[arin-ppml] ARIN board accountability to network operators (was: RE: [arin-discuss] Term Limit Proposal)

David Huberman David.Huberman at microsoft.com
Thu Mar 27 03:37:13 EDT 2014


Hello,

Thank you again, John, for a very clear and concise reply.

I have changed the subject line, so as to fork this theme away 
from the very specific term limits discussion, and to pivot it to
what I believe may (again: MAY) be the true problem that exists.
I sincerely apologize in advance for what is a very long email.

I think the true problem may a combination of:
- the reality of how network operators are participating 
in ARIN; and
- the brand new risks which the ARIN corporate governance 
model now presents to the network operator community in 
light of the United States Government's announcement of 
its plans to relinquish its oversight role; and in turn
- the question of whether the American Registry for Internet
Numbers Ltd., as currently incorporated in the Commonwealth
of Virginia, is serving the network operator community in an 
accountable manner.
 
Allow me to explain.

Point 1. - "low participation"

In a recent NANOG-L thread, Randy Bush (copied here) began a 
discussion on the very low participation rates that ARIN is currently 
suffering from.  In that thread, some statistics were provided by
ARIN which highlight that only 17% of the network operators
(mostly companies, a few individuals, some governments) who
are the registrants of IPv4 address space in the ARIN region are
members with voting rights.  

Furthermore, a disturbing reality which many of us know exists 
was highlighted by you: participation in the policy making process 
(the PDP) is down to 30-50 people or thereabouts. As Randy 
notes, 15 of them enjoy travel expenses paid for by ARIN for their 
presence at internet governance fora, including attendance at 
the ARIN meetings.   Succinctly, the number of network operators 
actively participating in the PDP is frighteningly low, and thus 
ARIN as an administrative body with a mission of multi-stakeholder, 
bottoms-up participation, could be judged as modestly failing.

There have been many good effort made recently by ARIN to
fix this, including the good idea to have a PPC at NANOG.  But
I have witnessed a few of these, and I think it's fair to say these
are failing, too.  The participants are mostly the same people who
attend the ARIN PPM.  The network operators ARIN is trying
to engage are opting to not attend or participate in the PPCs.
(The lack of participation at the PPC in Phoenix was especially
troubling to me.)

Point 2. - "USG is leaving the nest"

For the first time in ARIN's history, the ARIN Board is fully and
completely in charge of its destiny.  I submit that for the past
15 years since ARIN's establishment, the Board has been 
accountable in a very real way to the oversight of the United
States Government ("USG").  What do I mean?

Ponder, if you will, a hypothetical.

An ARIN Board finds 4 votes to direct ARIN's CEO to purge all 
non-RSA-covered registrations out of Whois.  As a consequence,
ARIN stops providing inverse mapping for these delegation
points. This action causes material harm to untold numbers of
networks throughout the world.  The afflicted operators seek
remedy in the courts, and ARIN is bankrupted because of its
willful negligence. (A thousand pardons if I'm not quite using the
right legal terms. The technical parts of the hypothetical are
accurate, in my opinion.)

Today if the Board tried this, the dissenting members or the
ARIN CEO or even the ARIN staff charged with carrying out this
order, can stop this from happening with a single email that
reaches USG.  As Ray Plzak once taught me, never underestimate
the awesome power of the USG.  NTIA and DoC would, today, stop
such an action dead in its tracks. 

Today  the Board is accountable for its actions not only by virtue
of elections and recalls, but because there is an emergency lever 
to pull if things get ugly. Tomorrow, that lever will not be there. 
The buck will truly stop at the Board's doorstep.

Part 3. - "the board isn't sufficiently accountable"

The first two parts ("low participation" and "USG is leaving the
nest") neatly form the crux of the problem:

- the ARIN board, under its current bylaws, may not be 
sufficiently accountable to the network operator community 
it is supposed to be serving.

In the hypothetical above where the Board wipes out inverse
mappings for most of the north American internet, the
community of network operators do not have a strong 
enough lever to stop malfeasance before ARIN does 
irreparable harm.  And because the operator community
is clearly NOT participating in significant numbers, the
problem is worse than the hypothetical lays out.

So how do we solve this?  How do we increase participation
so it is actually statistically significant? How do we develop
mechanisms to ensure the elected ARIN Board is accountable
for its actions? How do we ensure we elect really, really good
Board members?

I don't have great answers to offer yet.  Wiser and smarter
heads than mine must be put to this task, I think.  I really
hope that we can find a way to open up ARIN participation
in a meaningful way, and not fall back on the argument that
we have a structure and people choose not to participate
and that's on them.  I hope we can conduct this task openly
and transparently, and not assign a committee of three
BOARD members to solve the problem.

With regards,
David

David R Huberman
Microsoft Corporation
Senior IT/OPS Program Manager (GFS)

-----Original Message-----
From: John Curran [mailto:jcurran at arin.net] 
Sent: Wednesday, March 26, 2014 11:37 PM
To: David Huberman
Cc: arin-ppml at arin.net
Subject: Re: [arin-ppml] [arin-discuss] Term Limit Proposal

On Mar 27, 2014, at 2:06 PM, David Huberman <David.Huberman at microsoft.com> wrote:

> John,
> 
> Thank you for your speedy and helpful reply.
> 
> I will note you close your email with the implication that a desire by the participants of ARIN's public fora to alter the Board's bylaws is not a policy development activity.  

That is correct - The ARIN PDP is the process by which policies (for the management of Internet number resources in the ARIN region) are developed by the community. 

> If that is true - if a policy proposal conducted under the auspices of 
> PDP to change the bylaws is out of scope of the PDP (did you imply 
> that?)

I don't imply it - it has always been the case, and is quite specific in the PDP and role of the AC - <https://www.arin.net/policy/pdp.html>

> - then by what mechanism can the public:
> - bring to light an idea for bylaws change;
> - discuss it;

You are doing those items above presently on the public policy mailing list.

> - attempt to substantively judge consensus of the proposed change; and
> - upon judging consensus exists, affect disposition of the change?

The above two points intersect the responsibilities of the ARIN Board of Trustees; discussion is encouraged both online and at the open microphone forum at the ARIN meetings, but the Board must consider all related aspects (including risk involved and fiduciary duty) when it comes to making such decisions. The ARIN Board has delegated (nearly completely) number resource policy development to the entire community, but the same does not apply to their fiduciary duties in general.

The good news is, the Board is elected by the community, so folks who wish s to serve in that capacity can run and be elected for that purpose.  This is called "representation" and is a very common structure among associations.

> In other words, surely the public, speaking with consensus, can change the Bylaws of the Board without relying on the elected Board members themselves to effect this change, yes?

You probably mean "members" (as opposed to "public") but in either case that is not a capability under ARIN's Bylaws today.  That is is not to say it could not be added in the future if desired (for example, ARIN originally didn't have members or an elected Board; these were added once the organization achieved the appropriate level of operational stability and community support.)

FYI,
/John

John Curran
President and CEO
ARIN




More information about the ARIN-PPML mailing list