ABSTRACT
INTRODUCTION
I. THE DOMAIN NAME SYSTEM A. Domain Names and Their Uses B. The Source and Import of Control of the Legacy Root
II. THE DNS: A CONTRACTUAL HISTORY A. Before ICANN B. Contractual Basis of ICANN's Authority (October 1998-present)
III. DOC'S RELATIONSHIP WITH ICANN IS ILLEGAL A. ICANN Is Engaged in Policymaking B. DoC's Relationship with ICANN C. APA Issues D. Constitutional Issues E. Due Process Issues F. Structural Failures/Self-Dealing
IV. REFORMING THE U.S. DNS POLICY A. The Policy Problem B. ICANN Sets a Terrible Precedent C. A Better DNS Policy is Within Our Grasp
CONCLUSION
FOOTNOTES
The Internet relies on an underlying centralized hierarchy built into the domain name system (DNS) to control the routing for the vast majority of Internet traffic. At its heart is a single data file, known as the "root." Control of the root provides singular power in cyberspace.
This Article first describes how the United States government found itself in control of the root. It then describes how, in an attempt[*pg 18] to meet concerns that the United States could so dominate an Internet chokepoint, the U.S. Department of Commerce (DoC) summoned into being the Internet Corporation for Assigned Names and Numbers (ICANN), a formally private nonprofit California corporation. DoC then signed contracts with ICANN in order to clothe it with most of the U.S. government's power over the DNS, and convinced other parties to recognize ICANN's authority. ICANN then took regulatory actions that the U.S. Department of Commerce was unable or unwilling to make itself, including the imposition on all registrants of Internet addresses of an idiosyncratic set of arbitration rules and procedures that benefit third-party trademark holders.
Professor Froomkin then argues that the use of ICANN to regulate in the stead of an executive agency violates fundamental values and policies designed to ensure democratic control over the use of government power, and sets a precedent that risks being expanded into other regulatory activities. He argues that DoC's use of ICANN to make rules either violates the APA's requirement for notice and comment in rulemaking and judicial review, or it violates the Constitution's nondelegation doctrine. Professor Froomkin reviews possible alternatives to ICANN, and ultimately proposes a decentralized structure in which the namespace of the DNS is spread out over a transnational group of "policy partners" with DoC.
[*pg 20]
The availability of judicial review is the necessary condition, psychologically if not logically, of a system of administrative power which purports to be legitimate, or legally valid.
LOUIS L. JAFFE{1}
Despite being famously decentralized and un-hierarchical,{3} the Internet relies on an underlying centralized hierarchy built into the domain name system (DNS). Domain names (such as "www.law.miami.edu") are the unique identifiers that people depend on to route e-mail, find web pages, and connect to other Internet resources.{4} The need to enforce uniqueness, that is, to prevent two people from attempting to use the exact same domain name, creates a need for some sort of body to monitor or allocate naming. However, [*pg 21] control over the DNS confers substantial power over the Internet. Whoever controls the DNS decides what new families of "top-level" domain names can exist (e.g., new suffixes like .xxx or .union) and how names and essential routing numbers will be assigned to websites and other Internet resources.{5} The power to create is also the power to destroy, and the power to destroy carries in its train the power to attach conditions to the use of a domain name.{6} Currently, this power is used to require domain name registrants to publish their addresses and telephone numbers on a worldwide readable list and to agree that any trademark holder in the world aggrieved by their registration can demand arbitration regarding ownership of the name under an eccentric set of rules and standards. In theory, the power conferred by control of the DNS could be used to enforce many kinds of regulation of the Internet; it could, for example, be used to impose content controls on the World Wide Web (WWW), although there are no signs that anyone intends this at present.
Without meaning to at first, the United States government found itself controlling this unique Internet chokepoint.{7} When the Internet was small, the DNS was run by a combination of volunteers, the Na- [*pg 22] tional Science Foundation (NSF), and U.S. government civilian and military contractors and grant recipients.{8} As the paymaster for these contractors, the U.S. government became the de facto ruler of the DNS, although it barely exercised -- and for a long time may not in any real sense have been aware of -- its power. The Internet's exponential growth placed strains on the somewhat ad hoc system for managing the DNS, and what had been primarily technical issues became political, legal, and economic problems that attracted high-level official attention.{9} In particular, as attractive domain names in .com began to become scarce,{10} disputes over attractive names became increasingly common,{11} and pressure mounted for the creation of new "top-level" domain suffixes such as .shop or .web. Although technically trivial to implement,{12} the proposals ran into intense counter- [*pg 23] pressure from intellectual property rights holders who already faced mounting problems with cybersquatters -- speculators who registered domain names corresponding to trademarks and held them for profit.{13} Meanwhile, foreign governments, notably the European Union, began to express understandable concern about the United States' control of a critical element of a global communication and commercial resource on which they foresaw their economies and societies becoming ever-more dependent.{14}
[*pg 24]
As the DNS issue, and especially the relationship between domain names and trademarks, grew in importance, the conflicting pressures on the federal government for action grew as well. In June 1998, DoC and an interagency task force headed by Presidential Senior Adviser Ira Magaziner responded with the Statement of Policy on the Privatization of Internet Domain Name System, known as the DNS White Paper.{15} Abandoning earlier hopes of issuing a substantive rule, which requires statutory authorization and is subject to judicial review, the policy statement instead set out goals that the administration thought could be achieved without rulemaking. Embracing the rhetoric of privatization, the DNS White Paper called for the creation of a private nonprofit corporation to take over the DNS and institute various reforms.{16} Shortly thereafter, an international group incorporated ICANN as a private nonprofit California corporation, and, after some negotiation, DoC lent ICANN much of its authority over management of the DNS.
In its first two years of life, ICANN has made a number of decisions with potentially long-term effects. Of necessity, much of ICANN's energy has been devoted to the process of setting up its own, somewhat ornate, internal structures{17} and procedures. The formal structures in place at this writing give overwhelming weight to corporate voices, tempered only by the power of the board to reject their suggestions. The board remains composed of the nine original unelected directors, supplemented by nine selected by so-called constituency groups, who in turn are selected by ICANN. Internet users and individual domain name registrants remain unrepresented at the board level, although ICANN is in the process of organizing a limited representation for the public.{18}
Almost as soon as it was in place, the ICANN board undertook major decisions, beginning with the agenda set out in the White Paper. ICANN pushed Network Solutions, Inc. (NSI), the monopoly registry and dominant registrar, to allow more competition among [*pg 25] registrars.{19} ICANN also instituted mandatory arbitration of trademark claims. ICANN's "Uniform Dispute Resolution Policy" (UDRP) requires every registrant in ..com, .org, or .net to agree to arbitration before ICANN-selected arbitration providers if any trademark owners anywhere in the world feel aggrieved by their registration of a term similar to that trademark.{20}
As a result of this policy, registrants are now subject to an idiosyncratic set of arbitration rules and procedures that benefit third-party trademark holders at the expense of registrants and do not necessarily conform to U.S. trademark law.{21} ICANN also chose to keep in place and step up enforcement of some policies that it inherited, notably NSI's anti-privacy rule requiring that every registrant of a domain name agree to have his name, address, e-mail, and telephone number placed in a database readable by any Internet user in the world.{22}
Since ostensibly handing the policy baton to ICANN, DoC has treated these key decisions regarding the DNS as if they were either matters of policy outside the rulemaking strictures of the Administrative Procedure Act, as if they were matters of contract, or as if ICANN were an arms-length private body exercising autonomous choices that could take effect spontaneously, without DoC's participation or responsibility.{23} DoC has, thus, made, or acquiesced in ICANN's making, some of the most important decisions relating to the near-term future of the Internet via research contracts rather than agency adjudication or rulemaking, thus evading notice, comment, due process, and judicial review. Government outsourcing and privatization often is premised on the theory that private enterprise can [*pg 26] provide some goods and services more efficiently than the public sector.{24} DoC's reliance on ICANN is different from the classic model of privatization, because rather than privatizing a revenue-generating function, the government is "privatizing" a policy-generating function. Furthermore, the "privatization" is subject to sufficient strings to make ICANN's actions fairly chargeable to the government. Although the ICANN-DoC contracts speak of cooperation and research, some of the most significant outputs from ICANN are government regulation in all but name. It is time to call them what they are.
However one chooses to characterize the U.S. government's interest in the root file or the DNS as a whole, there is little debate that (1) DoC derives at least part of whatever authority it has from its ability to instruct a U.S. government contractor, NSI, regarding the content of the root file,{25} and (2) whatever authority ICANN holds at present emanates from, and remains subject to, DoC's ultimate authority.{26} The U.S. government's continuing control of the DNS has legal consequences that have not been well understood by participants in what have come to be called the "DNS wars,"{27} and were ignored in a recent General Accounting Office (GAO) study that examined DoC's role in ICANN's creation.{28} Chief among these legal [*pg 27] consequences is that to the extent that DoC relies on ICANN to regulate in its stead -- and this reliance appears to be quite substantial -- DoC's relationship with ICANN violates fundamental U.S. policies that are designed to ensure democratic control over the use of government power. DoC's relationship with ICANN is, therefore, illegal.
Depending on the precise nature of the DoC-ICANN relationship, not all of which is public, DoC's use of ICANN to run the DNS violates the APA and/or the U.S. Constitution. On the one hand, DoC may retain substantial control, either directly or by review, over ICANN's policy decisions. In that case, DoC's use of ICANN to make rules violates the APA. On the other hand, if DoC has ceded temporary policy control to ICANN, that violates the Constitution's nondelegation doctrine.
There is substantial evidence, discussed below, that DoC has directly instructed ICANN on policy matters. Furthermore, as ICANN is utterly dependent on DoC for ICANN's continuing authority, funding, and, indeed, its reason for being, it would be reasonable to conclude that the corporation is currently so captive that all of ICANN's decisions can fairly be charged to the government. If so, the DNS has not, in fact, been privatized at all, even temporarily. At least in cases where ICANN does what DoC tells it to do, and arguably in all cases, DoC's use of a private corporation to implement policy decisions represents an end run around the APA and the Constitution. To the extent that DoC launders its policy choices through a cat's paw, the public's right to notice and meaningful comment; to accountable decisionmaking; to due process; and to protection against arbitrary and capricious policy choices, self-dealing, or ex parte proceedings are all attenuated or eliminated; so, too, is the prospect of any meaningful judicial review. The result is precisely the type of illegitimate agency decisionmaking that modern administrative law claims to be most anxious to prevent.{29}
If, on the other hand, ICANN is making its policy decisions independently of DoC, as ICANN's partisans tend to argue, then even a partial transfer of DoC's policymaking authority over the DNS violates an even more fundamental public policy against the arbitrary [*pg 28] exercise of public power, the constitutional doctrine prohibiting the delegation of public power to private groups.{30} Most famously expounded in two pre-New Deal cases, Carter v. Carter Coal Co.{31} and A.L.A. Schechter Poultry Corp. v. United States,{32} the private nondelegation doctrine focuses on the dangers of arbitrariness, lack of due process, and self-dealing when private parties are given the use of public power without the shackles of administrative procedure.{33} The doctrine stems from a long tradition of seeking to ensure that public power is exercised in a manner that makes it both formally and, insofar as possible, actually accountable to elected officials, and through them -- we hope -- to the electorate. This concern for proper sources and exercise of public authority promotes both the rule of law and accountability.{34}
The ICANN issue is unique in a number of ways. Modern federal cases implicating the nondelegation doctrine are quite rare; the Supreme Court does not seem to have considered the issue in the context of a delegation to a private group since the New Deal, and the lower court cases are few and often very technical. In any event, nondelegation cases usually involve a contested statute.{35} The issue then is whether Congress's attempt to vest power in an agency or a private body is constitutional. In the case of ICANN, there is no statute. Congress at no time determined that the DNS should be privatized, or, indeed, legislated anything about national DNS policy. Instead, DoC itself chose to delegate the DNS functions to ICANN, relying on its general authority to enter into contracts. ICANN is also a very unusual corporation. There are many government contractors, both profit-making and nonprofit. But it is unusual for a nonprofit corpo- [*pg 29] ration to be created for the express purpose of taking over a government regulatory function.
There is a danger, however, that ICANN may not be unique for long. One administration spokesperson has already suggested that ICANN should be a model for regulation of other Internet-related issues such as accreditation standards for distance learning and e-commerce over business-to-business "closed" networks.{36} The specter of a series of ICANN clones in the United States or in cyberspace should give one pause, because ICANN is a very bad model, one that undermines the procedural values that motivate both the APA and the Due Process Clause of the Constitution.{37}
DoC's reliance on ICANN has (1) reduced public participation in decisionmaking over public issues, (2) vested key decisionmaking power in an essentially unaccountable private body that many feel has already abused its authority in at least small ways and is indisputably capable of abusing it in big ways, and (3) nearly (but, as argued below, not quite) eliminated the possibilities for judicial review of critical decisions regarding the DNS. So far, ICANN appears to be accountable to no one except DoC itself, a department with a strong vested interest in declaring its DNS "privatization" policy to be a success.
Democratic theory suggests that the absence of accountability tends to breed arbitrariness and self-dealing.{38} In addition to avoiding governmental accountability mechanisms, ICANN lacks much of the accountability normally found in corporations and in nonprofits. Or- [*pg 30] dinary corporations have shareholders and competitors. ICANN does not because it is nonprofit and has a unique relationship with the Department of Commerce. Many nonprofit organizations have members who can challenge corporate misbehavior. ICANN has taken steps to ensure that its "members" are denied such legal redress under California law.{39} All but the wealthiest nonprofits are constrained by needing to raise funds; ICANN faced such constraints in its early days, but it has now leveraged its control over the legacy root into promises of contributions from the registrars that have agreed to accept ICANN's authority over them in exchange for the ability to sell registrations in .com, .org and .net, and from NSI, the dominant registrar and monopoly .com/.org/.net registry,{40} which agreed to pay $2.25 million to ICANN this year as part of agreements hammered out with DoC and ICANN.{41} The result is a body that, to date, has been subject to minimal accountability. Only DoC (and, in one special set of cases, NSI or registrars{42}) currently has the power to hold ICANN account- [*pg 31] able. NSI currently has no incentive to use its limited power, and DoC has nothing to complain of so long as ICANN is executing the instructions set out in the White Paper. The accountability gap will get worse if DoC gives full control of the DNS to ICANN.{43} But it should be [*pg 32] noted that opinions may differ as to whether DoC could legally give away its interest in DNS to ICANN without an act of Congress. It is likewise unclear what precisely "giving away control" would consist of beyond DoC's interest in its contracts with the maintainer of the root, since the most important part of anyone's "control" over the root is publishing data that other parties, many of whom are independent of the government, choose to rely on.{44}
Part I of this Article describes the domain name system and its central role in the smooth functioning of the Internet as we know it today. The DNS is a hierarchical system in an otherwise relatively decentralized Internet. Section A explains what a domain name is, what domain names do, and how domain names are assigned and acquired. Section B explains the technical source of control over the DNS and why this control over the DNS system is so important.
Part II of the Article lays out the convoluted legal and contractual history of the DNS in order to establish the foundation for the legal argument in the third part. Part II thus describes the growing formalization of DNS regulation and the increasingly conscious intervention of the U.S. government in DNS policymaking. What began as small operation, below the policy radar, affecting only a small number of computers, grew in importance as the Internet grew and as the number of attractive names remaining to be registered in .com shrank. Existing arrangements came under increasing strain as conflicts over names, especially between trademark holders and registrants, grew. Where there had been uncertainty for many years as to precisely where authority over the root might reside, by 1998 the U.S. government had defeated an attempt to redirect the root and amended its contract with NSI to make the government's supremacy clear. Power, however, brought responsibility and increased controversy. The debate over the addition of new top-level domains to the root brought matters to a head and triggered active intervention by DoC and an interagency group headed by Presidential Senior Adviser [*pg 33] Ira Magaziner. Their policy review culminated in the White Paper, which called for an entity like ICANN to take over the management of the DNS.
Part III of this Article offers a legal analysis concentrating on the federal government's role in DNS policymaking. How ICANN perceives itself is of only minor relevance to the legality of DoC's reliance on it. The central questions concern: (1) the nature of ICANN's actions and (2) the nature of DoC's response to ICANN's actions. ICANN does something that is either is "standard setting" or is something more, such as "policymaking" or "rulemaking." Determining whether ICANN does "policy" requires a fairly detailed excursion into ICANN's and the DNS's history and contributes mightily to the length of this Article. But this is a critical issue, because if ICANN is engaged in mere standard setting, then there is no APA or constitutional issue; however, if ICANN is doing something more than mere standard setting, then the nature of DoC's response to ICANN's actions is legally significant.
If ICANN is engaged in policymaking, and if DoC is reviewing these decisions and retaining the authority to countermand them, then DoC's adoption of or approval of ICANN's regulatory and policy decisions are subject to the APA. One could argue as to whether DoC's approval is an informal adjudication under the APA,{45} or whether due to its overwhelming influence over ICANN and due to its adopting ICANN's rules, DoC is engaged in rulemaking without proper notice and comment. In either case, however, the APA has been violated.
If, on the other hand, ICANN is engaged in policymaking and DoC does not retain the power to countermand ICANN's decisions, then DoC has delegated rulemaking and policymaking power to ICANN. This probably violates the APA, since it was done without proper rulemaking; regardless of the applicability of the APA, it violates the Due Process Clause and the nondelegation doctrine of the U.S. Constitution, as well as basic public policy norms designed to hold agencies and officials accountable for their use of public power. Since ICANN's board and staff operate largely in secret, it is difficult for outsiders to know how much influence DoC has over ICANN's [*pg 34] decisionmaking. As a result, the statutory and constitutional arguments in this Article are presented in the alternative. The two arguments are very closely related, however, in that both rely on legal doctrines designed to promote accountability and prevent the arbitrary exercise of government power.
My analysis is substantially different from both DoC's and ICANN's accounts of their roles and their relationship. DoC's account of its relationship with ICANN relies on what I shall call the private party story and the standard-setting story. The private party story relies on ICANN's status as a California nonprofit corporation. Government agencies have to observe due process, and many rules about openness, even-handedness, and especially advance notice, not least of which are the procedures set out in the Administrative Procedure Act. If they fail to observe these requirements, they are subject to judicial review. Because ICANN is (formally) a private corporation, it does not face similar obligations. It is beyond argument that private parties are almost never subject to the APA.{46}
In fact, as detailed below, ICANN's relationship to DoC is nothing like the arms-length relationship suggested by the private party story. Although ICANN is private, it is no ordinary corporation, and its relationship with DoC is highly unusual. ICANN is totally beholden to DoC for its creation, its initial policies, and especially DoC's loan of control over the root. This control over the root is the sole basis of ICANN's relevance, power, and financing, and DoC can take it away on 120 days' notice, a right that persists even after the recent renewal of ICANN's contract.{47} More than anything, ICANN [*pg 35] seeks to achieve permanent and, perhaps, irrevocable control of the root when the current memorandum of understanding (MoU) expires. DoC has some control over ICANN through the stick of the MoU, but the real control comes from the carrot. ICANN's ability to retain or expand its control over the root is entirely at DoC's discretion.
The standard-setting story focuses on what ICANN does. In this story, ICANN does only "technical coordination" relating to the DNS. ICANN does not do "policy"; if there was any policy to be done (DoC is a little vague on this), it was done in the White Paper -- a statement of policy. And ICANN most certainly does not do "regulation" or "governance." ICANN is at most implementing the key pieces of the White Paper policy: privatization, Internet stability, increasing competition, bottom-up coordination. To the extent that ICANN might be making decisions that have impacts on third parties, this is merely setting standards, not making policy, and it is well settled that the government can rely on private groups to set standards.{48}
There is no question that contractors can administer a federally owned resource, such as the snack bar in a federal building. Moreover, the United States has created a number of federal government corporations, mostly to undertake commercial activities; some are private, a few have mixed ownership, but all have federal charters and direct congressional authorization.{49} While the federal use of state- [*pg 36] chartered corporations to undertake federal tasks is rare, and usually criticized,{50} if it were true that ICANN was limited to "technical coordination," that would rebut the claim of an unconstitutional delegation of power. In fact, as detailed below, the standard-setting story ignores reality. While some of what ICANN does can fairly be characterized as standard setting, key decisions would certainly have been rulemaking if done directly by DoC and remain regulatory even when conducted by its proxy.{51}
Having said what this Article is about, a few words about what it is not about may also be in order. Opinions differ -- radically -- as to the wisdom of ICANN's early decisions, decisions with important worldwide consequences.{52} Opinions also differ as the adequacy of ICANN's decisionmaking procedures. And many legitimate questions have been raised about ICANN's ability or willingness to follow its own rules.{53} Whether ICANN is good or bad for the Internet and whether the U.S. government should have such a potentially dominant role over a critical Internet resource are also important questions. This Article is not, however, primarily concerned with any of these questions. Nor is it an analysis of the legality of actions taken by ICANN's officers, directors, or employees. In particular, this Article does not discuss whether ICANN's actions comply with the requirements of California law regarding nonprofit corporations. Despite their importance, all of these issues will appear only tangentially insofar as they are relevant to the central, if perhaps parochial, question: whether a U.S. administrative agency is, or should be, allowed to call into being a private corporation and then lend it sufficient control over a government resource so that the corporation can use that con- [*pg 37] trol effectively to make policy decisions that the agency cannot -- or dares not -- make itself.
Although focused on DoC's actions, this Article has implications for ICANN. If the government's actions in relation to ICANN are illegal or unconstitutional, then several -- but perhaps not all -- of ICANN's policy decisions are either void or voidable, and DoC might reasonably be enjoined from further collaboration with ICANN in other than carefully delineated areas. Some of these implications for ICANN, and for the Internet, are canvassed in Part IV.
The Internet works the way it does because it is able to route information quickly from one machine to another. IP numbers provide the identifying information that allows an e-mail to find its destination or allows a request for a web page to reach the right computer across the Internet. Until recently,{58} web page accesses, unlike e-mail, always could be achieved with an IP number. Thus, for example, was equivalent to . However, e-mail to froomkin@129.171.187.10 will not inevitably reach me -- or anyone else. (On most systems, however, e-mail to froomkin@[129.171.187.10] will reach me. But it is not inevitable or easy to type.) Because IP numbers are hard for people to remember, the designers of the Internet introduced easier alphanumeric domain names as mnemonics. When a user types an alphanumeric Uniform Resource Locator (URL) into a web browser, the host computer must "resolve" the domain name -- that is, translate it into an IP number.{59} Both domain names and IP numbers are ordinarily unique (subject to minor exceptions if resources are interchangeable). Using domain names also increases portability -- since numbers can be arbitrarily assigned to names, the names can stay constant even when the resources to which they refer change. The system by which these unique domain names and IP numbers are allocated and domain names resolved to IP numbers is a critical function on the Internet. Each of the thirteen legacy root name servers handles millions of [*pg 39] DNS queries a day,{60} and uncounted millions more are handled downstream by ISPs and others who cache the most frequently requested domain names to IP mappings.
Currently, the large majority of domain names for Internet resources intended to be used by the public have a relationship to two organized hierarchies. (Internet-based resources for private use, such as intranets, can be organized differently.) The first, very visible hierarchy relates to naming conventions for domain names and constrains how domain names are allocated. The second, and largely invisible, hierarchy determines the ways in which domain names are resolved into the IP numbers that actually make Internet communication possible. The two hierarchies are closely related but not identical.
Domain naming conventions treat a domain name as having three parts: in the address www.miami.edu for example, "edu," the rightmost part, is the "top-level domain" or "TLD," while "miami" is the second-level domain (SLD), and any other parts are lumped together as third-or-higher-level domains. Domain names are just conventions, and a core part of the current dispute over them arises from the conflict over whether new TLDs should be added to the so-called "legacy root" -- the most widely used, and thus most authoritative, list of which TLDs will actually map to IP numbers. It should be noted that in addition to the "legacy root" TLDs discussed in this Article, there are a large number of "alternate" TLDs that are not acknowledged by the majority of domain name servers.{61} There is no technical bar to their existence, and anyone who knows how to tell his software to use an alternate domain name server can access both the "legacy root" and whatever alternate TLDs are supported by that name server. Thus, for example, choosing to get domain name services from 205.189.73.102 and 24.226.37.241 makes it possible to resolve where a legacy DNS would only return an error message.
