The pricey, complex, clusterfuck plan to reopen Whois

After a little more than two years, an ICANN working group has finalized the policy that could allow people to start accessing unredacted Whois records again.

Despite the turnaround time being relatively fast by ICANN standards, the Expedited Policy Development Process group has delivered what could be the most lengthy and complex set of policy recommendations I’ve seen since the policy work on new gTLDs over a decade ago.

Don’t get too excited if you’re itching to get your hands on Whois data once more. It’s a 171-page document containing over a hundred recommendations that’s bound to take ages to implement in full, if it even gets approved in the coming weeks.

I’d be surprised if it’s up and running fully before 2022 at the earliest. If and when the system does eventually come online, don’t expect to get it for free.

It’s already being slammed in multiple quarters, with one constituency saying it could result in a “multi-year-implementation resulting in a system which would effectively be a glorified, overly complex and very expensive ticketing system”.

Trademark owners are livid, saying the proposed policy completely fails to address their needs, and merely entrenches the current system of registrar discretion into formal ICANN policy.

The recommendations describe a proposed system called SSAD, for System for Standardized Access/Disclosure, which would be overseen by ICANN and enforced through its contracts with registries and registrars.

It’s a multi-tiered system involving a few primary functions, wrapped in about a thousand miles of red tape.

First and foremost, you’ve got the Central Gateway Manager. This would either be ICANN, or a company to which ICANN outsources. Either way, ICANN would be responsible for overseeing the function.

The gateway manager’s job is to act as a middleman, accepting Whois data requests from accredited users and forwarding them to registries and registrars for processing.

In order to access the gateway, you’d need to be accredited by an Accreditation Authority. Again, this might be ICANN itself or (more likely) a contractor.

The policy recommendations only envisage one such authority, but it could rely on a multitude of Identity Providers, entities that would be responsible for storing the credentials of users.

It’s possible all of these roles and functions could be bundled up in-house at ICANN, but it appears the far more likely scenario is that there will be a bunch of RFPs coming down the pike for hungry contractors later this year.

But who gets to get accredited?

Anyone with a “legitimate interest or other lawful basis”, it seems. The document is far from prescriptive or proscriptive when it comes to describing possible users.

But the recommendations do give special privileges to governments and government-affiliated entities such as law enforcement, consumer protection bodies and data privacy watchdogs.

For law enforcement agencies, the proposed policy would mandate fully automated processing at the gateway and at the registry/registrar. It sounds like cops would get pretty much instant access to all the Whois data they need.

Requests just the for city field of the record would also be fully automated, for any accredited requestor.

There would be at least three priorities of Whois request under the proposed system.

The first, “Urgent”, would be limited to situations that “pose an imminent threat to life, serious bodily injury, critical infrastructure (online and offline) or child exploitation”. Non-cops could use this method too. Contracted parties would have one business day or three calendar days to respond.

The second would be limited to ICANN-related procedures like UDRP and URS, and registrars would have a maximum of two business days to respond.

The third would encapsulate all other requests, with some priority given to fraud or malware-related requests. Response times here could be a long as 10 days.

I’m trying to keep it simple here, but a lot of the recommendations describe the aforementioned red tape surrounding each stage of the process.

Registrars and registries would be bound to service level agreements, there’d be appeals processes for rejected requests, there’d be logging, audits, reporting, methods to de-accredit users and methods for them to appeal their de-accreditation… basically a shedload of checks and balances.

And who’s going to pay for it all?

ICANN’s latest guesstimate is that SSAD will cost $9 million to build and another $8.9 million annually to operate.

It seems the main burden will be placed on the shoulders of the end-user requestors, which will certainly have to pay for accreditation (which would have to be renewed periodically) and may have to pay per-query too.

Trademark lawyers within the ICANN community are furious about this — not because they have to pay, but because SSAD functionality does “not come close to justifying the costs”.

They’d envisaged a system that would be increasingly automated as time went by, eventually enabling something pretty much like the old way of doing Whois lookups, but say the current proposals preclude that.

It’s also not impossible that the system could lead to higher fees for registrants.

