 SSAC Review

 Mexico City

 05 March 09

 >>DENNIS JENNINGS:  Okay.  Are we ready to go?

 All right.  It's 8:00.

 My name is Dennis Jennings.  I'm a board member and I'm chair of the
ICANN SSAC review working group.  I'm going to ask Marco to introduce
the topic by outlining where we are at this point on the SSAC review. 
Marco.

 >>MARCO LORENZONI:  Good morning, everyone.  And just very briefly, I
would like -- no, no.  I look -- it looks like better.  Very briefly,
the activities that have been conducted so far, we hired JAS
Communications, LLC -- they are here, Jeff Schmidt and Bill Yang -- in
October 2008.  They came to the Cairo meeting to conduct the first
introduce, and the task was to carry out the external independent
organizational review of SSAC.

 They delivered their final report the 16th of February, 2009.  Before
the delivery of this report, there have been a number of interactions
with the working group that is in charge of overseeing and steering the
review process, so there were some intermediate reports and' these were
discussed with the working group.

 A public comment period will be open immediately after the report
finalization.  Very likely, the working group will require consultants
to finalize their report by correcting some typos or some factual
mistakes or something like that, and it is our intention to open the
public comment as soon as possible, immediately after the delivery of
the final report.

 If we have a look in terms of time line, the draft independent review
has been published, as I say, the 16th of February.  It is being
presented today at the Mexico meeting.  By end of March, we would like
to have the final, final version of the report in order to open
immediately the public comment.  Then the working group will proceed to
the preparation of an interim report that should be available before
Sydney in order to be presented at the Sydney meeting, and another
public comment will follow on this.

 Finally, after public comments on this interim report, a draft final
report will be prepared by the working group, containing
recommendations for the board of directors for implementation of the
different actions, and this will be once more open for public comments
and we target to arrive to the final version of the working group
report immediately after the Seoul meeting.

 Now I would like to pass the floor to Jeff and to Bill for a
presentation of their report, of their draft report -- sorry.  Steve
Crocker.

 >>STEVE CROCKER:  Just a quick question to both you and to Dennis as
chair of the working group.  I'm glad you have that up there.

 There's an exquisitely important moment that is of interest to me.

 The draft -- the final report is somewhere after Seoul, as I
understand it.  Where is the point on this in which the decisions are
firm and are taken that then leads into the implementation?

 >>MARCO LORENZONI:  Seoul.

 >>DENNIS JENNINGS:  I understand it will be at Seoul, Steve.

 >>STEVE CROCKER:  Thank you.

 >>DENNIS JENNINGS:  And before we -- before we go to Jeff and Bill,
just to remind everybody that members of the SSAC working group are
myself as chair, Suzanne Woolf, who is with us across the table --
Suzanne -- Reinhard Scholl, who was a board member, and Rob Blokzijl
who is well-known in the technical community as a gruff, direct, and no-
nonsense man and his inputs and Reinhard's have been very important to
the working group.  We have quite a number of comments.  Marco is
working through them.  And that's why what's published is the
reviewer's report.  We have some feedback to give to the reviewers.

 So Jeff and Bill, over to you.

 >>JEFF SCHMIDT:  Is that working?  Here we go.  Thank you and good
morning.

 Thanks for clustering down at this end this morning, and getting out
of bed early and recovering from the free tequila last night.

 I'm not going to go through this slide.  It was covered.  But the key
thing that I want to touch on is that the initial draft that is out is
a draft.  We are responsible for one more rev based on feedback from
the working group and from continued feedback from the community.

 It is ongoing, and that may be provided either to us or to the
working group after today.

 We're to have a final draft to the working group by the end of the
month, and then the process continues from there.

 All right.  So let's talk a little bit about the methodology that we
used for this study.  We were very cautious in getting into this about
producing a report that, you know, was the result of Bill, Dan, and I
staring into our navels for several months and theorizing about things.
It was very important to find a way to collect both qualitative and
quantitative data, and so thus the two-pronged approach with the
interviews, the written feedback, and then also the survey instrument.

 We had 57 distinct individuals respond in one way or another.  Some
of those were anonymous, so theoretically it might not be 57 distinct
individuals, but...

 The -- we had written, you know, kind of unstructured qualitative
feedback from 40 folks and then approximately 22 on the survey results.
Each question kind of had a different N value, based on some people
chose not to answer specific questions.

 The importance of the survey and the quantitative was to double-check
our observations through the qualitative process.  So while 22 is not a
big number, when you compare 22 to 40 and 22 to 57, what it shows is
that we got the observations right, to the extent that you can measure
in the survey.

 So the -- so what you find is that we have our observations and then
we have the survey backing up our observations.  We would always like
to have a bigger sample size, but this is where we wound up.

 We had a fairly wide solicitation for feedback, including all of the
internal ICANN mailing lists that hit all the ICANN structures.  We
marketed ourselves as doing the review in all of the sessions in Cairo
with all the supporting organizations and advisory committees and
several of the constituency groups within the [audio cutting in and
out] and then referrals, et cetera.

 A couple of kind of ground rules to start, you know, first of all, we
had to presuppose a current ICANN and the current ICANN bylaws.  Thanks.

 You know, this was not a review of the entire universe that is ICANN.
This is a review of the SSAC, you know, given the current ICANN bylaws
and given the current ICANN [audio cutting in and out].  The other
thing to keep in mind when reviewing our recommendations and our
conversation is that not all of our recommendations necessitate a
change in behavior.

 Because this was the first, you know, external review of SSAC we saw
this as an opportunity to set a baseline, and so some of our
recommendations are actually reaffirmations of existing behavior, as
opposed to requiring change.

 So overall, there was actually little controversy overall.  We found
basic agreement through, you know, all of the constituency groups on a
number of items.  We found that there's wide agreement that the work
products are of extremely high quality.  There is wide agreement that
the population of SSAC is what you would have expected of such a group.
The -- you know, the high-quality experts that -- the highest-quality
experts that are available in the community.

 We found that the SSAC is highly tied to the current chair for
historical reasons.  We found that there is a lack of mission clarity
overall, and we'll talk a little bit more about that, a lot more about
that later.

 Inside and outside of SSAC, there's a general lack of clarity of what
they're supposed to be doing, and outside a lack of clarity of what
they are doing.

 The advice is technically focused, and in particular point technical
discussions and point technical solutions, as opposed to, for example,
broader risk management and risk assessment types of issues.

 Particularly for outsiders, we detected two related issues:  A
discomfort around the lack of processes and transparency; and then also
the -- you know, the term that we've started using is "FUD," fear
uncertainty and doubt, around conflicts of interest.  Because conflicts
of interest are not dealt with overtly, that has generated fear,
uncertainty and doubt around that issue.

 The quantitative data that we collected through the survey does
support our qualitative observations on [audio cutting in and out].

 The charter is extremely broad, and it can be read to cover just
about any topic or any activity.  It is subject to interpretation by
individuals on the SSAC as well as individuals outside the SSAC,
management, staff, and everybody interprets it a little differently.

 The -- related to that, the SSAC is not tasked by outside
organizations or entities.  They are self-tasking and they base their
tasking on current events as well as the, you know, interests -- or
topics of interest to individual SSAC members.

