The IANA transition: what’s it all about?
In the first week of September 2014, the ninth annual Internet Governance Forum takes place in Istanbul. One of the main topics on the agenda is the USA’s transfer of responsibility for oversight of the IANA functions – the issue known as ‘the IANA transition’. For many people, however, it remains unclear just what the IANA functions are or what US oversight of them entails. So, in this blog, I have sought to explain what it is that IANA does.
What happened to put the IANA transition on the agenda?
On 14 March 2014, the US government agency the NTIA announced that it wanted to hand over responsibility for oversight of the IANA functions. The move made headlines around the world and the news was generally received with enthusiasm: ‘US to surrender control of the internet’.
What are the IANA functions?
For historical reasons, IANA combines four distinct functions. Originally, all the functions were performed by John Postel. When he died, the US government handed responsibility for the four functions to ICANN. They may be summarised as follows:
Management of certain technical internet protocol parameters
(Administrative) management of the root of the Domain Name System (DNS)
The distribution of IP addresses
Services relating to the .arpa and .int domains
What is the USA’s role?
ICANN performs the IANA functions under an agreement with the US authorities. Technically speaking, therefore, the US government is the customer or contract principal, and as such the party that decides what the IANA functions entail, who should perform them and how. The USA is, if you like, the owner of the IANA functions. The fact that America has this oversight is one of the main reasons why people often say that the US remains in control of the internet.
Why does the USA want to give up its oversight?
According to the NTIA, it is simply making good on a promise made by the US in the late nineties. However, there is a widespread belief that the move is a response to the NSA scandal. The assumption is that the US government wants to restore international confidence in its role in relation to the internet.
Who is going to take over responsibility for oversight?
That is the big question. And it needs answering by 30 September 2015, when the current IANA agreement expires. The US has asked ICANN to coordinate the process and devise an alternative oversight mechanism. The US has also laid down a number of conditions which any new arrangement must meet. The most important of those conditions is that the US will not transfer oversight to any other governmental body, including the United Nations. The other requirements are:
The multistakeholder model must be supported and promoted.
The security, stability and robustness of the Domain Name System must be assured.
The needs and expectations of the IANA service customers and partners around the world must be met.
The open character of the internet must be maintained.
How will the alternative oversight proposal be developed?
ICANN has set up an IANA Stewardship Transition Coordination Group (ICG). All IANA’s direct service customers are represented on the ICG, together with internet user groups and a number of governments. The expectation is that the customers for each of IANA’s services will develop a proposal concerning that particular service. The ICG will then weave the various proposals together.
Who are IANA’s service customers?
The Internet Engineering Task Force (IETF) is the customer for management of the technical internet protocol parameters. The customers for management of the DNS root are the operators and users of the generic and country-code top-level domains, including SIDN (as administrator of the .nl domain). Where IANA’s IP address services are concerned, the customer is the Number Resource Organization (NRO), to which RIPE NCC belongs. It is unfortunately not clear to me what will happen about the management of .arpa and .int, or who is going to arrange what.
Will ICANN be able to come up with an alternative oversight proposal?
That’s hard to say. Most observers believe that the deadline of 30 September 2015 is unattainable. It is also quite possible that the IETF and the NRO are able to relatively quickly produce broadly acceptable proposals for the services with which they are directly concerned, while solutions for the other functions remain elusive. The biggest problem may well be management of the root, in particular the position of the ccTLDs.
Why may the ccTLDs prove problematic?
In almost all respects, the party that performs the IANA functions (currently ICANN) merely plays an operational role. It is, for example, the NRO that dictates what ICANN (in its role as IANA operator) does with IP addresses and how it goes about the task. Similarly, it is the IETF that has the final say where internet protocol parameters are concerned. However, ICANN itself decides, in accordance with its internal rules and procedures, which gTLDs should be included in DNS root and who should act as the registry for each of them. Where the ccTLDs are concerned, the situation is somewhat different. Country-code domains are not covered by any generally accepted or clearly defined rules. Nor is there any authority that frames policy for ccTLDs or decides which ccTLDs should be in the root zone or who should control them. Because nothing is clearly defined, the IANA operator has some freedom to define its own policies. Consequently, the ccTLD service customers are in a very different position to the customers for the other IANA services. The operator’s freedom of action, combined with the fact that one is dealing with something linked to the identity of autonomous nations, makes oversight of the IANA service operator a politically sensitive question.
Although the IANA transition debate is simply a debate about how the various IANA functions should be overseen, the overseer may be regarded as the owner of the functions and therefore as the party with ultimate control over the administration of the DNS root. What’s more, in almost all cases, the party that performs the various IANA functions has only operational control. The one exception is root management for the ccTLDs. Developing an alternative oversight model for that function may well be one of the things that make finding a quick and straightforward solution difficult.