Cybersecurity & Tech

The IANA Transition at Five

Paul Rosenzweig
Thursday, September 9, 2021, 12:33 PM

Just five years ago, in September 2016, a significant change in the operation of the internet occurred.

All Eye Overlord by Aswin Behera. (Source: CyberVisuals)

Published by The Lawfare Institute
in Cooperation With
Brookings

Just five years ago, in September 2016, a significant change in the operation of the internet occurred. Known as the IANA (Internet Assigned Numbers Authority) transition, it involved the U.S. government giving up the last vestiges of its direct oversight of the World Wide Web and, more particularly, its unique avenue for exerting influence over the management of the internet’s Domain Name System (or DNS). At the end of the transition, a private nongovernmental organization—the Internet Corporation for Assigned Names and Numbers (ICANN)—assumed full responsibility for managing the DNS.

Much about the change was uncertain. Some observers portrayed the transition as more ministerial than momentous. Others expressed grave concerns about the effect the change would have on the system’s political stability. Still others were more sanguine, and some were even enthusiastic at the prospect of empowering a new, international, multi-stakeholder organization, beholden to no national government, with authority to manage the network. But all who were engaged in the project were, self-evidently, projecting their best estimation of future events. Most policy decisions are made with such predictive judgments.

It makes sense to pause now, as the fifth anniversary of the IANA transition approaches, to take a retrospective look and examine what has gone well with the transition and what has gone poorly. This post is an effort to make such an assessment in as neutral a way as practical.

[Full disclosure: For more than eight years, my consulting company, Red Branch Consulting, has had clients with interests in the economic and technical stability of the Domain Name System, and we continue to do so today. In addition, at the time of the IANA transition, I went on record (including in congressional testimony) as one of the more skeptical observers of ICANN. The opinions expressed here are my own, but readers will want to assess the conclusions of this post with that background in mind.]

A fair review suggests the following:

  • Concerns about excessive government influence on ICANN have not proved to have been warranted.
  • Conversely, concerns about corporate insularity and the lack of influence on ICANN decision-making by affected stakeholders through the multi-stakeholder process have proved to be well founded. ICANN, as an organization, is increasingly unconstrained by stakeholder influence and review.
  • At the same time, however, there has been no catastrophe. While ICANN’s insularity appears to be a flawed condition that may well generate deep troubles in the future, ICANN’s failures have been commercial in nature thus far. At a technical level, the DNS is still working—and that, at least, is an important success.

In this post, I first review the history of the IANA transition and the concerns expressed at the time. I then summarize some of the most notable events of the past five years where the issues of potential concern have played out on the world stage. Finally, I analyze those instances and suggest lessons learned from this five-year review.

The IANA Transition: Background and a Short History

In March 2014, the Department of Commerce announced that the United States would relinquish its historical role in managing the Domain Name System. America’s remaining stewardship of the network would transition to an international nonprofit, the Internet Corporation for Assigned Names and Numbers.

It is useful to remember that the DNS is, in effect, the address book of the internet. Someone, in the end, has to decide that “microsoft.com” means the big computer software company in Washington state. And someone has to decide that in addition to .COM addresses, the network will begin identifying addresses in the .BANK and .XXX and .HOME domains as valid generic top-level domains (gTLDs). We call this role the Internet Assigned Numbers Authority—that is, the responsibility to assign names and numbers on the Internet.

Historically, since the architecture of the network was developed in the United States, the IANA responsibilities were originally given to American institutions—initially by the U.S. government itself. Since the 1990s however, the U.S. government had delegated much of that responsibility to a third party—it contracted out the IANA function to ICANN.

ICANN is an American nonprofit corporation with headquarters in Southern California. In short, it was created for the purpose of being able to contract to run the IANA function. And, for the 15 years before the formal transition, it did just that. ICANN periodically entered into a contract with the National Telecommunications and Information Administration (NTIA), a component of the Department of Commerce, which authorized ICANN to manage the IANA function on behalf of the U.S. government.

When the U.S. government announced that it would not renew the contract, and delegate responsibility to ICANN for managing the network, it effectively terminated its contractual authority over ICANN (an authority that was arguably vast, or limited, depending on your perspective). The primary conditions that the NTIA set for the transition was that ICANN develop an internal mechanism for oversight and accountability and win the trust of crucial stakeholders around the world.

