May 14, 2018
ICANN’s data security report: Tiered model to comply with new GDPR, questions remain on KSK
contributor: Satish Babu
Engineering for Change’s Contributing Editor Satish Babu reports on the implications of the ICANN61 meeting and community forum in Puerto Rico, 2018.
Data security and global changes underway occupied most of the 61st meeting and community forum of ICANN, the Internet Corporation on Assigned Names and Numbers, in Puerto Rico last March. Topics of note include the General Data Protection Regulation (GDPR), Next Generation Registration Directory Services (RDS), New generic top-level domains (gTLD) Subsequent Procedures, Geographical Names, and the Key Signing Key (KSK) rollover.
Interim response to GDPR
GDPR, the new legal framework from the European Union, becomes enforceable from May 25, 2018, and was the talk of ICANN61. Although EU-focused, GDPR has caused a global upheaval on account of its coverage as well as its stringent requirements.
The interest in privacy, data protection and GDPR has steadily engaged public attention on account of multiple data breaches (of which Facebook/Cambridge Analytica is the latest). GDPR, while the first of its kind, is expected to lead to similar laws in many parts of the world, and consequently, it is likely to remain an area of focus for a significant length of time.
ICANN has been spearheading a series of community consultations over the last several months at arriving at an interim formulation that will be acceptable to all stakeholders, including EU. Under the proposed interim model, (“Calzone Model” in view of its tiered structure) the collection, transfer and retention of full Thick WHOIS remains largely unchanged. However, minimal data would be available to the public, including an anonymized email address or web contact form. Access to the full set of data would be available through a yet-to-determined accreditation process, creating a layered/tiered model. The interim model is available as a document (aka “The Cookbook”) at https://www.icann.org/en/system/files/files/gdpr-compliance-interim-model-08mar18-en.pdf.
Controversy over reserved geographic names
The controversy over reserved geographic names, which came to the fore with the new gTLD application of .amazon from Amazon.com Inc, has been going on for some time. A part of the community was in favour of reserving this label on account of objections from several national Governments from Latin America, while the rest of the community was in favour of releasing it for use by the company.
In ICANN61, it would appear that the stalemate over the name is being defused, with a number of alternatives such as .amazonas, .amazonia or .amazonica which are being offered to the geographical communities as a compromise. While the ICANN community (led by Governmental Advisory Committee, GAC) has not adopted the final decision yet, initial reports indicate that talks are moving towards a decision.
Questions remain on KSK Rollover
Given that ICANN’s mandate is to maintain the security, stability and resiliency of the Internet in general, and for the DNS in particular, the security extensions for the DNS (DNSSEC) has been an important instrument for ICANN. Among the different keys used to implement DNSSEC, the top-of-the-hierarchy key is the DNSSEC Key Signing Key (KSK) which is used to sign all other trust anchors. The first (and only) KSK is KSK-2010, and ICANN had planned to migrate to a new key, KSK-2017, as a part of orderly succession in late 2017. However, ICANN postponed the KSK rollover citing readiness issues within the community that managers resolvers.
As of ICANN61, the new date for the rollover has not been confirmed, although Oct 2018 is likely. Some parts of the community want stronger confirmation from ICANN that when the rollover happens, the stability of the Internet (in terms of the operations of DNS and DNSSEC) is not compromised. While the technical likelihood of this is small, its consequences—both technological and political—can be significant. ICANN has announced that it is seeking further community inputs on the way ahead.
ICANN and its importance
ICANN is a California nonprofit public benefit corporation. It was set up in 1998 by the US Dept of Commerce to co-ordinate several critical aspects of the Internet, such as domain names, IP addresses, protocol parameters, and root servers. ICANN’s primary principles of operation have been described as helping preserve the operational stability of the Internet; to promote competition; to achieve broad representation of the global Internet community; and to develop policies appropriate to its mission through bottom-up, consensus-based processes. ICANN’s formal contract with the US Govt concluded on 1 Oct 2016, thereby transitioning these functions to the global multistakeholder community.
ICANN61 by the numbers: 1542 participants; 525 newcomers; 271 public sessions; 21,000 visits to the ICANN mobile application; 63 fellows and coaches; 20 NextGen and Ambassadors; 704 photos taken; and 89,000 views on Flickr.