The EPDP group is adamant that domain registrants should not have to pay directly when somebody queries their Whois data, and says the SSAD should be cheaper to run for registrars than the current largely manual system, but acknowledges there’s nothing ICANN can do to stop registrars raising their prices as a result of the proposed policy.

The recommendations say that ICANN should not take a profit from SSAD, but do not discount its contractors from making a fair return from their work.

Prices are, like much else described in this Final Report, still very much TBD. The EPDP working group was given a lot to accomplish in very little time, and there’s a lot of buck-passing going on.

And there’s no guarantee that the policy will even be approved in the short term, given the level of dissent from working group participants.

Before the recommendations become formal Consensus Policy — and therefore binding on all registries and registrars — they first have to be approved by the GNSO Council and then the ICANN board of directors.

The first opportunity for the GNSO Council to vote is at its meeting September 24, but it could be a very tight vote.

For an EPDP to pass, it needs a supermajority vote of the Council, which means a two-thirds majority of both “houses” — the Contracted Parties House (ie, registries and registrars) and the Non-Contracted Parties house — or a 75% approval in one house and a simple majority in the other.

The way things stand, it looks to me like the CPH will very likely vote 100% in favor of the proposal, which means that only seven out of the 13 NCPH members will have to vote in favor of the report in order for it to pass.

The NCPH is made up of six people from the Non-Commercial Stakeholders Group, which generally hold pro-privacy views and have already criticized the report as not going far enough to protect registrants’ data.

Six more NCPH members comprise two members each from the Intellectual Property Constituency, Business Constituency and Internet Service Providers Constituency.

The IPC and BC put their names to a joint minority statement in the Final Report saying that its recommendations:

amount to little more than affirmation of the [pre-EPDP] status quo: the elements of WHOIS data necessary to identify the owners and users of domain names are largely inaccessible to individuals and entities that serve legitimate public and private interests.

I’m chalking those four Council members down as reliable “no” votes, but they’ll need the support of the two ISP guys and the wildcard Nominating Committee appointee in order to bury this policy proposal.

If it does pass the Council, the next and final stage of approval for SSAD would be the ICANN board, probably at ICANN 69 in October.

But then ICANN would actually have to build the damn thing.

This would take many months of implementation and review, then there’d have to be multiple RFP processes to select the companies to write the software and build the infrastructure to run it, who’d then actually have to build and test it.

In the same guesstimate that put a $9 million price tag on the system, ICANN reckoned that it would take a full year for a third party to build and test SSAD. That’s not even taking registrar integration into account.

So, if you’re looking for streamlined Whois access again, you’d best think 2022 at the very earliest, if ever.

If you wish to read the EPDP working group’s Final Report, you can do so here (pdf).

UPDATE: This article originally misstated the date of the next GNSO Council meeting at which this proposal could be considered. It’s not August 20. It’s September 24, which means initial ICANN board consideration is out in October. Add another month to whatever timeline you were hoping for.

ICANN close to becoming $200 million gift-giver

Remember how ICANN raised hundreds of millions of dollars auctioning off new gTLD contracts, with only the vaguest of ideas how to spend the cash? Well, it’s coming pretty close to figuring out where the money goes.

The GNSO Council approved a plan last Thursday that will turn ICANN into a giver of grants, with some $211 million at its initial disposal.

And the plan so far does not exclude ICANN itself for applying to use the funds.

The plan calls for the creation of a new Independent Project Applications Evaluation Panel, which would be charged with deciding whether to approve applications for this auction cash.

Each project would have to fit these criteria:

• Benefit the development, distribution, evolution and structures/projects that support the Internet’s unique identifier systems;
• Benefit capacity building and underserved populations, or;
• Benefit the open and interoperable Internet

Examples given include improving language services, providing PhD scholarships, and supporting TLD registries and registrars in the developing world.

The evaluation panel would be selected “based on their grant-making expertise, ability to demonstrate independence over time, and relevant knowledge.” Diversity would also be considered.

