home + learning + networked society + dossiers + extras + what's new + index

The following interview of David Maher, chairman of the Interim Policy Oversight Committee (iPOC), the governing body of the new domain name system, took place during Telecom Interactive in September 1997 in Geneva. It has subsequently been revised to taken into account rapid changes in this area.

Getting to the core of Internet governance

The Council of Registrars for generic Internet domain names Registrars - CORE - is governed by two documents:

The first document, called the Articles of Association, constitutes the articles of the not-for-profit CORE association. Those articles were adopted by the members of CORE in early October, thus creating CORE.
The second is the CORE Memorandum of Understanding - the CORE MoU - which is a contract entered into under Swiss law. I signed it on October 18, 1997 and it is now being circulated to the CORE registrars for signature. It provides, among other things that each registrar will be a member of CORE, the Swiss not-for-profit association.

The two documents work together. You need the association, as a legal body, to be able to sign contracts, for example, to develop the shared database software. But if you just have an association, individual members theoretically could do things on their own initiative. Whereas we want all registrars to agree to abide by certain operational rules, for example, that the databases be shared, that they will follow the intellectual property rules set up with the help of WIPO (the World Intellectual Property Organisation) including administrative challenge panels and arbitration procedures.

In what you say, there is clearly a need felt to constrain the registrars, but who is to constrain them?

There are two bodies which constitute a governing level above the registrars:

the Policy Oversight Committee (POC) which was created by a separate contract signed in Geneva on May 1st called the Generic Top Level Domain Name Memorandum of Understanding (gtld-MoU). The POC, whose members are not registrars, is the ruling body. I'm chair of that committee on an interim basis. The composition of the POC is about to be changed. Currently the gTLD-MoU provides that the groups who appoint the POC members are the Internet Society (ISOC), the Internet Architecture Board (IAB), IANA, the International Trade Market Association (INTA), the International Telecommunications Union (ITU), the World Intellectual Property Organisation (WIPO), CORE and there will also be two members from the Policy Advisory Body.
the Policy Advisory Board, a separate body made up of all those who signed the gtld-MoU on May 1st or subsequently.

The Policy Oversight Committee (POC) is the top level governing body. Advised by the Policy Advisory Board, it will set policy for the CORE. The registrars will have very significant powers for operational matters but at a policy level it is the POC that decides. The idea behind this structure is that if the registrars are given all the power - and the whole domain system is turned over to them - it is conceivable that someday they might do things that are not in the interest of the Internet as a whole.

How are you going about enlarging the representativity of the POC?

We asked for comments from the public on the subject and will shortly issue a proposal for a vastly increased membership representative of all or nearly all the stakeholders and interest groups in the Internet. Such a change turns out to be very difficult. We know that the Internet Service Providers should be represented on the POC. We know that the telcos should be represented. We also know that user groups should be represented. And we have multiple applicants to join the POC. We could probably get 500 new members without any effort at all. But of course if we did that the POC would be unmanageable. So we are looking for suggestions on how to do this in an orderly manner. Should there be elections of some kind? Should there be a membership system with high level dues from major companies ... and classes of voting...? Legally we can do this almost anyway we want. There is a lot of flexibility. But we have to decide. It is rather like writing a constitution for a country. Do we have a House and a Senate? Or do we have a House of Lords and a House of Commons? We are currently inventing that system and we have to figure out a satisfactory way to do it.

It is made complicated by the real life situation. I spoke to a representative of a trade association who told me that their association represented all their members and so we didn't need to involve those members as the association would do the representing for them. Shortly after, I spoke to one of the members who said that there was no way they would let that association represent their interests. We are getting a lot of ideas. But one thing seems clear: those who say they are the only ones entitled to run the POC are going to be disappointed. We believe it should be a very open group with a very broad representation. I wouldn't want to give a timetable yet, because I think it is going to take a while but it has to be done promptly.

Time is clearly a constraint here because there is a lot of pressure to get this thing working. Obviously those people who have become registrars have already invested money to become a registrar and they want to get the system up and working as soon as possible.

The Council of Registrars (CORE) is now being formed and the system can proceed. The POC is an entirely separate issue.

The other constraint is technical. What about the database?

Early September in New York, a meeting about the subject was attended by some forty people and a request for proposals has been posted on the web setting out the technical parameters of the shared database software. There is a very aggressive timetable to get that completed, which I'm told by the engineers can be done. [1]

Presumably the data base is not going to be developed or run on a voluntary basis?

That's an interesting question. There are a number of people who have said they want to do it on a volunteer basis. Of course they want something in return. There are various entities that have said "If we have the right to use the database in some appropriate way then we will run it for free." That is a decision the CORE will have to make.

That is a rather difficult decision to make. Just think of what happened in the history of the domain names. To begin with there seemed little at stake in taking on the registration of domain names because it wasn't producing any money at all, rather it was costing money. History showed that to have been completely wrong. With the database, one could imagine a similar situation where such access might be open to abuse.

You are right. It is a very serious problem and I'm not sure how that is going to be answered. If a way can be found to limit the commercial use to something that everybody agrees is appropriate then it would be a good idea to save money and have somebody do it on a voluntary basis. On the other hand, if demands are too great, for example for spaming, that won't work.

What we are really talking about here is Internet governance and as Don Heath said the other day "This might be our only chance to show we can do it". One of the underlying questions of governance is that of sustainability. It is easy enough to see how the Registrar side will make money, but how will the infrastructure side, like the CORE, the POC and the setting up of the database, be financed?

We have always believed that CORE would be funded by assessments on the registrars who will make their money by registering domain names. CORE will have to have its own financing. As you know there is a 10'000$ fee to apply to become a registrar and that money is currently in an escrow account. About 700,000$ is available to pay for the database and other aspects. As more registrars come in that fund will grow. It will have to be available for the expenses of CORE.

Is the auditing of potential registrars also being done on a voluntary basis?

It is semi-voluntary. Arthur Anderson, the company doing the auditing, is charging up to a thousand dollars for out-of-pocket expenses due to reviewing the applications. Other auditing firms who looked at the work wanted a minimum guarantee of revenue. However, the 1'000$ is nothing compared with the fees had they done it on a regular client basis.

The initial rules about geographical distribution of registrars have been dropped. To what extent are there potential registrars coming forward in areas where one would expect to have less applicants, like Africa or Latin America?

The geographical distribution has worked out very well on its own. We have a registrar in South Africa as well as registrars from Europe, Asia (including China), the US and Canada [See the latest list of registrars]. There was some fear that it would be dominated by US entities but that is not at all the case.

Based on an interview by Alan McCluskey, Geneva, September '97

Updates

[1] - CORE announced the signing of a letter of intent with Emergent Corporation for the development and operation of the Shared Registry System (SRS). The SRS is the neutral, shared database repository that co-ordinates registrations from CORE registrars and causes names to enter the global Internet Domain Name System (DNS). Emergent and CORE expect to have a final contract signed on or before November 1, 1997. The proposed contract terms also involve Emergent's initial operation of the SRS. [return]
[updated 27 oct 97]

Internet self governance - an interview of Don Heath, President and CEO of the Internet Society - 21 Sept 97

Models of governance? The example of IAHC as an indication of how the Internet could be run. - 28 Feb 97

What's in a name? Changes in the domain name system. - 23 Jan 97