Today, ICANN is governed as a multistakeholder entity, where the stakeholders, viz., Business, Civil Society, Governments and the Academic/Research community, are equally responsible for policy formulation through transparent and participatory mechanisms. In particular, it is not dominated by Governments, but Governments do form one of the stakeholder groups.
ICANN’s multistakeholder model works best when there is a dedicated community of volunteers who contribute to policy formulation and critique. It is important that young people are brought in into the volunteer pool, both for replacement of numbers as well as because there is an ever-increasing need for people to work in new and emerging policy areas. ICANN runs several programmes for inducting newcomers, especially young people, from across the globe. ICANN also values diversity: of gender, geography, culture, language, and disability, to name a few.
The Fellowship program, NextGen program and the Newcomer program have been designed to infuse fresh blood into the ICANN community. The Fellow & NextGen programs are based on an application and its evaluation, while the Newcomer program is open to anyone interested. Another specialized program is the Global Indigenous Ambassador program, which is directed at under-represented indigenous people from around the world. Together, these programs help to get the voices of the underserved communities to policy formulation process in ICANN besides nurturing young talent to join ICANN.
ICANN’s structure and meetings
ICANN’s meetings provide forums for intra- and inter-community interactions. While ICANN’s policy processes go on all the time (ie., intersessional work), the meetings provide a mechanism to consolidate and anchor discussions and to take decisions face-to-face.
The ICANN structure consists of Supporting Organizations (SOs) and Advisory Committees (ACs), together labelled as AC/SOs. The Supporting Organizations (GNSO, ccNSO, ASO) originate policy (respectively on generic domain names, country code domain names and IP addresses and related areas), whereas the supporting organizations (ALAC, GAC, SSAC, RSSAC) comment on the policy proposals of the SOs. Other important structural elements include the ICANN Board, Nominating Committee and ICANN.org (CEO and Staff).
In ICANN61—as in every other ICANN meeting—ACs and SOs had several days of internal (such as GNSO and ccNSO Councils, or ALAC) and cross-constituency meetings, in addition to meetings around specific topics (policy, operations-related, or administrative such as Budgets).
Internal business: ICANN’s financial crunch
On the operations side, ICANN’s CEO announced that ICANN’s revenues have ‘plateaued’ and that consequently, there was a need to consider expenditure controls. Initial proposals included cuts in different areas (such as Fellowship, ICANNWiki, Community Travel) and a freeze in some recruitment plans. ICANN61 was a forum where the community provided its feedback on the proposed budget cuts.
For the At-Large Community, which represents the voice of the end-users of the Internet within the ICANN structure, the major concerns at ICANN61 included GDPR, the At-Large Review (which is currently moving towards the implementation phase) and the At-Large Summit 3 (ATLAS 3) which is scheduled for FY19.
Fellows and NextGen
The Fellow and NextGen programs are two main feeder streams of that contribute to building ICANN’s community. At ICANN61 too, there was a lively group of Fellows (60) and NextGen candidates (15) and ICANN61 Ambassadors (5). The presence of this group of mostly young people made ICANN61 younger overall!
Puerto Rico is of course a well-known Caribbean tourist destination as well, and so it wasn’t surprising that the Gala Dinner of ICANN61 was held at the spectacular Bahia Urbana waterfront park. The gala dinner was a high point of ICANN61.
For the local and North American ICANN Community, an important development during ICANN61 was that the first North American School of Internet Governance (NASIG 2018) was convened at Puerto Rico during 7-9 March 2018, just prior to the ICANN meeting. NASIG2018 had about 29 participants from different parts of US, Canada and Puerto Rico and also several ICANN61 Fellows. The first NASIG was a resounding success and the next edition is scheduled for Montreal in Oct 2018.
The open meeting was attended by about 1542 participants drawn from ICANN community leaders, Internet Governance practitioners, Fellows and representatives of the multiple stakeholder groups that constitute the Multistakeholder Model, viz., Civil Society, Business, Government and Research & Academic communities.
ICANN, mandated with the governance and policy development associated with the “identifiers” Names, Numbers and Protocol Parameters used on the Internet (ie., allocation of resources such as Domain Names and IP Addresses as well as management of critical resources such as root servers, and policy development for all these).
Towards Panama City
After a very successful ICANN61, the ICANN community is looking forward to meeting at Panama City, Panama, in June 2018 for the 62nd meeting of ICANN.