Feel free to redistribute this column, but please retain author attribution if you do so. If you are not on the mailing list to receive this column and would like to be, send a message "Subscribe" to me at Postd@erols.com
Some time ago (See "Who Has Dominion Over Domain Names?," September, 1997) I suggested that the Internet was fast approaching a critical moment for its governance scheme -- Cyberspace's first "constitutional moment," to use Bruce Ackerman's phrase. The domain name system (DNS) -- the system whereby individual computers obtain the unique identifiers (microsoft.com, temple.edu, DOJ.gov, and the like) that enable them to enter cyberspace, to send and receive communications from other machines on the global network -- was in crisis. It was, and is; as I write this, attempts to restructure this system and thus to redefine the processes under which these passports into the global network are issued are well underway, and the results are, unfortunately, disturbing.
A brief review of the problem is in order. If, say, an email that I
send to some address at "ibm.com," or the request that I send to access
the home page at "www.xyz.com," are to reach their intended destinations,
my Internet Service Provider must find the numbers -- known as the Internet
Protocol (IP) addresses -- corresponding to each of those "domain names."
There is, in fact, a series of databases that match all assigned domain
names to IP addresses; this giant electronic directory is stored on a number
of different machines scattered about the globe known as "rootservers."
My ISP, then, merely needs to periodically check (and download) the contents
of these directories from the appropriate rootservers in order to place
the correct (numerical) address on the messages that I am directing out
over the Internet.
It seems reasonable to suggest that if we are to have a single globally interconnected network, there must, ultimately, be a single source responsible for insuring the integrity of the data contained in these rootservers; in fact, I might quarrel with that assumption, but I will leave that for another day. If there is to be one source for this information, control over this rootserver database is, in a very real sense, a matter of (electronic) life and death, a kind of ultimate control over the Internet itself. If the entry for ibm.com is eliminated from the rootserver databases, ibm.com vanishes from cyberspace. If the person or entity controlling the rootservers determines that a $1,000 fee (or a certificate of good standing from the California Secretary of State, or a pledge to abide by the laws of Uzbekistan, or a promise not to transmit encrypted messages, or ...) is required to register a name-number combination and place it in these publicly-accessible databases, those who cannot or will not pay the fee, obtain the certificate, or make the required promises, are effectively banished from the global system.
Who wields this power, and what keeps them from exercising it arbitrarily
and oppressively -- are questions of the deepest importance for the continued
development of a vibrant Internet. In the beginning -- before the Internet
became a Big Deal -- responsibility for operating this system and maintaining
these databases fell to the Internet Assigned Number Authority (IANA),
an imposing-sounding entity that, in reality, consisted of a small number
of dedicated volunteers in southern California. As the Internet began its
explosive growth, this system became unworkable; beginning in 1993, responsibility
for maintaining the databases for the increasingly popular "generic top-level"
domains -- *.com, *.net, *.org and the like -- was handed over, under a
cooperative agreement funded by the National Science Foundation, to a private
firm, Network Solutions, Inc. (NSI).
The government's contract with NSI, however, was due to expire in February
of this year; after extending that contract through September, the government
released, in June of this year, its long-awaited "Statement of Policy:
Management of Internet Names and Addresses" -- the so-called "DNS White
Paper" -- detailing its plans for the continuing operation of the DNS.
The White Paper solicited proposals for a new, not-for-profit corporation
formed by the "Internet stakeholders" themselves to which the government
would transfer responsibility for administration of the DNS.
This is an exercise in a kind of constitution-making, the creation of
a global governing entity with ultimate authority over this most extraordinary
(and most valuable) global resource. But judged by constitutional standards,
the plan that the government appears prepared to implement -- based upon
a proposal submitted by IANA -- is deeply flawed.
