Latest news of the domain name industry

Recent Posts

ICANN attendance shrinks again

Kevin Murphy, December 21, 2017, Domain Policy

The number of people showing up an ICANN public meeting was down again for ICANN 60.

The organization today reported that 1,929 people showed up in Abu Dhabi, the first time Annual General Meeting attendance has dropped below 2,000 for some time.

At the comparable 2016 AGM, held in Hyderabad, ICANN saw a record 3,182 people check in, a number swollen by many hundreds of Indian delegates.

In 2015, the AGM in Dublin reportedly had 2,395 participants.

The 1,929 going to Abu Dhabi compares to the 2,089 going to the Copenhagen meeting in March and the 1,353 who went to the much shorter, more focused Johannesburg meeting in June.

All three 2017 meetings had lower attendance than their 2016 counterparts.

While there had been some talk of some foreigners, particularly women, avoiding ICANN 60 due to its location, it appears that the gender mix was pretty much the same as usual, with 31% of people saying they were female.

The number of sessions continued to spiral out of control, although they were on average shorter.

There were 407 meetings over the course of the week, up from 381 at the Hyderabad AGM, but the total number of session-hours was down from 814 to 696.

The amount of equipment lugged to the venue weighed in at 9.6 metric tonnes. That’s the same, ICANN said, as 6,517 adult female falcons.

That’s enough birds to fill sixty London buses to the moon and back in a hundred football stadiums THE SIZE OF WALES.

Probably.

ICANNWiki could be first victim of budget cutbacks

Kevin Murphy, December 20, 2017, Domain Policy

ICANN is mulling whether to cut funding to ICANNWiki, the independent community encyclopedia, as part of its efforts to rein in spending.

There’s $100,000 at stake, more than half of the Oregon-based non-profit’s annual budget.

Ray King, the gTLD registry CEO who founded ICANNWiki in 2005, told DI today that ICANN has been providing funding for the last three years.

“While no decision has been made yet, there is a possibility that ICANN will not continue it,” he said in an email.

“We’ve poured our hearts and minds into this project for many years so this would be disappointing to say the least,” he said. “We believe in our mission and that it is in the community’s interest for this support to continue”.

An ICANN spokesperson said: “At this time, while it is highly unlikely that ICANN will be renewing its contract with ICANNWiki, we have not come to a final determination.”

ICANNWiki currently carries about 6,000 volunteer-edited articles covering many aspects of the ICANN community and the domain name industry in general.

George Clooney circa 1997It’s perhaps most recognizable for the frequently shared caricatures of community members it produces, such as this handsome devil, and the playing card decks handed out as freebies at ICANN meetings.

According to a letter (pdf) sent to ICANN earlier this month, ICANNWiki receives cash contributions of $161,000 a year, $61,000 of which comes from 10 corporate sponsors.

ICANNWiki estimates the 2,200 hours per year of volunteer work it benefits from is worth about $66,500. It says it has in-kind contributions worth about $40,000 from other companies.

It puts the value of its “reference services” at $339,959 a year.

That’s based on estimated visits to its site of 182,774 in 2017 (not including visits from its editors and staff) and a value per visit of $1.86 (based on an unrelated ROI calculation Texas Public Libraries used to justify its own existence earlier this year).

The ICANN $100,000 contribution is at risk now due to the organization’s plan to cut back on spending in the face of revenues that are coming in lower than expected due to a weak domain name market.

CEO Goran Marby said yesterday that its fiscal 2018 is currently running a million dollars short. Coupled with a perceived need to add an extra $80 million to its reserve budget, ICANN is looking for areas to cut costs.

ICANNWiki funding may be the low-hanging fruit in this endeavor; while it’s no doubt valuable (I probably use it two or three times per week on average), it’s perhaps not straightforward to quantify that value.

Even if the funding is cut, I would not expect ICANNWiki the web site to disappear, given the level of corporate sponsorship and in-kind services it receives and the low overheads suggested by its modest traffic numbers, but perhaps its growth and outreach ambitions would be curtailed.

UPDATE: This post was updated at 2307 UTC with a quote from ICANN.

ICANN, with $143 million budget, running out of cash

Kevin Murphy, December 19, 2017, Domain Policy

ICANN is to tighten its belt over the coming year as lower than expected revenue from domain name registrations has caused a budget shortfall and dwindling reserves.

