Politics and Law

The Internet may be getting friendlier for a significant chunk of the world. A proposal is up for a vote to let Web addresses use non-English characters.

The proposed change (PDF), known as Internationalized Domain Names (IDNs), will allow the use of non-Latin characters in the entire address. Currently, such characters are allowed only in part of the address. IDNs will let people who write in Chinese, Korean, or Arabic use their own languages to surf the Web, and is expected to jump-start Internet use in many regions across the globe.

ICANN, the Internet Corporation for Assigned Names and Numbers, which is responsible for managing domain names on the Net, will review the historic, hot-button proposal on Friday at its six-day 36th International Public Meeting in Seoul. If approved, IDNs could kick in as early as mid-2010.

"This is an extremely important meeting for ICANN, since the IDN program is moving one step closer to reshaping the global Internet landscape," ICANN CEO Rod Beckstrom said in a statement. "In Seoul, we plan to move forward to the next step in the internationalization of the Internet, which means that eventually people from every corner of the globe will be able to navigate much of the online world using their native language scripts."

IDNs are not a new concept. They've been debated for at least a decade. Some doubted whether such a system could work. But countries like China have taken the lead in pushing for this change.

Of the 1.6 billion Internet users worldwide, more than half use languages with character sets other than Latin. Beckstrom sees the change as necessary, not just now, but for the future as Internet use continues to grow.

One of the challenges behind IDNs has been the use of translation technology to convert one character set to another to deliver the right address. But ICANN seems to have covered that base.

"We're confident that it works because we've been testing it now for a couple of years," Peter Dengate Thrush, chairman of ICANN's board, said in a statement. "And so we're really ready to start rolling it out."

ICANN has won a major battle over the abusive tactic of domain tasting, said the organization in a report released Wednesday.

The Internet Corporation for Assigned Names and Numbers is responsible for managing and doling out Internet domain names.

It's not an easy job. And making it harder was a scheme used by some registrars known as domain tasting. Someone would buy up lots of domain names, try them out, and then get rid of the unprofitable ones, all without losing any money. As long as the registrar dumped the domains within the five-day grace period, known as the Add Grace Period (AGP), a full refund was given.

Designed by ICANN to help registrars who made errors in their domain names, the grace period refund was quickly abused by Web sites that populated their domains with lots of ad links that redirected visitors to other sites. It also led to the unavailability of popular names that were scooped up by domain tasters.

In June 2008, ICANN decided to act. The organization stopped refunding the 20-cent annual fee for each registered deleted domain name beyond a certain limit.

But since 20 cents per domain wasn't much of a penalty, ICANN got tougher. The organization began charging registrars $6.75 (the cost of a current .org domain) or higher for each deleted domain beyond a certain limit during the grace period.

In its report, ICANN used the following example to illustrate the policy change:
Someone registers 1,000 domain names and gets rid of 300 of them during the grace period. Under the policy, the registrar is allowed up to 70 deletions. The remaining 230 cost 20 cents each for a total of $46. Plus, each excessive deletion costs the registrar at least $6.75. Dumping 230 domain names rings up a bill of $1,552.50 for a grand total of $1,598.50.

ICANN said the new policy resulted in a 99.7 percent decrease in domain deletions from June 2008 to April 2009.

(Credit: ICANN)

Former U.S. cybersecurity official Rod Beckstrom has been named the new CEO and president of ICANN.

His appointment was announced at the annual meeting Friday in Australia of ICANN, which stands for the Internet Corporation for Assigned Names and Numbers.

A global nonprofit, ICANN is responsible for assigning and managing Internet domain names and IP addresses, among other tasks.

Rod Beckstrom, ICANN CEO

(Credit: ICANN)

"Rod Beckstrom has exactly the sort of strong personal and technical background that ICANN needs," ICANN Chairman Peter Dengate Thrush said in announcing the decision.

Beckstrom, who received his MBA from Stanford University, has served on the boards of several nonprofit groups and written four books. But it was his role as director of the U.S. National Cybersecurity Center (NCSC) where he made an impression. As head of the federal center, he oversaw a large, disparate agency spanning civilian, military and intelligence communities.

