Latest news of the domain name industry

Recent Posts

ICANN flips off governments over Whois privacy

Kevin Murphy, May 8, 2018, Domain Policy

ICANN has formally extended its middle finger to its Governmental Advisory Committee for only the third time, telling the GAC that it cannot comply with its advice on Whois privacy.

It’s triggered a clause in its bylaws used to force both parties to the table for urgent talks, first used when ICANN clashed with the GAC on approving .xxx back in 2010.

The ICANN board of directors has decided that it cannot accept nine of the 10 bulleted items of formal advice on compliance with the General Data Protection Regulation that the GAC provided after its meetings in Puerto Rico in March.

Among that advice is a direction that public Whois records should continue to contain the email address of the registrant after GDPR goes into effect May 25, and that parties with a “legitimate purpose” in Whois data should continue to get access.

Of the 10 pieces of advice, ICANN proposes kicking eight of them down the road to be dealt with at a later date.

It’s given the GAC a face-saving way to back away from these items by clarifying that they refer not to the “interim” Whois model likely to come into effect at the GDPR deadline, but to the “ultimate” model that could come into effect a year later after the ICANN community’s got its shit together.

Attempting to retcon GAC advice is not unusual when ICANN disagrees with its governments, but this time at least it’s being up-front about it.

ICANN chair Cherine Chalaby told GAC chair Manal Ismail:

Reaching a common understanding of the GAC’s advice in relation to the Interim Model (May 25) versus the Ultimate Model would greatly assist the Board’s deliberations on the GAC’s advice.

Of the remaining two items of advice, ICANN agrees with one and proposes immediate talks on the other.

One item, concerning the deployment of a Temporary Policy to enforce a uniform Whois on an emergency basis, ICANN says it can accept immediately. Indeed, the Temporary Policy route we first reported on a month ago now appears to be a done deal.

ICANN has asked the GAC for a teleconference this week to discuss the remaining item, which is:

Ensure continued access to the WHOIS, including non-public data, for users with a legitimate purpose, until the time when the interim WHOIS model is fully operational, on a mandatory basis for all contracted parties;

Basically, the GAC is trying to prevent the juicier bits of Whois from going dark for everyone, including the likes of law enforcement and trademark lawyers, two weeks from now.

The problem here is that while ICANN has tacit agreement from European data protection authorities that a tiered-access, accreditation-based model is probably a good idea, no such system currently exists and until very recently it’s not been something in which ICANN has invested a lot of focus.

A hundred or so members of the ICANN community, led by IP lawyers who won’t take no for an answer, are currently working off-the-books on an interim accreditation model that could feasibly be used, but it is still subject to substantial debate.

In any event, it would be basically impossible for any agreed-upon accreditation solution to be implemented across the industry before May 25.

So ICANN has invoked its bylaws fuck-you powers for only the third time in its history.

The first time was when the GAC opposed .xxx for reasons lost in the mists of time back in 2010. The second was in 2014 when the GAC overstepped its powers and told ICANN to ignore the rest of the community on the issue of Red Cross related domains.

The board resolved at a meeting last Thursday:

the Board has determined that it may take an action that is not consistent or may not be consistent with the GAC’s advice in the San Juan Communiqué concerning the GDPR and ICANN’s proposed Interim GDPR Compliance Model, and hereby initiates the required Board-GAC Bylaws Consultation Process required in such an event. The Board will provide written notice to the GAC to initiate the process as required by the Bylaws Consultation Process.

Chalaby asked Ismail (pdf) for a call this week. I don’t know if that call has yet taken place, but given the short notice I expect it has not.

For the record, here’s the GAC’s GDPR advice from its Puerto Rico communique (pdf).

the GAC advises the ICANN Board to instruct the ICANN Organization to:

i. Ensure that the proposed interim model maintains current WHOIS requirements to the fullest extent possible;

ii. Provide a detailed rationale for the choices made in the interim model, explaining their necessity and proportionality in relation to the legitimate purposes identified;

iii. In particular, reconsider the proposal to hide the registrant email address as this may not be proportionate in view of the significant negative impact on law enforcement, cybersecurity and rights protection;

iv. Distinguish between legal and natural persons, allowing for public access to WHOIS data of legal entities, which are not in the remit of the GDPR;

v. Ensure continued access to the WHOIS, including non-public data, for users with a legitimate purpose, until the time when the interim WHOIS model is fully operational, on a mandatory basis for all contracted parties;

vi. Ensure that limitations in terms of query volume envisaged under an accreditation program balance realistic investigatory crossreferencing needs; and

vii. Ensure confidentiality of WHOIS queries by law enforcement agencies.