The organization is $1 million short so far in its fiscal 2018, which CEO Goran Marby says is forcing him to look at making cuts to staffing costs, travel expenses, and community-requested projects.

Meanwhile, chair Cherine Chalaby says the board of directors is worried that ICANN’s reserve fund is $80 million shy of where it ideally should be.

Both men outlined their priorities in separate end-of-year blog posts this week.

It does not yet appear that anyone’s job is on the line.

Marby indicated that headcount would be reduced through attrition — sometimes not replacing staff who leave — rather than lay-offs.

“The reality is, ICANN has a significant budget but not an infinite budget. We need to make some changes, and can’t do everything we are asked,” he wrote, before explaining some areas where “efficiencies” could be found.

For example, when someone leaves ICANN org, we are taking a close look at the vacancy, the team’s needs and other people’s availability and skills before deciding if we are going to fill the role. We are also looking at our staff travel practices for ICANN meetings and other ICANN org commitments, reviewing our language services support levels and offering, and trying to consolidate our collateral and the volume of reports. We are looking at what projects we could delay or stop

Some might say that this renewed focus on how ICANN manages its money is overdue. The organization has bloated fast over the last several years, as over 1,200 new gTLD registries became contracted parties and interest in ICANN’s work grew globally.

In its financial year ending June 2012, it budgeted for revenue of $69.7 million and expenses of $67 million.

For FY2017, which ended this June, it was up to revenue of $132.4 million and expenses of $126.5 million.

Over the same period, headcount swelled from 158 full-time equivalents to 365. That was anticipated to grow to 413 by next June.

For the financial year ending next June, ICANN had budgeted for $142.8 million revenue, growing from $135.9 million, but Marby said in his blog post today that it might actually be flat instead.

As much as 64% of ICANN’s revenue is driven by transaction volumes — registrations, renewals and transfers — in gTLDs. In the quarter to September, revenue was $1 million behind plan due to lower than expected transactions, Marby said.

The message is to expect cuts, possibly to projects you care about.

Adding complexity, the ICANN board has decided following public consultation at 12 months funding is the appropriate amount ICANN should be keeping in reserve — so it can continue to function for a year should its contracted parties all abruptly decide not to pay their dues.

Unfortunately, as Chalaby outlined in his post today, this reserve pool is currently at about $60 million — just five months’ worth — so the organization is going to have to figure out how to replenish it.

Building up reserves to the tune of an extra $80 million is likely to put more pressure on the regular annual budget, leeching cash from other projects.

Chalaby said that the board will discuss its options at its February 2018 workshop.

Marby, meanwhile, said that a new budget will be out for public comment in mid-January.

New Trump appointee slams ICANN after security group shutdown

Kevin Murphy, December 19, 2017, Domain Policy

Not even a month into the job, the US official with most direct responsibility over domain name policy has criticized ICANN for shutting down a security working group.

David Redl, the new assistant secretary at the National Telecommunications and Information Administration, wrote to ICANN (pdf) last week to complain about its board unilaterally shutting down, temporarily, its supposedly independent Security, Stability and Resiliency of the DNS Review team.

He wrote that the action “calls into question” ICANN’s commitment to transparency and accountability, writing:

Everything documented to date about these reviews stresses the importance of openness, transparency and community consultation. Unfortunately, it seems that with the October 28th action, the ICANN Board violated these principles by substituting its judgement for that of the community.

SSR-2, as it is known, is one of the reviews previously mandated by ICANN’s Affirmation of Commitments with the US government (via the NTIA) but which can now be found instead embedded in its bylaws.

The ICANN board of directors temporarily suspended it in October, something like a soft reboot, after growing concerned that it was stepping outside of its mandate and that its members lacked expertise.

The move attracted broad criticism and it would be disingenuous of me to suggest that Redl’s position is a controversial one — you’d be hard pressed to find any section of the community that wholeheartedly supports the board’s action.

Indeed, the US representative to the Governmental Advisory Committee voiced similar concerns at the ICANN meeting in Abu Dhabi in late October, prior to Redl’s confirmation to the NTIA job.

Redl took the post November 21, having been nominated by Donald Trump back in May, replacing Obama appointee Larry Strickling, who left the agency in January.

He’s the first NTIA chief since ICANN’s inception not to enjoy the special position of power over ICANN granted by the old IANA contract, which was scrapped in September 2016.

