Right in the middle of my New York Times today (yes, I still read it, and on paper) are two full-page color ads for Nokia’s N95, with the taglines “Comes with unlimited potential. We believe the smartest devices should keep getting smarter. That’s why we’ve left the Nokia Nseries open to enhancement, experimentation, and evolution. Open to anything.” url nseries.com/open (warning, flash-heavy)

I love it. Just the stance toward user innovation I’d like to see more companies adopt. They’ve borrowed a few pages right out of von Hippel’s Democratizing Innovation, mashed up with Benkler’s Wealth of Networks and Zittrain’s Generativity.

This contrasts, of course, with the advertised nature of the iPhone, locked to Apple’s apps and carrier. But we’ve also seen that within weeks of the iPhone’s launch, hackers have opened it, unlocked it, and built scores of apps.

So I wonder, how does the level of independent development on the N95, and Symbian, which powers it, compare with that on the iPhone? The N95 retails for $749 in the U.S., limiting the community likely to embrace it. Apple’s price drop brought the iPhone to $400; would it have engendered the same creativity if left at $600? Does Apple’s “cool” factor do more to bring in the hackers than Nokia’s; are touch gestures more of a draw than built-in GPS?

Or am I just seeing one side of the U.S.- Europe cellphone divide, and do Symbian developers prevail abroad where they’ve had more access to unlocked phones and fewer lock-subsidies to compete with?

After blogging about ICANN’s new gTLD policy or lack thereof, I’ve had several people ask me why I care so much about ICANN and new top-level domains. Domain names barely matter in a world of search and hyperlinks, I’m told, and new domains would amount to little more than a cash transfer to new registries from those trying to protect their names and brands. While I agree that type-in site-location is less and less relevant, and we haven’t yet seen much end-user focused innovation in the use of domain names, I’m not ready to throw in the towel. I think ICANN is still in a position to do affirmative harm to Internet innovation.

You see, I don’t concede that we know all the things the Internet will be used for, or all the things that could be done on top of and through its domain name system. I certainly don’t claim that I do, and I don’t believe that the intelligence gathered in ICANN would make that claim either.

Yet that’s what it’s doing by bureaucratizing the addition of new domain names: Asserting that no further experiments are possible; that the “show me the code” mode that built the Internet can no longer build enhancements to it. ICANN is unnecessarily ossifying the Internet’s DNS at version 1.0, setting in stone a cumbersome model of registries and registrars, a pay-per-database-listing, semantic attachments to character strings, and limited competition for the lot. This structure is fixed in place by the GNSO constituency listing: Those who have interests in the existing setup are unlikely to welcome a new set of competitors bearing disruptions to their established business models. The “PDP” in the headline, ICANN’s over-complex “Policy Development Process” (not the early DEC computer), gives too easy a holdout veto.

Meanwhile, we lose the chance to see what else could be done: whether it’s making domain names so abundant that every blogger could have a meaningful set on a business card and every school child one for each different face of youthful experimentation, using the DNS hierarchy to store simple data or different kinds of pointers, spawning new services with new naming conventions, or something else entirely.

I don’t know if any of these individually will “add value.” Historically, however, we leave that question to the market where there’s someone willing to give it a shot. Amazingly, after years of delay, there are still plenty of people waiting in ICANN queues to give new gTLDs a try. The collective value in letting them experiment and new services develop is indisputably greater than that constrained by the top-down imaginings of the few on the ICANN board and councils, as by their inability to pronounce .iii.

“How do you get an answer from the web?” the joke goes: “Put your guess into Wikipedia, then wait for the edits.” While Wikipedians might prefer you at least source your guess, the joke isn’t far from the mark. The lesson of Web 2.0 has been one of user-driven innovation, of launching services in beta and improving them by public experimentation. When your users know more than you or the regulators, the best you can do is often to give them a platform and support their efforts. Plan for the first try to break, and be ready to learn from the experience.

To trust the market, ICANN must be willing to let new TLDs fail. Instead of insisting that every new business have a 100-year plan, we should prepare the businesses and their stakeholders for contingency. Ensuring the “stable and secure operation of the Internet’s unique identifier systems” should mean developing predictable responses to failure, not demanding impracticable guarantees of perpetual success. Escrow, clear consumer information, streamlined processes, and flexible responses to the expected unanticipated, can all protect the end-users better than the dubious foresight of ICANN’s central regulators. These same regulators, bear in mind, didn’t foresee that a five-day add-grace period would swell the ranks of domains with “tasters” gaming the loophole with ad-based parking pages.

At ten years old, we don’t think of our mistakes as precedent, but as experience. Kids learn by doing; the ten-year-old ICANN needs to do the same. Instead of believing it can stabilize the Internet against change, ICANN needs to streamline for unpredictability. Expect the unexpected and be able to act quickly in response. Prepare to get some things wrong, at first, and so be ready to acknowledge mistakes and change course.

