Latest news of the domain name industry

Recent Posts

Crunch Whois privacy talks kick off

Kevin Murphy, January 16, 2019, Domain Policy

ICANN volunteers are meeting this week to attempt to finalize their recommendations on the future of Whois privacy.

Most members of the Expedited Policy Development Process working group have gathered in Toronto for three days of talks on what will likely become, in May this year, new contractually binding ICANN policy.

Discussions are kicking off pretty much at the same time this article is published and will last until Friday afternoon local time.

The EPDP group is due to publish its final report by February 1, leaving enough time for GNSO consideration, public comments, and an ICANN board of directors vote.

Its initial report, which recommended some big changes to Whois output, was published in November. Public comments on this report will lead to largely modest changes to the policy this week.

The timing is tight because Whois policy is currently governed by a one-year Temporary Specification, created by the ICANN board, which expires May 25.

The bulk of the work today will focus on formalizing the “purposes” of Whois data, something that is needed if ICANN policy is to be compliant with the EU General Data Protection Regulation.

The more controversial stuff, where consensus will be extraordinarily difficult to find, comes tomorrow, when the group discusses policies relating to privileged access to private Whois data.

This is the area where intellectual property and security interests, which want a program that enables them to get access to private data, have been clashing with non-commercial stakeholders, which accuse their opponents of advocating “surveillance”.

It’s not expected that a system of standardized, unified access will be created this week or by February 1. Rather, talks will focus on language committing ICANN to work on (or not) such a system in the near future.

Currently, there’s not even a consensus on what the definition of “consensus” is. It could be slow going.

Gluttons for punishment Observers can tune in to the view/listen-only Adobe Connect room for the meetings here.

How new gTLD auctions could kill gaming for good

Kevin Murphy, January 11, 2019, Domain Policy

Ever heard of a Vickrey auction? Me neither, but there’s a good possibility that it could become the way most new gTLD fights get resolved in future.

It’s one of several methods being proposed to help eliminate gaming in the next new gTLD application round that have received some support in a recently closed round of public comments.

ICANN’s New gTLD Subsequent Procedures working group (SubPro) is the volunteer effort currently writing the high-level rules governing future new gTLD applications.

Two months ago, it published a preliminary report exploring possible ways that contention sets could be resolved.

The current system, from the 2012 round, actively encourages applicants to privately resolve their sets. Usually, this entails a private auction in which the winning bid is shared evenly between the losing applicants.

This has been happening for the last five years, and a lot of money has been made.

Losing auctions can be a big money-spinner. Publicly traded portfolio registry MMX, for example, has so far made a profit of over $50 million losing private auctions, judging by its annual reports. It spent $13.5 million on application fees in 2012.

MMX is actually in the registry business, of course. But there’s a concern that its numbers will encourage gaming in future.

Companies could submit applications for scores of gTLDs they have no intention of actually operating, banking on making many multiples of their investment by losing private auctions.

Pointing no fingers, it’s very probably already happened. But what to do about it?

Who’s this Vickrey chap?

One suggestion that seems to be getting some love from diverse sections of the community is a variation of the “Vickrey auction”.

Named after the Canadian Nobel Prize-winning economist William Vickrey, it’s also called a “second price sealed bid auction”.

Basically, each applicant would secretly submit the maximum price they’d be willing to pay for the contested gTLD, and the applicant with the highest bid would pay the amount of the second-highest bid.

This method has, I believe, been used more than once in private contention resolution during the 2012 round.

But under the system suggested by SubPro, each applicant would make their single, sealed, high bid at time of application, before they know who else is gunning for the same string.

That way, contention sets could be mostly eliminated right at the start of the process, leading to time and cost efficiencies.

There’d be no need for every application in a contention set to go through full evaluation. Only the high bidder would be evaluated. If it failed evaluation, the second-highest bidder would go into evaluation, etc, until a successful applicant was found.

For losing applicants, a possible benefit of this is that they’d get much more of their application fees refunded, because they’d be skipping much of the process.

Neither would they have to bear the ambient running costs of sitting on their hands for potentially years while the ICANN process plays itself out.

It could also substantially speed up the next round. If the round has five, 10, 20 or more times as many applications as the 1,930 received in 2012, resolving contention sets at the very outset could cut literally years off processing times.

The SubPro concept also envisages that the winning bid (which is to say, the second-highest bid) would go directly into ICANN’s coffers, eliminating the incentive to game the system by losing auctions.