Expect “minor inconveniences” in post-hurricane Puerto Rico

Kevin Murphy, December 12, 2017, Domain Policy

ICANN 61 is going ahead in Puerto Rico despite the continuing fallout of a devastating hurricane season, the organization has confirmed.

The March 10-15 meeting will take place at the convention center in San Juan, and participants can only expect “minor inconveniences”

ICANN said in a statement:

We recognize that Puerto Rico is still in the recovery phase, and while we can expect some minor inconveniences, the convention center and supporting hotels are fully operational and eager to host our event in March.

ICANN has not yet listed its official supporting hotels, where it usually negotiates bulk discounts, on the official ICANN 61 page.

In the event you, like me, always find ICANN’s approved hotels a tad on the pricey side, you’ll probably need to do your own research.

ICANN added that it has been working with the island’s governor and that: “We have been assured that our presence in San Juan will support economic recovery on the island.”

Hurricane Maria made landfall in Puerto Rico on September 20, killing at least 48 people and causing billions of dollars in property damage.

The convention center venue for ICANN 61 escaped relatively unscathed and was actually used as a command and control center during the immediate aftermath of the disaster.

ICANN: tell us how you will break Whois rules

Kevin Murphy, December 11, 2017, Domain Policy

ICANN has invited registrars and registries to formally describe how they plan to break the current rules governing Whois in order to come into compliance with European Union law.

The organization today published a set of guidelines for companies to submit proposals for closing off parts of Whois to most internet users.

It’s the latest stage of the increasingly panicky path towards reconciling ICANN’s contracts with the General Data Protection Regulation, the EU law that comes into full effect in a little over five months.

GDPR is designed to protect the privacy of EU citizens. It’s generally thought to essentially ban the full, blanket, open publication of individual registrants’ contact information, but there’s still some confusion about what exactly registries and registrars can do to become compliant.

Fines maxing out at of millions of euros could be levied against companies that break the GDPR.

ICANN said last month that it would not pursue contracted parties that have to breach their agreements in order to avoid breaking the law.

The catch was that they would have to submit their proposals for revised Whois services to ICANN for approval first. Today is the first time since then that ICANN has officially requested such proposals.

The request appears fairly comprehensive.

Registries and registrars will have to describe how their Whois would differ from the norm, how it would affect interoperability, how protected data could be accessed by parties with “legitimate interests”, and so on.

Proposals would be given to ICANN’s legal adviser on GDPR, the Swedish law firm Hamilton, and published on ICANN’s web site.

ICANN notes that submitting a proposal does not guarantee that it will be accepted.

Open Whois must die, Europe privacy chiefs tell ICANN

Kevin Murphy, December 7, 2017, Domain Policy

Unfettered public access to full Whois records is illegal and has to got to go, an influential European Union advisory body has told ICANN.

The Article 29 Working Party on Data Protection, WP29, wrote to ICANN yesterday to say that “that the original purposes of the WHOIS directories can be achieved via layered access” and that the current system “does not appear to meet the criteria” of EU law.

WP29 is made up of representatives of the data protection agencies in each EU member state. It’s named after Article 29 of the EU’s 1995 Data Protection Directive.

This directive is parent legislation of the incoming General Data Protection Regulation, which from May 2018 will see companies fined potentially millions of euros if they fail to protect the privacy of EU citizens’ data.

But WP29 said that there are questions about the legality of full public Whois under even the 1995 directive, claiming to have been warning ICANN about this since 2003:

WP29 wishes to stress that the unlimited publication of personal data of individual domain name holders raises serious concerns regarding the lawfulness of such practice under the current European Data Protection directive (95/46/EC), especially regarding the necessity to have a legitimate purpose and a legal ground for such processing.

Under the directive and GDPR, companies are not allowed to make consent to the publication of private data a precondition of a service, which is currently the case with domain registration, according to WP29.

Registrars cannot even claim the publication is contractually mandated, because registrants are not party to the Registrar Accreditation Agreement, the letter (pdf) says.

WP29 adds that law enforcement should still be able to get access to Whois data, but that a “layered” access control approach should be used to prevent full disclosure to anyone with a web browser.

ICANN recently put a freeze on its contract compliance activities surrounding Whois, asking registries and registrars to supply the organization with the framework and legal advice they’re using to become compliant with GDPR.

Registries and registrars are naturally impatient — after a GDPR-compatible workaround is agreed upon, they’ll still need to invest time and resources into actually implementing it.

