complicated for law enforcement."

Resources

List of speakers

• Heather Dryden, Chair of the GAC
• Steve Crocker, Chair of the ICANN Board
• Chris Disspain, Member of the ICANN Board and of ICANN's Accountability and Transparency Review Team (ATRT)
• United States (Suzanne Radell)
• Portugal
• Kenya (Alice Munyua), Vice Chair of GAC
• Nigeria
• Bertrand de La Chapelle, Member of the ICANN Board
• Katim Seringe Touray, Member of the ICANN Board
• European Commission
• Netherlands (Thomas de Haan)
• Rod Beckstrom, CEO and President of ICANN
• Sweden (Maria H‰ll), Vice Chair of GAC
• Suzanne Woolf, Root Server System Advisory Committee Liaison, Member of the ICANN
  Security and Stability Advisory Committee and the ARIN Advisory Council
• Germany (Hubert Schoettner )
• Switzerland (Francois Maurer)
  United Kingdom]
• Uganda
• Sebastien Bachollet, ICANN Board Public Participation Committee Member
• Bruce Tonkin, Vice-Chair of the ICANN Board
• Erika Mann, Member of the ICANN Board
• Australia
• Mike Silber, ccNSO Appointee to the ICANN Board
• Kurt Pritz, Senior Vice President of Stakeholder Relations at ICANN
• Singapore
• Canada
• Gary Kippy], Serious Organised Crime Agency, UK