[House Hearing, 109 Congress]
[From the U.S. Government Publishing Office]



 
                         ICANN INTERNET GOVERNANCE: 
                                IS IT WORKING?


                                   HEARING

                                  BEFORE THE

                      SUBCOMMITTEE ON COMMERCE, TRADE, 
                           AND CONSUMER PROTECTION
              AND SUBCOMMITTEE ON TELECOMMUNICATIONS AND THE 
                                  INTERNET

                                   OF THE 

                          COMMITTEE ON ENERGY AND 
                                  COMMERCE

                         HOUSE OF REPRESENTATIVES


                        ONE HUNDRED NINTH CONGRESS

                               SECOND SESSION


                             SEPTEMBER 21, 2006

                             Serial No. 109-142

         Printed for the use of the Committee on Energy and Commerce



Available via the World Wide Web:  http://www.access.gpo.gov/congress/house



                    U.S. GOVERNMENT PRINTING OFFICE
31-468                      WASHINGTON : 2006
_____________________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Printing Office 
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; DC area (202) 
512-1800 Fax: (202) 512-2250  Mail: Stop  SSOP, Washington, DC 20402-0001


                     COMMITTEE ON ENERGY AND COMMERCE
                       JOE BARTON, Texas, Chairman
RALPH M. HALL, Texas                      JOHN D. DINGELL, Michigan
MICHAEL BILIRAKIS, Florida                  Ranking Member
  Vice Chairman                           HENRY A. WAXMAN, California
FRED UPTON, Michigan                      EDWARD J. MARKEY, Massachusetts
CLIFF STEARNS, Florida                    RICK BOUCHER, Virginia
PAUL E. GILLMOR, Ohio                     EDOLPHUS TOWNS, New York
NATHAN DEAL, Georgia                      FRANK PALLONE, JR., New Jersey
ED WHITFIELD, Kentucky                    SHERROD BROWN, Ohio
CHARLIE NORWOOD, Georgia                  BART GORDON, Tennessee
BARBARA CUBIN, Wyoming                    BOBBY L. RUSH, Illinois
JOHN SHIMKUS, Illinois                    ANNA G. ESHOO, California
HEATHER WILSON, New Mexico                BART STUPAK, Michigan
JOHN B. SHADEGG, Arizona                  ELIOT L. ENGEL, New York
CHARLES W. "CHIP" PICKERING,  Mississippi ALBERT R. WYNN, Maryland
  Vice Chairman                           GENE GREEN, Texas
VITO FOSSELLA, New York                   TED STRICKLAND, Ohio
ROY BLUNT, Missouri                       DIANA DEGETTE, Colorado
STEVE BUYER, Indiana                      LOIS CAPPS, California
GEORGE RADANOVICH, California             MIKE DOYLE, Pennsylvania
CHARLES F. BASS, New Hampshire            TOM ALLEN, Maine
JOSEPH R. PITTS, Pennsylvania             JIM DAVIS, Florida
MARY BONO, California                     JAN SCHAKOWSKY, Illinois
GREG WALDEN, Oregon                       HILDA L. SOLIS, California
LEE TERRY, Nebraska                       CHARLES A. GONZALEZ, Texas
MIKE FERGUSON, New Jersey                 JAY INSLEE, Washington
MIKE ROGERS, Michigan                     TAMMY BALDWIN, Wisconsin
C.L. "BUTCH" OTTER, Idaho                 MIKE ROSS, Arkansas                       
SUE MYRICK, North Carolina
JOHN SULLIVAN, Oklahoma
TIM MURPHY, Pennsylvania
MICHAEL C. BURGESS, Texas
MARSHA BLACKBURN, Tennessee

                      BUD ALBRIGHT, Staff Director
                     DAVID CAVICKE, General Counsel
        REID P. F. STUNTZ, Minority Staff Director and Chief Counsel


                  SUBCOMMITTEE ON COMMERCE, TRADE, AND 
                          CONSUMER PROTECTION
                    CLIFF STEARNS, Florida, Chairman
FRED UPTON, Michigan                      JAN SCHAKOWSKY, Illinois
NATHAN DEAL, Georgia                        Ranking Member
BARBARA CUBIN, Wyoming                    MIKE ROSS, Arkansas
GEORGE RADANOVICH, California             EDWARD J. MARKEY, Massachusetts
CHARLES F. BASS, New Hampshire            EDOLPHUS TOWNS, New York
JOSEPH R. PITTS, Pennsylvania             SHERROD BROWN, Ohio
MARY BONO, California                     BOBBY L. RUSH, Illinois
LEE TERRY, Nebraska                       GENE GREEN, Texas
MIKE FERGUSON, New Jersey                 TED STRICKLAND, Ohio
MIKE ROGERS, Michigan                     DIANA DEGETTE, Colorado
C.L. "BUTCH" OTTER, Idaho                 JIM DAVIS, Florida
SUE MYRICK, North Carolina                CHARLES A. GONZALEZ, Texas
TIM MURPHY, Pennsylvania                  TAMMY BALDWIN, Wisconsin
MARSHA BLACKBURN, Tennessee               JOHN D. DINGELL, Michigan
JOE BARTON, Texas                           (EX OFFICIO)                            
  (EX OFFICIO)

         SUBCOMMITTEE ON TELECOMMUNICATIONS AND THE INTERNET
                   FRED UPTON, Michigan, Chairman
MICHAEL BILIRAKIS, Florida                EDWARD J. MARKEY, Massachusetts
CLIFF STEARNS, Florida                      Ranking Member
PAUL E. GILLMOR, Ohio                     ELIOT L. ENGEL, New York
ED WHITFIELD, Kentucky                    ALBERT R. WYNN, Maryland
BARBARA CUBIN, Wyoming                    MIKE DOYLE, Pennsylvania
JOHN SHIMKUS, Illinois                    CHARLES A. GONZALEZ, Texas
HEATHER WILSON, New Mexico                JAY INSLEE, Washington
CHARLES W. "CHIP" PICKERING,  Mississippi RICK BOUCHER, Virginia
VITO FOSSELLA, New York                   EDOLPHUS TOWNS, New York
GEORGE RADANOVICH, California             FRANK PALLONE, JR., New Jersey
CHARLES F. BASS, New Hampshire            SHERROD BROWN, Ohio
GREG WALDEN, Oregon                       BART GORDON, Tennessee
LEE TERRY, Nebraska                       BOBBY L. RUSH, Illinois
MIKE FERGUSON, New Jersey                 ANNA G. ESHOO, California
JOHN SULLIVAN, Oklahoma                   BART STUPAK, Michigan
MARSHA BLACKBURN, Tennessee               JOHN D. DINGELL, Michigan
JOE BARTON, Texas                           (EX OFFICIO)                            
  (EX OFFICIO)


                                CONTENTS


                                                                      Page
Testimony of:
     Kneuer, John M.R., Acting Assistant Secretary for 
          Communications and Information, United States 
          Department of Commerce	                                14
     Twomey, Dr. Paul, President and Chief Executive 
          Officer, Internet Corporation for Assigned Names and 
          Numbers	                                                19
     DelBianco, Steve, Vice President for Public Policy, 
          Association for Competitive Technology, on behalf of 
          NetChoice Coalition	                                        25
     Lenard, Thomas M., Senior Vice President for Research, 
          The Progress & Freedom Foundation	                        37
     Feld, Harold, Senior Vice President, Media Access 
          Project	                                                42
     Bohannon, Mark, General Counsel and Senior Vice 
          President, Public Policy, Software & Information 
          Industry Association	                                        61
Additional material submitted for the record:
     Kneuer, John M.R., Acting Assistant Secretary for 
          Communications and Information, United States 
          Department of Commerce, response for the record	        93
     Twomey, Dr. Paul, President and Chief Executive 
          Officer, Internet Corporation for Assigned Names and 
          Numbers, response for the record	                        95
     DelBianco, Steve, Vice President for Public Policy, 
          Association for Competitive Technology, on behalf of 
          NetChoice Coalition, response for the record	                98
     Lenard, Thomas M., Senior Vice President for Research, 
          The Progress & Freedom Foundation, response for the 
          record	                                               101
     Feld, Harold, Senior Vice President, Media Access 
          Project, response for the record	                       102
     Bohannon, Mark, General Counsel and Senior Vice 
          President, Public Policy, Software & Information 
          Industry Association, response for the record	               103


                       ICANN INTERNET GOVERNANCE: 
                              IS IT WORKING?


                     THURSDAY, SEPTEMBER 21, 2006

                       HOUSE OF REPRESENTATIVES,
                  COMMITTEE ON ENERGY AND COMMERCE,
                   SUBCOMMITTEE ON COMMERCE, TRADE, 
                        AND CONSUMER PROTECTION,
                                    AND
          SUBCOMMITTEE ON TELECOMMUNICATIONS AND THE INTERNET,
                                                           Washington, DC.


     The subcommittees met, pursuant to notice, at 2:18 p.m., in 
Room 2322 of the Rayburn House Office Building, Hon. Fred 
Upton [Chairman of the Subcommittee on Telecommunications 
and the Internet] presiding.
     Members Present:  Representatives Upton, Stearns, Shimkus, 
Terry, Markey, Wynn, Gonzalez, Inslee, Eshoo, Murphy, Green 
and Dingell (ex officio).  
     Staff Present:  Kelly Cole, Counsel; Howard Waltzman, Chief 
Counsel, Telecommunications and the Internet; Chris Leahy, 
Policy Coordinator; Brian McCullough, Professional Staff 
Member; Billy Harvard, Legislative Clerk; Anh Nguyen, 
Legislative Clerk; Johanna Shelton, Minority Counsel; and Alec 
Gerlach, Minority Research and Press Assistant.
     MR. UPTON.  Good afternoon.  Today, the Subcommittee on 
Telecommunications and the Internet, in conjunction with the 
Subcommittee on Commerce, Trade, and Consumer Protection, 
chaired by Mr. Stearns, will examine, ICANN Internet governance:  
Is it working?  
     I would like to note that, on a cold February afternoon in 2001, 
I convened my first hearing as Chairman of the 
Telecommunications Subcommittee.  And the subject that day was 
ICANN, the Internet Corporation for Assigned Names and 
Numbers.  The focus that afternoon was protecting our kids on the 
Internet, and the law creating the new dot kids site with the dot 
U.S. country code Internet domain was a product of that very first 
hearing.  
     While much has changed since February 2001, there continues 
to remain constants when it comes to ICANN Internet governance, 
one of which is the Department of Commerce's oversight.  
Commerce continues to have a role regarding oversight of ICANN, 
and I am quite pleased to hear and read that the Memo of 
Understanding was extended beyond September 30th.  I am anxious 
to hear the terms of that agreement.  
     As we discuss the issues this afternoon surrounding ICANN, I 
am particularly interested in details as they relate to some of the 
complaints.  While some believe that the U.N. should assume 
control of ICANN, there are too many red flags for me to ignore.  
Although some have complained about the lack of transparency of 
ICANN, moving its function to the U.N. is no way to fix the 
problem.  In fact, it will likely make it worse.  
     I look forward to hearing from our witnesses today as they give 
their thoughts on how to move forward.  
     Allowing ICANN to continue to develop under the watchful 
eye of the Department of Commerce is not only the right thing to 
do but the most prudent action as well.  The stakes are too high.  
     I yield back my time.  And I would recognize the Ranking 
Member of the full committee, the gentleman from the great state 
of Michigan, Mr. Dingell. 
     [The prepared statement of Hon. Fred Upton follows:]

PREPARED STATEMENT OF THE HON. FRED UPTON, CHAIRMAN, 
SUBCOMMITTEE ON TELECOMMUNICATIONS AND THE INTERNET

     Good afternoon.  Today, the Subcommittee on 
Telecommunications and the Internet, in conjunction with the 
Subcommittee on Commerce, Trade and Consumer Protection, will 
examine "ICANN Internet Governance: Is it Working?"
     I would like to note that, on a cold February afternoon in 2001, 
I convened my first hearing as chairman of the 
Telecommunications Subcommittee, and the subject of that hearing 
was ICANN - the Internet Corporation for Assigned Names and 
Numbers.  The focus that afternoon was protecting our kids on the 
internet, and the law creating the new .kids site within the .us 
country code internet domain was a product of that very first 
hearing. 
     While much has changed since February 2001, there continues 
to remain constants when it comes to ICANN Internet governance, 
one of which is Department of Commerce oversight.  Commerce 
continues to have a role regarding oversight of ICANN, and I am 
quite pleased to hear that the Memo of Understanding was 
extended beyond September 30th.  I am anxious to hear the terms 
of the agreement.  
     As we discuss the issues this afternoon surrounding ICANN, I 
am particularly interested in details as they relate to some of the 
complaints.  While some believe that the UN should assume 
control of ICANN, there are too many red flags to ignore.  
Although some have complained about the lack of transparency of 
ICANN, moving its functions to the United Nations is no way to 
fix that problem.  In fact, it will likely make them worse.
     I look forward to hearing from our witnesses today as they give 
their thoughts on how to move forward.  
     Allowing ICANN to continue to develop under the watchful 
eye of the Department of Commerce is not only the right thing to 
do, but the most prudent action as well.  The stakes are too high.
     I yield back the balance of my time.

     MR. DINGELL.  Mr. Chairman, thank you.  I commend you and 
our other colleague, Mr. Stearns, for holding this hearing.  I think it 
is a very important one.  It involves the Internet Corporation for 
Assigned Names and Numbers, and this is something which is 
critically important to our national and economic security.  The 
Internet is also an important tool for communication and 
commerce worldwide.  It is ICANN's job to assure the many 
technical--I hope everybody heard that word--technical pieces of 
the Internet from root servers to domain name registries are 
coordinated and function smoothly and securely.  Therefore, 
ICANN's actions are a matter of deep concern to many and to this 
Congress.  
     ICANN continues to fall short in representing the interests of 
the broad Internet community.  The last time, under your 
leadership, Mr. Chairman, this committee held a hearing on 
ICANN more than 5 years ago.  Many serious questions were 
raised at that time.  While ICANN has since made some progress 
in instituting reforms, several fairness, transparency and 
accountability issues and problems remain.  Following the creation 
of the Internet in the U.S., ICANN was formed in 1998 as a global 
nongovernmental organization with guiding principles of stability, 
competition, bottom-up coordination and representation.  
     The Department of Commerce's relationship with ICANN was 
under review at last year's United Nations World Summit on the 
Information Society.  With the bipartisan support of this committee 
and the Congress, attempts to shift Internet control away from the 
current framework were quelled.  The international community 
instead reached consensus on maintaining a stable and secure 
Internet and continuing further dialogue on Internet governance.  
That said, we cannot allow U.S. interests to be put at risk by 
blindly ignoring ICANN's flaws or failing to seek improvement 
for fear of global dissatisfaction.  Indeed, I would worry that there 
may perhaps be more risk to us in ignoring than in proceeding to 
address this matter.  As the Department negotiates an extension of 
the Memorandum of Understanding, further reforms must be 
sought.  And the Memorandum of Understanding must be held up 
to the light for all to see and understand.  ICANN remains far from 
a model of effective and sustainable self governance.  It seems, 
however, to be a device which has a rich opportunity for prosperity 
and profit to some.  Moreover, the Department should be sensitive 
that the manner in which the dot com registry contract is renewed 
bears on the integrity of ICANN and the Department itself.  
     After a legal dispute between ICANN and VeriSign, they 
agreed on a new contract to enable VeriSign to continue operation 
of the dot com registry.  ICANN's approval of this new contract 
has been roundly criticized by stakeholders in the Internet 
community as anti-competitive and as lacking in fairness, 
transparency, and accountability.  We will want to know whether 
those facts are so.  It appears that, even though the current contract 
does not expire until November 2007, ICANN and VeriSign got 
together off the record and agreed on a mutually beneficial 
settlement to a legal dispute and then rushed approval of a new dot 
com contract changing longstanding registry policies without 
effectively addressing input from the broader Internet community.  
     I have previously raised questions over the apparent lack of 
arms-length negotiations between ICANN and VeriSign, and I take 
little comfort that ICANN has apparently not changed its behavior.  
The proposed contract is worrisome in part because it would 
remove the prospect of competitive bidding for the dot com 
registry--and I think that is an important matter--and the better 
services and lower prices that could result for the public.  This 
change is particularly troubling since, last year, VeriSign lowered 
its registration from $6 to $3.50 and implemented other 
improvements when the dot net registry contract was re-vetted.  
     We, I think, should be inquiring as to why some benefit of this 
kind has not transpired with regard to other contracts and perhaps 
why people were interested in achieving this kind of goal instead 
of one which gave us more competition.  Another problem is that 
under the dot com contract, which represents by far the largest and 
most profitable Internet registry, VeriSign would be permitted to 
raise registration fees by 7 percent in 4 of the next 6 years without 
the justification of infrastructure investment that occurs today.  
And I note that one of the things that we see in technical matters 
and technology is that prices tend to go down when there is 
competition.  We do not see it going down.  We see it going up.  
     The Department must take sufficient time to review fully the 
implications of this agreement.  With years to go before the 
contract expires, there is no need for haste.  ICANN and, 
ultimately, the Department, must ensure that all registry 
agreements are made in a fair and open process and that they are 
fair to all who are concerned.  And this must be done with attention 
to ICANN's core principles.  Our constituents may not be familiar 
with ICANN, but they use domain names every day, and they need 
and deserve assurance that their government is doing all it can to 
support a secure and well-governed Internet.  They also need to 
know that this Nation, because of the way we are managing these 
things, is not losing the support of the international community, a 
matter of concern to me also today.  
     I thank our witnesses for coming before us today, and, 
gentlemen, I look forward to your testimony.  
     Thank you, Mr. Chairman for your courtesy.
     MR. UPTON.  Thank you.  
     I recognize the Chairman of the Subcommittee on Commerce, 
Trade, and Consumer Protection, Mr. Stearns.  
     MR. STEARNS.  And I thank my colleague and I welcome this 
opportunity to have this joint hearing between our two 
subcommittees.  I think we have an opportunity to better 
understand how the safe and secure functioning of the Domain 
Name System, the DNS, under the watch of ICANN is integral to 
protecting consumers strengthening the United States economy and 
providing the Internet security necessary for e-commerce and other 
sensitive online functions.  We all know what the Internet has done 
since the Telecom Act of 1996, and we see that the Internet has 
fueled increase productivity here in America.  
     At home, the Internet has led a tremendous, tremendous 
economic growth for innovative American and global companies.  
According to Forrester Research, online retailers achieved over 
$170 billion in sales during 2005 and expect to make over $300 
billion by the year 2010.  The annual value of business-to-business 
transaction is approximately valued at $2 to $3 trillion.  So I 
believe the DNS system administered by ICANN, with very 
significant private sector involvement, has been, as my colleagues 
have pointed out, a total success.  
     Restructuring this arrangement--one that has obviously worked 
well over many years--could very well lead to greater uncertainty, 
less innovation, and fewer choices for consumers.  The Internet is 
built upon the flexibility to develop from the bottom up, rather than 
from governmental mandates.  But despite the success of the 
Internet under this model and under ICANN since 1998, some 
governments around the world would like to see some changes.  
Specifically, some would like to see it put under the U.N. agency.  
The fact is, of course, that the United States invented, developed 
and shared the Internet with the world.  Heavy-handed government 
involvement, particularly by supra-national institutions like the 
United Nations, I think, would spell disaster for a system that is 
thriving around the world.  Politics and policy agendas have no 
place in the ICANN system and in the operation of the DNS.  I will 
oppose any efforts for a number of reasons to put it under the U.N. 
jurisdiction.  The Internet is just too important for the positive 
economic and social benefits for this country, and second, "if it is 
not broke, don't fix it."  The current structure has been successful 
and works.  
     On another issue that I would like to discuss with my 
colleagues, through our subcommittee, is the tangential effect any 
changes could have on the prevalence of online fraud and general 
consumer protection, as well as the less obvious security issues 
that would most certainly develop if we start making wholesale 
changes to ICANN and the way the DNS is administered.  My 
subcommittee has had hearings.  We have looked at a number of 
issues through the Federal Trade Commission.  They have the 
jurisdiction of enforcing these.  What is clear is that the Internet 
scams continue to proliferate, and we must continue to try to give 
the Federal Trade Commission the tools they need to stop these 
frauds.  I want the ICANN governance structure and its technical 
requirements to help the Federal Trade Commission's ability to 
combat fraud, not hinder it.  Mechanisms that provide information 
about owners of websites and domain names is one way we are 
helping fortify the DNS system, and I believe, my colleagues, we 
need to preserve that.  The system is working and is working well.  
I am not interested in making changes that would in any way 
endanger what has proven to be one of the most powerful tools in 
history for empowering American commerce and the American 
consumers.  And I would like to thank our witnesses today for 
attending and their participation.  Thank you.
[The prepared statement of Hon. Cliff Stearns follows:]

PREPARED STATEMENT OF THE HON. CLIFF STEARNS, CHAIRMAN, 
SUBCOMMITTEE ON COMMERCE, TRADE, AND CONSUMER 
PROTECTION

     Good afternoon.  I'm very pleased that we have an opportunity 
to understand better how the safe and secure functioning on the 
Domain Name System (DNS) under the watch of ICANN is 
integral to protecting consumers, strengthening the U.S. economy, 
and providing the Internet security necessary for e-commerce and 
other sensitive on-line functions. The economic might of the 
Internet is everywhere.  It is has been adopted by both the titans of 
global commerce and the local main street store in the smallest 
towns in America.  The Internet has fueled an increase in 
productivity worldwide, but has also provided positive economic 
and social benefits to many parts of the world that previously had 
limited contact with the global marketplace.  At home, the Internet 
has led to tremendous economic growth for innovative American 
and global companies and has given consumers powerful new tools 
to stay informed and empowered.  According to Forrester 
Research, online retailers achieved over $170 billion in sales 
during 2005 and expect to make over $300 billion by 2010. The 
annual value of business-to business transactions is approximately 
valued at $2-3 trillion dollars.  
     I believe the DNS system administered by ICANN, with very 
significant private sector involvement, has been a success.  
Restructuring this arrangement - one that has worked well over the 
years - could very well lead to greater uncertainty, less innovation, 
and fewer choices for consumers.  The Internet is built upon the 
flexibility to develop from the bottom up, rather than from 
governmental mandates.  But despite the success of the Internet 
under this model and under ICANN since 1998, some governments 
around the world would like to see changes. Specifically, some 
would like to see it put under a U.N. agency.  The fact is that the 
U.S invented, developed and shared the Internet with the world.  
Heavy-handed government involvement, particularly by supra-
national institutions like the United Nations, would spell disaster 
for a system that is thriving around the world.  Politics and policy 
agendas have no place in the ICANN system and in the operation 
of the DNS.  I WILL OPPOSE any such efforts for a number of 
reasons.  First, the Internet is too important for the positive 
economic and social benefits it has brought the world to be 
weighed down by a dysfunctional, multi-government bureaucracy.  
And second, "if it's not broke, don't fix it."  The current structure 
has been success and WORKS!  If improvements are required to 
ICANN and its processes, that is a much easier process than 
constructing another U.N organization.  

Another issue important to the Commerce Trade, and Consumer 
Protection Committee is the tangential effect any changes could 
have on the prevalence of on-line fraud and general consumer 
protection, as well as the less obvious security issues that would 
most certainly develop if we start making wholesale changes to 
ICAAN and the way the DNS is administered. My Subcommittee 
has looked at a number of issues that the FTC is charged with 
enforcing.  What is clear is that Internet scams continue to 
proliferate, and we must continue to try to give the FTC the tools 
they need to stop these frauds.  I want the ICANN governance 
structure and its technical requirements to help FTC's ability to 
combat fraud, not hinder it.  Mechanisms that provide information 
about owners of websites and domain names is one way we are 
helping fortify the DNS system, and I believe we need to preserve 
that.  The system is working and is working WELL.  I am not 
interested in making changes that would in any way endanger what 
has proven to be one of the most powerful tools in history for 
empowering American commerce and the American consumer.
     Again, I'd like to thank everyone for joining us this afternoon 
and I look forward to the testimony of this distinguished panel.
     Thank you.

