Thanks for your work David.
Regardless of ICANN's public statements or strategic plans, I am not sure ICANN can be in accordance with customary International Humanitarian Law with the statement "ICANN does not have a role in the use of the Internet related to cyber-espionage and cyber-war" (page 7). I am equally not sure ICANN is not in accordance with customary International Humanitarian Law with that statement and I remain open to arguments as to whether ICANN should be involved in these issues or could be commanded by IG treaty or agreement to exercise responsibilities thereof.
These are not simple issues. ICANN is a unique organisation that does not neatly fit into any typical, comfortable structure. IHL, of course, is state centric in terms of responsibility but ICANN on one, fairly superficial level, is almost supreme being like in it's coordination of the Internet. Cyber-espoinage, no problem, ICANN is not involved. However, imagine a situation where there are massive cyber attacks on civilian infrastructures in third countries by state actors that ICANN could operationally prevent. Mass civilian death, mass civilian injury, mass destruction of property and infrastructure. Mass death of noncommercial users, mass injury of noncommercial users, mass loss of property of noncommercial users. Do we truly represent these people with a position of "not our problem?"
ICANN is a non state actor but it's operational coordination abilities allow those who want, and they exist, to inpune state responsibility to it through a number of intellectual gymnastics involving the definition of territory and control. I doubt I'll ever buy into those arguments and I don't think they'll ever be majority opinion. I could be wrong. I am concerned, though, with rules 139 (Respect for IHL), 149 (Responsibility for Violations of IHL) and 161 (International Cooperation in Criminal Proceedings) of the ICRC's Study on Customary International Law. As of today ICANN as a non state actor does not have any responsibility under these rules, but as more people examine the nature of ICANN, the ever changing role of the GAC, the uniqueness of ICANN as it is constructed, I can conceive of a consensus being developed in the IHL community that extends responsibility under these rules to ICANN as a unique non state actor. It won't happen tomorrow, it won't happen next year, but it may happen, and I don't want to get myself locked into a position today that prevents me from having options several years down the road.
For those who haven't read it the Tallinn Manual
http://www.ccdcoe.org/249.html is an exceptional first effort at porting IHL into the cyber arena. Mike Schmitt did an exceptional job at coordinating input from some pretty diverse people in creating the guidance, and from my perspective they did a near perfect job for what it is. ICANN is not mentioned in the Manual. However at cocktail discussions in Estonia last year with some of those involved in the project, there was an interest in thinking about ICANN and where it fit into all of this, post Manual production. Interest varied, many did not understand how ICANN was constituted ( at CyCon's public sessions it was described, variably, as an NGO, an IGO, but never as a unique MS organisation), but as much as ICANN would like everyone to forget about it in this context it simply is not going to happen. The salience of cyberwar as an issue, for reasons often having to do more with private economic interests than security, is going nowhere but up and there will be some response on an international level that will impact or involve ICANN, desired or not.
As we exist in 2013 I'm happy to sign off on David's statement. I do so, though, reserving the right to change my view as events and thoughts develop and change regarding cyberwar activities. That ICANN should not be involved in content, obvious. That we do not want to extend it's competence to cybercrime and cyberespionage, of course. Certain forms of cyberwar, though, are different in that in some areas it isn't something an entity can or should be able to opt out of. I'm just not personally sure today where ICANN does or should fit into all of this. It would be a lot easier if we had competing private Internets but until we do I have questions in this area and reserve the right to come back in a few years time with views that are different than what I can accept today. These are complicated issues and I'm not sure best handled with a bumper sticker like perspective. Then again...
On Mon, Apr 22, 2013 at 3:36 PM, Brenden Kuerbis
<[log in to unmask]> wrote:
+1, thanks David. Minor typo in last para, "explicit acknowledge[ment]..."