Remarks of Lawrence E. Strickling
Assistant Secretary of Commerce for Communications and Information
UK Internet Governance Forum
November 17, 2016
--As Prepared for Delivery--
Thank you to the UK IGF steering committee for inviting me to participate, and thank you to those of your here in London, and to everyone joining the proceedings remotely.
One of the issues we will be discussing next month at the global Internet Governance Forum in Mexico is how we can continue to strengthen and reinforce the multistakeholder model. It will be an important discussion, coming on the heels of the most successful demonstration of the power of this model with the completion of the IANA transition.
With the help of people like you - and fellow stakeholders around the world - we have finally fulfilled the promise the United States made nearly two decades ago to privatize the Internet domain name system (DNS). We took the final steps with the expiration of the IANA functions contract with ICANN as of October 1 and by modifying our cooperative agreement with Verisign to remove NTIA's role in authorizing changes to the authoritative root zone file.
I know many of you understand the significance of this historic moment in the evolution of the Internet. But I think it is also important to understand it in the context of the development of the multistakeholder approach to Internet governance and policymaking.
For more than a decade, the United States, the United Kingdom, and our global partners have strived to promote the multistakeholder approach to Internet governance because of the attributes of the Internet itself. From the World Summit on the Information Society (WSIS) to the World Conference on International Telecommunications (WCIT), we have argued that the Internet is fundamentally different from other communications networks. It is a diverse, multi-layered system that thrives only through the cooperation of many different parties, operating through consensus, in a bottom-up manner. Unequivocally, the success of IANA functions stewardship transition serves as a validation of that premise, and of our ongoing and unrelenting commitment to the multistakeholder model.
But let me provide some additional history on the transition itself. More than two years ago, NTIA tasked ICANN with convening stakeholders to develop a plan to transition the stewardship role NTIA played related to the Internet domain name system. We set out four key criteria. We said it must:
- Support and enhance the multistakeholder model of Internet governance;
- Maintain the security, stability, and resiliency of the Internet DNS;
- Meet the needs and expectations of the global customers and partners of the IANA services; and
- Maintain the openness of the Internet.
In addition, we said we would not accept a plan that replaced NTIA's role with a government-led or intergovernmental organization solution. At the same time, stakeholders also felt that enhancing ICANN's accountability also needed to be a critical part of this process and we agreed.
Hundreds of stakeholders around the world worked for nearly two years in an open and transparent process to develop a consensus plan. Stakeholders spent more than 26,000 working hours on the proposal, exchanged more than 33,000 messages on mailing lists, held more than 600 meetings and calls and incurred millions of dollars of legal fees to develop the plan, which the community completed and sent to NTIA in March.
NTIA led an intensive interagency review to ensure the plan met our criteria. On June 9, we concluded that the plan satisfied each and every one of our criteria. We also evaluated the proposal against relevant internal control principles, as recommended by the U.S. Government Accountability Office (GAO). We separately engaged a panel of corporate governance experts to review the ICANN accountability proposal. The experts concluded that the proposal was consistent with sound principles of good governance.
There were some last-minute attempts to derail the transition. These attempts included a hearing on a temporary restraining order in a Galveston, Texas courtroom on the afternoon of September 30, hours before the contract was set to expire. These efforts were met with resistance from the stakeholders who worked on or supported the transition proposal. They argued that blocking the transition or even delaying it could harm U.S. credibility around the globe and embolden those countries that would prefer to see governments control the DNS.
Fortunately, these attempts to delay or block the transition did not succeed. And so the IANA functions contract with ICANN expired as of October 1. Upon expiration, the agreements and accountability mechanisms developed by the global customer community for the performance of the IANA functions went into effect. At the same time, the revised ICANN bylaws designed by the global community to enhance ICANN's accountability also went into force.
Looking back on this two-year effort, is there any question whether we were correct to call on the multistakeholder community to develop the transition proposal? I believe without a doubt that we were. Could any other process have brought together the views and ideas of so many people in such a short period of time to solve such complicated and important issues? I do not think so.
I think we should be enormously proud of what we have accomplished with the IANA transition. It is a historic moment in the growth and evolution of the Internet. But there is certainly more work to be done as it relates to the domain name system. This includes ensuring that we as members of the Internet multistakeholder community hold ICANN accountable to the commitments it has made. We must ensure it meets the needs of the customers of the IANA functions contracts. And we must ensure ICANN abides by the principles of the multistakeholder approach and the reforms developed by the community.
At the same time, we must consider how we can expand and evolve the multistakeholder approach. Can we build on the success of the IANA transition to tackle other Internet policy challenges?