b. the GAC advises the ICANN Board to instruct the ICANN Organization to:

i. Complete the interim model as swiftly as possible, taking into account the advice above. Once the model is finalized, the GAC will complement ICANN’s outreach to the Article 29 Working Party, inviting them to provide their views;

ii. Consider the use of Temporary Policies and/or Special Amendments to ICANN’s standard Registry and Registrar contracts to mandate implementation of an interim model and a temporary access mechanism; and

iii. Assist in informing other national governments not represented in the GAC of the opportunity for individual governments, if they wish to do so, to provide information to ICANN on governmental users to ensure continued access to WHOIS.

ICANN blocks 1.5 million domains, including some three-letter names

Kevin Murphy, January 17, 2018, Domain Policy

A million and a half domain names, including many potential valuable three and four-letter strings, have been been given special protection across all gTLDs under a new ICANN policy.

The long-discussed, highly controversial reservation of the names and acronyms of various intergovernmental and non-governmental organizations has become official ICANN Consensus Policy and will be binding on all gTLD registries and registrars from August this year.

The policy gives special protection to (by my count) 1,282 strings in each of the (again, by my count) 1,243 existing gTLDs, as well as future gTLDs. That comes to over 1.5 million domains.

The strings match the names, and sometimes the acronyms and abbreviations, of recognized Intergovernmental Organizations (IGOs) and International Non-Governmental Organizations (INGOs) as well as the International Olympic Committee, Red Cross, Red Crescent and related movements.

These are all organizations whose names are protected by international law but not necessarily by trademarks.

Protected strings run from obscurities such as “europeanbankforreconstructionanddevelopment” and “internationalunionfortheprotectionofnewvarietiesofplants” to “can”, “eco” and “fao”.

All gTLDs, including legacy TLDs such as .com, are affected by the policy.

The full list of protected strings can be found here.

Any of the Red Cross, IOC and IGO strings already registered will remain registered, and registries are obliged to honor renewal and transfer requests. Nobody’s losing their domains, in other words. But if any are deleted, they must be clawed back and reserved by the registry.

The protected organizations must be given the ability to register their reserved matching names should they wish to, the policy states.

Registries will be able to sell the acronyms of protected INGOs, but will have to offer an “INGO Claims Service”, which mirrors the existing Trademark Claims service, in gTLDs that go live in future.

The policy was developed by ICANN’s Generic Names Supporting Organization and approved by the ICANN board of directors all the way back in April 2014 and has been in implementation talks ever since.

It’s the 14th Consensus Policy to be added to ICANN’s statute book since the organization was formed 20 year ago.

Registries and registrars have until August 1 to make sure they’re compliant. Consensus Policies are basically incorporated into their contracts by reference.

Work on IGO/INGO protections is actually still ongoing. There’s a GNSO Policy Development Process on “curative” rights for IGOs and INGOs (think: UDRP) that is fairly close to finishing its work but is currently mired in a mind-numbing process debate.

UPDATE: This post was updated January 17, 2018 to correct the number of reserved strings and to clarify how INGO names are treated by the policy.

GNSO faces off with governments over IGO cybersquatting

Kevin Murphy, January 27, 2017, Domain Policy

A defiant ICANN working group looking at cybersquatting rules for intergovernmental organizations is sticking to its guns in an ongoing face-off with the Governmental Advisory Committee.

In a report published for public comment this week, the GNSO working group recommended that IGOs should be given the right to use the UDRP and URS rights protection mechanisms, despite not being trademark owners.

But the recommendations conflict with the advice of the GAC, which wants ICANN to create entirely new mechanisms to deal with IGO rights.

I explored a lot of the back story of this argument in two posts a few months ago, which I will not rehash here.

The latest development is the publication of the proposed initial report of the GNSO IGO-INGO Access to Curative Rights Protection Mechanisms Initial Report (pdf) for comment.

The WG was tasked with deciding whether changes should be made to UDRP and URS to help protect the names and acronyms of IGOs and INGOs (international non-governmental organizations).

