News, views and what I choose to dos

Whistleblowing and ICANN

Category : ICANN, Internet, Internet governance · by May 16th, 2013

A curious email appeared in my inbox this morning. It was titled ‘Concerns at ICANN’, was addressed to the Board, signed ‘A Concerned Employee’, and came through an anonymous Hushmail email account.

Broadly, the email provides, in some detail, this person’s concerns about an influx of management at the domain name system overseer ICANN. It lists nine recent additions to the ICANN staff and highlights their connections to the CEO and COO which range from “former co-worker” to “former neighbor”.

It is widely known that the current CEO and COO worked with one another in the same roles at their previous company. Given the extraordinary complex and fast-moving world that ICANN inhabits, this has been seen by the Internet community as a good thing: a strong personal relationship at the top. But the email argues a significant downside.

“The normal checks and balances that exist between a CEO and COO do not exist at ICANN because of the long standing close and personal relationship between Fadi [Chehade, CEO] and Akram [Atallah, COO],” it states.

It goes on to outline a series of concerns: staff are reluctant to take concerns direct to the CEO; senior hires have not gone through a proper interviewing process; loyalty is valued above competency; groupthink is appearing as a problem.


My first thought on reading it was: so, what’s new?

I worked at ICANN for just under three years and the internal culture was the most corrosive I had ever witnessed.

The Human Resources department had undergone a series of disasters, was in complete disarray, and that fed through to everything else. Staff spent more time on internal politics than they did doing their jobs. A constant sense of suspicion and paranoia both internally and with the external “community” led to lots of smart and talented people exhausting themselves into decision paralysis.

My second thought on reading the email was: why is this in my inbox, why has ICANN still not developed a proper internal system for dealing with such issues? And where is the whistleblower policy?

To ICANN’s credit, it recognized it had problems while I was there and a number of efforts were made to fix the problem. I was a staff liaison on the two most significant: a report by the One World Trust into ICANN’s accountability and transparency; and a large consultation exercise called Improving Institutional Confidence overseen by the ‘President’s Strategy Committee’. Both failed to have much impact.

One of the recommendations of the One World Trust report [pdf] in March 2007 was that ICANN introduce a whistleblower’s policy. The internal culture was so political that it was extremely difficult for anyone to make critical observations. At the same time, the organization provided a bare minimum of external information so the Internet community was increasingly concerned that behind-the-scenes deals and manipulation was rampant.

In reality, few decisions were made that weren’t developed from the copious information and opinion provided by the Internet community. But a “bunker mentality” meant that little useful information was ever shared. What little information did appear was subject to immediate and intense scrutiny.

This whole dynamic created a vicious circle that I spent years in my job trying, and largely failing, to break. The lack of a whistleblower policy only made matters worse. The organization absolutely did not want to hear about internal problems and whenever they did erupt, it went to great lengths to hush it up.

The Beckstorm era

I left ICANN in November 2009, just a few months after a new CEO came on board. The two events were not unrelated. Unfortunately for the organization, Rod Beckstrom made it clear from the very beginning that he was planning to build the entire organization around his own (fragile) ego.

There are a number of extraordinary stories about Beckstrom’s three-year tenure that the ICANN community is just starting to share. But one thing that is clear is that resolving internal disputes grew ever more difficult.

Under the previous CEO, “troublemakers” saw their influence diminish or they were intimidated into acquiescence, but under Beckstrom people were fired or publicly embarrassed. It led to an exodus of staff and an influx of yes-men. The HR department went from bad to worse, and there was still no whistleblower policy.

The issue came to a dramatic head at the ICANN San Francisco meeting in March 2011 when former staffer Maria Farrell used the public forum to launch into an extraordinary attack on the organization.

“There’s a climate of fear stalking the ICANN staff,” she told a packed room. “People are afraid to speak frankly internally in a way to speak unpalatable truths behind closed doors, the sorts of things that need to be discussed to allow the organization to function efficiently. People are afraid of losing their jobs by doing their jobs.” Farrell was met by sustained applause and it marked the end of Rod Beckstrom’s time as CEO.

But why did it take an external person using a public forum to get the issue heard? And where was the whistleblower policy that ICANN had said it would introduce four years earlier?

The missing policy

If you do a search for “whistleblower policy” on ICANN’s website, you’ll find the first item is a information disclosure request from yours truly.

Following Farrell’s public airing of issues, I asked at the next ICANN meeting in Dakar in October 2011 why the organization still had not introduced a whistleblower policy.

The question came during a session on Ethics, which was the result of controversy surrounding ICANN’s former chairman and during which it became clear there was no system of checks and balances internally for the Board or the staff.

