Mailing List Address for Stress Tests Work Party (ST-WP): ccwg-accountability4@icann.org
Public Archives: http://mm.icann.org/pipermail/ccwg-accountability4/
Coordinator/Rapporteur: Cheryl Langdon-Orr <CLO> (member)
Volunteers:
Steve DelBianco (member)
An essential part of our CCWG Charter calls for stress testing of accountability enhancements in both work stream 1 and 2. Among deliverables listed in the Charter are:
Identification of contingencies to be considered in the stress tests
Review of possible solutions for each Work Stream including stress tests against identified contingencies. The CCWG-Accountability should consider the following methodology for stress tests
CCWG-Accountability must structure its work to ensure that stress tests can be (i) designed (ii) carried out and (iii) its results being analyzed timely before the transition.
CCWG Work Team 4 gathered an inventory of contingencies identified in prior public comments. In Frankfurt, the CCWG consolidated these 25 contingencies into five categories of stress tests: <insert link to the .doc/.PDF listing these original 25>, and a table on the page below shows how these 25 contingencies were amalgamated into our five (5) current categories of Stress Test.
I. Financial Crisis or Insolvency (Merged #5, 6, 7, 8 and 9)
ICANN becomes fiscally insolvent, and lacks the resources to adequately meet its obligations. This could result from a variety of causes, including financial crisis specific to the domain name industry, or the general global economy. It could also result from a legal judgment against ICANN, fraud or theft of funds, or technical evolution that makes domain name registrations obsolete.
II. Failure to Meet Operational Obligations (Merged #1,2,11, 17, and 21)
ICANN fails to process change or delegation requests to the IANA Root Zone, or executes a change or delegation over the objections of stakeholders, such as those defined as 'Significantly Interested Parties' [http://ccnso.icann.org/workinggroups/foi-final-07oct14-en.pdf]
III. Legal/Legislative Action (Merged #3, 4, 19, and 20)
ICANN is the subject of litigation under existing or future policies, legislation, or regulation. ICANN attempts to delegate a new TLD, or re-delegate a non-compliant existing TLD, but is blocked by legal action.
IV. Failure of Accountability (Merged #10, 12, 13, 16, 18, 22, 23 and 24)
Actions (or expenditure of resources) by one or more ICANN Board Members, CEO, or other Staff, are contrary to ICANN’s mission or bylaws. ICANN is “captured” by one stakeholder segment, including governments via the GAC, which is either able to drive its agenda on all other stakeholders, or abuse accountability mechanisms to prevent all other stakeholders from advancing their interests (veto).
V. Failure of Accountability to External Stakeholders (Merged #14, 15, and 25)
ICANN modifies its structure to avoid obligations to external stakeholders, such as terminating the Affirmation of Commitments, terminating presence in a jurisdiction where it faces legal action, moving contracts or contracting entities to a favorable jurisdiction. ICANN delegates, subcontracts, or otherwise abdicates its obligations to a third party in a manner that is inconsistent with its bylaws or otherwise not subject to accountability. ICANN merges with or is acquired by an unaccountable third party.
Consolidated Stress Test | Contingencies merged |
I. Financial Crisis or Insolvency (Merged #5, 6, 7, 8 , 9) ICANN becomes fiscally insolvent, and lacks the resources to adequately meet its obligations. This situation could result from a variety of causes, including financial crisis specific to the domain name industry, or the general global economy. It could also result from a legal judgment against ICANN, fraud or theft of funds, or technical evolution that makes domain name registrations obsolete. | 5. Domain industry financial crisis. Consequence: significant reduction in domain sales generated revenues and significant increase in registrar and registry continuity costs, threatening ICANN’s ability to operate. |
6. General financial crisis. Consequence: loss affecting reserves sufficient to threaten business continuity. | |
7. Litigation arising from private contract, e.g., Breach of Contract. Consequence: significant loss of contracted party fees. | |
8. Technology competing with DNS. Consequence: significant reduction in domain sales generated revenues and significant increase in registrar and registry continuity costs. | |
9. Major corruption or fraud. Consequence: major impact on corporate reputation, significant litigation and loss of some or all reserves. | |
II. Failure to Meet Operational Obligations (Merged #1,2,11, 17, 21) ICANN fails to process change or delegation requests to the IANA Root Zone, or executes a change or delegation over the objections of stakeholders, such as those defined as 'Significantly Interested Parties' (link) | 1. Change authority for the IANA Root Zone ceases to function, in part or in whole. Consequence: significant interference with existing policy (or policies) relating to the content of the IANA Root Zone and/or prejudice to the security and stability of one or several TLDs. |
2. Delegation authority for the IANA Root Zone ceases to function, in part or in whole. Consequence: significant interference with existing policy (or policies) relating to the delegation from the IANA Root Zone and/or prejudice to the security and stability of one or several TLDs.. | |
11. Compromise of credentials. Consequence: major impact on corporate reputation, significant loss of authentication and/or authorization capacities. | |
17. ICANN attempts to add a new top-level domain in spite of security and stability concerns expressed by technical community or other stakeholder groups. Consequence: DNS security and stability could be undermined, and ICANN actions could impose costs and risks upon external parties. | |
21. A government telecom minister instructs ICANN to re-delegate a country-code top-level domain (ccTLD), despite objections from many current registrants and user communities in the country concerned. Consequence: Faced with this re-delegation request, ICANN lacks measures to resist re-delegation while awaiting the bottom-up consensus decision of affected stakeholders. | |
