Should search engines retain a record of search queries? What benefits or harms flow from retaining that data? Should academic researchers be able to get access to “query log” data from search companies? What kinds of research can be done with this data? And — critically — what about the privacy of the search engine users?

All of these questions were debated and discussed in a workshop yesterday at the WWW 2007 conference entitled “Query Log Analysis: Social and Technological Challenges.” WWW is the leading annual academic conference focused on the Web and the Internet. This year the conference is in Banff in the Canadian Rockies (making staying indoors for the sessions quite a challenge).

The Query Log workshop addressed a fascinating set of issues, the foremost of which is the significant privacy risk raised by the retention (or distribution) of logs of search terms on sites such as Google, MSN, Yahoo, Ask etc. As the WWW event is an academic conference, there was much attention to the plight of researchers outside of the search companies. Researchers are frustrated that they have little or no access to actual data – the actual queries entered into search engines.

The companies are hesitant to disclose search data, both out of concern about compromising trade secrets about how they execute and track searches, but also because the backlash about the incident in August 2006 in which AOL released millions of search terms from about 650,000 users. Although AOL replaced user IDs with pseudonyms, it was relatively easy to identify some individual people from their search terms. There was, appropriately, a huge uproar about the harm to privacy, and AOL quickly took the data down.

Although the release of the data was clearly a mistake, AOL’s intentions were in fact honorable – AOL was trying to allow academic researchers access to actual search data. And ironically, the AOL data release did allow researchers to analyze core issues about privacy. In that data, for example, were social security and credit card numbers (raising privacy concerns by themselves), and researchers were able to document how privacy could be breached using the aggregated search of individuals’ searches.
(more…)

The inaugural Internet Governance Forum closed last Thursday in Athens, Greece after 4 days of panel discussions and workshops that attracted over 1,000 government officials, business representatives, and non-governmental organizations from around the world.

I was there, representing CDT and the Global Internet Policy Initiative (GIPI), our joint project with Internews. In two workshops and a plenary session, I highlighted GIPI as a proven model for working locally to reform national laws and policies in order to foster expanded Internet access in developing countries. Everything you need to know about GIPI can be found here.

Also present was GIPI executive director George Sadowsky, who, over the past 12 years, has educated and advised a generation of Internet technologists and policymakers in the developing world. As a special advisor to the Chair of the IGF, Sadowsky had a major role in planning the Forum.

The unstated question at the IGF was “What is Internet governance?” Based on our experience with GIPI, both George and I stressed repeatedly that 90% of Internet governance is local: telecommunications policy (especially enforcement of competition and interconnection), licensing requirements, limits on use of wireless technology, the privacy framework, and management of country-code Internet domains.

Overall, it seems as though the initial misperceptions that equated ICANN with Internet governance have been replaced with a more sophisticated view. Although some speakers continued to express vague complaints about Western dominance of the Internet, many speakers from developing talked about problems at home and what they are doing to create a framework more conducive to Internet growth.

In comments at the closing plenary, I urged participants to follow the adage “Think globally, act locally.” I recommended that each country present should convene at the national level an ongoing multi-stakeholder dialogue — local businesses, government officials, academics and users — to identify specific barriers and specific solutions that can be implemented through national strategies.

The session closed with the announcement that the next IGF will be in Rio de Janeiro, Brazil, November 12-15, 2007.

The IGF Website, with transcripts, is here.

On October 16, the Internet Corporation for Assigned Names and Numbers (ICANN) asked the online public to provide input for how to improve the transparency and accountability of the organization’s operations. This is a very good thing. Unfortunately, the deadline ICANN set for members of the Internet community to submit comments was October 31. This is a major problem.

We applaud ICANN for attempting to address its historic deficiencies in providing adequate transparency and accountability. No issue has been more damaging to ICANN’s credibility in the Internet community. But the artificially constrained timeframe ICANN has laid out for addressing the problem has left many observers to wonder if ICANN understands the scope of the problem or the challenges the organization will face in addressing it.

ICANN’s first notice gave the Internet public two weeks to provide recommendations, and was premised on the assumption that ICANN’s board would enact new policies at the organization’s December meeting in Sao Paulo, Brazil. ICANN later issued a second notice clarifying that it was seeking only “preliminary” responses by October 31, and announcing that the board would now take up the issue in March 2007.

That still seems like an awfully short timeframe to fix what appear to be a systemic problems with ICANN’s policies and institutional culture. In our preliminary comments to ICANN we offer some suggestions for fixing the most glaring instances of opaque and unaccountable practices, but also urge ICANN to step back and commit to devoting the time and resources needed to address these issues in a way that makes the organization truly stronger and more stable.