 That being said, there are, you know, six task areas in the SSAC
charter, and we found that the SSAC internally, you know, tries very
hard to stay true to the charter as written, and, you know, we found
that during discussion about, you know, whether to engage in a
particular project or research a particular topic, there was discussion
about -- in every instance about whether it fit into the charter and
whether it was part of SSAC's remit.

 The lack of clarity centered around, you know, who does SSAC serve? 
And, you know, we have all of these entities.  The issue about serving
the public and in some cases, you know, being a watchdog organization,
as we call it -- we'll talk more about it in several slides later --
and related is the issue of to what extent is SSAC independent from
ICANN.  And "independent" means, is SSAC a part of ICANN, an organ an
ICANN, a -- you know, an entity that reports up through ICANN, or is it
a more independent, public-facing organization that is not a close part
of the ICANN structure?

 Internal processes.  As we found, you know, there's little formality
to the processes.  The members are added and removed by the board, per
the bylaws, but there does not appear to be a concise membership
strategy and the recommendations are largely rubber-stamped at the
board level based on recommendations by the chair.

 There's not a formal process for filling the leadership positions
within the SSAC.  The tasking, work product release, and use of the
SSAC brand, as we have come to call it, does not have formal processes
associated with it.

 We found that the chair's discretion largely takes care of making
sure that the SSAC stays on track and that decisions get made and
things move forward.

 The SSAC's best communications channels, particularly internally with
ICANN, to the board and to management, have been the chair's personal
relationships and his personal communications with folks.  Particularly
the board.  The board widely reported that the personal communications
were extremely effective and in fact, more effective in communicating
at that level than the work products.

 And as another finding, the Web site particularly meeting minutes and
such, is out of date.

 The environment within SSAC is a, you know, very professional,
collegial environment.  The disagreements are fairly rare, and when
they do happen, they're, you know, resolved through discussion and
determination of an internal majority -- I'm sorry, an informal
majority, not through formal voting processes and such.  The highly
respected and professional nature of the committee as well as the
preexisting relationships have created an environment where conflicts
of interest and confidentiality are not addressed overtly, so you won't
find a confidentiality policy posted publicly, or disclosures handled
overtly.

 So our recommendations fall into several high-level items, and we'll
cover the high-level items here, then drill in.

 The first recommendation is in the reaffirmation category, to
maintain the SSAC as a distinct advisory body to the fiduciary board. 
We talk in the report fairly extensively about the board's role in an
organization like ICANN and the advisory bodies' roles in an
organization like ICANN, but the -- the SSAC plays an important role in
the ICANN ecosystem, and it does support the board's fiduciary role to
manage the organization and it is very clearly providing valuable work
products to the community.

 We have a series of recommendations around increasing formality.  We
are not advocates of formality for the sake of formality.  There are
several very, you know, clear reasons why we think that an increased
level of formality will benefit SSAC.

 First of all, right now SSAC is very, very fortunate to have had the
long and dedicated service of Steve.  But as we point out in the
report, there is, in fact, only one Steve, and in order to make SSAC
sustainable -- in order to make SSAC sustainable, there does need to be
a level of formality to make the organization be able to survive
turnover.

 The other thing to note, again, particularly about Steve is that the
amount of time that Steve has personally been able to put into SSAC
over the years is absolutely inordinate, is -- you know, ICANN and the
community are the better for it, but ICANN cannot and should not assume
that they will be able to find another individual that will be able to
do that in the future.

 So some formality and some process will help make the organization
more sustainable.

 Regarding conflicts of interest, you know, we do not believe that
conflicts of interest have created actual problems in the work
products.  However, we did find that the perception and the FUD around
conflicts is a problem and is dangerous for folks outside of SSAC.  And
so in the typical, you know, "sunlight is the best disinfectant"
approach to conflicts, we're proposing a couple of items to just, you
know, shine some light on that situation and hopefully resolve that
issue fairly -- without a lot of overhead.

 The SSAC brand is a valuable and respected brand.  Particularly in
the technical and the cybercrime communities, SSAC reports are viewed
with a -- you know, a degree of respect, and there is a concern that
the SSAC brand is not protected universally.  And so a sense of -- or
certain areas of formality will help preserve and protect the SSAC brand.

 At the same time, we want to make sure that SSAC can provide a wide
range of opinions and advice on particular items, and related to that,
the lack of process and the lack of formality does open SSAC to
questions about the defensibility of their findings and the
defensibility of their reports and we found that that did happen at one
point in the past, where SSAC's processes were called into question and
we believe that a level of formality, you know, will -- will maintain
the defensibility of these high-quality products.

 There were a couple of controversial topic areas that, you know, we
wanted to hit head-on that didn't, you know, really fall into other
areas of the -- of the analysis other than just clarifications to the
charter.

 The areas where there was disagreement and it's sometimes quite
energetic disagreement have to do with the -- this notion of
"independence" from ICANN, the notion of whether SSAC is the
appropriate organization to audit internal ICANN operations,
particularly root zone management functions, and then this larger
category that we have become -- or we've called the "watchdog
function," where there were folks, both inside and outside of SSAC that
conveyed watchdog-like qualities onto SSAC.

 And so we talk about that here in a couple of slides.

 And then finally, we're recommending an annual planning process for
SSAC.  One of the key common themes, particularly for folks outside of
SSAC, is that they'd like more visibility into what SSAC is doing, and
an annual plan, we want to find a balance there where it's not
debilitating and not, you know, overly consuming, but at the same time
would permit greater cooperation with the growing internal security
presence within ICANN, as well as external organizations would -- would
benefit from increased coordination with SSAC as well.

 The other large topic that was in our mandate to look at was this
question of whether SSAC is properly resourced.  And the way that we
addressed that question is through the annual planning process and
we'll talk a little bit more about that.

 So let's drill into the board advisory committee aspect a little bit.

 There's a basic taxonomy of ICANN bodies that we developed.  There
are representative bodies and there are advisory bodies. 
Representative bodies, the purpose is to represent some group of
stakeholders, and the advisory bodies, they're there to provide advice.

 There are two types of advisory bodies.  There are business or
political-driven advisory bodies and then scientific advisory bodies.

 We note that SSAC is one of precious few scientific advisory bodies
to ICANN and we believe that is very valuable, that is something that
should be preserved, and so while we don't want to take board bodies
lightly, SSAC does have a role at the board level, is providing
valuable advice to the board and to the community and does represent a
unique source of scientific advisory capacity to the organization,
which at the end helps the board with their fiduciary duties to protect
the organization, to represent the public, and such.

 Security and stability is mentioned in the first sentence of Article
1, Section 1 of the ICANN bylaws, and then it's mentioned in the first
sentence of Article 1, Section 2 of the bylaws.

 We believe that that very clearly puts, you know, ICANN largely in
the business of security and stability.

 As such, the role of the board of directors is to hire and compensate
management, and then to keep an eye on the management.  To manage the
management.

 The fact that security and stability are so central to ICANN's
function indicates that having a source of security and stability
advice at the board level is entirely appropriate for this particular
organization.

