Mailing List Address for Stress Tests Work Party (ST-WP): firstname.lastname@example.org
Public Archives: http://mm.icann.org/pipermail/ccwg-accountability4/
Coordinator/Rapporteur: Cheryl Langdon-Orr <CLO> (member)
Steve DelBianco (member)
- James Bladel (member)
- Samantha Eisner (member)
- Jonathan Zuck (participant)
- Alan Greenberg (member)
- Leon Sanchez (member)
- Eberhard Lisse (member)
- Mathieu Weill (member)
- Thomas Rickert (member)
- Carlos Raul Gutierrez (participant)
- Adebunmi Akinbo (participant)
- Claudia Selli (observer)
- Rudi Daniel (participant)
- Fiona Asonga (member)
- Jordan Carter (member)
- Edward Morris (participant)
- Olga Cavalli (member)
- Thomas Schneider (participant)
- Alice Munyua (member)
- Rafael Perez Galindo (participant)
- Mark Carvell (participant)
- Suzanne Radell (member)
- Pär Brumark (member)
- Pedro Ivo Ferrz Da Silva (participant)
- Julia Wolman (member)
- Finn Petersen (participant)
- Jorge Cancio (participant)
- Izumi Okutani (member)
- Maura Gambassi (participant)
- Steve Crocker (participant)
- Snehashish Ghosh (participant)
- Avri Doria (participant)
- Paul Towmey (participant)
- Malcolm Hutty (participant)
- Paul Szyndler (participant)
- Tom Dale (participant)
- Greg Shatan (participant)
- Chris Wilson (participant)
- Ron Baione (observer)
CCWG-Accountability: Proposed Consolidated Contingencies / Stress Tests - Work Space**
An essential part of our CCWG Charter calls for stress testing of accountability enhancements in both work stream 1 and 2. Among deliverables listed in the Charter are:
Identification of contingencies to be considered in the stress tests
Review of possible solutions for each Work Stream including stress tests against identified contingencies. The CCWG-Accountability should consider the following methodology for stress tests
- analysis of potential weaknesses and risks
- analysis existing remedies and their robustness
- definition of additional remedies or modification of existing remedies
- description how the proposed solutions would mitigate the risk of contingencies or protect the organization against such contingencies
CCWG-Accountability must structure its work to ensure that stress tests can be (i) designed (ii) carried out and (iii) its results being analyzed timely before the transition.
CCWG Work Team 4 gathered an inventory of contingencies identified in prior public comments. In Frankfurt, the CCWG consolidated these 25 contingencies into five categories of stress tests: <insert link to the .doc/.PDF listing these original 25>, and a table on the page below shows how these 25 contingencies were amalgamated into our five (5) current categories of Stress Test.
I. Financial Crisis or Insolvency (Merged #5, 6, 7, 8 and 9)
ICANN becomes fiscally insolvent, and lacks the resources to adequately meet its obligations. This could result from a variety of causes, including financial crisis specific to the domain name industry, or the general global economy. It could also result from a legal judgment against ICANN, fraud or theft of funds, or technical evolution that makes domain name registrations obsolete.
II. Failure to Meet Operational Obligations (Merged #1,2,11, 17, and 21)
ICANN fails to process change or delegation requests to the IANA Root Zone, or executes a change or delegation over the objections of stakeholders, such as those defined as 'Significantly Interested Parties' [http://ccnso.icann.org/workinggroups/foi-final-07oct14-en.pdf]
III. Legal/Legislative Action (Merged #3, 4, 19, and 20)
ICANN is the subject of litigation under existing or future policies, legislation, or regulation. ICANN attempts to delegate a new TLD, or re-delegate a non-compliant existing TLD, but is blocked by legal action.
IV. Failure of Accountability (Merged #10, 12, 13, 16, 18, 22, 23 and 24)
Actions (or expenditure of resources) by one or more ICANN Board Members, CEO, or other Staff, are contrary to ICANN’s mission or bylaws. ICANN is “captured” by one stakeholder segment, including governments via the GAC, which is either able to drive its agenda on all other stakeholders, or abuse accountability mechanisms to prevent all other stakeholders from advancing their interests (veto).
V. Failure of Accountability to External Stakeholders (Merged #14, 15, and 25)
ICANN modifies its structure to avoid obligations to external stakeholders, such as terminating the Affirmation of Commitments, terminating presence in a jurisdiction where it faces legal action, moving contracts or contracting entities to a favorable jurisdiction. ICANN delegates, subcontracts, or otherwise abdicates its obligations to a third party in a manner that is inconsistent with its bylaws or otherwise not subject to accountability. ICANN merges with or is acquired by an unaccountable third party.
Table showing how original contingencies were consolidated into 5 stress test categories.
V. Failure of Accountability to External Stakeholders
(Merged #14, 15, 25) ICANN modifies its structure to avoid obligations to external stakeholders, such as terminating the Affirmation of Commitments, terminating presence in a jurisdiction where it faces legal action, moving contracts or contracting entities to another jurisdiction. ICANN abdicates its obligations to a third party in a manner inconsistent with bylaws or not subject to accountability. ICANN merges with or is acquired by an unaccountable third party.