     MR. UPTON.  Thank you, Mr. Stearns.  I would recognize the 
Ranking Member of the Subcommittee on Telecommunications 
and the Internet, Mr. Markey, from Massachusetts, for an opening 
statement. 
     MR. MARKEY.  Thank you, Mr. Chairman.
And thank you to Chairman Stearns as well for calling this 
hearing today on Internet governance.  
     ICANN is an organization with international representation 
that, through an agreement with the United States Department of 
Commerce, manages a system of Internet domain names.  Simply 
put, ICANN's role is to coordinate the management of the 
technical elements of the domain name system so that the Internet 
users the world over can efficiently ensure that there are valid 
addresses, whether they are the top level domains, dot com, dot org 
or others.  It has been several years since we had an oversight 
hearing on the NTIA and its handling of the Memorandum of 
Understanding between the U.S. Government and ICANN.  
     At the last hearing, it was evident that ICANN was struggling 
in several areas, including the adequacy and efficiency of its 
various processes and its responsiveness to the Internet community 
generally.  I think it is fair to say that ICANN has made strides and 
has improved its operations in many ways.  And I want to 
commend Dr. Paul Twomey for efforts he has made to ensure that 
ICANN functions in a manner consistent with ICANN's mandate 
as well as our broader goals for the Internet.  
     I do not believe that the United Nations or a variation of the 
same can or should replace ICANN.  Having said that, I do not 
believe that means we ought to simply leave ICANN to its own 
devices without comment or critique.  So while it has improved, I 
do not believe that ICANN has finished its task, reformation.  For 
example, I believe that the organization ought to explore additional 
ways of ensuring that its so-called constituency effectively 
captures the demographics and uses of the Internet today.  This is a 
challenging task, as the Internet, at its best, is constantly being 
reinvented.  
     In addition, I remain concerned that ICANN still lacks an 
effective means for achieving accountability.  Aggrieved parties 
need some way through some impartial vehicle and through a 
dispassionate arbiter to register complaints and seek redress if 
warranted.  More challenging is addressing a practical dividing line 
between what ICANN is tasked to do and what it is not intended to 
do.  Many have lamented that ICANN appears to set policy when it 
was simply set up to do rather narrow technical issues.  In 
ICANN's defense, some rather narrow technical resolutions can 
have practical and significant policy implications.  As Mitch 
Kapur, the founder of Lotus, has said, architecture is policy.  And 
to the extent to which ICANN has some role in the technical 
configuration of the DNS, it is, willing or not, going to affect, 
directly or indirectly, Internet policy for companies and countries.  
     The reality is that NTIA must ensure that the Memorandum of 
Understanding clearly restrains unintended policymaking by 
ICANN, and NTIA must also be willing to speak up when ICANN 
transgresses its charter.  Otherwise, all we get is high-tech 
handwringing.  And I get to paraphrase Winston Churchill again 
about ICANN being the worst form of Internet governance except, 
of course, all other forms.  
     Finally, as we look forward, the future of ICANN and its 
ongoing reform, I do have some concerns that the recent agreement 
with VeriSign has several provisions which evidence tendencies 
towards a counter-reformation.  I would encourage NTIA to very 
closely examine the provisions of this new contract.  First, it 
appears that the amount and mechanism for determining prices is 
untethered to any data about actual cost and is itself untethered 
from commitments to perform functions for which these price 
increases are ostensibly justified.  I am not saying the prices cannot 
be justified somehow or that the contract cannot be easily amended 
to correct deficiencies in the apparent latitude of uses for which 
this additional revenue may be used.  All I am saying is that they 
are not now.  And parenthetically, saying that these price caps 
were run by the Bush Administration's antitrust division is like 
saying that they checked with Rip Van Winkle, because that 
division has suffered a 5-year bout of bureaucratic narcolepsy.  In 
short, the historic sound of its marketplace-protecting bark has 
been drowned out by the hum of its snoring.  So there is little 
comfort in any such consultation.  
     Finally, we have spent considerable time here and in the 
Homeland Security Committee debating terrorism and cyber 
security.  In the pending ICANN-VeriSign contract, there is no 
baseline for oversight for monitoring and mitigating ongoing 
security risks to the DNS.  ICANN should modify this agreement 
to ensure that operators provide detailed security plans and 
safeguards for the DNS.  ICANN would do well to develop 
independent means of assessing vulnerabilities so that these can be 
addressed in future agreements as necessary.  These economic 
security and national security shortcomings are ones that NTIA 
clearly has an opportunity and an obligation to address.  Again, I 
want to thank the chairmen for your hearing today.  And I yield 
back the balance of my time.  
     MR. UPTON.  Thank you.  
     The gentleman from Illinois, Mr. Shimkus.  
     MR. SHIMKUS.  Thank you Mr. Chairman.  Thank you for this 
hearing.  We all know the history of ICANN and this issue of 
memorandums of understanding and the domain debate.  A few of 
us have dealt with ICANN personally, and I am glad to see my 
friend, Mr. Markey, here, because, as a new member, when we 
started doing our dot kids debate dealing with ICANN, we found 
ICANN to be everything frustrating that it advertised itself to be; 
not transparent, not open, but confusing, frustrating.  So that is 
why, when we are in this time of this extension of this 
Memorandum of Understanding, having not seen any real reforms 
based upon our previous, our last dealings with ICANN, you 
know, I really would hope that the NTIA would really go to work 
and help us believe that there is a process here by which the public 
as a whole can have some light of day.  I mean, the public demands 
from politicians that the light of day be shown on our activities.  
And we move to do that through campaign finance reform, through 
public debate, through all sorts of issues.  There is no reason why 
this ICANN cannot be more open, more accessible, more visible.  
     And I think we have failed.  And that is why the importance of 
this hearing here is to ask these questions in which we will--I will 
do it when I get a chance to get into my line of questioning, sole 
proprietorship.  The ability to affect the lives of the Internet system 
is not acceptable without scrutiny.  Having the ability to have it--
we still want it under the NTIA.  We want to make sure it stays 
within the purview of a trusted international country like the 
United States so we know that there is safety and security.  With 
what has gone on at the U.N. the last couple of days, the last thing 
we would want is any movement in an international community.  
Could you imagine the farce and the jokes that that would create of 
the World Web and the Domain Names System?  So thank you, 
Mr. Chairman.  I hope to learn a lot from this hearing.  I yield 
back.  
     MR. UPTON.  Mr. Gonzalez.
     MR. GONZALEZ.  Waive opening.
     MR. UPTON.  Mr. Wynn.  
     Ms. Eshoo. 
     MS. ESHOO.  Thank you, Mr. Chairman, for holding this 
hearing.  I think it is an important one.  And it is a subject matter 
that hasn't been visited by the committee for a number of years.  In 
fact, I think it was February 2001, and it was your first hearing as a 
subcommittee chairman.  So I welcome it.  
     I think that there are issues to examine here, and I think that it 
is an opportune time to say that ICANN, like any new 
organization, always has to go through growing pains.  And since 
it was created 8 years ago, you have certainly had yours and been a 
frequent target of criticism among the Internet global community.  
Some of the criticisms, I think, are legitimate, and they are 
appropriate.  And I think that ICANN still continues to struggle to 
exercise appropriate and thorough oversight over the technical and 
administrative functions under its jurisdiction.  I think ICANN and 
consumers would benefit enormously from more transparency.  
Maybe it isn't written anywhere in the agreement or in the 
directive that says you don't have to speak to anyone, but, you 
know what, it is not such a good way to operate.  
     And so I think that transparency should be taken seriously by 
the organization and that you take some really solid steps to bring 
about transparency and broader input, as Mr. Markey said, from 
the Internet constituents.  That would go a long, long way, and it is 
beyond me why that doesn't happen, but you know, in life, when 
you don't talk to someone, it is the first sign of something not 
being healthy.  So I wanted to touch on that.  
     Of course, you were founded in response to growing concerns 
about U.S. domination of the Internet, and I think today still many 
countries believe that the United States continues to exert undue 
influence over the organization and the administrative functions of 
the Internet.  I think that it is important to note that you have 
enjoyed several noteworthy accomplishments.  You have 
successfully introduced competition to both the retail and the 
wholesale domain name business and both of those were former 
monopolies.  So that is a big transition.  Driven down prices in the 
domain name market worldwide.  
     I think it is also important to note that, under ICANN's tenure 
as the manager of the Internet, that domain names have coincided 
with an explosion of Internet usage.  Today, more than 1 billion 
users worldwide rely on the Internet.  And that is absolutely 
extraordinary.  That is a 300 percent increase since 2001, almost a 
300 percent increase since you became subcommittee chairman.  
     It is now estimated that 25 percent of America's economic 
value moves over network connections each day.  That is quite 
extraordinary.  I think that ICANN and the domain name service 
providers it manages have been successful in defending the system 
from security threats and kept the system up and running.  The 
most important and heavily trafficked domains, the dot com and 
the dot net, are operated by VeriSign, whom you are very familiar 
with, and they are a company headquartered in my district in 
Mountain View, California.  And they have maintained 
100 percent up time for dot com, and it has never failed.  
     I have heard from people on the management of these issues.  
Again, I think that transparency is something that's really needed--
more transparency brought to the process.  
     So we have a lot of catch up in talking to you today because we 
haven't done that for a long time.  So, Mr. Chairman, I am glad 
that you are having the hearing.  I hope that in the next Congress 
and future congresses, that we won't wait as long to come back to 
this.  This is an area that is growing in leaps and bounds, and I 
think that our oversight and our interest in it needs to be brought 
more into play with all the stakeholders that are a part of it.  So I 
am glad you are here.  Thank you for having the hearing.  I will 
look forward to talking to you and asking some questions.
     [Additional statements submitted for the record follows:]

PREPARED STATEMENT OF THE HON. JOE BARTON, CHAIRMAN, 
COMMITTEE ON ENERGY AND COMMERCE

     Thank you, Mr. Chairman, for holding this joint subcommittee 
hearing on the Internet Corporation for Assigned Names and 
Numbers, otherwise known as ICANN.  ICANN is one of the 
"behind-the-scenes" organizations that help run the Internet.  More 
specifically, ICANN is responsible for the addressing and naming 
functions of the Internet to ensure universal resolvability - which 
simply means that when I type an address into my browser, like 
www.house.gov, that I actually get to the website I want. 
     It's been five years since this Committee's last hearing on 
ICANN, and much has changed since 2001.  Five years ago, this 
Committee was inundated with complaints about how ICANN was 
run, what its mission should be, and its unresponsiveness.  And 
while complaints about accountability and transparency have not 
disappeared, we have before us today a much-improved ICANN 
that is capable of managing the technical functions it has been 
assigned.  
     But I do not believe that it is time to eliminate the Commerce 
Department's oversight role in ICANN.  ICANN has some work to 
do before I would be comfortable asking the Department of 
Commerce to permit ICANN to be totally independent.  
     Even with its deficiencies, however, ICANN offers a far better 
model to achieve transparency and administrative fairness than the 
U.N.  Private sector leadership has enabled the Internet to evolve 
into the great medium it is today.  Given the Internet's importance 
to the U.S. economy as well as the global economy, it is essential 
that the underlying domain name system of the Internet remains 
stable and secure.  While the attempt to give these functions to the 
United Nations failed earlier this year, I do not expect this debate 
to disappear.  But I will continue to oppose this idea - there is little 
the United Nations can do that private industry can't do better.  
     I look forward to the testimony of our witnesses and thank you 
for holding this hearing.

     MR. UPTON.  Thank you.  
     I want to thank our panel for submitting their testimony early.  
I will tell you that it is part of the record in its entirety.  At this 
point, we are going to ask you to summarize your testimony and 
not to exceed 5 minutes.  I believe there is as a clock in the front.  I 
think it is behind Mr. DelBianco.  When the red light goes on, that 
means the 5 minutes has expired.  And we will try to do the same 
for members.  I will ask unanimous consent that all members have 
the opportunity to put their statements in as part of the record at the 
beginning.  
     We are joined by Mr. John Kneuer, Acting Assistant Secretary 
for Communications and Information, from the United States 
Department of Commerce; Mr. Paul Twomey, President and CEO 
of Internet Corporation for Assigned Names and Numbers, 
ICANN; Mr. Steve DelBianco, Vice President for Public Policy 
from the Association for Competitive Technology on behalf of 
NetChoice Coalition; Mr. Thomas Lenard, Senior VP for Research 
from the Progress & Freedom Foundation; Mr. Harold Feld, Senior 
VP for the Media Access Project; and Mr. Mark Bohannon, 
General Counsel and Senior VP of Public Policy for the Software 
& Information Industry Association. 

STATEMENTS OF JOHN M. R. KNEUER, ACTING ASSISTANT SECRETARY FOR COMMUNICATIONS 
AND INFORMATION, UNITED STATES DEPARTMENT OF COMMERCE; PAUL TWOMEY, 
PRESIDENT AND CHIEF EXECUTIVE OFFICER, INTERNET CORPORATION FOR ASSIGNED NAMES 
AND NUMBERS; STEVE DELBIANCO, VICE PRESIDENT FOR RESEARCH, THE PROGRESS & 
FREEDOM FOUNDATION; HAROLD FELD, SENIOR VICE PRESIDENT, MEDIA ACCESS PROJECT; 
AND MARK BOHANNON, GENERAL COUNSEL AND SENIOR VICE PRESIDENT, PUBLIC POLICY, 
SOFTWARE & INFORMATION INDUSTRY ASSOCIATION  
  
     MR. UPTON.  Gentlemen, we are delighted that you are here.  
     Mr. Kneuer, we will start with you.  Welcome. 
     MR. KNEUER.  Thank you.
     Chairman Upton, Chairman Stearns, members of the 
committee, my name is John Kneuer.  Thank you for this 
opportunity to testify before the committee on the progress of 
ICANN meeting its obligations under its Memorandum of 
Understanding with the Department of Commerce.  The 
department continues to believe that the stability and security of 
the Internet and Domain Name System can best be achieved by 
transitioning to the private sector.  The vehicle for that transition 
has been ICANN and the memorandum of understanding that it has 
with the Department of Commerce.  
     This Memorandum of Understanding does not establish a 
relationship of regulator and regulated between the department and 
ICANN; rather it is a vehicle for our cooperation and participation 
in achieving this transition in an efficient manner.  Under the terms 
of the MOU, we offer our expertise and advice on the transition, 
and we monitor ICANN's performance under the MOU.  
     The current MOU was drafted to permit the department and 
ICANN to measure progress towards concrete goals and 
objectives.  When the current MOU was entered into in 2003, 
ICANN had just completed its own internal review of its processes 
and was well into the process of implementing structural and 
organizational changes.  That MOU, the most current MOU, is 
intended to provide a vehicle and a tool for measuring their 
progress and making those reforms.  
     The current MOU expires on September 30th of this year.  In 
preparation for that expiration and examining what the path 
forward would be, at NTIA, we undertook a public consultation 
this summer.  We issued a notice of inquiry, held public meetings.  
We received more than 700 comments from interested parties 
around the world, from governments, nongovernmental entities, 
registrars, registries, pretty much the entire cross-section of 
interested stakeholders in the Internet.  The majority of these 
stakeholders continue to endorse the original principles put 
forward in the MOU and those that guided DNS transition, 
stability and security, competition, bottom-up policy coordination 
and broad representation.  More importantly, the consultation 
revealed strong support for more specific focus on transparency 
and accountability for ICANN, the continued involvement of the 
Department of Commerce in helping with this transition.  
     As we approach the end of this term of the MOU, we are 
working with ICANN, and we are negotiating an extension of the 
MOU.  In conclusion, we continue to be supportive of private-
sector leadership in the coordination of the technical functions 
related to the management with DNS.  Furthermore, we continue to 
support the work of ICANN as the appropriate coordinator of these 
technical functions.  Both ICANN and the department agree that 
preserving security and stability of the Internet DNS is a critical 
priority that will guide our work in the next stage of the transition.  
Thank you, and I will look forward to any of your questions. 
     [The prepared statement of John M. R. Kneuer follows:] 

PREPARED STATEMENT OF JOHN M. R. KNEUER, ACTING 
SECRETARY FOR COMMUNICATIONS AND INFORMATION, UNITED 
STATES DEPARTMENT OF COMMERCE

     Mr. Chairman,
     Thank you and the members of the Committee for this 
opportunity to testify on the progress of the Internet Corporation 
for Assigned Names and Numbers (ICANN) under the 
Memorandum of Understanding (MOU) between ICANN and the 
Department.
     The Administration recognizes the critical importance of the 
Internet to the economic and social well-being of the United States 
and the global community, and is committed to its future growth.  
The Department has been charged with preserving the stability and 
security of the Internet's underlying infrastructure - the domain 
name and addressing system.  I am pleased to have this opportunity 
to share the results of our efforts to date, as well as our perspective 
for the future.

The Department's Relationship with ICANN
     The Department continues to believe that the stability and 
security of the Internet domain name and addressing system (DNS) 
can best be achieved by transitioning the coordination of the 
technical functions related to the management of the DNS to the 
private sector.  The vehicle for achieving this goal is the MOU 
between the Department and ICANN.  As the Committee will 
recall, ICANN was formed in 1998 in response to the Department 
of Commerce's call for a partner to lead the transition to private 
sector management of the DNS.
     In September, 2003, the Department and ICANN agreed to 
renew the MOU for a period of three years, with several date-
specific milestones and broad tasks aimed at guiding ICANN to a 
stable, independent, and sustainable organization.  The expectation 
of the Department was that the three-year time frame would allow 
ICANN sufficient opportunity to formalize appropriate 
relationships with the organizations that form the technical 
underpinnings of the Internet,  secure the necessary resources to 
ensure its long-term independence, improve its mechanisms for 
broad participation by all Internet stakeholders, and continue to 
improve its decision-making processes. The Department plays no 
role in the internal governance or day-to-day operations of the 
organization.  However, under the terms of the MOU, the 
Department monitors and ensures that ICANN performs the MOU 
tasks, and offers expertise and advice on certain discrete issues.
     As you may recall, this relationship was the focus of much 
debate at last year's United Nations World Summit on the 
Information Society.  To provide clarity to this debate, the 
Administration issued the U.S. Principles on the Internet's Domain 
Name and Addressing System.  In this set of principles, the 
Administration reiterated its commitment to preserving the security 
and stability of the Internet domain name and addressing system; 
recognized that governments have legitimate public policy and 
sovereignty concerns with respect to the management of their 
country code top level domains; reaffirmed its support for ICANN; 
and encouraged continued dialogue on Internet governance issues.  
After much discussion and debate, and with your help and support, 
the international community arrived at a consensus on the 
importance of maintaining the stability and security of the Internet, 
the effectiveness of existing Internet governance arrangements, and 
the importance of the private sector in day-to-day operations of the 
Internet.

Measuring Progress 
     The current MOU was deliberately crafted to permit the 
Department and ICANN to measure progress toward discrete goals 
and objectives.  When this MOU was entered into in September, 
2003, ICANN had just completed an internal review and reform 
effort, and was well into the process of implementing the structural 
and organizational changes called for through that process.  In the 
course of the past three years, ICANN has successfully met many 
of the MOU's date-specific milestones, which included the 
following:  
      developing a strategic plan addressing administrative, 
financial and operational objectives; 
      developing a contingency plan to ensure continuity of 
operations in the event ICANN incurs a severe disruption 
of such operations, by reason of bankruptcy, corporate 
dissolution, natural disaster or other financial, physical or 
operational event; 
      conducting a review of  corporate administrative and 
personnel requirements and corporate responsibility 
mechanisms;
      developing a financial strategy to secure more predictable 
and sustainable sources of revenue;
      improving its processes and procedures for the timely 
development and adoption of policies related to the 
technical management of the DNS; 
      implementing reconsideration and review processes, 
including an Ombudsman and commercial arbitration 
clauses in ICANN contracts; 
      developing a strategy for the introduction of new generic 
top level domains, including internationalized domain 
names;
      enhancing broader participation in ICANN processes by the 
global community through improved outreach, regional 
liaisons, and multilingual communications;
      publishing annual reports on community experiences with 
the WHOIS Data Problem Reports System, used to report 
inaccuracies in the submission of WHOIS data by domain 
name registrants; and
      publishing annual reports on the implementation of the 
WHOIS Data Reminder Policy, which domain name 
registrars are required to send to domain name registrants.

     ICANN has also made steady progress toward the MOU's 
broader tasks, including: entering into an agreement with the 
Regional Internet Registries to facilitate the development of global 
addressing policy, and developing and implementing new 
accountability framework agreements with many country code top 
level domain operators.

Future Relationship
     The current MOU expires on September 30, 2006.  Over the 
course of the past year, the Department has conducted an internal 
review of its relationship with ICANN.  To complement the 
Department's internal review of ICANN's progress under the 
MOU, the National Telecommunications and Information 
Administration (NTIA) initiated a public consultation process to 
obtain the views of all interested stakeholders.  In May, 2006, 
NTIA issued a Notice of Inquiry on the Continued Transition of the 
Technical Coordination and Management of the Internet Domain 
Name and Addressing System to solicit views on such issues as:
      ICANN's progress in completing the core tasks and 
milestones contained in the current MOU, and whether 
these activities are sufficient for transition to private sector 
DNS management by the scheduled expiration date of the 
MOU, of September 30, 2006;
      Whether the principles underlying ICANN's core mission 
(i.e. stability, competition, representation, bottom-up 
coordination and transparency) remain relevant and 
whether additional principles should be considered;
      Determining whether the tasks and milestones contained in 
the current MOU remain relevant, and/or whether new 
tasks would be necessary;
      Assessing whether all key stakeholders are effectively 
represented and involved in ICANN's activities, and if not, 
how that could be accomplished; and
      Whether new methods or processes should be considered 
to encourage greater efficiency and responsiveness.

     NTIA received and analyzed over 700 responses from 
individuals, private corporations, trade associations, non-
governmental entities, and foreign governments.  NTIA invited a 
representative sample of these interested stakeholders to participate 
in a public meeting on July 26, 2006.  Representatives from the 
Regional Internet Registries, the root server operators, registrars, 
registries, country code top level domain operators, the Internet 
Society, the Internet research and development community, 
trademark interests, the user community, the business community, 
and a representative from the Canadian government shared their 
perspectives on the questions NTIA posed to the global Internet 
community.  Well over one hundred interested stakeholders 
participated in the public meeting.
     This public consultation process revealed broad support for 
continuing the transition the coordination of the technical functions 
related to the management of the DNS to the private sector through 
the continued partnership between the Department and ICANN.  A 
majority of interested stakeholders continue to endorse the original 
principles put forward to guide the DNS transition - stability and 
security; competition; bottom-up policy coordination; and broad 
representation.  Equally importantly, the consultation process 
revealed strong support for a more specific focus on transparency 
and accountability in ICANN's internal procedures and decision-
making processes, and the continued involvement of the 
Department of Commerce in this transition.
     As we approach the end of this term of the MOU, we are 
working with ICANN to negotiate the next phase of our continued 
partnership.

Conclusion
     In conclusion, the Department continues to be supportive of 
private sector leadership in the coordination of the technical 
functions related to the management of the DNS as envisioned in 
the ICANN model.  Furthermore, the Department continues to 
support the work of ICANN as the coordinator for the technical 
functions related to the management of the Internet DNS.  Both 
ICANN and the Department agree that preserving the security and 
stability of the Internet DNS is a critical priority that will 
guide/govern the next stage in the transition process.  
     Thank you and I would be happy to answer any questions that 
you may have. 

     MR. UPTON.  Thank you.  
     Dr. Twomey. 
     DR. TWOMEY.  Thank you, Chairman Upton.
     Thank you, Chairman Stearns.
     And thank you, members of both committees for the 
opportunity to speak to you today in my role as President and CEO 
of ICANN.  I feel, after all the members' statements, I should 
simply stop.  I think you have so much knowledge of the 
organization.  
     But the best I could say, you know, ICANN has been 
recognized by the world community as the global authoritative 
body on the technical and organizational means to ensure the 
stability and interoperability of the DNS and the distribution of 
unique identifiers for the Internet, in particular IP addresses.  
     Since appearing last before Congress, which was nearly 2 years 
ago in the other place, ICANN has continued to secure a stable and 
secure Internet that ensures universal resolvability.  ICANN has 
fostered greater choice, lower costs and better services to DNS 
registrants, including over 10 million businesses in the United 
States alone.  ICANN's successful coordination of its community 
underpins the operation of the global Internet.  
     Each day, the system supports an estimated 30 billion 
resolutions, nearly 10 times the number of phone calls in North 
America each day.  And as members have already pointed out, 
nearly $2 trillion of e-commerce a year flows across this network.  
Why is universal resolvability important?  Success means that 
Internet addresses resolve in the same way for every one of the 
Internet's global users, every one of the one billion people who use 
the Internet online.  
     As part of the international private-sector entities tasked to 
provide technical coordination of the domain system, ICANN in 
recent years has recognized six new agreements for gTLD registry 
operations and has finalized negotiations and is waiting for 
approval of five others.  All of the pending agreements have set out 
language with a greater accountability to ICANN on security and 
stability concerns and also provide greater opportunity for ICANN 
to act in the event of actions of registries or such other issues that 
might arise from registry operator practices.  
     I might point out to members that all of these agreements have 
been sent out in an open and consultative process.  The new 
general framework for these contracts was first released publicly 
18 months ago and has been discussed over this time, including in 
four global meetings, and has received several thousand public 
consultation receipts.  To give you a specific example, the dot com 
agreement is part of a larger, overall settlement of a longstanding 
dispute with VeriSign over its desire to introduce new registry 
services.  We engaged in a 4-month public process, which included 
two different public comment periods, the receipt of over 600 
public comments and the substantial renegotiation of key terms 
important to our community.  We look forward to the Department 
of Commerce approving the agreement as provided for in the 
specifics.  New registry agreements have already benefited the 
Internet community by creating a better working relationship 
between ICANN and key registry operators, perhaps turning to the 
relationship with the United States Government.  ICANN has been 
engaged in a longstanding and important relationship with the 
United States Government.  
     ICANN is about to successfully complete the sixth separate 
amendment to the original Memorandum of Understanding with 
the DOC.  And as Mr. Kneuer pointed out, ICANN and the DOC 
are in conversation about the steps forward.  ICANN has recently 
entered into a new 5-year arrangement for ICANN to manage the 
Internet address naming authority function.  ICANN and the NTIA 
are in final stages of discussions which will confirm an appropriate 
continuing relationship and will recognize ICANN's global private 
sector role and continue the transition of the coordination of 
technical functions and the management of the DNS to the private-
sector.  One of the greatest achievements of ICANN has been the 
successful creation, support, and coordination of an ICANN 
community and the creation of the bottom-up policy, making 
process supported by various stakeholders involved in the DNS.  
The evolution of this model continues in many ways but most 
recently in the following actions.  This week the ICANN board has 
commenced a review of its own guiding principles and is 
publishing soon a set of private-sector management operating 
principles, which will be offered for public review and will be 
directed, in many respects, to some of the issues raised by 
members.  
     Last week, the London School of Economics provided the 
ICANN commission an independent third-party review of one of 
ICANN's key policy development supporting organizations, 
ICANN's generic name supporting organization.  The information 
contained in this review will likely result in considerations of 
additional improvements to ICANN's GNSO and supporting 
organizational structures.  The key point to point out here is 
ongoing evolution and ongoing listening to the community about 
the need to evolve as an organization, both to evolve concerning 
constituencies and evolve concerning processes and evolve 
concerning principles for the operation of the organization.  
     I might just finish with perhaps three--two comments 
concerning, I think, real achievements of ICANN to address some 
of the issues members may have heard about and one final 
comment about transparency and accountability.  ICANN has been 
very concerned to ensure the protection of intellectual property 
when it comes to domain names, and ICANN's uniform domain 
name dispute resolution policy has been highly successful and a 
great barrier to individuals, businesses, and intellectual property 
holders.  The policy allows them to assert their rights against 
domain name squatters and infringers of intellectual property 
interests.  The UDRP has resolved more than 17,000 disputes over 
the rights of domain names and has proven to be efficient and cost 
effective for those utilizing this alternative dispute resolution 
mechanism.  
     The market for generic top-level domains has also very much 
been benefited by the introduction of competition in that space, 
both the introduction of new gTLDs and the introduction of much 
increased numbers of generic registrars.  When ICANN started its 
work, there was one registrar, one person who sold domain names.  
Consumers today can choose from 845 ICANN accredited 
registrars, derived from more than 250 unique businesses in over 
40 countries.  And the average cost or the price of domain names 
saying dot com have now been reduced by as much as 90 percent 
to consumers.  
     My final comment on transparency and accountability:  
ICANN does have well-established principles and processes for 
accountability in its decision-making and in its bylaws.  In 
particular, after its decision-making processes at the board level, 
there is the ability for appeal to a review committee, and then, from 
there, to an independent review panel and independent arbitration.  
It is interesting to note that none of the ICANN constituencies or 
members have yet decided to take advantage--to complete an 
independent review panel or arbitration process.  That may actually 
tell you something about the nature of the accountability of the 
organization, that, in any of its decisions, nobody has yet decided 
to use the final method of accountability available to them under 
the bylaws.  
     My final observation with regard to the discussion is that there 
is, I think, quite a bit of distinction between the issue of 
transparency and the issue of accessibility.  ICANN is actually an 
incredibly transparent organization.  It is.  If you look on its 
website, you will find vast amounts of information about the 
processing and activities underway.  Although, I fear it is 
transparent in a way which certainly is pertinent, I think, at the 
moment, it is transparent in the way, the same way that credit card 
agreements are transparent.  They are all there; it is just very hard 
to understand it.  And so I think one of the challenges we certainly 
have is about making our information much more accessible and 
making certain we do put in place principles that really do address 
some of the issues of transparency that people have been 
discussing.  
     Thank you, Mr. Chairman. 
     [The prepared statement of Dr. Paul Twomey follows:] 

PREPARED STATEMENT OF DR. PAUL TWOMEY, PRESIDENT AND 
CHIEF EXECUTIVE OFFICER, INTERNET CORPORATION FOR 
ASSIGNED NAMES AND NUMBERS

Introduction
     Good Morning, Chairman Upton, Chairman Stearns and 
members of the Committee.  Thank you for the opportunity to 
speak before this Subcommittee in my role as President and CEO 
of the Internet Corporation for Assigned Names and Numbers 
(ICANN).  ICANN is a private sector organization performing a 
global function, with our main office in Marina del Rey, 
California.  ICANN has been recognized by the world community 
as the global authoritative body on the technical and organizational 
means to ensure the stability and interoperability of the DNS, and 
the distribution of IP addresses.