The legacy root is currently made up of 244 two-letter country code TLDs (ccTLDs), seven three-letter generic TLDs (gTLDs), and [*pg 40] one four-letter TLD (.arpa).{62} The 244 ccTLDs are almost all derived from the International Organization for Standardization's ISO Standard 3166.{63} Not every ccTLD is necessarily controlled by the government that has sovereignty over the territory associated with that country code, however. This is likely to be an area of increasing controversy, as (some) governments argue that the ccTLD associated with "their" two-letter ISO 3166 country code is somehow an appurtenance of sovereignty.{64} The ccTLDs sometimes have rules that make registration difficult or even next to impossible; as a result, the gTLDs, and especially .com, have the lion's share of the registrations. Three gTLDs are open to anyone who can afford to pay for a registration: .com, .org, and .net. Other gTLDs impose additional criteria for registration: .mil (U.S. military),{65} ..gov (U.S. government),{66} ..int (international organizations), .edu (institutions of higher education, mostly U.S.-based), and .arpa.{67} Domains registered in ccTLDs and gTLDs are equally accessible from any computer on the Internet.
[*pg 41]
2. The Registration Hierarchy. The registration side of the current DNS architecture is arranged hierarchically to ensure that each domain name is unique. At least prior to the recent introduction of a "shared registry" system,{68} which seems to have introduced some at least transitory uncertainty about whether the master list of second-level domain names is authoritative, a master file of the registrations in each TLD was held by a single registry.{69} In theory, and ignoring software glitches, having a single registry ensures that once a name is allocated to one person, it cannot simultaneously be assigned to a different person. End-users seeking to obtain a unique domain name must obtain one from a registrar.{70} A registrar can be the registry or it can be a separate entity that has an agreement with the registry for the TLD in which the domain name will appear. Before issuing a registration, the registrar queries the registry's database to make certain the name is available. If it is, it marks it as taken, and (currently) associates various contact details provided by the registrant with the record.{71}
While one can imagine other possible system architectures, the current domain name system requires that each domain name be "unique" in the sense that it be managed by a single registrant rather than in the sense that it be associated with a single IP number. The registrant may associate the domain name with varying IP numbers if that will produce a desired result. For example, a busy website might have several servers, each with its own IP number, that take turns serving requests directed to a single domain name.{72} In a different [*pg 42] Internet, many computers controlled by different people might answer to . In that world, users who entered that URL, or clicked on a link to it, would either be playing a roulette game with unpredictable results, or they would have to pass through some sort of gateway or query system so their requests could be routed to the right place. (One can spin more complex stories involving intelligent agents and artificial intelligences that seek to predict user preferences, but this only changes the odds in the roulette game.) Such a system would probably be time-consuming and frustrating, especially as the number of users sharing popular names grew. In any case, it would not be compatible with today's e-mail and other non-interactive communications mechanisms.{73}
3. The Domain Name Resolution Hierarchy. The name resolution side of the domain name system is an interdependent, distributed, hierarchical database.{74} At the top of the hierarchy lies a single data file that contains the list of the machines that have the master lists of registrations in each TLD. This is the "root zone," or "root," also sometimes known as the "legacy root." Although there is no technical obstacle to anyone maintaining a TLD that is not listed in the legacy root, these "alternate" TLDs can only be resolved by users whose machines, or Internet service providers (ISPs) as the case may be, use a domain name server that includes this additional data or knows where to find it. A combination of consensus, lack of knowledge, and inertia among the people running the machines that administer domain name lookups means that domain names in TLDs outside the legacy root, e.g., http://lightning.faq, cannot be accessed by the large majority of people who use the Internet, unless they do some tinkering with obscure parts of their browser settings.{75}
[*pg 43]
Domain names are resolved by sending queries to a set of databases linked hierarchically. The query starts at the bottom, at the name server selected by the user or her ISP. A name server is a network service that enables clients to name resources or objects and share this information with other objects in the network.{76} If the data is not in the name server, the query works its way up the chain until it can be resolved. At the top of the chain is the root zone file maintained in parallel on thirteen different computers.{77} These thirteen machines, currently identified by letters from A-M, contain a copy of the list of the TLD servers that have the full databases of registered names and their associated IP numbers. (To confuse matters, some of these machines have both a copy of the root zone file and second-level domain registration data for one or more TLDs.) Each TLD has a registry that has the authoritative master copy of the second-level domain names registered for that TLD, and the root zone file tells domain name resolving programs where to find them.
Thus, any discussion of the U.S. government's, or anybody else's, authority and control over the DNS occurs in the shadow of the peculiar fact that "control" does not work in a way familiar to lawyers. The United States does not "own" the entire DNS, although it has contracts with key players and owns a minority of the root servers. Most domain resolution functions take place on privately owned machines that may get their DNS data from other private machines, or from foreign machines, or from U.S. government contractors. The U.S. government's interest in the DNS indeed can be characterized in different ways. It could be argued that the U.S. government's control is ephemeral, since the only reason the root file matters is that the root server operators choose to get their base DNS data from it and that almost all other Internet users choose to get their root data from the thirteen legacy root servers.
Alternately, it could be argued that the U.S. government "owns" the root file that sits at the top of the DNS hierarchy, since the file is managed by NSI, under U.S. government contract. Indeed, in 1998, DoC amended its contract with NSI to make explicit DoC's power to decide what gets listed in the root file.{82} Yet, although DoC clearly controls the content of the file, the government's power over the root seems to sound more in contract than in property. Indeed, it is difficult to say that the U.S. government's interest is a traditional chattel [*pg 45] property right, since NSI owns the machine on which the root file resides. Nor is it easy to characterize DoC's interest as an intellectual property right. Although the root shares with domain names the property that it is a pointer to something,{83} it is just a small file of data. The root file lacks sufficient originality to be copyrightable, nor is it the sort of collection likely to be entitled to a compilation copyright. Furthermore, if the root file belongs to the government, and it is continually published, then under the 1976 Copyright Act, it is a "work" not subject to copyright.{84}
Whatever control DoC enjoys over the content of the root file remains meaningful only so long as other participants in the DNS -- and especially the twelve other root servers{85} at the next level of the hierarchy -- continue to rely on a U.S. government-controlled root server as their source of the master DNS root file. As long as the United States retains its control of the root file, however, the danger that the twelve root server operators will choose to get their data from elsewhere seems very remote for four reasons: First, of the twelve root servers that draw data directly from the "A" root server at the top of the DNS hierarchy, seven currently are owned by the U.S. government or operated by its contractors. Only three of the servers are located outside the United States.{86} Any move by the non- [*pg 46] U.S. or even non-U.S. government root servers to choose a new source for the master file would be certain to split the root, because the U.S. servers would not follow suit. Second, the old Internet hands who manage key parts of the infrastructure such as the root servers have a very great aversion to anything that looks as if it might split the root.{87} Third, the ur-lord of the DNS, the late Jon Postel, apparently tried to redirect the root from the "A" server and was intimidated into withdrawing the attempt.{88} If Postel could not do it, it is unlikely that others could today. And, fourth, ICANN is currently seeking to move the root file to its own server and to negotiate direct agreements with the other root server operators, which could make the whole issue moot by reducing their independence from ICANN.{89} If DoC were to choose not to renew its contracts with ICANN at some point in the future, then DoC or its designee as ICANN's successor presumably would become the beneficiary of any agreements ICANN had concluded with the root server operators.{90} Ironically, in this scenario, the "privatization" of the DNS proposed in the White Paper could lead ultimately lead to tighter U.S. government control over the DNS.
Control of the root potentially confers substantial economic and political power. The root determines which TLDs are visible to the vast majority of Internet users. The most naked exercise of this power involves deciding what data is contained in the single data file that comprises the root. Given current Internet architecture and customs, [*pg 47] the data in that file determines which gTLDs the vast majority of Internet users can access.{91}
People who register Internet domain names do so in hopes that anyone in the worldwide network will be able to reach them. It may be that they wish their websites to be visible around the world, or it may be that they want to get e-mail, or to engage in two-way chat. Whatever the application, a domain name that cannot be resolved into an IP number{92} by the vast majority of users is of very limited value on the Internet. Similarly, registrars selling domain name registrations understand that only domain names that "work" in the sense of being part of the global network carry much value. The ability to list a registration in a registry that is part of the "legacy" root is thus of paramount importance to a registrar. Similarly, every registry knows that its database of domain name to IP mappings is of limited value if no one can find it. Registries thus need to be listed in the root or they (and all the domains they list) become effectively invisible. As only being listed in the legacy root currently provides visibility for a TLD and the domains listed in it, control of the root creates powerful leverage.
The power to add TLDs to the legacy root has implications for intellectual property rights, consumer choice, competition, the ease of political discourse, and e-commerce generally. It even has implications for nation-building and international law. The root authority can add the top-level domain of any nation or pretender to nationhood; it can create gTLDs such as .shop or .biz in minutes, and within a day or so the results of these decisions automatically echo around the world. For example, when Palestinians wanted to have .ps created as a country code, they first persuaded the keepers of the ISO country code list to add .ps. Since the current policy for determining which "countries" should be listed in the root relies on this list, once the Internet Assigned Numbers Authority (IANA){93} determined that the ISO 3166-1 list had been amended to include .ps as a code for "Palestine," it certified that .ps should be added to the root and announced that it was accepting an application from a Palestinian academic to run the new [*pg 48] .ps domain.{94} At some subsequent point, the Department of Commerce must have approved the change in writing, since its agreement with NSI requires written confirmation for all changes to the root.{95} Although at this writing .ps does not appear to be accepting applications for second-level domain names, the ccTLD is listed in the root.{96}
The power to create is also, at least temporarily, the power to destroy. Because the servers in the DNS chain regularly refresh their cached data from the servers above them in the chain, the root server's decision to remove a nation's TLD from the web could make it effectively inaccessible to everyone who did not have alternate means of turning a domain name into an IP number. Delisting would severely limit the victim's Internet communications -- at least until the managers of other DNS servers in the world manually reinserted the deleted data in their copies of the root. Thus, control over the DNS confers substantial economic and political power. Since both civilian and military infrastructures in many nations are becoming increasingly dependent on the existence of the Internet, the ability to [*pg 49] disrupt an enemy's communications might be a strategic asset in wartime.{97}
However, even if it could be effective, this ploy would work at most once, because, were the U.S. to use the root for strategic advantage, all root servers located abroad would undoubtedly stop mirroring the data served from the U.S. immediately, even if it split the root.
A more subtle, but already commonplace, use of the root authority involves putting contractual conditions on access to the root. ICANN has imposed a number of conditions on registrars and commercial gTLD (but not ccTLD) registries on a take-it-or-be-delisted basis. For example, ICANN not only forbids anonymous registrations; it also forbids the Internet equivalent of an unlisted telephone number. Under ICANN's contractually imposed regulations, which continue the practices it inherited from NSI, every registrant of a domain name in a gTLD must consent to worldwide publication of her name, telephone number and address.{98} Unlike NSI, however, ICANN provides for rigorous enforcement of this rule, since under ICANN's mandatory arbitration policy, the Uniform Domain Name Dispute Resolution Policy, a domain name registration in "bad faith" is a key ground for transferring a domain from a registrant to a trademark holder,{99} and failing to provide accurate contact details is evidence of bad faith.{100} The addition of the UDRP is a radical change: under ICANN, every registrant in a gTLD must agree to a third-party beneficiary arbitration clause. Anyone anywhere who [*pg 50] believes that the registration or use of the domain name infringes a trademark or service mark can invoke this clause to force arbitration before one of a list of ICANN-approved arbitration service providers paid for and selected by the complainant.{101}
One aspect of the legal history and pre-history of ICANN deserves special mention before embarking on a detailed contractual history. Like the story of Sherlock Holmes's dog that did not bark in the night, the ICANN story contains a telling absence. The ICANN story lacks a statute. At no time has Congress ever authorized ICANN or the "privatization" of the DNS. DoC has relied on its general statutory authority to manage and to seek to "privatize" the DNS.{103} As a result, the critical legal documents are all contracts, [*pg 51] memoranda of understanding, or other bilateral agreements either between DoC and contractors, or among government contractors.
Compared to an ordinary legislative history, the contractual history described below is complex, sometimes confusing, rich in acronyms, and at times perhaps a little boring. Yet the legal underpinnings of the current DNS cannot be understood without a slog through it. The contractual history makes clear that the origins of the DNS and its management were informal, and only a small part of larger projects. When the Internet was small, the issues that now loom large were of little importance and attracted almost no attention. As the Internet, and especially its perceived commercial importance, grew, so too did the conflict over the rules to be applied to the DNS. Whatever doubt there may have been about the U.S. government's authority seems to have been resolved by mid-1997, when NSF decisively exercised its authority.{104} Policy control then passed to an interagency working group headed by Ira Magaziner, and to the Department of Commerce, which issued a critical policy document, the DNS "White Paper."{105} Although as a mere policy statement the White Paper did not have the force of law, major parts of its policies were quickly implemented, notably the creation of ICANN and the institution of a new domain name dispute policy that sought to meet the concerns of trademark holders.
The idea of giving internetworked computers easily remembered names dates back at least to 1971.{106} Peggy Karp, one of the early authors and editors of the Internet standards,{107} and the author of the [*pg 52] first request for comments (RFC) on host names, prepared the first hosts.txt file (the predecessor of the modern "root" file) and turned it over to the Stanford Research Institute (SRI) in early 1972. For the next fourteen years, the hosts.txt file was maintained by the SRI Network Information Center (NIC), then the Defense Data Network (DDN) NIC, and then the Defense Information Systems Agency (DISA) NIC.{108} Internet pioneer Paul Mockapetris wrote the specification for the original implementation of the DNS we have today,{109} but the transition to it took several years. Meanwhile, maintenance and administration of the system remained the responsibility of the SRI NIC for DISA.{110} During this period, the SRI NIC not only hosted the root file, but also served as the domain name registrar and registry for most gTLDs.
While the SRI NIC provided the machines and mechanics, starting about 1977,{111} the day-to-day responsibility for coordinating changes in standards and policy fell to a UCLA graduate student, Jon Postel, who was funded by a U.S. Department of Defense grant.{112} Postel, who had started coordinating other Internet protocols as early as 1972,{113} took on the task of assigning IP numbers, and (at some [*pg 53] point) protocol values for domain names. Thus, Postel, working through the evolving consensus procedures for setting Internet standards, decided which gTLDs and ccTLDs would be created and personally selected the people who would be empowered to register names in ccTLDs. When, after receiving his Ph.D., Dr. Postel moved to the University of Southern California's Information Sciences Institute, he took these functions with him.{114}
In October 1983, Postel and his colleague, Joyce Reynolds, authored RFC 920, "an official policy statement" of the Internet Architecture Board (a private Internet standards body){115} and the Defense Advanced Research Projects Agency (DARPA).{116} This official policy of the government and the Internet standards body defined most of the TLDs in use to this day.{117}
In 1985, DISA formally gave the responsibility for managing the expansion of the namespace to the Information Sciences Institute (ISI) at USC.{118} As early as 1974, ISI had begun to manage some other RFC administrative activities. At some later point, perhaps December 1988,{119} ISI reorganized. ISI, led by Postel, began operating the DNS and other RFC operational activities under the rubric of the Internet Assigned Numbers Authority,{120} pursuant to authority delegated from the U.S. Department of Defense.{121}
[*pg 54]
In 1986, DISA began allowing some offshore DARPA research centers to perform some DNS registration functions, the first of which was University College, London, for a UK domain. Later, it allowed a research facility in Amsterdam to manage some IP address blocs under the rubric RIPE. The government contracts for these activities remained with ISI, of which IANA was an unincorporated administrative unit. IANA's funding came from Department of Defense grants to USC.{122} Although for a time IANA claimed to have a charter from the Internet Society (ISOC) and the Federal Networking Council, it was at all relevant times a government contractor.{123}
Between 1972 and 1994, Dr. Postel and (starting in the late 1980s) IANA{124} documented their procedures in a set of requests for comments, which were adopted by the Internet Engineering Task Force (IETF).{125} The IETF is an independent, unincorporated, international standards body of continually floating membership. Although RFCs are nonbinding, they are widely recognized as the critical Internet standards documents and often have enormous influence.{126} Thus, for example, in RFC 349, Postel, still a graduate student, wrote presciently, "I propose that there be a czar (me?) who hands [*pg 55] out official socket numbers for use by standard protocols. This czar should also keep track of and publish a list of those socket numbers where host specific services can be obtained. I further suggest that the initial allocation be as follows . . . ."{127} By the time of his death in 1998, by all accounts Jon Postel and his colleague Joyce Reynolds were not only socket czars, but Internet names and numbers czars.
In 1990, DISA recompeted the NIC contract, which was won by Government Systems Inc. (GSI),{128} who then subcontracted the entire operation to Network Solutions, Inc. NSI started operating the NIC early in 1992. By then, DISA had concluded that the continued growth of the Internet and the introduction of new programs such as the National Research and Educational Network (NREN) meant that the funding and management of the non-military part of the Internet's administration belonged outside the Department of Defense.{129} NSF had already begun funding cooperative private-sector Internet research and development in 1986 and continued to do so on an increasingly large scale until 1995.{130} Unlike the Department of Defense, NSF provided grants to the private sector and entered into "cooperative agreements" to undertake the needed work with the "technology transfer" expectation that anything developed could eventually be undertaken and owned entirely by the grantee.{131}
In 1994, Dr. Postel authored RFC 1591, Domain Name System Structure and Delegation,{132} in which he described his policies and procedures for assigning domain names. Several issues which are fraught [*pg 56] with controversy today took only a paragraph or two to explain in 1994. Thus, for example, RFC 1591 described relatively lightweight procedures for creating new top-level domains -- an issue that has more recently consumed years of debate without the creation of any new gTLDs. Since establishing the basic system of gTLDs and ccTLDs, Postel and IANA had created a small number of additional ccTLDs and a few limited-use gTLDs, but no gTLDs for general use. By 1994, the demand for names in the gTLD space was still very small; the explosion in demand did not begin until at least two years later.{133} RFC 1591 also described how one qualified to manage a ccTLD. It set up a rule of first-come, first-served so long as one had decent Internet connectivity, acted fairly, and was accepted by the user community. Cases in which a ccTLD manager lost the confidence of his users were to be resolved by negotiation among the squabbling parties.{134} As for what is a country name, and who has the right to a domain name that resembles a trademark, RFC 1591 said only this:
1) Names and Trademarks
In case of a dispute between domain name registrants as to the rights to a particular name, the registration authority shall have no role or responsibility other than to provide the contact information to both parties.
The registration of a domain name does not have any Trademark status. It is up to the requestor to be sure he is not violating anyone else's Trademark.{135}
If nothing else, it seems safe to say that by 1994 the authority for DNS policy was somewhat muddled. The entry of a new player would confuse matters further.
2. The NSF-NSI Cooperative Agreement (1993-95). In 1993, about a year before Jon Postel issued RFC 1591, the National Science Foundation replaced the Department of Defense as the funding source for the NIC.{139} It engaged Network Solutions, Inc. to take over the domain name registration services for the non-military Internet, a function that NSF estimated would require it to spend around $1 million per year.{140} NSI thus ran the computers that held the root zone, was responsible for the mechanics of inserting new TLDs into the root (although not for deciding which, if any, should be included), and also took on the function of day-to-day assignment of second-level domain names in .com, .org and .net on a first-come, first-served basis. The NSF-NSI "Cooperative Agreement"{141} gave NSI a monopoly over .com registrations that it would ultimately build into a multi-billion dollar business; the monopoly originally was scheduled to expire in September 1998.{142}
The agreement gave NSI operational control of the DNS but, as in the predecessor agreement between DISA and GSI, required NSI to follow the policy directions of IANA. Article 3 of that agreement required NSI to "provide registration services in accordance with the provisions of RFC 1174."{143} In turn, RFC 1174 stated that IANA had "discretionary authority to delegate [responsibility] with respect to [*pg 58] numeric network and autonomous system identifiers."{144} RFC 1591 soon amplified RFC 1174, although since it was only an "informational" RFC, it arguably was not binding on NSI. RFC 1591 describes IANA as "the overall authority for the IP Addresses, the Domain Names, and many other parameters, used in the Internet."{145} Since the paymaster for IANA remained the U.S. Department of Defense, the effect of this provision was to ensure that policy control of the root remained in the hands of people closely tied to the U.S. government, and especially the military, even while daily functions such as second-level domain name registration services were moving into NSF's, and through them NSI's, hands.
The profit potential of the domain name registration business soon grew. In September 1995, NSF agreed to amend the Cooperative Agreement to allow NSI to charge user fees of $50 per year for domain names.{146} IANA, still working under Department of Defense contracts, remained in charge of fundamental policymaking, but NSI's control over the mechanics of registration allowed it to, and perhaps even operationally required it to, make decisions that had policy im- [*pg 59] plications. The most controversial of these was undoubtedly NSI's frequently amended "dispute policy." Although the details varied from version to version, in essence the policy provided that any person proffering a trademark on a word identical to another person's domain name registration could have the registration put "on hold" -- frozen so that it would no longer resolve to an IP number and was, thus, of no practical use.{147} The dispute policy greatly benefited NSI, as it nearly eliminated its exposure to lawsuits by trademark owners, who tended to be better financed and better represented than non-trademark-owning registrants.
3. The TM Community Awakens. NSI had reason to fear lawsuits. The Internet's explosive growth fueled a land-rush mentality for domain names, especially in the .com domain. In response to the growing demand for new gTLDs, Dr. Postel had endorsed creating a large number of new gTLDs as early as November 1995.{148} Postel's own plan involved creating 150 new TLDs in the first year alone.{149} But already the trademark problem threatened to dominate any debate over the creation of new TLDs, and Postel's plan, like his earlier proposal{150} to de-link IANA from the U.S. government and [*pg 60] find other backing such as the Internet Society, failed to garner sufficient support.{151}
In compliance with NSF's directive to encourage use of the Internet, and in keeping with the growing .com mentality of wanting to do everything immediately, NSI allowed registrants a long grace period; even after NSI started charging $100 for two-year domain name registrations, NSI waited thirty days before sending a bill, and then gave additional time to pay, creating a long float.{152} As there was no limit to the number of names a person could register, name speculators quickly understood that they could register names and attempt to seek buyers for them without risking any capital.{153} While some speculators sought common words with multiple possible uses, a few others -- who became known as cybersquatters -- registered thousands of names that corresponded to the trademarks of companies that had not yet found the Internet and then sought to resell (or, some would say, ransom) the name to those companies. Since the Lanham Act requires commercial use before a court will find trademark infringement, it seemed more than arguable that mere registration, without use, was legal, and that the brokers/cybersquatters had found a costless way to profit.{154}
Much of early cybersquatting law was defined by one of the most active cybersquatters, Dennis Toeppen. By 1996, in Intermatic Inc. v. Toeppen,{155} the first court had held that registering domain names in order to offer them for sale to a firm of that same name constituted an actionable commercial use of that name under the Federal Trademark Dilution Act.{156} The Ninth Circuit later essentially adopted this reasoning in the landmark 1998 case of Panavision International v. [*pg 61] Toeppen.{157} The specter of illegality, however, did not stop the cybersquatters, as they could still exploit the settlement value of cases: they put no money down, or just the cost of a registration, which was $100 or less, and could negotiate for sums up to the filing costs, attorney's fees, and value of management time, which usually added up to at least a few thousand dollars.{158}
4. PGP Media Lawsuit (1997). By 1997, it was evident that domain names would be valuable, and that NSI had a valuable franchise. Other firms sought to become registries and to establish parallel top-level domains. Some set up alternate roots,{159} while others sought to force their way into the legacy root. One of the most persistent was PGP Media (later, Name.Space), a firm that in March 1997 wrote to NSI requesting that NSI add to the root zone file some 530 gTLDs that PGP Media alleged it had claimed. NSI argued that it lacked the authority to add entries to the root zone and referred Name.Space's request to IANA. PGP Media responded by filing a complaint alleging antitrust violations against NSI, with IANA named as a nonparty co-conspirator. As the Second Circuit summarized it:
NSI then wrote to Dr. Jon Postel at IANA on March 27, 1997, informing him of this lawsuit and seeking to confirm NSI's understanding that it could make changes to the root zone file only at the direction of IANA. IANA responded on April 4, 1997 by denying that IANA had any authority over NSI's operations, and stating that IANA also had no authority to establish any new gTLDs in the absence of an Internet community consensus. Therefore, NSI wrote to NSF on June 10, 1997 describing the events that had transpired to date, and requesting authority to begin accepting applications for new gTLDs pursuant to a registration procedure.{160}
NSF officially rejected NSI's proposal on June 25, 1997, and explicitly requested that NSI add no new TLDs to the root zone file pending the conclusion of an internal review of DNS policy, an order it confirmed the next month. Name.Space responded by amending its complaint to include NSF, although that part of the case became moot after ICANN was formed.{161} Although Name.Space ultimately lost on all counts,{162} the maneuvering did have important consequences. IANA disclaimed authority over NSI and asserted only an equivocal authority over the root, the ability to act on the basis of consensus. In contrast, NSF demonstrated control over NSI and thus, in effect, over the root zone file.