While existing ICANN community members would not be banned from being on the panel, it’s being strongly discouraged. The plan over and over again stresses how there must be rigorous conflict-of-interest rules in place.

What’s less clear right now is what role ICANN will play in the distribution of funds.

The Cross-Community Working Group that came up with the proposal offers three possible mechanisms, but there was no strong consensus on any of them.

The one being pushed, “Mechanism A”, would see ICANN org create a new department — potentially employing as many as 20 new staff — to oversee applications and the evaluation panel.

Mechanism B would see the same department created, but it would work with an existing independent non-profit third party.

Mechanism C would see the function offloaded to a newly created “ICANN Foundation”, but ICANN’s lawyers are not keen on this idea.

The Intellectual Property Constituency was the lone dissenting voice at Thursday’s GNSO Council vote. The IPC says that support for Mechanism A actually came from a minority of CCWG participants, depending on how you count the votes.

It thinks that ICANN should divorce itself as far as possible from the administration of funds, and that not to do so creates the “unreasonable risk” of ICANN being perceived as “self-dealing”.

But as the plan stands, ICANN is free too plunder the auction funds at will anyway. ICANN’s board of directors said as long ago as 2018:

ICANN maintains legal and fiduciary responsibility over the funds, and the directors and officers have an obligation to protect the organization through the use of available resources. In such a case, while ICANN would not be required to apply for the proceeds, the directors and officers would have a fiduciary obligation to use the funds to meet the organization’s obligations.

It already took $36 million from the auction proceeds to rebuild its reserve fund, which had been diminished by ICANN swelling its ranks and failing to predict the success of the new gTLD market.

The CCWG also failed to come to a consensus on whether ICANN or its constituent parts should be banned from formally applying for funds through the program.

Because the plan is a cross-community effort, it needs to be approved by all of ICANN’s supporting organizations and advisory committees before heading to the ICANN board for final approval.

There also looks to be huge amount of decision-making and implementation work to be done before ICANN puts its hand in its pocket for anyone.

ICANN washes its hands of Amazon controversy

ICANN has declined to get involved in the seemingly endless spat between Amazon and the governments representing the Amazonia region of South American.

CEO Göran Marby has written to the head of the Amazon Cooperation Treaty Organization to say that if ACTO still has beef with Amazon after the recent delegation of .amazon, it needs to take it up with Amazon.

ACTO failed to stop ICANN from awarding Amazon its dot-brand gTLD after eight years of controversy, with ICANN usually acting as a mediator in attempts to resolve ACTO’s issues.

But Marby yesterday told Alexandra Moreira: “”With the application process concluded and the Registry Agreement in force, ICANN no longer can serve in a role of facilitating negotiation”.

She’d asked ICANN back in May, shortly before .amazon and its Japanese and Chinese translations hit the root, to bring Amazon back to the table for more talks aimed at getting ACTO more policy power over the gTLDs.

As it stands today, Amazon has some Public Interest Commitments that give ACTO’s eight members the right to block any domains they feel have cultural significance to the region.

Marby told Moreira (pdf) that it’s now up to ACTO to work with Amazon to figure out how that’s going to work in practice, but that ICANN’s not going to get involved.

ICANN still has no clue how coronavirus will affect the domain industry

ICANN is still in the dark about how the coronavirus pandemic is going to affect the domain industry’s fortunes and its own budget, judging by a blog post published overnight by CEO Göran Marby.

In the post, Marby outlined his 10 priorities (six created by himself, four by the ICANN board) for the recently commenced fiscal year, and the impact of the virus is front and center.

Notably, it appears that ICANN is thinking about creating a new department or hiring a new senior “economist” to track the domain market and forecast trends.

Bullet #6 on Marby’s list is:

Develop a plan for the potential economist function within ICANN org to follow and evaluate Domain Name System (DNS) market trends.

Background: I’ve heard the question asked, “Is the DNS market changing?” My answer is yes, probably. The questions we need to ask now are, what’s good for the end user, and what will be bad?