ICANN's Role in Internet Governance 
     Since appearing before Congress nearly two years ago, ICANN 
has continued to take great steps forward in solidifying its role as 
the international private sector entity tasked to provide technical 
coordination of the domain name system (DNS).
     The limited and distinct mission of The Internet Corporation 
for Assigned Names and Numbers is clearly set out in Article I of 
ICANN's Bylaws. ICANN:
     1.	Coordinates the allocation and assignment of the three sets 
of unique identifiers for the Internet, which are
          a. Domain names (forming a system referred to as 
"DNS");
          b. Internet protocol ("IP") addresses and autonomous 
system ("AS") numbers; and
          c. Protocol port and parameter numbers.
     2.	Coordinates the operation and evolution of the DNS root 
name server system.
     3.	Coordinates policy development reasonably and 
appropriately as they relate to these technical functions.

     Since its origins in 1998, ICANN has helped secure a stable 
and secure Internet that creates a presumption of universal 
resolvability.  ICANN has fostered greater choice, lower costs and 
better services to DNS registrants, including over ten million 
businesses in the United States alone. The Internet requires a stable 
and secure system of unique identifiers if it is to serve the global 
community efficiently and reliably.
     At the core of ICANN's mission is global interoperability of a 
single Internet. ICANN was established to serve the Internet 
community by maintaining the stability and security of the 
Internet's unique identifier systems, and fostering competition 
where appropriate to give Internet users greater choice at optimal 
cost.
     ICANN's successful coordination of its community underpins 
the operation of the global Internet.  Each day this system supports 
an estimated 30 billion resolutions, nearly 10 times the number of 
phone calls in North America per day. There are currently more 
than one billion users of the Internet. Due to the universal DNS 
resolvability secured and coordinated by ICANN, the Internet 
addresses resolve in the same way for every one of the Internet's 
global users once online.
     ICANN has entered into six new agreements with gTLD 
registry operators (including .NET, .TRAVEL, .CAT, .JOBS, 
.MOBI, and .TEL) in the last two years (and has finalized 
negotiations and is waiting for approval of 5 others).  All of the 
pending agreements have set out language with a greater 
accountability to ICANN on security and stability concerns, and 
also provide greater opportunities for ICANN to act in the event of 
actions of registries, or such other issues that might arise from 
registry operator actions or practices., including: a) the .COM 
agreement (which is currently pending approval by the US 
Department of Commerce) and  b) four other registry agreements 
for .ASIA, .BIZ, .INFO and .ORG (which are subject to review by 
the ICANN Board of Directors during the next ICANN Board 
Meeting). 
     The .COM agreement is part of a larger overall settlement of a 
long-standing dispute with VeriSign over its desire to introduce 
new registry services.  That dispute arose with the creation of 
ICANN and has been resolved in a way that would enhance the 
performance of  both entities, to the benefit of all of the users of 
the Internet. ICANN and VeriSign Board's have both approved 
settlement documents that would permit the parties to act together 
in a concerted way to protect the overall security and stability of 
the Internet.  Further, if VeriSign were ever to act in a manner that 
is inconsistent with the interests of the Internet community, 
ICANN has built additional mechanisms into the agreement to 
resolve such disputes promptly and effectively.

Continuing Relationship with the United States Government
     ICANN has been engaged in a long-standing and important 
relationship with the United States Government since ICANN's 
inception, which has been administered by the US Department of 
Commerce's NTIA.  ICANN is about to successfully complete the 
sixth separate amendment to its original Memorandum of 
Understanding with the DOC.  
     ICANN will continue in its relationship with the United States 
Government, having recently entered into a new 5-year 
arrangement for ICANN to manage the Internet Assigned Numbers 
Authority (IANA) function.  Additionally, ICANN and the NTIA 
are in the final stages of discussions, which will confirm an 
appropriate continuing relationship and will recognize ICANN's 
global private sector role providing technical management of the 
DNS in a manner that promotes stability and security, competition, 
coordination, and representation. 

ICANN's Private Sector Multi-Stakeholder Model and its Continuing Evolution
     One of the greatest achievements of ICANN has been the 
successful creation, support and coordination of an ICANN 
Community and creation of the bottom-up policy making process 
supported by various stakeholders involved in the DNS.  Since 
ICANN's creation, the Internet community stakeholders, have 
vigorously discussed and reviewed ICANN's mission and values.  
Accordingly, ICANN has continued to build into a robust entity, 
and has continued to evolve ICANN's multi-stakeholder model, 
which remains encapsulated in ICANN's Bylaws and its Mission 
and Core Values.  
     The evolution continues in many ways, but most recently in the 
following actions:
     1) This week, the ICANN Board, having reviewed the 
comments about ICANN and its processes generated from the 
community during the past year, has commenced a review of its 
own guiding principles and is publishing a set of Private Sector 
Management Operating Principles (ICANN PSMOPs), which will 
be offered for public review. 
     2) Last week, the London School of Economics provided an 
ICANN-commissioned independent third-party review of one of 
ICANN's key policy development supporting organizations, 
ICANN's Generic Name Supporting Organization (GNSO).  The 
information contained in this review will likely result in 
considerations of additional improvements to ICANN's GNSO and 
supporting organizational structure.

ICANN's Continuing Accomplishments
     Since 1998, ICANN's self-governance model has succeeded in 
addressing stakeholder issues as they have appeared, and bringing 
lower costs and better services to DNS registrants and everyday 
users of the Internet. 
     ICANN has been continuing its efforts to manage and adapt in 
the face of continued and dynamic growth of the Internet.  ICANN, 
with the efforts of the ICANN Security and Stability Advisory 
Committee, has worked to make the Domain Name System more 
resistant to external attack.  
     ICANN has undertaken significant work in relation to 
Internationalized Domain Names (IDNs) that will enable people 
across the world to interact with the Internet's domain name system 
in their own languages, which will work to avoid the creation of 
alternate root systems.  Working in coordination with the 
appropriate technical communities and stakeholders, ICANN's 
adopted guidelines have opened the way for domain registration in 
hundreds of the world's languages.
     ICANN's Uniform Domain Name Dispute Resolution Policy 
(UDRP) has been highly successful and of great value to 
individuals, businesses and intellectual property holders.  The 
policy enables them to assert in allowing them to assert their rights 
against domain name squatters and infringers of intellectual 
property interests.  The UDRP has resolved more than 17,000 
disputes over the rights to domain names, and proven to be 
efficient and cost effective for those utilizing this alternative 
dispute resolution mechanism.
     After significant study and discussion, and working with the 
accredited gTLD registrars, ICANN developed a domain name 
transfer policy enabling domain name holders to transfer 
management of their domain name from one registrar to another 
readily.  The implementation of this policy has been highly 
successful and has been an important step in providing additional 
registrar market changes and greater choice to consumers.
     ICANN continues to introduce new Top Level Domains to give 
registrants right of choice.  These include the introduction of seven 
new gTLDs in 2000 and four additional ones so far from the 2004 
sponsored top-level domain name round. 
     ICANN re-bid the .NET registry during 2005, resulting in a 
new agreement being executed between ICANN and VeriSign.  
ICANN has proposed five additional gTLD agreements with the 
registry operators of .ASIA, .BIZ, .COM, .INFO, and .ORG.  All 
of the newly proposed registry agreements contain new language 
supporting ICANN's role in the security and stability of the DNS.
     The market competition for generic Top Level Domain (gTLD) 
registrations established by ICANN has lowered domain name 
costs in some instances by as much as 80 to 90%, with savings for 
both consumers and businesses. Additional detail is provided 
below.

Registry-Registrar Level Competition 
     Since ICANN was founded in 1998, ICANN has entered into 
many private arms-length agreements with registries (that operate 
the generic top-level domains), and with registrars (who are 
accredited by ICANN to sell domain names directly to consumers).  
Through these actions, ICANN has provided a private-sector 
solution and helped break down the monopoly position by a single 
dominant company, which provided both registry and registrar 
functions to the majority of consumers purchasing domain names.
     In 1998, there were only three main generic top-level domain 
name registries (.COM, .NET, and .ORG) from which domain 
names could be purchased by American small businesses.  Only 
one company was running all three registries, Network Solutions 
(which was later acquired by VeriSign).  Most registrations by 
small businesses were in .COM. 
     There was a single registrar in 1998.  That same company that 
ran the registries, Network Solutions, was the only registrar from 
which a consumer could purchase a domain name.  The price of a 
single domain name in .COM in 1998, was approximately $90.00 
per domain name.
     The .COM Registry still controls a significant amount of the 
marketplace, but now less than 50% of the market, including 
ccTLD operators.
The price for a .COM registration today depends upon where you 
purchase the name from, but in some instances the price of a 
domain name has been reduced by as much as 90%.  Today, the 
price ranges from $7 to $35 per domain name.  GoDaddy is now 
the largest registrar, displacing Network Solutions, which has been 
spun out of VeriSign.  
     Consumers can choose from over 845 ICANN-Accredited 
Registrars, derived from more than 250 unique business groups (a 
significant number owning interests in multiple registrar 
companies), located in over 40 countries.
     Between 2000 and today, 11 new generic top-level domains 
have signed agreements with ICANN.  Five of those (.CAT, 
.JOBS, .MOBI, .TEL and .TRAVEL) having signed agreements 
with ICANN in the last 18 months.  

Conclusion 
     In conclusion Chairman Upton, Chairman Stearns and 
distinguished subcommittee members, ICANN is committed to its 
continuing role as the private sector steward of a stable and 
globally interoperable Internet, and is committed to fostering 
competition in the domain name marketplace. 

     MR. UPTON.  Mr. DelBianco. 
     MR. DELBIANCO.  Chairman Upton, members of the 
committee, NetChoice is a coalition of trade groups, such as the 
Electronic Retailing Association, e-commerce leaders like AOL, 
eBay and VeriSign, plus thousands of small e-commerce 
businesses.  They register their own domain names.  They build 
websites, and they do business online.  
     In my remarks today, I intend only to make three points.  The 
first is that e-commerce really needs availability and integrity from 
the Domain Name System.  Second point, availability has been 
good, but there is a growing gap on integrity.  The third point is to 
suggest ways that this committee can help close that gap.  
     The title of today's hearing was with respect to ICANN's 
Internet governance, but I would suggest to you that ICANN is 
really the Internet's manager; it is not the governor.  And 
Congresswoman Eshoo called it a manager, the term that you used.  
The DNS manager actually coordinates, through the use of 
contracts and agreements, with private-sector entities that have 
invested $1 trillion to bring the Internet to a billion people around 
the planet.  Now the manager's job in this case is to keep a single 
interconnected DNS going and growing.  
     Now, governments, on the other hand, can prosecute crimes, 
legislate, and they can also regulate content, each in its really own 
sovereign way.  So I am going to agree with some of the opening 
statements on the committee, as well as some of the panelists here, 
in suggesting that a multi-governmental body, most specifically the 
U.N., would make a mess out of DNS management and conclude 
that we should therefore, wholeheartedly support ICANN's 
independence from government encroachment.  
     Now, from our DNS manager, ICANN, America's e-commerce 
industry really just needs two qualities; we need availability and 
integrity.  Now, availability means being able to get to that 
website, 24/7, 365, in any language, and even while the Internet 
domain system is under attack.  Integrity, says that when you click 
on a link, that you actually get to the intended page you were 
seeking, not redirect yourself to some fraudulent website.  And 
integrity is also meaning that domain names and typographical 
variance on your domain name should be held by their rightful 
owner.  
     Now, DNS availability.  The first of those concepts, has been 
excellent so far; 100 percent up time.  But we do need continued 
investments in infrastructure to maintain availability like that, with 
growing Internet usage and the growing strategy of attacks.  
     Now, if I turn to the domain name marketplace, not just the 
DNS per se, but the marketplace around names, there is a growing 
integrity gap.  And I will just give you three kinds of examples.  
The Federal Trade Commission and law enforcement in other 
nations are working to stop phishing, pharming and spam.  But I 
agree with some other witnesses you will hear from today, that 
ICANN must force registrars to do a better job of maintaining the 
"Whois" data that is necessary for the FTC to do their job.  
     Cyber squatting.  Another element of integrity has taken on a 
whole new spin.  It is called typo squatting.  Some registrars are 
abusing the 5-day grace period available to them under many 
registry contracts to learn what are the commonly used 
typographical errors that users will type in when they enter the 
name of a website.  Now, this has been called domain tasting, but 
we like to call it sharking.  The same way that a shark circles its 
prey before it decides to attack.  Even the largest registrar said 
yesterday that this sharking is grounds to decertify registrars who 
conduct it.  
     Another form is the notion of deceptive content on the websites 
that are for sale.  It used to be that a cyber squatter would display 
just, oh this name is for sale, contact me to buy it.  But now they 
are a little more creative.  Pages themselves are full of links to 
competitors products.  In fact, page 7 of my testimony shows a 
page for 1800contacts.com, one of my members, and it shows what 
happens if you type 1-8-o-o instead of 1-8-zero-zero.  
     The final form of integrity gap I want to point out to you is that 
registrars are still practicing the slamming technique on domain 
name owners.  That is where a registrar, not the one you initially 
used, sends you a fraudulent invoice for your domain name 
renewal months ahead of expiration.  If you fall for it, the slammer 
basically takes over your domain account.  In 2003, the FTC 
prosecuted and obtained a consent decree against a few registrars 
for slamming, but it still goes on today, and ICANN hasn't 
aggressively enough decertified, in fact, they haven't decertified a 
single registrar yet.  
     Let me close by suggesting three ways the committee can 
really help to ensure availability and close the gap.  First, I think 
the U.S. Government should continue its oversight of ICANN, 
adding milestones to enforce contracts and decertify registrars who 
don't follow the rules.  Second, we should select responsible and 
experienced vendors to run DNS infrastructure and then provide 
incentives for them to invest in scale and security.  And finally, we 
hope that the FTC would aggressively pursue registrars who slam 
and any other deceptive practices where they rely upon ICANN to 
keep the "Whois" data secure.  So I thank you and look forward to 
your questions.
     [The prepared statement of Steve DelBianco follows:] 

PREPARED STATEMENT OF STEVE DELBIANCO, VICE PRESIDENT 
FOR PUBLIC POLICY, ASSOCIATION FOR COMPETITION 
TECHNOLOGY, ON BEHALF OF NETCHOICE COALITION

     Chairman Stearns, Chairman Upton, and distinguished 
members of the Committee:  My name is Steve DelBianco, and I 
would like to thank you for holding this important hearing. I'm 
pleased to testify on how ICANN's contribution to Internet 
Governance is working.
     I'm the Executive Director of NetChoice, a coalition of trade 
associations and e-commerce leaders such as AOL, eBay, and 
VeriSign, plus thousands of small e-commerce retailers. 
     I also appear before you as a genuine "small business 
survivor."  In 1984 I founded an information technology (IT) 
consulting firm, and grew it to $20 million in sales and 200 
employees before selling the business to a national firm.  After that 
experience, I was drawn to Washington to help start a trade 
association that focused on the needs of small IT businesses like 
mine.
     In the states, here in Washington, and as a member of 
ICANN's Business Constituency, NetChoice works to improve the 
availability and integrity of e-commerce.  NetChoice members are 
growing concerned about threats to trade, security, trademarks, and 
consumer protection on the Internet.  Moreover, we are wary of 
United Nations and international organizations who covet 
ICANN's role as manager of the Internet.
     The title of today's hearing poses a seemingly simple 
question-is ICANN Internet Governance working?-though the 
answer is anything but simple. In my testimony, I will describe 
current and future concerns and make several recommendations for 
ICANN and for the U.S. Government in its oversight role.  First, 
however, I should clarify that ICANN's management role is only a 
part of the overall Internet governance process.

ICANN is the Internet's Manager, not its Governor
     It's a common perception that ICANN is engaged in Internet 
governance, but ICANN's stated mission is to ensure the stability 
and interoperability of the Domain Name System (DNS).  It works 
in coordination with a private sector that has invested a trillion 
dollars to bring Internet connections to over a billion people 
around the world.  Bearing that in mind, it's better to think of 
ICANN as the Internet's manager-not its governor.
     While ICANN's management focus is commonly described as 
"security and stability", the Internet community actually relies on 
ICANN to manage the DNS to achieve two key qualities-
availability and integrity.   
     Availability of the DNS is critical for anyone who relies on the 
Internet for information, communications, and trade. Domain name 
resolutions need to be available 24 hours a day, 365 days a year, 
from anywhere on the globe-in any language. Even the slightest 
degradation or interruption in DNS availability can slow or 
interrupt access to email and websites. 
     Integrity of the DNS is vital to both business and end users of 
the Internet.  Businesses rely upon the integrity of domain name 
registration to ensure that their brands aren't misrepresented or 
misappropriated.  E-commerce and internet financial transactions 
require integrity in resolution of domain names and secure delivery 
of encrypted information. 
     Internet consumers depend upon the integrity of domain name 
services to provide accurate and authentic results when they 
lookup a website or send an email.  Integrity is undermined by 
deceptive practices such as redirecting users to fraudulent 
websites, or providing false information about the true owner of a 
web domain. 
     Always-on availability and uncompromised integrity are 
necessary for a fully functional DNS and a properly performing 
Internet.  
     To deliver these qualities, ICANN acts as a project manager, 
coordinating contracts with vendors and organizations that manage 
key DNS functions. These contracts and agreements are narrowly 
tailored and limited in scope to what can be agreed to by 
consenting parties. 
     Governments, on the other hand, are public institutions with 
broad portfolios and the power to compel or punish specific 
actions. Those powers are an essential part of governing the 
internet: enforcing trademark laws; protecting consumers from 
fraud; and prosecuting hackers and criminals.  
     But imagine if ICANN were run by governments using 
governmental powers. Quarreling nations would find it impossible 
to agree on anything but the most trivial technical decisions.  
Lesser-developed nations would press for changes in Internet 
management to advance economic development goals.  Special 
interests would seek Internet-enabled social programs to address 
perceived disadvantages.  It's no stretch to imagine a tax, or 
"contribution," on domain names to fund programs to "bridge the 
digital divide" and promote local commerce and content.  

ICANN Management of the DNS Works (for now)
     From the perspective of businesses that rely upon the internet 
for communications, information, and e-commerce, it's clear that 
the DNS is working.  Customers and suppliers can quickly and 
reliably get to our members' websites, buy online, check the status 
of an order, or just find the address of the nearest store.  Over 
three-quarters of small businesses say their website generates leads 
and gives them a competitive advantage.   Online retailers realized 
$172B in sales during 2005 and expect over $300B by 2010, 
according to Forrester.  
     The increase in e-commerce has placed greater demand on the 
DNS. As of June 2006, there were 105 million total domain 
registrations, and this is 27% more than a year ago.  Ten million 
new domains were registered in the second quarter of 2006, up 
33% over the same period in 2005. Compared with 6 years ago, 
there are four times as many Internet users, and Internet usage is 
20 times greater. International Data Corporation estimates that 
over a billion electronic mailboxes were in use around the world in 
2005.   
     The registry operator for .com and .net domains processed an 
average of 18 billion queries per day in the second quarter of 2006, 
an increase of 30 percent year-over-year.  Moreover, the .com and 
.net domains have seen 100% uptime reliability for the past 13 
years. 
     Judging by growth and vitality, yes, ICANN's management is 
working. However, there are several ways that ICANN's 
management is not working effectively to maintain the most 
important qualities of the DNS-availability and integrity.   

Attacks Threaten Internet Availability & Integrity
     Seven major attacks on the DNS availability have occurred in 
the past six years. The largest attacks on domain name servers 
hijacked multiple computers to amplify and accelerate the assault.  
This year, a distributed denial-of-service attack disabled 1,500 
websites using 32,000 hijacked computers.    Symantec estimates 
that denial-of-service attacks rose 51 percent in the second half of 
2005, to an average of 1,400 attacks per day.
     Denial-of-service attacks can cripple a website and disable an 
online business.  Moreover, small businesses are experiencing 
blackmail via denial-of-service attacks, where a business owner is 
forced to pay-up in order to stop the attack.  
Attacks on the integrity of the DNS itself are also raising 
alarms. Attackers can redirect web browsers and DNS servers to 
fraudulent sites hosting convincing scams. One method of 
redirection involves corrupting DNS data that's "cached" in 
memory so that users are pointed to fraudulent websites.  Increased 
security measures can help, but hackers and scam artists are quick 
to adapt their technology and tactics.  
     Just how concerned are American businesses by these attacks 
on the Internet and affronts to consumer protection? To get 
answers straight from the source, we sponsored a Zogby 
Interactive poll of 1200 small businesses across the nation, 
conducted May 26-30, 2006 . The poll included questions about 
Internet availability and the integrity of the domain name system.  
Top-lines from that poll tell a story in two parts:
      78% of small biz owners say a less reliable internet would 
damage their business.
      78% said reliability & performance were more important 
than low fees for domain names. 
      68% support a $1.86 hike in domain fees to invest in 
reliability and security. 
      81% said they are unconcerned about a $1.86 fee increase. 
For businesses that rely on the Internet for exposure and for e-
commerce, threats to Internet availability are serious concerns. 
These businesses have little concern about modest price increases 
for domain names when that money goes towards Internet security 
and stability.  
     The second part of the Zogby poll shows that small businesses 
with websites are questioning the integrity of business practices in 
the domain name marketplace:
      59% are concerned about cybersquatting-where 
speculators buy domain names closely related to names of 
real businesses, and hold them for ransom.   
      69% are concerned about being exploited by registrars who 
charge exorbitant fees to reinstate a domain name that's 
been allowed to expire.  

     The poll findings are unambiguous-the availability and 
integrity of the domain name system are a concern to business 
owners. How effective is ICANN in responding to these concerns?
     In its new registry operating contracts, ICANN is attentive to 
security and stability-these exact words appear 26 times in 28 
pages of the contract, which also declares ICANN's intention to 
develop new policies to improve security.  	 
     However, ICANN has to react faster to threats and 
vulnerabilities. After years of study and debate, everything 
possible should be done to implement DNS security extensions as 
quickly as feasible.  More important, security policies that help 
ensure availability in the face of tomorrow's threats and 
vulnerabilities cannot take years to develop and execute. Security 
delayed is dollars lost and new business opportunities denied.
     Similarly, ICANN has simply taken too long to implement 
internationalized domain names, a step that would improve 
Internet availability for populations that don't use the Roman 
alphabet character set.
     An available Internet is one goal of the DNS-the integrity of 
domain names is another. Unfortunately, the integrity of domain 
name services is being undermined by unfair and deceptive 
practices.

An Integrity Gap in the Domain Name Marketplace
     The integrity of the DNS is vital to Internet trade and consumer 
protection.  Businesses rely upon the integrity of domain name 
registration processes for the resolution of domain names and 
secure exchanges of encrypted information. Internet users depend 
upon the integrity of domain name services to provide reliable 
results when sending email and visiting websites.  Abusive, 
fraudulent and unfair practices undermine the integrity that is vital 
to the DNS.
     As manager of the DNS, ICANN can and should do more to 
assure the system's integrity. Based on its consensus policies, 
ICANN enters contracts with registries and certifies registrars to 
manage the availability and integrity of the DNS. Registries 
contract with ICANN-accredited registrars that resell domain 
names and provide direct services to domain name owners. These 
registrars are in the best position to prevent many of the unfair and 
deceptive practices described below.

Cybersquatting
     Cybersquatting is an abusive practice in which a speculator 
registers a domain name identical or very similar to the 
trademarked name of a legitimate company or other organization. 
The speculator can then hold the name for ransom, forcing the 
trademark owner to pay far more than the actual cost of 
registration just to get control of a domain name that would not 
otherwise have any value to anyone. 
     Cybersquatters unfairly and illegally take advantage of the 
established value of someone else's trademark. But defending a 
valuable trademark in court can be prohibitively expensive, 
especially for a small business. The World Intellectual Property 
Organization reports year that the number of cybersquatting cases 
it handled rose 20 percent in 2005. 
     Under the Anti-Cybersquatting Consumer Protection Act of 
1999, trademark owners can sue a cybersquatter or ask ICANN to 
arbitrate their claim.  For a small business, the time and expense 
needed to understand and assert these legal remedies are often 
more than the owner can afford.  Consequently, most small 
businesses either continue to lose prospects to cybersquatters, or 
are forced to meet the ransom demanded. 

Typo-Squatting
     "Typo-squatting" is registering domain names that closely 
resemble those of already popular Web sites, usually common 
misspellings of the legitimate site name.  
Since almost half of all Web users prefer to type Web site 
names directly into their browsers, misspellings are inevitable.  If a 
customer accidentally misspells the domain name they are looking 
for, they can end up instead at a typo-squatter's website. All they 
find there are advertisements, often for competing products and 
services. 
     For example, I tried a few typographical variations on 
1800Contacts.com, the leading telephone and online seller of 
replacement contact lenses, and a NetChoice coalition member. If I 
enter 18OOcontacts.com instead of 1800contacts.com (letter O 
instead of numeral zero), I arrive at a page designed to steer me 
into buying contacts from competing lens sellers.   
18OOcontacts.com points to a server owned by Sedo, the current 
leader in "Parking" domain names.   Sedo's parking site is 
designed to generate ad revenue when users who intended to go to 
1800Contacts start clicking on sponsored links-for other lens 
sellers.    (Screen capture shown below).  

 

When I clicked on the 1800Contacts.com link displayed on this 
page, I was re-directed to yet another page showing ads for other 
lens sellers.  In other words, the hyperlink for 1800Contacts.com is 
falsely labeled in order to generate ad revenue from a competing 
site.  
     Typo-Squatting sites confuse and divert potential customers. 
46% of users prefer to type the domain name of a known website 
directly into the browser's address bar.  But when typos happen, 
legitimate businesses shouldn't lose customers who fall into traps 
designed to generate ad revenue.  What's more, the ad revenue 
generated by parking drives up the price if the intended business 
tries to acquire the domain from the parking operator. 

The Land Grab on New Top Level Domains
     A similar abuse of the domain name registration system, called 
a "land grab," can occur whenever a new top level domain is 
launched.  Speculators register thousands of names in the new 
domain, hoping to tie-up names similar to those of legitimate 
businesses and organizations.  The speculators then either ransom 
these names to their legitimate owner or use them for typo-
squatting and ad parking.
     For example, when the .eu domain was created for Europe, 
speculators quickly moved to register names that legitimate 
businesses and organizations already held on other domains. 
EUrid, the non-profit organization operating the .eu registry, 
consequently suspended 74,000 .eu domain names and sued 400 
registrars for breach of contract.  A syndicate of registrars had 
engaged in abusive behavior by warehousing tens of thousands of 
.eu domain names with the obvious intent of selling them. 
     Critics of ICANN suggest that the organization exceeds its 
management role when trying to prevent and resolve domain name 
abuses. However, ICANN manages policies for initial registration, 
which is the best point to prevent squatting abuses.  And if a 
trademark dispute arises later, it is far more efficient to use 
ICANN's arbitration process, saving legal fees and cutting the time 
to resolve the dispute and re-assign the name.
     Registrars are not doing enough to maintain the quality of the 
"Whois" data needed to fight squatting, fraud, and traffic in 
copyrighted material and counterfeit goods. ICANN needs to 
enforce its contracts, and de-certify registrars who fail to meet their 
contractual obligations to collect, maintain, and display accurate 
and complete Whois data.

"Sharking" (a.k.a. Domain Tasting)
     Domain name "sharking" is an abusive practice in which 
speculators looking for sites where they can park ads take 
advantage of the five-day grace period between the time a new 
domain name is reserved and the time the registration fee must be 
paid. In April 2006, out of 35 million registrations, only a little 
more than 2 million were permanent or actually purchased. It's a 
good bet that a large portion of the other 33 million registrations 
were part of the sharking scheme. 
     Speculators routinely register large numbers of potentially 
attractive domain names and then carefully track how many 
accidental hits they generate. If a site fails to generate much traffic, 
the speculator can let the domain name lapse without paying 
anything.  But if the site generates a lot of traffic, the speculator 
can use it to park ads, often from one of the large managed Web 
advertising networks like Google, and generate significant revenue 
with no effort.
     ICANN is aware of growing abuse of the 5-day Grace Period 
policy, and held a workshop in its last meeting in Morocco. Still, I 
have not seen aggressive moves by ICANN to explore new grace 
period policies and restrictions to guard the integrity of the DNS 
from this kind of abuse. 

