Karl Auerbach: ICANN "Out of Control"

by Richard Koman

Editor's note: Strong forces are reshaping the Internet these days. To understand these forces--governmental, business, and technical--Richard Koman interviews the people in the midst of the changes.

This month, Richard talks to Karl Auerbach, a public board member of ICANN and one of the Internet governing body's strongest critics.

October's distributed, denial-of-service attack against the domain name system--the most serious yet, in which seven of the thirteen DNS roots were cut off from the Internet--put a spotlight on ICANN, the nongovernmental corporation responsible for Internet addressing and DNS. The security of DNS is on ICANN's watch. Why is it so susceptible to attack, when the Internet as a whole is touted as being able to withstand nuclear Armageddon?

It's religious dogma, says Karl Auerbach, a public representative to ICANN's board. There's no reason DNS shouldn't be decentralized, except that ICANN wants to maintain central control over this critical function. Worse, Auerbach said in a telephone interview with O'Reilly Network, ICANN uses its domain name dispute resolution process to expand the rights of trademark holders, routinely taking away domains from people with legitimate rights to them, only to reward them to multinational corporations with similar names.

Auerbach--who successfully sued ICANN over access to corporate documents (ICANN wanted him to sign a nondisclosure agreement before he could see the documents)--will only be an ICANN director for a few more weeks. As part of ICANN's "reform" process, the ICANN board voted last month to end public representation on the board. As of December 15, there will be zero public representatives on the ICANN board.

Related Reading

By Paul Albitz, Cricket Liu

How does ICANN justify banishing the public from its decision-making process? Stuart Lynn, president and CEO of ICANN, said the change was needed to make ICANN's process more "efficient." In a Washington Post online discussion, Lynn said: "The board decided that at this time [online elections] are too open to fraud and capture to be practical, and we have to look for other ways to represent the public interest. It was also not clear that enough people were really interested in voting in these elections to create a large enough body of voters that could be reflective of the public interest. This decision could always be reexamined in the future. In the meantime, we are encouraging other forms of at-large organizations to self-organize and create and encourage a body of individuals who could provide the user input and public interest input into the ICANN process."

Former ICANN president Esther Dyson is also supporting the move away from public representation on the board. "I did believe that it was a good idea to have a globally elected executive board, [but] you can't have a global democracy without a globally informed electorate," Dyson told the Post. "What you really need [in order] to have effective end-user representation is to have them in the bowels (of the organization) rather than on the board."

Auerbach isn't buying. "ICANN is pursuing various spin stories to pretend that they haven't abandoned the public interest," he says in this interview. "ICANN is trying to create a situation where individuals are not allowed in and the only organizations that are allowed in are those that hew to ICANN's party line."

In this interview, Auerbach makes a number of strong criticisms of ICANN, beyond the issue of public access:

  • ICANN uses its domain name dispute resolution process to expand the rights of trademark holders, routinely taking away domains from people with legitimate rights to them, only to reward them to multinational corps with similar names, Auerbach says.
  • ICANN unnecessarily maintains the domain name system as a centralized database, making it vulnerable to attack.
  • ICANN has failed to improve network security since September 11 and has ignored Auerbach's suggestions for improving DNS security.
  • ICANN staff takes actions without consulting the board, withholds information from the board, and misleads board members.
  • Finally, Auerbach charges that ICANN is guilty of corporate malfeasance.

Koman: On October 21, there was a denial-of-service attack on DNS, which was widely reported as the most serious yet. Something like seven of the thirteen root servers were unavailable for as long as three hours. What is ICANN's responsibility for DNS, and how vulnerable is it to attack?

Auerbach: On the Internet, there are a couple of areas that arguably need some centralized authority. One of these is IP address allocation--addresses need to handed out with some notion of how they comport to the physical topology of the network.

A lot of people look at the domain name system as equally in need of centralized control. They look at DNS and see there's a root on top and some number of names underneath and they say, "Whoa, we need an organization to manage that." From a technical point of view, that's completely untrue. The DNS is really an optional service on top of the basic functionality of the Internet. We could have many different versions of DNS. The only concern is they be consistent with one another. People have elevated this argument for consistency to the idea that we can only have one, catholic source of names. That's a leap of logic that does not exist in reality; nevertheless ICANN uses that leap to justify its existence.

By some religious dogma, we have come to the conclusion that there must be one ICANN sitting on top of the domain name space. It's a false conclusion but many people believe it, and it's a very useful conclusion for trademark interests, who have found that enforcing trademarks through the court system is just plain expensive. They found ICANN to be a very convenient tool to expand the law of trademarks, so trademark holders can exert control over non-trademark holders in a much less expensive way, and in a way that happens to lack all the protections of due process and judicial review. That's a dream for the trademark holders; they love ICANN.

Koman: Let's talk about the recent denial-of-service attack.

Auerbach: The interesting thing is, September 11 was more than a year ago and ICANN formed this high-level plenary committee to go and deal with DNS security, and to date not a single peep has come out of that committee. Yet I proposed in early October 2001 a set of several concrete, specific things that people could do to protect DNS, and more importantly, to recover from a DNS outage. And also to go after the bad guys to deter others from doing it.

ICANN, because they refuse to admit I exist, deep-sixed the entire set of suggestions and hasn't even admitted that they exist. ICANN has intentionally disregarded things it could have done to protect DNS security, which possibly, had they been adopted, would have either slowed, prevented, or more quickly deflected this most recent attack. ICANN does not have the public interest at heart.

ICANN isn't doing a diddly thing about network security. The committee itself has great people on it, but they're great people in a very narrow sense. They're technical experts but they know nothing about how to recover from a disaster. How do you lock a door? They know nothing about collection of evidence. They know nothing about how to recover from a disaster.

Koman: How insecure is DNS; how susceptible is it to attack?

Auerbach: Well, I don't disagree with the assessment of Bruce Schneier that DNS is probably the most vulnerable point of the Internet. ICANN has proclaimed as a matter of religious dogma--and it's nothing more--that there shall be but one DNS root. Well that means ICANN is declaring the Internet shall have one single point of failure and here it is. ICANN has by that dogma condemned the Internet to vulnerability.

Koman: The whole Internet is based on its decentralized nature, on redundancy, on the lack of single points of failure.

Auerbach: Except in the domain name system. And the domain name system need not be that way. ICANN is making a lot of assertions that are not justified by technology and are not consistent with the public's desire to control its own Internet experience.

Public Representation on ICANN

Koman: On October 31, ICANN approved new bylaws that removed the five publicly elected board members, leaving no public representation on the board, as of December 15.

Auerbach: That's right. Now ICANN is pursuing various spin stories to pretend that they haven't abandoned the public interest. One is that they have governments participating in ICANN and the governments represent the people of their nations, and because governments are an advisory group within ICANN, we don't need mere people. That argument is fallacious; governments not only represent their citizens; they also represent businesses and other entities within their borders. But ICANN gives special privileges to those businesses in its forums, and businesses still do get to elect board members. They've also created these so-called at-large advisory committees (ALACs)--note that they're called "at-large" as if the public could join, but membership is not open to the public; membership is only open to organizations. ICANN is trying to create a situation where individuals are not allowed in and the only organizations that are allowed in are those that hew to ICANN's party line.

You have no way to vote against ICANN directors. You have as much right to vote against ICANN directors as the peasants in France had of voting against Louis XIV.

Koman: What is ICANN's attitude to the idea that the Internet is a public resource and that the public has some justifiable interest in being involved in its governance?

Auerbach: ICANN is an oligarchy. ICANN claims it's a private organization yet it claims immunity from things like antitrust because it derives its powers via contracts with the government. It has decided that things like decentralizing the domain name space should not be done because the public should not be confused. ICANN has made all these decisions based on the concept of what the public should have and what it should not without ever asking the public what it wants or allowing the public to have its representatives among those who decide these issues.

Koman: So doesn't the public have a reasonable right of governance of this critical public resource?

Auerbach: The public does have an expectation--ICANN's purpose is to benefit the public and yet ICANN has done nothing but promote business. There are public interests that are really important on the Internet. Like making sure the domain name system works reliably day in and day out, that it's reasonably protected and stable. ICANN has not done any of that. The public's expectations of what ICANN ought to be doing have been unfilled and the public's expectation of what ICANN ought not to be doing have been quite well fulfilled. ICANN is squishing out of the seams in jobs it ought not to be doing.

Pages: 1, 2

Next Pagearrow