I must admit, there’s a lot to love about it. But it has drawbacks, and critics.

Why Vickrey may suck

SubPro itself notes that the Vickrey model it outlines would have to take into account other aspects of the new gTLD program, such as community applications, applicants seeking financial support from ICANN, and objections.

It also highlights concerns that bids submitted at the time of application constitute private business-plan information that applicants may not necessarily want ICANN staff seeing (with the revolving door, this info could quite easily end up at a competitor).

Companies and constituencies responding to the recent public comment period also have concerns.

There’s hesitance among some potential applicants about being asked to submit blind bids. There are clearly cases where an applicant would be prepared to pay more to keep a gTLD out of the hands of a competitor.

One could imagine, for example, that Coca-Cola would be ready to spend a lot more money on .cola if it knew Pepsi was also bidding, and possibly less if it were only up against Wolf Cola.

The Intellectual Property Constituency raised this concern. It said that it was open to the idea of Vickrey auctions, but that it preferred that bids should be submitted after all the applications in the contention set have been revealed, rather than at time of application:

Although there is a potential downside to this in that the parties have not put a “value” on the string in advance, the reality is that many factors come into play in assessing that “value”, certainly for a brand owner applicant and possibly for all applicants, including who the other parties are and how they have indicated they intend to use the TLD.

The Brand Registry Group and Neustar were both also against the Vickrey model outlined by SubPro, but neither explained their thinking.

The Business Constituency, which is often of a mind with the IPC, in this case differed. The BC said it agreed that bids should be submitted alongside applications, only to be unsealed in the event that there is contention. The BC said:

This Vickrey auction would also resolve contention sets very early in the application evaluation process. That saves contending applicants from spending years and significant sums during the contention resolution process, which was very difficult for small applicants.

It’s hard to gauge where current registries, which are of course also likely applicants, stand on Vickrey. The Registries Stakeholder Group is a pretty diverse bunch nowadays and it submitted a set of comments that, unhelpfully, flatly contradict each other.

“Some” RySG members believe that the current evaluation and contention process should stay in place, though they’re open to a Vickrey-style auction replacing the current ascending-clock model at the last-resort stage after all evaluations are complete.

“Other” RySG members, contrarily, wholeheartedly support the idea that bids should be submitted at the time of application and the auction processed, Vickrey-style, before evaluation.

“An application process which requires a thorough evaluation of an applicant who will not later be operating the gTLD is not an efficient process,” these “other” RySG members wrote. They added:

if contention sets are resolved after the evaluation process and not at the beginning of it, like the Vickery model suggestion, it would enable applicants who applied for multiple strings to increase the size of their future bids each time they lost an auction. Each TLD needs to be treated on its own merits with no contingencies allowed for applicants with numerous applications.

It’s not at all clear which registries fall into the “some” category and which into “other”, nor is it clear the respective size of each group.

Given the lack of substantive objections to pre-evaluation Vickrey auctions from the “some” camp, I rather suspect they’re the registries hoping to make money from private settlements in the next round.

Other ideas

Other anti-gaming ideas put forward by SubPro, which did not attract a lot of support, included:

  • A lottery. Contention sets would be settled by pulling an applicant’s name out of a hat.
  • An RFP process. This would mean comparative, merit-based evaluation, which has never been a popular idea in ICANN circles.
  • Graduated fees. Basically, applicants would pay more in application fees for each subsequent application they filed. This would disadvantage portfolio applicants, but could give smaller applicants a better shot at getting the string they want.

All of the comments filed on SubPro’s work has been fed back into the working group, where discussions about the next new gTLD round will soon enter their fourth year…

.amazon domain isn’t a slam dunk after all

Kevin Murphy, January 9, 2019, Domain Policy

Amazon’s application for the .amazon dot-brand may not be as secure as it was thought, following an ICANN decision over the Christmas period.

Directors threw out a South American government demand for it to un-approve the .amazon bid, but clarified that ICANN has not yet made a “final decision” to allow the gTLD to go live.

The Board Accountability Mechanisms Committee formally rejected (pdf) a Request for Reconsideration filed by the Amazon Cooperation Treaty Organization, which is made up of the governments of the eight countries near that big foresty, rivery, basiny thing, on December 21.

ACTO had asked the board to overturn its October resolution that took .amazon off its longstanding “Will Not Proceed” (ie, rejected) status and put it back on the path to delegation.

