RE: [ALSC-Forum] Comments on "Direct vs Indirect Elections"

[Bruce Young]

Here my comments on Kent Crispin's "Direct vs Indirect Elections"

>But if a choice is to be made, indirect elections provide much more
>accountability and transparency than direct elections (contrary to the
>claims made by many), and have significant practical advantages as
>well.

Well . . . after the last US Presidential election, I'm not a big fan of
indirect election processes, but we'll see!

>In other words, the report concedes the criticisms, but argues that they
>aren't important, because the elections aren't important, and
>consequently we don't need to judge the elections by very high
>standards.

You misunderstand.  The NAIS report doen't say that ICANN elections are
unimportant.  It says they are LESS important than government elections (I
think everyone can agree with this!). And as such, a less-rigorous security
model is sufficent for them.  This would significantly reduce the cost of
conducting such an election, particularly if online elections are used. And
"less" security doesn't necessary mean poor security.  If the Internet is
secure enough e-commerce, it is secure enough for our use here.  Arguments
otherwise are only brought forward to shoot holes in the only affordable
election model that would allow for elections by Internet users, so they can
justify denying us franchise.

Much has been also made of alleged "irregularities" in the last election.
However, to date no one has made any attempts to follow up on them or even
provide us with anything other than their word that such irregularities
exist. At this point, I imagine few of us are willing to take the current
board's word for it!

>There are a myriad unelected government agencies that make public policy
(eg, the
>National Forest Service in the US);

However, all such agencies serve under the scrutiny of the public and its
directly-elected officials.  Here in the Pacific Northwest, for instance, US
Forest Service policies have regularly been challenged and overturned by
citizen efforts.  ICANN, as an international body, will have no such
restraint inposed on it, which makes it even more critical that we directly
elect those on the board who will speak with our voice.

>They both speak of ICANN as having a broad public policy role, but in fact
the public
>policy in ICANN's purview is tightly constrained and of very limited
>scope -- ICANN has a much more restricted range of policy impact than
>the US Forest Service mentioned above, for example, and probably even
>less than the AMA.

I disagree.  AMA decisions only directly affect the conduct of a single
discipline (medical doctors).  Further, compliance with the AMA's policies
is voluntary.  However ICANN's decisions will potentially effect virtually
every person who logs onto the Internet.  And it can hardly be said that
complying with the rules of an organization that can banish you from the
Internet by taking away your domain name can be deemed voluntary.

>Even when Microsoft engages in monopolistic practices affecting
>millions of people we don't make a public policy issue out of it -- the
>policy is already established in anti-trust law, and that is what is
>being followed.

Not really.  The DoJ deciding *what* to proscecute and against *whom* is
certianly driven by public policy.  And once again, Microsoft has the entire
panoply of the US Government allegedly protecting us from their excess.
ICANN will have no such limitation.

>As far as the UDRP is concerned:
>
>  1) most of the details concerning the DRPs are in fact worked out
>  elsewhere, ie, WIPO;

Only because ICANN chose to cede authority to WIPO.  Besides which, WIPO has
not proved to be a good venue for such disputes, since it usuially sides
with trademark holders, even though good-faith domain name holders might
have prior claim.

>  2) that there be a UDRP was mandated by the USG and not a matter of
choice
>  for ICANN; and

The US constitution puts specific limits on, and mandates certian activities
of, the federal government.  But no one would say that these statuatory
restrictions mean it is unable to set far-reaching public policy!

>  3) from the perspective of "the public" the DRP has in fact *very*
>  limited effect: the number of UDRP cases worldwide is of the same
>  magnitude as the number of people struck by lightning.

Unless, that is, you are one of those put out of business by the WIPO!  A
lightning strike is a poor analogy, because it implies a random act of
vilolence without a perpetrator. This is more like a thief going to court to
have them validate the legitimacy of his theft!

Further, UDRP cases are being treated as case law in many legal venues,
which gives them an effect far beyond any single case WIPO adjudicates.  To
use your example, few are struck by lightning every year, but countless
millions, through a fear of lightning strikes, modify their behavior to
avoid them! Similarly, WIPO UDRP cases, and the fear of losing a domain name
outright that they engender, are prompting frequent settlements where
legitimate domain name holders are caving in to corporate pressure to buy
their domain name out, on the theory that the deck is stacked against them
and something (the buy-out fee) is better than spending significant legal
fees only to have your domain given away by WIPO!

> . . . the ICANN elections were not, and cannot be "properly managed",
>because the infrastructure and technology to support proper management
>doesn't exist.

Sure it does.  Just not with the obsessive level of so-called "security"
detractors seem to demand.  If current technology is good enough to trust
people's credit card numbers to, it's certianly good enough to secure ICANN
At-Large votes.  All methods of voting are vulnerable to fraud, because
there's no such thing as uncrackable security.  What one person can invent
another can circumvent!  If we use the best security reasonably available,
that should be good enough.  And assuming that, online elections are very
doable!

