CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

Who should govern the Net?

On the hot seat, ICANN Chairman Vint Cerf fires back against critics who say his organization impedes innovation on the Internet.

Who should run the Internet?

It's no longer merely an academic question. Since 1998, responsibility for overseeing domain names and addresses has rested with the Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit group based in Marina Del Ray, Calif.

ICANN has enjoyed notable successes in the last six years. It has created a way to resolve domain name disputes, formalized some ad hoc arrangements the U.S. government created and approved a handful of top-level domains like .aero and .museum. In between, ICANN has weathered outbreaks of congressional enmity and, occasionally, outright hostility from foreign governments.

But now, the governance structure of the Internet may have reached an inflection point. ICANN is being assailed domestically by VeriSign, which filed a federal lawsuit last month, complaining that it has been repeatedly thwarted in trying to make money off its government-granted right to run the master .com and .net database. Internationally, ICANN is fending off a power grab from the United Nations, which has wanted more involvement with the Internet, ever since one of its agencies in 1999 proposed a tax of 1 cent per every 100 e-mail messages.

In charge of ICANN during this tumultuous period is Chairman Vint Cerf, who is better known as one of the fathers of the Internet and co-designer of the Internet's workhorse, Transmission Control Protocol/Internet Protocol. CNET News.com spoke with Cerf about future top-level domains, the United Nations and the future of ICANN.

Q: VeriSign CEO Stratton Sclavos recently told CNET that ICANN is standing in the way of innovation. Any response?
A: I am actually a little surprised to hear that. Let me give you an example. Not too long ago, the Internet Engineering Task Force (IETF) began working on an idea that now goes by the term ENUM. That represented a very significant addition to the functionality of the domain name system (DNS), because it introduced this concept of the naming authority pointer, which is a very general idea.

It is a new record type that has to be implemented, but it does not have any impact on any pre-existing services. So there is an example of a very substantial increase in functionality and a very innovative way of using the DNS on which ICANN worked very closely with others, including the International Telecommunication Union and the Internet Architecture Board, to get the mechanisms in place for doing ENUM.

VeriSign says it's still waiting for a report from ICANN on technical problems Site Finder caused. Should we expect one?
You should expect one. My understanding is that the committee is looking for some additional clerical help in finishing its report. So we are trying to deal with that.

Some observers view the lawsuit between VeriSign and ICANN as an example of a broader cultural clash between the original architects of the Internet and for-profit businesses. Where do you think the truth lies?

I was a very strong proponent of that kind of commercialization as far back as 1988.
To be honest with you, it looks to me like side effects associated with the commercialization of different parts of the Internet. I was a very strong proponent of that kind of commercialization as far back as 1988, primarily on the grounds that if we did not build a commercial model that generated enough revenue to make the network self-supporting--that in the long term, the government would not be in a position to support it forever.

The side effect, though, and the place from where the clash may be coming, is that the Internet's architecture has a character to it that determines what you can and cannot easily do to it. You can add a great deal of functionality at the edges of the Net. It is a layered architecture, and at the higher levels, it is fairly straightforward to add a new function without interfering with the operation of lower-level systems, but if you are trying to make changes to the core of the system or core elements of the system, it is much harder.

Can you give an example?
Look at how difficult it has been to go from IPv4 to IPv6. That is a very central component of the Internet's design, and adding IPv6 is a big challenge and it has been a slow process. We are starting to see some motion, especially in Asia and in Europe--perhaps more so than in North America. The closer to the core you go, the harder it is to make changes.

So the innovation that we have seen in the Net over the last couple decades has largely come at higher levels of protocol at the edges of the Net. The Web was not part of the original Internet design, and it did not have to be, because it is layered on top of it. A lot of the applications that sit on top of the Web--streaming audio and video, even some VoIP functionality or instant messaging--are all things that get added at high levels of protocol architecture, and that is a lot easier. So, if there is a clash here, I do not think that it is a culture clash. I think it is almost physics: The system has an architecture capable of being stretched in certain dimensions and difficult to stretch in others.

With the benefit of hindsight, did ICANN approve enough new top-level domains, when you such as .aero, .biz and so on?
When I think about all the problems that arose at least for some of those new TLDs (top-level domains), it is not clear that having a larger number of them would necessarily have been helpful. We are still seeing some side effects of introducing those new TLDs. For example, there was a discussion during the Rome meeting about continuing difficulties with some software that's having trouble recognizing domain names that were longer than three characters, because many software developers made the assumption that somehow, all top-level domains were either two or three characters. We're still uncovering places where .aero, for example, does not work.

We have already seen much more sophisticated searching mechanisms.
At some point, we begin to wonder whether having 10,000 top-level domains is actually a helpful tool. Some people think of TLDs as a kind of index into the Internet--but it is a terribly crude index, if it is that at all. We have already seen much more sophisticated searching mechanisms. The search tools of Google and others are probably more refined in their ability to discover any particular Web site or domain name than using the top-level domains as a kind of thesaurus. I am not arguing, by the way, that this means that we should never create any new top-level domains. I am only saying that is another consideration.

In the next round of considering top-level domains, how many do you think that ICANN will approve? Does it depend entirely on the type of submissions you receive?
There is no specific number that has been set for acceptance. So, this is different from the proof of concept that took place before. In this case, we are trying to put a more regular procedure in place with a more clear process of evaluation, but my understanding is that we have not put any limits on the number of applications, and that as applications are qualified, that they would presumably be approved.