I anticipate the counter-argument here that I’m focused on the wrong level, that stasis in the core DNS enhances innovative development on top, but I don’t think I’m suggesting anything that would destabilize established resources. Verisign is contractually bound to keep .com open for registrations and resolving as it has in the past, even if .foo comes along with a different model. But until Verisign has real competition for .com, stability on its terms thwarts rather than fosters development. I think we can still accommodate change on both levels.

The Internet is too young to be turned into a utility, settled against further innovation. Even for mature layers, ICANN doesn’t have the regulatory competence to protect the end-user in the absence of market competition, while preventing change locks out potential competitive models. Instead, we should focus on protecting principles such as interoperability that have already proved their worth, to enhance user-focused innovation at all levels. A thin ICANN should merely coordinate, not regulate.

ICANN’s travelling circus meets in San Juan, Puerto Rico this week. One of the main subjects of discussion has been the introduction of new generic Top-Level Domains (gTLDs), after a GNSO Report proposed 19 “Recommendations” for criteria these new domain strings should meet — including morality tests and “infringement” oppositions.

I spoke at a workshop on free expression. (another report) It’s important to keep ICANN from being a censor, or from straying beyond its narrow technical mandate. The thick process described in the GNSO report would be expensive, open to “hecklers’ vetos,” and deeply political.

Instead, I recommended that, along the lines of David Isenberg’s Stupid Network, ICANN should aim for a “stupid core”: approve strings after a minimal test for direct or visual collision. Just as we couldn’t predict what applications or content would be successful on the Internet, but benefit from the ease with which innovators can experiment with a wide range, we’ll benefit if entrepreneurs can experiment with new TLDs without a lot of central pre-screening. Rather than supporting a race to the bottom to adopt restrictions on the lines of the most restrictive government views of permissible expression (no human rights, sexuality, or “hate”), we must leave it to the governments to apply those restrictions at the edges too, in their own jurisdictions if they insist, but not at the center on all.

Of course I do not support government censorship even at the local level, but between local control, which can itself be a source of experimentation, and central control, which becomes ossified and restrictive at the lowest level, I think local law poses less threat to global free expression. If you agree that ICANN should keep moral judgments out of the DNS root, sign the petition to Keep the Core Neutral.

ICANN seems to be out to re-prove Hirschman’s theories of exit, voice, and loyalty by driving all of its good people to exit rather than giving them meaningful voices. Thomas Roessler, a long-time advocate of individual users’ interests on the interim ALAC now suggests it’s Time to Reconsider the structure of ICANN’s At-Large, as he feels compelled to promise himself not to get involved with ICANN again.

Roessler and Patrick Vande Walle both express their frustration at interference and infighting in the formation of the European Regional At-Large Organization. Here’s Roessler:

To this day, I still occasionally dangle my feet into these waters, though I’ve again and again promised myself not to do it again.

To say I’m disappointed by what I’ve seen recently would be an understatement: While I’m happy there is a number of people who, presumably, really want to move things, I’m appalled to see how discussions among both European and North American participants take on an increasingly divisive tone. There isn’t much to be seen of a common goal to advocate users’ interest in ICANN — rather, a lot of fighting for table scraps (when there’s more than enough work for anybody who wants to gamble some of their time on ICANN and its at-large activities!). ALAC’s ICANN staff support seems most interested in staging pretty signing ceremonies and press events, one per ICANN General Meeting.

The result? Artificial and rushed time lines, premature consensus calls, and a lot of bad blood and mistrust among participants who really ought to be working together (and have been able to talk reasonably to each other before they got into fights around ICANN). Also, the ability for ICANN to pretend that there’s real end user participation and representation, when there are really very few ways (if any) for ALAC to make a real difference in policy decisions — even though the committee has some limited power to help shape ICANN’s policy agenda.

And Vande Walle, concerned that a push for “diversity” became a stereotyped exclusion of experienced participants:

All this for the sole purpose of pushing on the side those who invested a lot of time over the years into ICANN and ALAC processes. If this is an added value to ICANN and ALAC, I do not know. Frankly, I am skeptic. Time will tell.

From now on, I will watch from the outside. So long, guys.

Hirschman notes that exit and voice are alternative means of expressing dissatisfaction with organizations in decline. The smart organization listens and reverses course, the stupid one just declines further.

ICANN needs these people. They have good ideas about how to respond to the public interest in domain name management. But, controlled by commercial interests who’d rather raise prices on their domain-name monopolies or shield trademarks against potential dilution, ICANN doesn’t have the inclination to listen to the individuals who make up the public. It keeps sending us back to play in sandboxes building complex structures upon structures, all to shield the organization from having to hear our voices.