Secretary general Jacqueline Mendoza last month blasted ICANN for multiple “untrue, misleading, unfortunate and biased statements”, in connection with ACTO’s purported acquiescence to the .amazon bid.

Refusing ACTO’s request, the BAMC stated that ACTO had misinterpreted the resolution, and that ICANN did not intend to delegate .amazon until Amazon the company and ACTO had sat down to talk about how they can amicably share the name.

The October resolution “could have been clearer”, the BAMC said, adding:

the Resolution was passed with the intention that further discussions among the parties take place before the Board takes a final decision on the potential delegation of .AMAZON and related top-level domains. The language of the Resolution itself does not approve delegation of .AMAZON or support any particular solution. Rather, the Resolution simply “directs the President and CEO, or his designee(s), to remove the ‘Will Not Proceed’ status and resume processing of the .AMAZON applications.”

There are pages and pages of this kind of clarification. The committee clearly wants to help to smooth over relations between ICANN and the governments.

On the face of it, there’s a slight whiff of ret-conny spin about the BAMC recommendations.

There’s some ambiguity in the public record about what the ICANN board actually voted for in October.

Shortly before the ICANN board voted to resume processing .amazon, CEO Goran Marby stated, in front of an audience at ICANN 63 in Barcelona, both that a decision to delegate was being made and that ACTO was still at the table:

what we in practice has done is, through facilitation process, constructed a shared delegation of .AMAZON where the company has or will provide commitments to the ACTO countries how the .AMAZON will be used in the future. And the decision today is to delegate it, forward it to me to finalize those discussions between the company and those countries.

And I’m also formally saying yes to the invitation to go to Brazil from the ACTO countries to their — finish off the last round of discussions.

While the new clarifications seem to suggest that ACTO still has some power to keep .amazon out of the root, the BAMC decision also suggests that the full board could go ahead and approve .amazon at the ICANN 64 meeting in Japan this March, with or without governmental cooperation, saying:

the BAMC recommends that the Board reiterates that the Resolution was taken with the clear intention to grant the President and CEO the authority to progress the facilitation process between the ACTO member states and the Amazon corporation with the goal of helping the involved parties reach a mutually agreed solution, but in the event they are unable to do so the Board will make a decision on the next steps at ICANN 64 regarding the potential delegation of .AMAZON and related top-level domains. The BAMC encourages a high level of communication between the President and CEO and the relevant stakeholders, including the representatives of the Amazonian countries and the Amazon corporation, between now and ICANN 64.

If you’ve not been following the story, ACTO has concerns about .amazon due to its similarity to the name of the rain-forest region.

Amazon the company has promised to encode cultural safeguards in its ICANN contract and offered to donate a bunch of free stuff to the countries to sweeten the deal

The current Amazon offer has not been published.

The BAMC recommendation will now be considered by the full ICANN board, which is usually just a formality.

“Please send women!” ICANN board urges

Kevin Murphy, January 7, 2019, Domain Policy

The ICANN board of directors wants more women around the table, according to recent correspondence to the independent Nominating Committee.

The recommendation to balance the genders further was among several made in a letter (pdf) to NomCom from ICANN chair Cherine Chalaby last week. He wrote:

There has been increasing sensitivity within the Board regarding gender balance, probably reflecting comparable sensitivity throughout the community. Without compromising the fundamental requirement to have Board members with the necessary integrity, skills, experience, the Board would find it helpful to have more women on the Board.

It is not specified why a greater number of women would be considered “helpful”.

Of the current 20 directors, six are women. That’s 30%, only slightly less than the proportion of women that usually attend ICANN’s public meetings.

However, two of the six are non-voting committee liaisons. The female portion of the 16 voting members is therefore a rather lower 12.5%.

Of the eight directors selected by NomCom, three are currently female.

The 2018 NomCom had 33 female and 76 male applicants, though these were for more positions than just the board of directors.

Chalaby’s letter, which “strongly encourages” NomCom to follow the board’s guidance for director selection, also shows a clear preference for incumbents.

The board is concerned that it takes new directors “a year or two to come up to speed” and that too-fast board churn could lead to a loss of “institutional knowledge”.

Combined, these two recommendations may be good news for the two first-term female NomCom appointees: Sarah Deutsch and Avri Doria, whose terms expire in November 2020.