On the Internet, policy challenges are not easily addressed by passing a law or implementing a regulation. Top-down solutions that may work in other arenas rarely work on the Internet. We have seen the multistakeholder approach work in the allocation of critical Internet resources, such as IP addresses and domain names. But can we bring stakeholders together to address some of these other thorny issues through the consensus decision making that characterizes the multistakeholder approach? Can the multistakeholder approach help make progress on questions of data protection, software vulnerability research, artificial intelligence, and other emerging issues? I think it can.
However, as we consider the future and these questions, it is important to acknowledge that not every problem can be solved with the multistakeholder model. To understand where it can best be utilized and how to maximize the likelihood of success, we need to focus on the key attributes that characterize effective multistakeholder processes. It is clear that the most effective multistakeholder processes are ones that:
- Include and integrate the viewpoints of a diverse range of stakeholders, ensuring that underrepresented groups have a meaningful say in the policies that impact them;
- Produce outcomes that are consensus-based, reflect compromise, and are supported by the greatest number of stakeholders;
- Build agendas through bottom-up contributions rather than delivering top-down mandates;
- And earn legitimacy by practicing openness and transparency and developing an environment of trust.
Let me elaborate on this legitimacy point, because it is perhaps the most critical component. Participants must have some trust in those convening the process and a sense that the world at large will accept and recognize the outcome of the process as authoritative.
So where does legitimacy come from? Often that legitimacy may come from a government or some other "official" entity that convenes the process. In the United States, the legitimacy of the domestic multistakeholder processes that NTIA has facilitated on privacy and cybersecurity have certainly been helped by our convening them. But government does not always need to be the legitimizing force.
For example, the Internet Engineering Task Force (IETF) is an example of a successful multistakeholder body that has gained legitimacy organically over the years and did not require the blessing of a government agency like NTIA. Instead, it gained its legitimacy by producing voluntary standards of the highest quality that have become the gold standard for the Internet since the body’s inception. So while legitimacy is a crucial factor in the success of a multistakeholder process, there may be different ways to obtain it.
One thing is clear. To be accepted as legitimate, a process needs to be open to any participant and consciously include a diversity of stakeholders. As I just noted, the Internet thrives only through the cooperation of many different parties. Solving or even meaningfully discussing policy issues in this space requires engaging participants from industry, civil society, government, and the technical and academic communities. Even the general public should be encouraged to participate. Absent this openness and diversity, we have found that it can be difficult to achieve the degree of legitimacy needed for a multistakeholder process to be successful.
At the same time, participants must know that they will be the ones to make the decision -- not someone else -- and that it must be a consensus decision. Some countries or organizations have run what they call multistakeholder processes that in reality are only consultations because the so-called multistakeholder group is not empowered to make the final decision. When groups know that they control the final decisions, they are more likely to put in the extra effort often needed to reach a true consensus. Usually, reaching consensus requires making compromises but participants are more willing to compromise when a group feels that reaching a shared decision is the most important goal. Otherwise, stakeholders who are satisfied with the status quo can be destructive to a multistakeholder process.
Clearly, the multistakeholder model has a successful record of accomplishment on Internet policy questions, especially when it comes to technical Internet issues. All of us have watched in awe over the past two years as the global Internet community has engaged in one of the most compelling demonstrations of a multistakeholder process ever undertaken through the work on the IANA stewardship transition.
But as we think about extending the model to more difficult policy issues, it is useful to understand where it has not been as successful. For example, look at the effort launched in the wake of the successful NetMundial conference.
The NetMundial conference was a meeting hosted in April 2014 by Brazil. The conference brought together a wide range of stakeholders including technical experts, civil society groups, industry representatives and government officials, all on an equal footing with each other. At this meeting, participants agreed that Internet governance should be built on democratic multistakeholder processes. In fact, the meeting itself was a compelling demonstration of the open, participative, and consensus-driven governance that has allowed the Internet to develop as an unparalleled engine of economic growth and innovation. The meeting was a success on every dimension.
Following the NetMundial meeting, the World Economic Forum, at the urging of ICANN's CEO at the time, invited stakeholders to come together to work on ways to move the NetMundial principles forward. They created the NetMundial Initiative to develop an international platform to bring together government, business and civil society leaders, as well as technical experts, to discuss how to sustain and strengthen an effective multistakeholder approach to Internet governance.
One of the stated goals of this effort was to encourage more participation by developing countries in Internet governance. In 2012, at the World Conference on International Telecommunications (WCIT) in Dubai, many countries in the developing world voted for greater government control of the Internet. Following that conference, many of us came to the realization that we needed to do more to strengthen existing opportunities, and perhaps develop new ones, for these developing countries to participate in multistakeholder processes to solve their problems. The hope was that the NetMundial Initiative could demonstrate to developing countries how they could engage the multistakeholder approach and adopt the ideas of inclusion and participation in their own countries to reach better outcomes in response to Internet policy challenges.