5. The Road to the White Paper (1997-98). As the Internet grew, and as commercial considerations began to loom larger, the U.S. government's control of the root began to be a magnet for controversy. Foreign governments began to question why the United States should control a critical component of a global network, and firms all over the world began to complain about the uneasy overlap between domain names and trademarks.{163} In July 1997, in response to these growing domestic and international concerns regarding the future of the DNS, President Clinton directed the Secretary of Commerce to privatize the DNS.{164} On July 2, 1997, the Department [*pg 63] of Commerce issued a request for comments on DNS administration, on behalf of an interagency working group headed by Ira Magaziner.{165} Magaziner's reputation had suffered from his responsibility for the debacle of President Clinton's national health care initiative, and commentators speculated that he saw his role in Internet policymaking as a chance to do some repair work.{166} Magaziner was also influential in crafting the administration's policy statement on e-commerce.{167}
Agencies commonly issue requests for comments as a first step towards figuring out whether (and how) to regulate. While not all such requests result in a notice of proposed rulemaking (NPRM), an NPRM is a routine next step. An NPRM is a formal notice, published in the Federal Register, in which an agency sets out a proposed rule. In informal rulemaking under the APA, an NPRM is subject to public comment, after which the agency can either abandon the rule, substantially revise it and issue a fresh NPRM, or issue it, perhaps with minor changes.
On January 30, 1998, Magaziner and DoC published their proposal for the reform of DNS administration.{168} This document became [*pg 64] known as the Green Paper,{169} but in bureaucratic form it was just an ordinary NPRM proposing an informal rule.
Just before Magaziner published the Green Paper on the World Wide Web,{170} an incident occurred that demonstrated the fragility of the existing, somewhat informal, understandings about DNS authority and control. On January 28, 1998, Jon Postel -- who may have been aware of the likely content of the Green Paper{171} -- sent an e-mail requesting that the root servers not controlled by NSI or the U.S. government start pointing to his server "B" rather than server "A" for the authoritative data on the root.{172} Postel's "B" server continued to mirror the data in "A," so in the short term this shift would have changed nothing; in the longer term it would have enabled him to control the root and thus single-handedly create new TLDs. Most of the other root servers complied.{173} To his detractors, Postel was attempting a power grab, a single-handed hijack of the Internet, or even threatening to split the root, creating the dreaded possibility of inconsistent databases.{174} (Recall that inconsistent data is bad because it means that which IP resolves when one types in a domain name might depend on which database -- effectively which Internet -- one might be connected to.) When Ira Magaziner heard of what Postel would later diplomatically call a "test," Magaziner instructed Postel to return to the status quo. Postel did so, and the "test" was over.{175} Magaziner [*pg 65] was later quoted as saying that he told Postel that redirection could result in criminal charges,{176} although it is unclear what statute would apply.
The Green Paper mapped out an ambitious course of action for U.S. domain name policy, the details of which can be elided since the rulemaking was abandoned in the face of the opposition it engendered. The Green Paper remains noteworthy, however, for its account of why DoC felt it had the power to make rules about the DNS at all, given the absence of direct congressional authorization. The Green Paper listed five sources of DoC's statutory authority for this proposed rulemaking:{177} (1) the general mission statement of DoC for the promotion of U.S. commerce;{178} (2) DoC's National Telecommunications and Information Administration's (NTIA) power to coordinate telecommunications activities and assist in the formation of policies;{179} (3) NTIA's authority to "develop and set forth telecommunications policies";{180} (4) NTIA's power to conduct studies and make rec- [*pg 66] ommendations;{181} and (5) NTIA's authority to "issue such regulations as may be necessary to carry out" its functions.{182} Finding rulemaking authority in any of the above for giving ICANN even temporary control of the DNS in these statutes would be, to put it gently, a stretch. NTIA has the authority to conduct studies, to coordinate and formulate policy, and to make recommendations. It does not have independent rulemaking authority, and the congressional grant of power to act as a think tank cannot be leveraged into rulemaking power via DoC's general authority to make regulations "as may be necessary to carry out the functions assigned under this chapter"{183} when none of those functions involved regulating rather than studying or recommending.
As it happened, however, the question of DoC's or NTIA's rulemaking authority became moot, since the Green Paper foundered on politics. The Green Paper encountered substantial opposition,{184} and it became clear that DNS regulation was too controversial for consensus, or even a politically satisfying compromise. DoC and Ira Magaziner's interagency group abandoned their effort to issue a final rule, and instead, in June 1998, they issued a nonbinding statement of policy that became known as the DNS White Paper.{185} Whether or not DoC had the authority to issue a rule ceding even temporary control of the DNS, it never purported to do so. Unlike substantive rules, statements of policy are not subject to notice and comment under the APA,{186} because they are not a final decision as to citizen's rights or [*pg 67] duties. A statement of policy is intended to guide officials and inform the public,{187} but officials remain required to exercise their discretion when applying the policy, and citizens remain free to challenge each decision on a case-by-case basis.
Like the Green Paper before it, the White Paper framed the basic "Principles for a New System" as "stability, competition, private bottom-up coordination, and representation":{188}
1. Stability. . . . During the transition and thereafter, the stability of the Internet should be the first priority of any DNS management system. . . .
2. Competition. . . . Where possible, market mechanisms that support competition and consumer choice should drive the management of the Internet because they will lower costs, promote innovation, encourage diversity, and enhance user choice and satisfaction.
3. Private Sector, Bottom-Up Coordination. . . . A private coordinating process is likely to be more flexible than government and to move rapidly enough to meet the changing needs of the Internet and of Internet users. The private process should, as far as possible, reflect the bottom-up governance that has characterized development of the Internet to date.
4. Representation. . . . Management structures should reflect the functional and geographic diversity of the Internet and its users. Mechanisms should be established to ensure international participation in decision making.{189}
a new, not-for-profit corporation formed by private sector Internet stakeholders to administer policy for the Internet name and address system. Under such agreement(s) or understanding(s), the new corporation would undertake various responsibilities for the administration of the domain name system now performed by or on behalf of the U.S. Government or by third parties under arrangements or agreements with the U.S. Government.{191}
The statement of policy went on to describe in a fairly detailed way what this new hoped-for corporation should look like, and how it should work. "NewCo" (as it came to be known) "should be headquartered in the United States, and incorporated in the U.S. as a not-for-profit corporation. It should, however, have a board of directors from around the world."{193} It should take over the existing IANA staff, and it should have the authority to "[s]et policy for and direct allocation of IP number blocks to regional Internet number registries" and "[o]versee operation of the authoritative Internet root server system"{194} plus "[o]versee policy for determining the circumstances under which new TLDs are added to the root system" while coordinating "the assignment of other Internet technical parameters as needed."{195}
The White Paper also prescribed a structure for NewCo's board of directors, which it said "should be balanced to equitably represent the interests of IP number registries, domain name registries, domain name registrars, the technical community, Internet service providers (ISPs), and Internet users (commercial, not-for-profit, and individuals) from around the world."{196} NewCo would start with an interim [*pg 69] board that would serve for a fixed period until the board of directors was elected, but interim board members would "not themselves serve . . . for a fixed period thereafter."{197} Government officials would be forbidden to serve on the board. The interim board would "develop policies for the addition of TLDs, and establish the qualifications for domain name registries and domain name registrars within the system."{198}
The White Paper further detailed the internal functioning of NewCo, stating it should be
governed on the basis of a sound and transparent decision-making process, which protects against capture by a self-interested faction . .. . . The new corporation could rely on separate, diverse, and robust name and number councils responsible for developing, reviewing, and recommending for the board's approval policy related to matters within each council's competence. Such councils, if developed, should also abide by rules and decision-making processes that are sound, transparent, protect against capture by a self-interested party and provide an open process for the presentation of petitions for consideration.{199}
In order to achieve these ends, the statement of policy committed the U.S. to a "[r]amp down" of its existing agreements with NSI that would require it to take actions to promote competition{204} -- although in practice the "ramp down" probably meant extending existing agreements rather than simply allowing them to end, as NSF earlier suggested.{205} Further, DoC pledged to require NSI to "recognize the role of the new corporation to establish and implement DNS policy and to establish terms (including licensing terms) applicable to new and existing gTLDs and registries under which registries, registrars and gTLDs are permitted to operate."{206} In other words, NewCo would become NSI's regulator in all but name.
Once ICANN was formed, it owed its purpose, power, and relevance to the Department of Commerce. Without Jon Postel, no one would ever have paid any attention to anything ICANN said, had not DoC designated ICANN as NewCo. ICANN derives its power from [*pg 71] contracts with DoC and acts as DoC's agent for DNS matters. DoC could, if it wished, terminate its relationship with ICANN and choose another body to perform all of ICANN's functions. Thus, whatever the legal formalities, DoC is the "but for" cause of ICANN's relevance, indeed its very existence, and the fundamental source of ICANN's powers. Nevertheless, subsection 1 below argues that because the formation was kept at arms' length, ICANN's creation did not violate the Government Corporation Control Act, the statute designed to prevent agencies from creating private corporations to do their will. Similarly, because DoC's relationship with ICANN is contractual, it probably complies with the letter of the Federal Advisory Committee Act.
Whatever the intentions may have been in early 1998, by early 1999 ICANN had adopted a Byzantine structure that privileged some interests, primarily corporate and commercial. The structure disadvantaged end-users and the firms that had expended resources to set up alternate registries.{207} Would-be registrars, on the other hand, benefited, as ICANN recognized them as one of the seven "stakeholder" interest groups entitled to preferential recognition in the ICANN structure.{208} One of the many oddities of the ICANN gerrymander of the Domain Name Supporting Organization (DNSO) is that future registrars were allowed to enter the registrars' constituency and vote before they were accredited by ICANN, but future registries were not. The first board members, selected for their lack of experience with the DNS wars, nevertheless proceeded to make fundamental decisions that affected the legal rights of all registrants in the three open gTLDs, and perhaps all Internet users. They also sought to impose fees on various participants in the DNS hierarchy and gutted the influence that non-corporate domain name registrants might have over the composition of subsequent boards.
[*pg 72]
The road to these results was anything but direct. It was the result of a tripartite struggle between NSI, ICANN and DoC. From its inception, ICANN embarked on a series of moves designed to raise revenue and to solidify its authority. Its first order of business was to become recognized as NewCo, its next to take over IANA's role in DNS administration. Last but not least, ICANN needed to get NSI to recognize its authority. Only when DoC had pressured a very reluctant NSI to recognize ICANN's authority -- at the price of extending NSI's monopoly over the .com registry business for years to come{209} -- was ICANN able to ensure that the policies it had adopted, such as the UDRP's mandatory arbitration rules, would affect every registrant in the commercial gTLDs. Indeed, each major step required intervention from DoC.
1. ICANN Formed (October 1998). After the publication of the White Paper, Postel and his lawyer, Jones Day partner Joe Sims, incorporated ICANN and set out to write bylaws that would be close enough to DoC's requirements for ICANN to be accepted as NewCo while preserving substantial freedom of action for the ICANN board.{210} The ICANN drafting and board recruitment efforts operated behind closed doors, but it benefitted from the imprimatur and prestige of Jon Postel.{211} Postel was intended to be the chief technical officer of ICANN,{212} and the interim board was designed to be composed of worthies who would be recognized as neutrals and would lend their prestige and neutrality to legitimate his decisions.{213}[*pg 73] (Recall that Postel's previous attempt to add TLDs to the root had been shelved due to protests, leading to questions about who had the authority to make DNS policy.{214}) An important part of the interim board members' function as neutrals would be to agree on how their successors should be selected. The decision to choose neutrals meant that the board members had to be chosen for their lack of involvement in the DNS wars, and this, in turn, meant that the first set of board members had little direct technical expertise relating to the DNS, although some had extensive technical background in other technologies.{215} The exemplar of both of these characteristics was the person ICANN would elect to head its board: Esther Dyson. Already well-known as a magazine publisher, venture capitalist, and Internet guru, Dyson was a highly respected name in most of the Internet community. She did not, however, have much experience in DNS matters.{216} Lack of experience, however, seemed a minor issue since Postel would be the CTO, and he was acknowledged to be a trusted, if not revered, figure by almost everyone interested in DNS policy. But Jon Postel died suddenly on October 16, 1998, just as plans to form ICANN were near completion.{217} With Postel's death, ICANN [*pg 74] lost the figure on which its legitimacy and trust had been based before it was even officially incorporated.
Following the lead of the White Paper, which called for NewCo to have "the functional and geographic diversity of the Internet and its users,"{218} ICANN adopted a frankly corporatist structure. This structure, however, was unduly complex -- as a glance at the simplified (!) diagram in Figure 1 (pp. 185-86) demonstrates; programmers may recognize the symptoms of a code base run wild. Moreover, not only was ICANN frankly corporatist,{219} but some "stakeholders" were far more equal than others. The Domain Name Supporting Organization and its parent body, the Names Council, appeared to be the places where issues such as new gTLDs and anti-cybersquatting policies would be thrashed out. ICANN declared that the DNSO would have seven "constituencies,"{220} each of which would elect three delegates to the Names Council, which, in turn, would ultimately elect three ICANN board members who would sit with the initial, self-selected board.{221} As the DNSO constituencies often overlapped, a single firm could simultaneously be a member of up to four constituencies.{222} In [*pg 75] contrast, none of the DNSO constituencies offered voting membership to individual domain name registrants, not to mention ordinary Internet users. Furthermore, ICANN decided that the public's role, the number of directors the public could elect, and the public's influence over directors that it might elect, should be reduced well below the level contemplated in the White Paper.
a. ICANN and the GCCA. Despite the tradition of openness that dominates most Internet standards processes,{223} ICANN was founded in secret. The secrecy led to enormous ill-will and suspicion in the Internet community and to at least two formal inquiries, one by a House Committee and one by the General Accounting Office.{224} The inquiries were motivated, in part, by an understandable suspicion that administration officials might have done more than simply call for NewCo to be created. Any participation by the federal government in ICANN's formation beyond general cheerleading would probably have violated the Government Corporation Control Act (GCCA). However, most of the board members appear to have been recruited either by European Union officials or by Joe Sims, Postel's lawyer and later ICANN's.{225} Although ICANN organizers [*pg 76] briefed U.S. government officials from time to time, and Magaziner himself had a hand in recruiting Esther Dyson, these officials's participation probably did not violate the GCCA.{226} It may be an indictment of the GCCA, but by simply describing what needed to be done rather than doing it itself, the government remained sufficiently at arms' length to satisfy the formal requirements of the law. Only Magaziner's recruitment of Dyson crossed this line, and that alone was probably not enough to taint the entire enterprise.
DoC is not the first agency to seek to use the corporate form or to create a private corporation to achieve desired ends.{227} The Government Corporation Control Act{228} is Congress's most comprehensive modern attempt to define when and how federal officials may create and use private corporations for public purposes. Congress enacted the GCCA in response to a plethora of federally owned and mixed-ownership federal government corporations{229} and attendant inconsistent accounting standards and a general lack of federal control and accountability.{230} Section 9102 of the GCCA prohibits the creation or acquisition of corporations by the executive branch "to act as an agency" without specific legal authorization.{231}
In one of the few cases interpreting section 9102 of the GCCA or discussing when a federal agency may shepherd a state corporation [*pg 77] into being, the Supreme Court in Lebron v. National Railroad Passenger Corp. observed that the GCCA
was evidently intended to restrict the creation of all Government-controlled policy-implementing corporations, and not just some of them. And the companion provision that swept away many of the extant corporations said that no wholly owned government corporation created under state law could continue "as an agency or instrumentality of the United States," § 304(b), 59 Stat. 602. Once again, that was evidently meant to eliminate policy-implementing government ownership of all state corporations, and not just some of them.{232}
The only other reported case to discuss section 9102, Varicon International v. Office of Personnel Management,{233} involves facts that more closely resemble ICANN. The Office of Personnel Management (OPM) decided to privatize the office that conducts background investigations of executive branch applicants and employees for security clearance purposes. It produced a privatization plan that called for an employee-owned company to be created with which OPM would contract to perform the background investigations previously performed by the Investigations Service. As part of the privatization plan, the new company offered employment to all OPM personnel displaced by the privatization plan. OPM then awarded a sole-source contract for information services to this employee-owned company. Plaintiffs, who had previously contracted with OPM for similar work, sought to enjoin operation of the contract.{234}
In the course of denying the application for an injunction on several grounds, the district court noted a number of facts about the U.S. Investigation Services (USIS) that persuaded it to distinguish Lebron: (1) no USIS employees were employed by the government; (2) the government had no control over the USIS board of directors, management, or employees, except as provided for in the contract; (3) the government did not and would not own any USIS stock; (4) the gov- [*pg 78] ernment appointed none of USIS's directors; and (5) the government had no obligation to pay USIS except as provided under the contract in payment for service performed under the contract.{235} The district court therefore concluded that USIS was "a private corporation which was awarded a government contract, and not a corporation which is acting as a federal agency."{236} All these factors, except perhaps the second, apply to ICANN as well. The second factor is debatable, since DoC control over the root gives it extraordinary leverage over ICANN. However, even if we assume OPM was the only possible buyer of USIS's services (an issue the court did not address), there are still differences between the USIS/OPM relationship and the ICANN/DoC relationships: USIS was a contractor performing a service for money; ICANN is not paid by DoC but rather gets income from third parties over whom DoC gave ICANN power.{237} Most of ICANN's contracts are research agreements rather than ordinary procurement agreements, and the "procurement" is for zero dollars. Finally, there is no way that USIS's services to OPM could be described as regulatory.
The nature of ICANN's services to DoC is particularly important, as can be seen from an analogous distinction involving Defense Department Federally Funded Research Development Centers (FFRDCs). The Acting Comptroller General opined in 1992 that agencies could establish FFRDCs in universities and other nonprofits pursuant to existing statutory authority without violating section 9102.{238} Even FFRDCs that received all of their funding from the government did not, therefore, become "a corporation established or acquired to act as an agency."{239} The Comptroller General noted, however, that "agencies are prohibited from awarding FFRDC contracts to perform work of a policy, decisionmaking or managerial nature which is the direct responsibility of agency officials."{240}
On the other hand, even when a corporation provides no policymaking services, an agency may still lack the authority to create it. The General Counsel of the GAO opined in 1998 that the Federal Communications Commission exceeded its authority under 47 U.S.C. [*pg 79] § 254(h) when the FCC directed the incorporation of two Delaware corporations. Section 254(h) authorized the FCC to provide service support benefits to certain schools, libraries, and rural health care providers, but did not specify how the FCC should do this.{241} The FCC appointed the National Exchange Carrier Association (NECA) to administer its programs, then directed it to create "an independently functioning not-for-profit subsidiary" to temporarily administer some programs.{242} The FCC also directed NECA to create "two unaffiliated, not-for-profit corporations to be designated the Schools and Libraries Corporation and the Rural Health Care Corporation. . . . NECA was directed to incorporate the corporations under the laws of Delaware and to take such steps as are necessary . . . to make the corporations independent."{243} These new entities would take up some of the support functions. The certificate of incorporation for the new entities stated that their purposes were defined in FCC regulations. Those regulations stated that the boards and CEOs were to be selected or approved by the FCC Chair.{244}
The FCC first argued that it had the authority to create the two corporations pursuant to its general authority,{245} but the GAO's General Counsel was unpersuaded, stating that "we recognize the breadth of [the general authority but] the provision is constrained by the later passage of the Government Corporation Control Act."{246} The FCC ultimately agreed with this statutory analysis, but then argued that the GCCA still did not apply since NECA, not the FCC, established or acquired the two corporations. The General Counsel dismissed this fiction, stating that the GCCA "prohibits an agency from creating or causing creation of a corporation to carry out government programs without explicit statutory authorization."{247}
Nevertheless, the ICANN case is different from the case of the Schools and Libraries and the Rural Health Care corporations. [*pg 80] ICANN is more independent and its creation was substantially more arms-length than the FCC's captive corporations. Neither of those made even a pretense of independence, and their top officers were subject to FCC approval.{248} As a formal matter, and one suspects in reality also, ICANN is more independent.
Thus, DoC's decision to publish the White Paper as a formally nonbinding policy statement appears to be a successful end-run around the GCCA -- which suggests that the GCCA may need amendment.{249} By calling for NewCo to form spontaneously,{250} government officials avoided directly "creating" the corporation.
b. Amendment 11: NSI Preserves Its Monopoly (October 1998). While Postel and Sims were selecting directors for the ICANN-to-be, NSI was working to preserve and extend its monopoly of both domain name registry services and registrar services, a goal that seemed to leave little room either for ICANN or for increased competition in the domain name business. NSI's right to register domain names, an increasingly remunerative activity, was due to expire on March 31, 1998, although it could be extended by the U.S. government.{251} Ordinarily, that should have given the U.S. government enormous leverage over its contractor. The picture was clouded, however, by an anomaly in the drafting of the NSI-NSF agreements, exacerbated by an amendment proposed by NSI in 1995, that created an arguable case that NSI had some sort of right to own the database of registrants. NSI claimed variously that it had no obligation to turn over the data linking registrants to domain names, or that it could keep a copy even if its MoU expired -- with the implicit threat that it might go into business on its own, setting up an alternate root.{252} NSI used its intellectual property claim, and the very significant threat of truly privatizing the root, plus its unique experience in managing the [*pg 81] ever-growing and ever-more-important .com domain, as leverage to negotiate an extension of its contract on favorable terms.{253}
Amendment 11 (agreed to on October 7, 1998) extended the DoC-NSI MoU to September 30, 2000, and punted the question of intellectual property,{254} but imposed on NSI an obligation to design a "shared registry" system that would allow other, competing registrars to sell registrations that would be reflected in the legacy root.{255} This extension agreement also paved the way for a separation of NSI's registry and registrar functions, with the registry entitled to charge all registrars a fixed fee, to be determined later, for its services.{256} NSI further promised to give the U.S. government a copy of the second-level registration data, something it had not admitted was already due in the previous agreement.{257} Critically, NSI also promised to make no changes to the root without written authorization from DoC.{258}
Perhaps the most significant part of Amendment 11 was that DoC extracted promises from NSI regarding what would happen "as the USG transitions DNS responsibilities to NewCo."{259} The agreement stated that as NewCo took over, "corresponding obligations under the Cooperative Agreement as amended will be terminated and, as appropriate, covered in a contract between NSI and NewCo." In other words, NewCo would more or less step into DoC's shoes, and NSI would accept it as policy master of the legacy root: "NSI acknowledges that NewCo will have the authority, consistent with the [*pg 82] provisions of the Statement of Policy and the agreement between the USG and NewCo, to carry out NewCo's Responsibilities."{260} NSI also promised that once DoC selected NewCo, NSI would appoint ten persons chosen by NewCo to help design the shared registry system, create a testing environment to help new registrars selected by NewCo exercise their software, give NewCo technical assistance on request, and enter into a contract with NewCo.{261}
2. ICANN Opens Shop & DoC-ICANN Memorandum of Understanding (November 1998). From the moment of its formation on October 26, 1998, ICANN faced obstacles and opposition. The secret selection of the initial board, combined with (depending who you asked) the collapse of, sabotage of, or end-run, around popular alternatives created hard feelings.{262} ICANN's only potential source of income was to require one or more classes of Internet users to pay it, but neither registrants, NSI, nor the other registries seemed anxious to do so. Meanwhile, ICANN had to choose between, on the one hand, establishing the full set of governance structures articulated in the White Paper, including widespread representation, and, on the other hand, trying to rush decisions to a conclusion so that ICANN would have tangible achievements. The requirement to elect half the board from the at-large membership of the new entity implied requirements for a global membership and some means to run a reasonable worldwide election among a group whose parameters had yet to be defined. And, worst of all, Jon Postel's death robbed the organization of its intellectual center, its chief source of technical knowhow, much of its institutional memory, and a good part of its legitimacy.
ICANN's first priority was to formalize its relationship with DoC and to have DoC recognize it as the NewCo contemplated in the White Paper. Recognition as NewCo would then trigger NSI's duties under Amendment 11. So long as NSI refused to recognize ICANN, its authority was limited at best. ICANN, however, was not the only [*pg 83] body seeking to be NewCo.{263} In retrospect, however, it seems clear that the ICANN proposal had the inside track from the start.{264}
The existence of an alternative to ICANN's proposals did have one effect, however: It highlighted ways in which the original draft of the ICANN articles and bylaws differed from the more inclusive and representative structures envisioned by the White Paper's call for "bottom up" decisionmaking and "representation." The Department of Commerce was sufficiently concerned about the lack of end-user representation in the original ICANN structure to demand changes. While ICANN created what appeared to be an expanded role for a "general assembly" of registrants that would be part of the DNSO, this group had no influence on the Names Council, and thus none on the ICANN board -- not surprisingly, it never amounted to anything. And the concessions concerning election of at-large directors by a public membership were later undermined.{265}
DoC also queried ICANN regarding its membership, financial accountability, transparency, conflicts of interest policy, geographic diversity, and its policy on ccTLDs.{266} ICANN responded by revising its articles of incorporation{267} and making substantial changes to its bylaws to accommodate these criticisms.{268} Changes included the addition of an anodyne policy on conflicts of interest and the promise to [*pg 84] publish board minutes of secret board meetings quickly and regularly -- a promise later honored in the breach.