>The base electorate cannot be reliably identified, and therefore,
>accountability through direct elections over the Internet is
>an oxymoron.

This is another non-argument. Anonymity is one of the great strengths of the
Internet, but opponents of Internet voting all seem to have an obsessive
need to be able to hang a street address and legal name on every At-Large
voter!  Why?  Does it really matter if we know who the user named Bonzo
Slasher really is, as long as the same Bonzo Slasher controls his or her
vote by securing his or her PIN?  We need a user's vote, not their life
history!  If Mr. or Ms. Slasher wants to otherwise remain anonymous I can
live with that, as long as they aren't planning to run for a board position!
And their opinions shoulds not be lessened (or denied!) by their desire for
anonymity!

>Also, the scale of the directors election is vastly reduced.  This makes
>the election process used for board elections is open to scrutiny and
>audit to a degree that global direct elections simply cannot manage.

Just because its easier doen't make it better, particulaly when voices are
left unheard!

> . . . indirect elections give opportunity for more people to be elected,
and that in
>itself is an incentive for larger participation.

How do you justify this statement ('cause you didn't!)?

>The "direct decision making power" is at least one level of
>indirection away in any case -- it is the directors who have
>decision-making power, not the electorate.

All the more reason then that we have a voice to choose those speaking on
our behalf!

>The problems with Internet elections are in fact very well known.
>Lauren Weinstein, a noted privacy advocate, Co-Founder of People For
>Internet Responsibility, and moderator of the Privacy Forum, published
>the "PFIR Statement on Internet Voting":

The PFIR reporrt is directed at government elections, which most would agree
require a much higher degree of accountability than we require here for
ICANN At-Large voting.  So concernes noted within it are in many cases not
relevant here.

>Dan Geer is CTO of a firm specializing in Internet security
>applications, and very well-known expert in security and cryptography.
>He says, in a discussion of physical voting booths vs Internet voting:
>
>    Internet voting is anti-democracy and those who cannot bestir
>    themselves to be present upon that day and place which is never a
>    surprise to do that which is the single most precious gift of all
>    the blood of all the liberators can, in a word, shut up.

Dan is one of these "ivory tower" types who has never aparently held a real
job in his life.  We heard from many of them when Oregon was exploring
implementing "vote by mail."  Many working people in the world don't have a
position (or an employer!) that allows them to take time off from their job
to vote.  Many more (like myself!) work a significant distance from their
home, and therefore from their polling place.  Vote by Mail made voting
available to millions of working Oregonians who otherwise would be unable to
vote.  And our last general election, which was the first to allow universal
"vote by mail," had the largest voter turn-out in years, due primarily to
the mail-in ballot.

But more to the point here, no sane person would even consider in-person
voting for ICANN elections, unless doing so solely to use the very
impracticality as an argument against direct elections.

The remainder of your examples all refer to government elections at the
state or federal level.
Once again, what is unacceptable for that venue could possibly be made
acceptable in ours.

>That is, ICANN decided to accept 1500 possibly fraudulent registrations,
>because there was no way to check.

Ah yes!  The notorious 1500 Japanese votes!  These votes should be viewed as
a condemnation of the registration process, not the election!  They were
only signigficant because so few total voters were registered in the first
place, due to a wholly inadequate outreach program, and bizarre registration
rules.  If the millions of users that *should* have been registered had
been, those 1500 votes would have been insignificant statistically!

>In the logs there were also odd entries
>from computers that, on inspection, were using email-to-web gateways to
>register people.

I.e.: you object to others doing a better job at registering people that
INCANN itself did?!

>Note that the logs were huge, and there simply was no way to examine
>more than a tiny fraction of them, so it is probably the case that there
>were many more odd things in the logs.

Really?  Robust log analysys tools are in daily use to mine desired details
from network and Web logs.  I expect lack of desire, rather than lack of
software tools, is the issue here.

>Note also that web logs show a
>dynamic history -- a referral may come from a page that two days later
>no longer exists.  A web page that implemented some kind of election
>fraud would likely disappear immediately after the election . . .

Why assume that any vote that came from one of these Web sites was
fradulent?  And why keep the page up after the election?  Again, we are less
interested in origin of a vote than its uniqueness.  A simple long-number
PIN would ensure that.  And if a US PIN holder wants to exercise his vote
through a Japanese IP address (maybe because he's a US military member
stationed there?!) should we care?  I certianly don't!

>The fact that this geopolitical competition is
>based on what many consider a fundamental misunderstanding of ICANN is
>not really relevant, since that kind of competition does not need a
>rational motive.

So why care about it.  If one faction in a "voting district" does a better
job of selling their candidate, gets the voters out, and gets their
candidate elected, why are we concerned?  That's  democracy in action!  Why
treat it with suspicion when it happens in another part of the world?  Or do
you maybe consider Third World citizens' votes less worthy than your own?