This is the accessible text file for GAO report number GAO-10-805T
entitled 'Internet Management: Limited Progress on Privatization
Project Makes Outcome Uncertain' which was released on June 12, 2002.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products’ accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the
printed version. The portable document format (PDF) file is an exact
electronic replica of the printed version. We welcome your feedback.
Please E-mail your comments regarding the contents or accessibility
features of this document to Webmaster@gao.gov.
United States General Accounting Office:
GAO:
Testimony:
Before the Subcommittee on Science, Technology, and Space, Committee
on Commerce, Science, and Transportation, U.S. Senate.
For Release on Delivery:
Expected at 2:30 p.m. EDT:
Wednesday, June 12, 2002:
Internet Management:
Limited Progress on Privatization Project Makes Outcome Uncertain:
Statement of Peter Guerrero:
Director, Physical Infrastructure Issues:
GAO-02-805T:
Mr. Chairman and Members of the Subcommittee:
We appreciate the opportunity to provide testimony today on the
important issue of privatizing the management of the Internet domain
name system. This system is a vital aspect of the Internet that works
like an automated telephone directory, allowing users to reach Web
sites using easy-to-understand domain names like www.senate.gov,
instead of the string of numbers that computers use when communicating
with each other. As you know, the U.S. government supported the
development of the domain name system and, in 1997, the President
charged the Department of Commerce with transitioning it to private
management. The Department subsequently issued a policy statement,
called the "White Paper," that defined the following four guiding
principles for the privatization effort:
* Stability: The U.S. government should end its role in the domain
name system in a manner that ensures the stability of the Internet.
During the transition, the stability of the Internet should be the
first priority and a comprehensive security strategy should be
developed.
* Competition: Where possible, market mechanisms that support
competition and consumer choice should drive the management of the
Internet because they will lower costs, promote innovation, encourage
diversity, and enhance user choice and satisfaction.
* Representation: The development of sound, fair, and widely accepted
policies for the management of the domain name system will depend on
input from the broad and growing community of Internet users.
Management structures should reflect the functional and geographic
diversity of the Internet and its users.
* Private, bottom-up coordination: Where coordinated management is
needed, responsible private-sector action is preferable to government
control. The private process should, as far as possible, reflect the
bottom-up governance that has characterized development of the
Internet to date.
After reviewing several proposals from private sector organizations,
the Department chose the Internet Corporation for Assigned Names and
Numbers (ICANN), a not-for-profit corporation, to carry out the
transition. In November 1998, the Department entered into an agreement
with ICANN in the form of a Memorandum of Understanding (MOU) under
which the two parties agreed to collaborate on a joint transition
project. The Department emphasized that the MOU was an essential means
for the Department to ensure the continuity and stability of the
domain name management functions that were then being performed by, or
on the behalf of, the U.S. government. The MOU states that before
making a transition to private sector management, the Department
requires assurances that the private sector has the capability and
resources to manage the domain name system. To gain these assurances,
the Department and ICANN agreed in the MOU to complete a set of
transition tasks. The Department's tasks mainly relate to providing
advice, coordination with foreign governments, and general oversight
of the transition. ICANN agreed to undertake tasks that call for it to
design, develop, and test procedures that could be used to manage the
domain name system. Collectively, ICANN's tasks address all four of
the transition's guiding principles.
Progress on and completion of each task is assessed by the Department
on a case-by-case basis, with input from ICANN. Any amendments to the
MOU, such as removing tasks, must be approved by both parties.
However, the Department retains responsibility for determining when
management of the domain name system will be transitioned to ICANN,
using the procedures tested during the transition. The original MOU
was scheduled to expire on September 2000. Because work on the
transition was not completed within the original transition time
frame, the MOU was amended several times, and its time frame extended
twice. The amended MOU is currently due to expire in September 2002.
My testimony today responds to Senator Burns' request that we review
(1) ICANN's progress in carrying out the transition, and (2) the
Department's assessment of the transition. To address these issues, we
spoke with officials from the Department of Commerce and ICANN, as
well as members of ICANN's Board of Directors and outside experts. We
also reviewed relevant documents and attended public meetings of
ICANN. We conducted our work from June 2001 through May 2002 in
accordance with generally accepted government auditing standards.
In summary, we found that the timing and eventual outcome of the
transition remains highly uncertain. ICANN has made significant
progress in carrying out MOU tasks related to one of the guiding
principles of the transition effort—increasing competition—but
progress has been much slower in the areas of increasing the stability
and security of the Internet; ensuring representation of the Internet
community in domain name policy-making; and using private, bottom-up
coordination. For example, despite years of debate, ICANN has not yet
decided on a way to represent the globally and functionally diverse
group of Internet stakeholders within its decision-making processes.
Earlier this year, ICANN's president concluded that ICANN faced
serious problems in accomplishing the transition and would not succeed
in accomplishing its assigned mission without fundamental reform.
Several of his proposed reforms were directed at increasing
participation in ICANN by national governments, business interests,
and other Internet stakeholders; revamping the composition of ICANN's
Board and the process for selecting Board members; and establishing
broader funding for ICANN's operations. In response, ICANN's Board
established an internal committee to recommend options for reform. The
committee's May 31, 2002, report built on several of the president's
proposals and made recommendations involving, among other things,
changes to ICANN's organizational structure. The Board plans to
discuss the committee's recommendations at ICANN's upcoming meeting in
Bucharest in late June 2002.