Slamming
     Most consumers with a telephone can remember the scourge of 
slamming - where resellers of long-distance telephone service 
switched providers only to have the incumbent switch back, and so 
on. Domain name slamming works in a similar way. A registrar 
tricks an unwary domain name holder into unintentionally 
switching from one registrar to another. 
     Domain name slammers often use direct mail or email spam to 
target domain name holders with phony renewal notices. If the 
domain name holder takes the bait, thinking that they are just 
renewing their subscription with their existing registrar, they may 
soon be forced to pay whatever the slammer demands or risk 
losing their domain name when it comes up for renewal.
     In the U.S. domain name slamming is a considered an Unfair 
and Deceptive Trade Practice and has been prosecuted by the 
Federal Trade Commission.  In 2003, one of the largest domain 
name registrars, Network Solutions, settled a complaint with the 
Federal Trade Commission, admitting that it had deceived 
customers into switching registrars when the customer was led to 
believe they were merely renewing their previous registrations.
     Slamming continues, despite the FTC enforcement work.   
ICANN has a more immediate and direct way to restore integrity 
to domain name billing process, by rigorously enforcing its 
Registrar contracts, and de-certifying any Registrar who's caught 
slamming.

Expiration Extortion
     "Expiration Extortion" describes a common practice of forcing 
a domain owner to pay an exorbitant fee to reinstate a name that's 
been allowed to expire.  A leading registrar, for example, charges 
$80 to reinstate a domain name that costs only $8 to initially 
register.  Expiration Extortion also describes the speculative game 
of snatching expiring domain names for resale to their former 
owner - or to the highest bidder.  
     Domain names are generally registered only for a year, 
although most owners renew before the year is up. Among all 
registrants, the average term for domain registration is 1.3 years.   
Last year, the renewal rate for dot-com and dot-net domain names 
was 75%.  That means 25% of names aren't renewed, so every day 
there's an average of 22,000 expiring domain names released by 
registries.
     A company called Pool.com has perfected the science of 
snatching domain names as they expire, or "drop". Pool runs 80 
servers in Sterling, Virginia that fire into action every day when 
dropped domain names are released at 2pm. According to 
Pool.com's president, Taryn Naidu, "It's like going to the horse 
races every day."  The race is won by whichever company, 
blasting multiple commands per second, snatches the dropped 
domain name. 
     Imagine if Pool.com were in the business of buying expired 
auto registrations instead of expiring domain names.  Pool could 
snag your car registration if you failed to renew it by the expiration 
date, then sell the registration back to you or to another bidder 
who's willing to pay more.  

Parking of Generic Terms
     This fast-growing practice involves registering generic names, 
such as "consulting.com", which have little value in themselves but 
can generate revenue by carrying minimal content and advertising. 
Unsuspecting visitors to www.antidepressants.com  might think 
they have found a site with reliable information regarding 
depression medications.  But in fact, there is no content - only 
links to paid ads parked on the pseudo-site by a speculator looking 
to prey on people looking for helpful information.
     Parking ads on otherwise unused sites like this is not only 
deceptive and confusing to the customer, it clutters the Internet the 
same way that unsightly billboards clutter the landscape along 
many of our nation's highways. This clutter undermines the value 
of the Internet for legitimate businesses and organizations, and 
misleads individuals searching for meaningful information.

ICANN's Agreements with Registries and Registrars can 
Promote DNS Integrity
     Small businesses are increasingly frustrated and concerned 
about abusive domain name practices like squatting and slamming.  
Is ICANN doing enough to maintain the integrity of the DNS 
marketplace?  
     Not a single one of the over five hundred registrars has been 
de-certified by ICANN, despite dodgy practices by some.  Dotster, 
one of the largest registrars, was recently sued for allegedly 
participating in a massive typo-squatting campaign.  Dotster is 
accused of abusing its status as a registrar by sampling hundreds of 
domain names that closely resemble true names and then keeping 
only those that generated enough traffic to justify the registration 
fee.
     Nevertheless, ICANN seems to grasp the seriousness of 
maintaining integrity of the DNS marketplace, judging by the new 
registry contract proposed for .com and subsequent TLD registries.  
In its new registry agreement for .com, ICANN indicates the 
potential for "prohibitions on warehousing of or speculation in 
domain names by registries or registrars."    An additional 
provision requires a registry operator to meet any future 
"consensus policy" adopted by ICANN to improve security and 
stability and to resolve disputes about domain names.  
     ICANN is managing DNS availability and integrity concerns 
contractually, through agreements with registries and registrars. 
However, a few large businesses have complained about ICANN's 
management of registry contracts, carrying their complaints here to 
Washington and requesting that the Commerce Department and 
this Committee reject ICANN's new agreement to run the .com 
registry.  They complain that these registry contracts would create 
"perpetual monopolies" by granting exclusive contracts with 
presumption of renewal if the operator has met all performance 
requirements.  ICANN's new contracts may not be perfect, but this 
criticism is misguided and self-serving. 
     First, an exclusive contract is essential to focus responsibility 
and accountability on the vendor running any single registry. The 
same is true for many outsourcing contracts that require 
accountability and consistency in the delivery of critical services, 
especially for infrastructure services that require significant 
investments.  
     Second, renewal options are common in longer-term service 
contracts to provide incentives for making investments that 
improve vendor performance.  For example, the operators of the 
cafeteria downstairs might invest in a new grill or espresso 
machine if they're confident that their contract would be renewed 
upon expiration.  And landlords often give tenants a purchase 
option as an incentive to maintain and improve the property. 
     Renewal options are already included in ICANN's existing 
registry contracts.  Moreover, ICANN's new registry contracts 
require operators to implement any future policies adopted by 
ICANN to improve security and resolve domain name disputes.   
While such open-ended obligations could be difficult for any 
operator to meet, NetChoice would join those objecting to renewal 
if the incumbent registry operator failed to satisfy the contract's 
requirements. 
     An exclusive, renewable contract is therefore typical for 
infrastructure services that require single-vendor accountability 
and continuity.  Moreover it provides incentives for investment, 
even during the final years of the contract.   What, then, is the real 
nature of this complaint? 
     The largest registrars must approve fees that presently provide 
most of ICANN's funding.   I attended the ICANN meeting in 
Vancouver last December, where the Finance Committee chair 
complained that ICANN expenditures were being delayed and 
possibly diminished because registrars had not yet approved the 
fees in the budget that was adopted for 2005-06. 
     ICANN's new registry contracts, however, would reduce the 
leverage held by large registrars today.  When ICANN wants to 
make investments to ensure the Internet's security and stability, 
ICANN should not have to beg a "permission slip" from 
registrars-many of whom have little interest in security or 
stability. 
     From all appearances, this loss of leverage is why a few large 
registrars have pressed Congress and the Commerce Department to 
reject the new .com contract.  ICANN can always improve its 
contracts, but complaints about a perpetual monopoly in the 
registry agreement are without merit. 
     The Committee should not let the loaded discussion of the 
registry contract distract it from acknowledging that ICANN's 
DNS management is working-even in the face of challenges to 
DNS availability and integrity. Furthermore, this Committee 
should consider the alternatives to ICANN management. ICANN's 
management duties are threatened by outside forces that could 
become serious in the near future if ICANN fails to do its job 
properly or if it becomes overburdened with governance duties 
beyond its managerial role. Two major threats are United Nations 
encroachment on ICANN and a potential splintering of the 
Internet.

The Threat of United Nations Encroachment on ICANN 
     There's a real and growing risk that ICANN's technical role for 
managing domain names will be encroached upon by the United 
Nations. The UN organized a World Summit on the Information 
Society last year to discuss Internet Governance.  A UN working 
group then released a report that included controversial policy 
recommendations for the future of the Internet.  Thanks largely to a 
unanimous resolution from Congress in November 2005, 
representatives from the international community allowed ICANN 
to continue managing the Internet under U.S. oversight, for the 
time being.  
     At the same time, the UN formed a new organization, the 
Internet Governance Forum, which meets for the first time in 
Athens next month.  The current agenda for Athens includes 
workshops on a diverse range of societal issues, such as the 
"Greening of IT" through "legal and institutional mechanisms 
which strengthen the capacity of civil society for participation in 
decision-making." 
     While ICANN is far from a perfect manager, it provides the 
needed separation between Internet technical operations and 
governments. ICANN's bottom-up coordination of technical 
functions is the best way to preserve the democratic and 
decentralized character of the Internet.  If there's anything that 
everyone at today's hearing should be able to agree upon, it's that 
we need ICANN to be strong and independent so it can fend-off 
interference from the UN and from governments.  
     DNS control by the UN or other governmental body would 
have significant economic and cultural effects. The decision 
making process would be even slower than it is now; the result 
would be a technological lag that could prevent the implementation 
of new technologies and processes that would benefit the DNS and 
its use in e-commerce.
     Economic development and "social engineering" projects could 
interfere with essential technical management functions. Some 
nations, most notably China, maintain censorship controls on 
internet content available to their citizens.  In a government-
controlled ICANN, these nations might call for technical changes 
to facilitate censorship, tempting other regimes to restrict content 
access. 
     However, it would be a risky strategy for the US and ICANN 
to ignore the voices of the UN and other governments.  That could 
lead to an unlikely, though highly undesirable outcome-
splintering of the Internet. 

A Splintered Internet Threatens All of Us - Not Just ICANN
     In the brief history of the Internet, ICANN has not always been 
the only keeper of the domain name system.  Alternative domain 
name systems still exist today, and are trivial to create, as a 
technical matter.   The consequences of a split internet, however, 
may not be trivial. 
     A split internet root would lead to a split in DNS policies, 
which could impair information security technologies, delivery of 
email, secure e-commerce transactions, trademark enforcement, 
and other forms of consumer protection.  A split isn't likely, but 
ICANN and the U.S. Government need to be cognizant of the risk 
that a large nation or multi-national group could easily establish its 
own DNS.

How Can the U.S. Government and ICANN Make Internet 
Governance Work Better?
     ICANN currently manages a DNS that generally works well 
for businesses and end users.  However, the DNS is facing new 
attacks on availability and an erosion of integrity, calling for better 
contract management by ICANN and greater vigilance by 
consumer protection officials.  ICANN must also withstand UN 
encroachment and avoid possible splintering of the Internet, 
challenges that could be met by ICANN and U.S. policymakers 
through these recommendations: 

1. The U.S. Government should develop a "lighter touch" in 
its ICANN oversight. 
     The U.S. Government must avoid giving the international 
community any excuse to claim that the U.S. is being heavy-
handed in Internet governance.   From this point onward, U.S. 
actions should demonstrate a "lighter touch" in its ICANN 
oversight.  
     The U.S. Government is said to have unduly influenced 
ICANN's re-designation of registry operators for two country-
code top-level domains (ccTLDs), and these instances have 
become legendary among critics of U.S. oversight.  While there 
were valid reasons for the re-delegation of the Iraq and 
Australia ccTLDs, critics cite these instances to claim that the 
U.S. cannot be trusted with its oversight role. 
     The U.S. can take a major step to alleviate these concerns 
by unilaterally committing to a formal, internationalized 
process for changing a designated country top level domain.   
Countries regard their country code TLD as being under their 
sovereign authority, so they are entitled to designate their own 
registry.  ICANN should respect those decisions, subject to 
security or stability qualifications and allowing for expedited 
re-designation during emergencies.  The key is to balance the 
sovereignty of local communities while ensuring the unity, 
availability, and integrity of the DNS. A detailed process for 
this internationalization can be developed, such as one 
suggested by J. Beckwith Burr and Marilyn Cade.  
     Another area where the U.S should show a lighter touch is 
in the launch of new top level domains.  In 2005, the U.S. 
Government asked ICANN to delay the launch of the .xxx 
domain, designated for adult content.  The proposal for .xxx 
had already made it through the ICANN approval processes, 
including opportunities for governments to comment.  
Although Brazil and France expressed similar reservations 
about .xxx, critics complain that U.S. abused its oversight role 
by overriding a DNS management decision that rightly belongs 
under ICANN purview.  

2. The expiring Memorandum of Understanding should 
transition into a long-term agreement.   
     The current Memorandum of Understanding (MoU) 
between the U.S. and ICANN expires on September 30, 2006.  
Six previous expirations were marked by amendments to 
extend the MoU and specify further milestones for ICANN to 
fully transition to private sector management. 
     Repeated extensions and milestones imply that the U.S. 
Government will one day cede all authority over ICANN and 
the "master copy" of the DNS root server.  We believe the U.S. 
should formalize its long-term intention to keep the 
authoritative root distribution server physically located in the 
United States.   This would send a clear signal that moving the 
root server is not an option.  As with the back-stop agreements, 
this is necessary to ensure the availability and integrity of the 
DNS-no other purposes should be implied or intended.  

3. The U.S. Government should maintain "back-stop" 
agreements for major registry operators and numbering 
authorities.  
     Presently, the U.S. Government has contingency 
agreements with operators of the authoritative root server, just 
as a back-stop in case ICANN were unable to execute its 
current responsibilities.  It's prudent for the U.S. to continue 
this practice as a way to guarantee DNS availability to business 
and consumer interests both here and abroad.

4. ICANN and Governments should make the Government 
Advisory Committee (GAC) more involved and responsive.  
     Governments are not nearly as effective as they should be 
when participating in ICANN policy development.  
Government representatives often disregard target dates 
established in the policy development process by failing to 
provide timely and responsive comments at the time when 
policies are being formulated.  What's more, some government 
comments have reflected more rhetoric than reality when 
characterizing the potential impact of proposed ICANN 
policies.  Finally, ICANN decisions should not be held hostage 
when governments cannot reach consensus-government input 
should be given even where it does not represent a consensus 
position.

5. ICANN should improve the reach and transparency of 
stakeholder involvement.
     Whenever ICANN supporting organizations and advisory 
committees present their official positions to the ICANN Board 
and community, they should reveal the degree of consensus 
achieved and the range of views.  ICANN should encourage 
constituencies and advisory committees to report voting results, 
if any votes were taken.  More important, ICANN's Board 
should request fuller disclosure of dissenting opinions and 
alternatives considered.  
     A recent example where this form of transparency worked 
well is the GNSO Council report on alternative formulations 
for the purpose of Whois.   As this report showed, a bottom-up 
process can attempt to forge consensus, but should not suppress 
dissenting views.  Moreover, ICANN outsiders would more 
readily participate when they see that dissenting views and 
alternatives are presented alongside majority views when 
constituencies pass advice along to ICANN's Board.

Conclusion
     ICANN is a work-in-progress on the way to a bold and 
optimistic vision.  I can think of no precedent for a multi-national, 
public-private partnership to manage an enterprise as complex and 
dynamic as the Internet.   
     The DNS has become an irresistible target for hackers, 
criminals, and unfair or deceptive practices, all of which endanger 
its availability and integrity.  ICANN has made progress in its 7 
year history, but it needs more operational experience to merit 
greater independence from U.S. Government oversight. 
     I close by thanking the Committee for holding this important 
hearing and I look forward to your questions.  



     MR. UPTON.    Thank you.  Mr. Lenard.
     MR. LENARD.  Thank you, Chairman Upton, members of the 
subcommittee.  Thank you for this opportunity to express my 
views on the ongoing experiment in Internet governance that is 
ICANN.  
     The Internet is now the main driver of the digital economy, not 
only a global marketplace but also a means to communicate and 
contribute information more efficiently and more widely than ever 
before.  How we govern the Internet has far-reaching economic, 
political and social ramifications.  It can determine whether the 
Internet continues to flourish and grow or whether it gets bogged 
down by bureaucratic and politicized decision making.  
     My testimony makes three basic points.  First, for all the 
controversy that has at various times surrounded the current 
government's arrangement, it is, as seems to be generally the view 
expressed here today, far superior to the alternative multilateral 
arrangements that have been proposed.  There are many countries 
that do not share our commitment to promoting innovation, free 
markets and the free flow of information.  And it is not difficult to 
envision a governing structure that would be far less friendly to the 
development of the Internet than the one we now have.  Some 
other governments clearly are more prone to want to control the 
content that is available on the Internet.  Governments may impede 
technical advances that now occur routinely in response to market 
forces in order to further their political and economic agendas.  It 
is likely that a multilateral organization would adopt a more heavy-
handed approach to Internet governance and that governance 
procedures would be used by countries to try to gain competitive 
advantages over each other.  
     Second point, having said all that, ICANN needs to resist its 
tendency toward becoming an economic regulatory agency and 
limit itself to administering the technical aspects of the domain 
names.  In the current competitive environment in which customers 
are confused by the number of alternative and country code TLDs, 
there is no need for a regulatory approach with, for example, 
competitive bidding or price regulation to avoid the exercise of 
market power.  We should give competing registry operators quasi 
property rights to their TLD registries in order to improve their 
incentives to invest in their business and maintain the quality of 
their TLD brands.  These incentives are severely dampened if the 
registry operator knows that the rights to operate the registry can 
be lost when the contract expires.  Giving incumbents the 
presumptive right of renewal is pro-competitive, and similarly, 
registries should not face barriers if they want to offer new 
vertically related services.  
     Third, to ensure that the market for registry services is as 
competitive as possible, ICANN should free up entry and let the 
market determine the number of top level domains.  ICANN's 
policies still limit competition in the TLD market as evidenced by 
the fact that ICANN has approved only a relatively small number 
of applications for new TLDs that it has received.  The market 
should determine the number of TLDs available and ICANN 
should only disapprove applications if there are legitimate 
technical reasons for doing so.  Innovation in the IT sector, in 
which the Internet obviously plays a key role, has been the engine 
of growth in the U.S., the basis for an economic performance over 
the past decade that sets us apart from much of the rest of the 
world.  Maintaining a climate of innovation benefits every one, not 
just the U.S.  However, the U.S. has perhaps more to lose if the 
pace of innovation slows because of more bureaucratic process and 
a more heavy-handed regulatory approach.  
     Despite ICANN's defects, the Internet has flourished under the 
current Internet governance arrangement, and I would not have the 
same confidence with respect to a multilateral arrangement.  But 
ICANN can be even more light handed and pro-competitive, and 
that should be its goal.  Thank you very much. 
     [The prepared statement of Thomas Lenard follows:] 

PREPARED STATEMENT OF THOMAS M. LENARD, SENIOR VICE 
PRESIDENT FOR RESEARCH, THE PROGRESS & FREEDOM 
FOUNDATION

     Chairman Upton, Chairman Stearns, Ranking Members 
Markey and Schakowsky, and members of the Committee.  Thank 
you for this opportunity to express my views on the ongoing 
experiment in Internet governance that is ICANN and how well it 
is working.  My name is Thomas Lenard and I am a senior fellow 
and senior vice president for research at The Progress & Freedom 
Foundation.  PFF is a non-partisan, non-profit think tank that 
focuses on public policy issues that affect the digital revolution and 
the information economy generally. 
     The Internet is now the main driver of the digital economy-
not only a global marketplace, but also a means to communicate 
and distribute information more efficiently and more widely than 
ever before.  How we govern the Internet has far-reaching 
economic, political and social ramifications.  It can determine 
whether the Internet continues to flourish and grow, or whether it 
gets bogged down by bureaucratic and politicized decision making.     
     My views on ICANN's performance, briefly, are as follows: 
      ICANN has made progress and is continuing to improve.  
Despite some problems that have plagued the organization, 
the Internet has flourished during the period that ICANN 
has been "in charge".  This is due to ICANN's charter to 
concentrate its oversight on technical aspects of the domain 
name system (DNS) and its relatively light-handed 
approach.
      Moving ICANN's governance functions to a multilateral 
organization would be extremely risky.  A multilateral 
organization is likely to be far more intrusive and 
regulatory, which would put the future development of the 
Internet at risk. 
      However, ICANN must resist the drift toward becoming an 
economic regulatory agency.  There is already sufficient 
competition in the markets for domain names to move 
away from ICANN's regulatory approach.  
      To ensure that the market for registry services is as 
competitive as possible, ICANN should free up entry and 
let the market determine the number of TLDs (top-level 
domains).

Multilateral Governance
     There are a number of countries that believe that Internet 
governance should be shifted to a multilateral organization of some 
sort.  The Congress expressed its disagreement with that view in a 
resolution passed last year.  The agreement reached at the World 
Summit on the Information Society in Tunis in November 2005 
assures that the current structure of Internet governance will 
remain in place, at least for the time being.
     We should thank our very able diplomats for achieving the 
Tunis commitment, which is very important.  For all the 
controversy that at various times has surrounded the current 
governance arrangement, and notwithstanding some criticisms I 
will discuss, it is far superior to the alternative multilateral 
arrangements that have been proposed.  There are many countries 
that do not share our commitment to promoting innovation, free 
markets and the free flow of information.  It is therefore not 
difficult to envision a governance structure that would be far less 
friendly to the development of the Internet than the one we now 
have.  Some other governments clearly are more prone to want to 
control the content that is available on the Internet and limit the 
free flow of information.  Governments may impede technical 
advances-advances that now occur in response to market 
forces-in order to further their political and economic agendas.  It 
is likely that a multilateral organization would adopt a more heavy-
handed approach to Internet governance and that governance 
processes would be used by countries to try to gain competitive 
advantages over each other.
     Innovation in the IT sector-in which the Internet has played a 
key role-has been the engine of growth in the U.S., the basis for 
an economic performance over the past decade that sets us apart 
from much of the rest of the world.  Maintaining a climate of 
innovation benefits everyone, not just the U.S.  However, the U.S. 
has perhaps more to lose if the pace of innovation slows because of 
more bureaucratic processes and a more heavy-handed regulatory 
approach, which would be predictable if Internet governance were 
shifted to a multilateral organization.  

Internet Governance and the Domain Name System
     ICANN administers the DNS, which is essential for the 
operation of the Internet.  Operationally, the DNS is organized as a 
hierarchy with top-level domains (TLDs), such as .com or .edu at 
the top.  These TLDs are operated by registry operators who take 
requests for second-level domains-e.g., amazon.com-and 
determine whether they are available and, if so, register them.  The 
registry operators maintain the database of all registered names so 
they can determine if domain names are available if requested.  For 
the domain name system to work for Internet users, each domain 
name must resolve to a unique IP address, and the registries 
obviously are an essential part of that system.
     All this suggests that the administration of the DNS is 
essentially a technical exercise, and ICANN, or any alternative 
system, is best if it limits itself to administering the technical 
aspects of the DNS.  This view is reflected in the Department of 
Commerce's 1998 White Paper on DNS coordination and 
management, which set forth the following responsibilities for a 
DNS administrator:
     1. To set policy for and direct the allocation of IP number 
blocks;
     2.	To oversee the operation of the Internet root server system;
     3.	To oversee policy for determining the circumstances under 
which new top level domains would be added to the root 
system; and
     4.	To coordinate the assignment of other Internet technical 
parameters as needed to maintain universal connectivity of 
the Internet. 

These are largely technical functions, with the exception of the 
third, which has a potentially significant economic policy element. 

Competition and Regulation 
     From an economic standpoint, there are good efficiency 
reasons to have a single registry operator for each TLD.  Because 
of this, it is sometimes assumed that registries should be viewed as 
monopolists and regulated accordingly.  Indeed, this has been 
ICANN's approach: 
      ICANN enters into agreements with registry operators, 
sometimes through a competitive bidding process, to 
operate a given registry under specific operational and 
service parameters.  These parameters may include price 
ceilings (e.g., for the .com operator).
      At the end of the contract period, the right of the incumbent 
to renew the contract and continue to operate the registry is 
uncertain, even if its performance has been entirely 
satisfactory.  
      The introduction of new services related to the core registry 
functions has been proscribed under the theory that such 
new businesses can be used to circumvent the established 
price ceilings.
     The rationale for such regulation in an environment in which 
there is competition, even if not perfect competition, is very weak.  
A regulatory regime of the type that ICANN has been operating, 
including regulation of price and service quality, is at best a flawed 
tool, even for true monopolies.  Notwithstanding the fact that there 
is only one registry operator for each TLD, there is a significant 
amount of competition between TLDs-from new gTLDs (generic 
TLDs, such as .info) and from the proliferation of ccTLDs (country 
code TLDs, such as .us).  Indeed the ICANN board in a majority 
statement issued earlier this year indicated its view that the market 
for registry services was increasingly competitive:

     However, we firmly believe that ICANN is not equipped to be 
a price regulator, and we also believe that the rationale for 
such provisions in registry agreements is much weaker now 
than it was at the time the VeriSign agreement was originally 
made in 1998. At that time, VeriSign was the only gTLD 
registry operator, and .COM was, as a practical matter, the 
only commercially focused gTLD. Today, there are a number 
of gTLD alternatives to .COM, and several ccTLDs that have 
become much stronger alternatives than they were in years 
past. In addition, the incredibly competitive registrar market 
means that the opportunities for new gTLDs, both in existence 
and undoubtedly to come in the future, are greater than they 
have ever been. It may well be that .COM offers to at least 
some domain name registrants some value that other registries 
cannot offer, and thus the competitive price for a .COM 
registration may well be higher than for some alternatives. But 
price is only one metric in a competitive marketplace, and 
relative prices will affect consumer choices at the margin, so 
over time, we expect the registry market to become 
increasingly competitive. One way to hasten that evolution is 
to loosen the artificial constraints that have existed on the 
pricing of .COM and other registries. We began this process 
with the .NET agreement, and we now continue it with the 
.COM agreement, and we expect to continue along this path as 
we renegotiate agreements with other registries. 

     In the current competitive environment, in which customers 
can choose between a number of alternative gTLDs and ccTLDs, 
there is no need for competitive bidding or price regulation to 
avoid the exercise of monopoly power and, in fact, such regulation 
is harmful.  We should give competing registry operators quasi 
property rights to the TLD registry in order to improve their 
incentives to invest in their businesses and maintain the quality of 
their TLD "brand".  These incentives are severely dampened if the 
registry operator knows that the rights to operate the registry can 
easily be lost when the contract expires.  This implies that giving 
incumbents the presumptive right of renewal-e.g., the proposal to 
extend VeriSign's contract to operate the .com registry-is 
procompetitive.  Similarly, registries should not face barriers if 
they want to offer vertically related services, which will enhance 
economic efficiency. 
     Having said all this, ICANN's policies still unduly limit 
competition in the TLD market.  ICANN has approved only a 
relatively small number of the applications for new TLDs it has 
received.  There is no good rationale for such a restrictive policy.  
The market should determine the number of TLDs available and 
ICANN should only disapprove applications if there are legitimate 
technical reasons for doing so.

Conclusion         
     The current Internet governance arrangement should not be set 
in stone, because we are dealing with a fast-changing technological 
environment.  At this stage, however, there does not seem to be a 
good reason to make any significant change.  Despite ICANN's 
defects, the Internet has flourished under the current Internet 
governance arrangement.  I would not have that same confidence 
with respect to a multilateral governance arrangement.  But, 
ICANN can be even more light-handed and pro-competitive in its 
approach to overseeing the DNS and that should be its goal.