ICANN has taken a worthy and important step in throwing these issues open for review and improvement. Now it must make sure it follows through on what it started.

[Editors Note: CDT Policy Director Jim Dempsey is in Athens this week, participating in the first global Internet Governance Forum (IGF). He’ll be blogging about the experience throughout his stay. Check back regularly for updates.]

The Internet Governance Forum opened today in the rainy seaside Athenian suburb of Vouliagmeni. “Internet governance” has always been a subjective term, and it’s pretty clear from the opening remarks that much of the discussion here will be driven by how various stakeholders define it. There have been enough divergent comments thus far (often coming from the same speaker) to both appease and rile advocates on all sides of the debate.

So far, there has been broad agreement that the Internet is essentially a good thing, or has had essentially good effects, but comments about applying technology cautiously and adopting the “correct” legal and policy framework are subject to multiple interpretations.

Key themes so far include dialogue, multi-stakeholder, the Internet as a global resource, diversity, the needs of users, security, stability, protecting children, multilingualism, free flow of information, diversity, and development.

Vint Cerf, Internet pioneer and chairman of the board of the Internet Corporation for Assigned Names and Numbers (ICANN) had a thoughtful comment today in response to calls for more global Internet governance. As he explained, there is already a lot of governance in the system, and, suggested that we should ask which parties need to be governed and for what purpose. To this, I would add, since governance need not always mean governments, what is the best kind of institution for implementing that governance? For service providers, the question may be is there enough competition. If not, we may want to regulate it. Higher up, there are different players, different interests, and different institutions may be appropriate.

There seems to be an assumption that the IGF is here to stay as an institution. The sites of the next three events have already been selected:

Brazil 2007
India 2008
Egypt 2009

The transcript of the morning is now available. Vint Cerf’s morning remarks (second to last) are worth reading in their entirety.

More to come…

For now at least, it looks like the legal dispute between Illinois-based e-mail marketer 360 Insight LLC and London-based anti-spam group Spamhaus won’t set a dangerous precedent for the Internet Corporation for Assigned Names and Numbers (ICANN).

As we reported in this space last week, e360 won a default judgment in a civil case it filed against Spamhaus and had asked a federal judge to demand that ICANN strip Spamhaus of its Web address, spamhaus.org. Although we take no position on the substance of e360’s complaint against Spamhaus, we vehemently objected to the company’s attempt to involve ICANN in the process.

As we said in our official statement, ICANN has neither the legal authority nor the practical ability to suspend Spamhaus.org. It is e360’s responsibility to ask a court that has jurisdiction over Spamhaus to enforce the U.S. Court’s judgment. Under no circumstances should ICANN be required to be involved. ICANN has a vital responsibility to oversee and preserve the stability and security of the global Domain Name System (DNS). It would set an unfortunate precedent to involve it in a case like this.

Thankfully though, it appears such a precedent won’t be set. Late last week, Judge Charles Kocoras issued this order denying e360’s request that the court force ICANN to suspend spamhaus.org. You can read ICANN’s explanation of the decision here.

Like many in the high-tech community, we’ve recently been tracking a lawsuit filed by an Illinois-based e-mail marketing company — e360 Insight LLC — against London-based anti-spam group Spamhaus.

For those not familiar with Spamhaus, it maintains one of the most widely used spam “block lists” of Internet domains associated with suspected spammers. From the court documents, it appears e360 Insight sued Spamhaus to remove its domains from the Spamhaus block list. A federal court in Illinois issued a default judgment against Spamhaus after Spamhaus failed to participate in the proceedings. Attorneys for e360 Insight asked the court to issue an order requiring the Internet Corporation for Assigned Names and Numbers (ICANN) to suspend Spamhaus’s domain name, Spamhaus.org.

This is where we come in. We don’t take a position on the merits of e360’s case against Spamhaus, but we are deeply troubled at the attempt to bring ICANN into this dispute. ICANN is a technical body that has nothing to do with the administration of individual domain names. As we say in our official statement, ICANN has neither the legal authority nor the practical ability to suspend Spamhaus.org. It is e360’s responsibility to ask a court that has jurisdiction over Spamhaus to enforce the U.S. Court’s judgment. Under no circumstances should ICANN be required to be involved.

ICANN has issued its own statement on the case, and we’re optimistic that this will be resolved in a way that does not involve ICANN. We’ll be keeping a close eye on upcoming developments.