Although the transition is well behind schedule, the Department's
public assessment of the progress being made on the transition has
been limited for several reasons. First, the Department carries out
its oversight of ICANN's MOU-related activities mainly through
informal discussions with ICANN officials. As a result, little
information is made publicly available. Second, although the
transition is past its original September 2000 completion date, the
Department has not provided a written assessment of ICANN's progress
since mid-1999. The MOU required only a final joint project report.
Just prior to the ICANN president's announcement of ICANN's serious
problems, Department officials told us that substantial progress had
been made on the project, though they would not speculate on ICANN's
ability to complete the transition tasks before September 2002, when
the current MOU is set to expire. Third, although the Department
stated that it welcomed the call for the reform of ICANN, they have
not yet taken a public position on reforms being proposed. They noted
that the Department is following ICANN's reform effort closely, and is
consulting with U.S. business and public interest groups and foreign
governments to gather their views on this effort. Because the
Department is responsible for gaining assurance, as the steward of the
transition process, that ICANN has the resources and capability to
manage the domain name system, we are recommending that the Secretary
of Commerce issue a status report assessing the transition's progress,
the work that remains to be done, and the estimated timeframe for
completing it. In addition, the report should discuss any changes to
the transition tasks or the Department's relationship with ICANN that
result from ICANN's reform initiative.
We discussed our characterization of ICANN's progress and the
Department's assessment of the transition with officials from the
Department, who stated that they generally agree with GAO's
characterization of the Department's relationship with ICANN and
indicated that it would take our recommendation with respect to an
interim report under consideration.
From its origins as a research project sponsored by the U.S.
government, the Internet has grown increasingly important to American
businesses and consumers, serving as the host for hundreds of billions
of dollars of commerce each year.[Footnote 1] It is also a critical
resource supporting vital services, such as power distribution, health
care, law enforcement, and national defense. Similar growth has taken
place in other parts of the world.
The Internet relies upon a set of functions, called the domain name
system, to ensure the uniqueness of each e-mail and Web site address.
The rules that govern the domain name system determine which top-level
domains (the string of text following the right-most period, such as
.gov) are recognized by most computers connected to the Internet. The
heart of this system is a set of 13 computers called "root servers,"
which are responsible for coordinating the translation of domain names
into Internet addresses. Appendix I provides more background on how
this system works.
The U.S. government supported the implementation of the domain name
system for nearly a decade, largely through a Department of Defense
contract. Following a 1997 presidential directive, the Department of
Commerce began a process for transitioning the technical
responsibility for the domain name system to the private sector. After
requesting and reviewing public comments on how to implement this
goal, in June 1998 the Department issued a general statement of
policy, known as the "White Paper." In this document, the Department
stated that because the Internet was rapidly becoming an international
medium for commerce, education, and communication, the traditional
means of managing its technical functions needed to evolve as well.
Moreover, the White Paper stated the U.S. government was committed to
a transition that would allow the private sector to take leadership
for the management of the domain name system. Accordingly the
Department stated that the U.S. government was prepared to enter into
an agreement to transition the Internet's name and number process to a
new not-for-profit organization. At the same time, the White Paper
said that it would be irresponsible for the U.S. government to
withdraw from its existing management role without taking steps to
ensure the stability of the Internet during the transition. According
to Department officials, the Department sees its role as the
responsible steward of the transition process. Subsequently, the
Department entered into an MOU with ICANN to guide the transition.
ICANN Has Increased Competition, But Progress Has Been Much Slower on
other Key Issues:
ICANN has made significant progress in carrying out MOU tasks related
to one of the guiding principles of the transition effort-—increasing
competition. However, progress has been much slower on activities
designed to address the other guiding principles: increasing the
stability and security of the Internet; ensuring representation of the
Internet community in domain name policy-making; and using private,
bottom-up coordination. Earlier this year, ICANN's president concluded
that ICANN faced serious problems in accomplishing the transition and
needed fundamental reform. In response, ICANN's Board established an
internal committee to recommend options for reform.
ICANN Has Increased Domain Name Competition:
ICANN made important progress on several of its assigned tasks related
to promoting competition. At the time the transition began, only one
company, Network Solutions, was authorized to register names under the
three publicly available top-level domains (.com, .net, and .org). In
response to an MOU task calling for increased competition, ICANN
successfully developed and implemented procedures under which other
companies, known as registrars, could carry out this function. As a
result, by early 2001, more than 180 registrars were certified by
ICANN. The cost of securing these names has now dropped from $50 to
$10 or less per year. Another MOU task called on ICANN to expand the
pool of available domain names through the selection of new top-level
domains. To test the feasibility of this idea, ICANN's Board selected
seven new top-level domains from 44 applications; by March 2002, it
had approved agreements with all seven of the organizations chosen to
manage the new domains. At a February 2001 hearing before a
Subcommittee of the U.S. House of Representatives, witnesses presented
differing views on whether the selection process was transparent and
based on clear criteria.[Footnote 2] ICANN's internal evaluation of
this test was still ongoing when we finished our audit work in May
2002.
Several efforts to address the White Paper's guiding principle for
improving the security and stability of the Internet are behind
schedule. These include developing operational requirements and
security policies to enhance the stability and security of the domain
name system root servers, and formalizing relationships with other
entities involved in running the domain name system.
