NordVPN Promotion

Home / Blogs

Refutation of the Worst IANA Transition FUD

BLACK FRIDAY DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]

Of all the patently false and ridiculous articles written this month about the obscure IANA transition which has become an issue of leverage in the partisan debate over funding the USG via a Continuing Resolution, this nonsense by Theresa Payton is the most egregiously false and outlandish. As such, it demands a critical, nearly line by line response.

* * *

Changing who controls the Internet Corporation for Assigned Names and Numbers (ICANN) so close to our presidential election will jeopardize the results of how you vote on Nov. 8 unless Congress stops this changeover.

So the first sentence is fairly loaded with nuance. We aren’t “changing who controls” ICANN, as much as letting them continue to do what they have been doing for the last 2 decades. The “change” is that they will run the Internet Assigned Numbers Authority (IANA) as a subsidiary instead of as a zero dollar contractor of the US. The Board of Directors of ICANN will continue to “control” ICANN and the ICANN policy community will have greater accountability measures in place to “control” the ICANN Board after the contract expires at midnight September 30th, 2016.

But this contract expiration WILL IN NO WAY have anything to do with the US election voting. Nothing, nada, zilch. Pure FUD, totally made up out of thin air.

* * *

When the calendar hits Sept. 30, a mere 6 weeks before our election, the United States cannot be assured that if any web site is hacked, the responsible party will be held accountable.

At the moment, the United States cannot be sure that responsible parties will be held to account for hacking today. ICANN has NOTHING to do with this aspect of cybersecurity, not a damn thing. This is what I call “Beyond the Palin” on Ms. Payton’s part, a complete fabrication.

* * *

We cannot be sure if a web site is a valid.

Not sure what she means here, but there is nothing that ICANN does or doesn’t do in terms of website “validity” that will change after September 30th.

* * *

We cannot be sure if one country is being favored over another.

In terms of nations states participating AS nation states inside ICANN’s Government Advisory Committee, there is no change that will or will not favor one nation over another. The reality is that the ICANN policy making community is dominated in many ways by American Registries, Registrars and activists. This won’t change after Sept 30th.

* * *

These are all the things ICANN is responsible for and has worked perfectly since the Internet was created.

NONE of the things listed above by the author are things that ICANN is responsible for. Not one thing. It is a sheer fabrication! ICANN has patently not worked “perfectly” since the Internet was created. ICANN has been in existence for half of the life of the Internet and has acted in flawed ways over the last 17 years (some due to the existence of the contract about to expire). The reforms that are scheduled to go into effect on October 1 are attempts to fix some of these flaws.

* * *

Why change it now and so close to the election? Why does that matter to you as a voter?

The Internet Naming, Numbering and Standards communities have been working diligently for years on these reforms so this contract CAN expire on Sept 30th. It only matters to voters who consume the fact free rhetoric of certain GOP politicians who SHOULD (if true to small government principles) be in favor of this privatization/contract expiration.

* * *

Take a look at recent cyber activity as it relates to the election. The Democratic National Convention was breached comprising the entire party’s strategy, donor base, and indeed, national convention. Everything the DNC had done to prepare for a moment four years in the making (if not longer) was undermined by a hacker who had been in their system for some time but waited for the optimal moment to spring it on the DNC—opening day of the convention. The FBI and other U.S. agencies, as the headlines blare, suspect Russia is responsible for the hack. Recently, Vladimir Putin went so far as to say, “Does it matter who broke in? Surely what’s important is the content of what was released to the public.”

It matters to all of us whether we live in the United States or not, if a hostile country can undermine our democratic process. There is even more alarming evidence this is happening during this election cycle. Russian hackers are suspected of breaching voter registration systems in Illinois and Arizona. Arizona went so far as to shut down the state’s voter registration system for a week. No data was stolen but it was downloaded. As for Illinois, some voter data was stolen!

The above 2 paragraphs have NOTHING to do with ICANN, absolutely NOTHING. To suggest that the expiration of the contract has anything to do with hacking the elections is at best misinformation, at worst an outright lie.

* * *

ICANN does more than just assign and/or approve your website’s domain. ICANN has its own Security and Stability Advisory Committee, which “engages in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and advises the ICANN community accordingly.” They are equivalent to your security guard at the bank. Why change the security guard now when voter data is more vulnerable—and prized—than ever?

We are not changing the “security guard” at all. SSAC (mentioned above) will still carry on in it role. BTW, ICANN has no role in assigning OR approving “your website’s domain”. This is a complete fiction.

* * *

If ICANN changes hands, so do the security measures taken to protect the rightful owner of your web site. If a site was hijacked today—not an uncommon crime in the cyber world—to reassert yourself as the rightful owner, you would go through law enforcement channels, your domain provider, and yes, ICANN.

