ICANN won’t vote on new gTLDs for another year

Those of you champing at the bit for an opportunity to apply for some more new gTLDs have a longer wait ahead of you than you might have hoped, following a vote of the ICANN board of directors last week.

The board has asked ICANN staff to kick off the latest — but not last — stage of the long-running runway to the next application window, but it will take around 10 months and cost millions.

On September 12, the board gave CEO Göran Marby $9 million from the 2012 round’s war chest and told him to kick off the so-called Operational Design Phase of the New Generic Top-Level Domain Subsequent Procedures Policy Development Process (SubPro).

What this means is that ICANN will take the community-created policy recommendations approved by the GNSO Council in January and try to figure how they specifically could be implemented, before the board decides whether they should be implemented.

The ODP will “assess the potential risks, anticipated costs, resource requirements, timelines, and other matters related to implementation” the board resolution states.

For example, while the SubPro final report calls for an outreach campaign prior to opening the application window, the ODP scoping document (pdf) asks what materials would be needed to be produced and how much they would cost.

The scoping paper comprises dozens and dozens of questions like this, over 15 pages. I started counting them but got bored.

ICANN chair Maarten Botterman said the ODP will provide the board “with relevant materials to facilitate the Board’s determination whether the recommendations are in the best interest of the ICANN community or ICANN”.

While the resolution says the ODP should be completed “within 10 months”, that clock starts ticking when the Marby “initiates” the process, and that does not appear to have happened.

Given that, and ICANN’s habitual tardiness, I’d guess we’re looking at closer to a year before the Org has a document ready to put before the board for consideration.

With all the other stuff that needs to happen following the board’s approval, we’re probably talking about a 2024 application window. That would be 12 years after the last round and 11 years later than the next round was originally promised.

ICANN now has half a billion bucks in the bank after huge pandemic profits

ICANN, the non-profit organization with the limited technical mandate, now has over half a billion dollars in the bank, after the affects of the coronavirus pandemic boosted funding and slashed costs.

The Org ended June 2021 with cash and investments of $521 million, up $40 million over the preceding 12 months.

While some of this gain can be attributed to investment gains, the majority chunk comes from ICANN largely misjudging the length and impact of pandemic-related restrictions.

Expenses were $10 million lower than budget, because all three ICANN meetings during the year were held online, where they cost about half a million bucks a pop, about $3 million lower than in-person gatherings.

ICANN had budgeted for its 2021 meetings to take place face-to-face in venues around the world, but governmental travel restrictions made this impossible.

The Org saved well over half a million dollars in director expenses alone.

On the top half of the financial statement, the numbers also show a failure to predict how much the pandemic would be generally a boon, rather than a burden, to the domain name industry.

ICANN received $142 million in funding during the year, which was $12 million ahead of budget and $1 million more than it received in fiscal 2020.

CTO Conrad quits ICANN

ICANN chief technology officer David Conrad will leave the Org at the end of the month, ICANN said Friday.

No reason was given for the departure, neither was Conrad’s destination, should there be one, disclosed.

He’s been CTO since 2014. Before that, he was a VP there from 2005 to 2010.

He’ll be temporarily replaced by long-time ICANN staffer John Crain, currently chief security, stability, and resiliency officer, while ICANN carries out a formal recruitment drive.

ICANN could get the ball rolling on next new gTLD round this weekend

ICANN may be about to take the next step towards the next round of new gTLD applications at a meeting this Sunday.

On the agenda for the full board of directors is “New gTLD Subsequent Procedures Operational Design Phase (ODP): Scoping Document, Board Resolution, Funding and Next steps”.

But don’t quite hand over all your money to an application consultant just yet — if ICANN approves anything this weekend, it’s just the “Operational Design Phase”.

The ODP is a new piece of procedural red tape for ICANN, coming between approval of a policy by the GNSO Council and approval by the board.

It is does NOT mean the board will approve a subsequent round. It merely means it will ask staff to consider the feasibility of eventually implementing the policy, considering stuff like cost and legality.

CEO Göran Marby recently said the ODP will take more than six months to complete, so we’re not looking at board approval of the next round until second-quarter 2022 at the earliest.

More privacy headaches? UK to withdraw from GDPR

The UK is to craft its own privacy legislation, after Brexit enabled it to extricate itself from the EU’s General Data Protection Regulation, potentially causing headaches for domain name companies.

While it’s still in the very early pre-consultation stages, the government announced today that it wants “to make the country’s data regime even more ambitious, pro-growth and innovation-friendly, while still being underpinned by secure and trustworthy privacy standards.”

The country looks to be heading to a new privacy regime that registries and registrars doing business there will have to comply with, particular with regard to Whois services, in other words.