On November 25, 1998, DoC signed a memorandum of understanding with ICANN (the DoC-ICANN MoU),{269} although it did not (yet) formally recognize ICANN as NewCo. This MoU is one of the three pillars of ICANN's authority. In it, DoC and ICANN agreed to "jointly design, develop, and test the mechanisms, methods, and procedures that should be in place and the steps necessary to transition management responsibility for DNS functions now performed by, or on behalf of, the U.S. Government to a private-sector not-for-profit entity" in order to prepare the ground for the transition of DNS management to ICANN.{270} The "DNS management functions" covered included "[e]stablishment of policy for and direction of the allocation of IP number blocks," as well as oversight of both "the operation of the authoritative root server system" and "the policy for determining the circumstances under which new top-level domains would be added to the root system," plus any other agreed activities "necessary to coordinate the specified DNS management functions."{271} Echoing the White Paper, the DoC-ICANN MoU also listed four principles by which the parties "will abide": stability of the Internet; competition; private, bottom-up coordination; and representation.{272} The MoU explained "private bottom-up coordination" as meaning that the agreement would
result in the design, development, and testing of a private coordinating process that is flexible and able to move rapidly enough to meet the changing needs of the Internet and of Internet users. . . . [and] foster the development of a private sector management system that, as far as possible, reflects a system of bottom-up management.{273}
[*pg 85]
ICANN's responsibility under the [MoU] is to act as the not-for-profit entity contemplated in the White Paper, and to demonstrate whether such an entity can implement the goals of the White Paper. If it cannot, Government involvement in DNS management would likely need to be extended until such time as a reliable mechanism can be established to meet those goals. The Department does not oversee ICANN's daily operations. The Department's general oversight authority is broad, and, if necessary, the Department could terminate the agreement and ICANN's role in this aspect of DNS management with 120 days notice.{274}
The authority DoC granted to ICANN in the November 1998 DoC-ICANN MoU was sweeping but (formally) only temporary. The agreement placed ICANN on a short leash, ending on September 30, 2000, or after 120 days' notice.{275} Thus, if ICANN failed to perform as DoC "anticipate[d]"{276} it could lose its reason for being or be replaced. On the other hand, if, as appears to be the case, ICANN did what DoC desired, then it could reasonably have hoped to be given full control of the DNS at the end of this "transitional" agreement.{277} ICANN had every incentive to be DoC's cat's paw and risked all if DoC was unhappy with its actions.
3. ICANN Takeover of the IANA Function (1999). In the ICANN-DoC MoU, the parties agreed that ICANN would study the privatization of the DNS by doing it. However, IANA, a separate government contractor, was already doing the job that ICANN proposed to privatize. Thus, DoC needed another agreement to allow ICANN to take over "the IANA function" -- although it sometimes seemed as if ICANN simply was taking over IANA. (Indeed, ICANN is now headquartered in Marina Del Rey, California, in the same office building tower that long housed IANA.) In June 1999, the parties signed a Cooperative Research and Development Agreement (CRADA){278} by which DoC (acting via NIST and NTIA) engaged [*pg 86] ICANN to study how to improve the IANA functions; like the ICANN-DoC MoU, this new agreement appears to include having ICANN perform the function during the study.{279}
ICANN had already moved to secure a relationship with IANA. About six months before the CRADA, ICANN agreed with USC (which was still the government contractor for the IANA function) that ICANN should take over IANA's role.{280} USC transferred some of IANA's assets and personnel to ICANN, and ICANN agreed to pay IANA's bills.{281} In practical terms, ICANN's takeover of the DNS may date to this agreement. DoC had not agreed to the transfer, but within weeks, DoC remedied the gap by announcing that it intended to issue a sole source contract to ICANN for the IANA function on the grounds that ICANN was the only responsible source available.{282} DoC duly issued a purchase order to ICANN for IANA services, a purchase order that has a price of zero dollars but allows ICANN to establish and collect fees from third parties, subject to review by DoC, so long as the fees reflect the actual cost of providing the service.{283}
Thus, in addition to the MoU, another part of the legal basis for ICANN's management of the DNS became the fact that ICANN [*pg 87] stands in the shoes of IANA while it studies how to improve IANA and how to privatize IANA's functions.
4. ICANN's Search for Revenue. If getting recognized as NewCo was ICANN's first order of business, the search for revenue was an only slightly lower priority. The White Paper had proposed that NewCo be supported by "stakeholders," including registrars and registries. NSI, however, did not accept ICANN as NewCo and was unwilling to make payments; since NSI was the monopoly registrar and would continue to be the dominant registry in the gTLDs, this left few alternatives with any assets. ICANN had no assets other than its agreements with DoC and a considerable fund of goodwill.
Thus, in February 1999, ICANN proposed that registrars should pay it $1 for every domain name registration and re-registration. This proposal met with intense criticism, caused a congressional hearing, and prompted DoC to send ICANN a letter objecting to the fee.{284} Within two weeks of receiving DoC's letter, ICANN dropped its proposal for the $1 fee,{285} even though ICANN CEO Mike Roberts described the organization as "broke."{286} Since NSI had most of the gTLD registrations, it would have paid the largest fee to ICANN. When ICANN proposed the $1 fee, however, NSI had yet to recognize its authority, so the pressure from Congress advanced its agenda of keeping ICANN weak.
Although ICANN received a number of $10,000-$25,000 donations, primarily from telecommunications and Internet businesses,{287}[*pg 88] these were far less than its expenses.{288} In August 1999, ICANN sent out desperate messages seeking funding to IBM and MCI.{289} On September 24, 1999, IBM pledged an unconditional contribution of $100,000 to ICANN.{290} ICANN also negotiated unsecured loans on favorable interest terms from four large e-commerce companies with interests in domain name policy.{291}
Although the loans were described as being for one year, as of this writing at least the four listed above appear to be outstanding, and ICANN's budget does not include a line item for repayment.{292} ICANN's money troubles continued even after DoC persuaded NSI to recognize it as NewCo and to make a $1 million payment immediately plus pledge about $2 million per year.{293} ICANN has a contract with DoC that allows it to levy user fees at cost for its performance of the IANA function, but that agreement was not signed until February 2000, and DoC estimates the costs at under $10,000.{294}
As of this writing, ICANN is trying to levy about $1.5 million per year from ccTLD registries,{295} but a large number have protested on the grounds that they have no contract with ICANN and no obliga- [*pg 89] tion to pay.{296} Registries in some third world nations have also complained that ICANN's levies were calculated arbitrarily, without notice or their participation, and that they discriminate against registries that choose to offer free domain names to their nationals.{297}
5. The Tripartite Agreements (November 1999). Agreements to agree are notoriously hard to enforce, and NSI's promise in Amendment 11 to make agreements with NewCo fit this pattern. Although DoC had signed an MoU with ICANN in November 1998, ICANN's teething troubles kept DoC from officially recognizing ICANN as "NewCo" until February 26, 1999.{298} Even after this designation, the negotiations with NSI dragged on. By recognizing ICANN, NSI risked losing much of its autonomy. By not recognizing ICANN, NSI kept its grip on the registry and a predominant share of .com registrations -- plus the leverage the threat to go it alone gave NSI over DoC. Furthermore, NSI must have known that ICANN had two powerful incentives to secure NSI's cooperation: without it, ICANN risked becoming a paper tiger; and, without a cash infusion from NSI, ICANN had no reliable source of funding.{299} ICANN clearly saw NSI as the chief obstacle to its success.{300}
But for pressure from DoC, it is possible that NSI would never have reached a final agreement with ICANN; it had little incentive to do so quickly. The pressure from DoC was, however, intense, and NSI's contract would eventually expire. Thus, in early November 1999 -- a year after DoC signed its first agreement with ICANN -- the [*pg 90] three parties signed a set of triangular agreements by which NSI agreed with DoC to make agreements with ICANN that would give ICANN near-total control over the root and de facto control over the contractual terms that would govern every registrant's access to domain names in the open gTLDs: .com, .org, and .net.
The DoC-NSI Agreement. In Amendment 19 to the DoC-NSI Cooperative Agreement, DoC agreed to extend NSI's contract for at least four more years and possibly more.{301} DoC also agreed to ensure that NSI's root remained the authoritative root.{302} NSI agreed to recognize ICANN as NewCo{303} and to sign the ICANN Registry Agreement and the ICANN Registrar Accreditation Agreement.{304} Furthermore, NSI agreed that if it were to violate those agreements and ICANN were to terminate it for cause, DoC could similarly terminate NSI.{305} This threat ensured NSI's good behavior. NSI also promised to accept registrations only from ICANN-accredited registrars.{306} The consequences of this promise were as significant as anything else in the tripartite set of agreements. With this promise, ICANN acquired the power, through the Registry Agreement, to impose any conditions it chose on registrants. Since no registrant could be listed in the legacy root without going through an ICANN registrar, and ICANN now acquired the power to determine what conditions the registrar would impose on registrants, the effect was to acquire contractual leverage over anyone wanting a functional domain name.{307} Significantly, NSI, perhaps the only party capable of deploying an alternate root with instant worldwide acceptance, also gave up its option of creating such a competitor, agreeing with DoC that "[i]n the interest of the smooth, reliable and consistent functioning of the Internet, for so long as the Cooperative Agreement is in effect, NSI agrees not to deploy alternative DNS root server systems."{308}
[*pg 91]
The ICANN-DoC Agreement. DoC and ICANN amended their MoU of November 25, 1998,{309} to underline DoC's authority over ICANN and, thus, provide NSI assurances that ICANN would not attempt to disadvantage NSI relative to its new registrar competitors nor attempt to alter its privileged position as registry. DoC not only approved the revised Registry Agreement,{310} but ICANN further promised DoC that ICANN would not amend the Registry Agreement without DoC's prior approval.{311} ICANN also promised not to make agreements with a successor registry without DoC's approval{312} and to follow DoC's lead if it chose to replace NSI with a new registry.{313} And, as if to make clear beyond peradventure that ICANN was DoC's agent for DNS matters, ICANN agreed that "[i]f DOC withdraws its recognition of ICANN or any successor entity by terminating this MOU, ICANN agrees that it will assign to DOC any rights that ICANN has in all existing contracts with registries and registrars."{314}
The NSI-ICANN Agreements. In the Registry Agreement,{315} NSI agreed to become the official ICANN registry but extracted substantial limits on ICANN's ability to exercise regulatory powers.{316} NSI agreed to accept ICANN's revised Registrar Accreditation Agreement{317} and, in an ICANN-NSI Registrar Transition Agreement,{318} to become an ICANN-accredited registrar.{319} NSI-as-registrar agreed to pay ICANN $1 million immediately and up to $2 million per year thereafter.{320} NSI also revised its Registrar License Agreement{321} governing NSI-as-registry's relationship with other registrars. In a critical part of the new agreement, NSI-as-registry required all registrars to [*pg 92] have an ICANN-approved domain name dispute policy and to enforce it on their registrants.{322} Registrars also had to promise to pay NSI $9 per year per registration for the first two years of a registration and $6 per year thereafter.{323} Unlike earlier MoU's, this one included an explicit disclaimer of any intent to create third-party beneficiaries.{324}
At this point, ICANN's day-to-day control of the DNS was complete, subject to two rather important constraints explored in the next section: DoC stated that it retained "policy control" over the DNS, and the MoU and the sole-source contracts were due to expire late in the year 2000.
What authority did DoC have to lend ICANN its authority over the DNS, even temporarily? According to the MoU itself, that authority came from five sources. Two of these sources had been cited to justify the proposed rulemaking in the Green Paper: DoC's general authority "to foster, promote, and develop . . . foreign and domestic commerce"{325} and NTIA's authority to coordinate telecommunications activities and "assist in the formulation of policies and standards."{326} Three were new. First, there was the White Paper itself, which as a mere policy statement could not provide the authority.{327} DoC also cited a presidential directive, based on an earlier product of [*pg 93] Ira Magaziner's interagency task force, which instructed the Secretary of Commerce to transition DNS management to the private sector.{328} Most substantively, DoC relied on its Joint Project Authority, which allows DoC to enter into "joint projects" with "nonprofit organizations, research organizations, or public organizations . . . on matters of mutual interest, the cost of which shall be apportioned equitably."{329} Indeed, ICANN is nonprofit, both DoC and ICANN wanted ICANN to have the authority, and no money changed hands, thus formally satisfying these requirements, if not perhaps in a way that Congress might have anticipated.
The formal satisfaction of these contracting requirements perhaps explains why the General Accounting Office recently concluded that DoC had the authority to enter into its contracts with ICANN.{330} Indeed, the problem with DoC's relationship with ICANN has little to do with the wording of the agreements and only a little to do with their substance. Rather, the problem is something that the GAO excluded from its terms of reference -- how DoC itself has directed and reacted to ICANN's performance of the contracts.
A person suffering legal wrong because of agency action . . .. is entitled to judicial review thereof.{331}
[*pg 94]
The Department of Commerce seeks to paint its relationship with ICANN as a normal relationship it might have with any contractor; call this the private party story. Similarly, ICANN argues that it neither regulates nor makes policy but just sets technical standards; call this the standard-setting story. It has long been accepted that the government may delegate technical "standard setting" to private parties -- at least so long as the government retains a supervisory role. Indeed, some of what ICANN does, or plans to do, can legitimately be described as standard setting, and if ICANN were limited to those functions, DoC's reliance on ICANN would not be illegal so long as it retained the right to review -- and if necessary countermand -- ICANN's decisions.
In fact, however, ICANN's effects on third parties' legal rights are so sweeping that functionally DoC has outsourced policymaking and regulatory functions to ICANN. As explained below, ICANN's imposition of arbitration on domain name registrants clearly rises to the level of regulation and policymaking.{332} The question then is whether ICANN regulates as DoC's proxy -- the state actor question. If ICANN is a state actor, its regulatory acts are directly chargeable to DoC, and need to comply with the Administrative Procedures Act. If, on the other hand, ICANN is not a state actor, but is acting independently, then one question is whether ICANN is subject to the Federal Advisory Committee Act. A more important question is whether DoC retains the right to approve or countermand ICANN's decisions. If DoC has forfeited this right, the issue is whether this grant of public power to a private group violates the Due Process Clause or the nondelegation doctrine. Conversely, if DoC retains the right to review ICANN's policy decisions, the issue is again whether DoC's review complies with the APA.
The White Paper articulates no Internet governance role for ICANN, and the Initial Board shares that (negative) view. Therefore, ICANN does not "aspire to address" any Internet governance issues; in effect, it governs the plumbing, not the people. It has a very limited mandate to administer certain (largely technical) aspects of the Internet infrastructure in general and the Domain Name System in particular.{337}
To the extent that ICANN really is engaged in mere technical standard setting -- the Internet equivalent of deciding how insulated a wire must be to be safe -- the standard-setting story has merit. The assignment of IP numbers, the maintenance of unique protocol numbers for various Internet functions -- these and other semi-ministerial tasks are indeed just standard setting, although ICANN's agreement with the IETF seems to make ICANN little more than a rubber stamp for a significant fraction of these tasks.{341} Yet both ICANN's conduct and the various agreements it has entered into reveal that a substantial fraction of ICANN's activities go far beyond the setting of technical standards. Choosing TLDs on the basis of social utility from among multiple technically qualified providers, fixing the business models of registrars, enforcing dispute resolution procedures on millions of unwilling business and consumers, accrediting dispute resolution providers, writing substantive and procedural rules for the disputes -- not one of these tasks is "technical" standard setting in any routinely meaningful sense of the word.
The most glaring example of ICANN's policymaking to date is surely its promulgation of the Uniform Dispute Resolution Policy (UDRP) following the lead set out in the White Paper. The White Paper identified cybersquatting as a major problem that would need to be attended to by NewCo, and called for the UN's World Intellectual Property Organization (WIPO) to provide NewCo with an advisory report on what might be done.{342} WIPO duly produced a lengthy report.{343} ICANN referred the question of the arbitration of cybersquatting cases to a "working group." ICANN's working groups are supposed to be open to all, but the Chair of the Working Group excluded several opponents of mandatory arbitration from voting, although everyone remained allowed to comment.{344} The Working Group's report was then forwarded to the ICANN Names Council, which is supposed to assess whether there is a consensus for the re- [*pg 97] port. It did not, choosing instead to air its own views on the matter.{345} After a period of public comment, the ICANN board next took up the issue. Finding that there were a number of unresolved issues, the board convened an ad hoc committee, dubbed the "small drafting committee," that met in secret to advise the staff on changes to the proposed policy, some but by no means all of which the staff accepted.{346} The board then adopted the staff's final recommendations.
By adopting these rules, ICANN imposed on all current and future registrants in .com, .org, and .net a requirement that they agree to a third-party beneficiary clause in favor of any person, anywhere, who believes that the registrant's domain name registration infringed the complainant's trademark right. This clause was not optional: pursuant to the Registrar Agreement, ICANN required domain registrars to include this clause in every registration contract and to modify existing contracts with their customers;{347} and, pursuant to the Registry Agreement, ICANN required NSI to agree to refuse to list registrations from any registrar who failed to do so.{348}
The UDRP offers a great deal to trademark registrants seeking to claim domain names from registrants, as the proceeding can cost under $1000{349} and runs on a fast track, with each side (ordinarily) en- [*pg 98] tering only exhibits and one short pleading and no live witnesses or arguments. But the UDRP reduces registrants' legal rights in at least three ways.{350}
First, complainants choose the arbitral tribunal from a small list of approved providers maintained by ICANN,{351} which gives the providers an economic incentive to compete by being "complainant-friendly."{352} The first fruits of this competition can be seen in the decision of one of the competing providers -- -not the one I am affiliated with -- to offer plaintiffs a chance to file an extra brief after the ordinary close of pleadings for $150.{353} Respondents have no say in which provider will manage the case, and no peremptory challenges to block arbitrators whom they may fear are biased. Respondents can, however, pick one member of a three-person panel -- at their own expense if the complainant opted for a single panelist and the respondent decides three are needed.{354} The choice of the provider determines who [*pg 99] will be the arbitrators. For one-person panels the arbitrator must come from the provider's lists, and for three-person panels, each side provides a list of choices for one arbitrator, and the provider picks the chair.{355}
Second, unlike court proceedings, the URDP does not require actual notice to defendants, only attempted notice for a relatively short period of time.{356} Proceedings normally take forty-five days or less. After the complainant selects an ICANN-approved dispute provider and files a complaint, the dispute provider has three days to check it for formal compliance and forward it to the respondent.{357} The respondent has twenty days from the date this notice is sent (not received) to respond.{358} The provider then ordinarily has five days to appoint the arbitrator(s).{359} The panel then has fourteen days to make its decision.{360} The provider has three more days to communicate the [*pg 100] decision to the parties.{361} If the respondent loses, he has ten days to file a challenge in a competent court, or the domain name is transferred to the complainant.{362} It can be seen from this chronology that, barring exceptional circumstances, the longest a proceeding can take from filing of complaint to decision is forty-five days, with another ten days before a decision to transfer takes effect. The decision to forgo requiring actual notice in absolutely all cases is understandable, given the efforts that the sleaziest registrants make to hide their contact details in shady registrations. The short deadlines, on the other hand, are completely unfair.{363} Defendants who happen to take a month's vacation without e-mail can lose their chance to explain why they should keep their domain name without ever knowing it was endangered.
Third, and most significantly, the consequences of the arbitration are highly asymmetric and discriminate against registrants. UDRP decisions are not "binding"; if the plaintiff loses, the arbitration does not preclude an attempt to bring the case in court.{364} This alone is a desirable feature, because a summary procedure, in which each side has only one submission, and in which there is neither testimony, cross-examination, briefing, nor argument cannot by itself hope to make reliable credibility determinations or sort out complex competing claims. If the system by design can resolve only clear cases of trademark infringement, it follows that plaintiffs with more complex cases should lose but still be entitled to have their day in court -- where sometimes they will deserve to prevail.
The unfairness comes in comparison to what happens if the defendant loses. First, the registrant now has to sue to keep the name, taking on the burden of proof, and possibly being subject to different courts, rules of procedure, language, and choice of law than if the trademark complaint had been forced into litigation where the registrant resides.{365} Worse, under the UDRP, a defendant is given only ten days to file an action in a court with jurisdiction over the plaintiff -- or in the jurisdiction where the registrar is located{366} -- to halt the transfer of the domain name. No injunction is required, as filing suf- [*pg 101] fices to stop the clock, but this still means that either the losing defendant must have hired and probably paid a lawyer in advance, or the loser will need to find representation in a great hurry. This contrasts very unfavorably with the position of the losing plaintiff, who has as much time as statutes of limitations or laches will allow. The rule has particularly harsh effects in legal systems that do not provide for amendment of pleadings as of right, or at all.{367}
DoC's, WIPO's, and ICANN's objective in promoting mandatory domain name arbitration was to produce a rapid, lightweight, and inexpensive process that would allow victims of cybersquatting to vindicate their rights far more cheaply and quickly that would be possible in most courts.{368} To the extent that this reduced the settlement value of clearly meritless defenses by persons infringing trademarks online, this was surely a very laudable objective. But it was not in any sense "technical coordination" of the Internet. Rather, it represents a clear policy choice to sacrifice the interests of (some) domain name registrants in favor of (some) trademark registrants for the communal good. While this policy choice is surely one that a legislature could make, it is not at all evident that Congress has delegated power over trademark policy to DoC. And, even if this sort of policy choice is within DoC's mandate, there can be no grounds by which DoC could outsource policymaking discretion of this sort to ICANN.
The standard-setting story's defense that this is mere technical coordination is not credible. Technical issues are questions such as the bit size of data packets, the architecture of the root servers, or the number of new top-level domains that can safely be added to the root. Determining what sort of redundancy the DNS requires and investigating the Y2K reliability of the DNS also are technical questions. Changing the legal rights accruing to more than twenty million contracts of registration is not.
Although it is the clearest case of ICANN's non-technical regulation so far, the adoption of UDRP is not unique. As it prepares to add new TLDs to the root, ICANN will again venture outside of the technical arena. ICANN will choose from one to ten proposals for new TLDs from applications from potential registries who will pay a [*pg 102] $50,000 non-refundable application fee.{369} Some proposals may be rejected for not demonstrating sufficient technical abilities. If, as seems likely, there are more technically qualified applicants than ICANN is willing to grant a TLD, then ICANN plans to choose among the applicants on other criteria. Specifying minimum performance levels for new registries and registrars are technical matters indeed, but choosing among multiple competing, technically qualified, proposals to see which five or so should be added to the root based on the social value of the proposed name is not easily called technical coordination. As one astute commentator put it,
[T]he problems surrounding the domain name system have, up to now, largely been framed as technical standard problems, and the processes used to resolve these problems have accordingly been analogs to the technical standard-setting processes. This approach, however, fails to fully appreciate the fact that domain name problems are not purely technical problems, but public policy ones as well. Specifically, the domain name controversy raises difficult issues regarding the proper distribution of a limited resource (domain names), the allocation of authority to control such a resource, and the proper shape and structure of the Internet as a whole. Such questions are "public" in nature, to the extent that they affect all participants on the Internet and to the extent they involve distribution of a quasi-public resource. Moreover, they cannot be resolved solely by reference to a relatively neutral technical performance metric; in many cases, conflicting value judgments may be irreconcilable. Domain name problems are thus, in a number of ways, fundamentally unlike other technical standard problems.{370}
This technical work MoU has one particularly striking feature. It carefully distinguishes between the standards work of the IETF, which ICANN agrees to be bound by, and policy matters, which ICANN reserves to itself: "Two particular assigned spaces present policy issues in addition to the technical considerations specified by the IETF: the assignment of domain names, and the assignment of IP address blocks. These policy issues are outside the scope of this MOU."{372} Indeed, the thread of "policy" runs throughout ICANN's own internal planning. ICANN's budget projections include provisions for both standards work and policymaking. In the policy area, we find that ICANN plans to "study, recommendations and implementation of policy decisions concerning domain names, trademarks and the related provisions of the WIPO study," and "study, recommendations and implementation of policy decisions concerning expansion of the Top-level Domain (TLD) name space."{373} In the longer range, ICANN plans to "[p]rovide timely and responsive staff support to the policymaking activities of the Board, its Supporting Organization Councils and other advisory bodies as needed, including policy implementation, preparation of legal agreements, etc.,"{374} and, among the specific priorities: "Complete Board policy-making and related implementation actions for gTLD registries and registrars; Complete Board policy-making and related implementation actions on revisions [*pg 104] to ICP-1 dealing with delegation and administration of ccTLDs."{375} All this policy work naturally requires a senior policy officer, and ICANN has one, in the person of one Andrew McLaughlin.{376} It is also recruiting a policy analyst.{377}
Partisans of the private-party story might object that any claim that ICANN regulates or makes policy founders on the voluntary nature of the contract between a registrant and a registry. No one is forced to register a domain name, and if ICANN, or even DoC, imposes a term on those contracts that someone doesn't like, they can do without. That participation in the legacy DNS is, for all practical purposes, the only way to get a unique domain name that has real utility is not relevant, the argument goes, because having a domain name is an option, not a necessity. This attempt to set a "luxury" test on the government's (or the government's agents') power to impose conditions on the public is misguided. Even in Thomas v. Network Solutions, Inc.,{378} where the district court held that NSI's domain name registrations fees were not an illegal tax because the fees were paid "pursuant to a voluntary contract between private parties," the court recognized that this principle has limits.{379} True, the district court rejected the argument that the fees were not really voluntary at all because "NSF, a government agency, has stacked the system so that users are forced to contract with NSI to receive the services they need,"{380} but its reasoning is instructive. The district court held that "a contract is not involuntary because it flows from a monopoly, even if [*pg 105] the government (or its agent) holds that monopoly, as long as the monopolist is merely servicing an existing need, and not . .. . creat[ing] the need itself."{381} The contrast with the UDRP could not be more clear.