So, as the opportunity costs of attempting to deal with ICANN grow too great, good people exit. ICANN asks for bottom-up development, but when there’s no way for the bottom to connect with the top, we get frustrated down here and find better things to do with our time.

To students of political economy, at least, the exodus from At-Large should send a louder message than any public comments or advisory committee efforts ever do.

ICANN’s thrice-annual junket is concluding in Lisbon. I haven’t been there, so I’ve been reading between the lines of the flurry of self-congratulatory press releases and announcements.

We learn, for example, that “Thousands of Voices Get Direct Say At ICANN,” in a release that never discloses that no one’s listening to this “say.” Three new Regional At-Large Organizations have been formed, but not one of them allows individuals to participate directly, and not one of them has a voting representative on the ICANN Board or GNSO Council. We’ll see if there’s any room to address these questions in the ALAC review.

We learn also that the Board has, for a third time, rejected the .xxx TLD application from ICM registry. Will it stick this time? Will ICM litigate? Susan Crawford’s vigorous dissent skewers ICANN’s process and the legitimacy of its conclusions:

I must dissent from this resolution, which is not only weak but unprincipled. I’m troubled by the path the board has followed on this issue since I joined the board in December of 2005. I’d like to make two points.
First, ICANN only creates problems for itself when it acts in an ad hoc fashion in response to political pressures. Second, ICANN should take itself seriously, as a private governanced institution with a limited mandate and should resist efforts by governments to veto what it does.

…
As a board, we cannot speak as elected representatives of the global Internet community because we have not allowed elections for board members. This application does not present any difficult technical questions, and even if it did, we do not, as a group, claim to have special technical expertise.

I’ve never thought .xxx was a good idea, but I’ve thought even more strongly that ICANN shouldn’t be in the business of judging “good ideas” or making content-based judgments about new gTLDs. ICM jumped through the procedural hoops ICANN set, would not cause technical problems in the root, and so should be entitled to its domain.

Together, these developments show what a monster ICANN’s web of contracts has created: a private regulator of public conduct with no public oversight. Watch out for the California public benefit corporation law, though…

Earlier in the Registerfly controversy, ICANN Vice President Paul Levins posted to the ICANN Blog,

ICANN is not a regulator. We rely mainly on contract law. We do not condone in any way whatsoever RegisterFly’s business practice and behaviour.

This is disingenuous. ICANN is the central link in a web of contracts that regulate the business of domain name allocation. ICANN has committed, as a public benefit corporation, to enforcing those contracts in the public interest. Domain name registrants, among others, rely on those contracts to establish a secure, stable environment for domain name registration and through that for online content location.

A user registers a domain name by contracting with a registrar, such as Registerfly. The terms of that agreement are constrained by ICANN’s accreditation contract with the registrar.
French registrar Gandi explains this web with helpful diagrams in its registration agreement:

Gandi is a Registrar, accredited by both the Trustee Authority [ICANN] and registry of each TLD to assign and manage domain names according to their specific TLD. We must abide by the terms and conditions of Our accreditation contract. As a consequence, We must pass some of Our obligations on to Our customers.

…

As such, We commit Ourselves to providing you with the best possible service. This being said, due to Our contractual obligations with the Trustee Authorities and Registries, and which You must also abide by, Our services are limited in some of their technical, legal, regulatory and contractual aspects.

Now the ICANN contracts can both limit and help the end-user registrant. On the limit side, they restrict the registrant’s ability to maintain anonymity or privacy by requiring the registrar to provide accurate identifying information to the WHOIS database, a duty the registrar fulfills by compelling provision of accurate information in its own contract with the registrant. This requirement benefits trademark holders, who have recently turned out to prophesy doom if data display is limited.

On the benefit side, the RAA-imposed duty of data escrow, requiring the registrar to maintain an escrowed copy of its registration database, provides evidence of a registrant’s domain name holdings in the event of registrar failure. Registrants seeing this provision could believe that their domain names would be secure even if the registrar who had recorded them defaulted.

So they might have believed, but apparently ICANN has never enforced this provision of its contracts. Moreover, ICANN denies that the public is a third-party beneficiary entitled to demand enforcement.

The Registerfly debacle shows why this view is wrong as a matter of law and policy. ICANN was told more than a year ago of customer service problems at Registerfly, but did nothing to respond to those complaints, including escrowing data, leaving the company’s 200,000 registrants at risk of losing domain names or the ability to update them when Registerfly’s business troubles escalated early this year.

ICANN should recognize that the reason for its registrar contracts is precisely to benefit third parties: domain name registrants and those who rely on the domain name system. ICANN is not (or shouldn’t be) accrediting registrars merely to have a larger pool of organizations paying fealty to it. Rather, it is imposing terms and conditions on registrars and, with an “ICANN accredited” seal, inviting the public to rely on those terms for a secure domain name registration.