However, Beckstrom resigned his government role in March after complaining of interference from the National Security Agency.

In a letter to Department of Homeland Security Secretary Janet Napolitano, he said the NSA dominated most of his agency's efforts and that he was "unwilling to subjugate the NCSC underneath the NSA." Beckstrom defended the achievements of the NCSC and said he favored a decentralized approach so that security is not handled by any single organization.

Beckstrom's ICANN appointment triggered favorable statements from many sides.

"Rod Beckstrom is strikingly well-prepared to undertake a new role as CEO of ICANN," Vint Cert, who is considered to be the "father" of the Internet, said in a statement. "His experience in industry and government equip him for this global and very challenging job."

Beckstrom is an "outstanding choice to head ICANN. He understands people, institutions, and technology," Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), said in a statement. "He recognizes both the potential and the challenges for ICANN. And has stood up for the civil liberties of Internet users with courage and foresight."

ICANN has been criticized over the years for a host of reasons, including internal squabbles, the fees it levies, and the perceived shroud of secrecy under which it operates.

Last year, ICANN proposed new rules for Internet names that would expand suffixes beyond the familiar .com, .net, and .org domains. The proposal worried many who thought it would lead to confusion on the Internet.

But Beckstrom's comments upon his appointment reflect faith in the organization.

"The Internet has changed the way the world communicates and conducts commerce," Beckstrom said at a press conference. "And in no small way, this multi-stakeholder, bottom-up organization has been and will continue to be at the core of the Internet's ongoing evolution. Quite simply, the proof that ICANN works, is that the Internet works."

As the organization responsible for overseeing Internet domains prepares to expand the number of top-level domains available, Al Gore is advocating for a special domain to promote environmental awareness.

Two Internet entrepreneurs have formed Dot Eco LLC for the purpose of securing the .eco domain through the Internet Corporation for Assigned Names and Numbers' new gTLD application process.

The group announced Thursday at ICANN's Mexico City meeting that it has entered into an "integrated partnership" with Gore and his philanthropic organization, the Alliance for Climate Protection.

"We fully support Dot Eco LLC in its efforts to secure the .eco top-level domain through the ICANN application process and look forward to working with Dot Eco LLC to promote .eco," Gore said, according to a Dot Eco release. "This is a truly exciting opportunity for the environmental movement and for the Internet as a whole."

Dot Eco said in its release it is interested in establishing the domain "for individuals to express their support for environmental causes, for companies to promote their environmental initiatives, and for environmental organizations to maintain their Web sites in a namespace that is more relevant to their core missions."

The president and CEO of ICANN, the nonprofit responsible for the Internet's domain name system, announced on Monday he will be stepping down from his position at the end of 2009.

Paul Twomey, president and CEO of the Internet Corporation for Assigned Names and Numbers, made the announcement at the organization's 34th International Public Meeting in Mexico City.

"While I am deeply and personally committed to ICANN and its success, I think this is the right time for me to move on to another leadership position in the private or international sectors," he said, according to a statement released Monday.

Twomey was named president and CEO of the organization in 2003, after serving as the founding chairman of ICANN's Governmental Advisory Committee. He has been the longest serving CEO of the Marina Del Rey, Calif., nonprofit.

"I can think of no other person who has had more influence on the course of ICANN's evolution than Paul," Vint Cerf, Google's chief Internet evangelist and former chairman of the ICANN board, said in a statement. "We owe him a great debt for long and faithful service."

Twomey will stay on as president until the ICANN board appoints a successor. Once a successor is named, Twomey will finish the year as "senior president" to help with the transition.

Twomey's announcement comes just months before the U.S. Commerce Department's oversight of the ICANN expires. The organization will become completely independent this September. ICANN is also in the midst of expanding the number of generic top-level domains for sale, a move opposed by companies concerned with protecting their brand names online.

Before joining ICANN, Twomey founded Argo P@cific, an international advisory and investment firm specializing in building Internet and technology businesses. He also served as CEO of the Australian National Office for the Information Economy.

The company behind the proposed .xxx top-level domain, which was rejected after the Bush administration intervened, has been trying to dig up embarrassing government documents through a federal lawsuit.