Unlike the federally provided electricity in Yosemite Park and Curry Co. v. United States,{382} the case on which the Thomas court relied, the party to the contract -- the registrants -- have no need or desire for the UDRP or for the arbitration services provided by ICANN-approved suppliers. The need for the UDRP was felt by third parties only, and it therefore would not be reflected in the contract between the registrant and the registrar "even if the government were not involved" -- thus it cannot be said to be "merely servicing . .. . [a] need."{383}
The claim that ICANN is exercising governmental regulatory functions is not new. The EU Commission noted that "even within their narrowly defined remit, it is already the case that ICANN and the [Governmental Advisory Committee] are taking decisions of a kind that governments would, in other contexts, expect to take themselves in the framework of international organizations."{384} Not only is ICANN making regulatory choices for the whole DNS, but the structure of the contracts set up by DoC make ICANN into the regulator of the registries and even the registrars. In particular, ICANN is now NSI's regulator. Amendment 19 to the DoC-NSI agreement states that NSI recognizes ICANN as NewCo. As a result, DoC's "[s]upervision [u]nder [c]ooperative [a]greement [g]oes [m]ostly [d]ormant"{385} as most NSI obligations to DoC become satisfied by compliance with NSI's agreement with ICANN or with the ICANN-drafted registrar agreement.
This section examines DoC's continuing control over the legacy root and the implications of that control for DoC's current relationship with ICANN. In light of these factors, it then discusses whether ICANN is a state actor, whether DoC retains a right to review ICANN's decisions before they go into effect, and whether ICANN is an advisory committee to DoC. Two simple dichotomies lie at the heart of each of the these issues: is ICANN legally independent of DoC or under its influence; and, if ICANN is legally independent of DoC, has DoC given ICANN (temporary) license to make final decisions regarding the root, or has DoC retained a right of review? Opinions may differ as to the most correct answers to these questions given the facts set out above, but in the long run that makes no difference. Once one accepts that ICANN is doing something more than simply issuing technical standards, so long as one provides consistent answers to these questions, DoC's relationship with ICANN violates a legal rule, however one slices it.
1. DoC's Continuing Control over the Legacy Root. Despite ICANN's seeming ability to run the root, and its supervisory role over NSI, DoC maintains that the U.S. government, not ICANN, retains ultimate "policy control" over the root and that DoC has no current plans to let go of that authority.{386}
Certainly, until ICANN came along, the U.S. government's de facto control over the root was clear, if not often exercised. Examples include the original policy against registering multiple domain names, commercial uses, and a number of NSF policies directed to encourage use of the Internet, including making registration easy.{387} The policy that domains could be reserved without payment{388} has its origins in [*pg 107] NSF's insistence that registration be easy.{389} And NSF itself believed that domain names were subject to its control, and thus Congress's, noting that "[t]he people, through their elected representatives, have historically exercised control over these internet addresses" and that "[g]overnment authority over internet addresses, which continues to be administered under federal awards, is a matter of historical fact."{390} The Second Circuit had no trouble finding that NSF controlled new gTLDs and that NSI acted at its instruction.{391}
Similarly, although ICANN admits that domain name registrars and registries (i.e., NSI) are subservient to it, in that they must accept ICANN's conditions to be allowed to sell registrations and make entries in the legacy root, it says that DoC imposed this subservience. ICANN says it is only doing what the government tells it because the ICANN-DoC MoU requires ICANN "to accredit competitive registrars before they may access the .com, .org, and .net registries," and "the effect of this accreditation is governed by Amendment 11 of the Cooperative Agreement between NSI and the USG and the USG's inherent control over the operation of these registries."{392} In other words, the real regulation, ICANN says, either happens elsewhere or happens only because the government makes ICANN do it.
In operational terms, DoC's authority over ICANN and the root rests on three elements: its agreements with NSI, its ability to hold a virtual sword of Damocles over ICANN, and its direct cooperation with and supervision of ICANN.
First, despite the network of agreements among ICANN, DoC and NSI, ICANN does not have the authority to create a new TLD without DoC's approval. NSI, which continues to physically operate [*pg 108] the root, remains obliged to secure written approval from DoC before adding any top-level domains to the root.{393}
Second, DoC's retention of the power to take control of the root away from ICANN is of enormous significance, as it forces ICANN to be exquisitely conscious of DoC's requirements. If ICANN fails to meet DoC's expectations, DoC can choose another body to replace ICANN.{394} All of the relevant agreements provide that if DoC recognizes another entity as "NewCo" in ICANN's place, then the obligations to ICANN in those agreements immediately terminate.{395} The point bears repeating: ICANN's only reason for existence, and the sole source of its power over the DNS, is that the thirteen root servers treat it as authoritative, and that the government instructed NSI, another contractor, both to defer to ICANN on policy and to pay it money. The root servers recognize ICANN only because DoC signed an MoU with ICANN and announced that ICANN is the relevant authority. Were the U.S. government to transfer its recognition to another authority, the root servers would be under no more legal obligation to recognize that new authority than they were to recognize ICANN, but the move is all but certain.{396} So long as the root servers recognize ICANN's authority, ICANN is able to dictate contractual terms to registries and registrars who wish to be included in the legacy root. By dictating terms to registrars, ICANN can also enforce terms on registrants, since ICANN can (and does) require that registrars include standard terms in contracts with registrants.
Third, DoC and ICANN have a warm and cooperative relationship, although whether that relationship is best characterized as a partnership, master-servant, or self-regulatory body and supervising agency is hard to discern. Whatever the precise nature of the relationship, it certainly is not arms-length. In particular, it cannot reasonably [*pg 109] be characterized as DoC calling ICANN into being, signing an MoU with it to give it authority, and letting it go off on its own.{397} Indeed, from the first, DoC planned to be heavily involved with ICANN on a continuing basis. Although DoC did not pay ICANN in the DoC-ICANN MoU (other than payment in kind by lending it the root), DoC promised to devote more than a quarter of a million dollars in staff time and expenses to monitoring and helping ICANN. DoC estimated that staff support alone would equal half-time dedication of four or five full-time employees.{398} When first asked, a DoC official told a House Subcommittee that, "[t]he Department's general oversight under the joint project is limited to ensuring that ICANN's activities are in accordance with the joint project MOU, which in turn requires ICANN to perform its MOU tasks in accordance with the White Paper."{399} But, when pressed for specifics, DoC admitted that it "consults" with ICANN before its major decisions, such as ICANN's proposal to charge a fee of $1 per domain name.{400}
DoC supported ICANN during its first thirteen months by pressuring its other contractor, NSI, to recognize ICANN.{401} Indeed, DoC and ICANN closely coordinated a strategy designed to get NSI to accept a subordinate position as an ICANN-accredited registrar. Thus, for example, ICANN's June 1999 status report noted that [*pg 110] "DOC/ICANN" agreed that NSI should became an ICANN-accredited Registrar and "accept the policy authority of ICANN."{402} ICANN also complained that NSI was simultaneously taking part in ICANN's activities while funding ICANN's critics. Because ICANN and DoC were afraid that NSI might do something that "could have adverse implications for the short-run stability of the domain name system" -- presumably the threat to operate an alternate root -- "ICANN and DOC are taking prudent steps necessary to be able to implement the White Paper objectives with or without the cooperation of NSI."{403} The tripartite agreement signed in November 1999 would have been impossible without DoC's intervention and its willingness to stand as guarantor of the parties' good behavior. And DoC demanded, and got, NSI's promise not to compete with ICANN's root.{404}
Not surprisingly, given the dire consequences of angering DoC and DoC's close supervision/cooperation, ICANN's initial actions have closely tracked those contemplated by the White Paper. Indeed, in June 1999, ICANN itself boasted that the White Paper "principles formed the basis of the MOU, and have dictated ICANN's policy decisions to date."{405}
2. Nature of DoC's Authority to Review ICANN's Decisions. If there had been any doubts about the extent of the federal government's view of its authority over the root, those doubts were answered by NSF's assertion of authority in reaction to the PGP Media case.{406} NSF transferred its authority to DoC. DoC then entered into a series of agreements with ICANN. Although it is clear that DoC's authority fully reverts to it in the event that it terminates the agreements or they lapse of their own accord, DoC's formal role during the life of the agreements is less transparent.
Other than requests for new entries to the root, which by Amendment 11 require explicit written authorization from DoC to NSI,{407} there are no (publicly) defined procedures by which DoC reviews ICANN's work, nor are there any public procedures in place for determining whether ICANN's lease on the root deserves to be [*pg 111] renewed or made permanent. Nor does DoC publish its decisions regarding ICANN's regulatory activities. This contrasts with other regulatory agencies' relationships with self-regulatory organizations. In most other cases, an agency that relies on rules promulgated by a private or quasi-private body does so on the basis of a congressional direction and puts in place some sort of review before rubber-stamping the output of self-regulation. The SEC, for example, engages in informal rulemaking, including full notice and comment and ultimate publication in the federal register, before accepting the rules of regulated exchanges.{408}
In addition to giving ICANN its initial marching orders in the White Paper -- supplemented by the ICANN-DoC MoU, the CREDA, the IANA function contract, and the continuing informal contacts described above{409} -- DoC retains considerable authority to review and countermand ICANN's decisions. Indeed, this authority is so sweeping that as a practical, and, this subsection argues below, legal, matter, any decision of ICANN's other than truly technical matters{410} is subject to DoC's approval. If this is the case, then ICANN's policy decisions take effect only because DoC has at least passively approved them.
The agreements between DoC and ICANN are either couched as cooperative agreements between equals, or, in the case of the IANA function, as procurement of a zero-cost service. In none of these agreements does DoC purport to give up any of its control over the root. As a matter of longstanding doctrine therefore, DoC's authority is unimpaired. As the Supreme Court explained in 1908,
The surrender, by contract, of a power of government, though in certain well-defined cases it may be made by legislative authority, is a very grave act, and the surrender itself, as well as the authority to make it, must be closely scrutinized. No other body than the supreme legislature . . . has the authority to make such a surrender, unless the authority is clearly delegated to it by the supreme legislature. . . . Specific authority for that purpose is required. . . . But for the very reason that such a contract has the effect of extinguishing [*pg 112] pro tanto an undoubted power of government, both [the existence of the promise to cede an aspect of sovereignty] and the authority to make it must clearly and unmistakably appear, and all doubts must be resolved in favor of the continuance of the power.{411}
Yet, for all DoC's unimpaired authority, the fact remains that most of the time when ICANN makes a decision other than to add a TLD to the root, DoC is officially silent. When DoC disagrees with a decision, such as the $1 per domain name fee, DoC works by informal processes.{413} Nevertheless, I argue below that because DoC has the authority to disapprove ICANN's decisions, its choice not to is reviewable under the APA, whether or not it is formally memorialized or even the subject of conscious choice.{414} As the Ninth Circuit noted, this silence tells one little, because "nondisapproval requires neither publication and comment nor explicit findings. In fact, it does not guarantee any level of review whatsoever."{415} As the APA defines "agency action" to include "the whole or a part of an agency rule, or- [*pg 113] der, license, sanction, relief, or the equivalent or denial thereof, or failure to act,"{416} it seems clear that "nondisapproval" is a form of agency action subject to review under APA section 706.
Arbitrary and capricious review is not searching, but neither is it toothless. Many of the decisions that DoC and ICANN are likely to make would survive it -- if supported by an adequate record. Probably the single largest change that would be imposed by recognizing the applicability of section 706 is that it would force DoC to make a record justifying its decisions. However, some of ICANN's most arbitrary decisions would be unlikely to survive a section 706 challenge. For example, a rule that allows losing plaintiffs years to go to court for a second chance to acquire a contested domain name but gives losing defendants only ten days to file to retain what they believe to be their legal rights seems quite arbitrary, and might even violate the Due Process Clause or the Equal Protection Clause.
3. The State Actor Question. ICANN is currently able to take measures such as the UDRP because it is formally independent from DoC. ICANN is a California nonprofit corporation. It is not a federal agency. It has a board of directors, a staff, and a budget. As a formal matter there is no question that ICANN has independent legal existence and personality. Form, however, is not everything; substance matters.{417} Given that DoC called for an ICANN to exist, clothed it with authority, persuaded other government contractors to enter into agreements with it (including the one with NSI that provides the bulk of ICANN's revenue), and has close and continuing contacts with ICANN, a strong, but not unassailable, case can be made that ICANN is a state actor. If ICANN is a state actor, then it [*pg 114] must comply with due process.{418} It is highly unlikely that the procedures used to impose the UDRP on domain name registrants would meet this standard, and it is even debatable whether the UDRP itself would do so.
The Supreme Court recently reviewed and restated the test for state action in a case that bears some similarity to DoC's reliance on ICANN's UDRP; the differences between the circumstances in that case and those surrounding the UDRP, however, are as instructive as the similarities. American Manufacturers Mutual Insurance Co. v. Sullivan{419} concerned a section 1983 challenge to insurers' invocation of a Pennsylvania Workers' Compensation statute that allows insurers to withhold payments for disputed treatment pending a "utilization review" conducted by a private, state-regulated "utilization review organization" (URO). Insurers trigger the review by filing a short form with a state bureau, which then randomly selects a URO from its list of qualifying medical service providers.{420} Applying for the review suspends the insurer's obligation to make payments, which resumes only if the URO finds the treatment justified, or, if the URO finds the treatment was not justified, if the worker wins an appeal to a state agency or, ultimately, a court.{421} Plaintiff workers sued, arguing that the procedure deprives them of a due process pre-deprivation right to notice and a hearing.{422} The Third Circuit held that the state's participation in the launching of the review, and its extensive regulation of the UROs and workers' compensation generally, made the insurers state actors when they used the UROs.{423}
Chief Justice Rehnquist, writing for the Court, held that there was no state action on the part of the insurers. He began by restating [*pg 115] the basic tests for state action. First, the "'[t]he mere fact that a business is subject to state regulation does not by itself convert its action into that of the State.'"{424} Thus, a private party
will not be held to constitutional standards unless "there is a sufficiently close nexus between the State and the challenged action of the regulated entity so that the action of the latter may be fairly treated as that of the State itself." Whether such a "close nexus" exists .. . . depends on whether the State "has exercised coercive power or has provided such significant encouragement, either overt or covert, that the choice must in law be deemed to be that of the State."{425}
In Sullivan, a section 1983 action, the plaintiffs were not challenging the validity of the Pennsylvania statute authorizing insurers to withhold payments if they prevailed before a URO, but rather were claiming that the action of the insurers, who initiated the URO review by filing a form, was itself state action. ICANN's imposition of the UDRP differs from Sullivan in who the actor is, what the action is, and who is acted upon; each of these differences suggests that the argument for state action in the case of ICANN is much stronger than in Sullivan.
Sullivan involved action in the shadow of a statute. In contrast, part of the problem with ICANN's somewhat similar imposition of the UDRP is precisely that there is no such statute: The Pennsylvania legislature imposed the UROs on workers by making their decisions legally effective; ICANN, not Congress, imposed the UDRP on registrants by requiring that all registrars include standard form third-party beneficiary clauses in their contracts.{427} The Pennsylvania legis- [*pg 116] lature's action was classic, and procedurally legitimate, state action;{428} the issue is whether the nexus between ICANN and DoC is sufficiently tight to compel the conclusion that ICANN stands in the shoes of the state (DoC) when it imposes the cognate requirement on registrars who must then impose it on registrants.{429} The Sullivan case does suggest that if Congress were to create an arbitration regime for domain name disputes, then the actions of trademark holders in bringing complaints would not be state action, as indeed they most likely are not under the current regime. Nothing makes a trademark holder invoke the UDRP any more than Pennsylvania law made insurers apply to UROs.{430}
The ICANN problem differs from the Sullivan facts in ways that shape the state action analysis. The main problem with ICANN's UDRP is not the effect on trademark holders; it is ICANN's regulation of registrars and, through them, of registrants. Unlike trademark holders or Pennsylvania insurers, registrars and registrants subject to ICANN's rules do not have a choice about the UDRP. ICANN does not allow registrars to deviate from ICANN's mandatory terms in the contracts the registrars offer to their clients. ICANN requires registrars to make domain name registrants in .com, ..org, and .net sign a third-party beneficiary agreement that can be invoked by any aggrieved party in the world. If Congress imposed these conditions through legislation, that would of course be procedurally legitimate state action; the procedures created by that legislation would have to conform to due process. Significantly, defendants in Sullivan changed [*pg 117] their procedures rather than appealing the Third Circuit's holding that elements of the Pennsylvania URO plan violated due process by providing inadequate notice and failing to give employees a chance to plead their case properly.{431} Were Congress to attempt to impose a plan like the UDRP, similar questions would then be squarely presented for judicial review. In the case of existing DNS regulation, however, the state action issue must be decided first. The critical issue therefore concerns the purported nexus -- whether when the government calls for an ICANN to impose requirements for it, and an ICANN duly appears and does so, ICANN's actions can fairly be charged to the government.
As Sullivan reminds us, determining whether governmental authority may dominate an activity to such an extent that its participants should be deemed to act with the authority of the government, and, as a result, be subject to constitutional constraints,{432} is a critical question in state action cases,{433} and one that is primarily a question of fact.{434} In Edmonson v. Leesville Concrete Co.,{435} the Supreme Court provided three factors to be weighed: first, "the extent to which the actor relies on governmental assistance and benefits";{436} second, "whether the actor is performing a traditional governmental function";{437} and third, "whether the injury caused is aggravated in a unique way by the incidents of governmental authority."{438}
These three tests suggest that ICANN is a state actor. First, ICANN depends very heavily on government assistance and benefits. ICANN would be irrelevant but for DoC having anointed it as [*pg 118] NewCo and lent it control over the root. The second test focuses on the nature of the function being performed. DNS services have been a government function since the inception of the domain name system. The federal government's provision of root DNS services is thus unlike the provision of electricity in Jackson v. Metropolitan Edison Co.,{439} because (until ICANN) the DNS has been "exclusively the province of the state" -- through the offices of the military and government contractors. But whether DNS services can be said to be a "traditionally" governmental function, given the relative youth of the Internet, is a little harder to say. In the Thomas case, the D.C. Circuit found the provision of registrar services too "recent and novel" to qualify.{440} The idea of a hosts.txt file, the precursor of the modern DNS, goes back at least to 1971;{441} the modern DNS dates from about 1983.{442} Twenty years, or even thirty, may be a little short for a "tradition," even though it is an eternity in "Internet Years."{443} But perhaps this approach mischaracterizes the problem. For it is not ICANN that provides registry and registrar services, nor even that maintains the zone file. Rather, ICANN is fundamentally engaged in a traditional, even quintessential, government function: regulation of service providers. The fact that the objects of that regulation are relatively new types of entities is of no moment -- regulation is regulation. The application of the third test, whether the harm is aggravated in a unique [*pg 119] way by the incidents of government authority, depends on the context in which a state actor claim would arise. The factor may weigh differently in a complaint about a (would-be) top-level domain, whose access to the root is directly controlled by DoC, as opposed to a second-level domain, where the influence of DoC's control of the root is exercised through the registrars.
The leading recent cases considering whether corporations with unusually close ties to the federal government should be considered state actors are Lebron v. National Railroad Passenger Corp.{444} and San Francisco Arts & Athletics, Inc. v. United States Olympic Committee.{445} In Lebron, the Supreme Court held that Amtrak was a government actor on the basis of the direct federal control spelled out in Amtrak's federal charter. The Court reached this conclusion despite a statute pronouncing that Amtrak "will not be an agency or establishment of the United States government."{446} Lebron thus stands for the proposition that in determining whether a corporation is a government actor, the Court will look at the substance of an entity's relationship with the government rather than relying on legal formalities. Indeed, as Justice Scalia wrote for the Court, "It surely cannot be that government, state or federal, is able to evade the most solemn obligations imposed in the Constitution by simply resorting to the corporate form."{447}
Nevertheless, exactly how much control the government must have over a corporation before the firm becomes a government actor remains open to debate. The government's control over Amtrak was direct and complete -- the government appointed a majority of Amtrak's board -- so the case serves only as an upper bound in determining what degree of state control suffices to make a corporation a federal actor. Similarly, San Francisco Arts & Athletics provides only an example of a degree of control that is insufficient. Although the government provided part of the USOC's funding{448} and gave it special trademark protection, the Supreme Court held that it was not a [*pg 120] government actor.{449} In reaching this conclusion, the Court offered a (perhaps overly) subtle distinction between a corporation that would be a government actor if it undertook a function that was "traditionally the exclusive prerogative" of the federal government, and the USOC, which merely "serves the public."{450} More clearly, the Court noted that the USOC was not a government actor because the necessary element of government control was lacking. The United States, the Court stated, no more controlled the USOC than it did the Miss Universe pageant.{451}
To the extent that ICANN is executing the policies set out in the White Paper under pain of termination, ICANN very closely resembles a state actor. The White Paper is not, however, a particularly detailed document, and other than creating the UDRP, ICANN's main function is to make decisions that the federal government was politically unwilling or unable to make itself.{452} The government's control over ICANN falls between the extremes of Amtrak and the USOC. On the one hand, there is no question that DoC lacks the formal control over ICANN that the Department of Transportation enjoys over Amtrak. The United States does not appoint any ICANN board members, and government officials' direct participation within the ICANN structure is limited to the Governmental Advisory Committee. On the other hand, as noted above, DoC has ICANN by the throat: it controls its major asset, all of ICANN's major contractual rights revert to the government if DoC pulls ICANN's plug, and so far at least DoC has kept ICANN on a short leash.
The case for ICANN being a state actor turns on the degree of instruction, and perhaps even continuing coordination, from DoC. As noted above, not only is there substantial evidence that ICANN is making policy and regulating, there is also substantial evidence that ICANN is doing so at the behest, tacit or overt, of the Department of Commerce. As we have seen, the ICANN-DoC MoU speaks of cooperation more than delegation; DoC not only initially enabled ICANN, [*pg 121] but they both agreed contractually to stay in close communication with each other.
What makes ICANN different from Amtrak, and more like the USOC, is that ICANN's board is formally independent. The issue, therefore, is whether that formal independence is overcome by the totality of the relationship between ICANN and DoC. In making this determination, some guidance may be found in a recent Supreme Court decision considering a very similar issue in the context of an Establishment Clause claim. Establishment Clause jurisprudence is not identical to state action jurisprudence,{453} although both lines of cases can require courts to consider whether the government should be held responsible for ostensibly private conduct. As the Establishment Clause can be violated by the appearance of endorsement of private religious speech as well as the actual support of it,{454} a lower level of government control or sponsorship than would be required to find state action in other areas may suffice to trigger an Establishment Clause violation. Even with this caveat, the Supreme Court's recent decision in Santa Fe Independent School District v. Doe{455} may be instructive. In Santa Fe, the defendant school district argued that student-led, student-initiated prayer at high school football games did not violate the Establishment Clause because it was private speech.{456} The Supreme Court agreed with the distinction between public and private speech, but found the speech to be public because it was "authorized by a government policy and [took] place on government property at government-sponsored school-related events."{457} Similarly, ICANN's management of the domain name system is authorized by government policy -- the White Paper -- and relies on its control over a federal resource, the root.
Various groups will ultimately elect ICANN's board. The intervention of an election -- in which the U.S. government has no votes -- might reasonably be considered to insulate ICANN's policymaking [*pg 122] from state action. However, the Supreme Court has long held that "'fundamental rights may not be submitted to vote; they depend on the outcome of no elections.'"{458} The fundamental rights threatened by ICANN's activities are rights to property in domain names, the right to noninterference in contracts with registrars, rights to due process and, to the extent that domain names are or facilitate speech, First Amendment rights.