III. Legal/Legislative Action (Merged #3, 4, 19, 20) ICANN is the subject of litigation under existing or future policies, legislation, or regulation. ICANN attempts to delegate a new TLD, or re-delegate a non-compliant existing TLD, but is blocked by legal action. | 3. Litigation arising from existing public policy, e.g., Anti-Trust (Sherman Act) Consequence: significant interference with existing policy and/or policy development relating to relevant activities. |
4. New regulation or legislation. Consequence: significant interference with existing policies and/or policy development relating to relevant activities. | |
19. ICANN attempts to re-delegate a gTLD because the registry operator is determined to be in breach of its contract, but the registry operator challenges the action and obtains an injunction from a national court. Consequence: The entity charged with root zone maintenance could face the question of whether to follow ICANN re-delegation request or to follow the court order. | |
20. A court order is issued to block ICANN’s delegation of a new TLD, because of complaint by existing TLD operators or other aggrieved parties. Consequence: ICANN’s decision about whether to honor such a court order could bring liability to ICANN and its contract parties. | |
IV. Failure of Accountability (Merged #10, 12, 13, 16, 18, 22, 23,24) Actions (or expenditure of resources) by ICANN Board Members, CEO, or other Staff, are contrary to ICANN’s mission or bylaws. ICANN is “captured” by one stakeholder segment, including governments via the GAC, which is either able to drive its agenda on all other stakeholders, or abuse accountability mechanisms to prevent all other stakeholders from advancing their interests (veto). | 10. Chairman, CEO or major officer acting in a manner inconsistent with the organization’s mission. Consequence: major impact on corporate reputation, significant litigation. 12. Capture by one or several groups of stakeholders. Consequence : major impact on trust in multi-stakeholder model, prejudice to other stakeholders. 13. One or several stakeholders excessively rely on accountability mechanism to “paralyze” ICANN. Consequence: major impact on corporate reputation, inability to take decisions, instability of governance bodies, loss of key staff, etc. 16. ICANN engages in programs not necessary to achieve its limited technical mission. For example, uses fee revenue or reserve funds to expand its scope beyond its technical mission, through grants for developing nations or other causes. Consequence: ICANN has the power to determine fees charged to TLD applicants, registries, registrars, and registrants, so it presents a large target for any Internet-related cause seeking funding sources. 18. Governments in ICANN’s Government Advisory Committee (GAC) amend their operating procedures to change from consensus decisions to majority voting for advice to ICANN’s board. Consequence: Under current bylaws, ICANN must consider and respond to GAC advice, even if that advice were not supported by consensus. A majority of governments could thereby approve GAC advice that restricted free online expression, for example. 22. ICANN Board fails to comply with bylaws and/or refuses to accept the decision of a redress mechanism constituted under the bylaws. Consequence: Community loses confidence in multistakeholder structures to govern ICANN. 23. ICANN uses RAA or other agreements to arrange that its counter-parties impose requirements on third parties, allegedly outside scope of ICANN mission. Affected third parties, not being contracted to ICANN, have little or no effective recourse against ICANN; contracted parties, not being implicated by the requirements themselves, do not avail themselves of mechanisms allowing them to challenge ICANN’s decision. Consequence: ICANN seen as a monopoly leveraging power in one market (domain names) into adjacent markets. 24. An incoming Chief Executive institutes a “strategic review” that quickly arrives at a new, extended mission for ICANN; the Board, having just hired the new CEO, approves the new mission and strategy without community consensus. Consequence: Community ceases to see ICANN as the community’s own mechanism for discharging certain limited technical functions, and views ICANN as an independent, sui generis entity with its own agenda, not necessarily supported by the community. Ultimately, comes to question why ICANN’s original (i.e. current) functions should remain in the control of a body that has grown to have a much broader and less widely supported mission. |
V. Failure of Accountability to External Stakeholders (Merged #14, 15, 25) ICANN modifies its structure to avoid obligations to external stakeholders, such as terminating the Affirmation of Commitments, terminating presence in a jurisdiction where it faces legal action, moving contracts or contracting entities to another jurisdiction. ICANN abdicates its obligations to a third party in a manner inconsistent with bylaws or not subject to accountability. ICANN merges with or is acquired by an unaccountable third party. | 14. ICANN or NTIA choose to terminate the Affirmation of Commitments. Consequence: ICANN would no longer be held to its Affirmation commitments, including the conduct of community reviews and required implementation of review team recommendations. This consequence could be avoided if Affirmation reviews and commitments are added to ICANN’s bylaws. |
15. ICANN terminates its legal presence in a nation where Internet users or domain registrants are seeking legal remedies for ICANN’s failure to enforce contracts, or other actions. Consequence: affected parties could be prevented from seeking legal redress for commissions or omissions by ICANN. | |
25. ICANN delegates or subcontracts its obligations under a future IANA agreement to a third party. Would also include ICANN merging with or allowing itself to be acquired by another organization. |
Items in red are not covered yet.