Three male NomCom-appointed directors have terms due to expire at this year’s Annual General Meeting: Khaled Koubaa, Maarten Botterman, and Chalaby himself. Koubaa and Botterman are currently on their first three-year terms, while Chalaby is term-limited after nine years of service.

Chalaby’s letter also urges the NomCom to consider personal qualities such as intelligence, technical knowledge, management experience, domain industry independence and communication skills during their deliberations.

“While it will be a rare candidate who ticks all of the boxes on the list of additional characteristics and skill sets, the Board as a whole should do so,” Chalaby wrote.

UK tells .eu registrants to lawyer up as no-deal Brexit looms

Kevin Murphy, January 3, 2019, Domain Policy

British .eu registrants have been urged to consider another top-level domain or seek legal advice due to the risk of losing their names if a no-deal Brexit happens.

The Department for Culture, Media and Sport issued guidance shortly before Christmas, encouraging UK individuals and businesses to talk to their registrars about their .eu eligibility after March 29, currently the date we’re scheduled to leave the EU.

“[Y]ou may wish to discuss transferring your registration to another top level domain,” the guidance states. “Examples of other top level domains include .com, .co.uk, .net or .org.”

I’m sure Nominet will be delighted to see the UK government apparently prefers .com to .uk.

The guidance points to the European Commission’s own notice of March 2018, which informs Brits that they won’t be eligible to register or renew .eu domains after Brexit, and that the registry will be able to turn off those names at will.

That’s assuming a no-deal Brexit, it seems. The new UK guidance suggests that a Brexit with a transition plan is likely to give registrants a bit more breathing space, and possible future rights to retain their names.

Even though .eu is not a TLD you’ll typically see on a billboard or TV commercial in the UK — I’m fairly confident I’ve never seen one in the wild here — it seems that Brits are responsible for a big chunk of the namespace.

There were 273,000 .eu domains registered in the UK at the end of the third quarter 2018, according to EURid (pdf), down 10% on the same period 2017, a decline squarely attributed to Brexit.

There were 3.75 million .eu domains in total, with the UK being the fourth-largest source of registrations.

If you haven’t been following the Brexit saga recently, lucky you! I’ll quickly explain what’s going on.

The British parliament is currently on the verge of deciding whether to leave the EU with a negotiated deal that nobody likes — the equivalent of sawing off a perfectly healthy testicle with a rusty blade for no reason — or to leave the EU with no deal — the equivalent of sawing off both perfectly healthy testicles with a rusty blade for no reason.

The option of keeping both testicles intact and attached is unlikely to be put to the British people because two years ago we were all assured that amateur backstreet castration was fricking awesome and we’re now being warned that the almost 52% of the population who believed the horseshit, and are almost certainly too stupid to have changed their minds in the meantime, will riot in the streets rather than recast their votes.

That’s it in a nutshell.

Come April 1, don’t be surprised if DI is being brought to you from a country with fewer idiots. I’m open to suggestions. Somewhere warm, preferably.

ICANN attendance soars but “females” stay away

Kevin Murphy, December 4, 2018, Domain Policy

ICANN attendees identifying themselves as female plummeted to 20% of the total at ICANN 63, even as overall attendance rocketed.

According to just-published stats from ICANN, 2,639 people checked in at the Barcelona venue for the late-October meeting.

That compares favorably to the Abu Dhabi meeting a year earlier, which saw 1,929 participants show up, to the last European meeting, Copenhagen in March last year, where there were 2,089 attendees, and to the last European AGM, 2015’s Dublin meeting with its 2,395 people.

Oddly, the number of people self-declaring their femaleness was down hugely. It reliably hovers around the 33% mark usually, but in Barcelona it was down to one in five.

The number of “males” was also down, from 59% in Abu Dhabi to 53% in at 63.

It seems very likely that the gender balance has not substantially changed, but that fewer people are ticking the gender box when they sign up.

The number of participants who chose not to disclose their gender was 27%, up from 10% in Abu Dhabi, 11% at ICANN 61 and 14% at ICANN 62.

There were wide regional differences in gender balance.

There were 1,440 attendees from Europe in Barcelona, more than half the total, and 28% of them did not disclose their gender. That number was just 8% among North Americans and 9% for Africans.

I’m at a loss to explain why the number of undeclareds would see such a sharp increase — did ICANN change how it gathers gender data this time around, or are people, women in particular, becoming more reticent to disclose their gender?