The proposed change was, at a minimum, of some practical consequence. Under the old system, the NTIA had a verification and authorization role over how ICANN performed its functions. In other words, any changes that ICANN wanted to make were subject to review by the U.S. government—a review authority that was, however, used infrequently. After the IANA transition, the U.S. government gave up that role altogether.

To win the trust of stakeholders and develop an oversight mechanism, ICANN convened a working group representing the interests of all of its global constituents. Members included representatives of DNS registrars and registries, commercial and noncommercial users, and governments. Over the course of two years, this working group created a proposal to improve accountability of ICANN to its stakeholders.

At the end of that two-year process, the working group put forward a comprehensive proposal that created a so-called Empowered Community. The community was given an enhanced formal oversight role within ICANN with greater powers and responsibilities for ICANN’s operations. The new Empowered Community model continued to look to the ICANN Board and staff for day-to-day operational and long-term strategic direction, but it also had final authority over major institutional and structural changes. It was intended by ICANN to satisfy American demands for accountability in a broader sense—that it was seen not just as having certain formal authorities but also as embodying a vision of stakeholder control and ownership of the IANA process in a more symbolic and practical sense.

As the transition loomed, some observers continued to be concerned that the proposed accountability mechanisms were insufficient. For example, I testified in front of the U.S. Senate urging a trial period for the new structure before the U.S. government irrevocably committed to the transition. My concerns then were threefold.

First, I thought that with the retreat of American influence, other governments (including those of an authoritarian bent) would exercise greater influence over ICANN policy. In particular, those governments would now be officially part of the Empowered Community. Because the world’s governments were given a seat at the table, with more-than-advisory powers, I thought that malign influences might grow.

Second, I was concerned that ICANN would become a corporate captive—beholden to the domain name registry industry, which pays large fees to ICANN for the privilege of managing (and reselling) top-level domain names. If you accept the maxim that “he who has the gold makes the rules,” the transition to ICANN control was thought to be about a transition to corporate control through ICANN.

Finally, I was concerned that the Empowered Community was insufficiently robust to stand against this specter of corporate control and truly hold ICANN accountable to its constituents. The Empowered Community is based on a multi-stakeholder model of governance that brings all parties to the table. Its success or failure in providing a check on ICANN was the key to preventing ICANN from becoming an unregulated monopoly. Given the wide diversity of viewpoints and the institutional immaturity of the Empowered Community, I feared it would be a paper tiger.

Ultimately, these concerns were insufficient to dissuade the U.S. government from going forward, and the Department of Commerce terminated its contract with ICANN, formally ending the last vestiges of control over the IANA process, on Sept. 30, 2016.

Five Years of Experience

The five years since the IANA transition give us a useful perspective from which to review ICANN’s operations. Four instances of ICANN operations seem particularly useful to summarize as a backdrop for this analysis:

  • The failed proposal to sell the .ORG domain.
  • The California jurisdiction review.
  • The decision to approve .COM price increases.
  • The processing of the .WEB auction.

More examples could, of course, be chosen, but these are both representative and among the most significant events. In my view, it would be hard to identify any operational controversies of greater magnitude in the past five years.

The Proposed Sale of .ORG

The .ORG generic top-level domain is one of the oldest domains made available in the DNS system. For all of its existence it has been intended primarily for noncommercial users—what we might characterize, broadly, as nonprofit institutions. (Indeed, ICANN, which is itself a nonprofit corporation, uses the .ORG domain for its own website and internet presence.)

Noncommercial users naturally have a different set of concerns from those of commercial users. Most obviously, the affordability of services is often a limiting factor. And so, from the beginning, ICANN has recognized that price supports and/or caps were an important component of the .ORG domain management agenda.

To that end, in 2002, ICANN accepted the bid of the nonprofit Internet Society (ISOC) to manage the .ORG domain. To effectuate that management obligation, ISOC created a subsidiary, the Public Interest Registry (PIR), with operational responsibility for .ORG domain management.

In 2020, ISOC proposed to sell PIR to a venture capital firm, Ethos Capital. In effect, the sale would transfer control of the second-largest gTLD (only .COM is larger) from a nonprofit institution to a for-profit private equity firm. Almost by definition, this suggested that the DNS presence of many noncommercial and nonprofit organizations would now be subject to potential pricing pressures and increases.

The nature of the proposed transaction exacerbated concerns. To begin with, the Ethos group, to a significant degree, comprised former ICANN insiders—so the proposed transfer had a faint odor of insider dealing. There were no clearly provable allegations of conflict of interest,but when a valuable public asset like the .ORG gTLD is proposed for transfer to a for-profit group that includes a former CEO of ICANN, there are some appearances of oddity, at the very least.