For INGOs, including the special cases of the International Olympic Committee and the Red Cross/Red Crescent, it decided no changes and no new mechanisms are required, concluding:

Many INGOs already have, and do, enforce their trademark rights. There is no perceivable barrier to other INGOs obtaining trademark rights in their names and/or acronyms and subsequently utilizing those rights as the basis for standing in the existing dispute resolution procedures (DRPs) created and offered by ICANN as a faster and lower cost alternative to litigation. For UDRP and URS purposes they have the same standing as any other private party.

The case with IGOs is different, because using UDRP and URS requires complainants to agree that the panel’s decisions can be challenge in court, and IGOs by their nature have a special legal status that allows them to claim jurisdictional immunity.

The WG recommends that these groups should be allowed access to UDRP and URS if they have protection under Article 6ter of the Paris Convention, a longstanding international intellectual property treaty.

This rule would actually extend UDRP and URS to hundreds more IGO names and acronyms than the GAC has requested protection for, which is just a few hundred. WIPO’s 6ter database by contrast currently lists 925 names and 399 abbreviations.

To deal with the jurisdictional immunity problem, the WG report recommends that IGOs should be allowed to file cybersquatting complaints via a third-party “assignee, agent or licensee”.

It further recommends that if an IGO manages to persuade a court it has special jurisdictional immunity, having been sued by a UDRP-losing registrant, that the UDRP decision be either disregarded or sent back to the arbitration for another decision.

The recommendations with regard IGOs are in conflict with the recommendations (pdf) of the so-called “small group” — a collection of governments, IGOs, INGOs and ICANN directors that worked quietly and controversially in parallel with the WG to come up with alternative solutions.

The small group wants ICANN to create separate but “functionally equivalent” copies of the UDRP and URS to deal with cybersquatting on IGO name and acronyms.

These copied processes would be free for IGOs to use and, to account for the immunity issue, would not be founded in trademark law.

The WG recommendations are now open for public comment and are expected to be the subject of some debate at the March ICANN meeting in Copenhagen.

RANT: Governments raise yet another UN threat to ICANN

Kevin Murphy, October 31, 2016, Domain Policy

ICANN’s transition away from US government oversight is not even a month old and the same old bullshit power struggles and existential threats appear to be in play as strongly as ever.

Governments, via the chair of the Governmental Advisory Committee, last week yet again threatened that they could withdraw from ICANN and seek refuge within the UN’s International Telecommunications Union if they don’t get what they want from the rest of the community.

It’s the kind of thing the IANA transition was supposed to minimize, but just weeks later it appears that little has really changed in the rarefied world of ICANN politicking.

Thomas Schneider, GAC chair, said this on a conference call between the ICANN board and the Generic Names Supporting Organization on Thursday:

I’m just urging you about considering what happens if many governments consider that this system does not work. They go to other institutions. If we are not able to defend public interest in this institution we need to go elsewhere, and this is exactly what is happening currently at the ITU Standardization Assembly.

This is a quite explicit threat — if governments don’t like the decisions ICANN makes, they go to the ITU instead.

It’s the same threat that has been made every year or two for pretty much ICANN’s entire history, but it’s also something that the US government removing its formal oversight of ICANN was supposed to help prevent.

So what’s this “public interest” the GAC wants to defend this time around?

It’s protections for the acronyms of intergovernmental organizations (IGOs) in gTLDs, which we blogged about a few weeks ago.

IGOs are bodies ranging from the relatively well-known, such as the World Health Organization or World Intellectual Property Organization, to the obscure, such as the European Conference of Ministers of Transport or the International Tropical Timber Organization.

According to governments, the public interest would be served if the string “itto”, for example, is reserved in every new gTLD, in other words. It’s not known if any government has passed laws protecting this and other IGO strings in their own ccTLDs, but I suspect it’s very unlikely any have.

There are about 230 such IGOs, all of which have acronyms new gTLD registries are currently temporarily banned from selling as domains.

The multi-stakeholder GNSO community is on the verge of coming up with some policy recommendations that would unblock these acronyms from sale and grant the IGOs access to the UDRP and URS mechanisms, allowing them to reclaim or suspend domains maliciously exploiting their “brands”.

The responsible GNSO working group has been coming up with these recommendations for over two years.

While the GAC and IGOs were invited to participate in the WG, and may have even attended a couple of meetings, they decided they’d have a better shot at getting what they wanted by talking directly to the ICANN board outside of the usual workflow.