Recent reports by federally sponsored organizations have highlighted
the importance of the domain name system to the stability and security
of the entire Internet. A presidential advisory committee reported in
1999 that the domain name system is the only aspect of the Internet
where a single vulnerability could be exploited to disrupt the entire
Internet.[Footnote 3] More recently, the federal National
Infrastructure Protection Center issued several warnings in 2001
stating that multiple vulnerabilities in commonly used domain name
software present a serious threat to the Internet infrastructure. In
recognition of the critical role that the domain name system plays for
the Internet, the White Paper designated the stability and security of
the Internet as the top priority of the transition.
The MOU tasked ICANN and the Department with developing operational
requirements and security policies to enhance the stability and
security of the root servers—the computers at the heart of the domain
name system. In June 1999, ICANN and the Department entered into a
cooperative research and development agreement to guide the
development of these enhancements, with a final report expected by
September 2000. This deadline was subsequently extended to December
2001 and the MOU between ICANN and the Department was amended to
require the development of a proposed enhanced architecture (or system
design) for root server security, as well as a transition plan,
procedures, and implementation schedule. An ICANN advisory committee,
made up of the operators of the 13 root servers and representatives of
the Department, is coordinating research on this topic. Although the
chairman of the committee stated at ICANN's November 2001 meeting that
it would finish its report by February or March 2002, it had not
completed the report as of May 2002.
To further enhance the stability of the Internet, the White Paper
identified the need to formalize the traditionally informal
relationships among the parties involved in running the domain name
system. The White Paper pointed out that many commercial interests,
staking their future on the successful growth of the Internet, were
calling for a more formal and robust management structure. In
response, the MOU and its amendments included several tasks that
called on ICANN to enter into formal agreements with the parties that
traditionally supported the domain name system through voluntary
efforts. However, as of May 2002, few such agreements had been signed.
ICANN's Board has approved a model agreement to formalize the
relationship between the root server operators and ICANN, but no
agreements had been reached with any of the operators as of May 2002.
Similarly, there are roughly 240 country-code domains (2-letter top-
level domains reserved mainly for national governments), such as .us
for the United States. As with the root servers, responsibility for
these domains was originally given by the Internet's developers to
individuals who served as volunteers. Although the amended MOU tasked
ICANN with reaching contractual agreements with these operators, it
has reached agreements with only 2 domain operators as of May 2002.
[Footnote 4] Finally, the amended MOU tasked ICANN with reaching
formal agreements with the Regional Internet Registries, each of which
is responsible for allocating Internet protocol numbers to users in
one of three regions of the world.[Footnote 5] The registries reported
that progress was being made on these agreements, though none had been
reached as of May 2002.
Slow Progress for Creating Processes to Ensure Representation and
Bottom-up Coordination:
Progress has also been slow regarding the other two guiding principles
outlined in the White Paper, which call for the creation of processes
to represent the functional and geographic diversity of the Internet,
and for the use of private, bottom-up coordination in preference to
government control. In order for the private sector organization to
derive legitimacy from the participation of key Internet stakeholders,
the White Paper suggested the idea of a board of directors that would
balance the interests of various Internet constituencies, such as
Internet service providers, domain name managers, technical bodies,
and individual Internet users. The White Paper also suggested the use
of councils to develop, recommend, and review policies related to
their areas of expertise, but added that the board should have the
final authority for making policy decisions. The Department reinforced
the importance of a representative board in a 1998 letter responding
to ICANN's initial proposal. The Department's letter cited public
comments suggesting that without an open membership structure, ICANN
would be unlikely to fulfill its goals of private, bottom-up
coordination and representation. ICANN's Board responded to the
Department by amending its bylaws to make it clear that the Board has
an "unconditional mandate" to create a membership structure that would
elect at-large directors on the basis of nominations from Internet
users and other participants.
To implement these White Paper principles, the MOU between ICANN and
the Department includes two tasks: one relating to developing
mechanisms that ensure representation of the global and functional
diversity of the Internet and its users, and one relating to allowing
affected parties to participate in the formation of ICANN's policies
and procedures through a bottom-up coordination process. In response
to these two tasks, ICANN adopted the overall structure suggested by
the White Paper. First, ICANN created a policy-making Board of
Directors. The initial Board consisted of ICANN's president and 9 at-
large members who were appointed at ICANN's creation. ICANN planned to
replace the appointed at-large Board members with 9 members elected by
an open membership to reflect the diverse, worldwide Internet
community. Second, ICANN organized a set of three supporting
organizations to advise its Board on policies related to their areas
of expertise. One supporting organization was created to address
Internet numbering issues, one was created to address protocol
development issues, and one was created to address domain name
issues.[Footnote 6] Together these three supporting organizations
selected 9 additional members of ICANN's Board-3 from each
organization. Thus, ICANN's Board was initially designed to reflect
the balance of interests described in the White Paper. Figure 1
illustrates the relationships among ICANN's supporting organizations
and its Board of Directors, as well as several advisory committees
ICANN also created to provide input without formal representation on
its Board.
Figure 1: Structure of Board of Directors Approved in May 2000:
[Refer to PDF for image: illustration]
Top level:
ICANN Board of Directors (19 members):
* President and CEO;
* At-large membership (Elected 5 directors plus 4 directors appointed
at ICANN's creation).
Second level:
* Domain name supporting organization (selects 3 directors);
* Address supporting organization (selects 3 directors);
* Protocol supporting organization (selects 3 directors).
Advisory committees:
* At-large study committee;
* Root server system advisory committee;
* Government advisory committee.
Source: Information provided by ICANN.