     MR. UPTON.  Thank you.  
     Mr. Feld. 
     MR. FELD.  Thank you.  The question is not should we turn 
ICANN over to the U.N., nobody here thinks that, it would be 
disastrous.  The number of ridiculous decisions that would be 
voted 147 to 3 within the first 2 weeks is staggering.  
     The real question is, one, why, despite that, were there so many 
people so upset with U.S. involvement with ICANN and with the 
way ICANN is running itself that this was even something that a 
lot of people were seriously talking about leading up to the World 
Summit on the Information Society.  
     This should never have gotten past suggestions batted around 
by a few folks in Geneva and some governments that are 
perpetually opposed to our interests.  But even the European Union 
started to say, hmm, maybe it wouldn't be a bad idea.  When there 
is that much unhappiness, we need to look at why.  
     The other problem is how do we get ICANN out of Internet 
governance.  ICANN sadly has become what nobody wanted it to 
be, a really bad copy of the FCC making every mistake that the 
FCC has made on Internet time.  We cycled through beauty 
contests for assignments of licenses, we are into the license 
renewal phase.  I am looking forward to when we finally get the 
competitive options for TLDs.  
     And it is astounding how we are doing the same thing over and 
over again.  This shows up in the question of what does stability 
mean.  The AM/FM radio and television standards have been very 
stable, we are still using 1950s technology.  We were hoping that 
that was not the kind of stability that we were going to see in the 
Internet, but the problem is, when you have control over the 
generic top level domain contracts, then you have huge debates of 
what do we mean by stability.  The incident with Site Finder, 
where VeriSign unilaterally introduced a new service, is a classic 
example of a problem of mixed engineering, policy, and 
economics.  Did it make it very inconvenient for a number of ISPs 
who were relying on dot coms to work the same way forever?  
Yes, a lot of people spent a lot of time up late at night, when it 
went online unexpectedly.  But nobody has figured out a good 
process for how dot com is going to innovate, so that we are not 50 
years from now working with the same kind of registry/registrar 
services. 
     We are also seeing real problems with the level of oversight 
that is being exercised by NTIA and by ICANN.  On the one hand, 
everybody says they don't want to regulate, and NTIA says we are 
not the court of last resort, but the contract between VeriSign and 
ICANN is pending in front of NTIA in a way it stands before no 
other government.  And, of course, when there is a possibility that 
somebody else might fix your problems, you attract people who 
are interested in having their problems fixed. 
     So what should we be doing?  Because nobody wanted this 10 
years ago.  And it was around 10 years ago when we first started 
talking about this, and nobody supposedly wants it today.  I think 
Mr. Twomey has been doing an excellent job, but I looked at the 
ICANN strategic plan, it is now up to $30 million, and people are 
talking about making enforcement mechanisms to it?  You all 
know on this committee how much the FCC spends on an annual 
basis for enforcement, and that is one country's issues.  Are we 
prepared for ICANN's budget to go from $30 million, which it is 
now, to $250 million?  
     We need to do a number of things, as I have suggested in my 
testimony.  One, in making the world more comfortable, we need 
to first find an appropriate forum to talk about the issues that a lot 
of the people in the world want to talk about in Internet 
governance.  Happily, there now is one, the Internet Governance 
Forum, which will be starting in Athens.  We should go and 
participate there and quietly slip ICANN and the DNS out the back 
door at the first opportunity because it doesn't belong in the 
Internet Governance debate.  We need to resolve the relationship 
between ICANN and NTIA and be open and up front about it.  If 
NTIA is going to be ICANN's permanent oversight, we need to 
say it.  If there is a way that NTIA is going to let go, then we need 
to figure out how we are going to let go.  But we can't keep having 
a discussion about NTIA letting go when we don't really mean it.  
That gets people in the world very annoyed at us because nobody 
in the world likes a tease.  
     Finally, there is ICANN.  There is a real problem with 
accountability and representation.  The vast majority of people 
who have ever actually dealt with ICANN from the bottom up 
agree with that.  I understand Dr. Twomey's remark that nobody 
has used the accountability mechanism that is right now at 
ICANN.  There are two possible reasons for that, either because 
everybody is so happy and wonderful--which, given the public 
comments, is not the case--or because nobody thinks that that 
process is worth bothering with.  
     So I would urge NTIA, as it reviews the contract, to force 
ICANN to re-examine its accountability mechanisms.  Thank you. 
     MR. UPTON.  Thank you. 
     [The prepared statement of Harold Feld follows:]

PREPARED STATEMENT OF HAROLD FELD, SENIOR VICE PRESIDENT, 
MEDIA ACCESS PROJECT

Executive Summary of Prepared Testimony of Harold Feld
Senior Vice President, Media Access Project

	The question is not "should we turn ICANN over to the U.N., 
as some have phrased it.  We should not.  Nor is the relevant 
question "does ICANN do internet governance well?"  It doesn't, 
because it shouldn't be doing it in the first place.  Unfortunately, 
ICANN has morphed into what nobody wanted, the Federal 
Communications Commission (FCC) of the internet.  Worse, it 
does it badly, repeating every mistake ever made by the FCC in its 
70+ years of history - on internet time.
	The real questions, in my opinion at least, are "how to get 
ICANN out of the internet governance debate" and "how to make 
sure ICANN does the job it has to do better."  Answering the first 
question is significantly easier than the second.  For the reasons 
explained below, I recommend the following:


To Get ICANN Out of the Internet Governance Debate:
      The U.S. should embrace the Internet Governance Forum 
(the successor to the World Summit on the Information 
Society) as the proper place to talk about "internet 
governance," a category that excludes the technical 
management of the domain name system but includes the 
much more interesting things -- like cybercrime, 
censorship, and security -- most governments really want to 
talk about.  Hopefully, we can remove ICANN as an 
attractive target for topics it has no business or interest in 
addressing.
      NTIA should not be the "court of last resort" for ICANN 
decisions, a de facto role it unwillingly occupies now 
because it can veto any important ICANN decision. 
      The USG should appoint someone other than NTIA to 
represent the U.S. in the GAC (or transfer the MoU to a 
different agency.  Expecting the world to treat the NTIA 
representative in the GAC as just another government 
representative when the same person has veto power over 
ICANN decisions is simply unreasonable.
      NTIA needs to either say up front that it will never fully 
transfer authority over the DNS to ICANN or it needs to set 
a clear path (with a projected time line) for the transfer to 
take place.  Real dialog with concerned governments and 
other stakeholders cannot be premised on false positions or 
ambiguity on this vital issue.  If full transfer is off the table, 
say so and begin discussions on how to make other 
governments as comfortable as possible with that reality.

To Get ICANN Functioning More Efficiently:
      NTIA cannot act unilaterally on ICANN's internal 
structures, but can use the MoU renewal and threat of rebid 
to force critical changes.
      First and foremost, ICANN must have a meaningful 
accountability mechanism.  If ICANN is the FCC of the 
internet, it needs a D.C. Circuit Court of Appeals to keep it 
from exceeding its mandate and to protect DNS users 
(meaning everyone) from arbitrary and capricious decision 
making.
      ICANN needs some kind of mechanism to provide all 
stakeholders a way of participating.  Right now, there is no 
formal way in which any person or entity can participate in 
ICANN and hope to influence ICANN's process for 
developing policy  if he or she does not fit into one of 
ICANN's six arbitrary "constituencies." Worse, these 
Constituencies were created based on which interests were 
present in 1998/1999 and had enough clout to force 
representation. The world has changed a lot since then, 
particularly with regard to who uses the internet.  ICANN's 
processes need to reflect these changes.
      ICANN needs to stop pretending it doesn't do regulation 
and learn to separate regulatory issues like competition 
policy from technical coordination.  If ICANN is going to 
set tariffs  and price caps, which is essentially what it does 
for domain names, it needs to stop navigating by the seat of 
its pants and figure out how to come up with real numbers 
that makes sense.

     I wish I had more specific solutions for ICANN's problems.  
But NTIA has gotten good recommendations from a number of 
interested parties.  I recommend starting with the comments of the 
Internet Governance Project (IGP), a consortium of academics 
interested in ICANN and internet governance.  They have a lot of 
relevant knowledge and experience.   
     Which, I suppose, leads to one last recommendation.  It is high 
time for ICANN and NTIA to stop circling the wagons against 
critics and start looking outsider its insider circle for advice.  The 
days in which only engineers had useful things to say about DNS 
management, for better or for worse, are over.  Public policy, 
economics, and law are as much specialties as engineering.  Yet 
ICANN's Board and many key supporters continue to insist that 
only engineering expertise matters because ICANN is only about 
technical coordination.  Until ICANN recognizes that it does real 
regulation rather than just technical coordination, it will lack the 
expertise it needs to do its job properly.


     Good afternoon.  My name is Harold Feld.  I am Senior Vice 
President of the Media Access Project (MAP), a 35-year old non-
profit public interest law firm protecting the public's First 
Amendment right to speak and hear information from a diversity of 
sources in the electronic media.  MAP is a member in good 
standing of ICANN's non-commercial user constituency (NCUC).
     The question is not "should we turn ICANN over to the U.N., 
as some have phrased it.  We should not.  Nor is the relevant 
question "does ICANN do internet governance well?"  It doesn't, 
because it shouldn't be doing it in the first place.  Unfortunately, 
ICANN has morphed into what nobody wanted, the Federal 
Communications Commission (FCC) of the internet.  Worse, it 
does it badly, repeating every mistake ever made by the FCC in its 
70+ years of history - on internet time.
     The real questions, in my opinion at least, are "how to get 
ICANN out of the internet governance debate" and "how to make 
sure ICANN does the job it has to do better."  Answering the first 
question is significantly easier than the second.  For the reasons 
explained below, I recommend the following:

To Get ICANN Out of the Internet Governance Debate:
      The U.S. should embrace the Internet Governance Forum 
(the successor to the World Summit on the Information 
Society) as the proper place to talk about "internet 
governance," a category that excludes the technical 
management of the domain name system but includes the 
much more interesting things -- like cybercrime, 
censorship, and security -- most governments really want to 
talk about.  Hopefully, we can remove ICANN as an 
attractive target for topics it has no business or interest in 
addressing.
      NTIA should not be the "court of last resort" for ICANN 
decisions, a de facto role it unwillingly occupies now 
because it can veto any important ICANN decision. 
      The USG should appoint someone other than NTIA to 
represent the U.S. in the GAC (or transfer the MoU to a 
different agency.  Expecting the world to treat the NTIA 
representative in the GAC as just another government 
representative when the same person has veto power over 
ICANN decisions is simply unreasonable.
      NTIA needs to either say up front that it will never fully 
transfer authority over the DNS to ICANN or it needs to set 
a clear path (with a projected time line) for the transfer to 
take place.  Real dialog with concerned governments and 
other stakeholders cannot be premised on false positions or 
ambiguity on this vital issue.  If full transfer is off the table, 
say so and begin discussions on how to make other 
governments as comfortable as possible with that reality.

To Get ICANN Functioning More Efficiently:
      NTIA cannot act unilaterally on ICANN's internal 
structures, but can use the MoU renewal and threat of rebid 
to force critical changes.
      First and foremost, ICANN must have a meaningful 
accountability mechanism.  If ICANN is the FCC of the 
internet, it needs a D.C. Circuit Court of Appeals to keep it 
from exceeding its mandate and to protect DNS users 
(meaning everyone) from arbitrary and capricious decision 
making.
      ICANN needs some kind of mechanism to provide all 
stakeholders a way of participating.  Right now, there is no 
formal way in which any person or entity can participate in 
ICANN and hope to influence ICANN's process for 
developing policy  if he or she does not fit into one of 
ICANN's six arbitrary "constituencies." Worse, these 
Constituencies were created based on which interests were 
present in 1998/1999 and had enough clout to force 
representation. The world has changed a lot since then, 
particularly with regard to who uses the internet.  ICANN's 
processes need to reflect these changes.
      ICANN needs to stop pretending it doesn't do regulation 
and learn to separate regulatory issues like competition 
policy from technical coordination.  If ICANN is going to 
set tariffs  and price caps, which is essentially what it does 
for domain names, it needs to stop navigating by the seat of 
its pants and figure out how to come up with real numbers 
that makes sense.

	I wish I had more specific solutions for ICANN's problems.  
But NTIA has gotten good recommendations from a number of 
interested parties.  I recommend starting with the comments of the 
Internet Governance Project (IGP), a consortium of academics 
interested in ICANN and internet governance.  They have a lot of 
relevant knowledge and experience.   
	Which, I suppose, leads to one last recommendation.  It is high 
time for ICANN and NTIA to stop circling the wagons against 
critics and start looking outsider its insider circle for advice.  The 
days in which only engineers had useful things to say about DNS 
management, for better or for worse, are over.  Public policy, 
economics, and law are as much specialties as engineering.  Yet 
ICANN's Board and many key supporters continue to insist that 
only engineering expertise matters because ICANN is only about 
technical coordination.  Until ICANN recognizes that it does real 
regulation rather than just technical coordination, it will lack the 
expertise it needs to do its job properly.

Background
	Since 1997, I have participated in the debate over ICANN and 
the broader "internet governance" concepts that ICANN has 
alternately sought to embrace or avoid.  In that time, I  served as an 
NCUC representative to the Names Council (now the Generic 
Names Support Organization), served as NCUC's representative 
on the advisory board of the Public Interest Registry (the registry 
for the .org generic top level domain), participated in various 
ICANN processes, task forces, and meetings.  Recently, however, I 
have been primarily as an observer rather than a participant.  It is 
therefore from the perspective of an observer that I offer my 
testimony today. 
	In 2003, I wrote that ICANN was fundamentally flawed 
because it arose from a compromise among competing interests 
and could not possibly hope to satisfy them all.   The traditional 
internet community, members of which continued to control 
important pieces of the internet's infrastructure, wanted a narrowly 
focused organization that could act as a "heat shield" against 
intrusive political actors or business interests.  Trade associations 
concerned with "cybersquatting" and other issues involving 
intellectual property wanted a convenient way to address their 
concerns.  Businesses and governments wanted stability and a 
place to raise issues related to the name system.  This activity 
attracted the interest of civil society advocates, such as myself, 
who were concerned that the central critical resource of the internet 
would fall under the unaccountable control of one or more interests 
indifferent to the impact of decisions on DNS on free expression, 
privacy and consumer protection.
	The resulting compromise structure that became ICANN 
survives by the happy chance that its dysfunctionalities have so far 
cancelled each other out.  On the one hand, ICANN decisions are 
made by a Board of Directors accountable to no political authority 
and with no meaningful appeal of its decisions.  On the other had, 
the process by which ICANN distills "consensus" is so 
cumbersome, complicated, frustrating and difficult to manage that 
little actually gets done.  In some ways, this resembles the 
complicated system for passing laws envisioned in the 
Constitution, where our libertarian forbears compromised between 
Federalists like Hamilton and anti-Federalists who feared a strong 
central government.  But frustration with this system does 
occasionally build to a point where the continued existence of 
ICANN is actually threatened.
	Frustration with ICANN has precipitated political crisis twice 
in ICANN's relatively brief history.  The first time, in 2002, the 
ICANN Board pushed too hard and too fast to assert control over 
critical aspects of the Internet naming structure.  Notable missteps 
included:
      Endless contract negotiations between staff for new registry 
and registrar services that embodied the worst in 
unaccountable bureaucratic rulemakings;
      Extension of director terms and elimination of promised 
accountability mechanisms such as electing Directors;
      Threatening to withhold needed services to country code 
top level domain (ccTLD) root zone files unless the 
ccTLDs entered into binding contracts with ICANN; 
      Simultaneously seeking to embrace governments by 
redelegating the .AU ccTLD at the request of the Australian 
government while formally limiting the role of 
governments to the Government Advisory Committee 
(GAC); and, 
      Simultaneously embracing the dominant registry Verisign 
by modifying the agreement under which Verisign operated 
the ".com" domain while allowing industry rivals to 
leverage ICANN's processes to impose onerous regulatory 
hurdles before Verisign could bring new services to market.  

	Throw in accusations of cronyism, a ballooning budget paid for 
by fees ICANN imposed on entities ICANN regulated, and 
increasing concern by foreign governments that the U.S. 
government and U.S. businesses were exercising too much control 
over the internet's naming structure, and it is no surprise that the 
Department of Commerce faced serious pressure in 2002 to find 
another contractor to handle ICANN's duties or otherwise force 
ICANN to change how it conducted business.
	ICANN survived the 2002 crisis for several reasons.  First and 
foremost, no one could come up with a better solution for how to 
manage the internet naming system that commanded anything 
close to consensus.  Second, ICANN actively undertook steps to 
placate its most powerful critics.  Several of the more controversial 
directors allowed their terms to end, bringing in much needed fresh 
blood an new perspectives.  The hiring of Dr. Paul Twomey, an 
Australian with experience in government, non-governmental 
organizations and the private sector, as President likewise helped 
diffuse hostility from foreign governments and disgruntled 
stakeholders.  ICANN provided a more formal role for the GAC, 
clarified to some degree its policy formation structure, and agreed 
to move forward (in a limited way) on some of the more pressing 
issues surrounding the DNS.
	Nevertheless, problems continued.  Notable flash points 
included the controversy over Verisign's unilateral decision to 
introduce a new service, "Site Finder,"in September 2003.    Prior 
to the introduction of Site Finder, entering a non-existent URL 
ending in .com or .net returned a message that the requested 
domain did not exist (although numerous browser plug-ins would 
take the opportunity to redirect users to sites where they could 
register the non-existent name).  When Verisign introduced Site 
Finder, entering a non-existing URL would direct the user to the 
Site Finder website.  In response to widespread complaints that this 
new service at the registry level created potential instabilities, 
ICANN directed Verisign to withdraw Site Finder.  Verisign 
replied that it would voluntarily withdraw the service, but 
maintained that ICANN had no authority to regulate its service 
offerings.  Verisign also complained that to the extent it had failed 
to follow ICANN processes, this was because it was impossible to 
determine what the correct processes were.
	The incident highlighted one of the chief problems for ICANN.  
On the one hand, an unannounced unilateral change at the registry 
level, particularly of the dominant generic top level domains, could 
potentially create serious issues for ISPs and others relying on the 
stability of the registry service.  On the other hand, ICANN was 
not supposed to act as a regulatory body. Its supporters had argued 
time and again that requiring businesses to seek regulatory 
approval for new services would prove the death knell of 
innovation on the internet.  And, if ICANN could regulate 
Verisign's services, what were the limits of that authority?  Was 
there any appeal for Verisign, or Verisign's competitors, once the 
ICANN Board made a decision?
	Another issue that caused world governments to take notice 
was the redelegation of Iraq's country code, the .iq ccTLD.  
According to the official report by the Internet Assigned Numbers 
Authority (IANA) , the .iq ccTLD was never activated.  In 2002, 
the original recipient of the .iq delegation was arrested for 
laundering money for Hamas.  In 2004, the Coalition Provisional 
Government requested redelegation of .iq. In 2005, the IANA 
redelegated the .iq ccTLD to the National Communications and 
Media Commission of Iraq.
	In many ways, this decision was entirely unremarkable; 
ICANN has redelegated ccTLDs before.  But the fact that this took 
place in secret (as other redelegation decisions had) in the context 
of deep international suspicion about the United States 
involvement in Iraq and U.S. control over the DNS aroused 
concerns that the U.S. had simply ordered its contractor ICANN to 
make a unilateral change to the .iq ccTLD.  As many countries 
increasingly regard their ccTLD as both an aspect of their 
sovereignty and as critical to their commerce and information 
infrastructure, the fear that the U.S. exercised too much control 
over the DNS gained significant currency in the international 
community.
	These fears were further stoked by the controversy surrounding 
inclusion of the proposed .XXX gTLD.  In the summer of 2005, 
ICANN staff completed negotiations with the proposed .XXX 
registry and the Board of Directors scheduled a vote.  This 
triggered protests from a number of governments through their 
representatives in the GAC.  In addition, however, a significant 
number of opponents to the .XXX gTLD appealed directly to 
NTIA to "veto" any ICANN decision to include the .XXX gTLD 
in the root.
	This put NTIA in a profoundly awkward position.  As 
representative of the U.S. government to the GAC, it is entirely 
appropriate for the Administrator of NTIA (or delegated 
representative) to express opinions consistent with U.S. interests.  
Indeed, it would seriously disadvantage the U.S. if NTIA could not 
participate fully in the GAC.  At the same time, no one can forget 
that the Administrator of NTIA is the only government 
representative in the world with the ability to veto a decision by the 
ICANN Board of Directors.  This inevitably makes NTIA a target 
for lobbying by parties with interests before ICANN, and opens 
NTIA to accusations of "regulating by raised eyebrow" when it 
forcefully advocates for particular positions.
	Meanwhile, between 2003 and 2005, ICANN continued to 
stumble along.  While improved somewhat after the reforms of 
2002-03, ICANN's consensus and policy development processes 
still move incredibly slowly and inefficiently, with no clear 
understanding of the Board ultimately determines the "consensus" 
and no means of appealing ICANN decisions.  This lack of 
accountability, combined with an ever increasing bureaucracy and 
budget (ICANN now employs over 50 staff members and has a 
budget of $30 Million - not bad for a small organization dedicated 
to technical coordination), has bred considerable frustration among 
participants in the ICANN process.  It is telling to me that, 
although I stopped significant participation in ICANN in 2003, I 
could attend the meeting scheduled for December 2-8 in Sao Paulo 
and find familiar topics such as the implementation of 
internationalized domain names, the purpose of the WHOIS 
registry, and policy for including new gTLDs on a regular basis 
still under discussion.
	Worse, because ICANN's mandate remains ill-defined, it 
continues to attract the attention of interested parties and world 
governments interested in "Internet governance," the very thing 
ICANN's founders intended to avoid.  ICANN has no mandate or 
expertise for how to bring the benefits of the internet to developing 
nations.  Nor should it serve as a global police officer for internet 
content.  There are many issues of worth considered under the 
rubric of "internet governance," but ICANN is precisely the wrong 
place to settle them.  On the other hand, if trade organizations can 
successfully ask ICANN to solve their intellectual property 
enforcement issues, why shouldn't other interest groups or 
governments look to ICANN to solve what they consider to be the 
pressing issues of the day?
	In November of 2005, the frustration with ICANN again boiled 
over, this time at the World Summit on the Information Society 
(WSIS).  As part of the preparation for WSIS, a Working Group on 
Internet Governance (WGIG) examined both governance of the 
naming system and other issues loosely related as "internet 
governance."  Although WGIG itself was only intended as one part 
of a broader WSIS agenda, the primary focus of the WSIS meeting 
in Tunis turned to the efforts of various governments to move 
ICANN out of U.S. control and the efforts of other participants to 
use the dissatisfaction around ICANN to create real change in its 
operation.  This, in turn, prompted the House of Representatives to 
approve overwhelmingly a resolution supporting continued 
management of the DNS by ICANN under the authority of NTIA.
	After considerable negotiation at the WSIS meeting in Tunis, 
world governments agreed to accept the basic arrangements under 
which ICANN manages the DNS.  In exchange, the United States 
agreed to participate in a new international "Internet Governance 
Forum" (IGF).  The IGF was explicitly designed to include the 
wide range of issues relating to "internet governance" that fall 
outside the proper role of ICANN.  The IGF will continue 
discussion on a wide variety of issues for five years.  The first 
formal meeting of the IGF will take place in Athens, Greece on 
October 30, 2006.
	On September 30, 2006, the existing Memorandum of 
Understanding (MoU) between ICANN and the Department of 
Commerce will expire.  It is a forgone conclusion that NTIA will 
renew the MoU.  The critical questions are under what terms, and 
with what expectations.  

DISCUSSION
	In considering what level of oversight NTIA should exercise 
over ICANN through the MoU, and what level of oversight 
Congress should exercise over NTIA, it is important to distinguish 
between separate issues that are frequently confused.  In recent 
debates the question is usually phrased as whether some sort of 
international intergovernmental organization, such as the U.N., 
should assume control of ICANN.  This question is easily 
answered "no," at least by anyone concerned with preserving 
freedom of expression on the Internet.
	But the easy answer to this question hides matters deserving of 
significant attention.  It is often used as a distraction from 
examining the very real problems that still afflict ICANN and its 
processes.  ICANN can attribute its survival to date more to the 
lack of any real alternative capable of commanding consensus than 
to deep satisfaction with the status quo.  Or, in an oft repeated 
observation by Representative Markey (D-MA), paraphrasing 
Winston Churchill, "ICANN is the worst form of Internet 
governance ever conceived, except for all the other forms 
proposed."
	To dismiss international opposition to U.S. management of 
ICANN and concern about ICANN itself to the machinations of a 
few governments perpetually hostile to U.S. interests merely 
invites us to undertake the same cycle of argument again and again 
until something changes dramatically.   When even usual allies of 
the United States at ICANN such as the European Union express 
concerns with continued U.S. management of ICANN, we should 
recognize a serious problem. We ignore the warning signals sent 
up at WSIS at our peril.
	On the other hand, it is logical to ask why it matters whether 
governments are or are not satisfied with U.S. arrangement for 
management of the DNS.  After all, at the end of the day, 
governments cannot force the U.S. to turn over its contracts or 
critical infrastructure if the U.S. declines to do so.
	Two factors, however, mitigate against a such a unilateral 
approach.  First, the debate over ICANN and internet governance 
takes part in a larger context of multilateral negotiations of 
importance to the United States.  To respond to world governments 
with a simple "sucks to be you" is to invite retaliation - both subtle 
and gross - against U.S. companies and U.S. interests in other fora.
	Second, a real danger exists in the form of "splitting the root."  
At it's heart, the DNS is simply a table that keeps a list of name 
servers that match domain names with internet protocol (IP) 
addresses used by machines to send internet traffic.  Nothing 
prevents a country from creating its own master list and requiring 
by law that all ISPs within its boarders use this "alternate root" 
rather than the existing root.  The problem arises if the "alternate 
root" has different information from the "authoritative root."  If 
this happens, Internet traffic intended for the same recipient could 
go to different recipients.  Predictions for the outcome of such an 
experiment range from ultimately beneficial (a minority view) to 
catastrophic (somewhat more broadly held view) to a range in 
between.  At the very least, the existing global nature of the 
internet would be altered in ways that would impose significant 
costs on U.S. businesses and on people everywhere trying to 
communicate with one another.
	"Splitting the root" is highly unlikely, in no small part because 
doing so imposes significant costs on the country isolating itself 
from the broader internet. But, like the existence of nuclear 
weapons, the possibility of splitting the root provides an incentive 
for the United States to continue to engage other countries.
	Finally, leaving international considerations aside, the 
temptation to give ICANN a "free pass" because no one can find a 
better alternative that commands sufficient support imposes very 
real consequences on DNS management and on the people and 
businesses that rely on the DNS (which, at this point, is just about 
everyone).  An ICANN incapable of commanding legitimacy 
cannot create consensus or coordinate needed improvements in the 
DNS as intended.  An ICANN that remains unaccountable is a 
recipe for autocratic and ill-informed decision making, cronyism, 
and bureaucratic waste.  ICANN's decisions can impact the civil 
liberties of millions of American citizens registering domain names 
in their personal capacities, and impose billions in hidden costs 
(both directly and through missed opportunities) on U.S. 
businesses.
	At the same time, Congress and NTIA must approach reform 
of ICANN with considerable delicacy.  Unilateral decisions to 
address concerns, however worthy, give credence to the charge 
that the U.S. has a privileged position in internet domain name 
management that others resent.
	I present therefore only some very surface recommendations.  
The first center on specific changes Congress and NTIA can make 
outside of ICANN to defuse the legitimate concerns raised by other 
governments.  The second set of recommendations address ICANN 
specific problems that NTIA should attempt to remedy via the 
MoU renewal process.