My read on this is that we might be looking at a new VP — an astrologer-in-chief, if you like — whose job it would be to read the tea leaves, stare into a crystal ball, rummage through pigeon guts, and predict budget-affecting market moves before they happen.

That’s a function currently occupied by the office of CFO Xavier Calvez, but his track record is spotty, having in previous years failed to predict basic stuff like junk drops in the new gTLD space.

Another of Marby’s goals, set by the board, is:

Develop and implement a plan to ensure continued financial stability in a world affected by COVID-19.

Background: While ICANN’s financial situation is sound at the moment, the impact of the unprecedented effect of the COVID-19 pandemic on the world economy is still unknown.

ICANN’s recently passed FY21 budget predicts an 8% slump in revenue due to an estimated 33% plummet in new gTLD registrations and a 2.3% drop in legacy gTLD regs, as well as a loss of 62 fee-paying dot-brand gTLDs and 380 accredited registrars.

That said, it’s also saving millions by eschewing face-to-face meetings until the whole coronavirus mess is sorted.

It’s not entirely clear how ICANN arrived at its numbers, but it seems the domain industry is looking into unknown waters right now.

It’s undeniable that the pandemic-related lockdown mandates around the world have proved a huge boon to the industry, as bricks-and-mortar businesses retreat online to try to save their livelihoods, but it’s unclear whether this boost will continue as nations emerge from quarantine and into record-setting recessions.

ICANN’s budget is dependent more than anything else on registration volumes in gTLDs, so its fiscal stability will depend on whether people continue to buy and renew domains as they lose their jobs and their companies go out of business.

It seems inevitable that companies going bust and dropping their domains is a trend we’re going to face over the coming few years, but as long as there’s enough liquidity in the domainer community that shouldn’t prove a massive issue for ICANN, which does not care who registers a domain, merely that it is registered.

Aside from budgeting concerns, the impact of coronavirus on ICANN meetings is #1 on Marby’s list of priorities.

Work with Supporting Organization and Advisory Committee leaders, community members, and the Board to define and implement a phased plan to return to face-to-face meetings. This plan will ensure the provision of safe and effective meeting formats that support the ongoing work of the community as well as allow robust remote participation options for anyone unable to attend in person. The final plan will be integrated with regional and global engagement activities.

Background: Face-to-face meetings have always been an important part of ICANN’s DNA. Despite the current pandemic-related restrictions, the Board, community, and org must ensure that we remain able to collaborate, and that we are still able to attract new participants into ICANN.

Since March, every meeting that would usually be held face to face, including the two big public meetings, has instead been held over Zoom, which has drawbacks and limitations. This October’s Hamburg meeting will also be online-only.

Marby to a great extent has his hands tied here.

As long as the virus rages out of control in ICANN’s native US, he’s going to be limited to hosting meetings in locations not only where the coronavirus has been tackled to the degree where large congregations are permitted but also where Americans are allowed to travel quarantine-free.

The next scheduled public meeting is due to take place in Cancun, Mexico in March 2021, but that country currently has locked its border to travelers from the north.

And regardless of what laws are in place next March, ICANN’s going to have to get a read on whether any community members will feel safe enough to travel — to a windowless room where everyone wears masks two meters apart for 10 hours a day — before going ahead with an expensive in-person meeting.

It seems more likely that F2F meetings will resume first on a regional level before going fully international. Travel narriers within the European Union, for example, are relatively low, so it’s not impossible to imagine small meetings going ahead with only participants from that community.

ICANN throws out “Ugly Houses” UDRP appeal

ICANN has rejected an unprecedented attempt to get a UDRP decision overturned using the Reconsideration process.

The Board Accountability Mechanisms Committee late last week summarily dismissed a Request for Reconsideration filed by a group called the Emily Rose Trust.

Emily Rose had lost a UDRP case in May concerning the domain name uglyhousesri.com, which it had been using for the last couple of years to run a home renovation-and-resale service in Rhode Island.

The complainant was a company called HomeVestors, which has been running a near-identical service called We Buy Ugly Houses (a phrase it has trademarked) for substantially longer.