 The reality that SSAC is an advisory body comprised of volunteers
that are the experts in these fields that are otherwise not available
to ICANN makes them a valuable and relevant source of information and
source of advice to the board that it is not conceivable that ICANN
could obtain through other mechanisms.

 So we find their positioning correct, relevant, and valuable.

 We did look at some other alternatives.  We looked at the possibility
of dismissing -- or disbanding SSAC, particularly with the growth of
the internal security mechanisms within ICANN, for the reasons we just
mentioned.  We dismissed that -- that alternative.

 We found that most advisory bodies comprised of outside expert
volunteers do, in most organizations actually report in to the
management side of the equation, as opposed to the board side of the
equation, and so we looked at whether SSAC should actually report up
into management, as opposed to reporting to the board.  However,
because security and stability is so central to ICANN's very mission
and the valuable data available at the board level does help them
complete their fiduciary duty, we thought that their position as a
board advisory body would be -- would be preferable.

 Also because SSAC does have a public-facing aspect and provides
advice to the public, we thought it more appropriate for them to report
up through the board mechanism as well.

 We also looked at the possibility of combining SSAC and RSSAC and in
fact we synchronized, per Marco, with the RSSAC reviewers and jointly
discussed the opportunity there.  However, we jointly agreed that SSAC
and RSSAC were fundamentally different.  In our taxonomy, SSAC is an
advisory body; RSSAC is a representative body.  And so it didn't make
sense to combine those organizations because they serve different
purposes.

 The specific recommendations around increasing formality, we're
recommending that SSAC address conflicts and confidentiality overtly. 
Again, this is more of a shining sunlight on an issue to prevent it
from becoming a bigger issue than -- you know, than it needs to be.

 We are recommending that they publish a default confidentiality
policy that is publicly visible, that they publish conflict disclosures
for SSAC members, similar to the board, and include dissent and recusal
blocks in each work product.

 We imagine that the dissents and the recusals sections will can empty
in the vast majority of the work products but they should still be
there and they should still say that they were none and that will be
instructive in and of itself.

 The issue of preserving the SSAC brand -- and this comes down to
concerns in the broader community about who speaks for SSAC, when the
SSAC brand is being used and invoked, is that representative of all of
the members, some of the members, a majority of the members, or one
individual.  

 And so because the SSAC brand is valuable and respected and it's in
everyone's best interest to protect that brand, we are recommending
formality around the use of the brand.  And so that would include
voting as a committee prior to the release of work products that
include the SSAC brand.  

 And the process of a vote does introduce some overhead, but, again,
we believe that the overhead that is introduced is minimal compared to
the value that you get out of this particular series of recommendations.

 Increased process transparency will solve a couple of issues.  Again,
there's a general lack of discomfort outside of SSAC and to a certain
extent, inside SSAC about process transparency.  And so creating
formality around appointments, performance, membership mix, removal --

 >>DENNIS JENNINGS:   Jeff, for the record, "lack of discomfort" or
"lack of comfort?"

 >>JEFF SCHMIDT:   "Lack of comfort," I apologize.

 >>DENNIS JENNINGS:   Thank you.

 >>JEFF SCHMIDT:   I haven't had any coffee moments quite yet this
morning, so one -- one on the second to last slide isn't too bad, thank
you.  

 This also includes things like timing publication of meeting minutes
and meeting agendas outside of SSAC, and particularly in the
communities that are consumers of SSAC products, there's not a lot of
visual -- of transparency into where the products come from, what's
coming next, how it got there, et cetera.  

 Again, importantly, too, that transparency will also make the work
products defensible when challenged.  

 There's several recommendations in the paper about the size of the
committee, use of rules, et cetera.  And the -- I think that the tone
in the paper might have come off a little differently than what we
intended there and so I'm going to restate and this will be a series of
reedits that we make in the paper.

 Our objective is to match the rules and the formality with the size
of the committee.  The objective is not to choose some arbitrary number
or to impose, you know, a certain set of rules, but, rather, there's a
sliding scale.  The bigger the committee gets, the harder it is to do
things like achieve quorum, take votes, however, the larger the
committee gets the larger the talent pool and we found the availability
of talent and expertise within SSAC is obviously a critical success
factor.

 So, you know, it's not useful for us to, you know, lay down specific
numbers or specifics other than to state that, you know, we would --
we'll recommend and give some advice to the chair and the future chairs
of SSAC about, you know, managing this balance between the size and the
rules and the formality within SSAC.

 We've also recommended the separation of the chair and the liaison
role.  Right now they are not required to be distinct individuals.  And
historically, they have not been distinct individuals.  However, we
believe that broadening that particular relationship and talent pool is
valuable, as well as the fact that more leadership positions within
SSAC gives more opportunities for relationship-building and other
valuable mechanisms for sharing advice which we found to be the primary
mechanisms that SSAC output is conveyed effectively.  Also, again,
we're all volunteers.  And so separating up the workload in these
leadership positions makes sense.

 All right.  So the delicate issues.  SSAC is a very unique
organization in that it is a board advisory body that has both a public
face and an advisory face to the board.  This is extremely unique in
corporate governance and, in fact, we could not find another example of
it anywhere in any not-for-profit or for-profit entity.  There is an
inherent conflict when you have an advisory body that both has a public
face and has a face to the board.  The issue is, you know, what happens
when these mandates conflict.  The board is -- has a fiduciary
responsibility to protect the organization and to follow the bylaws. 
An advisory body composed of volunteers has no such duty or obligation.

 The public needs for the organization may, in fact, be different than
the board needs for the organization.  And so, you know, recognizing
that there is value in this setup but it is very, you know, delicate by
its very definition, our approaches -- or our recommendations is to
clarify direction and communications paths in this particular area. 
Particularly around the visibility into internal ICANN operations,
particularly the root zone management issue.  A very energetic issue
that was unturned or discovered during this process was whether SSAC is
the appropriate body to perform an audit of internal ICANN operations,
particularly the root zone management function.

 So this -- to analyze this issue we went back to basic corporate
governance, the role of the board does include a duty of care to the
organization and part of that duty of care is to manage the management.
And so it is well within the board's responsibility to monitor what's
going on on the management side of the equation to perform audits, to
cause audits to be performed, to ask management to report on certain
items, et cetera.  That is well within the board's duty of care.

 It is not, however, appropriate for a volunteer organization with no
agreements in place around confidentiality, time lines, accountability,
et cetera, to be doing those audits.

 The organization may request the audit, may say, "Hey, you guys
should probably take a look at this."  But at the end of the day it's
up to the board to figure out if they want to perform an audit and who
and how.  That is fundamentally, the board's responsibility as the
fiduciary for the organization.

 That's very closely related to this other, you know, meta question of
is SSAC a watchdog.  A watchdog is a term that we have used.  That term
did not come up verbatim in our research.  However, it basically did. 
The terminology that was used was not at all unclear on this topic.

 The general sense, though, it's this tension between the public-
facing role of SSAC and the internal-facing role of SSAC.  And where we
came out on this, again, is about governance.  The board has a
fiduciary responsibility and a duty of care to watch over the
organization.  An Advisory Committee composed of outside volunteers
does not have a duty of care and a fiduciary duty to look out for the
organization.  SSAC's mechanisms for invoking a watchdog-like power
would be public statements, reports that are, you know, critical of the
organization or other such things which are entirely inappropriate for
a board Advisory Committee.

