ICANN attendance soars but “females” stay away

ICANN attendees identifying themselves as female plummeted to 20% of the total at ICANN 63, even as overall attendance rocketed.

According to just-published stats from ICANN, 2,639 people checked in at the Barcelona venue for the late-October meeting.

That compares favorably to the Abu Dhabi meeting a year earlier, which saw 1,929 participants show up, to the last European meeting, Copenhagen in March last year, where there were 2,089 attendees, and to the last European AGM, 2015’s Dublin meeting with its 2,395 people.

Oddly, the number of people self-declaring their femaleness was down hugely. It reliably hovers around the 33% mark usually, but in Barcelona it was down to one in five.

The number of “males” was also down, from 59% in Abu Dhabi to 53% in at 63.

It seems very likely that the gender balance has not substantially changed, but that fewer people are ticking the gender box when they sign up.

The number of participants who chose not to disclose their gender was 27%, up from 10% in Abu Dhabi, 11% at ICANN 61 and 14% at ICANN 62.

There were wide regional differences in gender balance.

There were 1,440 attendees from Europe in Barcelona, more than half the total, and 28% of them did not disclose their gender. That number was just 8% among North Americans and 9% for Africans.

I’m at a loss to explain why the number of undeclareds would see such a sharp increase — did ICANN change how it gathers gender data this time around, or are people, women in particular, becoming more reticent to disclose their gender?

Perhaps Europeans registering on-site, where perhaps the gender option was easier to ignore on the terminals, tilted the balance? I’m speculating.

In other stats, it seems the number of sessions and session-hours is (thankfully) on the decline.

There were 338 session at 63, down from 407 a year ago, and the number of hours was down by 100, from 696 to 596.

The numbers also show a strong bias towards sessions involving the Governmental Advisory Committee when it comes to attendance, but that’s probably due to the GAC being so bloody big compared to other groups.

All this, and more additional statistics than anyone could possibly ever find useful, can be found here.

Amazon countries fighting back against .amazon gTLD

When ICANN’s board of directors voted in late October to let Amazon have its controversial .amazon gTLD, it was not entirely clear what governments in the Amazon region of South America thought about it.

Now, it is: they’re pissed.

The governments of the Amazon Cooperation Treaty Organization have cancelled planned peace talks with the retailer and ICANN boss Goran Marby and have filed an appeal against the board’s decision.

It even seems that the negotiations — aimed at obtaining ACTO’s blessing by stuffing the .amazon registry agreement with cultural safeguards and augmenting it with financial sweeteners — may be dead before they even started.

The rapid deterioration of the relationship between ACTO and ICANN plays out in a series of letters between Marby and ACTO secretary general Jacqueline Mendoza, published last week by ICANN.

After the board’s October 25 resolution, which gave .amazon a pardon from its longstanding “Will Not Proceed” death sentence, it took just 10 days for ACTO to file a Request for Reconsideration with ICANN, asking the board to rethink its resolution.

In a cover letter to the November 5 request, Mendoza said that ACTO was still happy to have Marby facilitate talks between the governments and Amazon, “to develop a mutually acceptable solution for the delegation” of .amazon.

Amazon is said to have offered concessions such as the protection of culturally sensitive names, along with $5 million worth of free Kindles, in order to get ACTO to back down.

But the governments had yet to see any proposal from Amazon for them to consider, Mendoza wrote a month ago.

At some point Marby then agreed to meet with the ACTO governments — Bolivia, Brazil, Colombia, Ecuador, Guyana, Peru, Suriname and Venezuela — in Bolivia on November 29.

He froze their reconsideration request pending this meeting, according to his November 20 letter (pdf), which also bulletted out the sequence of events that led to the ICANN resolution.

It seems ICANN has been working rather closely with, and had been hearing encouraging noises from, Brazil’s Governmental Advisory Committee representative, over the last 12 months. Indeed, it seems it was Brazil that said the reconsideration should be put on hold, pending the November 29 meeting.

But on November 22, Mendoza cancelled the summit (pdf), taking a hard line against the unfreezing of the applications.

Four days later, she told Marby and ICANN chair Cherine Chalaby that ICANN should be dealing with ACTO, not its individual members.

She said that a “positive reaction” to the reconsideration request and the request for the board resolution to be “cancelled” are “indispensable pre-requisites for such a meeting to take place”.

The short version: ICANN jumped the gun when it unfroze the .amazon gTLD applications, at least in ACTO’s view.

ACTO didn’t even receive Amazon’s latest proposal until November 23, the day after the talks were cancelled, according to ICANN.

And, judging by the latest missive in this infuriating thread, ICANN may have thrown in the towel already.