ICANN’s General Counsel said in response to my question that such a policy had been in place for some time and staff were made aware of it regularly (in actual fact, it was hidden deep within the organization’s intranet and staff was only informed about its existence at the end of a standard form email from the HR department sent once a year).

ICANN’s new chair backed up the General Counsel’s point: the policy was in place; the Board has been briefed about it; it had been tested; and “we’re in quite good shape”.

So in a subsequent information request, I asked for four things:

1. Could you please provide a copy of the Whistleblower policy
2. Can you state when that policy was put in place, and when staff were informed about it for the first time
3. Can you provide details for how staff are informed of the Whistleblower policy, and how frequently they are informed
4. Can you please provide statistics for how many times the policy has been used each calendar year since it was introduced.

The response [pdf] failed to provide information on any of those four questions. But it did note that the whistleblower policy was actually called “Reporting of Work-Related Concerns to ICANN’s Anonymous Hotline” and staff was currently assessing whether it was able to make “internal employment policies” public.

Fast-forward nearly two years to March 2013 and the second Accountability and Transparency Review Team is asking ICANN’s chair for a copy of the policy. The chair responds that the organization is still looking at whether it can release the information, but that he believes that, yes, it can provide it to the review team.

As of 16 May 2013, this policy has yet to be published. What has appeared however is the email I received earlier today from an employee who clearly feels that the internal mechanisms through which employees can raise concerns are wholly inadequate.

The first paragraph of the email notes: “I am writing anonymously because there is currently a climate of fear among staff and I fear losing my job for discussing my concerns internally.”

So, what to make of all this?

It is of course worth noting that whenever a new CEO comes into an organization there is always a period of churn and upset.

Anyone that has ever gone through the introduction of a new top man will know this experience (I have personally been through it four times). Many times the new guy is there because it has been decided that the organization needs to change. That was undeniably the case with Chehade.

Chehade had no choice but to bring in a new executive team and to do so rapidly. Naturally, he sought out people he had worked with before and knew their abilities and trusted. It is inevitable that this process will create tension and perceptions of favoritism.

The reality is that, yes, of course those with an established relationship with the COO and the CEO will be in a better position to make things happen and influence the way things move. Unfortunately, that’s just a part of life.

But is there any truth to what this anonymous email says? I don’t have the faintest clue. Even if it is, it’s not really anyone’s business except ICANN’s HR department, its executive team and possibly the Board if it is disrupting the proper functioning of the organization.

So why mention the email at all? Why not, as one former ICANN Board member advised me on Twitter, just “hit the delete key”. The simple answer is ICANN history and the fact that I spend years of my own life trying to fix a problem that should never be there in the first place.

It has now been six years since ICANN was told to introduce a whistleblower policy. It has been asked to publish it several times and still has not done so. Clearly this employee feels whatever is there is not adequate and so has taken the extraordinary step of going public with their concerns.

Do the right thing

Don’t make the mistake incidentally of thinking that going public is cowardly. It takes much more courage that simply saying nothing. It is a virtual certainty that this person will now be the focus of an internal investigation and if ICANN’s history is anything to go by, it will not be a very pleasant experience.

Moreover, in a properly functioning organization, these sorts of issues simply do not blow up. There is a very long history of internal dispute resolution and a key job of a human resource department in the modern era is to ensure that internal disputes never reach this point.

The simple reality is that the Human Resources department at ICANN needs a complete overhaul in the same way that many of its other departments have been renewed and refreshed as the organization has grown.

What is the public interest in washing ICANN’s dirty laundry in public? As the organization’s 990 tax form highlighted earlier this week, ICANN is now the recipient of hundreds of millions of dollars from the Internet infrastructure industry.

It is also an organization that is opening up offices across the world, and one that will be overseeing the contracts of hundreds of new companies in just the next year, including many of the largest companies in the world. The organization is about to enter a whole new world of international scrutiny and as it does so it will come under enormous strain internally.

To do that without imploding, ICANN needs a full functioning human resources department; it needs a whistleblower policy that staff is not afraid to use; and most importantly, it needs to view today’s email as a warning sign rather than an attack.

And if it doesn’t

There is a salutary lesson in the Internet world over how things can go wrong if internal systems do not function properly during a period of high pressure.

Nominet is the registry for dot-uk and yesterday the organization was in the courts suing one of its members for defamation. The member in question made and posted a number of videos using quotes from the organization’s CEO, said at a employment tribunal, to highlight contradictions and argue that she should be fired.