1) ICANN is NOT “changing hands”. 2) If your website gets hacked today, ICANN plays NO role in ascertaining rightful “ownership”. Your Registrar does this. You bought the right to use your name from them. They have the evidence and historical data, NOT ICANN. The lack of simple clue here is staggering.

* * *

When a significant event happens to a web site, businesses, cyber securities companies, and ICANN all know their roles and act together in tandem to mitigate the threat. They are in lockstep with an emergency call plan that has been mapped out through trial and error over the years.

The only incidents that ICANN staff respond to is to rootserver attacks (ICANN runs one of the 13 rootservers) or to attacks on their own network. If a webiste is attacked, ICANN can do nothing to mitigate damage. Not a damn thing. This is a fact-free assertion.

* * *

ICANN’s actions have made the internet safer for you. Will that still hold true after Sept. 30?

Here is the one thing that is true in the entire article. ICANN has cryptographically signed the Internet DNS root. This potentially makes our use of the Internet more secure. However, this will in no way change after September 30th, 2016.

* * *

At the end of the day, election administrators are not cyber defenders nor should they be. They are trained to run elections. Let them do their job and let ICANN do theirs.

Agreed, but why conflate the two when they have NOTHING in common?

Pure fact-free propaganda from Weimar Republicans. Totally Beyond the Palin.

If Ms. Payton wants the Department of Commerce to continue to maintain a contract with ICANN to run IANA because of ‘Merica, I wish she would just say so, and not pollute the blogosphere with irrational, post-factual drivel. The expiration of this contract has been the stated goal of both Republican and Democratic Administrations for nearly 20 years. Now is the time.

By McTim, Internet policy and governance consultant

Filed Under

Comments

As an ICANN registrar, I would point Charles Christopher  –  Sep 22, 2016 1:49 AM

As an ICANN registrar, I would point out that there is a triangle of contracts; ICANN/Registry, ICANN/Registrar, and Registrar/Registry. Those contracts are directly driven by ICANN. Thus is some sense you can make some of the arguments you are, but only because ICANN’s influence it not obvious to the masses. That is in addition to those three contract we also must require a contract with the registrant that came from requirements of those three contracts ... ICANN’s influence is more significant than your comments suggests.

>ICANN plays NO role in ascertaining rightful “ownership”.

Incorrect. The incident with RegisterFly long ago resulted in the creation of the ICANN escrow system who’s very purpose is ICANN’s ascertaining rightful “ownership” when the need arrises. As one of the registrants that RegisterFly tried to steal 2 domain from, I have in depth understanding of what actually happened and how ICANN reacted and why. In fact this very incident played a role in my becoming a registrar as it became obvious that I wanted to in effect remove the registrar/registrant contract from my domain names and be able to hold ICANN and the registry directly accountable for all contractual issues that come up.

The downside of the ICANN escrow system is that its illusion is to protect the registrants from nefarious registrars. But in fact the ICANN escrow system only protect registrants from honest registrars. Basically nefarious registrars may submit privacy whois rendering the ICANN escrow system useless.

>At the moment, the United States cannot be sure that responsible parties will
>be held to account for hacking today.

I think the word “hacking” means one thing to you and me and something else to the masses. I think this is more of a catchall term to the masses. Proceeding on that assumption, certain nefarious uses of domains do lead to components of the contracts I mentioned above. For example on the one hand ICANN’s contracts with registries require “equal treatment” of the domains and registrars. Yet this denies appropriate action when one does something very bad. Thus ICANN’s contracts allow actions that would be required in some cases, such as removing a domain from the zone file because of nefarious use; bot, malware, etc.

In the broader scope, it is true that tech always leads regulation and so regulation will never be a successful tool to deal with technical issues such as hacking. The best it can ever do is make the cost of being caught so high that nobody does it. But to suggest there is no contract influence is not correct.

For example we just received notice of the new whois service that we are required to implement by February of next year. This system will standardize the whois interface making it easier to harvest data, which means its easier to hold registrants accountable ... Except those using privacy whois ... Thus again we have a generally ineffective response, but the issues mentioned where motives for the changes even if not as direct as the OP suggests it is.

Escrow data is evidence for Registrars and Registry Operators to take action as needed McTim  –  Sep 23, 2016 7:33 AM

As former staff of a Registry Operator, I was fortunate never to have to dig into escrowed data, BUT the RO pays the escrow provider, not ICANN.  ICANN does not say “this website belongs to x and not y”, right?  It would be a wholly different organization if it did that sort of thing.  This is the role of Registrars and ROs (as needed). 

There are a number of ICANN contracts that require certain behaviour and limit other behaviour.  This is not at all the same thing as Ms Payton suggests that you would “go through ICANN” to reassert ownership.  I have helped folk “re-assert ownership” and nowhere was ICANN directly involved.