Marby informed GAC chair Manal Ismail (pdf) last Wednesday that the “facilitation process” ICANN had resolved to lead “has been unsuccessful” and “has not been able to reach its desired conclusion.”

While he added ICANN remains “open to assist and facilitate this matter, should it be considered useful”, there’s otherwise an air of finality about the choice of language in his letter.

As for the reconsideration request (pdf), it seems to be still active, so there’s a chance for the board to change its mind about .amazon’s status.

It will be interesting to see whether the request will be approved by the board for the sake of political expediency.

Reconsideration requests are almost unfailingly tossed out for failing to reach the threshold of providing the board with information it was not aware of at the time of its contested resolution.

In this case, ACTO claims that the board was wrongly informed that the ACTO members had seen and liked Amazon’s latest proposal, presumably because ICANN had been feeling positive vibes from Brazil.

It’s not impossible that the board might agree this is true, put .amazon back on ice, and try again at the “facilitation” route.

But should it? Part of me wonders why the hell ICANN resources — that is, registrants’ money — should be diverted to pay for ICANN to act as an unpaid lobbyist for one of the world’s wealthiest companies, which can’t seem to actually put a proposal on the table in a timely fashion, or for eight national governments who don’t seem to be even talking to each other on an issue they claim is of the utmost importance.

First chance to have your say on the future of Whois

RIP: the Whois Admin.

Standard Whois output is set to get slimmed down further under newly published policy proposals.

The community working group looking at post-GDPR Whois has decided that the Admin Contact is no longer necessary, so it’s likely to get scrapped next year.

This is among several recommendations of the Expedited Policy Development Process working group on Whois, which published its initial report for public comment late Wednesday.

As expected, the report stops short of addressing the key question of how third-parties such as intellectual property interests, domain investors, security researchers and the media could get streamlined access to private Whois data.

Indeed, despite over 5,000 person-hours of teleconferences and face-to-face meetings and about 1,000 mailing list messages since work began in early August, the EPDP’s 50 members have yet to reach consensus on many areas of debate.

What they have reached is “tentative agreement” on 22 recommendations on how to bring current ICANN Whois policy into line with EU privacy law, the General Data Protection Regulation.

The work is designed to replace the current Temporary Specification, a Band-Aid imposed by the ICANN board of directors, which is due to expire next May.

The EPDP initial report proposes a few significant changes to what data is collected and publicly displayed by the Whois system.

The most notable change is the complete elimination of the Admin Contact fields.

Currently, Whois contains contact information for the registrant, admin contact and technical contact. It’s often the same data replicated across all three records, and under the Temp Spec the large majority of the data is redacted.

Under the EPDP’s proposal, the Admin Contact is superfluous and should be abandoned altogether. Not only would it not be displayed, but registrars would not even collect the data.

The Tech Contact is also getting a haircut. Registrars would now only be able to collect name, phone and email address, and it would be optional for the registrant whether to provide this data at all. In any event, all three fields would be redacted from public Whois output.

For the registrant, all contact information except state/province and country would be redacted.

There’s no agreement yet on whether the optional “organization” field would be redacted, but the group has agreed that registrars should provide better guidance to registrants about whether they need to provide that data.

While data on legal persons such as companies is not protected by GDPR, some fear that natural person registrants may just naively type their own name into that box when registering a name, inadvertently revealing their identities to the public.

Those providing Whois output would be obliged, as they are under the Temp Spec, to publish an anonymized email address or web-based contact form to allow users to contact registrants without personal information being disclosed.

That German lawsuit

The recommendation to slash what data is collected could have an impact on ICANN’s lawsuit against Tucows’ German subsidiary, EPAG.

ICANN is suing EPAG after the registrar decided that collecting admin and tech contact info was not compliant with GPDR. It’s been looking, unsuccessfully, for a ruling forcing the company to carry on collecting this data.

Tucows is of the view that if the admin and tech contacts are third parties to the registration agreement, it has no right to collect data about them under the GDPR.

If ICANN’s own community policy development process is siding with Tucows, this could guide ICANN’s future legal strategy, but not, it appears, until it becomes firm consensus policy.

I asked ICANN general counsel John Jeffrey about whether the EPDP’s work could affect the lawsuit during an interview October 5, shortly after it became clear that the admin/tech contact days might be numbered.

“Maybe,” he said. “If it becomes part of the policy we’ll have to assess that. Until there’s a new policy though, what we’re working with is the Temp Spec. The Temp Spec we believe is enforceable, we believe have the legal support for that, and we’ll continue down that path.”