 The cast of a watchdog role would also have the more important
ramification of destroying the advisory value of SSAC and the
relationships built with management and the board.  So if there's this
fear, this concern that, you know, SSAC is, you know, the shadow
government of ICANN, that will make a very challenging series of
relationships within the board and within management.

 And so we looked at this, again, very clearly from the bylaws.  There
are several mechanisms in place for dispute resolution within ICANN. 
ICANN is, in fact, very carefully constructed to represent the public,
represent other -- you know, the various constituencies and resolve
conflicts in a number of ways.  We actually had a meeting with the
ombudsman yesterday to slid phi our clarity on the dispute resolution
mechanisms.  If individual members of SSAC feel that an issue is not
being handled correctly, you know, there are three mechanisms at which
those issues can be brought to light.  Everything from using the
ombudsman in the informal capacity to the formal board reconsideration
options to the -- what we called the nuclear option, until we learned
about the other nuclear option in consideration yet, the other nuclear
option being removal of the board.  But there is a section 15, I
believe, in the bylaws basically is a dispute resolution mechanism
which triggers international arbitration and that is being used for the
first time right now with the dot XXX thing.  But the Section 15 in the
bylaws basically allows an international arbitration of any ICANN-
related activity, board decision, et cetera.  

 So there are mechanisms in place for dealing with situations where
people don't think that things are going right and SSAC -- it's not
within their scope to be involved in that area.

 We do, of course, recognize here that SSAC members and the
corporations in which they're employed are, of course, free to act in
their individual capacities.  But using the SSAC brand as a platform
for this SSAC -- or for this ICANN watchdog role is not appropriate. 
The annual plan, the intent of the annual plan is several-fold. 
Several to improve internal and external coordination.  Again, we heard
this very loudly from both inside and outside that better visibility
into what SSAC is doing on a medium and long-term basis, you know,
would be valuable.  We recognize, of course, that current events
dictate certain SSAC mechanisms and so it would certainly have to be
possible to deviate from the plan but then be accountable for those
deviations during the next year's planning cycle and review cycle. 
Publishing a, what we've come to call a syllabus or research agenda,
you know, again would help the transparency and help people feel at
ease at what SSAC is doing.  The other thing that an annual plan opens
up is this question of resourcing.  The -- you know, there's a feeling
that SSAC doesn't have all the resources that it requires to do its
job.  But without a clear definition of what its job is it becomes very
difficult to talk about what additional resources would be required. 
And so with an annual planning process it becomes possible to tie
resources to specific projects and resources could be everything from
dollars to head count to more interesting things like potentially
access to confidential data.  So one of the pieces of feedback that we
received that was very enlightening was the fact that SSAC is somewhat
hamstrung with their ability to research particular items because
access to data, you know, may need to be covered by confidentiality
agreements and such.

 We are not in favor of SSAC signing blanket confidentiality
agreements that persist indefinitely.  The entity that they'd be
signing those agreements with is ICANN and there's all kinds of
problems with doing that looking at the membership of SSAC.  

 However, project-specific confidentiality agreements or other
agreements among certain work groups within SSAC for the duration of a
project and for the purpose of a project would be very helpful, we
believe, and would enable them to undertake a different type of project.

 The process of undertaking an annual plan would also reduce the
ongoing planning overhead.  We note that a lot of discussion occurs
within SSAC now about whether they're going to undertake a certain
project or not.  And if that were combined into an annual planning
process synchronized and coordinated then all of that time used over
the course of the year may be better spent.

 And then the accountability side of having an annual plan is at the
end of the year everybody can look back and say okay here is the plan
for the year, here are the resources consumed for the year and (Speaker
off microphone) and here's what we accomplished for it.  We'll note
that in the president's strategic group, the presentation that we sat
in on on Tuesday, there were concepts of an annual planning process for
advisory committees that closely resembled what we were talking about
here so this seems in synch with what's going on in other areas of the
organization paragraph last slide, there is another draft that will be
coming out here, the final, rather, by the end of the month.  We --
here's a list of what we've got in that so far.  We've got a number of
comments that the discussion around SSAC's ongoing role with ICANN
particularly testing, you know, the null hypothesis or whether we
should disband the whole thing needed more discussion.  And so we added
some of that discussion in this presentation here today that does not
appear in the report.  And we will be increasing that discussion as well.

 The methodology, particularly around sample sizes and the
quantitative data needs more clarity and, in addition, the presentation
of the quantitative data in the draft report as it stands now was poor.
And we're going to be refocusing that.

 We've suggested in recommendations soft language around charter
revisions.  We're going to firm up that language and make some specific
suggestions for charter revisions.  And additional discussion -- in
some of the conversations we've had, it doesn't seem like we have
completely conveyed our concept of the annual planning process
effectively and so we're going to add some discussion about that into
the report as well.

 So that's it for me.

 >>DENNIS JENNINGS:   Excellent, Jeff, thank you, very much, thank
you, very much indeed.  Okay, I'd like to open it up for discussion. 
Before we do that, just for the record, it's lack of comfort was the
phrase that Jeff used.  Now, in opening it up for discussion, I'd like
the number of areas covered.  One, are the facts in the report correct,
are they accurate?  Two, is it complete?  And then perhaps we go on to
discuss the recommendations.  Steve?

 >>STEVE CROCKER:   If I might, one clarification I'd like to ask. 
This is a session with the external reviewers here, the working group
will have a base of time, a broad brush of time to work.  SSAC is
obviously here and continues and there's no lack of access to us.  What
is your preference for your purposes of what you want to accomplish in
this session versus more extended kinds of responses that we can
provide over a period of time or through other means?  I'm particularly
conscious that if, given the opportunity, I could occupy the entire
amount of time from here to now in a monologue and a response and that
feels to me inappropriate for me to do.

 >>DENNIS JENNINGS:   I might consider that inappropriate, Steve.  I
think we should take the opportunity of actually having the reviewers
here to ask them questions about the report, its accuracy and
completeness and in particularly the recommendations.  There will be
opportunity to provide input, further input to the process through the
public comment.  But, you know, this is a unique opportunity.  Marco,
do you want to add to that?

 >>MARCO LORENZONI:   Very, very little.  Just reminding that we will
have three public comment periods coming in the future so this is just
the beginning of the discussion.  And a discussion that will continue
over the coming months.  Thank you.

 >>DENNIS JENNINGS:   So, Steve, do you want to take two minutes, or
three minutes?

 >>STEVE CROCKER:   One of the more severe challenges, but I will try
to hold it...

 Certainly there's much in here that is -- that I would concur with
and that I think has been helpful.  And along that line, there are
elements that have been in the background or that we have pursued
intermittently over time and that it's very useful to have this
external stimulus which is, in essence, in line with the kinds of
things that were done.

 Along that line, although we don't have as overt and as formal a
treatment of conflict of interest and confidentiality issues, those
indeed have come up in the past and we have treated them.  They may
have not been as easily accessible and as visible as they could be and
as they should be, but we have taken that seriously in the past.  And I
think that we should in the future.