The National Arbitration Forum panelist had decided that the domain was confusingly similar to the mark, and that the similarity of the services constituted bad faith use.

In filing the rather poorly-written RfR, Emily Rose argued among other things that “Ugly Houses” is a generic term not protected by the mark.

But ICANN did not consider the merits of its request, instead rejecting the RfR for being outside the scope of the process.

The BAMC said that UDRP decisions do not involved the action or inaction of the ICANN board or staff, and are therefore not subject to board Reconsideration.

While UDRP decisions are often contested in court, this RfR makes it clear that ICANN is not an avenue for appeal in individual cases.

Right to reply: new gTLD applicant hits back at my “delusional” comments

You may recall that I recently referred to Nameshop, a rejected new gTLD applicant, as “delusional” for attempting to get ICANN to grant it .internet to help fight the coronavirus pandemic.

I’ve not really pulled my punches reporting on the company’s attempts to get its rejected applied-for string, .idn, converted to .internet over the last few years. Nameshop is fighting a losing battle, I believe, and would be best served by pulling its application and getting a full refund.

Nameshop owner Sivasubramanian Muthusamy recently asked for a right to reply, and as that seemed like an easier option than getting into a pointless decade-long argument, I obliged.

Below the break, he tries to convince me and you that I’m wrong. Other than formatting, I’ve not edited it. Read it, and draw your own conclusions. Leave a comment if you wish.

By Sivasubramanian M

This brief article is primarily in response to the Domain Incite article about the Nameshop application for the .Internet Top Level Domain, titled World’s most deluded new gTLD applicant makes coronavirus pitch, and “Just give up!” ICANN tells its most stubborn new gTLD applicant, — but it is also in response to ICANN’s treatment of the Nameshop application.

Domain Incite has graciously allowed me the space here to respond, for which I am very thankful.

In reporting on the Nameshop proposal to delegate .internet in a way that can be used as a trusted communications space during the global pandemic, Domain Incite posits:

I don’t know whether Nameshop is motivated by a genuine desire to do good — as so many are during the pandemic crisis — or a sneaky strategy to shame ICANN into giving it its string change. Either way, the plan is pure delusion.

It is difficult for me to answer your question, because that would require a self-proclamation of merit, which by definition is something conferred, not claimed. However, I must seek in some way to dispel the doubts that you have expressed.

As Domain Incite has indicated in previous articles, Nameshop’s original application was for .IDN (more about that later). Although not finalized, the “IDN” moniker included a significant
element of usefulness and some sense of purpose with regard to making the Internet more accessible to all. There was always a sense of doing good. This goal was expanded and clarified in 2012 when the application was changed to .Internet and included Public Interest Commitments (that were ahead of the PIC process).

The inspiration for the original good and the idea to serve the Covid-fighting community is derived directly from my interactions with several good men and women who live purposeful
lives unseen and unknown, some of whom are involved in the Internet Governance processes.

A “sneaky strategy” would be the last thing to move them.

At this time of the COVID pandemic, some readings that came my way and my consultations encouraged the idea of a good deed to defer the business aspects of the .Internet application
and offer to utilise the TLD space with a near total focus on being of use in managing the crisis and to further use the TLD space for collaboration on renewal, with ample involvement from the ICANN Community. This is what Nameshop has offered. There is no delusion here.

Nameshop is not making a “pitch”; this is an idea to utilise the DNS for global benefit, one of the stated, yet unrealised goals of the new gTLD program.

As to Domain Incite’s characterisations of me as “most deluded” and “most stubborn”: I might be accepted to accept those descriptions if by “deluded,” you mean that I continue to believe
in the ICANN model and its propensity for doing good, and if you mean by stubborn, it is my persistence in not letting the idea of a purposeful TLD fall by the wayside.