Mitigating World Hostility
         Embrace the Internet Governance Forum.  It is understandable 
that, after WSIS, interested parties might resist the IGF as a 
continuation of the process by which hostile interests try to seize 
control of ICANN.  But the IGF presents a tremendous opportunity 
to get ICANN out of the issue of "internet governance" by 
providing a proper forum to address issues of global concern.  Too 
many people look to ICANN to resolve their "internet governance" 
problems - whether this means online gambling, digital inclusion, 
of "irresponsible" websites critical of totalitarian regimes - 
because there is no other forum in which to discuss these issues.  
Furthermore, because control of the DNS, the central bottleneck of 
the internet, offers a convenient means by which governments can 
hope to control content or levy fees similar to the manner which 
they have traditionally controlled and levied fees on broadcasting 
and telephony, it naturally attracts the attention of governments 
and others looking for global solutions to their perceived problem.  
While this last will continue to remain true for the foreseeable 
future, we can at least take steps to minimize the attractiveness of 
ICANN as a forum for "governance" issues by providing alternate 
fora for discussion.
	U.S. participation in the IGF, particularly after the endorsement 
of ICANN by the WSIS participants, thus becomes the means by 
which the U.S. engages with other countries on critical internet 
issues as part of a multilateral process familiar to most 
governments and open to both civil society and private sector 
interests.  By establishing IGF as the appropriate forum for these 
broad-ranging discussions, interest in leveraging ICANN as a 
forum for these discussions will diminish over time.  While this 
will not satisfy those intent on attacking U.S. "dominance" of the 
DNS, it will help satisfy countries and interests whose chief 
frustration is the lack of a suitable forum to resolve pressing 
internet governance issues.
	NTIA Must Not Be The "Court of Last Resort" For ICANN.  
When people are unhappy with ICANN, or with potential ICANN 
decisions, they go to NTIA.  NTIA continues to maintain it doesn't 
oversee ICANN.  But because NTIA has the power to do so, and 
because NTIA is the U.S. representative to the GAC, it will 
continue to attract the attention of parties unhappy with ICANN.
	NTIA should give serious consideration to eliminating its "veto 
right" over ICANN and content itself with the MoU renewal as a 
means of maintaining suitable oversight to safeguard U.S. 
interests.  In addition, NTIA should either transfer the MoU to 
some other agency, or should delegate representation to the GAC 
to some other agency.
	Appoint someone other than NTIA to represent the U.S. in the 
GAC.  As illustrated by the controversy over the proposed .XXX 
TLD NTIA's continued involvement in ICANN as U.S. 
representative to the GAC while simultaneously exercising 
oversight creates significant concern about the nature of NTIA's 
oversight.  There is no reason why the same agency must both 
manage the ICANN MoU while representing U.S. interests.  
Transferring the U.S. GAC representation to another agency, such 
as the State Department, could eliminate this needless source of 
tension.
	Let me stress that, as an American citizen, I feel that the 
current arrangement hampers the U.S.'s ability to represent me and 
my interests in ICANN.  The U.S. needs a GAC representative that 
can forcefully represent U.S. interests without raising the specter 
that the U.S. is "really" sending a signal about what it will or will 
not permit.  NTIA representation of U.S. interest in the GAC, 
while simultaneously holding the MoU, is a historic artifact we 
should end.
	NTIA Must Clarify When It Will Transfer Full Control to 
ICANN or Stop Pretending.  In 1997, the United States proposed 
fully internationalizing the DNS under private sector management. 
In 1998, when NTIA picked ICANN to manage the root, it again 
promised to relinquish control over the root.  Since then, however, 
NTIA has not explained when or under what circumstances it will 
carry out this promise to relinquish U.S. control.  The "sense of 
Congress" resolution passed last year in response to pressure from 
WSIS strongly suggests that United States will never entirely 
relinquish control of the domain name system.
	Bluntly, nobody likes a tease.  If complete elimination of U.S. 
oversight of the Root is out of the question, NTIA should say so up 
front.  We can have an honest and productive dialog with other 
countries on how to address real concerns about the U.S. role in 
DNS management if we delineate the boundaries of that 
conversation clearly.  We cannot have productive dialog if it is 
premised on the assumption that we would some day accede to 
relinquishing all control of the DNS when we have no intention of 
ever doing so.
	By contrast, if there are conditions under which the United 
States would feel comfortable relinquishing its current level of 
control, we should clarify what those conditions are and how 
ICANN can satisfy them.  A clear set of milestones that ICANN 
must meet can provide a valuable road map and incentive for 
ICANN to reform itself.  But NTIA should not commit to such a 
path unless it has confidence that it could, in fact, relinquish 
control under proper circumstances.
	Recognize that ccTLDs raise sensitive issues.  As countries 
increasingly rely on their country code top level domains for 
commerce and communication, they become understandably 
nervous about exercising control over them.  Sensitivity is further 
increased by the growing perception that a ccTLD is as much an 
attendant right of sovereignty (or, at least, recognition as a distinct 
economy) as the right to participate in the Olympics or have one's 
own area code.
	The United States would not be happy if the .us ccTLD were 
controlled by another country, even an allied country with whom 
we enjoyed close relations.  The United States needs to find some 
way to satisfy other countries that it will not make unilateral 
changes to the ccTLD of a sovereign nation without the consent of 
that country's government.

Addressing ICANN's Real Problems
	I have remarked in the past that ICANN recapitulates the FCC, 
but does it badly.  ICANN has its own version of tariffing and 
price caps (for name registrations), its own version of license 
renewal hearings, complete with "beauty contest" style 
comparative hearings.  In place of a "public interest" standard, it 
operates under a rubric of stability and consensus of the "internet 
community."
	Sadly, with great power has come no responsibility.  ICANN 
lacks a Congress or D.C. Circuit Court of Appeals to ensure that its 
decisions are not arbitrary, capricious or contrary to law.  Its Board 
of Directors, the equivalent of the FCC Commissioners (whose 
open meetings and written opinions increasingly come to resemble 
FCC opinions, with concurring statements and dissents), serve as 
volunteers on a part time basis.  This gives enormous latitude to 
ICANN's full time professional staff to set policy through contract 
negotiation with the entities ICANN regulates and through the 
recommendations to Directors that Directors have neither the time 
nor expertise to consider.
	The question is not whether ICANN directors or staff are good 
people trying their best to do what's right in the world.  On the 
contrary, I believe they are good people trying to do their best in an 
impossible job.  The job is "impossible" because ICANN as 
currently constituted either does too much or too little.  ICANN 
either needs to jettison its regulatory functions or complete its 
transformation into a regulatory body capable of regulating 
properly.   Since the former is impossible at this point, I suggest 
developing ways to do the later.
	Two things make it impossible for ICANN to reduce itself to 
the narrowly focused non-regulatory body it wants to be.  First, 
voluntary coordination of the kind envisioned by ICANN's 
founders and modeled on such entities as the Internet Engineering 
Task Force (IETF) worked because it they were voluntary.  No one 
needed to follow a standard set by the IETF, or get permission 
from IETF first before writing code.  Once participation in ICANN 
became mandatory for inclusion in DNS, and once ICANN 
decisions became as binding as agency regulations, the entire 
dynamic changed.
	Second, although ICANN publicly maintains that it has no 
intention of managing "internet governance," its commendably 
narrow focus became laughable as soon as ICANN also became 
responsible for protecting trademark rights.  There is nothing 
remotely technical about using control over the Domain Name 
System to resolve complaints about whether this name or that 
name conflicts with a trademark.  There is nothing technical about 
requiring would be registrars to have "sunrise" periods in which 
trademark holders can register names in the new registry before 
anyone else.
	As ICANN has discovered, doing a little bit of policy is like 
the old cliche about being a little bit pregnant.  ICANN now finds 
itself bedeviled by a non-stop stream of requests to resolve this 
issue or that.  Law enforcement agencies want changes in how 
registries manage the "Whois" database to facilitate law 
enforcement - a move opposed by civil liberties organizations 
concerned with privacy issues and protecting speakers from 
retaliation by oppressive governments.  After all, if ICANN can 
resolve problems for intellectual property holders, why can't it 
resolve problems for law enforcement or anyone else?
	To illustrate by analogy, phone numbers in the United States 
are administered by the FCC as part of an international system 
called the North American Numbering Plan (NANP).  NANP is a 
voluntary coordination between 19 different North American 
countries administered by a private company (Neustar).  It works 
without fuss because each country maintains control of its own 
phone numbers and Neustar plays a ministerial role in facilitating 
coordination between the countries.
	If countries participating in NANP decided to use it to take 
phone numbers away from people, required every government to 
pass through binding contracts to each phone number user to abide 
by conditions set via the NANP, or otherwise leveraged control of 
phone numbers, you can imagine it would attract quite a bit of 
interest all of a sudden.  If those opposed to indecent speech over 
the telephone thought they could circumvent the Supreme Court's 
decisions protecting "dial-a-porn" by having NANP include a 
"voluntary" provision in every phone number agreement, they 
would show up to lobby NANP.  So would those opposed to hate 
speech or other "inappropriate content."  And with them would 
come those opposing such new regulation, or seeking additional 
regulation.
	Even when avoiding such clearly non-technical concerns as 
trademark enforcement, ICANN finds itself involved in traditional 
competition and industry regulation questions that have nothing to 
do with technical stability.  For example, to promote competition 
in the domain name registration business, ICANN required that 
TLD registries be artificially separated from businesses that 
register domain names (registrars).  This may have made good 
economic sense (a debatable point), but it did not increase 
technical stability.  To the contrary, it introduced an entirely new 
set of coordination issues tied to this split between the purchase of 
a domain name by a consumer and the actual registration of that 
name in the registry database.
	One competition/consumer protection decision begets another.  
At the time Verisign and ICANN entered into an agreement in 
1999, they set the "wholesale" rate for .com registrations (what 
Verisign charges registrars) at $6/name.  No economic justification 
for this figure has ever been given.  It was what ICANN and 
Verisign (and NTIA) agreed to in private negotiations.  The recent 
agreement between Verisign and ICANN renewing Verisign's 
control of .com for another 6 years would allow Verisign to raise 
the wholesale rate by 7% per year in four of the six years.  
Unsurprisingly, registrars have protested the decision.
	Is 7% justified?  Is it too much?  Not enough?  This is a classic 
tariffing question in rate-controlled industries.  But ICANN has no 
process or expertise for setting or challenging a price.  The process 
of rate setting, which impacts millions of .com registrants around 
the globe, takes place in private between staff for ICANN and staff 
for Verisign.
	Meanwhile, other registry contracts raise new questions. Is it 
fair to treat .com and .net differently, because they remain the 
dominant registries?  Recently, ICANN announced that it will 
permit new registries to have "variable pricing" under which a 
registry can set a different rate for a specific domain name or class 
of names, or could raise the price of a domain name after a 
registrant has invested in significant resources in creating good 
will in the name.  
	This has understandably created concerns.  Some names may 
appear intrinsically valuable, such as "wine.com" or "sex.com." 
But should registries be the ones to capture that value?  After all, 
the right to run a registry is a valuable license handed out by 
ICANN on an exclusive basis.  Does it constitute an "unjust 
enrichment" to allow a registry to profit in such a way?  By 
contrast, why should whoever proved lucky enough to register 
"wine.com" first enjoy all of the benefit?  Why shouldn't the 
registry, which is creating value by creating the registry, be 
allowed to price its registration services under free market 
principles?
	Worse, what about name renewals?  The name 
"mediaaccess.org" had no particular value when MAP registered it.  
But if the Public Interest Registry, which controls .org, announced 
that it was going to assess new fees or cancel the name, MAP 
would pay those fees.  MAP would not pay because PIR was 
suddenly adding new value, but because switching to another name 
would prove far more costly.  Should ICANN restrict such 
practices? Should it permit them in new registries, but not in the 
dominant gTLDs such as .com and .net?
	Finally, as the Site Finder incident demonstrates, even 
technical questions about how new registry services impact 
stability raise non-technical concerns. When and how registries 
should be allowed to innovate cannot be resolved without 
balancing a host of economic and political questions. 
	Unfortunately, I have no prescription for ICANN's overall ills.  
It is simply too late to eliminate the Uniform Dispute Resolution 
Process (UDRP) and revert to an organization providing only 
voluntary technical coordination.  Even if such an arrangement 
were in the feasible set (and I have no illusions on that score), 
UDRP has become too widespread and imbedded in the web of 
contracts governing the DNS.   And, even if UDRP were 
eliminated, the competition issues would remain.
	If it is impossible to pare back ICANN to a non-regulatory 
body, then it needs to become a regulatory body that actually 
works.  ICANN ending up as the FCC for the internet is pretty 
dreadful, but it beats ICANN becoming the equivalent of the 
International Olympic Committee or some other wholly 
unaccountable behemoth.
	As numerous individuals, organizations, and academics have 
repeated time and again, ICANN cannot function without 
legitimacy.  To gain legitimacy, it needs accountability.  It gains 
these by having straightforward, transparent processes and some 
oversight authority that ensures that ICANN decisions do not 
exceed ICANN's mandate and that ICANN decisions have at least 
some rational basis to them.  
	ICANN also gains legitimacy by providing some means by 
which participants feel they are represented in the decision making 
process, and that participation in the process can have impact.  
While I do not suggest that ICANN must fulfill its 1998 promise to 
permit election of directors by internet users, it needs something 
better than the current processes that seeks to fit all possible 
interests into 6 "Constituencies" with no formal process for 
participation by individuals.
	I have no neat solution to this problem either.  But NTIA can at 
least attack the accountability and representation issues through the 
MoU renewal process without tampering with ICANN's internal 
deliberations on pending matters.  The Internet Governance 
Project, a consortium of interested academics, has filed comments 
with NTIA providing recommendations on how NTIA can use the 
MoU process to address the accountability and representation 
problems.   I hope that NTIA gives these and other proposals 
serious consideration when addressing the MoU renewal.

CONCLUSION
	In examining ICANN and internet governance, this Committee 
and NTIA cannot content themselves by asking whether ICANN as 
it exists today is better than ceding authority to the U.N.  Of course 
it is.  To set the question up in such a fashion ignores the real 
problems that have made even the U.N. an attractive alternative to 
ICANN to some parties.
	Instead, Congress and the NTIA need to address a different 
question, can we turn ICANN into a non-issue?  I believe it is 
possible to do so by refocusing the broader debate on "internet 
governance" in an appropriate forum (the IGF) and getting ICANN 
to function in a way that stakeholders find acceptable.  This last 
creates very real challenges for NTIA, particularly in light of the 
desire to shift "internet governance" questions away from ICANN.  
But failure to get ICANN to work in an accountable and 
representative manner will make it impossible to refocus the 
"internet governance" question.  As long as ICANN remains both 
unaccountable and unconstrained, it will continue to attract parties 
looking for ICANN to solve its problems.

     MR. BOHANNON.  Chairman Upton, Chairman Stearns, 
members of the subcommittee, I appreciate being able to testify 
here today on the important role that ICANN plays in promoting 
confidence and stability on the Internet. 
     As the principal and the largest trade association of software 
and digital information companies, we have supported and 
carefully monitored the role and activities by ICANN since its 
inception, and we have seen firsthand how ICANN's policies 
contribute directly, as Chairman Stearns alluded to, combating 
online copyright and trademark infringement, promoting civil 
protection, combating cyber squatting, phishing, criminal acts on 
the Internet, including the pernicious effects of spyware.  And 
those are all detailed in my testimony, I am not going to repeat 
them here. 
     ICANN plays that critical role because it sets the policy for 
domain names and IP addresses and the "Whois" databases.  And 
that database and that information has been accessible to the public 
since the very inception of the Domain Name System. 
     As we are focused here at the end of the month on the renewal 
of the MOU, it is our view--and I think the view is held widely by 
others in my industry and others--that the focus needs to be on the 
Department of Commerce's future relationship with ICANN, and 
not entertaining speculative ideas about new entities or wholly new 
arrangements.  Our belief is that it is vitally important that when 
the MOU is renewed, that the contractual obligations between 
ICANN and domain name registrars and registrees be fully and 
vigorously enforced.  
     More concrete steps need to be taken to improve the accuracy 
of contact data in the "Whois" database, and ICANN should 
commit to the preservation of public access to "Whois" data so that 
its many beneficial uses can be maintained. 
     For that very reason, last week SIIA and others joined with 
other trade associations, companies and other nonprofit groups in 
sectors ranging from banking, hotel, entertainment, online retail, 
technology and others to communicate this message to Mr. 
Gutierrez.  And Mr. Chairman, I would ask that in addition to my 
testimony, this letter be introduced into the record.  
     MR. UPTON.  Without objection.
     [The information follows:]




     MR. BOHANNON.  The concerns in this letter, and others 
expressed earlier this year, were prompted when in the first step of 
a policy development process a vote was taken to narrow the 
purpose of the "Whois" database.  That narrower purpose would 
have basically covered only a very small proportion of the current 
critical uses of publicly available "Whois" data.  And many of the 
ways that we have used that data to fight intellectual property 
infringement, fight phishing and fight online crime would basically 
be eviscerated if that policy proposal went forward. 
     The reaction, even at the beginning of this year, was just 
incredible.  And even the American Red Cross expressed its 
concerns that the impact of this vote on its ability to shut down 
fraudulent fundraising sites, such as those that sprang up within 
hours after Hurricane Katrina that hit the Gulf Coast last year, 
would be very much impeded. 
     Do we think ICANN is listening?  I think despite the earlier 
steps this year, we think that some progress is being made.  There 
does appear to be some backing away from the concept that the 
only purpose of making contact data available is to resolve just 
simple technical problems, which, of course, flies in the face of the 
role of the "Whois" database since the inception of the Domain 
Name System.  
     We are certainly hopeful, and we certainly want to commend 
the leadership of the Department of Commerce, Acting 
Administrator Kneuer and his team, as well as FTC Commissioner 
Leibowitz, for stating in our view a very firm view of the U.S. 
Government about the role of the "Whois" database, both at the 
last ICANN meeting and otherwise publicly. 
     But preserving public access to "Whois" is just one issue.  It is 
also essential that we dramatically improve the accuracy and the 
liability of the data that we find there, and that problem has been 
amply documented.  In a study that the GAO released last 
December, it estimated that the "Whois" data, in over 5 million 
domain names in dot com, dot net, and dot org, is either obviously 
false, incomplete, or simply could not be found.  This is simply too 
high a level of inaccuracy which undermines the value of this 
important tool for all users of the Internet. 
     This hearing comes at a critical juncture, two weeks now 
before the end of the current MOU, and the relationship of the U.S. 
Government and ICANN.  In the last renewal of the MOU in 2003, 
ICANN pledged to take steps to improve the accuracy of "Whois" 
data.  It promised to put into place an enhanced system for 
ensuring that domain name registrars and registrees live up to their 
contractual obligations, including keeping "Whois" data publicly 
accessible.  While some steps have been taken, and we do want to 
acknowledge those, ICANN's own report shows that the system 
does not work and the steps that have been taken simply are not 
operating in the way they were designed to do.  
     And I think this boils down to a very simple challenge, which 
is that ICANN has consistently shied away from taking on the 
more difficult task of requiring registrars and registrees to take 
some proactive steps, any proactive steps to verify the information 
they are collecting from those who want to register a domain name 
on the global TLDs. 
     So Mr. Chairman, we want to acknowledge and confirm the 
important role that ICANN plays in promoting stability and 
confidence.  And while some suggest that this could be done by 
another organization, either intergovernmental or otherwise, with 
all due respect, we do not agree.  We think the more appropriate 
thing is to focus on improving ICANN's role.  Let's not start over. 
     And I will be glad to take any questions you may have. 
     [The prepared statement of Mark Bohannon follows:] 


PREPARED STATEMENT OF MARK BOHANNON, GENERAL COUNSEL 
AND SENIOR VICE PRESIDENT, PUBLIC POLICY, SOFTWARE & 
INFORMATION INDUSTRY ASSOCIATION