(It might be worth noting that Thomas Rickert, whose law firm represents EPAG in this case, is on the EPDP working group in his capacity of head of domains for German trade group eco. He is, of course, just one of the 31 EPDP members developing these recommendations at any given time.)

IP wheel-spinning

The main reason it’s taken the EPDP so long to reach the initial report stage — the report was originally due during the ICANN 63 Barcelona meeting a month ago — has been the incessant bickering between those advocating for, and opposing, the rights of intellectual property interests to access private Whois data.

EPDP members from the IP Constituency and Business Constituency have been attempting to future-proof the work by getting as many references to IP issues inserted into the recommendations as they can, before the group has turned its attention to addressing them specifically.

But they’ve been opposed every step of the way by the Non-Commercial Stakeholders Group, which is concerned the IP lobby is trying to policy its way around GDPR as it relates to Whois.

Many hours have been consumed by these often-heated debates.

My feeling is that the NCSG has been generally winning, but probably mainly because the working group’s charter forbade discussion about access until other issues had been addressed.

As it stands today, the initial report contains this language in Recommendation #2:

Per the EPDP Team Charter, the EPDP Team is committed to considering a system for Standardized Access to non-public Registration Data once the gating questions in the charter have been answered. This will include addressing questions such as:

• What are the legitimate purposes for third parties to access registration data?

• What are the eligibility criteria for access to non-public Registration data?

• Do those parties/groups consist of different types of third-party requestors?

• What data elements should each user/party have access to?

In this context, amongst others, disclosure in the course of intellectual property infringement and DNS abuse cases will be considered

This is basically a placeholder to assure the IP crowd that their wishes are still on the table for future debate — which I don’t think was ever in any doubt — but even this basic recommendation took hours to agree to.

The EPDP’s final report is due February 1, so it has just 70 days to discuss this hypothetical “Standardized Access” model. That’s assuming it started talks today, which it hasn’t.

It’s just nine weeks if we assume not a lot is going to happen over the Christmas/New Year week (most of the working group come from countries that celebrate these holidays).

For context, it’s taken the working group about 115 days just to get to the position it is in today.

Even if Standardized Access was the only issue being discussed — and it’s not, the group is also simultaneously going to be considering the public comment on its initial report, for starters — this is an absurdly aggressive deadline.

I feel fairly confident in predicting that, come February 1, there will be no agreement on a Standardized Access framework, at least not one that would be close to implementable.

Have your say

All 22 recommendations, along with a long list of questions, have now been put out for public comment.

The working group is keen to point out that all comments should provide rationales, and consider whether what they’re asking for would be GDPR-compliant, so comments along the lines of “Waaah! Whois should be open!” will likely be rapidly filed to the recycle bin.

It’s a big ask, considering that most people have just a slim grasp of what GDPR compliance actually means.

Complicating matters, ICANN is testing out a new way to process public comments this time around.

Instead of sending comments in by email, which has been the norm for two decades, a nine-page Google form has been created. This is intended to make it easier to link comments to specific recommendations. There’s also a Word version of the form that can be emailed.

Given the time constraints, it seems like an odd moment to be testing out new processes, but perhaps it will streamline things as hoped. We’ll see.

ICANN probing Donuts and Tucows over anti-Jewish web site

ICANN is investigating Tucows and Donuts over a web site that hosts antisemitic, white supremacist content.

CEO Goran Marby said in a letter published this week that he has referred a complaint about the web site judas.watch to ICANN’s Compliance department.

The web site in question says it is dedicated to documenting “anti-White traitors, agitators and subversives & highlighting Jewish influence.” It appears to be half database, half blog.

Its method of “highlighting Jewish influence” is possibly the most disturbing part — the site tags people it believes are Jewish with a yellow Star of David, mimicking the way the Nazis identified Jews during the Holocaust.

The site is quite liberal in how it applies these stars, going so far as to label UK Labour Party leader Jeremy Corbyn, who has been fighting off his own allegations of antisemitism for years, as Jewish.

Over 1,600 people and organizations are currently listed. Posts there also seem keen to highlight its subjects’ sexual orientation.

As far as I can tell, there are no direct calls to violence on the site, and the level of what you might call “hate speech” is pretty mild. It publishes the social media handles of its subjects, but I could not find any physical addresses or phone numbers.

The complaint to ICANN (pdf) came from WerteInitiative (“Values Initiative”), which appears to be a small, relatively new Jewish civil society group based in Germany.

WerteInitiative said judas.watch “poses a direct threat to the named persons with unforeseeable consequences for them, and especially so for the identified Jews”.

“We want this site banned from the Internet and ask for your help in doing so: can you help us to find out who behind this page is, so we can get it banned in Germany?” the letter concludes.