 I would ask that when those kinds of things are addressed, there is a
countervailing issue which is -- very often those terms in a lot of
bureaucracies are used in a way of subverting or bypassing any ability
to look inside.  So given that ICANN is a -- operates in the public
trust as opposed to for its own interest or for its shareholders,
exactly what it is that is confidential and exactly what constitutes a
conflict of interest as opposed to just using those terms.  Segueing on
to terms, "watchdog" and -- there was a another term -- oh, "shadow
government."  

 So the interesting thing is this:  It's the very unfortunate nature
of being in the security business, and you guys are, and so I know you
share this, that our daily fare is finding out what's wrong with
things.  Obama was on television a while ago saying that the
Republicans were claim -- were complaining that it wasn't a jobs bill,
it was a spending bill.  And his response was, well, what do you think
it is?  I mean, that's the purpose, right?  So it's not that we
necessarily go looking for trouble.  But if trouble is there, there are
a lot of other slogans like speaking truth to power.  That's an area
that I think needs to be explored more carefully.  The analogies that
you've used about being an advisory body to the board and looking for
other analogies, one of the analogies that comes to mind is the
National Academy of Science's reports which are -- have a similar
relationship in that they're paid for by the government and so forth,
but they are intended to be and they speak to the public, but they're
intended to be somewhat independent and not bound as a confidential,
internal report or an audit of the government per se.

 I don't know -- that may be a bit lofty, but that's a different kind
of model to draw from.

 With respect to planning processes, the sad fact is that we're caught
in, as a practical matter, our response times, if you look at it as
kind of an engineering process, is we're not quick enough on anything
to be a immediate response so we're not an incident response mechanism.
And so I would say our minimum response times are on the order of a
month or so.

 On the other hand, our planning horizon isn't long enough to be a
year.  We actually have tried some of that.  We didn't get very far. 
To the extent we get involved in planning is reviewing and commenting
and trying to give inputs to ICANN's planning processes.

 So it's not that I would disagree that it would be nice to have
predictability but we don't actually have any of the supporting
mechanisms like a time horizon or a perspective or a set of things that
allow us to do that so I don't know exactly how to get there except --
so there's a handful of -- of other things.  I think -- I think the
idea of disbanding SSAC ought to be taken a great deal more seriously
as a -- of asking what it is that SSAC does that is not being done or
shouldn't be done by other parts of the organization given that we're
now three times as old, or more, as when SSAC was formed and that the
budget and the growth of other parts of the organization are a great
deal more mature.  So I'll just leave it at that.

 >>DENNIS JENNINGS:   Thank you, Steve.  Jeff, do you want to have a
quick response?

 >>JEFF SCHMIDT:  Quick response. The intent is not to --

 >>DENNIS JENNINGS:   No, no, please clarify for the private meeting
going on here, because I want other views, if there them.

 >>JEFF SCHMIDT:   The issue -- first of all, to clarify, the term
"shadow government" was actually used by a respondent.  "Watchdog" we
made up.  But that's an energetic term, and so I wanted to clarify
that's not something that we used.  

 With respect to the planning process, I think the issue there is that
ICANN overall is getting better about planning and so making sure that
SSAC is integrated into that would be valuable.

 The other issue about disbanding SSAC, I don't see any capability
currently or in the foreseeable future for any other body to do the
work that SSAC has done.  In looking at the reports, looking at the
kind of expertise that is encapsulated within SSAC it is unique on a
global basis.  And -- and, you know, there's -- there's no, you know,
foreseeable alternative, the work is very valuable and so we're going
to talk about that.  But I think that that's -- I -- I feel very
strongly that the work is valuable and that --

 >>BILL YANG:   I also want to point out that there's a distinction --
we've drawn a distinction between the advisory bodies -- between
political advisory bodies and the scientific advisory bodies.  And
there are very, very few bodies that are being driven by science, pure
science, or pure enough science, in ICANN.  ICANN is an ecosystem that
is extremely political.  And I just won the understatement of the year
award.  

 >>SUZANNE WOOLF:  I'm shocked, shocked.

 [ LAUGHTER ]

 >>BILL YANG:   But it's very valuable, even if the actual solution is
not the best technical -- best scientific solution, it's valuable to
get that information out and get that information into the hands of the
board, so that the ultimate decisions are at least flavored by science,
if they're not entirely driven by the science.  And that's what --
we're trying to make sure that we don't lose that.  Because right now
in the organization there's no -- there isn't anything else that does
that.  Maybe the IETF -- there is no other source for things like the
SSAC reports.

 >>DENNIS JENNINGS:   Suzanne, you wanted to come in.

 >>SUZANNE WOOLF:   Sure.  Kind of on the philosophical point, to sort
of take it up a level, because I agree -- we've already spent a lot of
time on this, but I agree, it's key, because which recommendations are
adopted and what it makes sense to do going forward really depends,
frankly, on this point.  

 I think that if you assume that the board's structure and functioning
and existing accountability mechanisms are necessary and sufficient for
the kind of oversight and audit function we're talking about, the
report is exactly right and the recommendations make perfect sense and
SSAC would be kind of a different body and would be composed, frankly,
of different people, as Steve has said.  But there's still a mission
there, there's a clear purpose and point to having it.  

 However, I think if you look around at an ICANN meeting, 90% of what
goes around us and 90% of how ICANN is structured institutionalizes the
opposite assumption about the board and the staff and how all of this
works.  

 Given that, there are a number of bodies with various scopes and
missions that make binding policy for ICANN.  Because that's, you know,
is not appropriately a staff function even with the board oversight in
place.  

 So what we have is a situation where there's a large set of people
and interests that do, in fact, oversee ICANN's operation in -- in much
the way we've been talking about.  But none of them are of the
scientific and technological mission that SSAC has.  So playing a part
in the ecosystem where it's already been determined that outside of the
staff and the board is where some of this stuff lives, I think does
define what SSAC's scope probably needs to be just given the ecosystem,
whether you agree with that set of assumptions or not, the way it works
around here is that ICANN staff and board is assumed to be accountable
and responsible to the outside as well as the traditional corporate
governance.

 >>DENNIS JENNINGS:   George.

 >>GEORGE SADOWSKY:   Thank you.  First of all, I'd like to say I'm
not a member of SSAC and I'm not a security expert, but I'm an
observer, and I hope a semi-intelligent one, at least.  

 A question and a comment:  You used the word "watchdog."  And I had
conceptualized it as a canary in a cold mine.  When there's any
trouble, you get a visual --

 >>DENNIS JENNINGS:   When there's any trouble, Steve falls over?  No,
I don't think so.

 >>GEORGE SADOWSKY:   But I'd like to -- I -- Steve said that SSAC
isn't looking for trouble.  But I'm sure that they're alert to the
possibility of trouble, individually and collectively.  And when they
see that something may be a problem, I would hope that they would do
more than write it down in their logbook and go to bed.  

 The question I have is:  To what extent -- when you say SSAC
shouldn't be a watchdog, to what extent would you see that limiting any
response on the part of the SSAC members collectively or individually
with respect to ICANN or the ICANN board?  