Ethos also intended to take out a $360 million loan to complete the transaction and, as a for-profit entity, would also have some form of tax liability for its income. This led many observers to be concerned that after the sale there would either be a degradation of operational services or a rise in prices. Indeed, just a year before the proposed sale, ICANN renewed the PIR .ORG registry agreement and removed price caps on the domain, despite the opposition of more than 3,000 commenters. Any further changes in the .ORG operations would have affected more than 1,200 registrars, millions of registrants, and hundreds of millions (if not billions) of end users.

In response, a wide swath of stakeholders that were dependent on the .ORG domain opposed the sale. Criticism came from a diverse community including (among others) the ICANN At-Large Advisory Committee, an ad hoc organization of more than 800 nonprofits, the National Association of State Charity Officials, the U.N. High Commissioner for Human Rights, and several members of the U.S. Congress.

Though the timeline for the end result is rather convoluted, this widespread opposition would likely have been insufficient to stop the sale. It was only the late intervention of the California state attorney general that appeared to sway the ICANN Board. By virtue of ICANN’s (and PIR’s) incorporation as nonprofits in California and Pennsylvania, respectively, those states’ attorneys general have formal oversight of aspects of their operations. Based on that authority, California’s attorney general wrote to ICANN raising significant legal and practical concerns about whether or not the .ORG sale would conform with California law. Fifteen days after the attorney general expressed doubts, the ICANN Board formally rejected the proposed sale.

The California Jurisdiction Review

Even before the California attorney general intervened in the .ORG sale, ICANN had considered the question of when and how it would be subject to the jurisdiction of American law. The question of jurisdiction had been a matter of discussion prior to the IANA transition, but the issue was postponed for consideration both because it was deemed nonessential to the transition and, in truth, because it proved simply to be too intractable. As a result, the question of jurisdiction was passed forward to a so-called Work Stream 2 subgroup to consider. [Disclosure: I participated in this subgroup.]

Some of the stakeholders in the subgroup thought that ICANN should consider and ameliorate the legal effects of ICANN’s continued presence in the United States. Their concerns were often expressed as opposition to an international organization like ICANN being subject to the legal jurisdiction of any nation. Many of those concerns involved the practical interaction of American law with ICANN’s international obligations. For example, questions were raised about how ICANN would interact with foreign registrars if those registrars were resident in countries, like Iran, that are subject to American economic sanctions. Those questions were of genuine practical salience and formed a large fraction of the working group’s activity.

But for some stakeholders, that review did not go far enough. Led by the government of Brazil, these other stakeholders (who were mostly, though not exclusively, foreign governments and their representatives) wanted to go further. They thought that ICANN should not be subject to any American law and pushed for a report recommending that ICANN seek complete immunity from American law, either by formal legal agreement or, in the end, by moving ICANN’s legal headquarters out of the United States.

The jurisdiction subgroup worked for some time without reaching a consensus on this broader issue of residence, and the subgroup was eventually closed in June 2018 with a report limited to the narrower, more practical questions. In the end, Brazil and several other governments filed a minority report, objecting to ICANN’s continued legal residence in the United States and the fact that it would be subject to the legal jurisdiction of American (and specifically Californian) authorities.

The .COM Price Increase

At almost the same time that the .ORG sale was being considered, ICANN was also faced with the question of whether or not to approve a 7 percent annual price increase (for four of the next six years) in .COM registry prices. The .COM registry is managed by Verisign, an American corporation that also manages key aspects of the internet’s root zone. In effect, Verisign is a monopoly provider of the .COM domain. [More disclosure: Roughly eight years ago, I provided services through a third party to Verisign regarding security and stability issues relating to gTLD name collisions.]

ICANN opened public comments on the proposed price increase in January 2020 and closed them in February. More than 9,000 public comments were received by ICANN. The overwhelming majority (more than 98 percent) of the comments filed opposed the price increase that was proposed.

To be sure, some of that opposition was from other competitive business enterprises. Many of those who speculated in domain names filed comments opposing the price increase at least in part because any price increase might adversely affect their profit margins.