Perhaps Europeans registering on-site, where perhaps the gender option was easier to ignore on the terminals, tilted the balance? I’m speculating.

In other stats, it seems the number of sessions and session-hours is (thankfully) on the decline.

There were 338 session at 63, down from 407 a year ago, and the number of hours was down by 100, from 696 to 596.

The numbers also show a strong bias towards sessions involving the Governmental Advisory Committee when it comes to attendance, but that’s probably due to the GAC being so bloody big compared to other groups.

All this, and more additional statistics than anyone could possibly ever find useful, can be found here.

Amazon countries fighting back against .amazon gTLD

Kevin Murphy, December 4, 2018, Domain Policy

When ICANN’s board of directors voted in late October to let Amazon have its controversial .amazon gTLD, it was not entirely clear what governments in the Amazon region of South America thought about it.

Now, it is: they’re pissed.

The governments of the Amazon Cooperation Treaty Organization have cancelled planned peace talks with the retailer and ICANN boss Goran Marby and have filed an appeal against the board’s decision.

It even seems that the negotiations — aimed at obtaining ACTO’s blessing by stuffing the .amazon registry agreement with cultural safeguards and augmenting it with financial sweeteners — may be dead before they even started.

The rapid deterioration of the relationship between ACTO and ICANN plays out in a series of letters between Marby and ACTO secretary general Jacqueline Mendoza, published last week by ICANN.

After the board’s October 25 resolution, which gave .amazon a pardon from its longstanding “Will Not Proceed” death sentence, it took just 10 days for ACTO to file a Request for Reconsideration with ICANN, asking the board to rethink its resolution.

In a cover letter to the November 5 request, Mendoza said that ACTO was still happy to have Marby facilitate talks between the governments and Amazon, “to develop a mutually acceptable solution for the delegation” of .amazon.

Amazon is said to have offered concessions such as the protection of culturally sensitive names, along with $5 million worth of free Kindles, in order to get ACTO to back down.

But the governments had yet to see any proposal from Amazon for them to consider, Mendoza wrote a month ago.

At some point Marby then agreed to meet with the ACTO governments — Bolivia, Brazil, Colombia, Ecuador, Guyana, Peru, Suriname and Venezuela — in Bolivia on November 29.

He froze their reconsideration request pending this meeting, according to his November 20 letter (pdf), which also bulletted out the sequence of events that led to the ICANN resolution.

It seems ICANN has been working rather closely with, and had been hearing encouraging noises from, Brazil’s Governmental Advisory Committee representative, over the last 12 months. Indeed, it seems it was Brazil that said the reconsideration should be put on hold, pending the November 29 meeting.

But on November 22, Mendoza cancelled the summit (pdf), taking a hard line against the unfreezing of the applications.

Four days later, she told Marby and ICANN chair Cherine Chalaby that ICANN should be dealing with ACTO, not its individual members.

She said that a “positive reaction” to the reconsideration request and the request for the board resolution to be “cancelled” are “indispensable pre-requisites for such a meeting to take place”.

The short version: ICANN jumped the gun when it unfroze the .amazon gTLD applications, at least in ACTO’s view.

ACTO didn’t even receive Amazon’s latest proposal until November 23, the day after the talks were cancelled, according to ICANN.

And, judging by the latest missive in this infuriating thread, ICANN may have thrown in the towel already.

Marby informed GAC chair Manal Ismail (pdf) last Wednesday that the “facilitation process” ICANN had resolved to lead “has been unsuccessful” and “has not been able to reach its desired conclusion.”

While he added ICANN remains “open to assist and facilitate this matter, should it be considered useful”, there’s otherwise an air of finality about the choice of language in his letter.

As for the reconsideration request (pdf), it seems to be still active, so there’s a chance for the board to change its mind about .amazon’s status.

It will be interesting to see whether the request will be approved by the board for the sake of political expediency.

Reconsideration requests are almost unfailingly tossed out for failing to reach the threshold of providing the board with information it was not aware of at the time of its contested resolution.

In this case, ACTO claims that the board was wrongly informed that the ACTO members had seen and liked Amazon’s latest proposal, presumably because ICANN had been feeling positive vibes from Brazil.

It’s not impossible that the board might agree this is true, put .amazon back on ice, and try again at the “facilitation” route.