Yet despite support from the United States government and others, the NetMundial Initiative never got off the ground. Why? There were a number of reasons, but I believe the primary reason was the lack of support and participation by key stakeholders, most notably the business community and the Internet Society. The initiative was developed in a top down way, and did not adequately seek the support or input from these and other stakeholders. In their eyes, the initiative lacked the legitimacy it needed to succeed.
So as we look to define and expand the role of the multistakeholder model, it is important to keep in mind that a process must be based on inclusion and participation from the first day in order to develop the legitimacy it needs to be successful.
A second key issue to be considered as we discuss the future of the multistakeholder model is the fact that the process does not guarantee that everyone will be satisfied with the outcome. But it is critical to preserving this model of Internet governance that all parties respect and work through the process and accept the outcome once a decision is reached. There is work to be done to ensure that this will be the case.
Even ICANN, which has all this experience running multistakeholder processes, is not immune to detractors who attempt to undermine the process after an outcome has been achieved. We saw this a few years ago in the debate over the launch of ICANN's new generic top-level domain name (gTLD) program.
The program called for expanding the availability of generic top-level domains to provide more user choice and offer alternatives to existing names such as .com or .net. The new gTLD program was developed over seven years in an open and transparent process and involved global stakeholders from the business community, civil society, registries, registrars, and governments. At NTIA, we worked throughout the process within ICANN's Governmental Advisory Committee (GAC) to make sure that the process adequately addressed public policy issues.
Yet after the program was approved by the ICANN board and was being implemented, parties that did not like the outcome of that multistakeholder process attempted to collaterally attack the outcome by seeking unilateral action by the U.S. government to overturn or delay the program.
While we worked with other stakeholders to ensure that copyright issues and other concerns were addressed, NTIA did not intervene to stop the program because to do so would have undermined the process that led to development of this program. It would have set a bad precedent by in effect rewarding those stakeholders who preferred to challenge the process rather than work within to achieve consensus.
More recently, as I mentioned before, after the community completed the IANA transition plan, there were those who tried to delay or block the transition at the eleventh hour. Of course, there will always be those who are not happy with the outcome. But if you believe in the process, you must respect the process by bringing your concerns or ideas forward before stakeholders come to a consensus decision – not after.
So how do we defend against last-minute attacks of the process from those who either did not participate in the multistakeholder process or did not prevail in advancing their views? One way is to offer as many opportunities as possible for all parties to participate. This allows potential critics to air their issues within the process.
Protecting the process also requires a dedicated and concerted effort to educate people about the multistakeholder model. It is up to those of us who support the model to build greater awareness and understanding of it among key policymakers, business leaders, and others around the world. Doing so will help inoculate the process against collateral attacks from unhappy stakeholders.
When we engage in those educational efforts, we must be direct and upfront and explain that multistakeholder processes are not easy. They can be chaotic and they do require a serious commitment of time and energy from participants. But we can point to a record of success. We can explain that they offer a nimble, flexible approach, much better suited to rapidly changing technologies and markets than traditional regulatory or legislative models.
The Internet works seamlessly today because a cadre of technologists and policy wonks put their heads together at the IETF and elsewhere to standardize voluntary programming languages, security protocols, and other web technologies. We must educate people that if these technological challenges had been handed off to the typical Washington regulatory or legislative process to resolve or worse, an international governmental organization like the International Telecommunication Union (ITU), we might still be waiting for a resolution. Worse, we might have technical protocols that are hopelessly out of date or based on non-technical political considerations that would be hamstringing technologists and users from creating the robust, evolving Internet we enjoy today.
So if you take away one message from me today it is this: With the success of the IANA stewardship transition, the challenge for the multistakeholder community is to build from that experience and find opportunities to apply the model to those issues where it has the best chance to succeed. At the same time, we still have work to do to demonstrate to stakeholders everywhere, but especially in developing countries, how they can utilize this tool to solve technical policy challenges better than top-down regulatory approaches offered by governmental organizations like the ITU.
And that is why, as I close, I want to take a moment to recognize the importance of regional and national IGF events like this one.
As some of you might know, the UK IGF holds the title of the first ever national IGF event. Since 2007, members of the IGF community here have volunteered their time, their efforts, and their talents to develop a platform for multistakeholder discussion on Internet governance issues.
One of the many benefits of having a national IGF is that communities can gather perspectives on local Internet issues so they can later be shared nationally and with the global community. This is vitally important as we continue to build support for the multistakeholder model around the world. I understand that there will be a session later today that will summarize the day’s discussions in light of next month’s global IGF event in Mexico, so I very much look forward to hearing how this UK IGF event can help inform and advance the discussion in Guadalajara.
With that, I want to thank all of you for being here today and for participating. Because it is only through your participation in these forums can we continue to ensure that the Internet remains an engine for prosperity, innovation, and free expression.
Thank you for listening.