>RO pays the escrow provider, not ICANN.If Charles Christopher  –  Sep 23, 2016 3:25 PM

>RO pays the escrow provider, not ICANN.

If a registrar uses ICANN’s escrow agent, Iron Mountain, then ICANN pays.

We looked at what it would take to use someone else. For all intents and purposes there is no choice for a small registrar like ourselves. If we don’t use Iron Mountain then we must pay.

Academically speaking, registrants and registrars pay the bill though the “ICANN taxes” we all pay. However to the point you are making, ICANN receives the bill from Iron Mountain and cuts the check to them not us ... ICANN moves the money from our pockets to Iron Mountains.

Which brings up the obvious issue that as bureaucracies grow so to do the taxes they demand .. Despite having the better part of a billion dollars in cash in the bank right now.

>ICANN does not say “this website belongs to x and not y”, right?

This is the very purpose of the ICANN escrow. This is why I said the history of the ICANN Escrow system came from RegisterFly STEALING ITS REGISTRANTS DOMAIN NAMES.

To be fair and tease this out a bit, the registrar is managing ownership in the real time sense, but ICANN sets up the safety net to stand in for the Registrar. ICANN states this as the Escrow data “only” being for the purpose of Contract termination, but one needs to look back to history of what “termination” meant that lead up to the creation of the requirement. Contract Termination includes nefarious behavior, such as in the case of RegisterFly ... A registrar STOLE its registrants domain names. As one of the people affected (They tried to steal 2 of my domain names) RegisterFly did this by changing the Whois data to a .EDU email address and also change the physical contact info.

Thus “ownership” data was the very tool used to steal the domains, and thus ICANN came in with what they considered “authoritative ownership” data, which we call the ICANN Escrow.

Lets step back to the view from 30,000 feet and let you know I have been involved with domains since 1999 both as a registrant, registrar, and I also provide some consulting services in the domain industry. We in the domain / internet industry have our own language, just like any other industry. Yes, when folks like Cruz and lay folks *TRY* to communicate their concerns they will misuse our language and we can be pedantic about it and reject them entirely for their language misuse. But that does not change the fact that underlying that which they are trying to express are real concerns. And those concerns are shared by people who have been in this industry for a very long time.

From the beginning was the transition intended to occur during this years election? I doubt it.

“this little thing called the Internet ... makes it much harder to govern.”
-  Secretary of State John Kerry

“...in early times, it was easier to control a million people”
- Zbigniew Brzezinski

Could the transition have an effect on the elections process this year? With nefarious folks like George Soros pushing hard on Nationwide Internet Voting right now, I am open to the possibility that this could happen even though I can’t present to you how it might happen .... But unlike Kerry, Brzezinski, and Soros, my mind is free from planning how to control others ....

And I also feel that paper ballot should NEVER have been taken out of the voting process (see BlackBoxVoting.org), as wonderful as the internet is there are situations where it should never be applied.

https://www.send2press.com/newswire/2007-03-0328-001.shtml"RegisterFly Scandal Culminates in Class A Charles Christopher  –  Sep 23, 2016 6:47 PM

https://www.send2press.com/newswire/2007-03-0328-001.shtml

“RegisterFly Scandal Culminates in Class Action Lawsuit”

“More than 75,000 individuals have already lost their Internet domain names registered through RegisterFly.com - New class action lawsuit seeks to protect up to a million more from the same fate”

“Yesterday, a U.S. District Court judge unsealed a class action lawsuit (case #07cv00188) against Internet domain registrar RegisterFly along with [...] (“ICANN”), among others.”

http://www.washingtonpost.com/wp-dyn/content/article/2007/06/27/AR2007062700071.html

“ICANN mulls registrar changes after RegisterFly debacle”

“That way, in the event of a registrar meltdown, ICANN, which manages and oversees the Internet’s domain name system, could access the customer data and help customers switch to another registrar.”

Never underestimate the power of ICANN and those three contracts it drives between itself, the registry and the registrar.

It has been almost a month and Charles Christopher  –  Oct 16, 2016 8:47 PM

It has been almost a month and enough time has past that I think it worth returning to the issue of US Gov / ICANN / Elections.

I think most have heard that US government now stating it will be deploying a “Cyber Attack” on Russia for manipulation the elections ...

Really?

Lets ignore the fact that the elections have not yet happened, and the forth estate ignores the internet (wikileaks) when its not in the forth’s estates favor. A free and open internet can in fact be the forth estate, but I digress ...

