Has ISOC sold .Org for 30 pieces of silver? - Update 15th November

Since I posted this there have been many entries on an impassioned ISOC discussion thread. So far I draw three main conclusions:

  1. Democratic accountability is alien to ISOC. It has long been structured as a top down organisation, living off the revenues from .org, , with multiple groups in which anything can be discussed, but no-one can organise a meaningful vote and absolute power resides with the trustees. I have therefore been wrong for over a decade in thinking it might ever evolve into a governance body.
  2.  The deal has not yet been consummated and the identity of the investors and their forward plans are still unknown.
  3. The way is open for the World Internet Conference and the ITU to establish a Government-led governance body unless and until the Western NGOs can enlist the support of the Internet Association for a credible alternative.

The Internet Society (ISOC) has sold the Public Interest Registry (which includes .Org) to a recently created Venture Capital firm in order to create an endowment fund. Ethos Capital was apparently created for the purpose of the acquisition with the domain name registered by an advisor to the World Internet Conference.  If so, this might be a means of helping ISOC to meet its charitable objectives in those areas where Internet usage is lowest, with Chinese co-operation. But that would raise more questions than it answers – not “just” whether the price of .org registrations will rise sharply. Over 20% of the world’s population is now on-line. They face a rising tide of abuse and crime which threatens to curtail confidence in the brave new world which the new Internet Association is trying to promote. Co-operation with the Chinese rather than the current trade war, might well be to the benefit of all of us. But at what price? to whom? Or is this “merely” a “clever” way of taking the PIR out of play.

Whatever the answers this raises the question of the current/future roles of ISOC and of the Public Interest Registry.

Domain names are at the heart of both cybersecurity and surveillance

I paid $20 dollars to join the Internet Society (not to be confused with the new Internet Association) in 1995. I had been told that it was the best hope for the Governance body that the Internet would need if the Atlanta Olympics (the test bed for the “commercial” use of internet protocols), was a success. It was – save for one highly embarrassing problem with data loss. It took two days to rework the interface between the local high speed information feeds and those used by most Western media to also cope with the slow speed feeds then used by much of the rest of the world – who had not prepared and blamed the organisers. Everything else worked. Most importantly fraud (on the unprotected booking systems) was negligible. Criminals had not discovered the opportunities.

The members of the Internet Engineering Task Force, led by IBM, EDS and CISCO then released a $2 billion war chest to “re-engineer the Internet”. It was told that they faced three main problems. Security, security and security.

They still do.

And the domain name system is at the heart of those problems. Just as it at the heart of the Internet.

Hence the critical role of the registries.

They are far more important the Governments and Regulators when it comes to creating a meaningful digital identity ecosystem.

The other point of leverage is the worlds international airports

Today the equivalent of the Atlanta Olympics is a major international airport – 24 by 7 all year round, no just a brief window every four years. All the world’s identity and authorisation systems (passengers, local contractors, security staff, airline staff, maintenance staff air freight in transit, aerospace components etc. etc.) come together … or not.

The result is de facto real-time identity arbitrage, in ways which also expose why Government will always fail to produce identity policies that are of any value to most of us. They find it hard enough (and in the case of the UK impossible) to agree policies of use to their Armed Force, Education, Health, Justice, Law Enforcement,Tax and Welfare operations.

The sale appears to open up great opportunities … but for who?

The transition to IPV6 supposedly offered an opportunity to remove many vulnerabilities in the way the domain name system is used, perhaps tying addresses to items of hardware and wetware (human biometrics and DNA).

But if the registries, including those trusted internationally, are themselves in play, to be bought and sold, this opportunity evaporates. Government will feel the need to intervene.

If so, has the time come to merge the Internet Governance Forum and the World Internet Conference and for both to work with and through the ITU. Or are abuse,confusion, fragmentation, fraud, incoherence and impersonation a price worth paying to preserve dissidents from being hunted down by oppressive regimes?

For those concerned with Internet Governance and the protection of users, whether from dominant players, government agencies or organised (or disorganised) criminals, these questions seem to be a rather more important topic than Brexit (what that will mean in practice!).

Or am I massively over-reacting

I would love to be told that I am over-reacting and that ICANN and/or the IETF members have already thought through the consequences. Or it is correct that they have only just learned of the sale?  I look out of the window and have yet to see the pigs flying past so I suspect the lawyers have only just started to read their way in

Data Center
Data Management