In Santa Fe, the Supreme Court was unimpressed by the use of a free election as a defense against an Establishment Clause claim and held that it did not prevent the elected person's conduct from being fairly charged to the government. Although the Establishment Clause context does not automatically translate to other forms of state action, the Court's reasoning and language is at least suggestive. The Court noted in Santa Fe that "the majoritarian process implemented by the District guarantees, by definition, that minority candidates will never prevail and that their views will be effectively silenced."{459} The Court seemed particularly concerned that in choosing to let students vote to elect a designated prayer leader, the school district knew full well which sort of opinion -- the Christian prayers they had previously offered themselves -- would prevail, if not necessarily exactly who would speak or what they would say.{460} The parallel to ICANN is imperfect, but the Supreme Court's focus on the full context of the election provides a useful model. In approving ICANN, and in particular in requiring the corporatist constituency structure that privileges business and intellectual property owners at the expense of other domain name registrants, the government in effect rigged the game to ensure a predictable outcome.{461}
Whether the government chose to outsource policymaking from a noble desire to privatize and internationalize the root or for other reasons is of no legal relevance to the question of whether ICANN is a state actor. What matters most is the high degree of control and direction exercised over ICANN by DoC. It may be that some day the [*pg 123] government will remove itself fully from DNS regulation. Until that day, however, ICANN arguably falls within the rule the Supreme Court summarized in NCAA v. Tarkanian:{462} Private parties are state actors
if the State creates the legal framework governing the conduct; [or] if it delegates its authority to the private actor . . . . Thus, in the usual case we ask whether the State provided a mantle of authority that enhanced the power of the harm-causing individual actor.{463}
Furthermore, although the government does not directly pay ICANN, ICANN's ability to raise funds is entirely due to the government having lent ICANN a federal resource, the government's control over the root. ICANN's funds come from registries and registrars. Registrars pay to be accredited by ICANN so they can sell registrations that will be reflected in the legacy root. NSI, which was both registrar and registry, agreed to pay ICANN as part of the tripartite agreements.{464} Moreover, ICANN may some day be able directly to charge registrants and ccTLD registries, and in each case its ability to compel payment will rely on whatever power it may have to control access to the legacy root. Thus, DoC's loan of control over the root is not only the sole basis of ICANN's relevance and power, but also of its income stream.
Courts also find state action when the private enterprise has multiple contacts with the government. Courts look to see if a "symbiotic relationship"{465} between the public and private entities has been formed. Although the inquiry is highly contextual,{466} the presence of government subsidies or aid is probative of state actor status.{467} Indeed, ICANN does have a "symbiotic" relationship with DoC, and DoC has provided enormous aid to ICANN in lending it the root, [*pg 124] anointing it as NewCo, and forcing NSI to come to terms with it. DoC's relationship with ICANN is different from a normal research contract in which the government defines the parameters of a study and a contractor provides information or expert analysis. ICANN is not simply thinking up new ways to manage the DNS, or providing DNS management services, or even engaged in standard setting for new technical protocols. Instead, it provides the service of making policy on new TLDs, policy on registration in existing TLDs, and policy regarding dispute resolution within gTLDs. Unlike a contractor that provides goods or implementation of a department's policy, ICANN is providing regulation services; most of the actual management of the DNS is, after all, conducted by NSI pursuant to the U.S. government's instructions,{468} which now include doing what ICANN says.{469}
A number of court decisions have examined the federal government's relationship with corporations that provide expert advice on technical questions. Generally, these decisions hold that the corporations are to be identified with the government when the government acts as a rubber stamp, even if the government has retained a formal right to countermand their decisions.{470} The publicly available evidence makes it difficult to discern the extent to which DoC actually reviews ICANN's decisions. We know that new entries to the root, such as .ps, require ratification by DoC; we know that DoC "consults" intensively with ICANN, and has the equivalent of at least two employees working full time on ICANN matters; and we know that in some cases, such as the proposed and abandoned $1 domain name fee, DoC caused, or participated in causing, ICANN to change its [*pg 125] mind. However, we also know that after calling for action against cybersquatters in the White Paper, DoC took no public role in ICANN's decision to impose the UDRP; thus, it is impossible to say how involved DoC was in formulating the decision, and what review, if any, took place at DoC after ICANN resolved to impose the UDRP on registrants.{471}
One thing, however, seems logically clear. Either DoC does not review ICANN decisions{472} such as the decision to adopt UDRP or the coming decision as to which gTLDs to put in the root, or DoC does some sort of review. If DoC does no review, the case for calling ICANN a state actor is strong, since the body uses its control over a federal resource to affect the legal rights of citizens. On the other hand, if DoC does conduct a meaningful review, then its decisions to adopt or to allow ICANN's decisions and pronouncements to take legal effect are decisions subject to the APA.
[F]inal agency action for which there is no other adequate remedy in a court [is] subject to judicial review.{473}
The APA defines a "rule" as "the whole or a part of an agency statement of general or particular applicability and future effect designed to implement, interpret, or prescribe law or policy or describing the organization, procedure, or practice requirements of an [*pg 126] agency."{475} Unless Congress legislates otherwise, or one of the specified APA exceptions applies, agencies can only issue rules in compliance with the APA's procedural requirements, which include publishing a notice in the Federal Register, soliciting comments for at least thirty days, and responding meaningfully to public comment.{476} In so doing, the agency would have to publish in the Federal Register the proposed rule with an explanation of why it is needed and why it is legal; solicit comments; issue a final rule that was predictable, or at least a logical outgrowth, from the proposed rule; and respond to all comments in a reasoned way.
1. Do APA Exceptions Apply? It might be argued that either of two APA exceptions apply to rulemaking regarding DoC's reliance on ICANN's activities. The rulemaking procedures set out in section 553 of the APA do not apply to agency actions relating to "public property, loans, grants, benefits, or contracts."{477} It could be argued that DoC's agreements with ICANN are contracts; arguably,{478} the DNS is "public property." If either exception applies, then DoC's rulemaking is exempt from notice and comment requirements, although the rules are still subject to review under the APA's section 706, which instructs courts to overturn "arbitrary and capricious" agency decisions.{479} In any case, neither argument for the inapplicability of section 553 should carry the day.
[*pg 127]
The courts have generally construed the contracts exception narrowly.{480} The Senate Judiciary Committee report on its version of the APA noted "that the exceptions apply only 'to the extent' that the excepted subjects are directly involved."{481} It is not at all evident that the ICANN-DoC MoU{482} is a "contract" within the meaning of section 553.{483} However, even if the creation of DoC's relationship with ICANN is covered by the contracts exception to section 553, the APA may still apply to DoC's subsequent actions. The decision to choose ICANN to be NewCo appears to be an informal adjudication. Subsequent decisions taken by ICANN would be rulemaking if taken directly by the government and have their effect only because of government action giving ICANN control over the root. More importantly, the use of ICANN to make prospective decisions affecting third parties during the life of the contract should fall under the APA, or the contracts exception will make increasingly large parts of the APA a dead letter.
[*pg 128]
The GAO recently opined that the APA did not apply to the establishment of ICANN because DoC did not cause ICANN to be established, did not materially participate in the selection of its board, and because the White Paper was vague on the trademark policy NewCo should adopt.{484} Even if this last point is not completely accurate -- it was pretty clear what WIPO would say about cybersquatting -- it is possible to agree with the GAO that ICANN was created independently of DoC and yet believe that the APA applies to DoC's decision to enter into various agreements with ICANN. And, even if one does not believe that the APA applies to DoC's decision to enter in the CRADA and the MoU with ICANN, one may still accept that the APA applies to DoC's reliance on ICANN when that reliance amounts to rulemaking. To the extent that DoC is using its ongoing relationship with ICANN to make rules that affect third-party registrants of domain names, the contract exception of the APA does not, and should not, apply. DoC is not immunized from APA review because it used a contract to lend a corporation control over the root, especially when it is working so closely with that corporation.
Nor is DoC's approval of or acquiescence in policymaking and regulation by ICANN covered by the public property exception to section 553. First, it is not at all clear that the government "owns" the DNS, or even the root; most likely it does not have an exclusive property interest in that root zone data file, if only because the U.S. government does not hold copyrights in its published information.{485} Notably, DoC did not attempt to rely on the public property exception theory in either the Green Paper or in the White Paper. DoC issued the Green Paper as an ordinary notice of preliminary rulemaking,{486} and it issued the White Paper as a Policy Statement.{487} If DoC had believed that the public property exception allowed it to avoid the APA's rulemaking requirements, it would surely have mentioned this somewhere. Second, even if the government's interest in the root is proprietary, it is not evident that the public property exception was intended to or should apply to the disposition of an intangible intellectual property-like asset. More fundamentally, although more [*pg 129] broadly construed than the contracts exception, the public property exception applies to matters "relating to" public property, not ancillary matters in which control of public property is leveraged to achieve ends that have nothing to do with the sound management of the property itself.{488}
2. Consequences of the APA. The heart of the APA is its provision for judicial review of administrative decisions. Regardless of whether APA section 553 applies, if APA section 706 applies it allows judicial review of DoC's adoption of, or acquiescence in, ICANN's actions.
a. The founding agreements with ICANN. Although the GAO may have thought otherwise,{489} there is a strong argument that the APA applies to DoC's decision to enter into, or to extend, the ICANN-DoC MoU, to the CRADA, and to the zero-cost purchase order by which ICANN took over the IANA function. DoC would no doubt argue that the APA does not apply to any DoC relations with ICANN, much less ICANN's actions, because, in its view, DoC's only actions -- other than approving or disapproving additions to the root{490} -- consist of entering into MoUs or (costless!) procurements with ICANN. Indeed, as a general matter, the public does not have a right under the APA to complain about the letting of a contract, the entry of a CRADA, or the signing of an MoU. The primary reason for this absence of a right to sue is lack of standing: In the ordinary case, a member of the public lacks the sort of direct personal injury that would give her standing to complain. To have standing, a plaintiff must have a concrete and actual or imminent injury fairly traceable to the conduct of the defendant, which would be redressed by a ruling against the defendant.{491} Furthermore, the plaintiff must be within the [*pg 130] "zone of interests" sought to be protected by the statute or constitutional provision on which they base their claim.{492} But, "for a plaintiff's interests to be arguably within the 'zone of interests' to be protected by a statute, there does not have to be an 'indication of congressional purpose to benefit the would-be plaintiff.'"{493} Instead, the focus is "on those who in practice can be expected to police the interests that the statute protects."{494}
Indeed, at least two courts have found that non-signatories to CRADAs may have a right of action if harmed by them. In Chemical Service, Inc. v. Environmental Monitoring Systems Laboratory-Cincinnati,{495} the Third Circuit held that a competitor to a private laboratory had standing to challenge provisions of a CRADA that it claimed should have been issued under ordinary procurement laws because "Congress did not intend that a CRADA be used to substitute for a procurement contract or cooperative agreement."{496} The court also unanimously held that a related Memorandum of Understanding (MoU) between a division of the EPA and a firm was "final agency action" for APA purposes.{497} Agency action though it might be, a majority then held that the plaintiffs nonetheless lacked standing to challenge it in court because there was no statute relating to the subject matter of the MoU, and a claim of a competitive disadvantage caused by the MoU was outside the zone of interests Congress had sought to protect in the Federal Technology Transfer Act, or in any other statute the court thought might be relevant.{498} The dissenting judge argued, persuasively, that competitors did have standing to claim that an agency's actions pursuant to an MoU were arbitrary and capricious, because the agency's actions were allegedly "an arbitrary and capricious implementation of [its] regulatory program,"{499} and [*pg 131] participants in the program were within the zone of interests for standing purposes when they sought to challenge the approval of competing and allegedly non-conforming products.{500}
If there is no evidence that Congress wished to have a CRADA used as an end-run around the procurement laws, there is even less evidence that Congress ever contemplated a CRADA being used to make rules without conforming to the APA. Furthermore, the case for finding that persons whose property or contract rights have been affected by the actions of ICANN under its MoU with DoC have standing to challenge the MoU is much stronger than the competitive injury theory rejected by the majority in Chemical Service. Suppose one accepts the majority's theory that absent a statute there is no right to complain that the government is improperly aiding a competitor. Domain name registrants unhappy with ICANN's policies are not competitors; they are persons with an interest in their domain names that is protected by the Due Process Clause if it is an interest in a contract, and by the Takings Clause if it is a property interest. Because their claim is fundamentally grounded on their constitutional right to have those contract and property rights interfered with by government only according to law, they are within the zone of interest of the Constitution and thus have standing to bring an APA claim.
A more recent case, Edmonds Institute v. Babbitt,{501} is an even better parallel to the ICANN situation. In Edmonds Institute, plaintiff environmentalists challenged a CRADA between Yellowstone National Park and Diversa Corp., a firm of private bio-harvesters. The plaintiffs were in no sense competitors with Diversa, but instead were users of the resources (Yellowstone) that the private firm would be using. The district court held that the plaintiffs had constitutional standing to attack the CRADA authorizing Diversa to conduct bio-harvesting of minute quantities of micro-organisms from Yellowstone because "[t]he bottom line is that the plaintiffs in this case claim an injury to their aesthetic and recreational interests from Diversa's activities conducted pursuant to the Yellowstone-Diversa CRADA."{502} The injury to plaintiffs' aesthetic interests in enjoying Yellowstone free from the bio-harvesters' footprints is surely a harm smaller then ICANN's threat to domain name holders' interest in domain names, whether one characterizes that as a property interest or a due process [*pg 132] interest in the quiet enjoyment of registrants' contractual relations with registrars.
Furthermore, and of most direct relevance to ICANN, the Edmonds court held that Yellowstone's CRADA with Diversa Corp. was "final agency action" under the APA{503} and, thus, subject to review under the "arbitrary and capricious" and "abuse of discretion and otherwise not in accordance with law" standards of the APA.{504} The court noted that the Yellowstone-Diversa CRADA cited the Federal Technology Transfer Act (FTTA){505}
as its legal basis, apparently taking the view . . . that Yellowstone National Park is itself a federal "laboratory." . . . When viewed in terms of recent cases interpreting the "zone of interest" requirement, it is not unreasonable to find that those who use federal laboratories "in practice can be expected to police the interests protected" by the FTTA.{506}
b. ICANN's on-going regulations. DoC has an obligation to make its general and prospective rules in compliance with the rulemaking provisions of the APA.{507} This it demonstrably has failed to do. Therefore, rules of a general, nontechnical, and prospective nature, such as the UDRP, that DoC enacts via ICANN are not valid.{508} And even if a section 553 exception did apply, this does not release the agency from its obligation to publish rules intended to [*pg 133] bind the public,{509} nor does it insulate the rule from judicial review under APA section 706.{510}
ICANN's DoC-granted control of the root allows it to make decisions with substantial impacts on domain name holders. To date, the decision with the most significant direct effects on domain name holders and would-be registrants is the imposition of the UDRP; the most significant upcoming decision will be its selection of a small number of new gTLDs for introduction into the legacy root. These two decisions, one past, one in the near future, well illustrate the role of the APA relating to the review of ICANN's decisions. In the case of the UDRP, there was no overt and public act by DoC endorsing or enforcing ICANN's rule. As far as one can tell, DoC approved of the URDP, but it took no formal action at the time as if to promulgate or approve it, although arguably, DoC's subsequent decision to renew its agreements with ICANN is an implicit approval of ICANN's actions. At the time, though, DoC's official role was acquiescence. In contrast, although DoC has taken no official stance while ICANN has produced various complex rules and conditions and set a non-refundable $50,000 fee per application for applicants wishing to run new gTLDs,{511} when the time comes to enter new TLDs into the root, DoC will have to approve it rather than just acquiesce.
If a federal agency chooses to adopt a decision by an outside body as its own, it might proceed by rule or adjudication.{512} Whether the agency acts by rulemaking or makes the rule via adjudication, the critical point is that the agency retains a right of review.{513} In any case, [*pg 134] if the proceeding is prospective and general in nature, it is rulemaking for due process purposes, regardless of the form the agency may have chosen to use.{514} If a federal agency were to attempt to adopt the UDRP directly, it would clearly be a rule, because it is prospective. On the other hand, the selection of one or more applicants for new gTLDs over others, although it has a prospective component, has elements of both rulemaking and adjudication. To the extent that the consequences of selection prospectively affect all users of the Internet, it is in the nature of rulemaking; to the extent that some applicants are licensed and others are not, it has elements of adjudicating "competing claims to a valuable privilege," which provides additional due process protections to the interested parties.{515}
The fact that most of DoC's decisions, such as allowing the UDRP to take effect, happen on the nod does not preclude review, although regulation by acquiescence imposes special problems for judicial review.{516} Indeed, a silent record implicates all the process and review problems that were supposed to have been put to rest with Citizens to Preserve Overton Park, Inc. v. Volpe,{517} as there is no evidence at all of reasoned decisionmaking.{518}
[*pg 135]
The case of the UDRP demonstrates in particularly stark terms why agencies should not be allowed to end-run the APA by giving control of public property to a corporation with tacit, much less written, instructions to that corporation that it use that control to make policy. If an agency sought to impose, as part of a government program, UDRP-like mandatory third-party beneficiary clauses that created arbitration rights for any aggrieved trademark holder, it would face significant obstacles. First, it would be subject to the ordinary procedural duties of the APA and to due process requirements. In the special case of the UDRP, however, the agency also would have to comply with the strictures of the Administrative Dispute Resolution Act (ADRA),{519} which applies to "the resolution of an issue in controversy that relates to an administrative program"{520} and imposes severe constraints on an agency's use of arbitration instead of ordinary formal or informal adjudication to resolve an "issue in controversy."{521}
If the UDRP were subject to ADRA, then the program would be illegal, because "[a]n agency may not require any person to consent to arbitration as a condition of entering into a contract or obtaining a benefit"{522} -- and domain name registrants must agree to be subject to the UDRP as a condition of being allowed to appear in the legacy root. Indeed, it is a nice question whether DNS regulation as conducted by ICANN pursuant to its agreements with DoC is currently "an administrative program" that decides "issues in controversy" that are "material to a decision concerning an administrative program of an agency" and "between persons who would be substantially affected by the decision" -- and is therefore already subject to ADRA.{523} ADRA defines the term "administrative program" as "includ[ing] a Federal function which involves protection of the public interest and [*pg 136] the determination of rights, privileges, and obligations of private persons through rule making, adjudication, licensing, or investigation, as those terms are used in [sections 551-59 of the APA]."{524} If ICANN acts as DoC's agent or is a state actor, ICANN's administration of the DNS and the UDRP could easily be characterized as one that "involves protection of the public interest," and as instantiating one of the expansive list of federal functions in ADRA.
Regardless of the ADRA issue, ICANN's arbitration system would have little chance of surviving ordinary "arbitrary and capricious" review under the APA, because it denies respondents minimal levels of fair procedure that participants would be entitled to expect from the U.S. government. As noted above, three aspects of the UDRP are particularly troubling: (1) the incentive for providers to compete to be "complainant friendly"; (2) its failure to require actual notice combined with the short time period permitted for responses; and (3) the asymmetric consequences of a decision. An agency rule that sought to impose an adjudicatory system with any of these features on U.S. citizens would surely be found to be arbitrary and capricious, if not an outright denial of due process.
First, and most importantly, due process requires an impartial tribunal,{525} but the UDRP creates a system in which the impartiality of the tribunal could reasonably be questioned. The arbitration providers have an incentive to compete to provide complainant-friendly lists of arbitrators,{526} and questions have already been raised about whether one or more of the providers are biased in favor of the complainants.{527} Whether or not allowing the plaintiff to choose the provider is a violation of due process,{528} it is arbitrary and capricious to design such an obvious vulnerability into the system.
Second, ICANN's arbitration rules -- which all ICANN approved arbitration providers are required to follow -- do not require that respondents receive actual notice of a complaint.{529} While a system that [*pg 137] provides for substituted service is consistent with due process, minimal due process requires serious attempts to achieve actual notice before proceeding with the substitute.{530} A related problem arises because the time allowed for a response is so short.{531} In theory, both complainant and respondent each only get to file one set of papers with the arbitral tribunal. But the complainant gets to work on his pleading as long as he wishes, collect the relevant exhibits, and file when it suits him. The respondent has to answer in twenty days or essentially forfeit the case. What is more, the twenty-day clock to file a response starts ticking as soon as notice is mailed and e-mailed. Other than extraordinary cases, which are entirely at the discretion of the arbitrator, there is no procedure to provide extensions of time to a respondent who receives the notice late.{532} While this schedule might be reasonable for business-to-business arbitration, it clearly is not reasonable in all situations; indeed, it is inconsistent with due process for a system in which many respondents will be ordinary people -- people who take vacations without laptops or do not routinely read their e-mail.{533} The opportunity to be heard is fundamental to due process.{534} The UDRP does not ensure that basic right.
Third, the system imposes asymmetric burdens on the losing parties. A losing complainant is free to file in whatever court would have heard the complaint before the UDRP decision and at a time of his choosing. A losing respondent has ten days to file a complaint in a forum that may be far from home.{535} Not only is the time to file very [*pg 138] short, but the reversal of the roles of plaintiff and defendant shifts the burden of proof. In international cases, the shift may also involve changes in language, procedure, and choice of law.{536}
Each of these flaws alone would probably suffice to doom the UDRP if subjected to review under APA section 706; their cumulative effect would be devastating.
3. Is ICANN an "Advisory Committee"? Suppose, contrary to the argument set out above, that ICANN is not a state actor. To the extent that ICANN does not in fact have the regulatory authority to make its decisions self-executing, but must have them reviewed and, as in the case of new gTLDs, implemented by DoC, then ICANN's role strongly resembles an advisory committee to a federal agency.{537}
The Federal Advisory Committee Act (FACA) imposes strict procedural requirements on advisory committees. If ICANN is subject to FACA, then it has been in continuing violation, since ICANN was neither established pursuant to FACA,{538} nor has it conducted itself with the notice and openness that FACA requires.{539} Under FACA, a U.S. government officer must call and chair every meeting of an advisory committee.{540} In contrast, ICANN's charter excludes officials of all governments.{541} FACA requires open meetings; the [*pg 139] ICANN board has taken many of its key decisions in closed meetings. If FACA applies, decisions taken by DoC in reliance on ICANN are invalid, and ICANN would have to make some dramatic changes to its rules of procedure and bylaws. There are, however, substantial reasons to question whether FACA, as currently interpreted by the courts, would apply to ICANN.
FACA defines an advisory committee as "any committee, board, commission, council, conference, panel, task force, or other similar group . . . which is . . . established or utilized by one or more agencies . . . in the interest of obtaining advice or recommendations for . . . one or more agencies or officers of the Federal Government."{542} That sounds a lot like ICANN, since the ICANN-DoC MoU indeed speaks of studying and advising. To the extent that DoC is adopting ICANN's decisions, overtly or by acquiescence, FACA may well apply; to the extent that ICANN directly executes policy as opposed to merely advising, it is not covered by FACA{543} (although those functions, in turn, raise nondelegation issues discussed below).
Even as regards ICANN's advisory role, however, one could debate whether ICANN is being "utilized" by DoC in the sense the term is used in FACA.{544} In Public Citizen v. U.S. Department of Justice,{545} the Supreme Court narrowly construed the word "utilize" in FACA. "Utilize," Justice Brennan said, "is a woolly verb"; read literally, it "would extend FACA's requirements to any group of two or more persons, or at least any formal organization, from which the President or an Executive agency seeks advice," a result Justice Brennan was certain Congress did not intend.{546} Rejecting a FACA [*pg 140] challenge to the Department of Justice's use of a committee of the American Bar Association to advise the President on potential judicial nominees, Justice Brennan found in the legislative history "considerable evidence" that
Congress sought only to achieve compliance with FACA's more stringent requirements by advisory committees already covered by the Order and by Presidential advisory committees, and that the statute's "or utilized" phrase was intended to clarify that FACA applies to committees "established .. . . by" the Government in a generous sense of that term, encompassing groups formed indirectly by quasi-public organizations "for" public agencies as well as "by" such agencies themselves.{547}
Further complicating matters, the D.C. Circuit has held that FACA does not apply to government contractors. That might seem to let ICANN out of FACA, but here, too, the question is not straightforward. In Food Chemical News v. Young,{549} Judge Ruth Bader Ginsburg relied on FACA's legislative history to find that FACA "does not apply to persons or organizations which have contractual relationships with Federal agencies."{550} The alleged advisory committee in Food Chemical News was a panel of scientists assembled by a [*pg 141] paid contractor. Judge Ginsburg said that as the contractor was merely a private organization working under contract to the government, it lacked the "quasi-public status" required by Public Citizen.{551} As for the panel of scientists, it was managed by the contractor, rather than being managed by the government or by a "semiprivate entity the Federal Government helped bring into being."{552} A more recent D.C. Circuit panel reiterated that contractors are outside FACA, although it also suggested that "even if 'utilization' does not require control in every instance, as where a committee is authorized by Congress and appointed and funded by an executive branch agency," FACA might apply if the agency "intended to use the Panel's guidelines as recommendations to formulate policy."{553}
Again, therefore, the question is what weight to give which facts, and to what extent the facts outweigh the forms. Formally, ICANN is private, spontaneously generated, and a government contractor (even if no money changes hands in those contracts). In practice, it is making DNS policy at DoC's request, along lines mandated by DoC and either with DoC's cooperation or under its supervision. If the forms control, FACA will not apply. In substance, ICANN very much resembles an advisory committee -- and FACA's requirements would probably cure many of the problems that most agitate ICANN's critics, especially issues of notice and secrecy.
an announcement that inspires willing or altruistic compliance among the root servers; or an announcement that compels compliance among the root servers because they understand the network effects of sharing a single root; or a lease or loan of government property -- the root file itself, or some intellectual property right to it; or the transfer of part of the government's interest in its contract with NSI; or the transfer of the power to regulate, with the root file being the means to enforce compliance.