But it might not be too bad — the government is talking up plans to make “data adequacy” deals with third countries to enable the easy, legal transfer of private data across borders, which is always useful in the context of domain names.

While the UK is no longer in the EU, most EU laws including GDPR were grandfathered in and are still in effect.

Bizarre redactions in Pirate Bay founder’s ICANN registrar ban

ICANN has finally published a complaint from Pirate Bay founder Peter Sunde, who has been banned from owning an accredited registrar, but it’s full of bizarre redactions that serve only to make it look like the Org is hiding something.

You may recall that Sunde said in March that ICANN had rejected his application to have his registrar, Sarek, formally accredited.

He told DI that it happened because ICANN was worried he’d be a “pain in the ass” due to his previous association with the Pirate Bay file-sharing site and his criminal conviction for copyright infringement.

Not long after speaking to us, he filed a formal complaint with ICANN, which ICANN, five months later, published this week.

There’s not much in the complaint (pdf) that we have not already reported, but what’s notable is the amount of unnecessarily redacted text.

ICANN seems chiefly concerned with poorly obfuscating the identity of the staffer with whom Sunde was dealing on, and who ultimately rejected, his accreditation application.

The Org goes to the extent of redacting gender pronouns, so the reader can’t tell whether the person in question is male or female.

But the information that remains unredacted in the very same sentence is more than sufficient to identify the staffer concerned.

I’ve even been on national TV mentioning [NAME REDACTED] that I talked to today, regarding [PRONOUN REDACTED] failure to disclose the 3200 comments that was against the price cap removal of .ORG in [PRONOUN REDACTED] summary report for ICANN regarding the case.

The person who compiled the comment summary on the .org price caps issue, a public document (pdf), was Russ Weinstein, who’s also the guy in charge of registrar accreditation matters.

What possible benefit could be had from obfuscating his identity? And if doing so is so important, why do it in such an incompetent way?

The document also appears to redact the names of Facebook CEO Mark Zuckerberg and Swedish prog-rocker Björn Afzelius, both in the context of well-reported news stories mere seconds away in a search engine.

Reference to Sunde’s own criminal convictions, which are also well-reported and he has never been shy about addressing, also appear to be redacted.

For avoidance of doubt, I’m not saying that ICANN is hiding anything sinister, nor am I saying Sunde’s complaint has merit, but this redaction-happy attitude serves only to make the Org appear less transparent than it really should be.

If these redactions are attempts to hide personally identifiable information under ICANN’s privacy policy, they failed miserably on pretty much every count, even after five months.

This is privacy theater, created by people who don’t know the first thing about privacy.

ICANN has yet to respond Sunde’s complaint.

ICANN cuts the weekend from next public meeting

ICANN has changed the dates for ICANN 72, its 2021 annual general meeting, making it two days shorter.

The old plan was for the meeting to run October 23-28. Now it will be October 25-28.

Basically, this means nobody will have to work at the weekend. October 23 is a Saturday.

The presumably truncated schedule will be published October 4.

ICANN said it made the decision “to support better working hours for attendees and encourage greater participation”.

ICANN 72 came close to having an in-person component in Seattle, but the board of directors decided last month to stick to Zoom due to ongoing pandemic uncertainties.

As Kabul falls, Whois could present a danger to ordinary Afghans

With Afghanistan falling to the Taliban this week, there’s potential danger to .af registrants — both in terms of losing domain services and of Whois being used for possibly deadly reprisals.

At time of writing, it’s been four days since the fall of Kabul. The uneasy truce between NATO and Taliban forces has failed to prevent scenes of chaos at the city’s main airport and the PR machine of so-called “Taliban 2.0” is in full bluster.

The new Taliban is, its spokespeople suggest, more tolerant of western liberal values and more supportive of human rights than its brutal, pre-9/11 incarnation.

Few believe this spin, and there have been multiple reports of 1990s-style oppression, including revenge killings and the suppression of women’s rights, across the country.

With all that in mind, a blog post about .af domain names may seem trivial, but it’s not my intention to trivialize.

I’m as appalled as any right-minded observer by the situation on the ground in Afghanistan and the neglect that led to it. But I believe .af could prove a learning moment in the ongoing conversation about Whois privacy.

The .af ccTLD has been managed since not long after the US-led invasion by the country’s Ministry of Communications and IT as the Afghanistan Network Information Center.

The registry had previously been managed for free from London by NetNames, with an admin contact in Kabul, according to the report of the 2003 IANA redelegation, which happened at a time when Afghanistan was still under a transitional government heavily overseen by the foreign governments behind the invasion.

Domain policy for .af was created in 2002, and it includes provisions for an open, freely available Whois database that is still in effect today.