[End of figure]
Despite considerable debate, ICANN has not resolved the question of
how to fully implement this structure, especially the at-large Board
members. Specifically, in March 2000, ICANN's Board noted that
extensive discussions had not produced a consensus regarding the
appropriate method to select at-large representatives. The Board
therefore approved a compromise under which 5 at-large members would
be elected through regional, online elections. In October 2000,
roughly 34,000 Internet users around the world voted in the at-large
election. The 5 successful candidates joined ICANN's Board in November
2000, replacing interim Board members. Four of the appointed interim
Board members first nominated in ICANN's initial proposal continue to
serve on the Board.
Parallel with the elections, the Board also initiated an internal
study to evaluate options for selecting at-large Board members. In its
November 2001 report, the committee formed to conduct this study
recommended the creation of a new at-large supporting organization,
which would select 6 Board members through regional elections.
Overall, the number of at-large seats would be reduced from 9 to 6,
and the seats designated for other supporting organizations would
increase from 9 to 12.[Footnote 7] A competing, outside study by a
committee made up of academic and nonprofit interests recommended
continuing the initial policy of directly electing at-large Board
members equal to the number selected by the supporting organizations.
This committee also recommended strengthening the at-large
participation mechanisms through staff support and a membership
council similar to those used by the existing supporting
organizations.[Footnote 8] Because of ongoing disagreement among
Internet stakeholders about how individuals should participate in
ICANN's efforts, ICANN's Board referred the question to a new
Committee on ICANN Evolution and Reform. Under the current bylaws, the
9 current at-large Board seats will cease to exist after ICANN's 2002
annual meeting, to be held later this year.
Although the MOU calls on ICANN to design, develop, and test its
procedures, the two tasks involving the adoption of the at-large
membership process were removed from the MOU when it was amended in
August 2000. However, as we have noted, this process was not fully
implemented at the time of the amendment because the election did not
take place until October 2000, and the evaluation committee did not
release its final report until November 2001. When we discussed this
amendment with Department officials, they said that they agreed to the
removal of the tasks in August 2000 because ICANN had a process in
place to complete them. Nearly 2 years later, however, the issue of
how to structure ICANN's Board to achieve broad representation
continues to be unresolved and has been a highly contentious issue at
ICANN's recent public meetings.
In addition, the amended MOU tasked ICANN with developing and testing
an independent review process to address claims by members of the
Internet community who were adversely affected by ICANN Board
decisions that conflicted with ICANN's bylaws. However, ICANN was
unable to find qualified individuals to serve on a committee charged
with implementing this policy. In March 2002, ICANN's Board referred
this unresolved matter to the Committee on ICANN Evolution and Reform
for further consideration.
ICANN's President Calls for Major Reform of the Corporation:
In the summer of 2001, ICANN's current president was generally
optimistic about the corporation's prospects for successfully
completing the remaining transition tasks. However, in the face of
continued slow progress on key aspects of the transition, such as
reaching formal agreements with the root server and country-code
domain operators, his assessment changed. In February 2002, he
reported to ICANN's Board that the corporation could not accomplish
its assigned mission on its present course and needed a new and
reformed structure. The president's proposal for reform, which was
presented to ICANN's Board in February, focused on problems he
perceived in three areas: (1) too little participation in ICANN by
critical entities, such as national governments, business interests,
and entities that share responsibility for the operation of the domain
name system (such as root server operators and country-code domain
operators); (2) too much focus on process and representation and not
enough focus on achieving ICANN's core mission; and (3) too little
funding for ICANN to hire adequate staff and cover other expenditures.
He added that in his opinion, there was little time left to make
necessary reforms before the ICANN experiment came to "a grinding
halt."
Several of his proposed reforms challenged some of the basic
approaches for carrying out the transition. For example, the president
concluded that a totally private sector management model had proved to
be unworkable. He proposed instead a "well-balanced public-private
partnership" that involved an increased role for national governments
in ICANN, including having several voting members of ICANN's Board
selected by national governments. The president also proposed changes
that would eliminate global elections of at-large Board members by the
Internet community, reduce the number of Board members selected by
ICANN's supporting organizations, and have about a third of the board
members selected through a nominating committee composed of Board
members and others selected by the Board. He also proposed that
ICANN's funding sources be broadened to include national governments,
as well as entities that had agreements with ICANN or received
services from ICANN.
In response, ICANN's Board instructed an internal Committee on ICANN
Evolution and Reform (made up of four ICANN Board members) to consider
the president's proposals, along with reactions and suggestions from
the Internet community, and develop recommendations for the Board's
consideration on how ICANN could be reformed. The Committee reported
back on May 31, 2002, with recommendations reflecting their views on
how the reform should be implemented. For example, the committee built
on the ICANN president's earlier proposal to change the composition of
the Board and have some members be selected through a nominating
committee process, and to create an ombudsman to review complaints and
criticisms about ICANN and report the results of these reviews to the
Board. In other cases, the committee agreed with conclusions reached
by the president (such as the need for increasing the involvement of
national governments in ICANN and improving its funding), but did not
offer specific recommendations for addressing these areas. The
committee's report, which is posted on ICANN's public Web site,
invited further comment on the issues and recommendations raised in
preparation for ICANN's June 2002 meeting in Bucharest, Romania. The
committee recommended that the Board act in Bucharest to adopt a
reform plan that would establish the broad outline of a reformed
ICANN, so that the focus could be shifted to the details of
implementation. The committee believed that this outline should be
then be filled in as much as possible between the Bucharest meeting
and ICANN's meeting in Shanghai in late October 2002.