Make that "was trying." A federal judge on March 12 granted summary judgment to the Bush administration in the Freedom of Information Act lawsuit brought by the ICM Registry.

By way of background, ICM Registry had proposed the porn-friendly .xxx domain in 2004 to the Internet Corporation for Assigned Names and Numbers, four years after ICANN rejected the idea the first time. In June 2005, ICANN approved .xxx--but the Bush administration objected two months later, and ICANN's board subsequently reversed itself by a 9-5 vote.

ICM Registry's Stuart Lawley, an indefatigable entrepreneur who made his fortune by founding a U.K. Internet service provider, didn't give up. He filed a FOIA request to learn how conservative groups pressured the Bush administration, and he released the first round of documents in May 2006. But the State Department and Commerce Department withheld others--claiming they were part of an internal "deliberative process"--and those are the documents at issue in the current lawsuit.

Robert Corn-Revere, an attorney at Davis Wright Tremaine who is representing ICM Registry, said a lawsuit against ICANN for denying the .xxx top-level domain is now possible.

"ICM Registry is planning to examine and pursue all of its legal options," Corn-Revere said Tuesday. "We were waiting to see what the outcome of this FOIA litigation was."

ICM had argued that if there's reason to suspect government misconduct such as improper influence by Focus on the Family et al., the documents should be turned over straightaway (this is known as the misconduct exemption).

U.S. District Judge James Robertson in Washington, D.C., sided in part with ICM, saying that argument would be valid if the administration "opposed .xxx for nefarious purposes" but that none had been demonstrated. Robertson, however, didn't actually read the withheld FOIA'd documents for himself, which is something that ICM could raise, if it chooses to appeal.

The key part of Robertson's ruling is:

Whatever the boundaries of the misconduct exception, they cannot be as expansive as ICM declares them to be...Absent some showing that consideration of domain name and Internet policy is outside these departments' and agencies' domains--and none has been made--or that they opposed .xxx for nefarious purposes, their action is not misconduct within the meaning of the exception to the deliberative process privilege.

If the government "leaned on"� ICANN or any other decision maker that it did not directly control, (its) policy choice to do so is discoverable under FOIA. That choice (if it was made) was not "political abuse," however, and so the deliberations that underlay it are properly exempt from disclosure.

Descriptions of some of the documents that were not released certainly make their contents sound intriguing. One is a State Department staffer's response to a Wall Street Journal article about alternatives to the domain name system; others deal with meetings between the State Department and a delegation from Japan.

On the Commerce Department side, the documents--again, these have not been released in full--include:

- Document EP59: This is an e-mail containing a Commerce employee's opinions regarding the effects of a .xxx domain on children's access to pornography.

- Document EP61: This reflects the opinions of Commerce Department employees on the effects of .xxx on children's access to pornography and on what Web sites would be in a .xxx domain.

- Documents EP90-92: These are part of an e-mail chain, and the redactions relate to the opinions of Commerce employees on how to present Commerce's role in making changes to the authoritative root zone file to the public.

Documents EP125-126: These are e-mails, and the redactions include the opinions of a Ms. Atwell on the roles of ICANN and Commerce in the approval of the .xxx domain, and her opinions regarding control of children's access to pornography. (By Atwell, this presumably means Meredith Atwell Baker, then the deputy assistant secretary for communications and information in the National Telecommunications and Information Administration.)

- Documents EP46, EP98: These are e-mails from which questions and opinions of White House employee Helen Domenici have been redacted. These include the status of .xxx approval, as well as opinions regarding approval. (Domenici is listed as Assistant Associate Director for Telecommunications and Information Technology (PDF) in the White House's Office of Science and Technology Policy.)

- Documents 000001-000007: These are all drafts of a document entitled "USG/DOC Options Regarding GAC Consideration of the Proposed .xxx Domain." (Because it's not a final policy and contains options not acted on, the judge ruled, it can't be obtained through FOIA.)

- Documents 000008-000010: These are all drafts of a document entitled "USG Opinions for Including .xxx in the Authoritative Root Zone file."

- Document 000016: This is a draft entitled "USG Procedural Options Regarding the Creation of .xxx"

- Document 000019: This is a draft entitled "The Department of Commerce's Role in Additions to the Internet Domain Name System Authoritative Root Zone File."