Does my letter (pdf) reads like one that shames ICANN or instead like one that expresses a very high opinion of ICANN and deep trust in the ICANN Community? When Domain Incite and others next consider the Nameshop application, please understand that:

• While Nameshop’s original application for .idn (disqualifiable because it is Indonesia’s country code) might be considered a mistake, consider that Google and Donuts made the same error (although it was not an existential mistake for them). This shows that the process was Byzantine even to the intellectual elites of our space – yet harmful only to
  entities the size of Nameshop.
• While ICANN could have easily, immediately and appropriately informed me that .idn appeared on a list, ICANN took months to do so – timely response would have enabled Nameshop to correct the error at or almost at the time the application; Nameshop learnt about .idn being an alpha3 country code from others and informed ICANN, and requested to be allowed to change the string by the “Change Request” process which became an extended part of the application process.
• After all the delays related processes of evaluation, and gaps in review processes that stymied substantive review, ICANN invited Nameshop to enter into an IRP, a review process prohibitively expensive and burdensome to be exercised by the type of applicant the new gTLD program supposedly encouraged; we have so far engaged in the cooperative engagement process. It is not our desire to engage in adversarial litigation on this matter.
• A few other TLD applicants were permitted to change their string, after the “reveal day”. So, this issue is not black and white, it is a situation of ICANN being fair to many others but being selectively unfair concerning the string .Internet.

Where Domain Incite cites ICANN that there was, “careful review of the application,” that review was to verify if process routines were followed on paper, but with a firm resistance to
review the substance of the issue placed before ICANN. This is made clear in the various reports ICANN submitted where the reviewing parties did not perform a substantive review
either in its Board Reconsideration or even in the Ombudsman processes.

ICANN contends that it followed the due process, but following “a process” for the sake of documentation does not mean that “due process” was accorded. As observed by the Board
Governance Committee, “the reconsideration process does not allow for a full-scale review of a new gTLD application.” All of this amounts to a process severely limited by design, severely
limited in independence, and with limited notions of accountability.

Nameshop, as the applicant for the TLD .Internet, is not a large business corporation of a size typical of ICANN’s new application process. Nonetheless, Nameshop continues to contend that
it is well within ICANN’s processes to address these very process gaps to delegate .Internet; this has been an ongoing and amicable conversation.

One of the goals of the new gTLD program was to facilitate DNS usage and DNS usage for good in new areas of the globe. Delegating .Internet to Nameshop would achieve a significant milestone in ICANN’s new gTLD program. The current global health crisis amplifies ICANN’s role several fold, and in this context, Nameshop offers this proposal to present a clean TLD namespace to address multiple issues arising out of the pandemic situation, to use the space with a focus on being of help in managing the crisis, and more in causing ideas for renewal, not by Nameshop’s own strengths, but by the collective strengths and merits of the ICANN community.

World’s most deluded new gTLD applicant makes coronavirus pitch

Indian new gTLD applicant Nameshop, which still refuses to accept defeat eight years after its application for .idn was rejected, has a new coronavirus-related pitch to try to persuade ICANN to please, please, give it a gTLD.

You may recall that this company applied for .idn in 2012, overlooking the fact that IDN was banned as the reserved three-letter country code for Indonesia.

Ever since the mistake was noticed, Nameshop has been trying to convince ICANN to let it change its string to .internet, which nobody else applied for, requests that have been repeatedly rejected.

The newest Nameshop plea to ICANN (pdf) pitches .internet as a space where IGOs, NGOs and others could build or host web sites dedicated to coronavirus-related activities.

The company says it wants to:

temporarily — for the length of the pandemic crisis — operate the TLD with a request for heightened involvement of ICANN and the ICANN Community in the interest of making use of the DNS technologies, to help Government Agencies and Communities involve, increase and optimize their efforts to manage the Crisis and the ensuing recovery and renewal.

It wants to offer:

a clean new space for IGOs and NGOs to come together in their efforts to communicate, collaborate, generate solutions and expeditiously resolve the health crisis while also enabling organizations to collaborate on reconstruction efforts

The company says it would not make any money on .internet until after coronavirus is solved.

It’s also offering to set aside a quarter of its profits for good causes.

I don’t know whether Nameshop is motivated by a genuine desire to do good — as so many are during the pandemic crisis — or a sneaky strategy to shame ICANN into giving it its string change. Either way, the plan is pure delusion.