But a large number of other comments were filed by registrants who owned .COM domain names and by end users who had no direct commercial stake in the .COM price. Many of these comments noted that price increases would differentially affect lower-income domain registrants from poor or developing areas. Some were particularly concerned that the value of the price increase was presented by ICANN to the public as, more or less, a fait accompli, without any pre-announcement public input and without any economic analysis of the necessity of the increase. Others noted, for example, that no public justification for the price increase had been offered—to a large degree they saw the price increase as a simple way to directly increase Verisign’s bottom line, and nothing more.

The change was particularly concerning to some observers because it was effectively a reversal of an earlier amendment to the terms of the contract between ICANN and Verisign. In 2012 (before the IANA transition, when the U.S. government still exercised some influence over ICANN), the Department of Commerce had required Verisign to freeze its maximum wholesale price. With its newfound independence, ICANN was considering whether or not to eliminate the Obama-era price regulations and restore Verisign’s ability to raise prices.

Perhaps most notably (and contributing to the idea that the decision had been prearranged), ICANN received a staff report summarizing the public comments on March 26, 2020. Just one day later, the CEO of ICANN announced that he would sign the agreement and allow the price increase to go forward. In doing so, ICANN made clear that it would leave regulation of Verisign’s pricing to the American government to monitor, even though the U.S. has publicly expressed its expectation that ICANN would protect the public’s interest in .COM pricing. The rather unseemly haste with which the agreement was executed left some observers with a bitter taste in their mouths.

The .WEB Auction

Consider, finally, the auction of the .WEB gTLD. When this new domain was offered for auction in 2016, it was thought that the .WEB domain would be an extremely valuable and popular domain—indeed, perhaps the only viable competitor to the .COM and .NET domains, both of which are managed by Verisign. Thus, when the domain went up for auction, interest in operating the gTLD domain was high.

Initially, the .WEB auction was won by a company called Nu Dotco, LLC (NDC), which agreed to pay $135 million for the right to operate the domain. A company called Afilias was the second highest bidder and seemed to have lost out on the opportunity.

Things might have ended there, until it became clear that NDC was actually a front for Verisign. Verisign and NDC had reached an agreement before the auction that Verisign would fund NDC’s auction purchase and NDC in turn would, if it won the auction, transfer the .WEB domain registry operating rights to Verisign. At least as an initial matter, it could be plausibly argued that these arrangements and their concealment violated ICANN’s rules for the auctions of gTLDs.

The events that followed the revelation of this potential violation of the auction rules are both procedurally and factually complex. But the sum and substance of the complaint from the losing bidders was that ICANN had not followed or enforced its own auction rules. In the end, an independent review process (IRP) panel agreed. This past May the panel ruled that the ICANN staff and board had violated the requirements of their articles of incorporation and bylaws while reviewing (or, more accurately, failing to review) Afilias’s complaint and in their management of the .WEB delegation process.

In particular, it became clear that shortly after the auction took place, ICANN staff became aware of the Domain Acquisition Agreement between NDC and Verisign, and they failed to disclose the agreement to Afilias and the other losing bidders. Meanwhile, in both November 2016 and then again in June 2018, the ICANN Board declined to review the allegations of misconduct and collusion between NDC and Verisign and their alleged noncompliance with ICANN’s auction rules. The board’s failure to act was said to be particularly problematic because they were aware in June 2018 that the ICANN staff intended to move forward and complete the delegation of the .WEB domain to NDC despite the as-yet unadjudicated allegations of misconduct.

In the end, the IRP panel found the board’s inaction unacceptable. As the panel put it in its May 2021 decision, ICANN “to this day, while acknowledging that the questions raised as to the propriety of NDC’s and Verisign’s conduct are legitimate, serious, and deserving of its careful attention, has nevertheless failed to address them. Moreover, [ICANN] has adopted contradictory positions, including in these proceedings, that at least in appearance undermine the impartiality of its processes.”

And so, as we reach the five-year anniversary of the IANA transition, and having passed the five-year anniversary of the .WEB auction, the valuable .WEB domain remains in limbo. Following the IRP decision, the matter has been remanded to the ICANN staff and board with the expectation that they will finally take up the merits of the claim that the NDC/Verisign agreement was a violation of the auction rules. As of the writing of this post, the board has yet to review the .WEB auction substantively.

The .WEB decision was not merely ministerial in nature; it has had and will have significant economic impacts. More than $135 million remains at risk, as does the availability of a commercial competitor to Verisign’s .COM/.NET empire. And, as the loser of the IRP, ICANN will be required to pay costs for the panel in excess of $1.1 million, along with another $450,000 to cover Afilias’s legal fees connected to an earlier emergency IRP proceeding.

