@Charles 9: Wresting power back
"Fair enough. Now tell us how we can wrest the power back from them? What cards can the community still play?"
Setup and use an alternate DNS root zone. It wouldn't be that hard to do technically in collaboration between the existing top level domain authoritative nameserver operators. There would be 2 harder problems:
1. Get those configuring DNS resolvers to point to it in preference to the ICANN root.
2. Decide who manages it and how.
Once enough people are using DNSSEC, a revolutionary consensus would also need include operating system vendors to patch operating systems to accept the new root zone signing key.
There would also be quite a financial stream available for such from the domain registrars, who would clearly have to be part of any revolutionary consensus if they are not to have to pay cuts from domain fees to 2 root zone operators during a protracted competition between 2 root providers.