On Friday, the Financial Times published an article exploring the role that governments have been assuming in cyber security. At one point while discussing the relationship between the U.S. government and ICANN, the article makes the somewhat misleading assertion that “American control over the administration of the web is slipping.” In reality, since ICANN signed the Affirmation of Commitments (AOC) in September 2009, the U.S. maintains virtually no control over the organization. At this point, the only meaningful link that remains between the U.S. government and ICANN is the Internet Assigned Numbers Authority (IANA) contract, through which the U.S. Department of Commerce granted ICANN the responsibility of administering the Internet’s root servers. This connection is important to ICANN, who benefit from the ability to not only develop policies, but to implement them – without oversight or accountability.
Somewhat surprisingly, the article also points out that certain members of the U.S. defense community regard the introduction of internationalized domain names (IDN ccTLDs), or domain extensions in non-Latin scripts, as a “disaster”. One person, whose company has advised the CIA on computer security, even called the initiative “the single most criminogenic act ever taken in or around the digital world”. The argument behind such a strong opinion is that IDN ccTLDs will make it easier for cyber criminals to launch attacks while disguising their locations.
It had not occurred to me that IDN ccTLDs would be such a problem. I would argue that the benefits of opening up domain name extensions to major world languages like Arabic and Chinese outweigh the potential risks – cyber criminals found ways to obscure their locations before IDN ccTLDs existed. In fact, I still believe that new generic TLDs (gTLDs) will present more of a problem for the enforcement of cyber security than IDN ccTLDs. ICANN has estimated that it expects that in the first round alone, it will receive applications for 400 new gTLDs. This expansion of the domain name space will dramatically complicate online enforcement of intellectual property and prosecution of piracy, and as the Financial Times article points out, law enforcement is already struggling to keep up with existing threats.
The IANA contract is up for renewal in 2011. By managing the renewal in such a way that demands great transparency and accountability from ICANN, the U.S. government will be able to help ensure that our online interests, and the interests of other countries, are protected. Moreover, such action will assure the global community that Internet governance solves more problems than it creates. I believe that a more open and accountable relationship between the U.S. government and ICANN will afford governments around the world a better opportunity to ensure their cyber security.