The Weakness of the Empowered Community and the Multi-Stakeholder Model

There can be little doubt that ICANN is, in effect, a worldwide monopoly. To be sure, it is a natural monopoly—since the entire network would become unstable if more than one DNS were in operation—but it is, nonetheless, a monopoly. It is a private entity that sets global standards for the operation and sale of internet domains, often acting without public accountability in its decisions to manage and allocate a critical worldwide resource. The entire purpose and thrust of the accountability working group and the IANA transition was to create public accountability through newly developed mechanisms that would subject the ICANN staff and board to greater effective control by their stakeholders.

Lessons From the .ORG Sale and the California Jurisdiction Working Group

The multi-stakeholder model and the operation of the Empowered Community have not been without some successes. The larger stakeholder community sufficiently mustered opposition to the .ORG sale to prevent it from happening—demonstrating that the stakeholder community can affect ICANN’s operations when it has sufficient will to do so.

But even that tale demonstrates the weaknesses inherent in the current governance structure. As noted above, the timeline of ICANN’s consideration of the .ORG sale is somewhat ambiguous and tangled. One can, however, see that the opposition of the broader community, standing alone, was insufficient to dissuade the ICANN board from going forward with the sale. As I perceive the events, it was only the intervention of a significant outside authority—the California attorney general—that turned the tide and ultimately caused the board to reject the Ethos Capital proposal. The prospect of action by the only remaining authority with legal control over ICANN was a substantial deterrent that engaged the board’s attention.

To be sure, the stakeholder community can take some credit for this turn of events. It was their activism that generated the public response that ultimately garnered sufficient political saliency to energize the attorney general’s intervention. But, in the end, that proves both too much and too little.

It proves too much in the sense that the stakeholder community has always had that power of activism even in the absence of the formal Empowered Community structure. Indeed, it is notable that the opposition to the .ORG sale ultimately occurred without reference to the formal Empowered Community structure.

And it proves too little in that it demonstrates the inherent limits of the formal Empowered Community structure to effectively influence ICANN operations. In the end, despite the large-scale opposition of the stakeholder community, the Empowered Community was, when acting alone, unable to restrain ICANN’s activities. Likewise, the broader stakeholder community was seemingly ineffective in expressing its opposition. At its heart, the need for enlisting outside influence and control reflects the limited nature of the internal control models that apply.

The .ORG sale and its failure also shed light on a different concern that animated skeptics five years ago—undue governmental control and influence. It bears recalling, as a proof point, that ICANN’s continued legal residence in California was a significant point of contention during the IANA transition. Many stakeholders, including a number of governments, contended that subjecting ICANN to California’s jurisdiction would continue to give the United States levers of control and influence that were, it was argued, inappropriate. That issue was effectively tabled at the time of the transition, and a posttransition working group was unable to achieve consensus and resolve the issue.

This history has two implications. First, and most obviously, the effort to extract ICANN from American jurisdiction was led by a number of foreign governments. Their failure to exert sufficient influence to achieve their objectives is a partial indication that one of the fears expressed at the time of the transition—excessive governmental control of ICANN—has not proved to be the case. The past five years offer precious little evidence that foreign governments are exerting an excessive influence on ICANN’s operations.

Second, the attorney general’s intervention suggests that those who objected to ICANN’s continued legal domicile in California were correct in a part of their analysis—that it would continue to allow American law to have influence on ICANN. But they were wrong to think that the legal influence would be ill founded. In this instance, most stakeholders would consider the results of the attorney general’s intervention to be salutary and benign.

The success of the community in opposing the .ORG sale was due to little more than good fortune and extreme engagement—the inability of foreign governments to eliminate American legal jurisdiction combined with the ability of activists to engage an outside actor. That is not an accountability solution that is either repeatable or scalable.

Lessons From the .COM and .WEB Experiences

The success in opposing the .ORG sale was, manifestly, a unique event. The failure of stakeholders to prevent the .COM price increase or react to the apparently significant bylaws violations in the .WEB auction should be seen as the norm for the past five years. Those failures are evidence of the comparative weakness of the multi-stakeholder/Empowered Community model.