The reason ICANN has continually rejected Nameshop’s request for a string change from .idn to .internet for the last eight years is that it would set a precedent allowing any applicant to apply for any nonsense string and later change it to a desirable, uncontested string.

That hasn’t changed.

But while Nameshop has been tilting at windmills, ICANN has been earning interest on its $185,000 application fee, which I’m sure could be put to a far better use if Nameshop simply requested the full refund ICANN has offered.

Does ICANN have a race problem?

In the wake of the killing of George Floyd, pretty much every corporation and institution in the US, and many elsewhere, have felt the need to make statements or enact changes in order to show how non-racist they are, and it seems ICANN is now no exception.

The org issued a statement from CEO Göran Marby late last week in which he denounced racism and said ICANN was committed to establishing a set of “guiding principles” to govern “diversity and inclusion”.

I found the statement rather odd. Does ICANN have a racism problem that needs addressing?

I don’t think it does. At least, I’ve never even heard so much as a rumor about such behavior, never mind a confirmed case.

I’ve been scratching my head to think of any examples of ICANN being accused of racism, and the only one I can come up with is a minor controversy 10 years ago when an early draft of the new gTLD Applicant Guidebook banned “terrorism”.

Some Muslim community members complained that the word could be perceived as “racist” and it was eventually removed.

Around the same time, a handful of community members (as well as yours truly) were accused by the head of unsuccessful .africa applicant DotConnectAfrica of being part of a racist conspiracy against the company, but to the best of my recollection we never invited ICANN staff to our meetings.

But that’s basically it.

ICANN already has diversity baked into its power hierarchies. Members of the board of directors and other committees have to be geographically diverse, which will usually lead to racial diversity, for example.

A great many of its senior leaders have been (at least under some definitions) “people of color”. There doesn’t appear to be a glass ceiling.

It’s also got its Expected Standards of Behavior, a system of codified politeness used in community interactions, which explicitly forbids racial discrimination.

The broader community is global, has no ethnic majority, and is self-selecting. Anyone with the means can show up to a public meeting, dial into a remote meeting, or join a working group, regardless of race or origin.

Statistics show that whenever an ICANN meeting is held in Africa or Asia, the largest groupings of participants are African or Asian.

Of course, maybe with such diversity comes problems. There are words that are considered offensive in some parts of the world that are perfectly acceptable in others, for example, but I’ve never heard of any instances of this kind of culture clash.

But is there actual racism going on at ICANN HQ? Marby’s post says:

We will open a facilitated dialogue to support our employees, to ensure that racial bias and discrimination, or bias of any kind, have no place in our workforce. We need to be comfortable having uncomfortable conversations so that we can address the unconscious and conscious ways in which systemic racism is perpetuated. We need to listen more to Black people and people of color to learn about how these issues impact them each and every day. And we need to continue to take meaningful actions to address inequality.

That suggests that either ICANN is aware of some sort of systemic racial bias among its staff, or that it wants to hunt it down and snuff it out before it becomes a bigger issue.

Or they could just be empty words designed to pay lip service to this stuff.

As the world burns, ICANN gives its richest execs huge pay rises

ICANN has just given some of its highest-ranking and richest execs pay rises of up to 15%, even as the world stands on the brink of a global recession and ICANN is predicting its own budget is on the verge of huge shrinkage.

Its board of directors has approved a set of pay deals that would see the CFO, Xavier Calvez — a man who has, year-after-year, consistently failed to predict fluctuations in the domain name industry with any degree of accuracy — a pay rise of 15%.

John Jeffrey, the general counsel, is getting 3.5%, despite his record of losing legal cases and covering up incidents of sexual harassment among ICANN staff.

Theresa Swinehart, newly-minted senior vice president of the Global Domains Division, is getting a 10% pay increase on top of her base salary, which was $459,123 in FY19.

Not only that, but CEO Göran Marby has been granted broad discretion to increase salaries in the same range for other, non-officer ICANN employees.

Marby himself has been granted his second-half bonus, which amounts to over $100,000.

Based on disclosed salaries for ICANN’s fiscal 2019, we can take a punt on how much money this will cost ICANN — and by “ICANN” I of course mean “you”, the domain-registering public, who pays for every cent of ICANN’s budget.

According to ICANN’s fiscal 2019 form 990, Calvez had “reportable compensation” of $445,964. That’s not including another $62,000 in additional compensation.

For him, a 15% pay raise on the base number is an extra almost $68,000 a year, making his salary (excluding extras) now comfortably over half a million dollars a year.

I’m sure there are many readers of this blog who would consider $68k a nice-enough base salary. But no, that’s his annual raise this year.

This is the guy who, for the better part of a decade, has had to wildly meddle with the revenue half of ICANN’s budget every six months because he couldn’t seem to get a grip on how the new gTLD market was playing out.

He’s also the guy predicting an 8% decline in revenue for ICANN’s next fiscal year due to coronavirus, even as he admits its current revenue has been so far unaffected and most of its biggest funders say everything is going really rather well.

Swinehart is going to get an extra $46,000 a year.

Jeffrey’s raise amounts to an extra $21,000 on top of his $604,648 FY19 base salary.

Remember, he’s the guy in charge of ICANN’s legal department, which is consistently beaten in Independent Review Panel cases, and who is ultimately responsible for the decision to not disclose the existence of the sexual harassment cases that have been filed against ICANN by its own employees in recent years.

The reason these three in particular have been given angry-laughable pay rises is the recently-announced executive reshuffle, which I blogged about earlier this month.

The three of them have had their jobs merged with those of two recent departures — COO Susanna Bennett, who’s leaving for undisclosed reasons shortly, and GDD president Cyrus Namazi, who quit following (but, you know, not necessarily because of) sexual harassment allegations earlier this year.

Combined, Namazi and Bennett were taking $860,000 a year out of the ICANN purse, so ICANN is still saving money by increasing the salaries of their replacements by about $134,000.

But the question has to be asked: how much extra work are these execs doing for this money? How many extra hours a day are they putting in to earn what to many people would be a whole year’s salary?

I expect the answer is: none.

I expect the answer is that ICANN didn’t need the number of six-figure execs it had previously, and now that’s it’s lost a couple of them it’s handing out your cash to those who chose to stick around mainly because it can and it hopes nobody will notice or care.

ICANN’s board resolution says that its decision to raise salaries is based on “independent market data provided by outside expert compensation consultants”.

ICANN has long had a “philosophy” of paying its top people in the “50th to 75th percentile for total cash compensation based on comparable market data for the respective positions”.

It’s never been entirely clear which entities ICANN compares itself to when making these judgements.

“Horrifying” Zoombombing attack on ICANN meeting, again

ICANN’s eleventh-hour decision to remove password requirements for ICANN 68 was proved wrong almost immediately after the meeting got underway on Zoom today.

According to participants and ICANN itself, several sessions were “zoombombed” this morning, with apparently pornographic content.

Zoombombing is where trolls disrupt public, open Zoom meetings with content designed to offend.

ICANN 68 is taking place on Zoom, but on Kuala Lumpur time. I was asleep during the attacks and ICANN has yet to post the recordings of any of today’s sessions, so I can’t give you any of the details first-hand.

But judging by a handful of social media posts that reference the attack, it seems to have been pornographic in nature. ICANN said it comprised “audio, images and video”.

One participant described it as “funny at first…until it was not”, while another said it was “horrifying” and left her feeling “completely vulnerable”.

ICANN said in a blog post that the trolls were swiftly removed from the sessions.

It added that it has changed the format of the remainder of ICANN 68, unplugging certain interactive components and requiring passwords to be entered before access is granted.

This means you’re going to have to register for each session and click emailed confirmation links, it appears.

Only the Governmental Advisory Committee is staying on the platform with its original vulnerable configuration.

ICANN had been planning to require passwords since a similar attack at an inter-sessional meeting in March, but changed its mind last week after security upgrades made by Zoom gave leaders a greater sense of confidence in the platform.

It appears that confidence was misplaced.