The Department's Public Assessment of the Transition's Progress Has
Been Limited:
As mentioned previously, the Department is responsible for general
oversight of work done under the MOU, as well as the responsibility
for determining when ICANN, the private sector entity chosen by the
Department to carry out the transition, has demonstrated that it has
the resources and capability to manage the domain name system.
However, the Department's public assessment of the status of the
transition process has been limited in that its oversight of ICANN has
been informal, it has not issued status reports, and it has not
publicly commented on specific reform proposals being considered by
ICANN.
According to Department officials, the Department's relationship with
ICANN is limited to its agreements with the corporation, and its
oversight is limited to determining whether the terms of these
agreements are being met.[Footnote 9] They added that the Department
does not involve itself in the internal governance of ICANN, is not
involved in ICANN's day-to-day operations, and would not intervene in
ICANN's activities unless the corporation's actions were inconsistent
with the terms of its agreements with the Department. Department
officials emphasized that because the MOU defines a joint project,
decisions regarding changes to the MOU are reached by mutual agreement
between the Department and ICANN. In the event of a serious
disagreement with ICANN, the Department would have recourse under the
MOU to terminate the agreement.[Footnote 10] Department officials
characterized its limited involvement in ICANN's activities as being
appropriate and consistent with the purpose of the project: to test
ICANN's ability to develop the resources and capability to manage the
domain name system with minimal involvement of the U.S. government.
Department officials said that they carry out their oversight of
ICANN's MOU-related activities mainly through ongoing informal
discussions with ICANN officials. They told us that there is no formal
record of these discussions. The Department has also retained
authority to approve certain activities under its agreements with
ICANN, such as reviewing and approving certain documents related to
root server operations. This would include, for example, agreements
between ICANN and the root server operators. In addition, the
Department retains policy control over the root zone file, the "master
file" of top-level domains shared among the 13 root servers. Changes
to this file, such as implementing a new top-level domain, must first
be authorized by the Department.
In addition, the Department sends officials to attend ICANN's public
forums and open Board of Directors meetings, as do other countries and
Internet interest groups. According to the Department, it does not
participate in ICANN decision-making at these meetings but merely acts
as an observer. The Department also represents the United States on
ICANN's Governmental Advisory Committee, which is made up of
representatives of about 70 national governments and intergovernmental
bodies, such as treaty organizations. The Committee's purpose is to
provide ICANN with nonbinding advice on ICANN activities that may
relate to concerns of governments, particularly where there may be an
interaction between ICANN's policies and national laws or
international agreements.
The Department made a considerable effort at the beginning of the
transition to create an open process that solicited and incorporated
input from the public in formulating the guiding principles of the
1998 White Paper. However, since the original MOU, the Department's
public comments on the progress of the transition have been general in
nature and infrequent, even though the transition is taking much
longer than anticipated. The only report specifically called for under
the MOU is a final joint project report to document the outcome of
ICANN's test of the policies and procedures designed and developed
under the MOU. This approach was established at a time when it was
expected that the project would be completed by September 2000.
So far, there has been only one instance when the Department provided
ICANN with a formal written assessment of the corporation's progress
on specific transition tasks. This occurred in June 1999, after ICANN
took the initiative to provide the Department and the general public
with a status report characterizing its progress on MOU activities. In
a letter to ICANN, the Department stated that while ICANN had made
progress, there was still important work to be done. For, example, the
Department stated that ICANN's "top priority" must be to complete the
work necessary to put in place an elected Board of Directors on a
timely basis, adding that the process of electing at-large directors
should be complete by June 2000. ICANN made the Department's letter,
as well as its positive response, available to the Internet community
on its public Web site.
Although ICANN issued additional status reports in the summers of 2000
and 2001, the Department stated that it did not provide written views
and recommendations regarding them, as it did in July 1999, because it
agreed with ICANN's belief that additional time was needed to complete
the MOU tasks. Department officials added that they have been
reluctant to comment on ICANN's progress due to sensitivity to
international concerns that the United States might be seen as
directing ICANN's actions. The officials stated that they did not plan
to issue a status report at this time even though the transition is
well behind schedule, but will revisit this decision as the September
2002 termination date for the MOU approaches.
When we met with Department officials in February 2002, they told us
that substantial progress had been made on the project, but they would
not speculate on ICANN's ability to complete its tasks by September
2002. The following week, ICANN's president released his report
stating that ICANN could not succeed without fundamental reform. In
response, Department officials said that they welcomed the call for
the reform of ICANN and would follow ICANN's reform activities and
process closely. When we asked for their views on the reform effort,
Department officials stated that they did not wish to comment on
specifics that could change as the reform process proceeds. To develop
the Department's position on the effort, they said that they are
gathering the views of U.S. business and public interest groups, as
well as other executive branch agencies, such as the Department of
State; the Office of Management and Budget; the Federal Communications
Commission; and components of the Department of Commerce, such as the
Patent and Trademark Office. They also said that they have consulted
other members of ICANN's Governmental Advisory Committee to discuss
with other governments how best to support the reform process. They
noted that the Department is free to adjust its relationship with
ICANN in view of any new mission statement or restructuring that might
result from the reform effort. Department officials said that they
would assess the necessity for such adjustments, or for any
legislative or executive action, depending on the results of the
reform process.