The domain has been behind Whois privacy since it was registered in 2014, so the registrant’s name was not public even prior to GDPR.

Marby, in response (pdf), says the complaint “raises a serious issue”.

While he goes to some lengths to explain that ICANN does not have the authority, contractual or otherwise, to demand the suspension of any domain name, he said he has nevertheless referred the complaint to Compliance.

Compliance has already reached out to the organization for more information, Marby said.

He also encouraged WerteInitiative to talk to .watch registry Donuts and judas.watch registrar eNom (owned by Tucows), as well as the hosting company, to see if that could help resolve the issue.

While ICANN is always adamant that it does not venture into content regulation, it strikes me that this exchange shows just what a tightrope it walks.

It comes against the backdrop of controversy over the suspension by GoDaddy of the domain Gab.com, a Twitter clone largely hosting far-right voices that have been banned from other social media platforms.

Kirikos lawyers up after ICANN etiquette fight

Domain investor George Kirikos has hired lawyers to send nastygrams to ICANN after a fight over the rules of etiquette on a working group mailing list.

Kirikos claims there’s a “campaign of intimidation” against him by fellow volunteers who do not agree with his opinions and forthright tone, but that he “has not done anything wrong”.

In response, ICANN CEO Goran Marby this evening revealed that he has assigned his general counsel and new deputy, John Jeffrey, to the case.

Even by ICANN standards, it’s a textbook case of a) manufacturing mountains out of molehills, and b) how it can become almost impossible to communicate like sensible human beings when everyone’s tangled in red tape.

The dispute started back in May, when Kirikos got into a fight with IP lawyer Greg Shatan on the mailing list of the Rights Protection Mechanisms working group.

Both men are volunteers on the group, which seeks to refine ICANN policy protecting trademark owners in gTLDs.

The argument was about the content of a World Intellectual Property Organization web page listing instances of UDRP cases being challenged in court.

Kirikos took a strident tone, to which Shatan took exception.

Shatan then reported Kirikos to the working group’s co-chairs, claiming a breach of the Expected Standards of Behavior — the informal code of conduct designed to prevent every ICANN discussion turning into a flame war and/or bare-knuckle alley fight.

Under GNSO PDP rules, working group volunteers have to agree to abide by the ESB. Group chairs have the ability to kick participants who repeatedly offend.

At this point, the sensible thing to do would have been for Shatan and Kirikos to hug it out and move on.

But this is ICANN.

What actually happened was a pointless procedural back-and-forth between Kirikos, Shatan, and working group chairs Phil Corwin of Verisign and Brian Beckham of WIPO, which resulted in Kirikos hiring two lawyers — Andrew Bernstein of Torys and regular ICANN participant Robin Gross of IP Justice.

It’s believed to be the first time a WG participant has hired counsel over a mailing list argument.

Far too boring to recount here, Corwin’s timeline of events can be found from page 24 of this transcript (pdf) of remarks delivered here in Barcelona during ICANN 63, while the Bernstein/Kirikos timeline can be found here (pdf).

The rub of it is that Kirikos reckons both Corwin and Beckham are biased against him — Beckham because Kirikos voted against his chairship, Corwin because of a similar dispute in a related working group earlier this year — and that the ESB is unenforceable anyway.

According to Bernstein: “Mr. Kirikos has strong concerns that whatever process ICANN purports to operate with respect to Mr. Shatan’s complaint, it will not be fairly or neutrally adjudicated.”

He added that Kirikos had said that “due to the precise language of Section 3.4 of the Working Group Guidelines, Mr. Shatan lacked a basis to initiate any complaint”.

That language allows complaints to be filed if the ESB is “abused”. According to Corwin’s account, Kirikos — well-known as a detail-oriented ICANN critic — reckons the correct term should be “violated”, which rendered the ESB “null and void and unenforceable” in this instance.

Bernstein has since added that the ICANN board of directors never intended the ESB to be anything but voluntary.

The sum of this appears to be that the dispute has had a chilling effect on the RPM working group’s ability to get anything done, consuming much of its co-chairs’ time.

Kirikos lawyering up seems to have compounded this effect.

Now, as ICANN 63 drew to a close this evening, CEO Marby said in a brief prepared statement that the WG’s work has “more or less stalled for the last several months” and that he’s assigned general counsel John Jeffrey to “look into the issues surrounding this matter”.

ICANN “takes the issue very seriously”, he said.

As well it might. The Kirikos/Shatan incident may have been blown waaaaay out of proportion, but at its core is a serious question about civil discourse in ICANN policy-making.

Personally, I hold out hope it’s not too late for everyone to hug it out and move on.

But this is ICANN.