The efficient functioning of the Internet, on which modern society has come to depend, relies on the efficient functioning of the domain name system. The abuse of that system is at the heart of the malware industry. That governance of that system, from ICANN downwards, is run by registrars for registrars. The registrars range from the reputable to the criminal. ICANN recently discovered that one of those at the heart of a web of malpractice was indeed a convicted criminal.
Others, including in the national registries, exhibit similar behaviour patterns but action is harder because they have not already been convicted for other crimes. Most registrars, are, of course reputable. But they are running on very tight margins and have neither the time nor inclination to help clean the stable. More-over the tradition of the Internet is of just-in-time retro-fixes: the race against catastophe while striving to maintain the myth of security and resilience and protecting the users from reality.
I have just come from meeting some of the engineers who run ICANN. They are most impressive. The Haight-Ashbury hippies of ’67 grew up and retired. But the price of self-governance is, as in other trades and industries, task forces and advisory boards clogged by those whose concern is efficiency in the interests of suppliers rather than of customers.
Meanwhile government regulation would add inefficiency to corruption, albeit the latter is more commonly intellectual than moral or financial.
The self-regulatory bodies of other “trades” preserve their status by adding effective independent directors and consumer panels. Those who run the domain name “trade” have yet to do so. The current abuses are unlikely to be checked until they do. Too many are doing too well from them. “Reform” would put two multi-billion dollar industries at risk: cybercrime (from malware authors, through botnet herders to spammers and extortionists) and cybersecurity (from the producers of e-sticking plasters and e-immodium to the armies of consultants and compliance officers).
To get a feel of the task read the “Final Report of the ALAC Review Working Group on ALAC improvements“, or rather read Appendix 3, the dissenting report. Then read the summary of key points in the report itself (page 5). Then try to read the full report. You will not undestand most of it – but you wil get the flavour. Then make your comments – well before the deadline if possible so as to help stimulate constructive debate rather than simply vent your spleen.
ALAC stands for “At Large Advisory Committee”. It took me a while to realise that this meant relations with everyone outside the extended “family” that actually runs the Domain Name system.
The “answer” appears to be deceptively simple but is there the “will” to bring it about?
All whose businesses would be a risk if their domain names were compromised should put a fraction of what they spend tackling the flood of malware or protecting their brands into helping reform the DNS. A key part of that “help” should be to give a technically and professionally competent member of their security team a modest allowance of time and expenses to network with their peers, via one of more of the many security “clubs” (professional bodies, trade associations and special interest groups). A key objective of that networking exercise should be to identify and support suitably skilled, informed and trusted candidates for the various DNS governance committees and working groups – both national (e.g. Nominet) and International (ICANN) and working groups.
And that process should begin by making the time to read the report of the ICANN “At Large Advisory Committee” and respond. This consultation and the meeting in Mexico to which it is leading is probably “make or break” for ICANN.
Replacing ICANN by an ITU committee, as opposed to rejuvenating it, would definitely be second best. But its role in the global critical infrastructure makes this inevitable – unless the users join the “family”.
P.S. I too was on Haight-Ashbury in the summer of ’67 – although no-one believes me until I tell the story of when the house in which I was staying caught fire. The fire-fighting exercise was, in retrospect, bizarre and foolhardy – but successful. The fire was out before the fire brigade arrived and created havoc. Somewhere there is a metaphor here for the way the ex-hippies ran the Internet for its first thirty years – keeping Government at bay
P.P.S. I have just been asked how you join ICANN and Nominet and get involved.
Click here for details of the ICANN “Business Constituency” – including how to join. It is remarkably cheap. The numbers look impressive until you realise that almost all are participating via groups like the ICC and WITSA. If your domain name is not worth more than that 1500 euro subscription for even a large organisation you should not be in business
Click here for details of membership of Nominet. Again remarkably cheap. If you have a .uk domain name to protect it is a no-brainer – little more than you pay for anti-virus and firewall on a single PC.
The bigger question is how to get involved. I suggest you join direct but then network with your peers (via your professional body or trade association and the relevent special interest group) and share the load with those you trust because their interests are similar to yours.
That is rather like the advice that I give to people when they ask how to get best value from their EURIM subscriptions. The challenge is rather similar: achieving results in areas that are important, where inaction could cost you very dear, but you have to ration your time.