ICANN General Assembly Committee- a portion of my paper on Internet governance bodies

The Internet Corporation for Assigned Names and Numbers (ICANN) was set up to manage the internet’s core which is the Domain Name System (DNS)[1] and Internet Protocol (IP) addressing.[2] ICANN is a private, international organization created in 1998 by a Memorandum of Understanding with the Department of Commerce. ICANN[CB1] and the DNS[3] enjoy a legacy relationship with the National Telecommunications and Information Administration (NTIA) at the Department of Commerce as a result of establishing a technical framework for technical coordination of the Internet's domain name and addressing system (2009).[4] The operational standards of ICANN focus on a consensus driven, bottom up approach to policy making, open to various stakeholders and to constituencies. The power of ICANN is in the implementation and enforcement of its rules and regulations through
contracts with registries[5] and registrars.[6] Within ICANN is the General Assembly Committee (GAC) whose key role is to “provide advice to ICANN on issues of public policy, and especially where there may be an interaction between ICANN's activities or policies and national laws or international agreements.”[7]

ICANN’s General Assembly Committee decision-making follows a process of consensus building. Initially, a working group is tasked with an issue for discussion, review, and recommendation. Next, the chair follows standard operating procedure to find the level of consensus among the working group, hoping for “Full Consensus” and noting dissenters.[8] Based on discussion and recommendations given to the Chair, the working group then sends the finished document outlining its advice to the ICANN board, which must decide next steps. Because there is a lack of definition within the bylaws of ICANN surrounding ‘what is advice’ from GAC, operationalization of the term is difficult. Official bylaws talk about advice and that the board will receive advice but is under no obligation to adhere to it. This lack of definition on all sides causes a particular strain for the board since they must concurrently listen to the governments of countries and avoid the appearance of catering to states at the expense of civil society. The example included below is a recent decision by GAC, advising ICANN to discuss the issue with the two parties involved. 

Currently, other states want to participate in ICANN and ipso facto in internet governance, some may want to join to change the rules to benefit them as much as the US; some states want to join because they want to be relevant by being a representative of the organization or by bandwagoning, as Balance of Power Theory suggests because they do not hold enough sway on their own so they support a larger state which does possess some clout in this space. Other states want to join ICANN because they want their economies to participate in the IT space, which will drive the sector development.

Other states do not like that the US seemingly controls ICANN[9] and cite the hearings by the US Government, held on .xxx domain name, where capacity to act was implied[10] but not executed. Even though states comprise the representatives of the General Assembly Committee (GAC), companies or non-state actors involved with servicing the application layer of the Internet, such as Apple, Google, Amazon, Twitter, and others like it, are represented in various governance bodies within ICANN.

It is standard operating procedure for GAC to advise ICANN specifically and others in the industry, more broadly, on matters of public policy, with membership open only to national governments. Currently there are 113 nations represented, with GAC Chair held by Canada, and Vice Chair held by Kenya, Sweden, and Singapore.[11]

In Buenos Aires, November 20, 2013, the General Advisory Committee met and decided not to designate .wine and .vin as general top-level domains (gTLD).[12] The gTLD designation is significant because this is the initial search returned for a query and the owner of the gTLD controls the information available on that source. Disagreement or dissent on correct next steps centered on the United States and the European Union, on opposite sides of the designation, in support of their respective wine industries. Even though there are several mechanisms in place to control the validity of information concerning wine and its regional vendors, the .wine or .vin designation was put on hold while the ICANN board and the applicants are in discussion. There are many ongoing negotiations within the GAC to progress to amenable decisions for all parties involved, .wine and .vin is an excellent example.

Another example of GAC advise to ICANN is the argument for more stringent rules that would allow for better law enforcements in the new domain space to better protect consumers and for additional intellectual property protections in the new general Top Level Domains (gTLD).[13] These are two of the many examples of work being done by capable folks to shape and enhance our experience with sites that fall under the purview of ICANN.