But should it? Part of me wonders why the hell ICANN resources — that is, registrants’ money — should be diverted to pay for ICANN to act as an unpaid lobbyist for one of the world’s wealthiest companies, which can’t seem to actually put a proposal on the table in a timely fashion, or for eight national governments who don’t seem to be even talking to each other on an issue they claim is of the utmost importance.

First chance to have your say on the future of Whois

Kevin Murphy, November 23, 2018, Domain Policy

RIP: the Whois Admin.

Standard Whois output is set to get slimmed down further under newly published policy proposals.

The community working group looking at post-GDPR Whois has decided that the Admin Contact is no longer necessary, so it’s likely to get scrapped next year.

This is among several recommendations of the Expedited Policy Development Process working group on Whois, which published its initial report for public comment late Wednesday.

As expected, the report stops short of addressing the key question of how third-parties such as intellectual property interests, domain investors, security researchers and the media could get streamlined access to private Whois data.

Indeed, despite over 5,000 person-hours of teleconferences and face-to-face meetings and about 1,000 mailing list messages since work began in early August, the EPDP’s 50 members have yet to reach consensus on many areas of debate.

What they have reached is “tentative agreement” on 22 recommendations on how to bring current ICANN Whois policy into line with EU privacy law, the General Data Protection Regulation.

The work is designed to replace the current Temporary Specification, a Band-Aid imposed by the ICANN board of directors, which is due to expire next May.

The EPDP initial report proposes a few significant changes to what data is collected and publicly displayed by the Whois system.

The most notable change is the complete elimination of the Admin Contact fields.

Currently, Whois contains contact information for the registrant, admin contact and technical contact. It’s often the same data replicated across all three records, and under the Temp Spec the large majority of the data is redacted.

Under the EPDP’s proposal, the Admin Contact is superfluous and should be abandoned altogether. Not only would it not be displayed, but registrars would not even collect the data.

The Tech Contact is also getting a haircut. Registrars would now only be able to collect name, phone and email address, and it would be optional for the registrant whether to provide this data at all. In any event, all three fields would be redacted from public Whois output.

For the registrant, all contact information except state/province and country would be redacted.

There’s no agreement yet on whether the optional “organization” field would be redacted, but the group has agreed that registrars should provide better guidance to registrants about whether they need to provide that data.

While data on legal persons such as companies is not protected by GDPR, some fear that natural person registrants may just naively type their own name into that box when registering a name, inadvertently revealing their identities to the public.

Those providing Whois output would be obliged, as they are under the Temp Spec, to publish an anonymized email address or web-based contact form to allow users to contact registrants without personal information being disclosed.

That German lawsuit

The recommendation to slash what data is collected could have an impact on ICANN’s lawsuit against Tucows’ German subsidiary, EPAG.

ICANN is suing EPAG after the registrar decided that collecting admin and tech contact info was not compliant with GPDR. It’s been looking, unsuccessfully, for a ruling forcing the company to carry on collecting this data.

Tucows is of the view that if the admin and tech contacts are third parties to the registration agreement, it has no right to collect data about them under the GDPR.

If ICANN’s own community policy development process is siding with Tucows, this could guide ICANN’s future legal strategy, but not, it appears, until it becomes firm consensus policy.

I asked ICANN general counsel John Jeffrey about whether the EPDP’s work could affect the lawsuit during an interview October 5, shortly after it became clear that the admin/tech contact days might be numbered.

“Maybe,” he said. “If it becomes part of the policy we’ll have to assess that. Until there’s a new policy though, what we’re working with is the Temp Spec. The Temp Spec we believe is enforceable, we believe have the legal support for that, and we’ll continue down that path.”

(It might be worth noting that Thomas Rickert, whose law firm represents EPAG in this case, is on the EPDP working group in his capacity of head of domains for German trade group eco. He is, of course, just one of the 31 EPDP members developing these recommendations at any given time.)

IP wheel-spinning

The main reason it’s taken the EPDP so long to reach the initial report stage — the report was originally due during the ICANN 63 Barcelona meeting a month ago — has been the incessant bickering between those advocating for, and opposing, the rights of intellectual property interests to access private Whois data.

EPDP members from the IP Constituency and Business Constituency have been attempting to future-proof the work by getting as many references to IP issues inserted into the recommendations as they can, before the group has turned its attention to addressing them specifically.