If DoC is neither regulating directly nor indirectly via a state actor, then DoC's delegation of the power to regulate violates the Constitution. A delegation of federal power to a private corporation differs from delegations to an agency. A private person -- even a legal person -- has independent powers. When the federal government delegates power to specific persons, it transfers power to a private group that is often small and unrepresentative or self-interested and presumptively less accountable to the public than are legislators who must face re-election or administrators who must report to the President.{556}
If DoC has handed this power over to ICANN, even on a temporary basis, without keeping the right to review its decisions, then that delegation violates the nondelegation doctrine and raises major due process concerns. These constitutional concerns are substantially [*pg 143] magnified by the absence of a clear congressional pronouncement authorizing the handing over, even on a trial basis, of policymaking authority over the root. The usual type of delegation to private persons that winds up in court originates in a statute. The ICANN case is unusual because Congress has made no such determination. Rather, the delegation from DoC is contractual. The case for the constitutionality of a delegation of public power to private persons is surely strongest when Congress determines that the delegation is necessary and proper to achieve a valid end, and the case is weaker when the delegation is the agency's independent action.{557} Oddly, the GAO -- which focused on statutory issues to the exclusion of the constitutional ones -- seems to have concluded the opposite, reasoning that because DoC had no statutory duty to manage the DNS, its "sub-delegation" of the authority violated no congressional command.{558} That analysis works at the statutory level when the issue is DoC's power to enter into contracts with ICANN; it does not work when the issue is delegations of dubious constitutional legitimacy.
1. Origins and Purpose of the Nondelegation Doctrine. The nondelegation doctrine has fallen out of favor. Notoriously used by a reactionary court to strike down elements of FDR's New Deal reforms, the constitutional doctrine preventing excessive delegations carries some heavy baggage. Since the famous "switch in time" that defanged FDR's Court-packing plan, the Supreme Court has upheld a legion of congressional delegations that suggest the pre-New Deal decisions are, at best, moribund. Any argument that seeks to invoke nondelegation principles must, therefore, do some heavy lifting. What follows seeks to take up that challenge by, first, demonstrating that the pre-New Deal decisions were animated by important constitutional values and were correct at least insofar as they placed limits on the delegation of public power to private parties. Second, it shows that, at least as regards the issue of constitutional limits on [*pg 144] delegations to private parties, the pre-New Deal cases remain valid today, both because they have never been overruled and, more importantly, because the principles on which they relied remain relevant and vital.
The nondelegation doctrine instantiates a fundamental public policy against the arbitrary exercise of public power.{559} Most famously expounded in two pre-New Deal cases, Carter v. Carter Coal Co.{560} and A.L.A. Schechter Poultry Corp. v. United States,{561} the doctrine has two related but distinct forms: the public nondelegation doctrine, which constrains Congress's delegations to the executive,{562} and the private nondelegation doctrine, which constrains Congress's delegations to nongovernmental actors. Carter Coal addresses the limits of the legislature's power to vest "lawmaking" power in private hands, an issue which had also arisen in Schechter Poultry.{563}
The better-known and recently revived{564} public nondelegation doctrine embodies separation of powers concerns and limits Con- [*pg 145] gress's ability to make standardless delegations to administrative agencies by imposing a limited particularity requirement on delegations of congressional authority to federal agencies.{565} Only government agencies in the executive branch may exercise executive powers.{566} It follows that an agency that is responsible to Congress or to the courts may not execute the laws,{567} and it goes almost without saying that even executive branch agencies may only exercise those powers delegated to them by Congress.{568} The public nondelegation doctrine prevents Congress from surrendering a core part of its role -- making certain fundamental policy choices -- to the executive.
[*pg 146]
In contrast to the separation of powers concerns that animate the public nondelegation doctrine, the private nondelegation doctrine focuses on the dangers of arbitrariness, lack of due process, and self-dealing when private parties are given the use of public power without being subjected to the shackles of proper administrative procedure. Both doctrines stem from a long tradition of seeking to ensure that public power is exercised in a manner that makes it both formally and, insofar as possible, actually accountable to elected officials, and through them -- we hope -- to the electorate.{569} This concern for proper sources and exercise of public authority promotes both the rule of law and accountability.{570}
Concern about delegations to private parties also has a long pedigree. In Eubank v. City of Richmond,{571} the Supreme Court struck down an ordinance allowing owners of two-thirds of the properties on a street to make a zoning rule defining setbacks. The Court said this was unconstitutional because it gave one group of property owners the power "to virtually control and dispose of the proper rights of others" and lacked any "standard by which the power thus given is to be exercised."{572} Similarly, in Washington v. Roberge,{573} the Court held that an ordinance requiring the prior approval of owners of two-thirds [*pg 147] of properties within 400 feet of a proposed home for the aged poor was a rule "uncontrolled by any standard or rule prescribed by legislative action."{574} This limited electorate, the Court noted, was "free to withhold consent for selfish reasons or arbitrarily."{575} Two generations later, in City of Eastlake v. Forest City Enterprises, Inc.,{576} the Court upheld a city charter provision requiring proposed land-use changes to be ratified by 55% of the people voting at a city-wide referendum.{577} Distinguishing the "standardless delegation of power" properly struck down in Eubank and Roberge, the Court stated that a city-wide referendum was not a delegation of power because "[i]n establishing legislative bodies, the people can reserve to themselves power to deal directly with matters which might otherwise be assigned to the legislature."{578}
The Schechter Poultry case involved both public and private delegation issues. The National Industrial Recovery Act set up a process by which trade or industrial associations could devise codes of fair competition and petition the President to make them binding on their trade or industry. (In the absence of such a request, the President could also promulgate codes himself.){579} Trade associations and firms would select an "industry advisory committee"; this committee, in turn, would appoint a "code supervisor," subject to the approval of the Secretary of Agriculture and the Administrator for Industrial Recovery, with firms taxed to pay for him "proportionately upon the basis of volume of business, or such other factors as the advisory committee may deem equitable," subject again to federal review.{580}
The President was empowered to accept and enforce a trade or industrial code upon finding
(1) that such associations or groups "impose no inequitable restrictions on admission to membership therein and are truly representative," and (2) that such codes are not designed "to promote mo- [*pg 148] nopolies or to eliminate or oppress small enterprises and will not operate to discriminate against them, and will tend to effectuate the policy" [of the statute.]{581}
In response to the Schechters' challenge to the statute, the Supreme Court defined the issue as whether the statute adequately defined the authority delegated to the President or to trade associations. In both cases, the Supreme Court held, the standards that described the extent of the delegation were too vague to be constitutionally acceptable because they were sufficiently plastic to permit any rule. Citing its then-recent decision in Panama Refining v. Ryan,{583} the Court said that such "virtually unfettered" delegations to the executive were unconstitutional;{584} it then extended the Panama Refining ruling to apply to delegations to private groups also. Thus, the Supreme Court asked rhetorically whether
it be seriously contended that Congress could delegate its legislative authority to trade or industrial associations or groups so as to empower them to enact the laws they deem to be wise and beneficent for the rehabilitation and expansion of their trade or industries? . . .. The answer is obvious. Such a delegation . . . is utterly inconsistent with the constitutional prerogatives and duties of Congress.{585}
The kicker in the Coal Act was that Congress set up a prohibitive "excise tax" on coal.{591} Mine owners could only avoid the tax by "voluntarily" signing on to the codes of conduct. Furthermore, the Act required the U.S. government to buy coal only from mines that complied with a code and to impose the same requirement on all its contractors.{592} Despite operating in what is now derided as a formalist era, the pre-New Deal Supreme Court made short work of this legal fiction of voluntariness, stating "[o]ne who does a thing in order to avoid a monetary penalty does not agree; he yields to compulsion precisely the same as though he did so to avoid a term in jail."{593} Thus, [*pg 150] "[t]o 'accept,' in these circumstances, is not to exercise a choice, but to surrender to force."{594}
The consequences of refusing to submit to a privately drafted code were not penal; they were severe, but purely economic. Nevertheless, the Court excoriated the Coal Act as "legislative delegation in its most obnoxious form; for it is not even delegation to an official or an official body, presumptively disinterested, but to private persons whose interests may be and often are adverse to the interests of others in the same business."{595} Chief Justice Hughes, writing separately, also faulted the Coal Act for violating the due process rights of mine owners and workers.{596} Justice Cardozo, dissenting, defended the Coal Act by noting that it required the coal boards to act justly and equitably, to take account of market factors, and to avoid undue prejudice or preference between producers,{597} but these factors failed to sway the majority.
2. Modern Reception of the Private Nondelegation Doctrine. Since the New Deal, Schechter Poultry has been all but rejected as an authority, and both the Carter Coal doctrine and the standard nondelegation doctrine have been, at best, legal backwaters in the federal courts,{598} although nondelegation survives, even flourishes, in the state courts.{599} For years the public delegation doctrine bowed to the modern administrative state, which includes any number of congressional delegations of power to the executive that stretch the nondelegation doctrine almost beyond recognition. In decisions upholding these delegations, ranging from Yakus v. United States{600} and Fahey v. Malonee{601} to Amalgamated Meat Cutters v. Connally,{602} the federal courts' willingness to approve virtually any delegation [*pg 151] prompted Justice Marshall to suggest that the nondelegation doctrine has been "abandoned by the Court for all practical purposes."{603} While a number of cases cite nondelegation concerns as a reason to construe statutes narrowly,{604} until the D.C. Circuit's recent, and very controversial,{605} decision suggesting that an EPA regulation might be void on nondelegation grounds,{606} the leading judicial suggestions that the classic nondelegation doctrine might not be dead were a concurring opinion by then-Justice Rehnquist{607} and a dissent by Justice Scalia.{608}
Although it represents a separate, less-criticized doctrine than Schechter Poultry's public nondelegation doctrine, the private nondelegation doctrine of Carter Coal remains one of the decisions that prompted FDR's Court-packing proposal, and it found little favor in the federal courts after the "switch in time that saved nine."{609} Parts of it -- notably the suggestion that the Commerce Clause does not attach to mining because products only enter the stream of commerce after extraction -- clearly have been repudiated. And, only a few years after Carter Coal, the Supreme Court limited the reach of the private nondelegation doctrine. In Currin v. Wallace,{610} the Court upheld a statute authorizing the Secretary of Agriculture to fix standards for the grading and weighing of tobacco. The statute also authorized the Secretary to designate tobacco auction markets that would be forbidden from selling tobacco unless it was described and measured according [*pg 152] to the new national standards. An auction could be designated as a covered tobacco market only if two-thirds of the growers who had sold tobacco there the previous season approved of the designation.{611} Plaintiffs attacked this vote as an unconstitutional delegation of power, but the Court rejected their nondelegation claim as "untenable."{612} Because the authority for the entire regulatory scheme, including the requirement for the vote of approval, originated directly from Congress, and perhaps because the Secretary rather than private parties made the rules, the Court distinguished the vote from "a case where a group of producers may make the law and force it upon a minority or where a prohibition of an inoffensive and legitimate use of property is imposed not by the legislature but by other property owners."{613}
Without a doubt, the ban against delegation to private parties has suffered erosion.{614} This erosion is most visible at the state level{615} but, like states, the federal government relies on private parties' decisions for a number of administrative matters. For example, the federal government relies on accreditation decisions made by private parties to make funding choices,{616} although this reliance, and thus collaterally the underlying decision, is subject to basic due process review.{617} The federal government also reviews and administers self-regulatory bodies. The best example of this sort of delegation is the regulation of exchanges, in which securities dealers write their own regulations, then submit them to the SEC for review.{618} Once ap- [*pg 153] proved through ordinary notice and comment rulemaking, the securities dealers' rules take on the force of law.
The strongest argument for the continuing vitality -- or, if need be, revival -- of the Carter Coal doctrine is that undue delegations to private parties entrench a kind of officially sanctioned self-interested regulation that violates due process or equal protection.{624} It was the self-interested regulation that the Carter Coal Court called the "most obnoxious form" of delegation.{625} Several courts{626} and commentators{627} have agreed that delegations to private groups are more troubling than those to public agencies because the accountability mecha- [*pg 155] nisms are weaker or non-existent. Although modern ideas of how much can be delegated to public bodies have changed substantially in the last ninety years, the principle that specific legislative authority should be required to support an otherwise dubious delegation by contract remains as sensible today as ever.
Thus, even though the Supreme Court has not decided a case turning on the private nondelegation doctrine in sixty years,{628} there is reason to believe that Carter Coal's fundamental limit on delegations of public power to private groups retains its validity.{629} Admittedly, the formal clues are sparse. While never overturned,{630} post(Schechter Poultry Supreme Court commentary on Carter Coal is rare.{631} Many legal scholars have argued that the doctrine is or should be dead,{632} although others have argued that it retains or deserves vitality.{633}
But while the Supreme Court has had no modern opportunities to revisit the private nondelegation doctrine, the state courts have had that chance, and their treatment of the issue underlines the importance of the doctrine today. Perhaps the best example comes from Texas, where the state supreme court recently reaffirmed the impor- [*pg 156] tance of the doctrine after a thorough and scholarly examination of the role of the private nondelegation doctrine.
The Texas Constitution does not permit occupation taxes on agricultural products.{634} In order to have cotton growers pay for a Boll Weevil eradication campaign, the Texas legislature authorized the Texas Commissioner of Agriculture to certify a nonprofit organization representing cotton growers to create an "'Official Cotton Growers' Boll Weevil Eradication Foundation.'"{635} The Foundation in turn would be empowered to propose geographic eradication zones and to conduct referenda in each zone to see if the cotton growers in it wished to become an "eradication zone." Zones that voted yes would elect a member to represent them on the Foundation's board.{636} The Foundation then would set proposed assessments for eradication efforts, which the growers would have to approve by referendum.{637} Although its funding required a confirmatory referendum, the statute gave the Foundation broad powers, including the powers to decide what eradication program to pursue, to take on debt, to penalize late payers of assessments, to enter private property for eradication purposes, and even to require the destruction of uninfected cotton crops for nonpayment of assessments.{638} Very soon after the legislature passed the statute, a nonprofit corporation formed "to allow a forum for discussion of problems and activities of mutual interest to the Texas Cotton Industry,"{639} which had lobbied for the statute,{640} and pe- [*pg 157] titioned the Commissioner of Agriculture to be allowed to form the Foundation. Upon receiving that permission, the corporation created the Foundation, and -- in seeming morphic resonance with ICANN -- impaneled an initial board (even though the statute had no prevision for one) and began operations. Growers subjected to the Foundations assessment soon brought suit.
The court began its discussion of the constitutionality of the delegation to the Boll Weevil Foundation by noting that many delegations to private parties were "frequently necessary and desirable," such as the delegation of the power to marry or the decision to promulgate existing or future versions of industrial codes and professional standards.{641} Nevertheless, the court warned, delegations to private parties create greater dangers of conflict of interest and, thus, deserve more searching scrutiny, than do delegations, however great, to public bodies.{642}
There being an absence of judicially crafted standards available to guide whether such delegations were permissible, the court decided to craft them.{643} It decided, based on its review of federal and state precedent, and of academic writings, that there were eight key questions:
1. Are the private delegate's actions subject to meaningful review by a state agency or other branch of state government?
2. Are the persons affected by the private delegate's actions adequately represented in the decisionmaking process?
3. Is the private delegate's power limited to making rules, or does the delegate also apply the law to particular individuals?
4. Does the private delegate have a pecuniary or other personal interest that may conflict with his or her public function?
5. Is the private delegate empowered to define criminal acts or impose criminal sanctions?
6. Is the delegation narrow in duration, extent, and subject matter?
7. Does the private delegate possess special qualifications or training for the task delegated to it?
8. Has the Legislature provided sufficient standards to guide the private delegate in its work?{644}
A subsequent decision suggested that the first and fourth factors are the most important. The importance of the first factor reflects the [*pg 159] fact that "one of the central concerns in private delegations is the potential compromise of our 'democratic rule under a republican form of government.'"{647} The fourth factor gains pride of place because the nondelegation doctrine's "other central concern is the potential that the delegate may have a 'personal or pecuniary interest [which is] inconsistent with or repugnant to the public interest to be served.'"{648}
While the post(New Deal federal judicial record is consistent with claims that Carter Coal may be a candidate for desuetude, these decisions of the Texas supreme court demonstrate that the principles that animated the private nondelegation doctrine remain valid and are, if anything, more relevant today than ever. ICANN is only an extreme example of a more general phenomenon in which suspicion of government and exaltation of the private sector have led to a general push for privatization.{649} While privatization may be a more efficient way to produce goods and services, there is no reason to believe that privatized governance is preferable to a system in which government is elected by and responsible to the governed. Covert corporatism should not be confused with privatization.{650}
It remains the case that it is Congress's inalienable role to make "the important choices of social policy"{651} as regards how public power will be used. Giving private bodies or small groups of citizens the right to commandeer the power of the state to make decisions that affect neighbors, fellow citizens, competitors, or customers undermines democratic, or republican, government and creates a dangerous opportunity for self-interested regulation.
[*pg 160]
1. Time. ICANN's structure taxes time as well as money. The profusion of constituencies, working groups, ad hoc committees, and the like means that only those with an enormous amount of time to devote to ICANN issues can stay abreast of every developing "consensus" policy. In practice, those who can afford to pay someone to represent them -- predominantly commercial interests who hire lawyers or delegate managers to be their spokespersons -- are able to dominate. Unorganized groups, such as users or small businesses, must rely on volunteers{652} and tend to be outnumbered in committee. Thus, for example, ICANN's working group B announced a rough consensus for increased rights for trademark holders, above those already provided by the UDRP -- a conclusion it based on a poll in which representatives of trademark owners cast more than half the votes.{653} While trademark owners are important, and have legitimate interests, they do not make up half the current or future users of the Internet, nor of the U.S. population, nor any other group one would probably choose to poll to find "consensus" on DNS policies. Perhaps this result was not surprising, given that the working group was headed by the chair of the registrars' constituency -- a group whose commercial interests required at least a few non-NSI dominated gTLDs in order to have new names to register and whose public [*pg 161] position was, therefore, often to make almost any concession needed to overcome opposition to the creation of new gTLDs.{654}
For an entity designed to make rules relating to the Internet, ICANN and its subsidiaries seem oddly dependent on attendance at physical meetings. Because ICANN sees itself as global, its meetings are peripatetic.{655} This policy, which has the advantage of making it more possible for geographically disparate groups to attend the occasional board meeting, also makes consistent participation by those without substantial expense accounts impossible. People who cannot attend meetings of the board are able to take part in debates in only the most limited and derivative way -- the few remote comments read to the meeting are filtered and edited by the readers, as contrasted to attendees, who queue for a microphone and can say whatever they like. The problem is equally pronounced in subsidiary groups such as DNSO functional constituencies and working groups. Indeed, the pay-to-play aspect of ICANN reached its zenith recently when the intellectual property constituency announced that members seeking to participate in its Vienna meeting would have to defray the access fees demanded by the local hosts -- a sum it admitted was four times the normal rate.{656}
2. Money. ICANN's financial dependence on low-interest unsecured loans from corporations that have a large interest in e-commerce and the Internet, such as MCI and IBM, creates at least the appearance of a conflict, particularly as during the time ICANN was soliciting and then spending these funds it also worked diligently to minimize the extent to which ordinary domain name users would be able to elect members of the ICANN board.{657}
[*pg 162]
ICANN has a policy on conflicts of interests,{658} but it is difficult to have confidence that it is being honored. As the policy provides for no meaningful public review, and requires no public statements as to the extent of conflicts, the public is, in any case, unable to monitor compliance. In March 1999, ICANN adopted a conflicts of interest policy applying to directors and certain other interested persons with "[a]n existing or potential ownership or investment interest in, or compensation arrangement with, any entity whose business or operation has been or will be directly affected by a decision or action of the Corporation."{659} Directors must disclose conflicts to the Committee on Conflicts of Interest,{660} currently composed of two members of the ICANN board,{661} and have a duty to abstain from board votes (but not discussions) relating to matters in which they have a conflict. The committee meets in secret, and, at least as of October 1, 2000, neither the statements (if any) made to the committee nor minutes of its meetings appear on the ICANN website.
Under the ICANN bylaws and the Conflict of Interest Policy, officers of supporting organizations have a duty to observe the supporting organization's rules on conflicts, but ICANN apparently has no duty to monitor whether there are such rules, and whether they are observed. As far as one can tell -- some constituencies have not published their rules{662} -- none of the constituencies have any rules re- [*pg 163] lating to conflict of interest.{663} Since some functional constituencies of the DNSO, such as the registrars' and registries' constituencies, for example, limit their membership to parties involved in businesses that are highly likely to be affected by ICANN's policies, it is a little difficult to imagine what a meaningful conflicts policy for those bodies would look like.
ICANN's failure to solve the problem of conflicts of interest has understandable causes, but the failure impinges nonetheless on the values against the self-interested regulation that Carter Coal held were the real evil of private regulatory bodies. First, as the example of the registrars' and registries' constituencies demonstrates, a corporatist organization requires self-interested industrial regulation -- that is the whole point of it. Second, many of ICANN's directors and supporters come from cultures that lack what they see as an American puritanical insistence on needless inefficiency. Different nations have [*pg 164] different standards regarding what constitutes improper conflicts of interest (and what, on the other hand, is better seen as "hands-on knowledge"); few countries go as far as the United States in seeking to avoid even the appearance of a conflict of interest.{664}
Key members of the ICANN staff believed that while corporations deserved to be represented, even those whose only interest was protection of their trademarks, registrants did not deserve to be represented, at least not directly, in what they believed was really a standards body.{665} As, Joe Sims, who drafted many of the early ICANN policies, put it, the risk that "a determined minority -- whether commercial, religious, ethnic, regional or otherwise" might capture control of nine at-large ICANN board seats on the projected nineteen-person board was so threatening that ICANN felt it needed to exclude direct end-user input into ICANN's decisions.{666} ICANN, therefore, sought on several occasions to find a formula that would limit the role of individuals in electing ICANN board members{667} while not setting off a political firestorm. The consequence of this policy, however, was to entrench a body run by the very "private persons whose [*pg 165] interests may be and often are adverse to the interests of others in the same business"{668} -- not to mention adverse to other types of interests that were not represented in the process.
The Constitution constrains governmental action "by whatever instruments or in whatever modes that action may be taken."{669}
As noted above, opinions differ as to how one should characterize the legal status of the U.S. government's de facto interest in the DNS. The government controls the root file itself, but this data file is small and easily replicated or relocated. The root file matters only because of the convention -- not currently reflected in any statute or contract -- that the root servers will rely on it. The government's interest is not easily described as either a property interest or an intellectual property interest. Arguably, the government's main legal interest may be as the beneficiary of contracts with NSI and others who manage the DNS for it.
[*pg 166]
Nevertheless, whichever characterization of the government's legal interest prevails, there is no dispute that the U.S. government, through the Department of Commerce, currently enjoys de facto control of the DNS. Nor is there any dispute that DoC has at least temporarily ceded to ICANN, through a variety of contractual and quasi-contractual agreements, almost all the control the United States enjoys. DoC has, however, explicitly reserved a right of review, the power to create new top-level domains, and the contractual right to replace ICANN with another body or take over DNS management directly.
This control imposes legal obligations on the United States which it cannot evade so long as it remains in ultimate control of the DNS and chooses to exercise its power or to allow others to exercise power in its stead. That is as it should be; the government should not be allowed to bob and weave around the Constitution's imposition of duties of due process and equal protection through the creation of formally private intermediaries for policymaking. Nor should government contracts become a means to alter the legal rights of millions of citizens under the guise of technical coordination, even in a relatively peripheral area such as claims of trademark infringement or cybersquatting.