Conclusion:
In conclusion, Mr. Chairman, the effort to privatize the domain name
system has reached a critical juncture, as evidenced by slow progress
on key tasks and ICANN's current initiative to reevaluate its mission
and consider options for reforming its structure and operations. Until
these issues are resolved, the timing and eventual outcome of the
transition effort remain highly uncertain, and ICANN's legitimacy and
effectiveness as the private sector manager of the domain name system
remain in question. In September 2002, the current MOU between the
Department and ICANN will expire. The Department will be faced with
deciding whether the MOU should be extended for a third time, and if
so, what amendments to the MOU are needed, or whether some new
arrangement with ICANN or some other organization is necessary. The
Department sees itself as the responsible steward of the transition,
and is responsible for gaining assurance that ICANN has the resources
and capability to assume technical management of the Internet domain
name system. Given the limited progress made so far and the unsettled
state of ICANN, Internet stakeholders have a need to understand the
Department's position on the transition and the prospects for a
successful outcome.
Recommendation:
In view of the critical importance of a stable and secure Internet
domain name system to governments, business, and other interests, we
recommend that the Secretary of Commerce issue a status report
detailing the Department's assessment of the progress that has been
made on transition tasks, the work that remains to be done on the
joint project, and the estimated timeframe for completing the
transition. In addition, the status report should discuss any changes
to the transition tasks or the Department's relationship with ICANN
that result from ICANN's reform initiative. Subsequent status reports
should be issued periodically by the Department until the transition
is completed and the final project report is issued.
This concludes my statement, Mr. Chairman. I will be pleased to answer
any questions that you and other Members of the Subcommittee may have.
Contact and Acknowledgments:
For questions regarding this testimony, please contact Peter Guerrero
at (202) 512-8022. Individuals making key contributions to this
testimony included John P. Finedore; James R. Sweetman, Jr.; Min&
Weisenbloom; Keith Rhodes; Alan Belkin; and John Shumann.
[End of section]
Appendix I: Overview of the Domain Name System:
Although the U.S. government supported the development of the
Internet, no single entity controls the entire Internet. In fact, the
Internet is not a single network at all. Rather, it is a collection of
networks located around the world that communicate via standardized
rules called protocols. These rules can be considered voluntary
because there is no formal institutional or governmental mechanism for
enforcing them. However, if any computer deviates from accepted
standards, it risks losing the ability to communicate with other
computers that follow the standards. Thus, the rules are essentially
self-enforcing.
One critical set of rules, collectively known as the domain name
system, links names like www.senate.gov with the underlying numerical
addresses that computers use to communicate with each other. Among
other things, the rules describe what can appear at the end of a
domain name. The letters that appear at the far right of a domain name
are called top-level domains (TLDs) and include a small number of
generic names such as .com and .gov, as well as country-codes such as
.us and .jp (for Japan). The next string of text to the left ("senate"
in the www.senate.gov example) is called a second-level domain and is
a subset of the top-level domain. Each top-level domain has a
designated administrator, called a registry, which is the entity
responsible for managing and setting policy for that domain. Figure 2
illustrates the hierarchical organization of domain names with
examples, including a number of the original top-level domains and the
country-code domain for the United States.
Figure 2: The Hierarchical Organization of Internet Domain Names:
[Refer to PDF for image: illustration]
Location: http://www.senate.gov
www. = subdomain;
.senate = second level domain;
.gov = top level domain;
.root = root level or zone (invisible in browser).
Second level domain examples:
.ibm;
.house;
.senate;
.gao.
Top level domain examples:
.com;
.net;
.org;
.gov;
.mil;
.edu;
.us.
Original domain names designated for following uses:
.com: commercial;
.net: networks;
.gov: United States federal government;
.mil: United States military;
.edu: institutions of higher education;
.us: country-code top-level domain for the United States;
.org: other use.
Source: GAO.
[End of figure]
The domain name system translates names into addresses and back again
in a process transparent to the end user. This process relies on a
system of servers, called domain name servers, which store data
linking names with numbers. Each domain name server stores a limited
set of names and numbers. They are linked by a series of 13 root
servers, which coordinate the data and allow users to find the server
that identifies the site they want to reach. They are referred to as
root servers because they operate at the root level (also called the
root zone), as depicted in figure 2. Domain name servers are organized
into a hierarchy that parallels the organization of the domain names.
For example, when someone wants to reach the Web site at
www.senate.gov, his or her computer will ask one of the root servers
for help.[Footnote 11] The root server will direct the query to a
server that knows the location of names ending in the .gov top-level
domain. If the address includes a sub-domain, the second server refers
the query to a third server—in this case, one that knows the address
for all names ending in senate.gov. This server will then respond to
the request with an numerical address, which the original requester
uses to establish a direct connection with the www.senate.gov site.
Figure 3 illustrates this example.
Figure 3: How the Domain Name System Translates a Web Site Name Into
an Address:
[Refer to PDF for image: illustration]
User looking for Web site www.senate.gov by name.
Root server:
Q: Where can I find www.senate.gov?
A: Check with the top-level domain name server for .gov.
Top-level domain name server for .gov:
Q: Where can I find www.senate.gov?
A: Check with the second-level domain server for senate.gov.
Second-level domain name server for .senate.gov:
Q: Where can I find www.senate.gov?
A: 156.33.195.33.
Source: GAO.
[End of figure]
Within the root zone, one of the servers is designated the
authoritative root (or the "A root" server). The authoritative root
server maintains the master copy of the file that identifies all top-
level domains, called the "root zone file," and redistributes it to
the other 12 servers. Currently, the authoritative root server is
located in Herndon, Virginia. In total, 10 of the 13 root servers are
located in the United States, including 3 operated by agencies of the
U.S. government. ICANN does not fund the operation of the root
servers. Instead, they are supported by the efforts of individual
administrators and their sponsoring organizations. Table 1 lists the
operator and location of each root server.