But they’ve been opposed every step of the way by the Non-Commercial Stakeholders Group, which is concerned the IP lobby is trying to policy its way around GDPR as it relates to Whois.

Many hours have been consumed by these often-heated debates.

My feeling is that the NCSG has been generally winning, but probably mainly because the working group’s charter forbade discussion about access until other issues had been addressed.

As it stands today, the initial report contains this language in Recommendation #2:

Per the EPDP Team Charter, the EPDP Team is committed to considering a system for Standardized Access to non-public Registration Data once the gating questions in the charter have been answered. This will include addressing questions such as:

• What are the legitimate purposes for third parties to access registration data?

• What are the eligibility criteria for access to non-public Registration data?

• Do those parties/groups consist of different types of third-party requestors?

• What data elements should each user/party have access to?

In this context, amongst others, disclosure in the course of intellectual property infringement and DNS abuse cases will be considered

This is basically a placeholder to assure the IP crowd that their wishes are still on the table for future debate — which I don’t think was ever in any doubt — but even this basic recommendation took hours to agree to.

The EPDP’s final report is due February 1, so it has just 70 days to discuss this hypothetical “Standardized Access” model. That’s assuming it started talks today, which it hasn’t.

It’s just nine weeks if we assume not a lot is going to happen over the Christmas/New Year week (most of the working group come from countries that celebrate these holidays).

For context, it’s taken the working group about 115 days just to get to the position it is in today.

Even if Standardized Access was the only issue being discussed — and it’s not, the group is also simultaneously going to be considering the public comment on its initial report, for starters — this is an absurdly aggressive deadline.

I feel fairly confident in predicting that, come February 1, there will be no agreement on a Standardized Access framework, at least not one that would be close to implementable.

Have your say

All 22 recommendations, along with a long list of questions, have now been put out for public comment.

The working group is keen to point out that all comments should provide rationales, and consider whether what they’re asking for would be GDPR-compliant, so comments along the lines of “Waaah! Whois should be open!” will likely be rapidly filed to the recycle bin.

It’s a big ask, considering that most people have just a slim grasp of what GDPR compliance actually means.

Complicating matters, ICANN is testing out a new way to process public comments this time around.

Instead of sending comments in by email, which has been the norm for two decades, a nine-page Google form has been created. This is intended to make it easier to link comments to specific recommendations. There’s also a Word version of the form that can be emailed.

Given the time constraints, it seems like an odd moment to be testing out new processes, but perhaps it will streamline things as hoped. We’ll see.

ICANN probing Donuts and Tucows over anti-Jewish web site

Kevin Murphy, November 16, 2018, Domain Policy

ICANN is investigating Tucows and Donuts over a web site that hosts antisemitic, white supremacist content.

CEO Goran Marby said in a letter published this week that he has referred a complaint about the web site judas.watch to ICANN’s Compliance department.

The web site in question says it is dedicated to documenting “anti-White traitors, agitators and subversives & highlighting Jewish influence.” It appears to be half database, half blog.

Its method of “highlighting Jewish influence” is possibly the most disturbing part — the site tags people it believes are Jewish with a yellow Star of David, mimicking the way the Nazis identified Jews during the Holocaust.

The site is quite liberal in how it applies these stars, going so far as to label UK Labour Party leader Jeremy Corbyn, who has been fighting off his own allegations of antisemitism for years, as Jewish.

Over 1,600 people and organizations are currently listed. Posts there also seem keen to highlight its subjects’ sexual orientation.

As far as I can tell, there are no direct calls to violence on the site, and the level of what you might call “hate speech” is pretty mild. It publishes the social media handles of its subjects, but I could not find any physical addresses or phone numbers.

The complaint to ICANN (pdf) came from WerteInitiative (“Values Initiative”), which appears to be a small, relatively new Jewish civil society group based in Germany.

WerteInitiative said judas.watch “poses a direct threat to the named persons with unforeseeable consequences for them, and especially so for the identified Jews”.

“We want this site banned from the Internet and ask for your help in doing so: can you help us to find out who behind this page is, so we can get it banned in Germany?” the letter concludes.

The domain has been behind Whois privacy since it was registered in 2014, so the registrant’s name was not public even prior to GDPR.

Marby, in response (pdf), says the complaint “raises a serious issue”.

While he goes to some lengths to explain that ICANN does not have the authority, contractual or otherwise, to demand the suspension of any domain name, he said he has nevertheless referred the complaint to Compliance.