 The second is a comment.  Steve said, quite rightly, that the nature
of the SSAC doesn't allow long-range planning.  You don't know when
you're going to have problems or what they're doing to be.  And I think
that with -- given that, the conclusion that -- because we don't have a
plan, we don't know how many resources or what kind of resources to
give the SSAC is a bit of a copout.  When you were here about, I don't
know, six months ago, nine months ago, I don't remember, I asked the
question to what -- I think, Steve, to how under-resourced do you think
you are in terms of -- in terms of money, in terms of ability to do the
job and I think his response was, I'm not sure I'm putting the right
words in your mouth, Steve, but I think you mentioned a factor of
three.  Given that, what -- would you revise your conclusion regarding
the degree of resources that SSAC needs to do its job?

 >>DENNIS JENNINGS:  Jeff?  Bill?  Do you want to respond directly to
that.

 >>JEFF SCHMIDT:  Was that a question to us?

 So let me restate.  You're asking what level of resourcing do we
think SSAC should have?

 Okay.  So then my question is:  Well, then what do you want them to do?

 >>DENNIS JENNINGS:  I think more subtly it was, given the track
record of work as a predicter of the future, given that the future is
hard to predict, do you think that SSAC has been adequately resourced
in the past as a guide to how it should be resourced in the future. 
George, am I putting words in your mouth?

 >>GEORGE SADOWSKY:  No, that's fine.

 >>DENNIS JENNINGS:  Okay.

 >>JEFF SCHMIDT:  So last year, SSAC released -- I believe the number
is 15 -- work products.  I assume that if we doubled their resources,
they could Release 30 next year.  Is that the right number?  Is that
too few or is that too many?

 >>GEORGE SADOWSKY:  That's a question for Steve and the SSAC.

 >>DENNIS JENNINGS:  I'm not sure that that's the right question. 
Dave, have wanted to come in.

 >>DAVE PISCITELLO:  (Speaker is off microphone).

 >>DENNIS JENNINGS:  Okay.  Rick, please come in.

 >>RICK WESSON:  So my name is Rick Wesson.  I've spent a number of
years on the Security and Stability Committee, and I'm a little shocked
because I didn't know which Security and Stability Committee you guys
reviewed.

 I felt a little bit like this is a public spanking, and I would just
like to have on the record that what the security and stability has
done over a number of years from a pure voluntary effort is enormous,
especially when you look at the amount of change that has occurred on
the network and how those have affected many aspects of science and
technology, and that ICANN is not driven by any of those factors.

 It is the one semblance of science of statistics and some of the best
volunteers that I've ever met given quite selflessly, especially by the
chair, and I didn't hear any of -- and I did come in a few minutes
late, but I didn't hear at all a semblance, a recognition, of that work
and the value and the contribution that the team has put together for
the benefit of the ICANN community.

 Given that, I believe that the -- the measure for the last --

 >>DENNIS JENNINGS:  Sorry to interrupt you, but I think you did come
in late, you said, and I think you did miss the affirmation of the
contribution that SSAC made, and I certainly don't read the report as a
spanking.  But, however, let me -- let me let you continue.

 >>RICK WESSON:  And I was just speaking about the conversation in the
presentation, so not specifically to the report.

 As far as tasking is considered, and measuring whether or not we
could produce a number of reports based on the amount of funding or
resources that are allocated for the Security and Stability Committee,
certainly if there was a budget and the Security and Stability
Committee could then direct resources for producing scientifically
based research, we may be able to turn around some of the multiyear
conversations that we have had that are purely based in anecdotal
[audio cutting in and out].

 I believe that the Security and Stability Committee needs a
significant amount of resources in budget and people, and I do take
some pause when I hear terms like "shadow government."  It's not the
Security and Stability Committee that I participated in.

 >>DENNIS JENNINGS:  Jeff or Bill, would you like to respond to that?

 >>JEFF SCHMIDT:  Just very briefly, the intent obviously is not to
have a public spanking, quote-unquote.  The work that has been done has
been extremely high-quality.  I believe we acknowledged that very
clearly in the paper and in the presentation.  And you have to keep in
mind, too, that the very nature of an external review is somewhat
adversarial, and I mean that, you know, we're supposed to point out
areas where we believe that there's improvement.  So, you know, that
kind of is what it is.

 But as folks in the community, the value of SSAC has not gone
unnoticed and we very clearly received that feedback universally.

 With respect to the resourcing, I don't want our response to that to
sound like a cop-out because it is not.  The question of, you know, are
you adequately resourced is predicated on:  For what purpose?  And in
SSAC's case, the "for what purpose" is not clear, and so if the "for
what purpose" is not clear, then the, you know, "do you have enough
resources" question is -- you cannot answer it.

 We -- I don't believe that we punted on the issue by ending there. 
Our approach to solving that issue is, "Well, let's make a plan and
let's match resources against that plan."

 So, you know, the funding level of SSAC may, in fact, increase by 3X,
you know, if the plan and the research agenda warrants that.

 There's also other kinds of resources than money.  You know, the
concept of bringing on economists or lawyers or other skill sets, you
know, either on a fellow basis, you know, grad student basis or some
other kind of basis is a very interesting topic area that we heard
desire for, and we explored in the paper.

 >>DENNIS JENNINGS:  Thanks, Jeff.  Dave?

 >>DAVE PISCITELLO:  I think one of the interesting aspects of doing
an external review of a largely technical and scientific group of
people is that we are -- you know, we are very analytic thinkers, and
when we see a claim using words like "out of control" or "blind-sided,"
what we look for is quantification, and one of the criticisms that I
made of the review when I was given a look at the draft was, there is
no quantification with respect to whether a statement was a majority-
held view or a minority-held view or an outlier.  And so the natural
reaction from a bunch of scientists is, "Ah, you had 52 people.  Tell
me how many of the 52 people, more or less, really believed this
particular statement to be true."  If it were one person, it's not
necessarily that we dismiss it; it's just that we weigh it a lot
differently than if you told us that this was absolutely the
overwhelming or unanimous opinion of -- you know, of the respondents. 
So I really -- I would encourage you to take a look at the language
that was used in the GNSO fast flux working group in order to represent
the gathering degrees of, you know, agreement with a particular
statement, because I really do think that a number of the ways that you
prevent -- presented information, especially when you use a word like
"overt" tend to have a very, very different weight among a scientific
community than -- you know, than maybe a policy community.  And so that
was the one thing that was sort of disturbing to me from a presentation
standpoint.  And as I said, I really do think that that would merit a
little bit of careful thought because your audience is going to be very
different.

 I also -- I mean, I'd have to support a little bit of what Rick had
said about being a little bit astonished.  Not myself personally,
because I'd spent a lot of time with you, having been staff and been
involved in a lot of the work, but I've heard a number of people,
especially people who perhaps lie outside the number of people that you
interviewed who were quite surprised by the review and picked out the
same sort of issues that Rick and I have mentioned.  Largely because
again, they're scientific or scientists, rather.

 People from the APWG, from ISOI, from other enterprises that read our
documents who are still colleagues of me from my time in private
consulting find great value in what SSAC does, and I know that you
mentioned that, but they were very surprised when they read the review
to see that the community had -- you know, had this perspective, and
some of them said, "Had I only been aware of the opportunity to review,
I would have certainly offered a very different conclusion."