14. ICANN or NTIA choose to terminate the Affirmation of Commitments.
Consequence: ICANN would no longer be held to its Affirmation commitments, including the conduct of community reviews and required implementation of review team recommendations. This consequence could be avoided if Affirmation reviews and commitments are added to ICANN’s bylaws.
15. ICANN terminates its legal presence in a nation where Internet users or domain registrants are seeking legal remedies for ICANN’s failure to enforce contracts, or other actions. Consequence: affected parties could be prevented from seeking legal redress for commissions or omissions by ICANN.
25. ICANN delegates or subcontracts its obligations under a future IANA agreement to a third party. Would also include ICANN merging with or allowing itself to be acquired by another organization.
Enterprise-Wide Risks identified by the ICANN Board Risk Committee (27-Jan-2015), indicating (I - V ) which stress test category includes each risk.
Items in red are not covered yet.
• Failure to adequately maintain and adhere to existing accountability mechanisms. (IV and V)
• Failure to demonstrate sufficient accountability and transparency of organization. (IV and V)
• Lower revenues than forecasted. (I)
• Adverse legal or other dispute resolution ruling, including possible related penalties, fees and costs. (III)
• Failure to sufficiently manage and enforce the hundreds of contracts with TLD operators. (II)
• Unsuccessful delivery of a stakeholder proposal and other relevant deliverables for a successful NTIA stewardship transition of the IANA Functions. (N/A since this is a pre-transition risk)
• Significant financial loss, other than lower-than-anticipated revenues (e.g., fraud, investment loss) (I)
• Potential issues for New gTLD Program related to accountability mechanisms due to possible adverse decision or failure of mechanism/process. (II)
• Unfunded operational costs or unplanned expenses. (I and III)
• Potential perception that not all conflicts of interests are identified during decision-making process. (IV and V)
• Possible perception that ICANN has poor global engagement, transparency, policy, coordination, communication. (II)
• Significant increase in legal or other dispute resolution filings that could challenge staff capacity, distract leadership and disrupt operations. (I and II)
• Policy development process is too slow or ineffective, participants decrease or stagnate, or failure to bring new stakeholders into the model. (could be part of IV and V)
• Potential legal actions from parties that believe that they have been injured resulting from New gTLD Program. (III)
• Significant revenue reduction (e.g., reduced domain volume, reduced ccTLD contributions, reduced registrar fees) (I)
• Perception of failure to implement and help achieve a global multi-stakeholder distributed IG ecosystem according to the widely accepted Net Mundial Principles. (N/A since this is not within ICANN’s scope)
￼• Current SO/AC structures cannot scale to include and support new entrants and participants. (add to IV and V ?)
• Unsuccessful implementation of adopted recommendation resulting from Affirmation of Commitment reviews. (IV)
• Insufficient progress towards major project implementation (e.g., gTLD, IDN fast track, DNSSEC, etc.). (II and IV)
• Inability to deliver commitments (mission, operational objectives, strategic initiatives) due to limited resources, budget, or prioritization. (I and II)
• Key skills depart ICANN (consultants or staff) without clear succession plan for continuation of operating functions or exchange of knowledge and documentation. (II)
• Lack of improving trust in the multi-stakeholder model. (add to IV and V?)
• Contracted party non-payment or service provider non-performance (e.g., registrar, registry, vendors). (I and II)
• Failure to effectively facilitate international participation in DNS Technical Coordination in the event of significant Internet security, stability or resiliency incident. (II, IV, and V)
• DNS vulnerability to attacks (root) causing disruption to Internet operability (e.g. DDoS Attacks, Cache Poisoning) (II )
• Potential data breach of personal or confidential data from ICANN systems; confidential data made public. (II)
• Failure of the community accountability process to adequately address ICANN accountability in light of its changing historical relationship with the US Government. (IV and V)
• Ineffective contractual compliance approach, process, and audits (registries, registrars, others). (II, IV, and V)
• Inconsistent communication & messaging to stakeholders, leading to confusion and lack of understanding. (IV and V)
• Poor fiscal policy-making or gross mismanagement. (I)
• Potential for ineffective technical business continuity management given an event occurs (e.g., data back-up, disaster recover planning, data outage) (II)
• Potential lack of operational efficiency, excellence and discipline due to lack of internal collaboration and clearly defined roles and responsibilities. (II)
• One or more governments’ policy changes that negatively affect different sectors of a stakeholder or regional work and current functionality of SO/AC model. (III, IV, and V)
Example application of stress test against recommended accountability mechanisms.
[to be added once we have sufficient consensus around accountability mechanisms to evaluate. Alternatively, we could perform stress test analysis on the Requirements we developed in Frankfurt.]
** Notes for all regarding use of our Stress Test Work Party (ST-WP) Wiki Space:
You are invited to make comments and suggestions to this work by using the comments section of the Wiki page, if you are not logged onto the wiki please note your name within the comments you make.
Members of this Work Party who have Wiki log on and edit page credentials please make any changes you propose to the text on this page as an annotated comment rather than a replacement of draft text, to allow for a later track and save / accept changes process... Please also note you name or initial <CLO> along with any such comments and suggestions, you are of course welcome to also make proposed changes and comments directly to our ST-WP Email List.