Compliance has already reached out to the organization for more information, Marby said.

He also encouraged WerteInitiative to talk to .watch registry Donuts and judas.watch registrar eNom (owned by Tucows), as well as the hosting company, to see if that could help resolve the issue.

While ICANN is always adamant that it does not venture into content regulation, it strikes me that this exchange shows just what a tightrope it walks.

It comes against the backdrop of controversy over the suspension by GoDaddy of the domain Gab.com, a Twitter clone largely hosting far-right voices that have been banned from other social media platforms.

Kirikos lawyers up after ICANN etiquette fight

Kevin Murphy, October 25, 2018, Domain Policy

Domain investor George Kirikos has hired lawyers to send nastygrams to ICANN after a fight over the rules of etiquette on a working group mailing list.

Kirikos claims there’s a “campaign of intimidation” against him by fellow volunteers who do not agree with his opinions and forthright tone, but that he “has not done anything wrong”.

In response, ICANN CEO Goran Marby this evening revealed that he has assigned his general counsel and new deputy, John Jeffrey, to the case.

Even by ICANN standards, it’s a textbook case of a) manufacturing mountains out of molehills, and b) how it can become almost impossible to communicate like sensible human beings when everyone’s tangled in red tape.

The dispute started back in May, when Kirikos got into a fight with IP lawyer Greg Shatan on the mailing list of the Rights Protection Mechanisms working group.

Both men are volunteers on the group, which seeks to refine ICANN policy protecting trademark owners in gTLDs.

The argument was about the content of a World Intellectual Property Organization web page listing instances of UDRP cases being challenged in court.

Kirikos took a strident tone, to which Shatan took exception.

Shatan then reported Kirikos to the working group’s co-chairs, claiming a breach of the Expected Standards of Behavior — the informal code of conduct designed to prevent every ICANN discussion turning into a flame war and/or bare-knuckle alley fight.

Under GNSO PDP rules, working group volunteers have to agree to abide by the ESB. Group chairs have the ability to kick participants who repeatedly offend.

At this point, the sensible thing to do would have been for Shatan and Kirikos to hug it out and move on.

But this is ICANN.

What actually happened was a pointless procedural back-and-forth between Kirikos, Shatan, and working group chairs Phil Corwin of Verisign and Brian Beckham of WIPO, which resulted in Kirikos hiring two lawyers — Andrew Bernstein of Torys and regular ICANN participant Robin Gross of IP Justice.

It’s believed to be the first time a WG participant has hired counsel over a mailing list argument.

Far too boring to recount here, Corwin’s timeline of events can be found from page 24 of this transcript (pdf) of remarks delivered here in Barcelona during ICANN 63, while the Bernstein/Kirikos timeline can be found here (pdf).

The rub of it is that Kirikos reckons both Corwin and Beckham are biased against him — Beckham because Kirikos voted against his chairship, Corwin because of a similar dispute in a related working group earlier this year — and that the ESB is unenforceable anyway.

According to Bernstein: “Mr. Kirikos has strong concerns that whatever process ICANN purports to operate with respect to Mr. Shatan’s complaint, it will not be fairly or neutrally adjudicated.”

He added that Kirikos had said that “due to the precise language of Section 3.4 of the Working Group Guidelines, Mr. Shatan lacked a basis to initiate any complaint”.

That language allows complaints to be filed if the ESB is “abused”. According to Corwin’s account, Kirikos — well-known as a detail-oriented ICANN critic — reckons the correct term should be “violated”, which rendered the ESB “null and void and unenforceable” in this instance.

Bernstein has since added that the ICANN board of directors never intended the ESB to be anything but voluntary.

The sum of this appears to be that the dispute has had a chilling effect on the RPM working group’s ability to get anything done, consuming much of its co-chairs’ time.

Kirikos lawyering up seems to have compounded this effect.

Now, as ICANN 63 drew to a close this evening, CEO Marby said in a brief prepared statement that the WG’s work has “more or less stalled for the last several months” and that he’s assigned general counsel John Jeffrey to “look into the issues surrounding this matter”.

ICANN “takes the issue very seriously”, he said.

As well it might. The Kirikos/Shatan incident may have been blown waaaaay out of proportion, but at its core is a serious question about civil discourse in ICANN policy-making.

Personally, I hold out hope it’s not too late for everyone to hug it out and move on.

But this is ICANN.