To be sure, the Commerce and State Departments did release a good number of documents in redacted and non-redacted form. Corn-Revere said: "I expect we will be releasing the other documents we have."

But those additional files could have provided a valuable glimpse into how much pressure conservative groups applied--and into what the U.S. government thinks of ICANN and its own role in approving new domain name suffixes. Unfortunately, given the limitations of FOIA and a judge who was unwilling to go along with ICM's arguments, we may never know the whole story.

The Whois database may disappear.

An Internet Corporation for Assigned Names and Numbers committee is considering a sunset proposal at its meeting this week in Los Angeles that would effectively scrap the directory system on privacy grounds. Among those arguments is that a public-by-default Whois listing may run afoul of Canadian and European Union privacy laws.

Having this debate is not a bad idea. It's about time that we rethought whether the Whois directory service--which has public contact information for domain name owners--should exist in its current form.

Trademark and copyright holders, and their lobbyists, are opposing this move. They argue that a public Whois database is necessary to help track down trademark infringements, copyright infringements, and "cybersquatting."

The American Intellectual Property Law Association even went so far as to claim that "accurate and available information is essential for law enforcement in crimes" (PDF), including "hate literature, terrorism, and child pornography," ignoring that so-called hate literature is constitutionally protected in the United States. (And I wonder how many terrorists and child pornographers will tell the truth when asked for their real home address when registering a domain.)

This is not a new debate. Nearly four years ago, I wrote:

Whois is broken. Like the Internet mail protocols that were drafted during a more innocent era and are now being exploited by spammers, the Whois database was not intended to be melded into the shape preferred by copyright and trademark lobbyists.

The origins of today's domain name system can be found in standards RFC 1034 and RFC 1035, published in November 1987, when the Internet was still young, and commercial traffic would not officially be encouraged for another five years. Back then, before individuals started to buy their own domain names, a public Whois database was necessary to permit network administrators to fix problems and maintain the stability of the Internet.

Today, however, the open nature of the Whois database is no longer a boon to people who own domain names. If you buy a domain name, current regulations created by ICANN say you must make public "accurate and reliable contact details, and promptly correct and update them during the term of the...registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number."

Who wants to make that kind of personal information public for the benefit of spammers, direct marketers, and snoops? You shouldn't have to publish your home address--and other personal details--to everyone in the world, just to own a domain name. And if you decide to lie by typing in "1 Nowhere Road," I don't see why you should be punished for attempting to protect your and your family's privacy.

There are plenty of legitimate reasons why domain name holders might leave their address blank. As an international coalition of civil-liberties groups said in a letter to ICANN in October 2003: "Anyone with Internet access can now have access to Whois data, and that includes stalkers, governments that restrict dissidents' activities, law enforcement agents without legal authority, and spammers...Many domain name registrants--and particularly noncommercial users--do not wish to make public the information that they furnished to registrars. Some of them may have legitimate reasons to conceal their actual identities or to register domain names anonymously."

Since then, the debate has advanced. An ICANN task force published a report last year listing the widely differing views of intellectual-property lobbyists, Internet service providers, noncommercial users, and so on.

Syracuse University's Milton Mueller and Mawaki Chango wrote an analysis this year concluding that the Whois database would never have been made public if it weren't a default rule left over from the Internet's early days. There's also a handy timeline and an overview prepared this month by ICANN staff (PDF). That overview says:

Due to this lack of consensus, the GNSO Council recommends that the Board consider "sunsetting" the existing current contractual requirements concerning Whois for registries, registrars, and registrants that are not supported by consensus policy by removing these unsupported provisions from the current operating agreements between ICANN and its contracted parties, and that these provisions be sunset no later than the end of the 2008 ICANN Annual General Meeting and that such provisions will remain sunset until such time that consensus policy in this area has been developed to replace the sunset provisions, at which point, they will be eliminated or modified.

I suspect that the intellectual-property rights lobbyists will win this round, and Whois will stay around at least a while longer. But this is a fine opportunity to re-evaluate whether all domain owners must have their home addresses, phone numbers, and e-mail addresses publicly available by default to spammers and all other species of Internet miscreants.