In cases where ICANN fails to recognize a registrar’s problems, concerned members of the public should be entitled to take action themselves. As well as enforcing public-benefit obligations on its own, ICANN should facilitate individual action by removing the “no third-party beneficiary” language from its contracts.

The draft report makes welcome progress, but still puts lots of hurdles in the way of new top-level domains.

Since the individual Internet user (as putatively represented by the At-Large Advisory Committee) is not in a GNSO constituency, I’ve been getting up to ask lots of questions. As a general matter, I think ICANN should stay as far from the semantics of domain name strings as possible. Once ICANN sets itself up as arbiter of strings’ “public policy” or “morality,” it seems to me it’s just inviting hold-up to the application process.

Remote Participation: Kieren McCarthy has set up an ICANN aggregate webspace at http://sp.icann.org/; there’s IRC chat at irc.freenode.net#icann ; and webcasts are linked (schedule); ICANN page.

Next up, WHOIS.

Google News now shows more than 300 stories about Spamhaus, most about a proposed court order following a district court default judgment.

To me, the most interesting is the meta-story — why the non-event of a proposed order has the blogs scrambling with claims of constitutional crisis and even the notoriously close-lipped ICANN issuing an announcement “in response to community interest expressed on this topic.”

We’re seeing a clash of cultures between tech and law. The tech world, afraid the law will jump to erroneous conclusions and cripple an anti-spam mechanism, is in turn making some quick but wrong assumptions about the legal process. Happily, there’s enough play in both tech and legal systems to correct for both these errors.

On the legal side, we have a process that has so far aired only one side — because the other is challenging the court’s jurisdiction even to hear the case. Spamhaus, based in the U.K., runs widely-used SPAM blacklists. Marketer e360 Insight sued Spamhaus in an Illinois court to be removed from one of these lists, claiming that its legitimate mail was being blocked (in Illinois) due to Spamhaus’s actions. Spamhaus did not defend the suit, asserting that the U.S. courts lacked jurisdiction.

As often happens in such cases of default judgment, the court took at face value the arguments from the party who appeared and asked for a proposed order. The plaintiff then overreached (as is also common), and proposed that ICANN be ordered to deactivate the Spamhaus.org domain name. The court has not yet acted on plaintiff’s proposed order.

Even if the court were to adopt this order, it would be open to challenge from many angles: ICANN is not a party to the lawsuit who can be bound by an injunction; ICANN has no contractual power to order a domain de-activated; Spamhaus challenges the court’s jurisdiction. In short, as some commentators have recognized,
e360’s broad request is far from an enforceable order shuttering Spamhaus.org.

On the tech side, while loss of a domain name would be painful, as a domain may be the key point of contact for an Internet-based organization, it would not actually stop a newly-relocated spamhaus-is-now-here.info from putting e360 on the very same lists.

It’s clear we have a ways to go in reaching cross-cultural understanding. But I’m also thinking of how we can harness similar tech community outrage against other ICANN actions that have real impact, such as the sluggish process of approving new top-level domains and the shrinking of privacy options for domain name registrants.

ICANN’s selection committee is meeting in Frankfurt Amsterdam this weekend to choose new Board members, GNSO Council representatives, and interim ALAC members. It’s not really correct to call the group a “nominating committee” as ICANN does, since no membership ever gets to vote to accept or reject their “nominees.” That said, the secretive process has produced some good selections in the past, along with some not-so-good.

In other news from the void, ICANN has finally released the London School of Economics GNSO Review: report and annexes. Unfortunately, it’s only in PDFs that pdftohtml can’t successfully convert to text (strange font or something else?) — so commenting on the report will be more difficult than it should be. [update: poor mechanical OCR here]

I haven’t gotten past the opening “Recommendations,” but there, I’m encouraged by the report’s criticism of ICANN Constituencies — the artificial interest groups of ICANN participation, in which “intellectual property interests” is of equivalent voice to “non-commercial users.” It also makes useful suggestions toward better information dissemination and fixed term-limits for GNSO Councilors. (The GNSO, for those not fluent in ICANNese, is the Generic Names Supporting Organization, the body that’s supposed to make policy (by “bottom-up consensus”) for top-level domain names.)

ICANN has posted proposed registry agreements for the .org, .biz, and .info registries — contracts that would allow registry operators to raise prices arbitrarily or introduce tiered pricing, as well as giving incumbents a nearly-perpetual right of renewal. Strangely, given ICANN’s mission “to ensure the stable and secure operation of the Internet’s unique identifier systems,” the new agreements elevate the registries’ interests above the stability interests of domain name registrants. Under the proposed contracts, registrants would face considerable uncertainty about the future costs of domain name renewal.

I submitted comments, included after the jump.

(more…)