Table 1 : Operators and Locations of the 13 Internet Root Servers:
Affiliation of volunteer root server operator: VeriSign (designated
authoritative root server);
Location of server: Herndon, VA.
Affiliation of volunteer root server operator: Information Sciences
Institute, University of Southern California;
Location of server: Marina del Rey, CA.
Affiliation of volunteer root server operator: PSI net;
Location of server: Herndon, VA.
Affiliation of volunteer root server operator: University of Maryland;
Location of server: College Park, MD.
Affiliation of volunteer root server operator: National Air and Space
Administration;
Location of server: Mountain View, CA.
Affiliation of volunteer root server operator: Internet Software
Consortium;
Location of server: Palo Alto, CA.
Affiliation of volunteer root server operator: Defense Information
Systems Agency, U.S. Department of Defense;
Location of server: Vienna, VA.
Affiliation of volunteer root server operator: Army Research
Laboratory, U.S. Department of Defense;
Location of server: Aberdeen, MD.
Affiliation of volunteer root server operator: NORDUnet;
Location of server: Stockholm, Sweden.
Affiliation of volunteer root server operator: VeriSign;
Location of server: Herndon, VA.
Affiliation of volunteer root server operator: RIPE (the Regional
Internet Registry for Europe and North Africa);
Location of server: London, UK.
Affiliation of volunteer root server operator: ICANN;
Location of server: Marina del Rey, CA.
Affiliation of volunteer root server operator: WIDE (an Internet
research consortium);
Location of server: Tokyo, Japan.
Source: ICANN's Root Server System Advisory Committee.
[End of table]
Because much of the early research on internetworking was funded by
the Department of Defense (DOD), many of the rules for connecting
networks were developed and implemented under DOD sponsorship. For
example, DOD funding supported the efforts of the late Dr. Jon Postel,
an Internet pioneer working at the University of Southern California,
to develop and coordinate the domain name system. Dr. Postel
originally tracked the names and numbers assigned to each computer. He
also oversaw the operation of the root servers, and edited and
published the documents that tracked changes in Internet protocols.
Collectively, these functions became known as the Internet Assigned
Numbers Authority, commonly referred to as IANA. Federal support for
the development of the Internet was also provided through the National
Science Foundation, which funded a network designed for academic
institutions.
Two developments helped the Internet evolve from a small, text-based
research network into the interactive medium we know today. First, in
1990, the development of the World Wide Web and associated programs
called browsers made it easier to view text and graphics together,
sparking interest of users outside of academia. Then, in 1992, the
Congress enacted legislation for the National Science Foundation to
allow commercial traffic on its network. Following these developments,
the number of computers connected to the Internet grew dramatically.
In response to the growth of commercial sites on the Internet, the
National Science Foundation entered into a 5-year cooperative
agreement in January 1993 with Network Solutions, Inc., to take over
the jobs of registering new, nonmilitary domain names, including those
ending in .com, .net, and .org, and running the authoritative root
server.[Footnote 12] At first, the Foundation provided the funding to
support these functions. As demand for domain names grew, the
Foundation allowed Network Solutions to charge an annual fee of $50
for each name registered. Controversy surrounding this fee was one of
the reasons the United States government began its efforts to
privatize the management of the domain name system.
[End of section]
Appendix II: Important Events in the History of the Domain Name System:
November 1983:
Working under funding provided by the Department of Defense, a group
led by Drs. Paul Mockapetris and Jon Postel creates the domain name
system for locating networked computers by name instead of by number.
October 1984:
Dr. Postel publishes specifications for the first six generic top-
level domains (.com, .org, .edu, .mil, .gov, and .arpa). By July 1985,
the .net domain was added.
November 1992:
President Bush signs into law an act requiring the National Science
Foundation to allow commercial activity on the network that became the
Internet.
January 1993:
Network Solutions, Inc., signs a 5-year cooperative agreement with the
National Science Foundation to manage public registration of new,
nonmilitary domain names, including those ending in .com, .net, or
.org.
July 1997:
President Clinton issues a presidential directive on electronic
commerce, making the Department of Commerce the agency responsible for
managing the U.S. government's role in the domain name system.
January 1998:
The Department of Commerce issues the "Green Paper," which is a
proposal to improve technical management of Internet names and
addresses through privatization. Specifically, the Green Paper
proposes a variety of issues for discussion, including the creation of
a new nonprofit corporation to manage the domain name system.
June 1998:
In response to comments on the Green Paper, the Department of Commerce
issues a policy statement known as the "White Paper," which states
that the U.S. government is prepared to transition domain name system
management to a private, nonprofit corporation. The paper includes the
four guiding principles of privatization: stability; competition;
representation; and private, bottom-up coordination.
November 1998:
The Internet Corporation for Assigned Names and Numbers (ICANN)
incorporates in California. ICANN's by-laws call for a 19-member Board
with 9 members elected "at-large."
November 1998:
The Department of Commerce and ICANN enter into an MOU that states the
parties will jointly design, develop, and test the methods and
procedures necessary to transfer domain name system management to
ICANN. The MOU is set to expire in September 2000.
June 1999:
ICANN issues its first status report, which lists ICANN's progress to
date and states that there are important issues that still must be
addressed.
June 1999:
ICANN and the Department of Commerce enter into a cooperative research
and development agreement to study root server stability and security.