The WG chair, Phil Corwin of the Internet Commerce Association, recently described IGO/GAC participation as a “near boycott”.

This reluctance to participate in formal ICANN policy-making led to the creation of the so-called “small group”, a secretive ad hoc committee that has come up with an opposing set of recommendations to tackle the same IGO acronym “problem”.

I don’t think it’s too much of a stretch to call the the small group “secretive”. While the GNSO WG’s every member is publicly identified, their every email publicly archived, their every word transcribed and published, ICANN won’t even say who is in the small group.

I asked ICANN for list of its members a couple of weeks ago and this is what I got:

The group is made up of Board representatives from the New gTLD Program Committee (NGPC), primarily, Chris Disspain; the GAC Chair; and representatives from the IGO coalition that first raised the issue with ICANN and some of whom participated in the original PDP on IGO-INGO-Red Cross-IOC protections – these would include the OECD, the UN, UPU, and WIPO.

With the publication two weeks ago of the small group’s recommendations (pdf) — which conflict with the expect GNSO recommendations — the battle lines were drawn for a fight at ICANN 57, which kicks off this week in Hyderabad, India.

Last Thursday, members of the GNSO Council, including WG chair Corwin, met telephonically with GAC chair Schneider, ICANN chair Steve Crocker and board small group lead Disspain to discuss possible ways forward.

What emerged is what Crocker would probably describe as a “knotty” situation. I’d describe it as a “process clusterfuck”, in which almost all the relevant parties appear to believe their hands are tied.

The GNSO Council feels its hands are tied for various reasons.

Council chair James Bladel explained that the GNSO Council doesn’t have the power to even enter substantive talks.

“[The GNSO Council is] not in a position to, or even authorized to, negotiate or compromise PDP recommendations that have been presented to use by a PDP working group and adopted by Council,” he said.

He went on to say that while the GNSO does have the ability to revisit PDPs, to do so would take years and undermine earlier hard-fought consensus and dissuade volunteers from participating in policy making. He said on the call:

By going back and revisiting PDPs we both undermine the work of the community and potentially could create an environment where folks are reluctant to participate in PDPs and just wait until a PDP is concluded and then get engaged at a later stage when they feel that the recommendations are more likely adopted either by the board or reconciled with GAC advice.

He added that contracted parties — registries and registrars — are only obliged to follow consensus policies that have gone through the PDP process.

Crocker and Disspain agreed that the the GAC and the GNSO appear to have their hands tied until the ICANN board makes a decision.

But its hands are also currently tied, because it only has the power to accept or reject GNSO recommendations and/or GAC advice, and it currently has neither before it.

Chair Crocker explained that the board is not able to simply impose any policy it likes — such as the small group recommendations, which have no real legitimacy — it’s limited to either rejecting whatever advice the GAC comes up with, rejecting whatever the GNSO Council approves, or rejecting both.

The GNSO WG hasn’t finished its work, though the GNSO Council is likely to approve it, and the GAC hasn’t considered the small group paper yet, though it is likely to endorse it it.

Crocker suggested that rejecting both might be the best way to get everyone around a table to try to reach consensus.

Indeed, it appears that there is no way, under ICANN’s processes, for these conflicting views to be reconciled formally at this late stage.

WG chair Corwin said that any attempt to start negotiating the issue before the WG has even finished its work should be “rejected out of hand”.

With the GNSO appearing to be putting up complex process barriers to an amicable way forward, GAC chair Schneider repeatedly stated that he was attempting to reach a pragmatic solution to the impasse.

He expressed frustration frequently throughout the call that there does not appear to be a way that the GAC’s wishes can be negotiated into a reality. It’s not even clear who the GAC should be talking to about this, he complained.

He sounds like he’s the sensible one, but remember he’s representing people who stubbornly refused to negotiate in the WG over the last two years.

Finally, he raised the specter of governments running off to the UN/ITU, something that historically has been able to put the willies up those who fully support (and in many cases make their careers out of) the ICANN multistakeholder model.

Here’s a lengthier chunk of what he said, taken from the official meeting transcript:

If it turns out that there’s no way to change something that has come out of the Policy Development Process, because formally this is not possible unless the same people would agree to get together and do the same thing over again, so maybe this is what it takes, that we need to get back or that the same thing needs to be redone with the guidance from the board.

But if then nobody takes responsibility to — in case that everybody agrees that there’s a public interest at stake here that has not been fully, adequately considered, what — so what’s the point of this institution asking governments for advice if there’s no way to actually follow up on that advice in the end?