But ICANN recently told contracted parties that it hopes to lay out a path forward before school breaks up for Christmas December 22.

Roberts elected to ICANN board

Kevin Murphy, December 4, 2017, Domain Policy

Channel Islands ccTLD operator Nigel Roberts has been elected to ICANN’s board of directors.

He gathered an impressive 67% of the votes in an anonymous poll of ccNSO members conducted last week.

He received 60 votes versus the 29 cast for his only opponent, Pierre Ouedraogo, an internet pioneer from Burkina Faso.

Roberts, a Brit, runs ChannelIsles.net, registry manager for .gg (for the islands Guernsey, Alderney and Sark) and .je (for Jersey). These are the independent UK dependencies found floating between England and France.

He’s been in the ICANN community since pretty much day one.

His election still has to be formally confirmed by the ccNSO Council and then the ICANN Empowered Community.

Roberts will not take his seat on the ICANN board until October next year, at the end of public meeting in Barcelona.

He will replace Mike Silber, the South African who’s currently serving his ninth and therefore final year as a director.

The other ccNSO seat is held by Australian ICANN vice chair Chris Disspain, who is also term-limited and will leave at the end of 2019.

Aussie gov refuses to spill the beans on ICANN vice chair’s firing

Kevin Murphy, November 21, 2017, Domain Policy

The Australian government has refused to release documents concerning alleged “financial irregularities” at local ccTLD manager auDA that have been linked to the firing of former CEO Chris Disspain.

A request under the Freedom of Information Act sought documents detailing Disspain’s March 2016 termination, as well as high levels of travel expenses and apparent under-reporting of “fringe benefit tax” under his watch.

The request was filed in September by by industry consultant Ron Andruff, who is known to have beef with Disspain after having been passed over for an important ICANN leadership role.

One of the specific documents sought by Andruff was an unpublished audit by PPB Advisory known to have uncovered slack historical expenses management practices and high levels of travel expenditure.

While rumors have circulated, there have been no substantiated allegations of wrongdoing by Disspain.

The Australian Department of Communications and the Arts told Andruff this weekend that 13 relevant documents had been identified and reviewed, but that all were exempt from disclosure under the FOI Act.

Reasons given include the right to privacy of the individual concerned and the fact that the information could fuel “unsubstantiated allegations of misconduct”.

The Department also thought that disclosing the documents could make it harder to it to obtain information from auDA in future, particularly relevant given that it recently kicked off a review of the organization.

While acknowledging there were some public interest reasons to publish the documents, on balance it said that the public interest reasons not to publish were more numerous.

auDA has been plagued by problems such as high turnover of staff and board, unpopular policies, and the member-instigated ouster of its chair, since Disspain left.

Separately, Disspain became ICANN’s vice chair earlier this month, having sat on the board for the last seven years as a representative of the ccTLD community.

He’s one of four community-nominated ICANN directors who have agreed to undergo the same background checks as their Nominating Committee-appointed counterparts, in part due to pressure applied by Andruff.

The FOI response can be viewed here (pdf).

Hurricane victims get a renewal pass under ICANN rules

Kevin Murphy, November 20, 2017, Domain Policy

ICANN has given registries and registrars the ability to delay the cancellation of domain names owned by victims of Hurricane Maria and other similar natural disasters.

In a note to contracted parties, published by Blacknight boss Michele Neylon this weekend, Global Domains Division president Akram Atallah said:

registrars will be permitted to temporarily forebear from canceling domain registrations that were unable to be renewed as a result of the natural disaster.

Maria and other hurricanes caused widespread damage to infrastructure in the Caribbean earlier this year — not to mention the loss of life — making it difficult for many people to get online to renew their registrations.

ICANN’s Registrar Accreditation Agreement ties registrars to a fairly strict domain name renewal and expiration life-cycle, but there’s a carve out for certain specified “extenuating circumstances” such as bankruptcy or litigation.

Atallah’s note makes it clear that ICANN considers hurricane damage such a circumstance, so its contractual compliance department will not pursue registrars who fail to expire domains on time when the registrant has been affected by the disaster.

He added that perhaps it’s time for the ICANN community to come up with a standardized policy for handling such domains. There’s already been mailing list chatter of such an initiative.

ICANN is heading to Puerto Rico, which was quite badly hit by Maria, for its March 2018 public meeting.

While attendees have been assured that the infrastructure is in place for the meeting to go ahead, large parts of the island are reportedly still without power.