The IANA proposal calls for the formation of a California non-profit corporation -- ICANN, the Internet Corporation for Assigned Names and Numbers. The goals and functions of the new corporation are lofty; it will operate "in an open and transparent manner and consistent with procedures designed to ensure fairness," policies regarding the domain name space will only be adopted after "providing a reasonable opportunity for [affected] parties to comment" on those policies, the corporation will not act "in competition with entities affected by the policies of the corporation," nor apply its policies "inequitably" nor subject any party for "disparate treatment unless justified by substantial and reasonable cause" or "apply any standard or policy in a manner that it knows will disproportionately and unjustifiably destroy a substantial property or contractual right of a particular party," and the like.
But if we know anything at all about constitutions, it is that the best
substantive protections -- are of little avail without adequate procedures
to determine the scope of those protections and to enforce them against
those who would violate them. As James Madison pointed out (in Federalist
48), "mere demarcation on parchment of the constitutional limits of the
several departments [of government] is not a sufficient guard against those
encroachments which lead to a tyrannical concentration of all the powers
of government in the same hands." Or, as a professor of mine once pointed
out (less eloquently, perhaps, than Madison but no less correctly), the
Soviet Union's constitutional protections for the freedom and well-being
of its subjects were far-reaching, but they were largely meaningless precisely
because the power to determine the meaning of those protections was placed
in the hands of those most likely to be violating them.
Here the IANA draft is deeply troublesome. The new corporation's charter
and by-laws provide, unsurprisingly, that it is to be controlled by its
Board of Directors. No problem there -- except that the Board is left effectively
unchecked in the exercise of its powers. "No man shall be judge in his
own cause" -- another venerable constitutional principle, but the ICANN
Board itself will determine the procedures for nominating and electing
its members, the nature of the organizations that will have input into
that process, the circumstances under which Board members may be removed
from office (and, ultimately, the content of the charter and by-laws).
To be fair, the drafters of the NSI-IANA plan devoted a great deal of
effort to constructing provisions to insure broad representation on the
Board (although these, too, are subject to Board alteration). The corporation's
by-laws specify, for example, that the Board must have diverse geographic
representation (with no more than ½ of its members from any single
"geographic region"), and that specified numbers of directors must come
from particular organizations representative of different interests (regional
Internet domain name registries, Internet technical consortia, etc.).
But American constitutional theory, at least, provides strong grounds
for believing that representational principles are never sufficient
for the purpose of just governance. The US Constitution itself was
a response to the perceived failures of even the most representative of
the post-Revolutionary State governments. Power does corrupt, and the power
of even representative legislative assemblies must be held in check by
some means other than the electoral check on representatives. Only by dividing
and dispersing governing power among distinct institutions with distinct
spheres of operation, and then "giving to those who administer each department
the necessary constitutional means and personal motives to resist encroachments
of the others" can "a gradual concentration of the several powers in the
same department" [Madison again] be avoided. "Ambition must be made to
check ambition." Without mechanisms whereby others possessing the will
to check the Board's powers are authorized and granted the requisite means
to do so, the ICANN Board, no matter how "representative" it may be, will
succumb to the inevitable and inherent pressure to act not in the interests
of the Internet as a whole but in its own self-interest (or in the interest
of whomever ends up pulling its strings or paying its bills).
These mechanisms -- equivalent to our own set of constitutional checks
and balances -- can be provided in many different ways; something like
a truly independent judiciary would be a good start. The Internet may be
fertile ground for experimentation with other forms of checks and balances
derived from other constitutional traditions or newly constructed to fit
the unique conditions of the global network. Failing to take any steps
in this direction -- as the IANA draft has failed to do -- is the one truly
You may think, perhaps, that I overstate the case; expecting this simple California non-profit corporation to uphold Madisonian constitutional standards is surely a bit overheated. But this is no ordinary corporation. It is the gatekeeper for cyberspace itself with the power to define the contours of cyberspatial existence world wide; it is not, I think, too much to ask that we impose the strictest possible safeguards on it to guarantee, as best we can, that it exercise its rather extraordinary powers justly and equitably.