Last week, the U.S. Government renewed the deal under which the nonprofit, non-governmental Internet Corporation for Assigned Names and Numbers (ICANN) oversees the Internet’s global addressing system. The three-year Joint Project Agreement calls for ICANN to work toward establishing the openness and accountability necessary to stand on its own as the sole operator of the Domain Name System (DNS). But for the next three years at least, the U.S. Government will continue to have the final say over changes ICANN makes to DNS.

Although we’re still reviewing the details of the agreement, this looks like the right decision. In recent years the U.S. Government’s unique role in Internet governance has become a sore spot for members of the international community who feel that the United States exerts too much control over Internet communication. But while these concerns are valid, the realistic alternatives to the U.S. Government retaining its special role in ICANN are neither viable nor appealing.

Very few people in the Internet community believe that ICANN is ready to stand on its own, without any governmental ties. Too many questions remain about the organization’s ability to maintain a transparent, accountable and properly representative decision-making process. The other major alternative that’s been presented is for the U.S. Government’s role to be transferred to a multi-governmental body such as the International Telecommunications Union (ITU). This is troubling also. While U.S. Government involvement is suboptimal, we don’t think the answer is more government. We detailed our concerns and recommendations in comments to the NTIA submitted earlier this year.

The key now will be working actively to address the issues limiting ICANN from standing on its own. In the meantime the U.S. Government would do well to build on the admirable restraint it has shown as ICANN’s steward by reducing to whatever extent possible its role in the Internet governance process.

On Wednesday, I had the opportunity to participate in a discussion hosted by the National Telecommunications and Information Administration (NTIA) regarding the future of Internet governance, and U.S. involvement in overseeing the global Domain Name System (DNS).

At the heart of the discussion was the question of whether the Internet Corporation for Assigned Names and Numbers (ICANN) has progressed enough in its development to be released from its contractual bond to the U.S. Government. NTIA is expected to renew that contract in September.

If the panelists agreed on anything, it was that simply hosting such a discussion was an extremely positive step for NTIA. Much of the Internet community, in international circles particularly, has grown increasingly dissatisfied with the U.S. government’s special role in global Internet governance. It is in everyone’s best interest to address those tensions.

Just how to do that remains the biggest challenge. Asked point blank whether ICANN was ready to stand on its own without any government involvement, all but one member of my panel (myself included) gave a qualified “no.” But everyone seemed to agree that full privatization should continue to be the ultimate goal.

In our comments to NTIA, we expressed concern that if ICANN were to be released from its ties to the U.S. Government, it remains unclear what mechanisms would be in place to insure that the organization would not simply become subsumed by another government, or captured by corporate interests. We suggest that those questions need to be explored before the U.S. Government considers ending its special relationship with ICANN.

On Friday we filed comments with the National Telecommunications and Information Administration (NTIA) regarding the future of Internet governance. NTIA has weighty issues to consider as it lays a course that will affect the future of the Internet.

Under the current governance structure, the California-based Internet Corporation for Assigned Names and Numbers (ICANN) oversees the global Domain Name System (DNS) under a contract with the US Government. That contract expires in September, and NTIA took the opportunity to ask the public how ICANN is doing, and how close the organization is to being able to stand on its own. When ICANN was created in 1998, the idea was that it would operate under US Government oversight for two years while it established itself on the global stage, and then would become completely autonomous.

That transition has yet to happen, and NTIA asked the public to discuss what steps ICANN still has to take to be able to stand without ties to the US Government. The stakes in the discussion are high. On one hand, the international community is increasingly dissatisfied with the United States playing a special role in Internet management, and that dissatisfaction poses a potentially destabilizing threat. On the other hand, cutting ICANN loose before it is ready could cause major problems.

In our comments, we urge the NTIA to examine what safeguards may need to be put in place to ensure that if and when ICANN does cut its tethers, it is not inadvertently exposed to new dangers in the evolving global environment.

I attended a meeting today sponsored by the National Telecommunications and Information Administration (NTIA) regarding the continuing management of the Internet’s worldwide Domain Name System (DNS).

Right now the nonprofit Internet Corporation for Assigned Names and Numbers (ICANN) manages the DNS under an agreement with NTIA. That agreement expires in September, and the NTIA is soliciting comments on ICANN’s progress and future.

Even for many DC policy wonks, this is dry stuff. Trying to get people in the broader Internet community to pay attention to it is even tougher. But boring or not, the future of ICANN is inexorably tied to the future of the Internet itself. Members of the Internet community have a duty to contribute substantively to this discussion. So drink a cup of coffee and take a look at the NTIA document. Comments are due July 7.