So I’m asking quite a fundamental question, and I’m just urging you about considering what happens if many governments consider that the system does not work. They go to other institutions. They think we are not able to defend public interest in this institution. We need to go elsewhere. And this is exactly what is happening currently at the ITU Standardization Assembly, where we have discussions about protection of geographic names because — and I’m not saying this is legitimate or not — but because some governments have the feeling that this hasn’t been adequately addressed in the ICANN structure.

I’m really serious about this urge that we all work together to find solutions within ICANN, because the alternative is not necessarily better. And the world is watching what signals we give, and please be aware of that.

The “geographic names” issue that Schneider alludes to here seems to be a proposal (Word .doc) put forward by African countries and under discussion at the ITU’s WTSA 2016 meeting this week.

The proposal calls for governments to get more rights to oppose geographic new gTLD applications more or less arbitrarily.

It emerged not from any failure of ICANN policy — geographic names are already protected at the request of the GAC — but from Africa governments being pissed off that .africa is still on hold because DotConnectAfrica is suing ICANN in a California court and some batty judge granted DCA a restraining order.

It’s not really relevant to the IGO issue, nor especially relevant to the issue of governments failing to influence ICANN policy.

The key takeaway from Schneider’s remarks for me is that, despite assurances that the IANA transition was a way to bring more governments into the ICANN fold rather than seeking solace at the UN, that change of heart is yet to manifest itself.

The “I’m taking my ball and going home” threat seems to be alive and well for now.

If you made it this far but want more, the transcript of the call is here (pdf) and the audio is here (mp3). Good luck.

For only the second time, ICANN tells the GAC to get stuffed

Kevin Murphy, November 3, 2014, Domain Policy

ICANN’s board of directors has decided to formally disagree with its Governmental Advisory Committee for what I believe is only the second time in the organization’s history.

In a letter to new GAC chair Thomas Schneider today, ICANN chair Steve Crocker took issue with the fact that the GAC recently advised the board to cut the GNSO from a policy-making decision.

The letter kick-starts a formal “Consultation Procedure” in which the board and GAC try to reconcile their differences.

It’s only the second time, I believe, that this kind of procedure — which has been alluded to in the ICANN bylaws since the early days of the organization — has been invoked by the board.

The first time was in 2010, when the board initiated a consultation with the GAC when they disagreed about approval of the .xxx gTLD.

It was all a bit slapdash back then, but the procedure has since been formalized somewhat into a seven-step process that Crocker outlined in an attachment to his letter (pdf) today.

The actual substance of the disagreement is a bit “inside baseball”, relating to the long-running (embarrassing, time-wasting) saga over protection for Red Cross/Red Crescent names in new gTLDs.

Back in June at the ICANN 50 public meeting in London, the GAC issued advice stating:

the protections due to the Red Cross and Red Crescent terms and names should not be subjected to, or conditioned upon, a policy development process

A Policy Development Process is the mechanism through which the multi-stakeholder GNSO creates new ICANN policies. Generally, a PDP takes a really long time.

The GNSO had already finished a PDP that granted protection to the names of the Red Cross and Red Crescent in multiple scripts across all new gTLDs, but the GAC suddenly decided earlier this year that it wanted the names of 189 national Red Cross organizations protected too.

And it wasn’t prepared to wait for another PDP to get it.

So, in its haste to get its changing RC/RC demands met by ICANN, the GAC basically told ICANN’s board to ignore the GNSO.

That was obviously totally uncool — a slap in the face for the rest of the ICANN community and a bit of an admission that the GAC doesn’t like to play nicely in a multi-stakeholder context.

But it would also be, Crocker told Schneider today, a violation of ICANN’s bylaws:

The Board has concerns about the advice in the London Communiqué because it appears to be inconsistent with the framework established in the Bylaws granting the GNSO authority to recommend consensus policies to the Board, and the Board to appropriately act upon policies developed through the bottom-up consensus policy developed by the GNSO.

Now that Crocker has formally initiated the Consultation Procedure, the process now calls for a series of written and face-to-face interactions that could last as long as six months.

While the GAC may not be getting the speedy resolution it so wanted, the ICANN board’s New gTLD Program Committee has nevertheless already voted to give the Red Cross and Red Crescent the additional protections the GAC wanted, albeit only on a temporary basis.