The weakness should come as no surprise. The structure of the Empowered Community is such that one can be reasonably confident of its lack of real impact. Three interrelated factors contribute directly to that feebleness:

  • First, there is the structural requirement for cross-community consensus. The Empowered Community may act effectively only if it is able to muster support for a course of action that is approved by all of the various stakeholders. But those stakeholder groups are, quite literally, as diverse as the world that ICANN serves. They include business and commercial interests, noncommercial groups, governments and nongovernmental organizations, technical security experts, and nonexpert end users of the DNS. Achieving consensus in the face of that diversity is as unlikely as achieving consensus at the United Nations. In short, this design flaw structurally disables the Empowered Community from acting. The consensus requirement is a straitjacket that prevents it from working.
  • Second, the inherent design flaw of the Empowered Community consensus requirement is exacerbated by the almost-blatant invitation to rent-seeking. Everyone has a seat at the table. And, in theory, that’s a good thing. But when the default mode for an organization leans strongly toward inaction, then those who benefit from inaction will have a high degree of incentive to block consensus. And almost by definition, any contemplated action within ICANN will have winners and losers—copyright holders vs. artists, governments vs. activists, commercial interests vs. nongovernmental organizations, and so on. It is an organizational flaw to design a governance system that rewards obstruction—but that is precisely how the Empowered Community was designed.
  • Finally, the Empowered Community is institutionally dependent on the expertise of the ICANN staff. As mostly part-time volunteers, the Empowered Community must rely on staff for all of the administrative work and much of the technical support. This is not unique to the Empowered Community—it is commonplace throughout the ICANN multi-stakeholder model. Volunteers must rely on full-time staff to achieve their objectives. But that very staff is the object of the Empowered Community’s critical scrutiny. The potential for conflict is obvious. Unless and until ICANN’s stakeholders develop their own outside expertise, they will always be servants to ICANN.

These effects can be seen palpably in the lack of serious stakeholder impact on the .COM price increase or the .WEB auction. One would have hoped (and perhaps even expected) that a price increase that was so widely opposed across the stakeholder spectrum would have at least garnered some official consideration (if not pushback) from the Empowered Community. One would have hoped (and perhaps even expected) that the apparently collusive sale of a domain as notable as the .WEB domain would have given rise to oversight and scrutiny from those tasked with holding ICANN accountable.

But neither occurred. There is a deep social history to be written about how that happened and how the multi-stakeholder model has become a captive of ICANN. But, however it occurred, it is a reality. The IANA transition was supposed to enhance accountability (at least sufficient to replace that being lost from the lingering American oversight). There is no good evidence that the mechanisms so proudly adopted have had that effect.

Conclusion

So, what, in the end, are we to make of the Empowered Community? Perhaps ambitions for it were a greater load than it could bear. As a review of its activity makes clear, for much of the past five years it has been examining ICANN budgets, five-year operating plans, bylaws amendments and strategic plans. Much of that work is valuable and beneficial. Allowing the broader community to, in effect, look over the shoulders of the board of directors and the ICANN staff must serve as a useful check on behavior. And having input on the budget is a practical way of controlling organizational activities. None of this is bad, and the record of the Empowered Community shows instances in which it sought to exert influence over ICANN activities.

The Empowered Community’s lack of engagement is also, to some degree, a reflection of the technical stability of the DNS. While the concerns outlined in this review are ones that have significant economic and commercial impact, the functioning of the DNS has proceeded without disruption—and that must also be counted as a success.

But one has the sense that, in the end, the Empowered Community structure has not lived up to its promise of accountability. At the time of the transition, supporters saw the Empowered Community as the ultimate check on ICANN overreach. It had (and still has) powerful authorities to control ICANN’s agenda and even, in extreme circumstances, overturn the board’s actions.

It would have been a surprise if those powers had been used. In some ways, that sort of intervention would be a failure of the institution—much in the way that impeaching a president is a last resort in the democratic process. And thus, we might be glad that the Empowered Community has not had cause to intervene too aggressively in ICANN’s affairs. Its decision to refrain from action can be seen, at least in part, as a reflection of satisfaction with ICANN’s activities.

But that analysis ignores the transaction cost effect that restrains the Empowered Community. On this view, the hoped-for influence of the Empowered Community has been lacking. To date, the Empowered Community has failed to muster the will to prevail in the face of corporate interests, and fears about corporate insularity and the lack of influence on ICANN decision-making by affected stakeholders through the multi-stakeholder process have proved to be well founded. As an organization, ICANN is increasingly unaccountable to stakeholder review, and the Empowered Community has not grown into its potential role for providing that scrutiny. And so, at the five-year mark it’s reasonable to say that the accountability promised in the IANA transition is a promise as yet unfulfilled.


Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare