ICANN’s Accountability and Transparency: A Retrospective on the IANA Transition

The Internet Corporation for Assigned Names and Numbers (ICANN) is approaching its 25^th anniversary, and the IANA Stewardship Transition (IANA transition) concluded more than five years ago. This point in time marks an important opportunity for the ICANN multi-stakeholder community to review and assess ICANN’s current governance model and key accountability and transparency mechanisms. That assessment includes taking stock of the implementation status of the key reforms required by the IANA transition, the multi-year process that initiated the most significant changes to ICANN’s governance structure in more than two decades.

ICANN and its multi-stakeholder community have evolved significantly over the last 20-plus years, and the IANA transition triggered the latest major update to ICANN’s articles of incorporation and bylaws. The co-authors of this article were directly involved in extensive community engagement to prepare ICANN and its governing documents for the final transition of Internet Assigned Numbers Authority (IANA) functions stewardship from the U.S. government to the global Internet community, as envisioned at the time of ICANN’s founding in 1998. In our collective view, the IANA transition and its required accountability and transparency reforms were positive and appropriate steps in ICANN’s evolution and appear to be working as intended since the transition’s completion in 2016.

Current ICANN governance structures have generally proven effective under routine operating conditions, as well as in exceptional circumstances such as the KSK roll-over and, more recently, the increased demand on the DNS and Internet routing infrastructure during the Covid-19 pandemic. While ICANN and its multi-stakeholder community must continue the work to fully implement the remaining and post-transition obligations, the past five years have demonstrated not only ICANN’s compliance with its new bylaw obligations and support for the updated accountability and transparency reforms, but also evidence those reforms are effective in delivering on the promise of ICANN’s accountability to the broader community without an individual government in an oversight role.

ICANN continues to face systemic challenges from some governments that do not support the multi-stakeholder model for Internet Governance (IG), preferring a purely governmental approach to Internet-related issues through national legislation, a treaty organization performing IANA functions, or a combination thereof. The global IG environment and ecosystem have continued to evolve over the last five years, and it is important for ICANN to solidify its maturation by finalizing implementation of existing commitments to transparency and accountability while supporting the broader multi-stakeholder community in its responsibilities.

A Brief History of ICANN’s Founding

ICANN was established in 1998, following a call for proposals and the subsequent execution of a Memorandum of Understanding (MOU) between the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) and ICANN. The MOU was the result of a year-long effort initiated by NTIA with the January 1998 “Green Paper,” formally titled A Proposal to Improve Technical Management of Internet Names and Addresses, and the June 1998 “White Paper,” which formalized U.S. policies related to managing the Internet’s system of unique identifiers.

In the late 1990s, the United States recognized its legacy role managing the Internet’s unique identifiers was not well suited to handle the fast-changing digital landscape, including the global coordination of increasingly important domain names and IP addresses. In the White Paper, NTIA enumerated the challenges and pressures to transition DNS management from the U.S. government to the global multi-stakeholder community – anticipating many of the policy and organizational challenges tackled by the ICANN community during the next two decades, including competition, the introduction of new top level domains, domain name/trademark conflicts, global stakeholder representation, the role of government, and the need for predictability and transparency.

As noted in the White Paper:

The Need for Change

From its origins as a U.S.-based research vehicle, the Internet is rapidly becoming an international medium for commerce, education and communication. The traditional means of organizing its technical functions need to evolve as well. The pressures for change are coming from many different quarters:

—There is widespread dissatisfaction about the absence of competition in domain name registration.

—Conflicts between trademark holders and domain name holders are becoming more common. Mechanisms for resolving these conflicts are expensive and cumbersome.

—Many commercial interests, staking their future on the successful growth of the Internet, are calling for a more formal and robust management structure.

—An increasing percentage of Internet users reside outside of the U.S., and those stakeholders want to participate in Internet coordination.

—As Internet names increasingly have commercial value, the decision to add new top-level domains cannot be made on an ad hoc basis by entities or individuals that are not formally accountable to the Internet community.

—As the Internet becomes commercial, it becomes less appropriate for U.S. research agencies to direct and fund these functions.

In the 16 years between ICANN’s founding and the 2014 announcement of the IANA transition, the ICANN MOU saw several updates, including the 2006 Joint Project Agreement (JPA) and the 2009 Affirmation of Commitments (AOC). The JPA and AOC helped set the stage and establish parameters for the eventual IANA transition and the continued maturation of ICANN and its multi-stakeholder community. To that end, the AOC established four key performance reviews later incorporated and formalized by ICANN to enable a timely IANA transition. During its accountability and transparency work in 2014 and 2015, the ICANN community recognized the value of three key AOC “specific reviews:” Accountability & Transparency; Competition, Consumer Trust, and Consumer Choice; and Security, Stability & Resiliency. ICANN worked to ensure the continuation of these obligations through the transfer from NTIA while keeping in mind the likelihood that ICANN would exercise its right to cancel the AOC after the IANA transition.

What is IANA?

The Internet Assigned Names Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and Internet protocol parameter assignments emerging from the IETF standardization process. As of ICANN’s establishment in 1998, IANA functions were contracted out to ICANN by NTIA. But after the original MOU was allowed to expire and the IANA transition was completed in 2016, the global multi-stakeholder Internet community itself became the steward of ICANN’s performance of IANA functions. Prior to 2016, the key entities performing the IANA functions were NTIA; ICANN; Verisign, for domain names and root zone management; the IETF, for protocol parameters; and the Regional Internet Registries (RIRs), for IP addressing. Following the IANA transition, NTIA was removed from the equation, ICANN accepted responsibility for performing the IANA functions with enhanced community oversight, and Verisign agreed to perform the Root Zone Maintainer (RZM) functions under a bilateral subcontracting agreement with ICANN, rather than the original three-party partnership between NTIA, ICANN, and Verisign.

The transition originated with a March 2014 NTIA announcement of the agency’s intent to “transition key Internet domain name functions to the global multi-stakeholder community” and its request for ICANN to “convene global stakeholders to develop a proposal to transition the current role played by NTIA in the coordination of the Internet’s domain name system (DNS).”

NTIA also clearly laid out its core principles and expectation that any such proposal must: have broad community support; support and enhance the multi-stakeholder model; maintain the security, stability, and resiliency of the Internet DNS; meet the needs and expectation of the global customers and partners of the IANA services; maintain the openness of the Internet; and not replace the NTIA role with a government-led or an inter-governmental organization solution.

The IG community at the time was energized over several related events and developments, all of which increased international and stakeholder pressure on ICANN and other active IG groups. The first was the 2012 World Conference on International Telecommunications (WCIT), where the U.N. International Telecommunication Union (ITU) 193 member-states debated, but ultimately did not agree to, a resolution that would have encouraged greater international governmental control over Internet-related policy. The second energizing event was the 2013 disclosures of Edward Snowden, which fostered mistrust of the U.S. government’s role in Internet governance, even though the NSA practices he revealed had nothing to do with ICANN. The initial NetMundial conference was called by the Brazilian government in April 2014, with particular focus on the Snowden revelations, and there was significant engagement by ICANN’s leadership to promote multi-stakeholder engagement globally over Internet governance issues. Another energizing development was anticipation of the 2014 and 2015 United Nations WSIS+10 meetings, which ultimately produced an implementation review of original WSIS outcomes from 2005 and a ten-year renewal of the Internet Governance Forum charter.

In this broader context, 2014 was a year when pressure had built between supporters of governmental vs. multi-stakeholder and private-sector-led approaches to Internet regulation, and the United States elected to transition IANA functions from the government to ICANN, clearly signaling its commitment to supporting the global, multi-stakeholder community.

Yet, the ICANN multi-stakeholder community was largely surprised by NTIA’s March 2014 announced intent to step away from its historical role and to seek a proposal from ICANN. While there was general support for a transition to the global multi-stakeholder community, many raised concerns about ICANN’s accountability, transparency, and organizational readiness to “stand alone” without NTIA’s legacy supervision. Two weeks after NTIA’s announcement, ICANN met in Singapore for ICANN49, where a dedicated transition-related session was held, planning for the IANA stewardship transition began in earnest, and the community was invited to provide input.

The key principles set out by ICANN and NTIA for community consideration included:

• Transition process facilitated by ICANN to be globally inclusive and collaborative;
• USG stewardship transition to accountability mechanisms (existing/new);
• accountability mechanisms to provide transparency to all stakeholders globally (governments, private sector, civil society);
• accountability mechanisms to be administered in a manner that is not government-led, or inter-governmental;
• accountability mechanisms to support & enhance the bottom-up consensus-based multi-stakeholder model;
• accountability mechanisms to maintain DNS security, stability, and resiliency;
• accountability mechanisms to meet needs/expectations of global customers and partners; and
• mechanisms to maintain openness of the Internet.

Following ICANN49, the community effort was accompanied by several iterations of the ICANN transition plan, including an April 2014 scoping document and a June 2014 announcement concerning the formation of the cross-community IANA Stewardship Transition Coordination Group (ICG).

Because the IANA transition would impact multiple stakeholders across three distinct areas of responsibility – domain names, Internet protocol numbers and protocol parameters – in June 2014, ICANN proposed and agreed to support the ICG to help coordinate and consolidate transition proposals from each of these impacted communities, and to support development of a comprehensive proposal for ICANN and NTIA consideration. The ICG became an important interface between the community and ICANN during the work to deliver on the shared goal of a strong and stable ICANN accountable to the global Internet stakeholder community.

As noted by ICANN at the time, “it was determined that the transition proposals for each of the IANA functions should be developed by the directly affected communities: the IETF and IAB for IANA functions related to Internet Protocol Parameters; the NRO, the ASO, and the RIRs for functions related the management and distribution of numbering resources; and the GNSO and ccNSO for functions related to the Domain Name System.”

As such, the Community Working Group IANA Naming Functions Transition group, known as CWG-Stewardship, was formed to develop a proposal for the elements of the IANA Stewardship Transition directly impacting the naming community. Completion and acceptance of this group’s work was a prerequisite for the transition, along with the parallel technical proposals from the numbering and protocol parameter communities, but it did not include the necessary parallel work of ensuring ICANN’s accountability and transparency.

ICANN50: The Community Speaks Out for Accountability

While there was general support for the transition, the broader ICANN community had significant concerns about ICANN’s accountability, long-term legitimacy, and what appeared to be an accelerated process in the face of the external geopolitical pressures of the day.

At ICANN’s 2014 summer meeting in London (ICANN50), representatives of ICANN’s Generic Names Supporting Organization (GNSO) stakeholder and constituency groups developed and delivered the first joint statement in the history of the GNSO, which was further supported by other ICANN community groups during the ICANN50 Public Forum, calling for key accountability reforms and a process to ensure ICANN’s Board of Directors could be held accountable in absence of NTIA’s historical role and perceived backstop capability. The GNSO statement, coupled with the broader demand for an accountability and transparency effort, directly led to the eventual formation of the Cross-Community Working Group on ICANN’s Accountability and Transparency (CCWG-Accountability).

CCWG-Accountability was chartered to consider any necessary updates to ICANN’s accountability mechanisms in support of the IANA transition – eventually divided into two work tracks: Work Stream 1 for deliverables required prior to the IANA transition and Work Stream 2 for items that could be finalized and implemented after the transition. CCWG-Accountability’s work was an intense cross-community effort over three years that delivered significant value to the transition by developing accountability mechanisms that met the expectations of NTIA and the needs of the global ICANN multi-stakeholder community.

CCWG-Accountability, Stress Tests, and the Empowered Community

An important factor in the preparation for a successful IANA transition was the development of Stress Tests for various accountability tools under consideration. As noted by CCWG-Accountability in Annex 15, “‘Stress Testing’ is a simulation exercise where a set of plausible, but not necessarily probable, hypothetical scenarios are used to gauge how certain events will affect a system, product, company or industry.” The Stress Tests were considered an essential part of the CCWG-Accountability charter. “The exercise of applying stress tests identified changes to ICANN Bylaws that might be necessary to allow the CCWG-Accountability to evaluate proposed accountability mechanisms as adequate to meet the challenges identified,” the group wrote in Annex 15.

Thirty-eight individual stress tests were developed and demonstrated an important level of rigor in assessing the possible risks and benefits of each recommended accountability tool. The stress tests were grouped into five categories in the final report: Financial Crisis or Insolvency, Failure to Meet Operational Obligations, Legal/Legislative Action, Failure of Accountability and, Failure of Accountability to External Stakeholders. Most of the tests addressed concerns about capture by governments or powerful stakeholders, Board action or inaction, the impact of government regulation, and the very deliberate and focused backstop role of the “Empowered Community.”

As noted, previously, the 2009 AOC created four reviews through which the community could hold ICANN accountable. Because the AOC could be canceled by ICANN at any time, the CCWG-Accountability required the AOC reviews be added to ICANN’s bylaws – a direct result of Stress Test #14: ICANN or NTIA Terminate the AOC. ICANN agreed to this community requirement and added all four reviews to the bylaws, including the Accountability and Transparency Review Team (ATRT), which measures ICANN’s performance against its obligations. The most recent review, ATRT-3, published its final report in May 2020 with five recommendations.

To the extent community members have concerns about ICANN’s ongoing performance against its current bylaws, these established reviews are an appropriate vehicle for engagement and identifying any structural accountability gaps or where ICANN’s delivery diverged from expectations following the CCWG-Accountability recommendations, stress tests, and implementation of the new bylaws.

The development of ICANN’s Empowered Community was another key outcome of the CCWG-Accountability, and one that became the foundation of ICANN’s ongoing legitimacy in the eyes of its community members. The Empowered Community (EC) is the mechanism through which ICANN’s Supporting Organizations (SO) and Advisory Committees (AC) can organize under California law to legally enforce enumerated community powers. As part of the IANA transition, community powers and the rules that govern the EC are defined in the ICANN Articles of Incorporation and Bylaws and include five community groups sharing nine enumerated powers:

The current members of the ICANN Empowered Community are:

• Address Supporting Organization (ASO)
• Country Code Names Supporting Organization (ccNSO)
• Generic Names Supporting Organization (GNSO)
• At-Large Advisory Committee (ALAC)
• Governmental Advisory Committee (GAC)

The EC has the power to:

• reject ICANN and IANA budgets, and ICANN operating and strategic plans;
• reject standard bylaw amendments;
• reject Public Technical Identifiers (PTI) governance actions;
• approve fundamental bylaw and article amendments, and asset sales;
• recall the entire ICANN Board;
• appoint and remove individual ICANN Board of Directors (other than the president);
• require the ICANN Board to review its rejection of IANA Function Review (IFR), special IFR, Separation Cross-Community Working Group (SCWG) creation, and SCWG recommendation decisions;
• initiate community reconsideration request, mediation, or Independent Review Process (IRP); and
• hold the rights of inspection and investigation.

The EC was designed to hold the ICANN Board and management accountable, without contradicting the Board’s exercise of its fiduciary responsibilities, and to create a limited and proportional capability for ensuring the Board meets its obligations and does so in the public interest, within its bylaws, and on behalf of its global multi-stakeholder community. As such, the role of the EC is carefully limited to provide checks and balances while avoiding interference in matters correctly left to the Board of Directors, as the representative of the broader ICANN community.

A key factor in the EC’s development was to establish a threshold for action that would be balanced and executable but would not undermine the Board’s ability to act in a decisive and timely manner. As such, the EC was provided specific triggers requiring varying levels of support to initiate action, depending on the issue and community power.

Fortunately, as of this writing, the ICANN community has not yet been sufficiently concerned to exercise any of the EC’s enumerated powers. After more than five years, this fact is a testament to the detailed, rigorous, and careful approach the ICANN community took in supporting the IANA transition with the necessary accountability and transparency reforms as a pre-condition for transition.

The existence of the EC has helped to foster constructive engagement among the ICANN Board, organization and community for the past five years, but ICANN community members must be continuously reminded of the powers, triggers, and obligations associated with this important, and still relatively new, accountability structure.

Root Zone Management and Accountability at the Root

In March of 2015, to prepare for the IANA transition implementation, NTIA asked Verisign and ICANN to submit a proposal for how best to remove the NTIA’s administrative role in root zone management while maintaining the security, stability, and resiliency of the Internet’s domain name system. ICANN and Verisign submitted a joint proposal in August 2015, offering a high-level plan for transitioning the NTIA role along with recommendations on the way forward. The proposal resulted in the 2016 development of the Root Zone Maintainer Services Agreement (RZMA), establishing a bilateral relationship between ICANN and Verisign while removing NTIA from its legacy “approver” role for updates to the root zone file.

While working with Verisign on the RZMA, ICANN was simultaneously working with the broader multi-stakeholder community in 2015 and 2016 to develop and deliver the proposals that would enable completion of the IANA transition. The entire process took one year longer than originally envisioned by NTIA and ICANN, but the result was more robust and better able to withstand significant political pressure and scrutiny.

Following the acceptance and signing of the RZMA, Verisign and ICANN deployed updated root zone management systems that removed the requirement for NTIA approvals while maintaining essential accountability and transparency functions. The new system ran in parallel with the old one for 90 days, in a well-documented trial, to ensure the new system would operate as expected and produce root zone files identical to the old one.

The new RZMA placed new service-level requirements on Verisign as the Root Zone Maintainer, including RZMS service availability, root zone distribution service availability, root zone publication frequency, time to publish normal change requests, and time to publish emergency change requests. Verisign continues to provide monthly reports to ICANN demonstrating compliance with these service level agreement requirements.

In support of Root Zone Management accountability, the community via the CWG-Transition, recommended establishment of a standing Root Zone Evolution Review Committee (RZERC) to provide advice on moving forward with any future architectural changes. Since its creation in 2016, the RZERC has produced a statement in support of the KSK rollover, recommendations for adding data protections to the root zone, and recommendations to study signed root zone name server data. After its first five years, RZERC is conducting a review of its own charter.

To ensure operational and technical security and stability at the time of the transition, ICANN, Verisign and NTIA agreed Verisign, at a nominal fee, would continue to provide services for root zone maintenance, root zone signing management of the root zone’s zone signing key, and distribution of the root zone file and related files to the root zone operators. The RZMA has an eight-year term, with the intention of promoting the security, stability, and resiliency of root zone maintenance operations by having Verisign continue its current role for that term. As an important additional accountability mechanism, the RZMA also provides the community the ability – through a consensus-based, community-driven process – to require ICANN to transition the root zone maintenance function to another service provider after three years. It also allows for the community to recommend changes to service level agreements and the RZMS, as root zone management evolves.

Beyond Transition: Real-World Stress Tests

Following the 2016 IANA transition, ICANN and its multi-stakeholder community have faced and effectively managed several regulatory, technical, logistical, and governance challenges that were identified and stress tested during the community’s work in support of the transition. A follow-on article to be published in the next edition of dotmagazine (on 23 November) will examine key real-world situations that have arisen since the transition, namely covering three case studies on:

• GDPR and Stress Test #4
• Root Zone Key-Signing-Key Rollover and Stress Tests #1, 2, 11, 17, & 21
• Reassigning .org Agreement, Stress Tests #3 & 15

The follow-on article will also look at next steps, in respect of:

• Work Stream 2 Implementation, Jurisdiction, and More

and will take stock of whether the mechanisms in place have been adequate for addressing situations hypothesized in our stress tests. Using this pre-existing score card, a further evaluation will take place on whether ICANN met these challenges as envisioned by the IANA transition.

A glimpse into the follow-on article: IANA functions themselves, including Root Zone Management, are considered to have been well-served by the transition, and the new accountability structures designed and developed by the ICANN community are seen to continue to ensure the security, stability, and resiliency of the Internet’s unique identifiers.

As vice president of public policy and government relations in the Naming and Registry Services organization at Verisign, Keith Drazek is responsible for actively and broadly participating in the development and advocacy of Verisign’s policy interests in multiple arenas involving Internet identifiers. Keith brings over 30 years of experience and leadership in the technical functions of the Internet and the Domain Name System (DNS), Internet policy development, government relations, external affairs and channel management.

Editor’s note: On the 5th year anniversary of the IANA transition, a group of people began collaborating on this report, which was released in conjunction with ICANN75 in Kuala Lumpur. In addition to Keith Drazek, the co-authors included:

• Jordan Carter, auDA
• Wolfgang Kleinwachter, Aarhus University, EuSSIG
• Milton Mueller, Georgia Institute of Technology
• Thomas Rickert, Rickert Rechtsanwaltsgesellschaft mbH
• Tatiana Tropina, University of Leiden
• Bruce Tonkin, auDA