The study is intended to result in a final report by September 2000.
November 1999:
ICANN and the Department of Commerce approve MOU amendment 1 to
reflect the roles of ICANN and Network Solutions, Inc.
February 2000:
The Department of Commerce contracts with ICANN to perform certain
technical management functions related to the domain name system, such
as address allocation and root zone coordination.
March 2000:
At a meeting in Cairo, Egypt, ICANN adopts a process for external
review of its decisions that utilizes outside experts, who will be
selected at an unspecified later date. ICANN also approves a
compromise whereby 5 at-large Board members will be chosen in regional
online elections.
June 2000:
ICANN issues its second Status Report, which states that several of
the tasks have been completed, but work on other tasks was still under
way.
July 2000:
At a meeting in Yokohama, Japan, ICANN's Board approves a policy for
the introduction of new top-level domains.
August 2000:
The Department of Commerce and ICANN approve MOU amendment 2, which
deleted tasks related to membership mechanisms, public information,
and registry competition and extended the MOU until September 2001.
They also agree to extend the cooperative research and development
agreement on root server stability and security through September 2001.
October 2000:
ICANN holds worldwide elections to replace 5 of the 9 interim Board
members appointed at ICANN's creation.
November 2000:
At a meeting in California, ICANN selects 7 new top-level domain
names: .biz (for use by businesses), .info (for general use), .pro
(for use by professionals), .name (for use by individuals), .aero (for
use by the air transport industry), .coop (for use by cooperatives),
and .museum (for use by museums).
March 2001:
The Department of Commerce enters into a second contract with ICANN
regarding technical functions of the domain name system.
May 2001:
ICANN and the Department of Commerce approve MOU amendment 3, which
conforms the MOU with the Department's new agreement with VeriSign
(formerly Network Solutions.)
July 2001:
ICANN issues its third Status Report, which states that most of the
tasks in the MOU are either complete or well on their way to
completion.
August 2001:
ICANN's At-Large Membership Study Committee issues a preliminary
report that recommends creating a new at-large supporting
organization. The new organization would be open to anyone with a
domain name and would elect 6 members of ICANN's Board of Directors.
September 2001:
The Department of Commerce and ICANN agree to extend the MOU through
September 2002 and the cooperative research and development agreement
through June 2002 (amendment 4).
November 2001:
Following the September 11 terrorist attacks, ICANN devotes the bulk
of its annual meeting to security issues. The At-large Membership
Study Committee releases its final report, which retains the Board
reorganization first proposed in August 2001.
February 2002:
ICANN president Dr. M. Stuart Lynn releases a proposal for the reform
of ICANN.
March 2002:
At a Board meeting in Ghana, ICANN's Board refers Dr. Lynn's proposal
and questions about at-large representation and outside review to an
internal Committee on ICANN Evolution and Reform.
April 2002:
The Department of Commerce exercises an option in its contract with
ICANN regarding the technical functions of the domain name system,
extending it through September 2002.
May 2002:
ICANN's Committee on Evolution and Reform reports its recommendations
to ICANN's Board.
June 2002:
ICANN's Board is scheduled to meet in Bucharest, Romania.
October 2002:
ICANN's Board is scheduled to meet in Shanghai, China
[End of section]
Footnotes:
[1] For example, a March 2001 report by the Census Bureau estimated
that online business accounted for $485 billion in shipments for
manufacturers and $134 billion in sales for wholesalers in the United
States in 1999. The Census data include transactions conducted over
the Internet and private data networks. For more details, see
[hyperlink, http://www.census.gov/estats/].
[2] The hearing took place before the House Committee on Energy and
Commerce, Subcommittee on Telecommunications and the Internet, on
February 8, 2001.
[3] President's National Security Telecommunications Advisory
Committee, Network Group Internet Report: An Examination of the NS/EP
Implications of Internet Technologies, (Washington, D.C.: June 1999).
[4] ICANN signed agreements with the operators responsible for the .au
(Australia) and .jp (Japan) country-code domains and their respective
governments.
[5] The areas of responsibility for the three Regional Internet
Address Registries are: the Western Hemisphere and southern Africa,
Europe and northern Africa, and Asia.
[6] In the context of ICANN's responsibilities, protocols are the
technical rules that allow communications among networks.
[7] See [hyperlink, http://www.atlargestudy.org/final_report.shtml].
[8] See [hyperlink, http://www.naisproject.org/report/final/].
[9] In a July 2000 report prepared in response to a congressional
mandate, we reviewed questions and issues related to the legal basis
and authority for the Department's relationship with ICANN. U.S.
General Accounting Office, Department of Commerce: Relationship with
the Internet Corporation for Assigned Names and Numbers, GAO/OCG-00-
33R (Washington, D.C.: July 7, 2000). This report discusses the
development of the MOU, as well as other agreements related to the
ongoing technical operation of the domain name system. We list the
various agreements between ICANN and the Department in appendix II,
which also lists significant events in the history of the domain name
system.
[10] If the Department withdraws its recognition of ICANN by
terminating the MOU, ICANN has agreed to assign to the Department any
rights that ICANN has in all existing contracts with registrars and
registries.
[11] This example assumes that the required domain name information is
not available on the user's local network.
[12] Network Solutions later merged with VeriSign. The new company
currently uses the VeriSign name. Under its original agreement with
the National Science Foundation, Network Solutions was also
responsible for registering second-level domain names in the
restricted .gov and .edu top-level domains.
[End of section]