ICANN and its accredited domain name registrars have hit a brick wall in their long-running contract negotiations, after ICANN demanded the right to unilaterally amend the deal in future.
Documents published by ICANN this morning reveal that the two sides have reached agreement on almost all of their previous sticking points — including the extremely thorny issue of Whois verification — but have run into some fundamental, eleventh-hour disagreements.
As we’ve been reporting for the last couple of weeks, the big unresolved issue is ICANN’s unilateral right to amend the Registrar Accreditation Agreement in future, which registrars absolutely hate.
Death of the GNSO? Again?
The text of that proposed change has today been revealed to be identical to the text ICANN wants to insert into the Registry Agreement that all new gTLD registries must sign.
It gives ICANN’s board of directors the right, by two-thirds majority, to make essentially any changes they want to the RA and RAA in future, with minimal justification.
Registrars are just as livid about this as new gTLD applicants are.
The proposed change appears to be one of those introduced last month that ICANN said “[stems] from the call by ICANN’s CEO, Fadi Chehadé, to work to improve the image of the domain industry and to protect registrants”.
Chehadé has been on the road for the last couple of months trying to raise ICANN’s profile in various stakeholder groups in the private and public sectors around the world.
One of the memes he’s impressed upon contracted parties and others is that people don’t trust the domain name industry. Part of ICANN’s solution, it seems, is to grant its board more powers over registries and registrars.
But the Registrars Stakeholder Group reckons unilateral amendments would torpedo the multistakeholder process by emasculating the Generic Names Supporting Organization. It said:
The effect of such a clause in the primary agreements between ICANN and its commercial stakeholders would be devastating to the bottom-up, multi-stakeholder model.
First, it will effectively mean the end of the GNSO’s PDP [Policy Development Process], as the Board will become the central arena for all controversial issues, not the community.
Second, it creates an imbalance of authority in the ICANN model, with no limits on the scope or frequency of unilateral amendments, and no protections for registrars and more important registrants.
That’s the biggest barrier to an agreement right now, and it’s one shared by the entire contracted parties constituency of ICANN. Expect fireworks in Beijing next month.
Friction over new gTLDs
Registrars and registries are also angry about the fact that ICANN wants to force registrars to adopt the 2013 RAA, even if their 2009 or 2001 deals are still active, if they want to sell new gTLDs.
RrSG secretary Michele Neylon of Blacknight told DI today that it looks like ICANN is trying to “drive a wedge” between registrars and registries.
ICANN is trying desperately to stick to its new gTLD program timetable, which will see it start signing Registry Agreements with new gTLD applicants in late April.
But it wants the base RA to include a clause obliging registries to only sell via registrars on the 2013 RAA.
Because the 2013 RAA is not yet finalized, registrars could potentially hold up the approval and delegation of new gTLDs if they don’t quickly agree to the changes ICANN wants.
According to Neylon, the documents released today have been published prematurely; with a little more time agreement could be reached on some of the remaining differences.
Again: expect fireworks in Beijing.
Whois records will be verified
But the new RAA is not all friction.
ICANN and registrars have finally come to agreement on important topics where there was previously sharp divergence.
Registrars have agreed to a new Whois Accuracy Program Specification that is a lot weaker than ICANN had, working from a blueprint laid out by governments and law enforcement agencies, first asked for.
Under the 2013 RAA signed-up registrars will have to start verifying certain elements of the contact information submitted by their registrants.
Notably, there’ll be a challenge-response mechanism for first-time registrants. Registrars will ask their customers to verify their email address or enter a code that has been sent to them via SMS text message or phone.
Note the “or” in that sentence. ICANN and law enforcement wanted registrars to do email “and” phone verification, but ICANN appears to have relented after months of registrars yapping about costs.
In future practice, because email verification is far easier and cheaper to implement, I’d be surprised if phone verification is used in anything but the rarest of cases.
Other data points will also be verified, but only to see that they conform to the correct formats.
Registrars will have to make sure that mailing addresses meet the Universal Postal Union standards, and that phone numbers conform to International Telecommunications Union formatting, for example.
They’ll also have to verify that the street address exists (if they have access to that data) but there will be no obligation to make sure that address and phone number actually belong to the registrant.
Registrants that provide patently false information that fails registrar verification will get 15 days to correct it or face the suspension of their domains.
ICANN wants registrars to also verify their customer records (which are usually different to the Whois records and, anecdotally, more accurate anyway) too, but registrars have so far not agreed to do so.
Taken as a whole, at first reading it’s difficult to see how the new Whois verification spec will do anything to prevent fast-turnover abuse such as phishing, but it may go a small way to help law enforcement investigate longer-term scams such as counterfeit goods sites.
The proposed 2013 RAA, along with more explanatory documents than you could possibly read in a coffee break is now open for public comment, with the reply period closing shortly after the Beijing meeting.