When is the earliest that forthcoming top-level domains would actually become active?
The current timeline for this process starts generating results in July or August. I think it depends on how well put together the proposals were. If a proposal is very, very clear and all of the other criteria clearly match, it might well be possible that the evaluation for such a proposal would take less time. That does not speak to how long it takes for the party that made the proposal to actually turn the service on. That (involves) other questions, like how long it takes to negotiate the contract that would go along with having met the qualifications.

Now that ICANN has approved the Wait-Listing Service (WLS) what happens next?
The Wait-Listing Service itself was accepted by the board (a while ago). We authorized the staff to proceed and then there were discussions. My understanding was that a proposal was made for implementation, for what the terms and conditions would look like. There were five areas of concern, and so guidance was given to the staff to discuss with VeriSign how to meet those five new terms and conditions. We were satisfied (at the Rome meeting this month) that ICANN and VeriSign had come to a satisfactory resolution of the terms and conditions, and the board voted to authorize WLS. At this point, the next step is to send this to the Department of Commerce for its review.

Do you have any guidance from the department about how they are likely to view it?
I have not had any specific discussions with the Commerce Department folks, so I do not know how they are viewing this. I do not know that there is any obvious reason for them to reject it.

Regarding Whois data, do you think there is a reasonable argument that it implicates European data protection laws?

It is pretty clear that in some, perhaps even many jurisdictions, concern over personal privacy is very visible and understandable.
It is pretty clear that in some, perhaps even many jurisdictions, concern over personal privacy is very visible and understandable. At the same time, you can imagine circumstances where having knowledge of who the registrant is might be very important. It might be for law enforcement reasons; it might be for reasons of wanting to let that party know that there is a problem with either their domain name or with the way it is resolving or not resolving, and there may even be reasons to want to contact the party because there is a dispute.

So there are a number of reasons why someone might need to know information about a registrant in order to contact that person. So that leaves you with this conundrum: Under what circumstances should the information be available and under what circumstances should it be protected. I know that modern databases have the ability to mark information for differential access, but the other side of the coin is figuring out how do I authenticate a party and then figure out what authorizations they have. Does that make sense?

It does. And it's not just the Europeans. Every country might have a different set of rules.
What that translates into is that for the parties that maintain this information, there might be some tension between what the ICANN community wishes it to do and what the local jurisdiction allows it to do. But I do not think that is very different from a lot of other business circumstances, where companies find themselves having to adapt their business rules to conform to local requirements. It is a little bit like accounting rules. Some will vary from one jurisdiction to another, and you just have to face that.

ICANN's budget is growing every year, with a staff of around 30 and a budget growing to $10 million. At the same time, you're coming under attack for going beyond ICANN's mandate of consensus-building and coordination. Is there some sort of disconnect?
It would probably be useful for you to compare ICANN's size and workload with some similar kinds of organizations like Ripe NCC or some of the other players in the Internet environment. This (size) is not unusual.

The other thing that I believe is missing from that formulation is that while the mechanics may be fairly straightforward, figuring out whether that particular entry in a database should be made is not so simple. We get into policy questions. The most knotty are things like re-delegation of a top-level domain. It is amazing how complex that can get and the staff has started to document some of the historical complexities associated with re-delegations.

Just to give some sense of how difficult and tricky it can be, .ng, Nigeria for example was one of the more complicated ones. The president of the country ultimately had to step in to try to resolve disagreements within his own government as to which part of the government should be responsible for the top-level domain. And there were a lot of other complexities in between.

Is that a one-time episode? Once ICANN resolves the .ng problem, you can leave it alone?
No, it is not. A re-delegation could happen to the same top-level domain more than once. So, in other words, the fact that you have gone through every delegation one time does not mean you will never have to go through it again. We have had situations where an organization was delegated the responsibility for a TLD and then that organization went out of business, and then the question is, "What do we do now?" And it takes time for new parties to make themselves known and qualified to serve in that role.

In the VeriSign lawsuit, GoDaddy offered you $100,000. Will you take it?
That has not come to me as a policy question, so you might want to ask the staff.

Did the VeriSign lawsuit have anything to do with the board voting on the Wait-Listing Service a few days ago?
No, that had absolutely nothing to do with it. The Wait-Listing Service has been in play for almost two years and so that particular action was part of the next step in the process.

The lawsuit was filed Thursday, and the meeting began on Sunday. Was it timed to get your attention?
I will let you draw that conclusion. I would point out that we spent our week doing what we thought was our work. I did not find the lawsuit to be a particular distraction, except for the fact that we felt somewhat constrained as to what we could or could not say in the course of our meetings.

The United Nations' International Telecommunication Union seems increasingly interested in this area. Do you view them as a rival, or a collaborator?
This is a reflection of how governments are beginning to awaken to the importance of the Internet to their economic interests. Since ICANN is the only visible body that has clear policy responsibility for part of the Internet, a lot of attention has been focused on ICANN. I hope that the UN task force that Kofi Annan, the secretary general, just set up will look at this question of Internet governance and recognize that it is an extremely broad topic that covers a considerable amount of territory well beyond what ICANN is responsible for.

Certainly in my role as chairman, I have absolutely no desire to expand any further ICANN's responsibilities beyond its current mandate, but I do think that there are a lot of issues associated with the use of Internet that are of public interest and are the proper province of government.

Are there any areas that ICANN should withdraw from and cede to a UN agency?
Not that I can see right now, as long as we stay well within the ambit of our responsibilities.