• Failure to adequately maintain and adhere to existing accountability mechanisms. (IV and V)
• Failure to demonstrate sufficient accountability and transparency of organization. (IV and V)
• Lower revenues than forecasted. (I)
• Adverse legal or other dispute resolution ruling, including possible related penalties, fees and costs. (III)
• Failure to sufficiently manage and enforce the hundreds of contracts with TLD operators. (II)
• Unsuccessful delivery of a stakeholder proposal and other relevant deliverables for a successful NTIA stewardship transition of the IANA Functions. (N/A since this is a pre-transition risk)
• Significant financial loss, other than lower-than-anticipated revenues (e.g., fraud, investment loss) (I)
• Potential issues for New gTLD Program related to accountability mechanisms due to possible adverse decision or failure of mechanism/process. (II)
• Unfunded operational costs or unplanned expenses. (I and III)
• Potential perception that not all conflicts of interests are identified during decision-making process. (IV and V)
• Possible perception that ICANN has poor global engagement, transparency, policy, coordination, communication. (II)
• Significant increase in legal or other dispute resolution filings that could challenge staff capacity, distract leadership and disrupt operations. (I and II)
• Policy development process is too slow or ineffective, participants decrease or stagnate, or failure to bring new stakeholders into the model. (could be part of IV and V)
• Potential legal actions from parties that believe that they have been injured resulting from New gTLD Program. (III)
• Significant revenue reduction (e.g., reduced domain volume, reduced ccTLD contributions, reduced registrar fees) (I)
• Perception of failure to implement and help achieve a global multi-stakeholder distributed IG ecosystem according to the widely accepted Net Mundial Principles. (N/A since this is not within ICANN’s scope)
• Current SO/AC structures cannot scale to include and support new entrants and participants. (add to IV and V ?)
• Unsuccessful implementation of adopted recommendation resulting from Affirmation of Commitment reviews. (IV)
• Insufficient progress towards major project implementation (e.g., gTLD, IDN fast track, DNSSEC, etc.). (II and IV)
• Inability to deliver commitments (mission, operational objectives, strategic initiatives) due to limited resources, budget, or prioritization. (I and II)
• Key skills depart ICANN (consultants or staff) without clear succession plan for continuation of operating functions or exchange of knowledge and documentation. (II)
• Lack of improving trust in the multi-stakeholder model. (add to IV and V?)
• Contracted party non-payment or service provider non-performance (e.g., registrar, registry, vendors). (I and II)
• Failure to effectively facilitate international participation in DNS Technical Coordination in the event of significant Internet security, stability or resiliency incident. (II, IV, and V)
• DNS vulnerability to attacks (root) causing disruption to Internet operability (e.g. DDoS Attacks, Cache Poisoning) (II )
• Potential data breach of personal or confidential data from ICANN systems; confidential data made public. (II)
• Failure of the community accountability process to adequately address ICANN accountability in light of its changing historical relationship with the US Government. (IV and V)
• Ineffective contractual compliance approach, process, and audits (registries, registrars, others). (II, IV, and V)
• Inconsistent communication & messaging to stakeholders, leading to confusion and lack of understanding. (IV and V)
• Poor fiscal policy-making or gross mismanagement. (I)
• Potential for ineffective technical business continuity management given an event occurs (e.g., data back-up, disaster recover planning, data outage) (II)
• Potential lack of operational efficiency, excellence and discipline due to lack of internal collaboration and clearly defined roles and responsibilities. (II)
• One or more governments’ policy changes that negatively affect different sectors of a stakeholder or regional work and current functionality of SO/AC model. (III, IV, and V)
[to be added once we have sufficient consensus around accountability mechanisms to evaluate. Alternatively, we could perform stress test analysis on the Requirements we developed in Frankfurt.]
You are invited to make comments and suggestions to this work by using the comments section of the Wiki page, if you are not logged onto the wiki please note your name within the comments you make.
Members of this Work Party who have Wiki log on and edit page credentials please make any changes you propose to the text on this page as an annotated comment rather than a replacement of draft text, to allow for a later track and save / accept changes process... Please also note you name or initial <CLO> along with any such comments and suggestions, you are of course welcome to also make proposed changes and comments directly to our ST-WP Email List.