Remarks of Lawrence E. Strickling
Assistant Secretary of Commerce for Communications and Information
The Self-Governing Internet
Georgia Institute of Technology
October 26, 2016
--As Prepared for Delivery--
Thank you Milton for inviting me and thank you to all of you joining us here at Georgia Tech and watching the webcast.
Milton has asked me to give my thoughts on the future of Internet governance, but before I do so, I want to take a moment to recognize Milton for all his work on this issue. He has been a leading voice on Internet governance for as long as I have been following these issues and is truly a thought leader on the multistakeholder approach and how it can solve some of the most challenging Internet policy questions.
With that obvious plug for my host, let me turn to the issue you will be debating in the panel discussion. Any discussion of the future of Internet governance must also include an examination of the multistakeholder approach, which involves bringing together all interested stakeholders to try to make progress on a particular issue.
With the help of people like Milton and stakeholders around the world, we have finally fulfilled the promise the United States made nearly two decades ago to privatize the Internet domain name system. We took the final steps with the expiration of the IANA functions contract with ICANN as of October 1 and last week by modifying our cooperative agreement with Verisign to remove NTIA’s role in authorizing changes to the authoritative root zone file.
I know many of you understand the significance of this historic moment in the evolution of the Internet. But I think it is also important to understand it in the context of the development of the multistakeholder approach to Internet governance and policymaking. This transition is a powerful testament to the strength of the multistakeholder model and what it can achieve.
First, let me provide some history. More than two years ago, NTIA tasked ICANN with convening stakeholders to develop a plan to transition the stewardship role NTIA played related to the Internet domain name system. We set out four key criteria. We said it must:
- support and enhance the multistakeholder model of Internet governance;
- maintain the security, stability, and resiliency of the Internet DNS;
- meet the needs and expectations of the global customers and partners of the IANA services; and
- maintain the openness of the Internet.
In addition, we said we would not accept a plan that replaced NTIA's role with a government-led or intergovernmental organization solution. Enhancing ICANN’s accountability also was deemed by stakeholders to be a critical part of this process.
Hundreds of stakeholders around the world worked for nearly two years in an open and transparent process to develop a consensus plan. Stakeholders spent more than 26,000 working hours on the proposal, exchanged more than 33,000 messages on mailing lists, held more than 600 meetings and calls and incurred millions of dollars of legal fees to develop the plan, which the community completed and sent to NTIA in March.
NTIA led an intensive interagency review to ensure the plan met our criteria. On June 9, we concluded that the plan satisfied each and every one of our criteria. We also evaluated the proposal against relevant internal control principles, as recommended by the U.S. Government Accountability Office (GAO). We separately engaged a panel of corporate governance experts to review the ICANN accountability proposal. The experts concluded that the proposal was consistent with sound principles of good governance.
There were some last-minute attempts to derail the transition. But these attempts, which included a hearing on a temporary restraining order in a Galveston, Texas courtroom on the afternoon of September 30, were met with resistance from the stakeholders who worked on or supported the transition proposal. They argued that blocking the transition or even delaying it could harm U.S. credibility around the globe and embolden those countries that would prefer to see governments control the DNS.
Fortunately, these attempts to delay or block the transition did not succeed. And so the IANA functions contract with ICANN expired as of October 1. Upon expiration, the agreements and accountability mechanisms developed by the global customer community for the performance of the IANA functions went into effect. At the same time, the revised ICANN bylaws designed by the global community to enhance ICANN’s accountability also went into force.
Looking back on this two-year effort, is there any question whether we were correct to call on the multistakeholder community to develop the transition proposal? I believe without a doubt that we were. Could any other process have brought together the views and ideas of so many people in such a short period of time to solve such complicated and important issues? I do not think so.
I think we should be enormously proud of what we have accomplished with the IANA transition. It is a historic moment in the growth and evolution of the Internet. But there is certainly more work to be done as it relates to the domain name system. This includes ensuring that we as members of the Internet multistakeholder community hold ICANN accountable to the commitments it has made. We must ensure it meets the needs of the customers of the IANA functions contracts. And we must ensure ICANN abides by the principles of the multistakeholder approach and the reforms developed by the community.
At the same time, we must consider how we can we expand and evolve the multistakeholder approach. Can we apply it to other Internet policy challenges that have traditionally been addressed by national governments such as questions of jurisdiction or cybersecurity?