[1] “A Plaything of Powerful Nations,” The Economist, October 1, 2011.


[2] Lennard G. Kruger, “Internet Governance and the Domain Name System: Issues for Congress,” prepared for Congressional Review Service, January 2, 2013.


[3] Kruger, “Internet Governance and the Domain Name System: Issues for Congress,” 2.


[4] “Commerce's NTIA and ICANN Establish a Long-Lasting Framework for the Technical Coordination of the Internet's Domain Name and Addressing System.” Web. Accessed on 26 February 2014


[5] “Registries” are companies and organizations who operate and administer the master database of all domain names registered in each top level domain, such as .com and .org.


[6] “Registrars” are the hundreds of companies and organizations with which consumers register domain names.


[7] GAC “About” website available at https://gacweb.icann.org/display/gacweb/Governmental+Advisory+Committee


[8] “3.6 Standard Methodology for Making Decisions” documents are available at http://gnso.icann.org/improvements/gnsoCworkingCgroupCguidelinesCfinalC10dec10Cen.pdf)


[9] See MILTON L. MULLER, “Ruling the Root,” MIT Press (2002). Also see Kim Davies, “There are not 13 Root Servers,” ICANN Blog, November 15, 2007 available at http://blog.icann.org/2007/11/there-are-not-13-root-servers/.


[10] The exchange of letters between Neelie Kroes (European Commission) and the Dept. of Commerce/NTIA is instructive and often cited by civil society outside the US. The letter exchange reveal Strickling’s response showed restraint: “we respect the multi-stakeholder Internet governance process and do not thing that it is in the long-term best interest of the United States or the global Internet community for us unilaterally to reverse the decision.” However, the implication in the international communication is that the US government could take action on ICANN to reverse the decision (Strickling did not say the US couldn’t do what was asked, only that it’s not in the long-term interest to do so). This is not something that sits well internationally. See Kroes letter to Locke, .NXT, available at http://goo.gle/D6fGg; Also see Strickling letter to Kroes, .NXT, April 20, 2011, available at http://goo.gl/fakkw.


[11] Kruger, “Internet Governance and the Domain Name System: Issues for Congress,” 2.


[12] “GAC Communique: Buenos Aries” November 20, 2013.


[13] Kruger, “Internet Governance and the Domain Name System: Issues for Congress,” 10-12; see for more examples.

BOOK REVIEW

This book review was completed in partial fulfillment of the requirements for graduation.  “A Fierce Domain: Conflict in Cyberspace, 1986 to 2012”, is a volume edited by Jason Healey in Washington, DC, and published by the Cyber Conflict Studies Association in 2013. With 352 pages of case studies, graphs, a glossary, and charts, it can be purchased in hardback for $35. The ISBN is 978-0-9893274-1-153500.

Written in part as a military history, in part as a guide to policymakers, the thesis of the book is that cyber conflict “is not so new that it does not have its own history”[1] with several wake up calls in the last twenty-five years for the United States Government, the nation’s lead defense against cyber attacks. The book lists and analyzes topically the events and precipitous effects that have led up to the current state of cyber conflict, beginning in 1986 with the Cuckoo’s Egg and Morris Worm (1988) and ending in 2012 with Stuxnet and Estonia (2007). The examples and documentation cited support the claim that this field and the cases cited are not anomalies, but interconnected incidents that provide a rich historical narrative for study. Collected and presented in this manner, the author achieves his aims in presenting the first ever history book of cyber conflict history.