 So one thing you might consider is that the locus of people around
which you built the conclusions might have been a little bit too small.

 >>DENNIS JENNINGS:  Dave, thank you.  I think the working group has
some similar views.  But just to remind you that although the document
has been published, it's not yet out for comment.  It will be out for
comment shortly.  And we'd encourage everybody who feels that they
weren't consulted, for whatever reason, to make sure that they do
comment.

 Jeff, do you want to make any comment on this or should I go to
Thomas?  Thomas, you're next.

 >>THOMAS ROESSLER:  So I'm the technical liaison to the board.  I
have never been in a closed SSAC meeting, but reading your report, the
description of the work mode strikes me as something extremely
familiar.  It's a work style that I've seen in a lot of different
places in the technical community.  I think that perhaps one of the
difficulties in communication that we are seeing here is the result of
the committee using a work style that works, that functions well for
people with a particular technical background, and that may be distinct
from the kind of more corporate work styles that you have in mind but
that might not be something that needs to be fixed.

 That brings me to a more general point about the report.  I
appreciate attention to detail, but I found an awful lot of that in
here.  I think it is important, going forward, to separate a little bit
between detailed questions that I'm sure the current or a future chair
will be able to sort out according to the dynamics in the committee
according to the personalities and styles involved, and the questions
that really matter to the community.  And I think these points get
mixed in the report and I'm concerned, listening to the discussion
here, that this mix is not helping at all.

 So I think going -- my feedback would be:  Be aware that the work
styles are vastly distinct, and that maybe this committee has a work
style that works, that functions.  

 The second point is:  Please try to level up in the recommendations
and please try to really focus on the deep questions that there are. 
And there clearly are some deep questions basically revolving around
how can this thing work as time moves away further from some of the
culture that is here now?  How do you -- what are the risks or --
around, on the one hand, having the watchdog function.  On the other
hand, what are the risks of perhaps being perceived by parts of the
community as the watchdog, but no longer being able to fulfill that
function?  I think there's a lot of very careful weighing that needs to
go on here.  I'd encourage you to look into that more.

 >>DENNIS JENNINGS:  Thank you.  Any other questions?  Comments? 
Contributions?  Suzanne.

 >>SUZANNE WOOLF:  Sure.  Just one more.  The other thing that I'd
like to see the working group review committee do, and that I think --
you know, that we want input on it, there's a real question in my mind,
having now been part of a body being reviewed, part of -- you know,
part of a couple of bodies under review, being part of a board working
group overseeing a review, and just generally watching the process
several times now.  There are real doubts in my mind about the process.
And as you say, outside review is inherently adversarial to some
degree, but there's also room to Question the process that this
document came from.  With great respect for Jeff and Bill's work,
because, you know, you worked within the charge you were given by your
client, and I think you did a very good job within those constraints,
but I think there's room here to question what they were told to do,
what the process looks like, and what will come out of it, and that
feedback is also extremely valuable to ICANN and the community about
how to get a better process.  Because I think the idea of the
independent review is extremely powerful, but we don't have it right yet.

 >>DENNIS JENNINGS:  Thanks, Suzanne.  Steve, would you like another
two minutes?

 >>STEVE CROCKER:  Thank you.  A small detail on process.  These
slides and this transcript will be available?  Question?

 >>DENNIS JENNINGS:  The answer from Marco is yes.

 >>STEVE CROCKER:  Good.  Great.

 One of the biggest surprises to me, just in an objective sense of
"surprise," was the introduction of the term "SSAC brand."  And talking
about conflicts of interest, I obviously have a deeply personal
investment in all of the time that I've put in here, so I don't know
how to untangle my feelings about that from that sort of objective, but
I did have two somewhat contrary -- contrary or contradicting views.

 One is an immediate reaction of, "Oh, that is great!  We have
succeeded in establishing some credibility and that's a strong measure
of success."

 And equally, I had a very queasy feeling.  Structurally, SSAC is an
advisory committee.  It is positioned not with any authority or power
or decision-making.  And I've always taken great comfort in that,
because that gives us the freedom to speak what we want to say, and not
have to be terribly worried.  We have to be worried in a general sense,
but we -- we're not in a position where we're the ones who are going to
make the critical, awful mistake of some sort, because there are
natural checks and balances built in.  The strength of our advice is
dependent upon those who take our advice, not on the fact that we set it.

 And in establishing a brand, it tends to push past the point where
people will read what we say and absorb it, understand it, and evaluate
it, and move to, "Oh, SSAC said it; therefore, it must be so or it must
be followed."

 And that's a -- I take that as a bit of a dangerous position to be
in, and so I'm sensitive from a -- not from a -- not from being
criticized but in terms of how the delicate balance between our role
and the rest of the ecology and establishing a SSAC brand, per se,
shifts that balance.

 And so I'm -- as I say, I'm a little bit ambivalent about it.  Of
course I take great pride in the fact that our work is appreciated and
that it -- and to my surprise, creates the idea of a SSAC brand.  One
of the things that I've noted on the side is that we've been quite
informal about the usual accoutrements of branding.  We haven't had
formal document format processes and we haven't -- and so forth.  All
of which, if I were coming from a marketing and branding perspective. 
We would have done that first.  We would have figured out our
letterhead, we would have figured out our logo and so forth and maybe
gotten around to worrying about content sometime.  And it's been the
opposite, and like that.

 So I -- there's other things that are worth untangling and so forth,
which we can do at length, but I think that's one of the points that I
wanted to put on the table here.

 >>DENNIS JENNINGS:  Thanks, Steve.  Yes.  Rick?

 >>RICK WESSON:  A comment on looking at the recommendations that
you're making, they're essentially optimization functions for a better-
performing Security and Stability Committee.  And as a participant,
thinking about the future and having to work within and live within the
optimization functions that you're recommending, currently ICANN sucks
a forums amount of energy, and many of the functions that you're
suggesting are going to increase that energy suck, and I can say I
don't know how much of a contributor I have been or maybe I shouldn't
be on the Security and Stability Committee.  Those are all certainly up
for discussion.  But I'm not sure that I would want to participate in a
Security and Stability Committee that had all of those optimization
functions.  And I wouldn't want to because I believe that it wouldn't
be as successful if those were all implemented.

 >>JEFF SCHMIDT:  We're very sensitive and very appreciative of that
comment.  The position that we took was to be very careful about
formality and process, and not to introduce formality and process for
the sake of formality and process, because formality and process can
become debilitating.  Particularly for a group of volunteers.

 So that being said, I guess I'd ask for specifics.  You know, are
there specific recommendations?  Is it the planning process?  Is it the
-- you know, the voting around use of a brand?  Is there something
specific that is giving you pause in terms of the time requirements or
the energy sucking that would be -- that would result from a SSAC member?

 >>STEVE CROCKER:  Yeah.  So I was holding back, but on this business
of voting, and with respect to the brand, if you could clarify a couple
of points.  What it is exactly that you have in mind that the committee
would vote on that are so-called voting matters and what motivated all
that.

 And I don't know if the -- if that's exactly the same question, but I
was confused as to apparently there -- you have in mind that there are
decision points about the use of the SSAC brand, and I frankly did not
have a way of translating that into incidents or events that I could
think of exactly, although I suppose I could make up something, but, I
mean, I'd be interested in clarification on it.