On the Internet, policy challenges are often not easily addressed by passing a law or implementing a regulation. Top-down solutions that may work in other arenas rarely work on the Internet. We have seen the multistakeholder approach work in the allocation of critical Internet resources, such as IP addresses and domain names. But can we bring stakeholders together to address some of these thorny issues through the consensus decision making that characterizes the multistakeholder approach? Can the multistakeholder approach help make progress on questions of data protection, software vulnerability research, artificial intelligence, and other emerging issues?
As we consider the future and these questions it is important to acknowledge that not every problem can be solved with the multistakeholder model. To understand where it can best be utilized and how to maximize the likelihood of success, we need to focus on the key attributes that characterize effective multistakeholder processes.
Perhaps the most important attribute is that a multistakeholder process must have legitimacy. Participants must believe that a process has the legitimacy to reach a decision. They must have some trust in those convening the process and a sense that the participants are representative of the broader community.
So where does legitimacy come from? Often that legitimacy may come from a government or some other "official" entity that convenes the process. But that does not always have to be the case. The Internet Engineering Task Force (IETF) is an example of a successful multistakeholder body that has gained legitimacy organically over the years and did not require the blessing of a government agency like NTIA. Instead, it gained legitimacy by producing voluntary standards of the highest quality.
In the United States, the legitimacy of the domestic multistakeholder processes that NTIA has facilitated on privacy and cybersecurity have certainly been helped by our convening them and by their open and transparent manner. But government does not always need to be the legitimizing force. So while legitimacy is a crucial factor in the success of a multistakeholder process, there may be many different ways to obtain it.
For example, a process may develop legitimacy when it is open to any participant and utilizes consensus decision making, such as the IETF. One key benefit of multistakeholder processes is that they can include and engage all interested parties. These parties can include industry, civil society, government, technical and academic experts and even the general public. The Internet is a diverse, multi-layered system that thrives only through the cooperation of many different parties. Solving or even meaningfully discussing policy issues in this space requires engaging these different parties. Indeed, by encouraging the participation of all interested parties, multistakeholder processes can foster broader and more creative problem solving.
Another key element is consensus decision-making. For a multistakeholder group to succeed, its members must know that they will be the ones to make the decision -- not someone else -- and that it must be a consensus decision. Some countries or organizations have run what they call multistakeholder processes that in reality are only consultations because the so-called multistakeholder group is not empowered to make the final decision. When groups know that they control the final decisions, they are more likely to put in the extra effort often needed to reach a true consensus. Usually, reaching consensus requires making compromises but participants are more willing to compromise when a group feels that reaching a shared decision is the most important goal. Otherwise, stakeholders who are satisfied with the status quo can be destructive to a multistakeholder process.
Clearly, the multistakeholder model has a successful record of accomplishment when it comes to technical Internet issues. All of us have watched in awe over the past two years as the global Internet community has engaged in one of the most compelling demonstrations of a multistakeholder process ever undertaken through the work on the IANA stewardship transition.
But it is also useful to understand where it has not been as successful. Look at the effort launched in the wake of the successful NetMundial conference.
NetMundial was a meeting hosted in April 2014 by Brazil. The conference brought together a wide range of stakeholders including technical experts, civil society groups, industry representatives and government officials, all on an equal footing with each other. At this meeting, participants agreed that Internet governance should be built on democratic multistakeholder processes. In fact, the meeting itself was a compelling demonstration of the open, participative, and consensus-driven governance that has allowed the Internet to develop as an unparalleled engine of economic growth and innovation.
Following this meeting, a handful of stakeholders in the Internet community at the urging of ICANN’s CEO at the time invited stakeholders to come together to work on ways to move the NetMundial principles forward. The NetMundial Initiative was aimed at providing an international platform to bring together government, business and civil society leaders as well as technical experts to discuss how to sustain and strengthen an effective multistakeholder approach to Internet governance.
One of the stated goals of this effort was to encourage more participation by developing countries in the multistakeholder model. In 2012, at the World Conference on International Telecommunications (WCIT) in Dubai, many countries in the developing world voted for greater government control of the Internet. Following that conference, I and many others came to the realization that we needed to do more to strengthen existing opportunities, and perhaps develop new ones, for these developing countries to participate in multistakeholder processes to solve their problems. The hope was that NetMundial Initiative could demonstrate how developing countries could engage the multistakeholder approach and the ideas of inclusion and participation in their own countries to reach better outcomes in response to Internet policy challenges.
