[governance] "Oversight"

parminder parminder at itforchange.net
Thu Jun 14 06:53:48 EDT 2012


Norbert has put the 'slippery slope' scenario quite well.

I agree that a simple shift from US to another body is not enough. But 
since in the discharge of the oversight role, commission is a much 
bigger issue than omission, it is certainly better if say 15 other 
country reps have to simultaneously agree to an act of commission along 
with the US rather than US getting to decide it alone. And that much 
better if there is an international law to clearly describe the 
oversight role, its procedures and limits, and an international judicial 
system to adjudicate whether the concerned body acted as per the 
relevant international law. None of this exists at present vis a vis 
US's exercise of the oversight role. It just a bunch of people convinced 
that US's is a good and benign government. Hardly a good basis for a 
global governance system.

parminder

On Wednesday 13 June 2012 07:05 PM, Norbert Bollow wrote:
> David Conrad<drc at virtualized.org>  wrote:
>    
>> Just a small nit:
>>
>> On Jun 11, 2012, at 3:32 AM, Norbert Bollow wrote:
>>      
>>> John Curran<jcurran at istaff.org>  wrote:
>>>        
>>>> For clarity, which USG "oversight role" are we referring to?
>>>>          
>>> ...
>>> 3) review of root zone changes before publication
>>>        
>> Currently, outside of internal checks done by Verisign as the Root
>> Zone Manager, there is no review of root zone changes prior to
>> publication. DoC's role, as far as I understand it, is to verify
>> that ICANN, as the IANA function operator, followed the documented
>> policies and processes in handling a request from a TLD
>> administrator. Once a change is authorized, the next point (outside
>> of Verisign) where the change can be reviewed is after it hits the
>> root servers.
>>      
> David's nit is of course well justified in that I was indeed imprecise
> there -- probably because I'm a bit of a "doubting Thomas" in regard
> to the assertion that DoC would routinely, for every root zone change
> request, "verify that ICANN, as the IANA function operator, followed
> the documented policies and processes in handling a request from a TLD
> administrator" -- it will take some serious evidence to convince me
> that that role description isn't pure propaganda and not just a facade
> for something that is in reality intended to be pure international
> power politics. (These doubts are quite independent of the questions
> about whether such an intention results in effective power, and
> whether or not the resulting situation should be considered to be a
> serious problem from the perspectives of people outside the US and
> their governments.)
>
>    
>> As mentioned in a previous note, I believe this to be a flaw in the
>> current root zone management system.
>>      
> Since technical correctness of the resulting zone data is easier to
> double-check than procedural correctness, and since I would expect
> unintended honest errors on the technical level to likely occur more
> frequently than any malicious subversion of the documented policies
> and processes for handling requests from TLD administrators, I
> agree that there seems to be some kind of flaw here.
>
>
> In a later posting, David Conrad<drc at virtualized.org>  wrote in
> response to a posting of Parminder:
>    
>> Assume the USG forces Verisign to remove .IN from the root zone. A
>> query for<anything>.IN will then result in a "name error" response
>> being returned to the querying resolver (typically operated by
>> ISPs).  With DNSSEC, some cryptographic data is also returned that
>> allows the resolver to prove (in the mathematical sense) that the
>> holder of the root zone signing key (Verisign) agrees that the "name
>> error" should be returned.  Without DNSSEC, you still get the "name
>> error", the resolver just can't prove that's what the holder of the
>> zone signing key intended.
>>
>> So, we now have a root zone(provably, if you bother to verify the
>> DNSSEC data) without .IN in it.  Let's say you run an ISP anywhere
>> in the world.  Now, _all_ of your customers that attempt to connect
>> to any website in the .IN domain will get "name does not exist" in
>> their web browsers, email programs, bittorrent clients, etc.  Your
>> customers are probably not going to assume it is because the USG
>> removed the .IN domain, rather they're more likely going to assume
>> you screwed up somehow and call you to scream at you. After a
>> sufficient number of calls (which, depending on the scale of your
>> ISP, will probably be from minutes to hours), you'll most likely fix
>> the problem for your users by getting a copy of the root zone,
>> reinserting the .IN data into that copy, and putting that root zone
>> on your resolvers.
>>      
> I agree that customers of ISPs in India would indeed assume that
> their ISPs have screwed up, and get their ISPs to change their
> resolver config in a way that makes them independent of all root
> servers which fail to carry the .IN zone.
>
> The situation may well be different outside India. I don't see a
> lot of references to .IN domains here in Switzerland. Most people
> and companies in India that I have had contact with seem to use
> .COM, .NET and .ORG domain names rather than .IN, and it'll be a
> lot less obvious to people that it is *their* ISP who should fix
> the India domain name issue for them.
>
> And if it doesn't concern India but a smaller and economically
> less important country, any pressure on most ISPs outside the
> country from their customers will be much weaker still.
>
>
> But anyway I don't think that "the US might want a ccTLD to suddenly
> disappear" is the most appropriate threat model here. I think we
> should rather discuss scenarios with some kind of slippery slope,
> like e.g. the following:
>
> Suppose that as a first step, the US would demand that all domain
> names which are used to host clear instances of child pornography
> (sexual abuse of young children which is filmed or photographed
> with intentions of criminal enrichment) must be deleted from DNS
> within 24 hours of receipt of a notification from an US government
> agency. If a TLD registry outside the US doesn't agree, maybe the US
> government would demand a root zone change by means of which DNS
> queries for that TLD are sent to nameservers that provide a filtered
> view of that TLD. Besides the child pornography sites, all other
> domains of that TLD would still work. There would not be a big public
> outcry because hardly anyone wants to destroy their reputation by
> taking the side of child pornography sites.
>
> As a second step, the same principle might get applied to sites of
> Islamic extremists who promote violence. Some people would protest,
> but in most countries, most ISPs would probably rather disappoint
> some potential or actual customers than risk having to defend
> themselves in the court of public opinion and in the courts of
> law against the accusations of failing to comply with the laws and
> of supporting terrorism.
>
> It would probably continue to go downhill from there. All kinds of
> ideas are dangerous and threatening to some kinds of politicians:
> Some would feel threatened in business interests tied to the
> military-industrial complex if any of the groups that advocate
> non-violence and anti-militarism achieves great influence. Some
> would feel threatened if one of the groups that advocate holiness
> in sexual purity and honesty achieves great influence and tells
> people not to vote for politicans who don't live according to
> these principles. Maybe I am a bit paranoid here, but it doesn't
> seem far-fetched to me that in such situations, rabble-rousers
> might react with racist, pro-violence slogans to the websites of
> such groups, and some of those who are in power might take that as
> justification to declare all kinds of strongly moral religious
> statements to be too provocative to be allowed on the Internet...
>
>
> In the above, the references to the US are mainly because it happens
> to be the US that appears to have some relevant power. I wouldn't
> view "let's give the role of the US to the UN" to be in any way an
> improvement with regard to this kind of concerns. The fact that the UN
> does some good work in regard to the promotion and protection of human
> rights, and also promotes itself in the name of human rights, has not
> stopped some UN agencies such as WIPO from putting human rights rather
> low on their scale of actual priorities.
>
>
> So I would suggest that what needs to be done is to work towards
> an oversight model that is designed to be as robust as possible
> against risks of "slippery slope" scenarios such as the one described
> above. The existing international human rights law is a good starting
> point IMO. I would say what is primarily missing right now is a global
> multistakeholder process to interpret this practically in the
> Internet governance context, in a way that results in concrete
> recommendations for feasible and effective governmental actions.
>
> Greetings,
> Norbert
>
>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120614/08110feb/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t


More information about the Governance mailing list