     MR. UPTON.  Well, thank you.  And I certainly agree with your 
closing statement that we want to improve what we have today.  
And I just want to say before I start, because we are expecting 
votes on the House floor soon, if we do this right and maintain a 
tough gavel, I think we might be able to get all our questions in 
before the votes start.  But I want to thank and commend Kelly 
Cole, our diligent staffer; this is the last hearing that she will be on 
this side of the dais.  And she has been worth her weight in gold, 
and she is off to greener pastures--I get an extra two minutes, right, 
Kelly?  
     MR. STEARNS.  Mr. Chairman, I will just say a few words also.  
Kelly has helped me on my subcommittee, so I also want to 
congratulate her in her transition.  
     And when a person takes her last night in an Air Force 
airplane, what they do is all the crew douses that person with 
water, but we won't do that with Kelly; we won't give her that cold 
chill, we will give her the warmest greetings as she leaves. 
     MR. UPTON.  We will save that for Coach Carr after he beats 
Wisconsin this weekend.  
     Okay, the clock has started. 
     Thank you all for your testimony.  And again, Mr. Bohannon, I 
certainly agree, how can we improve this process?  I don't think 
anybody here on this panel wants to see the U.N. put out their air 
balls and exert a great influence on the process.  But I will tell you, 
the question that comes to mind right away for me is, obviously, 
the story that broke this week that the MOU is going to be 
extended.  There weren't a lot of details that were given, but I 
would note that that is yesterday's news.  
     The 30th is next week, and I am just wondering what details the 
two of you might be able to give us in terms of how long an MOU 
we are expecting?  What changes do you see, particularly in light 
of some of the testimony by the other four panelists, in terms of 
how can we improve the system.  What light can you shed on the 
process today?  And remember, you are not under oath, so you can 
tell us.  No bad consequences will happen.
     MR. KNEUER.  Oath or no oath, I will be truthful. 
     Yesterday, at a hearing at the Senate Commerce Committee, I 
was asked this question, will there be an extension of the MOU, 
and the plain answer is yes, we intend to extend our Memorandum 
of Understanding with ICANN to help continue this transition.  
Each Memorandum of Understanding that we have executed with 
ICANN has been publicly available on the Internet, and I am sure 
this will be no exception.  We conducted this consultation over the 
summer to look at how has ICANN progressed through the last 
version of the MOU?  What are the issues that are most 
outstanding?  And I think the comments we have heard of the 
panel this afternoon reflect very similar issues to things that we 
heard.
     MR. UPTON.  And let me interrupt you for one second.  I would 
guess that all four of you submitted comments, right?  You are 
among the 700 that they reviewed; is that right?  Anybody not 
submit comments?  Mr. Feld.  Two, Mr. Lenard and Mr. Feld did 
not submit comments.  Okay.  Go ahead, I am sorry.
     MR. KNEUER.  Clearly the areas that people had continued 
concerns are transparency and accountability.  Over the last 
iterations of the MoU, the progress that ICANN was making was 
largely institutional, organizational, getting staff in place, having 
budgets in place, having contingency plans, those sorts of things.  
That being said--and they have made enormous progress in that 
regard--that being said, the ultimate goal of having a lasting 
institution that has well understood and well articulated processes 
in place for accountability and transparency is ongoing.  
     And those are the sorts of things that I believe that we expect to 
memorialize in our ongoing agreement so that we can continue this 
transition, that we can have in place an institution that we all 
collectively have confidence in, that it will be lasting and stable 
and secure and will be able to carry out this function with the 
confidence of its constituents. 
     MR. UPTON.  For how long?  
     MR. KNEUER.  In the past, we have done these for 1 year, for 3 
years.  I think what we want to be mindful of is give it enough time 
that they can actually make progress, we don't want it to be so 
short in time that nothing realistically can be accomplished; but at 
the same time, we don't want it to be so long that it appears to be 
interminable.  So those are the sorts of things that we are still 
discussing, but I would imagine it would be somewhere in those 
sorts of timeframes that we have had in the past. 
     MR. UPTON.  Probably at least 3 to 4 years?  
     MR. KNEUER.  I think 4 would be longer than anything we have 
done in the past, the last one was 3.  But I think they have made 
significant progress, so I think we can look for a timeframe that, as 
I said, gives them an opportunity to get some real concrete work 
done, but is not so long as to--and also recognizes the fact that they 
have made considerable progress--this process has been going on 
for an extended period of time--something that indicates a clear 
path forward.  
     MR. UPTON.  You didn't tell us a lot in terms of details. 
     Dr. Twomey, can you tell us a little more?  Knowing that you 
came the farthest, right?  Didn't you come from halfway around 
the world for this?  
     DR. TWOMEY.  Actually, in some sort of bizarre post Cold War 
phenomenon, I flew in from Moscow to attend, being in some key 
conferences there. 
     Chairman, part of my response would be that we are having 
these hearings today, not on the 30th, and so this discussion is 
clearly underway.  But I wanted to reinforce what Mr. Kneuer has 
said.  ICANN has achieved, I think, a lot in the last 3 years in 
terms of the many things in the existing Memorandum of 
Understanding for organizational development and strength and 
what have you.  Part of its commitment going forward is also that 
it takes much more of its own sense of control, a sense of its own 
purpose, a sense of its own destiny if you like.  I make that point 
because the board itself is considering a new set of principles for 
private-sector management and operating principles which are 
directed to many of the things that members have actually pointed 
out.  The board itself has been listening very closely to the 
feedback from members of the community over the last 18 months, 
and things like transparency, things like high standards for 
accountability and other issues are very important to the board.  
     I did make the point in my opening statement that I think there 
is a lot of transparency in what ICANN does, but it needs to 
maintain the various high standards, and the board is committed to 
that.  Separate to any discussion in an MOU, the board itself is 
working on a set of principles in response to what it has heard from 
the community to direct where it goes directly towards these 
things.  In other words, it doesn't need the United States 
Department of Commerce or anybody else to tell them what it 
needs to do to achieve its task, it listens to its community and is 
really working on that. 
     But we have also been in discussions about the nature of the 
sort of relationship we need to go.  We recognize and value the 
role that the Department of Commerce has played in the MOU 
process in due diligence about the growing sense of ICANN and 
the development of this form of Internet governance, if you like.  
And we do recognize that we will have some arrangement going 
forward; I think it will be of a slightly different nature in the detail 
than the previous ones. 
     And the timeframe I think is something that we are also still 
considering.  I couldn't give a straight answer on that, the 
consultation of the board is still underway.  But we recognize the 
things that have been put forward in the consultation process, in 
the consultation process that we have taken, we think they are 
important.  But a lot of those things I think that we, as a board, just 
want to do ourselves.
     MR. KNEUER.  Mr. Chairman, if I could just add to that, saying 
that I didn't give much information.  We will have all the 
information when we are done. 
     MR. UPTON.  Okay.  Ms. Eshoo.  
     MS. ESHOO.  Thank you, Mr. Chairman. 
     I have two questions--well, I have lots of questions, but I don't 
have a lot of time and the bells are going off.  
     There are two questions, and I want to direct them to 
Mr. Twomey, but I want to thank the entire panel for your 
testimony and your work, some I know and have worked very 
closely with.  
     And Mr. Feld, I am glad that you are here today.  You have a 
lot on your mind, and it has been building up over 5 years I think, 
right?  I am not diminishing it, really, but thank you to everyone. 
     So to Dr. Twomey, I have heard--and I have made references 
to this--complaints about ICANN's lack of transparency.  
Transparency is a big word, you know, and a lot of things can 
come under that umbrella.  But particularly with regard to the 
contracting processes and the ability of affected parties and the 
public to provide input into these important agreements.  And there 
is a protection of the contract.  VeriSign has a contract; they are 
proud of the work that they have done.  But, you know, the mark 
of humanity is that no one is perfect.  No matter what it is, no 
matter how hard we work to refine things and recognize, it is like 
punching a pillow, you put a dent in it and there is something else 
that comes up. 
     My sense is is that the way the system works is that you really 
don't have to pay very much attention to complaints.  And that is 
my sense from what I have gathered.  So tell me what you and 
your contractors are doing to provide the best service possible.  
And, in particular, are you using technology to handle these 
things?  You make reference in your testimony to how many things 
are posted and whatever, but I don't know if that really speaks to 
it, you know?  
     And my other question is, and you touched on the London 
School of Economics, but they issued their report on your GNSO, 
and the report says that that the GNSO must have greater 
transparency and enhance its ability to reach consensus positions, 
and that you have to respond much more quickly--I think the 
"much" was underlined--to your constituents.  So what are you 
doing about these recommendations?  
     DR. TWOMEY.  Good set of questions, Congresswoman. 
Come to the first one, your point about transparency, it is quite-
-you are right, this is a very difficult topic.  I think our processes 
around these contracts, in particular, where there has been 
feedback on the sense of not being transparent.  These contracts 
have been out publicly, they have been posted.  
     MS. ESHOO.  Well, if I might.  It is one thing to be able to read 
the language of a contract, it is another thing to be able to go 
somewhere and talk to someone about it.  It is not just reading 
something.
     DR. TWOMEY.  I agree with you.  But this is my point, I was 
saying about accessibility.  I think one of the things we need to 
work more on is it is not just a question of having this material 
posted, but you have to make it more accessible for people to 
understand.
     MS. ESHOO.  So if I have a complaint about it and I send 
something to you, how do you handle it?  
     DR. TWOMEY.  Well, we have two ways of handling the 
complaints.  First of all, there are complaints handled through staff 
processes, but we also have an independent ombudsman, and if 
people have future complaints they can take those complaints to 
the independent ombudsman.
     MS. ESHOO.  Do you have backlogs on it?  Are you all up to 
date?  Does anyone ever meet with anyone, with organizations?  
     DR. TWOMEY.  Yes.  We have a process of meeting with people 
throughout the year, but we also hold three very large public 
meetings a year where member constituencies all come together.  
The ombudsman, for example, is available the entire time there, he 
has an office available for people to come and talk, staff and board 
members and others as well.  I mean, we could keep--
     MS. ESHOO.  Well, see, I think that there is a lot of quality and 
a lot of important growth and management and all of that, the 
organization.  I think you have a ways to go.  You know what we 
call it?  Constituent service.  And you know what?  None of us 
would be sitting up here unless we really gave good constituent 
service because they are not so much into how we voted on the 
previous question, but rather how we have responded effectively to 
what people are saying to us.
     DR. TWOMEY.  I would agree completely, and we are looking 
to dedicate more resources on this.  But I think as you, in 
Congress, would know more than most--more than all, really--you 
can have open transparent processes, you can go through a set of 
feedback, eventually you have to make some decisions as a board, 
and often people who don't like the decision will often criticize 
your own process.
     MS. ESHOO.  Well, if that is where you start from, it is going to 
affect your process.  What about the London School of 
Economics?  
     DR. TWOMEY.  Their review process has just been made public; 
they just finished their independent review.  And members of the 
board and of the Generic Names Supporting Organization's own 
constituencies are now coming together as to how to actually 
implement some of those recommendations and discuss those 
recommendations.  
     So the response there will be bottom up, it won't be from 
myself or the board down saying this is the answer.  We will be 
listening to further consultations on those recommendations.
     MS. ESHOO.  Who is going to consult with you on them?  They 
are?  
     DR. TWOMEY.  They have given this report to our community.  
Our Generic Names Supporting Organization and the board are 
going to convene a process for handling that report and figuring 
what the way to respond to it should be.  Again, it will have to be 
through an open consultation process.
     MS. ESHOO.  It seems like if you could have a more direct 
punch to what you do, but that is just my observation.  
     Thank you, Mr. Chairman. 
     MR. UPTON.  The Chair recognizes Chairman Stearns and will 
just announce votes have started in the House, Mr. Stearns will 
continue to chair.
     MR. STEARNS.  [Presiding.]  Thank you, my colleague.  I am 
going to get through my 5 minutes. 
     And Mr. DelBianco, this is a question for you.  Is there a threat 
in letting ICANN go independent too early, that would open it up 
to a takeover by another body such as the United Nations?  Just yes 
or no.
     MR. DELBIANCO.  The answer is yes, Mr. Chairman.
     MR. STEARNS.  Okay.  Can governance be separated from the 
technical functions of integrity and availability when both are 
necessary to address certain cyber crimes?  
     MR. DELBIANCO.  Cannot be separated.  We need to do all--we 
need to do availability and integrity.  And not just as ICANN as 
manager, the FTCs and the similar FTCs in other nations also have 
to participate in protecting consumers.
     MR. STEARNS.  How do we do that?  How do we get the 
nations to participate?  
     MR. DELBIANCO.  We cannot convince other nations to 
legislate in the same way we do on consumer crimes, on spam, on 
spyware and on regulating of content.  All we can do is expect 
them to respect our wishes to cooperate in law enforcement efforts, 
and that is one of the key reasons that the "Whois" data has got to 
be open and accurate.  As Chairman Leibowitz said yesterday, if 
the FTC had to go into another nation and beg a registrar there to 
provide the information needed to investigate a fraudulent website, 
they would have very little to stand on if ICANN were not 
enforcing the accuracy of the "Whois" database.
     MR. STEARNS.  Do you think we have to develop a 
cross-border fraud bill in the United States that would have some 
accountability and have some way to enforce it?  
     MR. DELBIANCO.  I think the chances to do that on fraud are 
far better than the chances to do it on content regulation.  We will 
have too many differences when it comes to content or censorship, 
but on fraud I think it is promising.
     MR. STEARNS.  Do you think we should try to pursue then 
today this cross border fraud, on the fraud, but leave the content to 
a later date then?  
     MR. DELBIANCO.  Yes, Mr. Chairman. 
     MR. UPTON.  Do you think there is any hope to ever do any in 
content, or is it just because there are so many cultural challenges 
here that--I guess we can't.  
     What is the biggest threat of the Internet if the abuse of domain 
name practices are not stopped?  
     MR. DELBIANCO.  As the integrity of being able to get to the 
Internet website you originally intended begins to erode, 
businesses lose their ability to control the consumer experience, 
consumers begin then to lose confidence that that site hasn't been 
redirected or that is not a fraudulent website.  It will have an 
ancillary effect as well, because advertisers--and again, advertising 
revenue really drives a lot of what happens on the Internet today--
advertisers will lose the effectiveness of their impressions if fewer 
and fewer of them are reaching the target audience they were 
intended for.
     MR. STEARNS.  Mr. Lenard, you state that ICANN has had a 
relatively light touch.  What do you think a multi-lateral 
organization, if they were put in charge of the Internet, is likely to 
do, perhaps in terms of regulation or that type of thing?  
     MR. LENARD.  Well, obviously, one can hypothesize, but first 
of all, other nations --for all the regulation we sometimes don't 
want that we get here--other nations just have a much more 
regulatory approach, many of them less faith in the free market.  
And I think you would have lots of kind of what we would call rent 
seeking behavior, behavior between various countries trying to use 
the procedures to try to gain competitive advantages for 
themselves, and I think that would be ultimately quite damaging.
     MR. STEARNS.  If we want to promote innovation and 
investment by the competing registry operators and reduce 
regulation, do we invite a greater threat from those who want a 
multilateral organization to control the Internet?  
     MR. LENARD.  No, I don't think so.  I think we need to have 
pro-competitive policy.  ICANN needs to have as pro-competitive 
a policy as possible, that will stimulate investment.  And I don't 
think that necessarily will invite, you know, more interest in a 
multilateral organization.
     MR. STEARNS.  Mr. Bohannon, how do consumers benefit from 
the "Whois" database, and does it apply to entities outside the 
United States?  
     MR. BOHANNON.  Thank you, Mr. Chairman.  
     Let me answer the second part first.  The "Whois" database 
supplies right now to all the domain names registered in any of the 
generic top level domains, dot com, dot net, dot org, et cetera.  
There are separate "Whois" databases for all the country code 
TLDs, and that is not really the subject of what my testimony was 
about. 
     Consumers benefit because, quite frankly, when they get an 
e-mail that looks like it is legit, they can go check out the domain 
name, verify independently who it is that they are dealing business 
with.  And when they submit a complaint to a consumer protection 
authority, whether it be the Attorney General or the FTC, the FTC 
can do the same thing, it can help identify whether, in fact, it came 
from a legitimate source or not.
     MR. STEARNS.  How does fraud affect your members and their 
ability to conduct business, consumers and other businesses who 
want it?  
     MR. BOHANNON.  It occurs a number of ways.  My testimony 
outlines that certainly for our industry, the ability to go after pirates 
of our intellectual properties is absolutely four square in the 
interest of our members and something that we are daily in the role 
of working together to try to figure out how we go after this.  
     But my members, many of whom are well known brands, are 
also the victims themselves of phishing attacks to their consumers 
who claim that they are representing a product--people out there 
representing that their products are a certain company's product, 
which is not true.  So both on the side of protecting intellectual 
property, as well as combating fraud and phishing, my members 
need to make sure that the system by which we can know who we 
are doing business with is both something we can rely on, that it is 
accurate and up to date, and that we have the tools to use it freely 
and in real-time.
     MR. STEARNS.  Can fraudulent websites be detected or 
prevented with tools other than "Whois" database?  
     MR. BOHANNON.  We have never said that the "Whois" 
database is the silver bullet, but we are not aware of any effort to 
go after either an intellectual property pirate or a scam artist that 
doesn't first use "Whois".  Once you have that kind of information, 
you can then use other tools, both technology, legal self-help.  But 
we are not aware of anything that doesn't first require us going to 
the "Whois" database to double check where it is.
     MR. STEARNS.  The subcommittee is going to temporarily 
adjourn until we vote, and we will be back.  There are several other 
members that wish to ask, so we appreciate your forbearance.
[Recess.]  
     MR. STEARNS.  The subcommittee will come to order.  And 
Mr. Green is recognized.
     MR. GREEN.  Thank you, Mr. Chairman.  And I would like to 
ask unanimous consent for my statement to be placed into the 
record. 
     MR. STEARNS.  By unanimous consent, so ordered. 
     [The information follows:] 

PREPARED STATEMENT OF THE HON. GENE GREEN, A 
REPRESENTATIVE IN CONGRESS FROM THE STATE OF TEXAS

     Thank you to our Chairman and Ranking Member for holding 
this hearing on the Internet Corporation for Assigned Names and 
Numbers or ICANN.
     The Internet is a unique asset that poses many challenges for 
individual nations to manage individually and collectively.  
     The United States government, including actions by Congress, 
helped create the Internet, but it is now a huge international system 
of networks that defies complete control by any particular 
government.  
     Comparing the problems of unwanted email and telemarketing 
solicitations proves that the Internet is beyond even the control of 
the United States, the most powerful nation on earth.  
     While our federal law is an extremely important tool against 
spam, it can never work as well as the do-not-call list because the 
problem requires major international cooperation.
     As a result, the question of how to coordinate the technical and 
management aspects necessary for the Internet to work is also 
extremely important.
     An effectively functioning Internet is clearly in the national 
interest, and removing these functions to the United Nations is a 
bad idea.  
     The United Nations is a diplomatic body for debating 
international issues, and is not a particularly effective standard-
setting or management agency.  
     In addition, there is a lot of anti-American sentiment around 
the world these days and a U.N.-managed Internet governance 
body would likely see spill-over from other diplomatic disputes.
     Even if the U.S. Department of Commerce limits their impact 
on ICANN under the current arrangement, the appearance of 
control inevitably makes America a target of some criticism.
     As a result, it may be difficult to continue forever with the 
appearance of American control over ICANN, because at the end 
of the day the Internet is global.
     I look forward to learning more about these issues from today's 
hearing and questioning our witnesses on some of the recent 
controversial with ICANN.  
     In particular I am interested in their proposals to remove the 
"Whois" database of website operators from the public domain and 
the recent settlement with Verisign.
     Thank you and I yield back the balance of my time.

     MR. GREEN.  Mr. Twomey, in a Senate hearing yesterday, there 
was a discussion that ICANN consider, change, or restrict the 
access to the "Whois" database of website operators, and it is 
currently publicly available on the Internet.  Both the FCC and 
FTC and other U.S. and international law enforcement agencies are 
concerned of this move because it restricts ability to stop spam, 
spyware and identity theft.  Our office used this database before to 
find out who registered websites in my own name, and our FTC 
Commissioner Liebowitz said that the FTC uses database in almost 
all its Internet investigations and seems very worried about 
ICANN's new policy.  
     During our work on our spam bill a few years ago, I learned it 
is difficult enough to police the Internet and prevent spam, 
spyware, identity theft and viruses without introducing more 
hurdles to law enforcement.  
     If ICANN goes forward with the change and restricts access to 
"Whois" database, what would the FTC and other agencies do, 
much less the Members of Congress who want to know who is 
using--has an Internet address with our name on it?  And how 
would it be able to access that information?  
     DR. TWOMEY.  Thank you, Congressman, for the question.  
Let me be clear about where we are with "Whois".  ICANN's 
policy on "Whois", as it presently stands, is quite clear, to maintain 
timely, unrestricted public access to accurate and complete 
"Whois" data, including registrant technical, billing, and 
administrative contact information.  And that is our policy, and that 
is what is written into our contract.  So that is what we administer 
and enforce and will continue to enforce.
     MR. GREEN.  So it will be available?  
     DR. TWOMEY.  Yes.  And we are putting more resources into 
that. 
     We have a policy development process, which is a bottom up 
process, and "Whois" has been in a discussion in that arena for 
some time.  And the points that have been referred to in the Senate 
yesterday and other places has been some discussion by some 
constituencies about changing that policy.  But that policy cannot 
change without input from all our constituencies, including all of 
the governments who are part of that process, and many others.  
That could take a very long time, it may come to nothing at all.  
And the sentiments that you have put forward and others put 
forward are clearly going to be heard in any crisis.  And at that 
stage, you know--because it is being discussed, it does not mean 
that is what ICANN is going to do.
     MR. GREEN.  We have that problem here in Congress. 
     Mr. Kneuer, do you have anything else to add to this? 
     MR. KNEUER.  Other than that it is the express position of the 
administration, not just in the Department of Commerce, but across 
all of the various executive branch agencies and equities that have 
an interest in "Whois" database that is publicly available, accurate 
and searchable "Whois" information is critical for law enforcement 
for the protection of intellectual property and others.  We think it is 
vitally important that ICANN enforce its contracts to ensure that 
that information is made publicly available.  We have made our 
input into the government advisory process, and we will certainly 
be active in all of ICANN's processes and elsewhere to make sure 
that information remains publicly available, accurate and 
accessible and searchable.
     MR. GREEN.  My next question for both of you today is that, 
under the recent litigation settlement between ICANN and 
VeriSign allowed VeriSign to increase prices for domain names 7 
percent per year, 4 out of the 6 years.  One of the concerns I have 
about that is we are still working on when AT&T was a monopoly 
and the FTC controlled their cost, I know in settling lawsuits, is it 
just the settlement of the lawsuit, or is there a background reason 
for the 7 percent per year?  
     DR. TWOMEY.  Congressman, you pointed out that contract, 
proposed contract coming out of a very broad settlement 
arrangement around a series of issues, and that particular term--
which is just one of many, many terms in that contract--emerged 
out of those negotiations.  And out of a sense from VeriSign, the 
things that they saw as being important, as they put it, the need to 
ensure sufficient funds for increasing demands in their 
infrastructure and infrastructure investment, particularly for 
security.  
     I would just make this observation, Congressman; under the 
previous contract, they also had the right to ask for a price 
increase.
     MR. GREEN.  Oh, I don't mind.  I was just wondering 7 percent 
compared to 5 percent, or whatever. 
     DR. TWOMEY.  That has been a matter, I think, of negotiation.  
     MR. DELBIANCO.  Congressman, with respect to that, in May 
our group commissioned Zogby International to do a poll.  They 
polled 1,200 American businesses who owned websites and asked 
that question, how much does this--well, 7 percent doesn't really 
tell the story, it is 1.86.  For instance, on a domain name 
registration that costs between 10 and $50 a year, within the 
context of building and maintaining a website in the Commerce 
platform with technical support--it is irrelevant.  And the survey 
results came back that 81 percent are completely unconcerned with 
1.86, especially if it was presumably going for security and 
stability.  They were far more concerned about those integrity 
problems we discussed.
     MR. GREEN.  Mr. Kneuer, is the Department of Commerce 
entered into the Memorandum of Understanding with ICANN on 
that settlement with VeriSign?  
     MR. KNEUER.  We don't look at the overall settlement of the 
litigation with ICANN and VeriSign, but as part of that litigation 
settlement, they renegotiated the dot com registry agreement.  As 
part of our overall management of the transition of the DNS to the 
private sector we have retained the right to review those contacts.  
We are reviewing the VeriSign-ICANN dot com registry 
agreement.  
     We are doing that in consultation with the Department of 
Justice, Antitrust Division for purposes of these competition issues 
and the pricing issues that you raised, as well as with various 
entities throughout the Federal government that have insight and 
expertise on matters of stability and security.  
     And if I just might, my experience with the Antitrust Division 
in this review is that they have been wide awake and very vigilant 
in their work on our behalf.  They have been extraordinarily 
proactive and hardworking in their review and analysis; and we 
very, very much value the advice and the expertise that they 
provide us.
     MR. GREEN.  This is probably my last--I can't read how much 
time I have left, Mr. Chairman, with the lights, but did VeriSign 
commit that these funds would be used for the increased security?  
     DR. TWOMEY.  There is no explicit terms in the contract to that 
effect.  Their public statements have all been directed towards that 
effect.  There is no requirement in this contract that they have to 
increase their prices, that is the other point.  This doesn't say that 
there will be a price increase, it just doesn't label it.  
     MR. GREEN.  Okay, thank you, Mr. Chairman. 
     MR. STEARNS.  I thank the gentleman, Mr. Shimkus.  
     MR. SHIMKUS.  I thank you, Mr. Chairman.  And I appreciate 
you all being here.  It is really noteworthy that we are finished 
voting today and members actually came back.  I don't know if 
that is good or bad, but it does show you that there is interest by 
many of us to try to figure out and understand this, which is kind 
of a bizarre process.  And it has been working, but I think people 
have questions, and that is why I am going to first start with Mr. 
DelBianco.  
     In your testimony, you note that you believe the authoritative 
or A root server belongs in the United States.  It is currently 
located in Virginia, can you explain why you believe this?  
     MR. DELBIANCO.  Thank you, Congressman.  
     I did suggest in there that I am echoing what I believe was a 
very strong statement by both the House and Senate last 
November, unanimous in both House and Senate, when they laid 
out a series of parameters around which the U.S. wanted to 
maintain oversight of the Internet.  And one essential ingredient in 
that, unanimous in both Houses, was that the physical master copy, 
we will call it that, the master copy of the highest level table be 
physically kept in the United States.  It is a security backstop.  Not 
unlike the other things the U.S. has done by negotiating backup 
agreements with certain partners, contracting partners to make sure 
that whatever happens with ICANN, we can guarantee the stability 
and security of the DNS.
     MR. SHIMKUS.  Which is part of the issue on, you know--I 
concur with the analysis of what the legislative bodies did, but that 
is also part of--that is why NGIA is empowered with an oversight 
role.  But I want the other panelists to comment on the same 
question.  
     Do you believe that the A root server--the A root should 
remain in the United States?  And I don't know if you can 
comment, but whoever would like to comment on that, I want to 
open it up for the panel.  Go ahead. 
     MR. BOHANNON.  Congressman, my association has not taken a 
formal view, but I can give you my personal, professional opinion 
based on my--
     MR. SHIMKUS.  I will take it. 
     MR. BOHANNON.  Which is, I agree with Mr. DelBianco, I 
think it is the right thing to do.  And I have yet to see any reasons 
or conditions that would lead me to believe that that policy should 
be changed any time in the near future. 
     MR. SHIMKUS.  Mr. Feld.  
     MR. FELD.  I would just say that this is one of the matters 
which actually should be the subject of some discussion with other 
governments.  That may be the appropriate thing now.  There may 
be other arrangements which would satisfy our concerns with 
regard to security, commerce and so forth, which would not 
involve the A root residing in the United States, and a gesture like 
that might well go a long way towards satisfying a number of 
concerns abroad. 
     MR. LENARD.  I agree that it should be kept in the United 
States--for the present certainly.
     MR. SHIMKUS.  Let me--Mr. Feld, I find that a lot of the debate 
has been addressing--and I think Mr. DelBianco before, and in 
response to my friend from the Houston area, that what the entities 
who are using it want to make sure of is safety and security and the 
like.  So you don't fear those issues, should the root server be 
moved to other countries?  
     MR. FELD.  No, that is not what I said.  What I did say, 
however, is that we have a global system; we are participating with 
other countries.  ICANN strives to be a multinational organization, 
and one in which other countries feel that they have a genuine role.  
     A question as complex as where should the A root reside is one 
that I think we should be willing to think about.  What is 
important, I think, is not just to conclude ourselves that this is the 
best place for it, and why would anybody want it elsewhere, but to 
think about, if we are concerned with making sure that other 
people buy into the notion that the United States is not trying to 
keep a privileged position for itself any more than necessary for 
Internet stability, that we need to be open to the possibility that 
there might be a reason to relocate it, and do so in a way that 
would still satisfy our concerns about security.
     MR. SHIMKUS.  Okay.  I disagree, but I respect your opinion. 
Mr. Lenard, did I cut you off?  Did you have anything more to 
say?  
     MR. LENARD.  I had actually finished.  I was going to say I 
agree that it should be kept in the United States.
     MR. SHIMKUS.  Mr. Twomey.  
     DR. TWOMEY.  Thank you, Mr. Congressman. 
     As far as--my understanding is there is no discussion, 
expectation--well, there is no discussion of this topic; there is no 
talk that I know of on that issue.  But I wanted to make this point.  
Root servers have evolved of recent time, particularly utilizing a 
key technology called Anycast.  And so what we now have is, 
instead of having what we used to have 13 pizza boxes, 13 root 
servers, we actually now have 13 clusters.  And these are now 
distributed across 50 countries around the world, and this is 
growing significantly.  
     And I think that is a key part of how the technology evolves to 
keep--because I do agree with the international access, 
international aspect of how serving a billion users of the Internet 
around the world--150 million are Americans, but 50 million are 
not Americans.  So I think the key thing here is that the technology 
takes away some of the symbolism because it is allowing us to 
actually ensure that root servers are distributed throughout the 
world and operated in big clusters.
     MR. SHIMKUS.  But does the movement of the root server, 
would that change the oversight of our Department of Commerce 
and NTIA?  
     MR. KNEUER.  If I might, Congressman.  This discussion of 
unilateral U.S. action and this concern over unilateral U.S. action, 
the unilateral action that we have taken--the only unilateral action 
that we have taken is the decision to take this critical government 
function and transition it into the private sector.  We did that on 
our own initiative.  Rather than keeping this authority forever 
enshrined in the U.S. Government, we took the unilateral step to 
start this transition into the private sector.  The A root is essentially 
managed and run by the private sector.  To move it because it 
might makes somebody else feel good makes zero sense.  To 
introduce instability into the critical infrastructure with no 
technical justification of any kind doesn't make any sense at all.
     MR. SHIMKUS.  As long as the Chairman allows me to go over 
my time, Mr. Feld.  
     MR. FELD.  If I may, as I stated in my testimony, as an 
American citizen and as a Senior Vice President for an 
organization that is concerned with freedom of expression, I am 
extraordinarily happy with having the United States maintain 
control of the A root and to maintain a level of oversight over the 
naming system.  As I said at the beginning, I would find it 
extraordinarily troubling if we were to internationalize this and to 
move this out in an irresponsible manner. 
     At the same time, however, there is an enormous difference 
between a system in which we say we are working with the world 
because that is the appropriate thing to do--and this is a global 
Domain Name System--and to say we are working with the rest of 
the world as a matter of grace, but where we want to draw the line 
we choose to draw the line. 
     Every Nation, I think, would recognize that we are obviously 
going to protect our interests as we need to, but in a very complex 
negotiation among nations who are increasingly dependent upon 
this resource, I think it is a responsible thing for us to do to 
consider how we can protect our own interests, and at the same 
time ensure that those governments that are inclined to trust us and 
are not permanently dedicated to being against our interest feel that 
they have a measure of involvement and security.  
     I am not suggesting moving the A root, and I think that an 
attempt to do so now would be inappropriate; but I would prefer 
that at this stage, and as a general rule, that our policy would be 
that we set limits on the things we categorically take off the table 
unless we have to.
     MR. SHIMKUS.  Okay.  And let me just, finally--I think the 
problem that the laymen--and I really admit that I am a laymen in 
this, I am not a techie, and I have tried to follow this for a while--is 
that there is really schizophrenia in this management control 
oversight, who pushes who, is it going to be--are we moving to a 
free market, in essence, competitive issues or are we still going to 
have oversight?  
     We want to move, but then we want to control--so let me ask 
you, Mr. Twomey, what steps are you taking--this is America, we 
like free market capitalism.  We like, if there are competitive 
markets, for them to be fair.  And thereare winners and losers, and 
those losers should be able to find out why they lost, especially in 
this quasi-government oversight process by which we empower 
the, in essence, the providing of business.  
     So what steps are you taking to increase competition in your 
spaces?  
     DR. TWOMEY.  Well, I think the key aspect of competition has 
to be judged by the consumer.  So I think one of the first questions 
in any discussion about competition is competition for whom?  
And we take respect of competition for registrants, and I think that 
is a key principle.  
     At the heart of that, therefore, has been, first of all, in the 
generic top level domains in which we have policy influence, a 
separation of the registry from the registrar; in other words, a 
separation from the databases from those who actually sell you the 
domain name, if I can make it as simple as that.  That has resulted 
in the usual things you get.  And in that separation, the registrar 
function is something that clearly can be open to competition and 
can be replicated.  And we have gone from one registrar to over 
800 now.  The benefits of being what you get from that sort of 
competition, one, it is bidding price, so prices can be up to less 
than 90 percent of what they used to be. 
     The other benefit is the market increasingly implements new 
services, packages new services, there are registrar--
     MR. SHIMKUS.  Or promises of security issues?  I mean, better 
quality, better--
     DR. TWOMEY.  That is right.  Some registrars now package the 
domain name, but it is part of the package of services around 
hosting, around looking after your intellectual property interests 
and domain names.  There is a whole series of things people offer. 
     When it comes to registries, the key point there is introducing 
more and more registries and more and more gTLD.  And we are 
in the process, we have increased the number of gTLDs to 11 
additional ones.  And there is a policy process underway now to 
look at potentially opening up to full liberalization for new gTLDs, 
and a process for how we would actually introduce more gTLDs 
on an ongoing basis to give consumers again more choice of not 
only who they buy it from, but what TLD do they get?  
     MR. SHIMKUS.  I think I understood that.  Your acronyms--
     DR. TWOMEY.  Yes, I am sorry.  The point is, it is not just dot 
com; you can get a dot net, you can get a dot org.
     MR. SHIMKUS.  Well, I know in the dot net issue, that was open 
to a competitive process, and we had--what are the results of that?  
     DR. TWOMEY.  I understand.  Let me take you where your 
question is going.  
     An important part of the process of moving to competition was 
a series of discussions that took place in 2000 and 2001 with the 
Department of Commerce, VeriSign and ICANN to further tease 
out what was VeriSign's dominant position on dot net, dot com, 
and dot org, three top level domains.  And in the agreement that 
was done at that time, it was agreed that dot org would be rebid 
and VeriSign could not bid for it.  
     The dot net would be rebid, and VeriSign could be a bidder 
along with another people, and that dot com would not be rebid, it 
would be renewed.  And that was a decision made in 2001.  
     It is an important point to your question because--
     MR. SHIMKUS.  I think it is important to lay the whole--I mean, 
that is why we have these hearings, to get the whole story of how 
you are moving, and hopefully in some progress towards these 
ends. 
     DR. TWOMEY.  So we could rebid dot net last year under those 
terms and those agreements, and there was a price competition as 
you pointed out.  Dot com, the board of ICANN, as it was 
constituted last year and this year, did not have the legal freedom 
to rebid dot com because these were agreements made in 2001, so 
we were already bound by agreements that were made in 2001 by 
the three parties.
     MR. SHIMKUS.  Thank you.  I learned something, I appreciate 
it.  
     I yield back, Mr. Chairman. 
     MR. STEARNS.  I thank the gentleman.  I think I will close and 
just ask sort of a general question for Mr. Feld and Mr. Twomey.  
     As I understand it, decisions by ICAAN are made by a board of 
directors, they are really not political appointees, they are really 
not influenced by politics, and there is really perhaps the normal 
kind of appeal process that many feel that you could make.  
     And I guess the question for you, Mr. Twomey, and then I will 
let Mr. Feld comment on this.  Do you feel the appeal mechanism 
is adequate enough for those people that have a problem with what 
ICANN is doing?  And is there any way to make it a little bit easier 
to understand and what to do?  
     DR. TWOMEY.  Good question, Chairman.  And I think the 
answer is a two-part one.  
     One, I think that we do have, both through our ombudsman and 
then through the independent review process as we have the 
special board committee and then an independent panel of 
arbitrators, we do have an established system for review.  Having 
said that, the board of ICANN is certainly conscious in its new 
principles, it is establishing, of its need to maintain very high 
standards of accountability.  
     So I think reviewing that is quite appropriate.  And the board, I 
think, needs to be constantly looking at improving and always 
maintaining a high standard of accountability, and looking at those 
processes and see where they would work better. 
     MR. STEARNS.  Have you had that many appeals?  
     DR. TWOMEY.  We have had no party take an appeal to the 
final stage, the arbitrator, to conclusion. 
     MR. STEARNS.  Now does that tell you anything, or is it just 
that you have been so impeccable in your credentials?  
     DR. TWOMEY.  What it does tell you, Chairman, is that some of 
the parties have decided to go straight to the courts, and we 
haven't--quite separately, we defend quite a number of legal 
actions in courts. 
     MR. STEARNS.  And do those overturn some of your decisions?  
     DR. TWOMEY.  To date, no.  There might be one potential 
interpretation of one decision about access to information by a 
board member, but apart from that particular decision, I don't think 
there has been a decision related to a contract that has been turned 
against ICANN--from my recollection. 
     MR. STEARNS.  Mr. Feld, what do you think of the whole 
process of accountability for the decisions made by ICANN?  
     MR. FELD.  Well, part of the problem is there are several levels 
of accountability, and the question of what is being looked at.  Let 
me take the VeriSign renewal contract for dot com that we were 
just discussing.  That was a contract that was negotiated between 
ICANN and VeriSign.  Registrars, whose entire livelihood depends 
upon this, were not allowed to be privy to any part of that 
negotiation, were asked to comment upon the entire package.  And 
when seeking information on what was, for them, a critical 
element, this ability to raise prices, were unable to find any 
information, none has been forthcoming on where that has come 
from. 
     When I was in private practice, I used to do tariffing cases, and 
I can tell you for some clients that we had, the difference between 
a 10th of a cent on some things could be the difference between 
bankruptcy and profitability.  So while not particularly of interest 
to end-users who are registering the names, it is a great deal of 
interest to at least one constituency.  To be locked out of the 
critical part of that while it is being formulated, to be presented 
with an entire agreement afterwards and then to be told that the 
first step of a process for which there is no deadline while this is 
moving forward is to go to an employee of the people who just 
made the decision to try to work it out is not something that people 
whose livelihoods depend on this are going to find very attractive.  
     So I think that while I understand Dr. Twomey's perspective 
that there is a process that needs to be worked through, I would 
hope that there would be some understanding among the decision 
makers in ICANN of why so many people feel that critical aspects 
of the decision-making process are not subject to any kind of 
accountability check.  When these things are reviewed by courts, 
they are not reviewed as an FTC action would be reviewed on.  
Was this decision arbitrary and capricious or in accordance with--
in this case, we might say, the mandate of ICANN?  They are 
reviewed under various theories of action, like antitrust, to try to 
somehow find a way to get the court to have jurisdiction over the 
issue.  But if the court does not look to see that ICANN followed 
its processes, that is not what U.S. courts do. 
     MR. STEARNS.  No, I understand.  Is there anyone else that 
would like to comment on that particular question?  Yes, Mr. 
Lenard?  
     MR. LENARD.  Well, I think this just points up to the problem 
of ICANN taking on the functions of a regulatory agency.  
Obviously, one of the prime functions of the regulatory agency is 
setting--
     MR. STEARNS.  Couldn't the Department of Commerce step in 
here, though?  
     MR. LENARD.  Well, I think whoever steps in it seems to me, 
the objective should not be to set up, quote, transparent or 
procedures, you know, that guarantee people due process.  The 
objective should be to move away from that entire model and not 
have those, you know, regulatory functions, like I said in price 
ceilings, and to rely on competition, which Dr. Twomey says they 
are moving towards. 
     MR. STEARNS.  So you would suggest a different regulatory 
model?  
     MR. LENARD.  I would suggest moving away from 
monopoly-type regulatory model, which obviously price controls 
and price ceilings are a prime element of, just not have price--not 
have those things at all, rely on competition to discipline the 
market.  And the market is sufficiently competitive that that type of 
a regime is not justified even now.
     MR. STEARNS.  Yes, Mr. DelBianco. 
     MR. DELBIANCO.  Yes.  Earlier, I believe, Mr. Chairman, you 
asked a question about whether ICANN was sufficiently strong 
and independent to go on its own, this gets to that, this gets to the 
nub of it.  If ICANN is perceived as having been too much under 
the control of one government, ours, other governments covet 
some piece of that power.  
     So I believe that in this transition to independence, that would 
abdicate us to do three things to demonstrate by our actions that we 
are serious about independence.  The first is stop trying to interfere 
with decisions ICANN makes with private parties who negotiate 
contracts.  Where contracts have to be sacrosanct, they have to be 
written in pen, and we all need to pay attention to process and 
transparency, but if somebody doesn't win a contract or doesn't 
like that their margins aren't going to be as big as they want, we 
can't let them believe they can simply run to Congress and change 
things.
     Second quick thing is, let's avoid giving the U.N. any more 
excuses.  Let's make sure we stay above the fray and don't 
interfere in any way with things like a .XXX, let's participate 
through the process.  
     And that was my third.  We need to play the government 
advisory committee.  We need to play very seriously there, go to 
the Internet Governance Forum and show that the U.S. is serious at 
being there on the Internet governance conversations, and being 
shoulder to shoulder with other nations on the process of Internet 
governance.
     MR. BOHANNON.  This discussion could get very abstract.  I 
think there are actually two very specific things that I think we are 
frustrated with and I hope we have made it clear in our testimony.  
One is that ICANN made some commitments in the MOU in 2003 
that they would take concrete steps to improve what is an existing 
policy for accuracy of "Whois" data.  In our view, and it is 
reflected in the letter from 35 different organizations and different 
sectors, is that before the MOU that expires at the end of this 
month is renewed, we have got to have concrete obligations that 
are going to fulfill those requirements.  
     The second one, and I think it is a harder one, that we want to 
work with ICANN is that ICANN needs to make sure that the 
agreements they have with registrars are also enforced.  Registrars 
have an obligation to collect accurate information.  They are not 
doing it.  The GAO found that more than 5 million domain name 
registrations in dot com and dot net are obviously false or 
misleading.  That is not acceptable.  And we need to work with 
ICANN so that we have a meaningful way to make sure that those 
kinds of agreements are enforced and that everyone's obligations 
are met.  So rather than talk about the broader ones, let's talk about 
what is really on the table now, what people have already agreed to 
do, and let's make sure that that gets done. 
     MR. STEARNS.  Okay.  If there is nothing else--Mr. Kneuer, 
anything you want to say?  Okay.  Mr. Twomey, I think you have 
got some marching orders, or at least you have heard some 
anyway.  Let me just say, I think all of us on the committee think 
that ICANN is improving and is moving in the right direction, so 
that is good news and it has been educational for both the members 
and perhaps some of you, the witnesses here for our hearing.  And 
I thank you for waiting through our votes.  And with that the 
subcommittee is adjourned.  
     [Whereupon, at 4:55 p.m., the subcommittee was adjourned.] 