Jon Postel had been forced to abandon his attempt to create hundreds of new TLDs in the face of opposition from trademark owners and Internet first-movers who wished to protect their mnemonic domain names against competitors. Unless something changed, a stalemate on new gTLDs seemed likely to continue just as the e-commerce revolution seem poised for exponential growth. The pre-ICANN DNS system -- in which Jon Postel and a few others ran the system more or less as they wished, making policy by creating and following a consensus among the technical elite that founded the Internet, subject only to occasional direction by NSF -- was proving inadequate to deal with the economically and legally charged environment created by the domain name land rush of the 1990s. The naming of IANA as a nonparty conspirator in a law- [*pg 167] suit, even one that was ultimately dismissed, signaled that Postel needed reinforcements. The U.S. government's control over the DNS was more accidental than anything else, and U.S. officials were receptive to arguments by friendly governments that it was unreasonable for the United States to hold such power over a control point that seemed likely to be bound into the sinews of every developed economy's commercial, social, political, and even artistic life. NSI was entrenching itself in its monopoly of gTLD registrar and registry services. Would-be market entrants were clamoring for access, and would-be registrants wanted new gTLDs. The criticism that greeted the Green Paper suggested that perhaps DoC was not going to be able forge a consensus itself. DoC genuinely did not know how to resolve all the issues in a mutually satisfactory way -- perhaps because that was impossible.
The menu of possible solutions on offer in 1998 probably did not look appealing. The existing system of DNS governance did not look as if it could be left untouched, as it was ossifying and coming under increased pressure from foreign governments, domestic rights holders, and would-be dot-coms wanting new catchy names. Although it would have been legal for the U.S. government to do nothing -- just walk away and hope for true privatized self-organization to manifest itself -- policymakers undoubtedly believed, with some reason, that this would have been irresponsible since there was a significant chance that no such market resolution would occur. Yet, the hostile reaction to the Green Paper -- a sincere if perhaps flawed attempt to make traditional regulations to sort out the DNS problem -- made direct regulation appear to be an unattractive choice. Even if a rule could have been crafted that was within DoC's authority, it seemed certain to be unpopular with one or more of the powerful interest groups weighing in on the issue. In contrast, self-regulation not only seemed to be consistent with the Internet's folkways and a political climate in which the "era of big government" was so notoriously over, but it offered the possibility of taking the administration out of the [*pg 168] line of increasingly hostile fire into which it had somewhat inadvertently walked.
DoC, or at least Ira Magaziner, found the rhetoric and reality of privatization and "stakeholder" governance congenial. Calling for self-governance seemed a political winner, and it seemed most likely to meet with wide acceptance. In this, at least, it succeeded. Although the DNS wars were already at a high pitch, from my personal observation most of the participants accepted (at least in public) that the White Paper was as close to a statement of community and "stakeholder" consensus as one was likely to get. It only emerged later that different people read quite different things into the White Paper's four principles{671} and that the faction that came to control ICANN would justify its de-emphasis of representation under the banner of "stability."
These views are mistaken, if only because there is more at stake here than the Internet. Even if ICANN were thought to be a good thing, a narrow focus on the Internet ignores the pernicious effect of ICANN on the U.S. government itself and on our democracy -- for there is a real danger that ICANN will not be a fluke but will be used as a model for additional erosions of responsible government.{672} DoC's use of ICANN undermines accountability. Every government power must be exercised in accordance with law and with the Constitution. But ICANN is a private nonprofit California corporation; unless it is a government actor or advisory committee, neither the APA [*pg 169] nor the Constitution apply to it. The APA and the Constitution apply to DoC, however, and this is where the main violation of law is to be found. Allowing DoC to use ICANN to make non-technical policy decisions violates basic norms of governance and accountability. DoC cannot quasi-privatize the DNS in a manner that allows the United States to retain ultimate control of the root zone file but achieve deniability about everything that its agent or delegate does with day-to-day control.
ICANN is sufficiently dependent on and symbiotic with the government for ICANN to be a government actor. Although the government did not formally incorporate ICANN, and does not directly fund it, the government:
called for a body like ICANN to be created; described in the White Paper what policies this body should enact; demanded, and got, specific changes in ICANN's organization; recognized ICANN as the "NewCo" called for in the White Paper once it was "spontaneously" incorporated in California; transferred to ICANN control over IANA and/or "the IANA function"; ensured that ICANN's control over the DNS would suffice for it to be able to charge fees from registrars, registries, and applicants for new gTLDs; kept ICANN on a short contractual timetable, ensuring that ICANN would have to perform as DoC wished, or lose its source of funding and reason for being; recently extended ICANN's lease on the DNS, thus in effect ratifying its actions to date.
If ICANN is not a government actor, and if it were to limit itself to a purely technical role, DoC's reliance on it would be legal. In enacting the UDRP, however, ICANN exceeded this limitation, and it seems set to do it again soon. ICANN's plan to choose a small number of new gTLDs seems likely to enmesh it in improper social policy judgments once again. Choosing the number of new gTLDs that would be created might have been a technical rather than social policy issue -- if there really were technical limits on the number the DNS can bear.{673} Prescribing the minimum standards that would make an applicant technically qualified to run a new gTLD registry would be a technical, not a social, choice. Adjudicating which applicants met that standard could be described as technical policy coordination, although it is a bit of a stretch. Doing what ICANN plans to do, which is making this adjudication without first having spelled out the standard to be applied, is an even greater stretch of the concept of "technical coordination," and in theory could, depending on the decisions, rise to the level of "arbitrary and capricious." If, however, there are more technically qualified applicants for new gTLDs than ICANN wishes to create, and ICANN chooses among them based on some idea of the quality or usefulness of the proposed gTLD, or the extent to which the applicant promises to enact social policies such as privacy or trademark protection, then ICANN will have clearly crossed the line into making social rather than technical policy. It cannot seriously be suggested that choosing whether the world is better served [*pg 171] by .banc, .shop, or .xxx is an issue with any "technical" content whatsoever. This is a question of social and political import only; the technical issues are identical whatever a TLD happens to be called. As such, the selection among technically qualified applicants on social merit is a decision that DoC cannot delegate to ICANN so long as the DNS remains in DoC's ultimate control.
1. Limit ICANN to Technical Policymaking? So long as DoC wishes to keep its control over the DNS, it must ensure that it and its agents exercise this power according to law. Some sort of narrowing of ICANN's scope is necessary if DoC is to continue to use it as its agent for DNS matters. Closely restricting ICANN to truly technical matters would also reduce the need for a more popular and democratic representation within ICANN itself. There is usually little need to get a popular vote on truly technical issues; the need for enhanced representation in ICANN comes from the combination of the exclusion of some interest groups and the reality that ICANN is currently not at all limited to technical issues.
a. Restriction by fiat. This solution is by far the easiest to initiate, although not perhaps the easiest to monitor. DoC could simply direct ICANN to restrict itself to purely technical questions, either by rulemaking or even as an amendment to its various agreements with ICANN. Of course, the line between "technical" and "policy" matters is not a perfectly bright one, which means that DoC's instruction would have to be drafted with care. Even so, it [*pg 172] should be possible to come up with a formulation that would, at least in most cases, separate permissible "technical coordination" from impermissible "regulation." We ought to be able to know it when we see it, and matters on the "policy" side of the line would have to be undertaken by DoC itself, via rulemaking, or not done at all.
Karl Auerbach, now an ICANN board member-elect,{674} has proposed one definition to delineate the technical from the political. In his view, a matter is "technical coordination" of the Internet only if "[a] wrong decision has an immediate and direct impact on the ability of the Internet to deliver its fundamental service, i.e. the end-to-end transport of IP packets. Otherwise it is a policy matter."{675} Although this formula has the attractive property of being clear, it is probably too restrictive to be acceptable to DoC, and, indeed, is probably more restrictive than the law requires. There are some matters that could reasonably be called "technical coordination" which do not have an immediate or direct effect on Internet stability, only a long-term one, or which make incremental improvements in the DNS. Deciding what information belongs in a completed domain name registration, for example, may not be critical to Internet stability immediately, but might not in many cases be anything other than technical.{676} Dropping the "immediate" would limit ICANN to matters that "directly impact the end-to-end transport of IP packets," which probably gets closer to a practicable rule.
Although this proposal would be relatively simple to initiate, it is not self-enforcing and would require a continuing monitoring effort by DoC.
b. Creating a domain name registrant bill of rights. Alternately, rather than affirmatively defining ICANN to a very narrow role, DoC might impose a users' bill of rights on ICANN, by describing things that ICANN should not do. In this formulation, ICANN would be required to be far more open, give greater advance notice of its plans, and be prohibited from making any rules that limited human rights or reduced the pre-existing legal rights of either [*pg 173] party in domain name-related disputes. Unfortunately, crafting the right list might be more difficult than trying to delineate the technical from the political. An overinclusive list might make ICANN's real technical job difficult; an underinclusive list would leave it open to expand into areas that would violate the APA or the Constitution. Furthermore, even a very well-drafted list would not be self-policing and, again, some kind of review or enforcement mechanism would be required.
c. A Contract with the Internet. A third method of limiting ICANN to technical policy would solve the policing problem, but at a substantial potential cost. ICANN often says it operates according to the Internet tradition of consensus. Meanwhile, however, it seeks contracts with key parties that would require them to obey ICANN.{677} Similar contracts, however, could be used to make ICANN more accountable to the public. DoC itself once suggested that ICANN should contract with key stakeholders to "restrict its policy development" and to act in "accordance with the principles of fairness, transparency and bottom-up decision making."{678} These agreements, DoC suggested, "give all who enter into agreements with ICANN a contractual right to enforce safeguards that are now contained in the ICANN bylaws and in the antitrust laws of the United States."{679}
Rather than limit enforcement to corporations contracting directly with ICANN, Congress or DoC could insist that ICANN include third-party beneficiary agreements in favor of every holder of a unique domain name in a revised registry and registrar agreement.{680} ICANN would promise openness, due process, even-handedness, user privacy, protection for noncommercial expressive activities, and agree [*pg 174] to avoid facilitating content controls. Making promises for the benefit of registrants would empower the several million people directly affected by ICANN's actions to monitor and enforce the agreements. The large number of beneficiaries makes it an unusual use of this legal device, but so long as the beneficiaries are identifiable registrants, the odds are that most courts would enforce the deal. If ICANN got out of hand, registrants could sue individually or as a class. In one stroke, ICANN would be accountable to the Internet community.
Although this proposal should solve the accountability problem, it also could create a new and unwelcome problem in its stead: ICANN might spend too much time and money in court. ICANN already expends an excessive fraction of its resources on attorneys' fees,{681} and an ideal solution would reduce this expenditure rather than multiply it.
2. Full Privatization? DoC has repeatedly assured Congress, the GAO, and the public that it has no current plan to relinquish its authority over the DNS.{682} This is, however, a much weaker formulation than a promise never to do so. The GAO opined that legislation would be required to allow DoC to turn over its authority to ICANN, but it based that conclusion on the understanding that DoC's interest sounds in property;{683} to the extent that DoC's interest in the DNS is purely contractual, the picture may be less clear.
Full privatization would solve the APA and constitutional issues identified in this Article, but, at least with the ICANN we have today, would do so at an unacceptable cost. As it stands, ICANN is accountable only to DoC, or to the so-far unlikely concerted action of the root server operators.{684} Although ICANN is allowing a minority of its directors to be elected by a group of "members" (who are, ICANN insists, not members under California nonprofit law),{685} these directors are to serve on sufferance: unless the other directors affirma- [*pg 175] tively act to recreate the elected positions, they will sunset in two years. Thus, accountability to the public remains very limited and contingent.
Were DoC to complete the "transition" to a "privatized" root in ICANN's control, there would be little other than the good sense of ICANN's directors to prevent serious mission creep. Under the banner of "technical standard setting," and using the UDRP as its guide, ICANN might reasonably decide to require that all DNS users agree to a code of conduct that punishes spammers, domains hosting objectionable material such as child pornography, or hosts of hate speech.{686} Given ICANN's composition and early direction, efforts to further optimize the Internet for the protection of intellectual property rights would be more likely.{687}
Just how negligible the public control over ICANN would be were DoC to give it full control of the root can be seen by imagining what, other than the self-restraint of its officers, would prevent ICANN from turning itself into a for-profit concern, or leasing its power of the DNS to the highest bidder. The answer is: not much.{688} Already, even while ICANN is accountable to DoC, neither ICANN nor DoC feel accountable to outsiders or the public for ICANN's actions.{689} There is no reason to believe ICANN is corrupt, and even the [*pg 176] people who have questioned the size of its legal expenditures have not suggested that the billed services were fictitious, only excessive.{690} Nevertheless, ICANN's structural similarity to the unaccountable International Olympic Committee{691} is worrying and suggests that the U.S. government should not permanently transfer functions to it until either its role can be limited to purely technical matters or some other form of accountability is built in.
Thus, while it would solve DoC's legal problem, full privatization might require congressional authorization, which might justifiably be difficult to obtain. And given ICANN's performance to date, the case for unshackling it from DoC's oversight seems marginal at best.
3. Give the DNS to an International Body? One of the strongest arguments against continuing control over the DNS by a U.S. federal government agency is that the domain name system has international effects. Why, foreign governments reasonably ask, should the United States be allowed to dominate this increasingly critical element of the international communications infrastructure? In response to the belief that some sort of international public law solution would be most appropriate, some have proposed creating a new treaty-based body or a new intergovernmental or international semi-governmental entity.{692}
[*pg 177]
While the United States' accession to any such agreement would most likely resolve the domestic law problems discussed earlier, it would not do much to solve the underlying public policy problems that animate those challenges and, in fact, threatens to make them worse. If the greatest problem with ICANN's relationship with DoC is that it is making public policy outside of normal channels of accountability, then placing similar power in a supranational or transnational entity equally insulated from the public hardly seems much of an improvement. Again, the specter of the International Olympic Committee comes to mind. It is hard to see how an undemocratic solution based on the international system in which a tyranny's vote is as valid as a democracy's vote would be a material improvement on ICANN itself. And while it is possible to imagine a body limited to democratic governments, it is unlikely that the United States and other democracies would wish to expend the political capital it would cost to close the door to nations that fail to ensure basic human rights and representative government.
4. True Stewardship? The White Paper's four principles for Internet governance were "stability, competition, private bottom-up coordination, and representation."{693} These are good principles, but only because they are means towards the more fundamental goals of using the Internet to enhance freedom and increase human wealth and well-being around the globe. If the United States is going to retain ultimate control over the root file, it should use this power wisely, in a manner that both furthers those goals and appears sufficiently decentralized and transnationalized to calm foreign concerns regarding U.S. dominance of the Internet.
A decentralized and transnationalized policy is also wise because it is unlikely that any single group is wise enough to craft criteria for domain name policy, given all the diverse interests that have an interest in it. As the freest and most robust communications medium since paper and ink, the Internet offers an enormous potential for enhancing the freedom of expression, and supporting the rise of democracy, around the globe.{694} It offers new ways of sharing information be- [*pg 178] tween nations and peoples. It also offers enormous opportunities for increased commercial efficiency, the growth of e-commerce, and the creation of new wealth.
Centralizing control over the creation and naming of TLDs in a single body such as ICANN seems attractive because leaders in the technical community have stated that name collisions must be avoided or the Internet as we know it is in danger.{695} In their view, "stability" requires a hierarchical root. They are far more concerned about preserving the uniqueness of domains and names than they are about how many new TLDs are created,{696} although there are also concerns about the orderly creation of new TLDs. But centralization in policy, just as in routing technology, creates a single point of potential failure.{697} This is unwise. The challenge, therefore, is to find a way to decentralize policy control over TLDs and names while preserving uniqueness and preventing too many new TLDs from being created in a very short space of time.
It turns out that decentralizing yet coordinating TLD policy is within the reach of DoC in a single new rulemaking. DoC should begin by identifying a relatively small number of policy partners, say, somewhere between five and thirty. Each policy partner would get a share of the TLD space to manage, which would give it the opportunity to add an agreed number of TLDs to the root within that space and to design whatever policy regime it thought was appropriate for those TLDs.
The policy partners could be, and should be, diverse. In addition to the United States itself, obvious choices include supra-regional bodies such as the EU and ASEAN. However, in the interest of maximizing diversity, domestic and foreign nongovernmental organizations should also be represented.{698} Choosing a wide range of policy partners would make for a much greater private and "bottom-up" [*pg 179] policy formation process than would be possible with a single centralized organization such as ICANN or DoC itself.
A few prophylactic measures will avoid replicating the due process issues raised by the ICANN experience. In its rulemaking, DoC would need to ensure that its future relationship with its policy partners complies with the Due Process Clause. Selecting participating foreign governments and supra-national associations carefully should allow DoC to declare that the selected partners' procedures comply with due process. Once selected, the governmental partners' decisions would be subject to minimal process, perhaps only publication with a very limited challenge procedure before implementation. Constitutional concerns raised by delegations to private parties do not ordinarily apply to executive agreements with foreign governments, and the existence of countervailing constitutional values, including both comity and the President's foreign affairs powers, also suggests that an abbreviated procedure would be lawful.{699}
In contrast, the legal position of NGOs selected as policy partners would be much the same as ICANN's, and thus require more careful handling. In particular, DoC would have to set up a more thorough review process, perhaps one modeled on the SEC's oversight of self-regulatory exchanges; at a minimum, the NGOs proposed actions would need to be published, a federal official would need to certify that the proposals were fairly arrived at and in the public interest, and comments contesting this determination would need to be considered.
Portions of the TLD space could be delegated alphanumerically or by rota. In the first model, the EU, for example, might be given the right to create TLDs starting with certain letters of the alphabet, or TLDs of a certain length, or some combination of these constraints. Each partner would have a set of letter-length combinations for which it could create up to a defined number of TLDs per year, perhaps with other spacing constraints to ensure that not too many TLDs are created simultaneously. The letter-length combinations might either be assigned with some thought to linguistic appropriateness or simply by lot.
A pure rota scheme is slightly more complex but avoids the potential arbitrariness of giving some policy partners highly unattractive letter-length combinations; the winner of "six-letter-groups-starting- [*pg 180] with-Z" might otherwise feel justly aggrieved. Once the policy partners have been identified, and perhaps given relative shares if some are to have a greater number of TLDs than others, a lottery is held among the partners, with each winner having as many tickets as they have shares. Tickets are pulled randomly, with the first winner being allowed to choose whatever TLD it wishes and to create it first. Each subsequent player can create any TLD except those already spoken for. In this way, TLD uniqueness is preserved but diversity, subsidiarity, and policy decentralization and internationalization are all enhanced. The total number of new TLDs can be limited by the number of tickets pulled in year, and creation dates can be controlled to prevent the possible chaos of large numbers of new TLDs debuting simultaneously.
An expansion of the name space in this fashion should serve the interests of all but one of the "stakeholder" communities interested in domain name policy. That one exception is, however, significant and powerful: holders of trademarks, especially famous (and perhaps also well-known) marks, usually oppose the creation of new TLDs because they fear the dilutive effects on marks that they have associated (or wish they had associated) with existing second-level domains in .com. Some Internet first-movers using common words in .com that may be too generic to trademark may also wish to prevent competitors from using the same second-level domain in a new TLD. Thus, for example, cars.com might worry about the creation of a cars.biz.
Generally speaking, the interest of holders of ordinary, non-famous, trademarks should be helped more than harmed by a substantial increase in the number of TLDs. Increasing the number of TLDs certainly creates a risk of confusion, and that is not helpful. But increasing the number of TLDs also holds out the promise of greatly increasing the number of firms that can register names corresponding to their own names.{700} Both Delta Air and Delta Faucets will be able to be delta.something if they want to be. Furthermore, cybersquatting should quickly decrease as the artificial shortage of attractive names ends -- announce an impending increase in the supply of a previously rationed commodity and watch the price drop. The main losers among the holders of ordinary, non-famous, trademarks will be Internet first-movers who will find their rents caused by the scarcity [*pg 181] of good names to be diminished. All other firms seeking an easy mnemonic tend to be better off.
The combination of famous mark holders and Internet first-movers constitutes the making of a blocking coalition in any process that relies on consensus. An enlightened legislature, or an agency pursuing an enlightened policy, would be asked to balance these interests against the greater good -- note that traditionally a trademark right, even in a famous name, is a right to seek redress for the commercial misuse of that mark, not to preemptively block all possible uses, even noncommercial ones. In my opinion, the balance clearly points towards ending the artificial scarcity of TLDs, preferably by instituting a policy partner program.
Of course, neither Congress nor DoC are necessarily so enlightened at all times. The trademark lobby is politically powerful, and it is quite possible that it could block any proposal that threatened a large number of new TLDs. For example, Congress might act to impose an arbitrary limit on the number of new TLDs in the ICANN-controlled root. If that happens, however, it is still a preferable outcome to having ICANN choose the arbitrary limit (currently set at less than ten). If Congress or the executive make poor policy choices, they can at least in theory be punished at the polls. Against ICANN the citizen currently has no redress at all.
Most Internet users do have one ultimate recourse against over-centralized control of the DNS: They can switch to an alternate root, one that does not rely solely, or at all, on the ICANN-regulated root. Depending on how the new root works, it might supplement or even entirely replace the legacy system. A supplemental root would mirror the legacy root's data, and add extra TLDs of its own.{701} Given the network effect associated with the dominance of the current DNS,{702}[*pg 182] this is a difficult, even costly solution. Moreover, changing roots can be complex for the average user,{703} and can be blocked upstream by an ISP.{704}
DoC and ICANN appear to understand that alternate roots threaten their vision of the Internet, and their control over a critical component of it. Both DoC and ICANN have gone out of their way to disable ICANN's policy competitors. Recall that in the tripartite agreements, DoC required NSI to promise "not to deploy alternative DNS root server systems," to further "the interest of the smooth, reliable and consistent functioning of the Internet."{705} More recently, ICANN's solicitation for applications to create and host new TLDS listed a number of its criteria for choosing among applications. First among them -- first! -- was that the new TLD "should not disrupt current operations, nor should it create alternate root systems."{706}
The battle over control of domain name policy is only part of a larger trend in which the centrifugal forces of the Internet war with powerful centralizing tendencies. The long-run trend is increasingly difficult to discern as the two opposing tendencies intensify. On the one hand, new client software continues the trend of decentralizing content and services. The recent progression has gone quickly from a centralized registry that keeps upload/download logs (Napster), to a decentralized registry with logs (Gnutella), to a decentralized, anonymized, redundant distribution of objects (Freenet), and will soon have an encrypted decentralized, anonymized, redundant distri- [*pg 183] bution of objects.{707} New services promise secure online anonymity.{708} On the other hand, routing topography has gradually concentrated traffic along a few major thoroughfares, thus drastically concentrating and centralizing the Internet.{709} Governments around the world are also expressing increasing concern about the anarchic forces they fear the Internet may unleash,{710} suggesting that the centralizing trend will continue to have powerful promoters.
ICANN is only one battleground in this larger conflict, but it happens to be one that is, or should be, subject to the values of due process, equal protection, openness, and accountability instantiated in U.S. public law. It remains true that "nothing is more certain than that beneficent aims, however great or well directed, can never serve in lieu of constitutional power."{711} The ultimate problem with DoC's reliance on ICANN is not the corporation's secretiveness, or its deci- [*pg 184] sions, or its fight against accountability. Rather the problem is that DoC's reliance on ICANN, and endorsement of its activities, undermines basic elements of accountability and due process on which the administrative state is based. By lending ICANN its control over the DNS, DoC created a system in which social policy is made not by due process of law but by something that begins to resemble government-sponsored extortion. ICANN is able to use its control over the legacy DNS to impose conditions -- on domain name registrants, registrars, and registries -- that owe nothing to the free market or properly constituted regulation and cannot fairly be called "standard making" or "technical coordination." ICANN's UDRP offers little that a registrant would want, as it creates a third-party benefit potentially available to any aggrieved trademark holder in the world. ICANN's control over the DNS also gives it the leverage to demand fees from other participants in the DNS, especially registrars and registries.
So long as ICANN is making policy decisions, however, DoC's arrangement with ICANN either violates the APA, for ICANN is making rules without APA rulemaking, or it violates the nondelegation to private parties doctrine set out in Carter Coal. Were ICANN's mission to be limited more strictly to technical matters, DoC's reliance on it would not be illegal. An ideal solution to the DNS policy problem would both redefine ICANN's mission more narrowly and share out the responsibility for managing the domain name space with both public and private "policy partners," who would each manage a unique portion of the top-level domain space in order to ensure a more decentralized, competitive, robust, diverse and freedom-enhancing approach to the DNS.
[*pg 185]
Figure 1 (created by Anthony M. Rutkowski) The ICANN-GAC Organization
[*pg 186]
DNSO Constituencies (Detail)