That employment tribunal was brought – and won – by Nominet’s former general counsel and head of policy after she was ousted during a very difficult period for the organization.

Under stress and with significant external pressure, the organization’s internal dispute resolution systems broke down and it entered a vicious internal battle in which several Board members resigned, the IT director and Director of policy were pushed out, and the organization was forced through a series of make-or-break votes to radically restructure itself, all the while being threatened with takeover from the UK government.

No one at Nominet will tell you anything other than it was a hugely damaging experience for everyone. Under threat, it lashed out and has now somehow ended up in the position where it is suing a critic for defamation. That may not even be the end of it: other members have commissioned an independent legal opinion and wish to challenge Board members’ positions.

So back to ICANN…

ICANN’s first instinct will be to dismiss the email externally as nothing, and track down the sender internally.

The right thing to do is however to make a big deal of it, use it as an opportunity to address staff concerns and let the outside world know that this is an organization that cares about its people.

And make no effort to track down the sender. In the long history of the world, shooting the messenger has yet to work.


(4) comments

Fact Checker
9 years ago ·

Isn’t it customary for journalists to find some corroboration for anonymous tips? At least a second source with some credibility?

Given your history with ICANN and how you are quick to take shots at individuals who were less than deferential to you as well as the company proper, I find it as likely that you generated the anonymous mail as any other possible insider or outsider sender. Please put more effort into future posts.

Jean-Jacques Subrenat
9 years ago ·

Hello Kieren,

thank you for yet another interesting article, this time on the whistle-blowing function which has eluded proper implementation in ICANN.

This concern was also voiced a few months ago in an ICANN/ALAC (At-Large Advisory Committee) White Paper entitled “Making ICANN Relevant, Responsive and Respected” (R3), drafted by 6 co-authors (Evan Leibovitch, Rinalia Abdul Rahim, Yrjö Länsipuro, Carlton Samuels, XUE Hong, and yours truly).
The last section of this White Paper contains a series of recommendations, following upon the findings in the preceding sections. Thus, under “The Global Public Interest”, the fourth recommendation calls upon ICANN to
“Provide for relevant whistle-blowing (e.g. regarding conflicts of interest), with proper rules protecting both the corporation and prospective whistle-blowers.”

Just to give you an indication of how the members of the ALAC considered R3, I’d like to recall that the ALAC voted unanimously to turn it into an ALAC White Paper, which was then conveyed by the ALAC Chair to the Board Chair, and copied to the CEO. The Board Chair graciously acknowledged receiving the document.

Several months have gone by, and just like you, I’m curious about the attitude of the Board towards the principle of whistle-blowing, whether and when they will take action, and in what guise.

Best regards,


9 years ago ·

@Fact Checker — Calm trolling, but trolling none the less. I did corroborate the details but for all the reasons I go into in this post decided not to go into any detail.

Of course situations like this are personal and frequently subjective. Which is why it is all the more important that there be both impartial policies and impartial individuals trained to carry them out.

That much is clear in your comment about “how you are quick to take shots at individuals who were less than deferential to you as well as the company proper”.

I would of course disagree with you. I took substantial criticism while at ICANN both personally and on behalf of the organization, both internally and externally.

What I did do, which many of the staff did not feel they could, was take a firm stand against the destructive interactions that were prevalent at the time.

Often staff was effectively bullied into silence by members of the community; I was always taught to stand up to bullies. At the same time, I also challenged internal dynamics that meant the community was not kept up-to-date, and questioned processes that were built more around getting something agreed and approved than ensuring broader buy-in.

Anyway, I did not write this whistleblower email, and I doubt very much whether you believe I did either. You’re either going to have to get better at trolling, or enter into a reasoned discourse and give up the pseudonyms. The middle ground’s not very effective.


9 years ago ·

@Jean-Jacques: Has the Board said it will respond to the ALAC paper?

For a long time the Board wouldn’t even recognize it had received ALAC advice (how different from when it receives GAC advice). To be frank though, only in recent years has ALAC advice been any good.

I read the paper you’re referring to. It improved markedly from the early drafts (I assume you were responsible for much of that) and is a useful document. I hope it become a reference point for the future. And I hope the ALAC continues to produce better quality papers.

I do think it’s a shame that some of the recent safeguards suggested by the GAC recently for new gTLDs did not come from the ALAC. I would really like to see the ALAC in future years produce documents as considered, representative and impactful as the GAC’s.

Maybe then you’ll see the Board putting it out to public comment and introducing a rating system for recommendations, as they’ve done with the recent Beijing communique.


Leave a Reply

Your email address will not be published. Required fields are marked *