RESPONSE FOR THE RECORD OF JOHN M. R. KNEUER, ACTING 
SECRETARY FOR COMMUNICATIONS AND INFORMATION, UNITED 
STATES DEPARTMENT OF COMMERCE

1.  I'm concerned about the security and availability of the 
Internet, particularly of the dot com domain that carries 
trillions of dollars of American commerce every year.  I know 
that we've experienced a number of denials of service and 
viruses attacks in the past and I assume that these are 
increasing.  What is the magnitude of increase in the attacks, 
say, since 2000?  Is it a five fold increase, a ten fold increase, 
what?

Answer:  The Department remains committed to preserving the 
stability and security of the Internet domain name and addressing 
system (DNS).  This commitment guides all of NTIA's activities in 
this area, including our recent Joint Project Agreement with 
ICANN.  We continue to believe the private sector coordination of 
the technical management functions related to the DNS is the best 
approach to achieve stability and security given that the private 
sector has the tools and investment funds to rapidly react to new 
threats that are emerging daily.  More specific information on 
specific incidents and attacks can be obtained from the United 
States Computer Emergency Readiness Team (US-CERT), the 
operational arm of the National Cyber Security Division (NCSD) 
at the Department of Homeland Security (DHS).  The US-CERT is 
charged with protecting the nation's Internet infrastructure by 
coordinating defense against and response to cyber attacks. The 
US-CERT is responsible for analyzing and reducing cyber threats 
and vulnerabilities, disseminating cyber threat warning 
information, and coordinating incident response activities.  The 
US-CERT interacts with federal agencies, industry, the research 
community, state and local governments, and others to disseminate 
reasoned and actionable cyber security information to the public.

2. Who is attacking the Internet?  Are these just hackers doing 
this or is it something more?  Is it organized crime, maybe 
international organized crime? Do we know if any of it is 
sponsored by foreign governments?

Answer:  There are numerous classes of attackers on the Internet, 
including everything from state-sponsored efforts to home 
hobbyists.  Preserving stability and security of the Internet DNS is 
a top priority of the Department.  NTIA works very closely with a 
variety of U.S. government agencies, including the Department of 
Justice Computer Crimes and Intellectual Property Section 
(CCIPS), Department of Defense Joint Task Force - Government 
Network Operations (JTF-GNO) and the National Cyber Security 
Division (NCSD) at DHS, to pursue appropriate national action 
and international collaboration across a range of legal, 
enforcement, administrative and technical areas to build a global 
culture of cybersecurity.  

3.  How do we protect ourselves and our economy from these 
attacks?  ICANN is responsible for the domain name server 
registries, how do the registry companies - such as VeriSign, 
which is the registry for dot com - protect us against that 
increasing volume of attacks?  Do they have to invest in 
additional infrastructure to increase their capacity?  Do the 
registries have the resources they need to protect our 
resources?

Answer: Cybersecurity standards are developed by various 
industry organizations, such as the Internet Engineering Task 
Force (IETF), International Organization for Standardization 
(ISO), and the Institute of Electrical and Electronics Engineers 
(IEEE), and adherence to the variety of standards is voluntary for 
the most part.  While ICANN is not a standards organization, it 
does promote the adoption of industry standards through its 
agreements with registry operators to comply with these standards.  
Registry agreements address the technical obligations, including 
compliance with the various industry developed standards, security 
requirements, and outage reporting that all registry operators must 
meet.  In addition, each registry agreement contains a Service 
Level Agreement, which identifies the terms should the registry 
operator fall below the performance specifications.  One standard 
that may help in this regard is the Domain Name System Security 
(DNSSEC) standard.   NTIA has been actively working with an 
interagency working group to review the issues associated with the 
deployment of DNSSEC.  Compliance with DNSSEC may require 
many of the providers of critical infrastructure to invest in 
additional infrastructure to increase their capacity.

4.  If governance of the Internet were to move to an 
international body, such as the UN, or if the dot com registry 
were to go to a foreign company, what assurance do we, as 
Americans, have that our commerce and our economy will 
continue to be protected?

Answer:  The Department of Commerce will continue to advocate 
for private sector leadership in the innovation and investment in 
the Internet while opposing calls for intergovernmental control.  
The success of the Internet is that it has been decentralized and 
private sector-led, encouraging individual creativity, access, and 
competition at all levels.  The Department of Commerce is 
committed to taking no action that would have the potential to 
adversely impact the effective and efficient operation of the 
Internet DNS, including moving its governance to an international 
body such as the United Nations.



RESPONSE FOR THE RECORD OF DR. PAUL TWOMEY, PRESIDENT 
AND CHIEF EXECUTIVE OFFICER, INTERNET CORPORATION FOR 
ASSIGNED NAMES AND NUMBERS

 

RESPONSE FOR THE RECORD OF STEVE DELBIANCO, VICE 
PRESIDENT FOR PUBLIC POLICY, ASSOCIATION FOR COMPETITION 
TECHNOLOGY, ON BEHALF OF NETCHOICE COALITION


Promoting Convenience, Choice, and 
Commerce on The Net 

The NetChoice Coalition
1401 K St NW, Suite 502
Washington, DC  20005
www.netchoice.org


November 1, 2006

ICANN Internet Governance: Is It Working?
Hearing Date: September 21, 2006
Subcommittee on Telecommunications and the Internet and 
Subcommittee on Commerce, Trade, and Consumer Protection

Answers to follow-up questions by The Honorable C.L. "Butch" 
Otter
Prepared by Steve DelBianco
Executive Director, NetChoice 

Question 1: What is the magnitude of the increase in the attacks, 
say, since 2000?  

     The many communications devices that make our lives more 
efficient and allow us to communicate faster are unfortunately also 
vulnerable targets for expanded Internet attacks.  According to 
CipherTrust, computer hackers hijack more than 180,000 
computers each day so that they can steal computing power to 
perpetrate attacks on larger networks.  These attacks have grown 
by almost seven-fold in the past year, according to Symantec.   
     The same forces that are helping our economy to expand are 
also allowing extortion rackets to expand their reach to victimize 
far less sophisticated Internet users 
     The security of the Internet's core infrastructure is a key 
component for keeping the Internet user safe.  Given the increased 
number of attacks the companies who are responsible for the core 
infrastructure must continually strengthen their firewalls and 
secure all transactions to ensure consistent, fast, efficient response 
times for an Internet that is "always on" and available to a 
worldwide user base.
     The companies who are responsible for these Infrastructure 
build outs need to have a forward operating plan that scales at least 
ten times the level of volume they expect the network to expand 
each year if not larger.  The key to keeping ahead of the usage 
curve is the ability and incentive to invest heavily in system 
infrastructure.
     A powerful incentive for registry operators to keep investing in 
infrastructure is the expectation that their contracts will be renewed 
if they've met performance requirements and honored all terms of 
their contract.   
     As I said in testimony before the House Small Business 
Committee in June, I have some first-hand experience with service 
contracts, since my own business was selected to provide software 
help-desk support for a large credit card company.  I invested 
heavily in hiring and training help-desk staff, rented new space for 
the operation, acquired new computers and integrated a call 
management system. We even bought electronic scrolling sign 
boards to alert the staff about callers in the queue and hold times.   
     To have any hope of recovering this huge up-front investment, 
I insisted on renewal terms that gave us a favorable chance to 
renew the contract after its initial term.  To earn the renewal, we 
had to satisfy several metrics for service levels.  In addition, we 
could not have any sustained failures to meet new or emergency 
initiatives that could be expected over the term of the contract.   
"Best efforts" wouldn't be good enough-we had to be able to 
recover and deliver if unexpected call volumes hit us out of the 
blue.
	My experience is fairly typical, and tells me that ICANN is 
right to include a renewal option in its registry contracts.  While a 
renewal option helps the incumbent to retain the contract upon 
expiration, the incumbent will lose the contract if it fails to satisfy 
the functional requirements in the new contract.


Question 2:  Who is attacking the Internet?   Are these just hackers 
doing this or is it something more?  Is it organized crime, maybe 
international organized crime?  Do we know if any of it is 
sponsored by foreign governments?

     We don't know exactly who is attacking the Internet, but the 
emerging attack profile suggests ways to mitigate the activity once 
it's identified by a network operator.   I understand that several 
government agencies are aware of this activity and work with 
Internet infrastructure companies to fight organized attackers.  
Speculation is that some attackers are organized efforts by crime 
factions, intended to show their computing firepower and their 
ability to disrupt networks.
     I have no specific information regarding state-sponsored 
attacks.  However, I think that several states are far too tolerant of 
criminal activity coming from within their borders.   Brazil, 
Poland, Romania, Romania, and Russia, for instance, host 
underground economies built upon counterfeit goods.  These 
nations tolerate high rates of computer software piracy, make 
millions of counterfeit DVDs, and produce, deal, or traffic in fake 
consumer merchandise.   To the extent they are hospitable to 
counterfeiting rings, these nations are also likely to be hosting 
organized Internet attack groups.


Question 3: How do we protect ourselves and our economy from 
these attacks?  How do registry companies-such as VeriSign, the 
registry for dot com-protect us against the increasing volume of 
attacks?   Do they have to invest in additional infrastructure to 
increase their capacity?  Do the registries have the resources they 
need to protect our resources?

	The best way to protect yourself as an individual user is to keep 
your anti-virus software and operating system up to date.  The next 
step is to educate your family and employees on situational 
awareness tactics so they identify threats from phishing or 
spyware.  Denial of service attacks are often extended versions of 
what seem like simple abuses to an individual user.


     Registries, on the other hand, employ a range of measures to 
thwart attacks on the domain name system:  
     Over-provisioning.  Registry operators invest in extra 
capacity, or "over-provisioning" in order to handle much 
higher transaction volumes, such as those that occur during 
denial of service attacks.  
     Redundant Systems.  Registries invest in multiple, parallel 
systems to provide redundancy in the event that main 
systems are disabled. 
     Geographical Distribution.   Backup servers and facilities 
are hosted in geographically diverse locations to mitigate 
risks of physical disasters and of attacks on routers serving 
any single area of DNS servers.
     Disaster Recovery.  Registry operators prepare detailed 
plans and practices to enable a quick recovery from attacks 
and other disasters. 
     Personal Vigilance. The largest registry operators can 
afford to hire experienced security professionals to manage 
all of these security systems investments, 24x7x365. 
     International Cooperation.  The larger registry operators 
are in constant communications and coordination with law 
enforcement and industry allies across the globe.

     Registries have access to the technology tools they need, but 
ICANN needs to maintain contractual incentives so that registry 
operators will continue to invest in security systems throughout the 
term of their contracts.  


Question 4: If governance of the Internet were to move to an 
international body, such as the UN, or if the dot com registry were 
to go to a foreign company, what assurance do we, as Americans, 
have that our commerce and our economy will continue to be 
protected?

     For the private sector to continue its success in managing and 
developing the Internet, one element is absolutely critical: 
continued reliance on the clarity and certainty of contracts. 
     Operators of Internet infrastructure rely upon contracts with 
ICANN that clearly describe responsibilities and restrictions.  As 
contract participants, these operators make significant investments 
in people, equipment, and long-term network contracts in order to 
secure the Internet.  These contracts must therefore be honored by 
ICANN, without risk of being unilaterally abrogated or modified in 
response to a change of sentiments among ICANN participants. 
     Moreover, these contracts must be upheld and interpreted by a 
reliable and consistent body of law. For the present, U.S. Courts 
serve as the place to govern contract disputes between operators 
and ICANN.  If an international governance body were to take 
over ICANN's role as contract partner for Internet operations, the 
clarity and certainty of these infrastructure contracts would be 
thrown into doubt.  
     Even if ICANN offices or the distributive root server were to 
move out of the U.S., I believe that U.S. Courts should still be the 
way to resolve disputes arising out of ICANN contracts. 




RESPONSE FOR THE RECORD OF THOMAS M. LENARD, SENIOR VICE 
PRESIDENT FOR RESEARCH, THE PROGRESS & FREEDOM 
FOUNDATION


"ICANN Internet Governance:  Is It Working?"
September 21, 2006 hearing
Responses to questions from The Honorable C.L. "Butch" Otter
For Thomas M. Lenard

Answer to Question 1:

I don't have a precise answer to the question, but the following 
figures indicate that it is a large and growing problem.  According 
to security company CipherTrust, more than 180,000 PCs are 
turned into zombies every day.  Symantec estimates that there has 
been a 700-percent increase in bot-nets over the past year.

Answer to Question 2:

There seems to be evidence that well-funded organized crime 
groups, increasingly located in other countries, use networks of 
bots to obtain financial information.

Answer to Question 3:

Protection will come from having a well-functioning private sector 
that has the right incentives to invest in security.  This is why my 
testimony recommends moving away from a regulatory model for 
registries.  These companies need to have the right incentives to 
invest in the additional infrastructure that will increase security and 
the regulatory model may interfere with those incentives. 

Answer to Question 4:

I would be concerned that, despite the problems we have had with 
ICANN, an international body would be more regulatory.  This 
would interfere with incentives to invest in capacity and security, 
which would have an adverse effect on the Internet, e-commerce 
and the economy in general.   






RESPONSE FOR THE RECORD OF HAROLD FELD, SENIOR VICE 
PRESIDENT, MEDIA ACCESS PROJECT


Mr. Fred Upton	
 Chairman
Subcommitee on 
Telecommunications 
  and the Internet
U.S. House of Representatives
  Committee on Energy and 
Commerce


Mr. Cliff Stearns
 Chairman
Subcommittee on Commerce, Trade 
  and Consumer Protection
U.S. House of Representatives
  Committee on Energy and Commerce

November 27, 2006

Dear Mr. Upton and Mr. Stearns:

Thank you for forwarding to me the additional questions from 
Mr. Otter with regard to the joint hearing by your Subcommittees 
on September 21, 2006 entitled "ICANN Internet Governance: Is It 
Working?"

Unfortunately, the questions provided fall outside of my area of 
expertise, and outside the expertise of the Media Access Project 
generally.  I regret that I can provide no useful information to the 
Subcommittees in response.

If there is any other way I can be of further assistance in this 
matter, please feel free to contact me at (202) 454-5684, or 
[email protected].



Sincerely,


Harold Feld
Senior Vice President



RESPONSE FOR THE RECORD OF MARK BOHANNON, GENERAL 
COUNSEL AND SENIOR VICE PRESIDENT, PUBLIC POLICY, 
SOFTWARE & INFORMATION INDUSTRY ASSOCIATION

 


  Source: eMarketer
  Domain Name Industry Brief, Vol. 3, Issue 1, August 2006, available at 
http://www.verisign.com/static/039111.pdf 
  Background Paper for the OECD Workshop on Spam, Jan. 22, 2004, available at 
http://www.olis.oecd.org/olis/2003doc.nsf/43bb6130e5e86e5fc12569fa005d004c/edfc2255d6a8a51a
c1256e240030f5b6/$FILE/JT00157096.PDF
  Id. at Note 2 (Domain Name Industry Brief).
  See http://www.verisign.com.sg/dns/comparison.shtml VeriSign manages the DNS for .com and 
.net.
  Distributed Denial of Service (DDoS) attacks are conducted by controlling and compromising 
multiple computers-by the use of "zombies" or "bots"-to send a flood of queries against a 
targeted website. DDoS attacks generally overload the target's network with a high volume of traffic 
while simultaneously opening many web pages so that the site runs out of resources to handle 
legitimate requests. See http://www.symantec.com/avcenter/venc/data/ddos.attacks.html 
  Daniel Thomas, "Websites face more attacks - BLACKMAIL" Financial Times, May 31, 2006.
  For the complete Zogby Interactive poll, see www.netchoice.org\ZogbyPoll.htm  

  WIPO Responds to Significant Cybersquatting activity in 2005, Press Release 435, January 25, 
2006, available at http://www.wipo.int/edocs/prdocs/en/2006/wipo_pr_2006_435.html 
  For information about Sedo, see 
http://www.sedo.co.uk/about/index.php3?tracked=&partnerid=&language=e 
  See http://www.18oocontacts.com/ 
  North America Domain Name Study, Windward Directives, June 2005.
  EURid Suspends 74 000 .eu Domain Names, July 24, 2006, available at  
http://www.eurid.eu/en/general/news/eurid-suspends-74-000-eu-domain-names-due-to-breach-of-
contract 
  Bob Parsons, 35 million names registered in April. 32 million were part of a kiting scheme. A 
serious problem gets worse, May 10, 2006, available at 
http://www.bobparsons.com/DomainKiting.html 
  ASCII Com/Net for Q1 2006
  As quoted by Peter Hum, "The New Cybersquatting: What'$ in a Name," The Ottawa Citizen, 
March 16, 2006.
  Declan McCullagh, Registrar Named in Massive Cybersquatting Suit, June 5, 2006, available at  
http://news.zdnet.co.uk/internet/0,39020369,39273075,00.htm 
  Draft Registry Agreement, Section III.1(b), page 4, at http://www.icann.org/topics/vrsn-
settlement/revised-com-agreement-clean-29jan06.pdf 
  Burr, J. Beckwith and Cade, Marilyn S, in a letter submitted to NTIA regarding the Transition of 
the Technical Coordination and Management of the Internet DNS and Addressing System to the 
private sector, July 13, 2006, at    
http://www.ntia.doc.gov/ntiahome/domainname/dnstransition/comments/dnstrans_comment0643.pdf 
  U.S. Department of Commerce, Statement of Policy on the Management of Internet Names and 
Addresses (Docket Number 980212036-8146-02) (available at 
http://www.ntia.doc.gov/ntiahome/domainname/6_5_98dns.htm).

  Joint Statement from Affirmative Voting Board Members (available at 
http://www.icann.org/topics/vrsn-settlement/board-statements-section1.html).
 Harold Feld, "Structured to fail: ICANN and the 'Privatization' Experiment," in Who Rules the 
Net? CATO (2003).
 http://www.iana.org/reports/iq-report-05aug05.pdf.  Among the many complicating factors in DNS 
management is the continued persistence of the IANA as a quasi-entity and quasi-function within the 
ICANN structure.
 A number of useful background pieces on WSIS, WGIG, and ICANN Reform can be found at the 
Internet Governance Project, http://www.igp.org.  The IGP is a consortium of academics from a 
variety of disciplines relevant to the questions of internet governance.  For a good, narrative 
background piece on WSIS and the WGIG see Andrew Updegrove, "WSIS, ICANN and the Future 
of the Internet," available at http://www.consortiuminfo.org/bulletins/nov05.php#feature
 Available at http://internetgovernance.org/pdf/NTIAcomments-IGP-FINAL.pdf.
 