Comments on the Preliminary GNSO Issue Report on the RAA Amendments

[Milton L Mueller <mueller@xxxxxxx>]

Comments of Dr. Milton Mueller on the Preliminary GNSO Issue Report on the 
Registrar Accreditation Agreement Amendments

As a member of the Executive Committee of the Noncommercial Stakeholders Group, 
I am happy to see that the board has recognized that these demands for changes 
to the RAA are important policy issues. As such, they should be handled by the 
GNSO, not through bilateral negotiations between Registrars and ICANN, and not 
through unilateral dicta from the GAC and law-enforcement agencies.

However, the value of this exercise is diminished by our knowledge that private 
negotiations between registrars and ICANN are already underway, dealing with 
basically the same issues. This creates confusion and raises the danger of a 
lack of representation in the evolution of a solution. The issues report does 
not seem to clarify how these two processes intersect. It is our view that the 
conclusions of a PDP would override any private agreements made.

The way registrars handle the personal, financial and technical data of their 
customers, and the way they interact with law enforcement agencies, is a policy 
issue of the highest order. It involves privacy and freedom of expression 
issues, due process issues, as well as cyber-security and the effectiveness of 
legitimate law enforcement in a globalized environment. The issue is 
complicated by the fact that law enforcement from governments anywhere in the 
world would be involved, and some of them are not committed to due process, 
individual liberty or privacy. Even legitimate governments can engage in 
illegitimate, extra-territorial assertions of their authority or abuses of due 
process. LEAs have a long history of demanding access to information that makes 
their jobs easier, and this is a legitimate concern. However, in democratic 
countries the demands of law enforcement have always been constrained by the 
procedural and substantive rights of individuals. ICANN must take this into 
account.

The demands of LEAs to make registrars collect, maintain and validate data is 
reminiscent of what China and South Korea have called a "real names" policy, 
which makes all participation in Internet communication contingent upon giving 
government authorities sensitive personal identification information and a 
blanket authority to discontinue service should any wrongdoing be suspected. 
This not only raises civil liberties issues, but places potentially enormous 
cost burdens on registrars.

The concept of intermediary responsibility is being actively debated in a 
number of Internet policy making forums. (E.g., see the recent OECD report "The 
Role of Internet Intermediaries in Advancing Public Policy Objectives."*  A 
point of consensus in this controversial topic is that any attempt to load up 
Internet intermediaries (such as domain name registrars) with too many 
ancillary responsibilities can stifle the innovation and growth we have come to 
associate with the Internet economy. It can also unfairly distribute the costs 
and burdens involved. Registrars who are expected to react instantly to any 
demand that comes to them from anyone claiming to be law enforcement will 
reduce their risk and liability by acceding to what may be unjust demands and 
sacrificing the rights of their users. 

I and many others in the broader ICANN community were troubled by the way in 
which the Board seems to have been stampeded into RAA amendments by a few GAC 
members. It is important to keep in mind that the resolutions or "decisions" 
made by the GAC's governmental members are not subject to ratification by their 
national legislatures, or to review by their national courts. Thus, the GAC has 
no legitimacy as a policy making organ and no authority to demand changes to 
the RAA. As an Advisory Committee, they can and should make us aware of certain 
concerns, but they are in no position to bypass ICANN's own policy development 
processes. Furthermore, we continue to be troubled by the failure or refusal of 
the law enforcement agencies making these demands to liaise with noncommercial 
users or civil liberties groups. 

We therefore support the initiation of a legitimate, inclusive policy 
development process that includes all stakeholders, including governments and 
law enforcement agencies. This kind of balanced, multi-stakeholder process is 
not simply a matter of fairness, it is eminently practical when dealing with a 
globalized jurisdiction where no single government can claim to be a legitimate 
representative of all the people and businesses involved. Proposals that come 
from one stakeholder group are certain to be suboptimal or harmful to other 
stakeholder groups. ICANN was created to resolve these conflicts of interest in 
a balanced way that includes all affected groups.  

* http://www.oecd.org/document/34/0,3746,en_2649_34223_48773090_1_1_1_1,00.html

Milton L. Mueller
Professor, Syracuse University School of Information Studies
Internet Governance Project
http://blog.internetgovernance.org