Yet despite support from the United States government and others, the NetMundial Initiative never got off the ground. Why? Because it lacked the support and participation of all the relevant stakeholders, most notably the business community and the Internet Society. It was developed in a top down way, without bottom up support and input from the community. In the eyes of many key stakeholders, the initiative lacked the legitimacy it needed to succeed.
So as we look to define and expand the role of the multistakeholder model, it is important to keep in mind that a process must be based on inclusion and participation from the first day in order to develop the legitimacy it needs to be successful.
A second key issue to be considered as we discuss the future of the multistakeholder model is the fact that the process does not guarantee that everyone will be satisfied with the outcome. But it is critical to preserving this model of Internet governance that all parties respect and work through the process and accept the outcome once a decision is reached. There is work to be done to ensure that this will be the case.
Even ICANN, which has all this experience running multistakeholder processes, is not immune to detractors who attempt to undermine the process after an outcome has been achieved. We saw this a few years ago in the debate over the launch of ICANN’s new generic top-level domain name (gTLD) program.
The program called for expanding the availability of generic top-level domains to provide more user choice and offer alternatives to the existing names such as .com or .net. The new gTLD program was developed in an open and transparent process over seven years and involved global stakeholders from the business community, civil society, registries, registrars, and governments. At NTIA, we worked throughout the process within ICANN’s Governmental Advisory Committee (GAC) to make sure that the process adequately addressed public policy issues.
Yet after the program was approved by the ICANN board and was being implemented, parties that did not like the outcome of that multistakeholder process attempted to collaterally attack the outcome by seeking unilateral action by the U.S. government to overturn or delay the program.
When parties ask us to overturn the outcomes of these processes, no matter how well-intentioned the request, they are providing “ammunition” to other countries who attempt to justify their unilateral actions to deny their citizens the free flow of information on the Internet. This we refused to do.
As I mentioned before, after the community completed the IANA transition plan, there were those who tried to delay or block the transition at the eleventh hour. Of course, there will always be those who are not happy with the outcome. But if you believe in the process, you must respect the process.
However, you do not show respect for the multistakeholder process when you wait until the process is over and the community has reached consensus and then propose major changes in the plan without ever asking the community to consider such an option. You do not show respect for the multistakeholder process when you do not participate for two years and then afterward say you object to the outcome.
So how do we defend against last-minute attacks of the process from those who either did not participate in the multistakeholder process or did not prevail in advancing their views as part of the process? One way is to offer as many opportunities as possible for all parties to participate in order to get potential critics to air their issues within the process and not seek to change the outcome after the fact.
Protecting the process also requires a dedicated and concerted effort to educate people about the multistakeholder model. In the U.S. Congress, for example, which has passed unanimous resolutions supporting the model, we found in the past few months that many members did not really understand the model and how it worked. It is up to those of us who support the model to build greater awareness and understanding of it among key policymakers around the world to inoculate the process against collateral attacks from unhappy stakeholders.
When we engage in those educational efforts, we must be direct and upfront and explain that multistakeholder processes are not easy. They can be chaotic and they do require a serious commitment of time and energy from participants. But we can point to a record of success. We can explain that they offer a nimble, flexible approach, much better suited to rapidly changing technologies and markets than traditional regulatory or legislative models.
The Internet works seamlessly today because a cadre of technologists and policy wonks put their heads together at the IETF and elsewhere to standardize voluntary programming languages, security protocols, and other web technologies. We must educate people that if these technological challenges had been handed off to the typical Washington regulatory or legislative process to resolve or worse, an international governmental organization like the International Telecommunication Union, we might still be waiting for a resolution. Worse, we might have technical protocols that are hopelessly out of date or based on non-technical political considerations that are hamstringing technologists and users from creating the robust, evolving Internet we enjoy today.
So if you take away one message from me today it is this: The challenge for the multistakeholder community is to learn from our experiences and apply it to those issues where it has the best chance to succeed. At the same time, we still have work to do to demonstrate to stakeholders everywhere, but especially in developing countries, how they can utilize this tool to solve technical policy challenges better than top-down regulatory approaches offered by governmental organizations like the ITU.
With that, I want to thank all of you for being here today and for participating. Because it is only through your participation in these forums can we continue to ensure that the Internet remains an engine for prosperity, innovation and free expression.
Thank you for listening.