So here are my questions:

1) If the US gov still “controlled ICANN / the Internet” would it politically be able to openly commit a cyberattack on another country?

http://www.nbcnews.com/news/us-news/cia-prepping-possible-cyber-strike-against-russia-n666636

2) Why is OUR hard earned tax dollars now being used to attack and destroy the internet stability that has been my career for the last 17 years? Why isn’t OUR hard earned tax dollars being used for R&D;to strengthen the internet so that such “Russian Attacks” (which I fell is an outright lie, but i again digress) can’t be possible? Isn’t investing in a more reliable internet to our benefit, and attacks in networks infrastructure a huge liability for all? .... (go back to question 1)

3) Some years ago (Nov 24, 2010 - ZeroHedge) Russia and China starting trading directly in their own currencies, in effect rejecting the USD (“world reserve currency”). Why? Because using USD meant that had to by and sell USD to trade between them and thus US banks got a gut for their trades that had no US involvement. So what has that got to do with this discussion? How much would a Russian Cyber attack on US cost Russia? How much would a US cyber attack on Russia cost Russia? How must would a physical war with the US cost Russia (and recall China is a close partner right now)? Now to the point, how much would it cost Russia and China to SELL their US debt for 1 penny on the dollar? ... That would utterly destroy the USD and destroy the US, and the cost would be far less than the other options mentioned (“physical” war).

http://www.zerohedge.com/article/much-ado-about-nothing-china-russia-drop-dollar-bilateral-trade
“China and Russia are expanding their trading terms and will conduct all bilateral trade exclusively in local currencies, thus dropping the dollar as an intermediary”

and:

Jan 8, 2012 - http://www.zerohedge.com/news/russia-iran-proceed-bilateral-trade-drop-dollar-russian-warships-park-syria
Mar 31, 2013 - http://www.zerohedge.com/news/2013-03-31/thanks-world-reserve-currency-no-thanks-australia-and-china-enable-direct-currency-c

I think at this point we are seeing a relationship between the disconnection of ICANN from the US Gov and political maneuvering by the US gov, and the US Gov clearly stating a relationship to the upcoming elections.

And frankly, elections aside, I am NOT INTERESTED in my tax dollars being used by my government to ATTACK ANY PART OF THE NETWORK, no matter the reason. I AM interested is seeing my tax dollars used to strengthen the network in all possible ways so NO GOVERNMENT can lead a successful attack on any one.

But being the cynic I am, a strong robust internet creates freedom and independence from government .... And that is not in the governments interest, governments need to be perceived “as GOD” and thus the solution to all problems justifying ever increasing tax liabilities for us. The more messes they make the more we “need them” to clean it up those messes, whatever excuse they use to make those messes.

I feel everyone here should be enraged that the US gov is justifying network attacks, no mater the reason.

I feel the next few weeks will give us even more reason to think there may be a relationship between ICANN / US Gov / US Elections, and its not going to be anything we are proud of. Even if it does to play out as the article you mentioned describes it. I hope I am wrong.

Forgot to end my last post with Charles Christopher  –  Oct 16, 2016 8:49 PM

Forgot to end my last post with this:

“this little thing called the Internet ... makes it much harder to govern.”
- Secretary of State John Kerry

So you are suggesting that the USG is now "unshackled"? McTim  –  Oct 18, 2016 8:05 PM

In response, I would just say “Stuxnet”.

I doubt that US CyberCommand was held back because DOC had a contract with ICANN.

so my answers to query 1 is “yes”, #2 and 3 are out of scope for an ICANN/IANA discussion.

>I would just say "Stuxnet".Which to this Charles Christopher  –  Oct 18, 2016 8:26 PM

>I would just say “Stuxnet”.

Which to this day is still classified.

http://www.politico.com/story/2016/10/retired-general-charged-in-probe-of-classified-information-disclosure-229891

>I doubt that US CyberCommand was held back because DOC had a contract with ICANN.

The issue is being open and public about it, to the point of using it as a political toll to influence the masses. Stuxnet was not for anyone to know about ....

The Slippery Slope.

And I suggest Stuxnet does makes the point:

https://www.schneier.com/blog/archives/2010/10/stuxnet.html

“It’s already infected more than 50,000 Windows computers, and Siemens has reported 14 infected control systems, many in Germany. (These numbers were certainly out of date as soon as I typed them.) We don’t know of any physical damage Stuxnet has caused, although there are rumors that it was responsible for the failure of India’s INSAT-4B satellite in July. We believe that it did infect the Bushehr plant.”

http://www.zerohedge.com/news/2012-11-10/worm-turns-chevron-infected-stuxnet-collateral-damage

“I don’t think the US government even realized how far it had spread” is how the collateral damage from the Iran-attacking Stuxnet computer virus is described by Chevron. The sleep San-Ramon-based oil giant admitted this week that from 2010 on “we’re finding it in our systems and so are other companies… so now we have to deal with it.” It would seem that little consideration for just how viral this cyber warfare tactic has become and this news (reported by Russia Today) is the first time a US company has come clean about the accidental infection.”

Where has the accountability of such “collateral damage” been moved to?

What court do I go to when I or my business is affected?

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

NordVPN Promotion