Domains registered via overseas registrars appear to be benefiting from the impact of the EU’s General Data Protection Regulation, which redacts personal information, but this obviously does not apply in Afghanistan.

This means the names, addresses, phone numbers and email addresses of .af registrants are available for querying via various Whois interfaces, including the registry’s own, which is managed by New Zealand-based back-end CoCCA.

Using a combination of web searches and Whois queries, it is possible to find personally identifiable information of registrants, including names and addresses, at local human rights groups, as well as local news media and technology providers supportive of human rights causes.

If the reports of Taliban fighters conducting house-to-house searches for enemies of the new state are accurate, the easy availability of this personal data could be a serious problem.

To a great extent, this could be a case study in what privacy advocates within the ICANN community are always warning about — public access to Whois data gives oppressive regimes a tool to target their oppression.

And as we have seen this week, oppressive regimes can appear almost literally overnight.

While it seems unlikely there’s anyone from the old Afghan ministry still in control of the registry, I think .af back-end provider CoCCA, as well as Whois aggregators such as DomainTools, should have a long think about whether it’s a good idea to continue to provide open access to .af Whois records at this time.

Fortunately, there doesn’t appear to be a great many .af domains under management. DomainTools reckons it’s under 7,000.

At the other end of the scale of seriousness, overseas .af registrants may also see issues with their names due to the Taliban takeover.

It seems incredible today, but in 2001 a Taliban decree restricted internet access to a single computer at a government ministry. Others in government could apply to use this computer by sending a fax to the relevant minister.

While it seems impossible that such a Draconian restriction could be reintroduced today, it still seems likely that the Taliban will crack down on internet usage to an extent, including introducing morality or residency restrictions to .af regs.

.af is currently open to registrants from anywhere in the world, with no complex restrictions and .com-competitive prices.

Many multinational corporations have registered .af names for their local presence.

The string “af” has in recent years become social media shorthand for “as fuck”, and a small number overseas registrants appear to be using it as a domain hack in that context — type “corrupt.af” into your browser and see what happens.

Others seem to be using .af, where short domains are still available, as shortcuts to their social media profiles.

I don’t believe ICANN will need to get directly involved in this situation. Its Whois query tool does not support .af, and IANA presumably won’t need to get involved in terms of redelegation any more than it would following a general election or a coup d’état.

ICANN director picks for 2021 revealed

ICANN’s Nominating Committee has revealed its three picks for the organization’s board of directors, with one member been swapped out for a newcomer.

Lito Ibarra will be replaced by Edmon Chung, while Danko Jevtović and Tripti Sinha see their seats kept safe for their respective second three-year terms.

Ibarra works for El Salvador’s .sv top-level domain registry and represented the Latin America region on the board. By the time the handover occurs in October, he will have served two of his possible three-year terms.

He’s being replaced by Chung, a long-time industry and ICANN participant perhaps best known as the CEO of DotAsia, which runs .asia. As you might expect, he represents the Asia-Pacific region.

While the appointments clearly alter the regional mix somewhat, they equally clearly do nothing to tilt the gender balance on the male-heavy board, which ICANN has stated is a desirable goal for NomCom.

NomCom also revealed its picks for two members of the GNSO Council, one member of the ccNSO Council and three members of the At-Large Advisory Committee, which include some familiar names.

NomCom said it had 116 applications in total, over half of which came from Africa and Asia-Pac.

For the first time since 2006, ICANN did not disclose the gender mix of the applicants. It’s not clear why.

The full list of successful applicants can be found here.

Over 2,000 attendees for ICANN 73?

Puerto Rico is expecting as many as 2,100 people to show up to ICANN’s public meeting there next year, according to a local report.

A local business publication, NimB, cites Pablo Rodríguez of NIC.pr as saying ICANN 73 could have about 2,100 attendees, bringing as much as $8 million to $10 million to the San Juan economy.

My first thought was that the dollar figure seemed high — it works out to about $5,000 per head — until I realized that most attendees are funded by either ICANN or their company credit cards, and not everyone is as frugal as yours truly.

But then I realized that 2,100 is by far the more surprising number.

Consider that it’s by no means assured that there will be an in-person component to the meeting at all. ICANN is certainly planning for one, but like everyone else the Org is subject to the whims of a microscopic glob of goo.

The plan is for a “hybrid”, a mix of face-to-face and Zoom, with some recognition that there are some parts of the world that will show up with extremely light delegations.

Consider also that the last time ICANN met in San Juan in March, just a couple years ago, the grand total was 1,564 people, 37% of whom hailed from outside the Americas.

With that in mind, 2,100 seems like an incredibly ambitious prediction.