The books narrative and case studies begin in 1986, but before 1980, the elements necessary for cyber conflict were not in place. Electronic warfare dates back to the American Civil War when Confederate telegraphs were captured and used for counter measures. The easily-accessible, decentralized yet interconnected communication systems based in computer networks set the stage for the advent of cyber conflict history beginning with the Morris Worm in 1988. The incident highlighted the systemic lack of cybersecurity causing “up to 10 percent of the Internet to crash”[2], demonstrating where the tools of “agility and subject matter knowledge”[3] for maintaining defenses were kept – in the private sector. In 1997 and 1998, Operations ELIGIBLE RECIEVER and SOLAR MOONRISE demonstrated the ability of red teams to penetrate both classified and unclassified defenses. The result of the exercise was a new organizational structure for cyber incident response mechanism mirroring a DEFCON system of categorization to “better defeat a sustained cyber attack.”[4]  Also in 1998, MOONLIGHT MAZE was a joint operation to “combat” a sustained external intrusion into Air, Space, Defense, and research and development institutions, believed to be Russians who were intent on retrieving science and technology information. Later, in 2005, a set of intrusions believe to be Chinese espionage called TITAN RAIN focused theft on the DoD, DHS, State, Energy, and defense contractors. May of 2007, Estonia experienced a cyber attack from Russia that was a “tactical and strategic defeat.”[5] In 2008, the cyber attacks on Georgia coordinated with an invasion of Russia. Later that year, BUCKSHOT YANKEE was revealed to the public, which involved both classified and unclassified network intrusions of the “war-fighting Central Command.”[6] The book’s final example is the 2012 incident of Stuxnet and response Shamoon, which ‘instilled the deepest alarm to cybersecurity professionals”[7] due to the depth and breadth of the campaigns.   

One of the book’s strengths is the ‘state spectrum of responsibility" tool used to analyze the attacks on Estonia and Georgia and of Stuxnet, is valuable when knowing who to blame for the attacks without using attribution, the absolute knowledge of who did it. Another strength is the heavily notated chapters, for further research or personal review.

Conversely, a stylistic weakness is the repetition of several integral anecdotes, yet done in a way that breaks concentration and interrupts the cadence of story telling.

Overall, the book is beneficial for policymakers to have for a historical record of cyber conflict. The book speaks to the current trend of cybersecurity in that it provides a discussion of cyberwarfare, so it applies in an economic and a national security setting as well. It is a well-written book that arises from the historical theoretical debate. The book has several definitions that are clarified in the appendix. In the current literature, there are not really any other books with this stated intent. Students of cybersecurity in the policy side will benefit from reading this book as well as technicians or practitioners on the technical side. Because the book’s structure and examples are very clear, this book would easily be useful at a freshman class level yet robust up to graduate level scrutiny. Finally, I recommend this book as an exceptional work that can advise both beginners and advanced practitioners of the policy and the hard science side of cybersecurity. 
 

---

[1] P. 10

[2] p. 31

[3] ibid

[4] p. 42

[5] p. 70

[6] p. 72

[7] p.74

Second round interview outfit- some of my family believe that I look like a Star Wars character in this outfit. I Said," be strong Corrie, You WILL be an intern!"

White Shellac manicure from Kayla's Nails in Meijers... newsflash: the UV light used for this manicure will age your hands. The real question, am I WASP enough to go without a manicure and still have it ironic that I don't have a manicure. Or just really really sad that I do not get my nails done...

Aunt Joan, Me, MA and the SIL,Cheyenna on Easter Sunday.

Just a little something I wore on a date last week, one of the best dates ever.

Easter Egg

Easter Spirit Wear

Snuggle time with Baby Emma Mills; she was rocking the tri-tone look with the pink headband.

Wishes...

Technically... I love clothes. 

but this is madness.... my life.

 New Year's resolution... buy more shoes. 

organize.

these are some of my favorite things... and they give me such a headache.

Yesterday, I wanted to throw them all out and start over. I think I only liked one sweater and a couple tanks.  Just like life, I guess I'll have to work with what I've got.

What do you do when you hate all your clothes?

For Starters...

Hi! I'm Corrie.

This is me after exams, I stayed in my pajamas almost all day.

I Love clothes, shoes, purses... its like food for my soul

This couple  just looks FABULOUS!

Sometimes, I walk at weird paces (at UC) to snap a picture of something I love.

....for example... 

Elegance does not consist in putting on a new dress. Coco Chanel