 But more on the voting, per se, and let me just toss in:  Like all of
us, we've had a lot of experiences in different kinds of organizations.
One of the sort of operating points in a lot of organizations is not in
the overly contentious realm where you have everybody fighting and you
have a great diversity of opinion and a vote serves as a way of sorting
out whether you have a 51-49 or a 49-51 result, but in a community of,
say, a hundred people, where the vote is 3-2 because five people are
participating and 95 are not, so it's the apathy problem and voting
doesn't -- often isn't where the issue is.

 >>JEFF SCHMIDT:  So there's a very concise problem that the voting
addresses.  Sensitive to Dave's commentary about quantifying, a very
widespread concern inside and outside SSAC was:  When the SSAC brand is
invoked, is it an individual's opinion?  Is it several individuals'
opinions?  Is it the majority of SSAC members?  Is it some subset of
SSAC members?  Et cetera.

 So the question is:  When the SSAC brand is invoked, what does that
mean?  How many people are, you know, supporting that particular
invocation of the SSAC brand?

 And so what we envision there is a very, very simple gate at the end
of a product release cycle, a work product release cycle, where we say,
"Okay, hey, this is going.  Yea or nay?"  That can be done by e-mail,
can be done in a phone call.  Takes, you know, 30 seconds.  The issue
is quorum.  You know, and the -- the size of a committee, you know,
versus the number of contributors.  So that's why you can do things by
e-mail and otherwise.

 >>DENNIS JENNINGS:  Thomas.

 >>THOMAS ROESSLER:  Sticking it to my earlier point about up-leveling
here, I think what you're saying is you wanted to see a documented
decision.

 >>JEFF SCHMIDT:  Yes.

 >>THOMAS ROESSLER:  I don't think what you're saying is there needs
to be a vote.

 >>JEFF SCHMIDT:  A documented decision, as opposed to a vote.

 So the question is:  To what extent is the representation on the SSAC
-- and I'm not sure how you would achieve that without a vote.

 >>DENNIS JENNINGS: Well, I think not being on the SSAC or a technical
expert, I think the problem is that while there may be 50 people
associated with the SSAC, there may be only five experts in the area,
and so when one wants to know that this is a consensus of the five, not
a consensus of the 50, so I think that's an area.  But I'm not here to
comment.  Rick, yes, please.

 >>RICK WESSON:  So fundamentally, I think that there's a misstatement
of how a technical committee, composed of a number of different areas,
all work together to understand a particular problem and create a
consensus document, which I think you used the term as "brand
execution" or something like this.

 The members of the committee -- and I am not trying to speak for all
of them, but this concept of using a brand seems very strange to me. 
What happens is we find the people that are the experts in a particular
topic, they find a consensus position, and that becomes a document. 
And I don't understand how that work is going to be done with a voting
committee and representation.  Those all sound like structures within
the GNSO and other ICANN-familiar kinds of structures, and I am not in
a position to judge whether those structures are functional or working,
but I could say with some certainty if my experience from those
structures were overlaid onto the Security and Stability Committee,
that the work products would not increase in value.

 >>DENNIS JENNINGS:  So Jeff, to be practical, would it be useful to
add a discussion of the working methodology of the committee to
distinguish it from a standards committee where voting and that sort of
thing is appropriate.

 >>JEFF SCHMIDT:  Yeah.  So I think, I mean, this whole line of
discussion, starting with the observation that the technical working
style is -- you know, is distinct and effective, than potentially other
working styles, I think some discussion of this here and in the paper
would be helpful, so I appreciate all the comments on that.

 Let me just say one thing, though.  The thing that the SSAC has to
understand is that the audience for your work products is not entirely
technical, and that there are, you know, business and political
creatures, you know, in your audience that do, you know, think about
things in terms of brand and representation and such.

 >>DENNIS JENNINGS:  Steve.

 >>STEVE CROCKER:  Thank you for that.  So that -- I was going to
offer one comment and -- actually offer two.

 With respect to the processes and the decisions and the
recommendations, if in the next version of your report, if you would
address that from two perspectives.  One is whether there is dissension
or unhappiness within SSAC about the way in which the reports could out
versus or in addition to what the perception is from the outside as to
how to take those things.

 The second is related to the outside perception.  I could imagine
adding a kind of standard caveat or disclaimer that the information and
the recommendations and so forth are intended to be taken and
considered not from the authority of who says it but on the strength of
the reasoning and the content, and so with the specific idea -- and so
I'm just making this up as I go here -- but with the specific idea that
for those nontechnical people -- for managers and for policy people --
that if they get something and they read it, and it says, "You should
do the following," and they're kind of motivated to follow that, that
they pause and they hand it to their technical person to read and
validate.  And so some wording that suggests that that's the way in
which this advice is framed is that it's intended to be considered for
its content, as opposed to its source.  

 >>DENNIS JENNINGS: Thank you Steve.  Now we have another comment or
question below.  Yes.

 >>PATRICK JONES:  Patrick Jones, ICANN staff, and I just wanted to
make an observation that some of the other supporting organizations are
looking at moving away from formal voting and it just seemed curious to
me that you were recommending having some kind of formal voting with an
advisory committee, so I just wanted to raise that as an observation.

 >>DENNIS JENNINGS:  Thank you, Patrick.

 Jeff, can I ask you to illustrate the FUD, the fear, uncertainty and
doubt a little more?  What I am aware of is that there are occasions,
or there have been occasions, when in this intensely political
environment in which we operate, that other parties have been able to
cast uncertainty on a SSAC report by resorting to, "Well, that wasn't a
majority opinion; there were two people conflicted.  They would say
that, wouldn't it."  Et cetera, et cetera, and I think it would be
useful to clarify the political environment in which the SSAC reports
are received.

 >>JEFF SCHMIDT:  Right.  So I believe I used this example on the --
on one of the calls that we had with the SSAC.  When a technical
creature looks at the SSAC Web page and sees the list of people that
are SSAC members, they see a list of names that they probably know,
and, you know, the expertise associated with those names.  When a
business or a political creature goes to that same Web page and sees a
list of names, comma, companies, they don't know or care who the person
is.  They assume that the company is represented on the SSAC through
that person.  And that reality surfaced very widely during our process.
Again, conscious of Dave's quantification.  That is not a minority or
an outlier.  That is a wide perception that companies and corporate
positions are being represented on SSAC.  And absent further sunlight
on that issue, FUD takes over.  People will assume the worst.  And so
that's where our position comes from on that.

 >>DENNIS JENNINGS:  Steve, fittingly, a closing comment.  We're out
of time.

 >>STEVE CROCKER:  Message received.  We intend to take off the
affiliations and to clarify the role forthwith, and we'll deal with that.

 >>DENNIS JENNINGS:  Okay.  We're out of time.  I very much appreciate
the presentation that was given this morning.  I very much appreciate
the people attending here, and the comments and discussion.  Marco, do
you want to say anything?  Oh, yes, indeed.  And of course the
scribers, who as far as I'm concerned walk on water.  I do not know how
you do this thing, and I think it's brilliant.

 [Applause]

 >>DENNIS JENNINGS:  Thank you.