Latest news of the domain name industry

Recent Posts

US and EU call for Whois to stay alive

Kevin Murphy, January 31, 2018, Domain Policy

Government officials from both sides of the Atlantic have this week called on ICANN to preserve Whois as it currently is, in the face of incoming EU privacy law, at least for a select few users.

The European Commission wrote to ICANN to ask for a “pragmatic and workable solution” to the apparent conflict between the General Data Protection Regulation and the desire of some folks to continue to access Whois as usual.

Three commissioners said in a letter (pdf) that special consideration should be given to “public interests” including “ensuring cybersecurity and the stability of the internet, preventing and fighting crime, protecting intellectual property and copyright, or enforcing consumer protection measures”.

David Redl, the new head of the US National Telecommunications and Information Administration, echoed these concerns in a speech at the State of the Net conference in Washington DC on Monday.

Redl said that the “preservation of the Whois service” is one of NTIA’s top two priorities at the moment. The other priority is pressing for US interests in the International Telecommunications Union, he said.

Calling Whois “a cornerstone of trust and accountability for the Internet”, Redl said the service “can, and should, retain its essential character while complying with national privacy laws, including the GDPR.”

“It is in the interests of all Internet stakeholders that it does,” he said. “And for anyone here in the US who may be persuaded by arguments calling for drastic change, please know that the US government expects this information to continue to be made easily available through the Whois service.”

He directly referred to the ability of regular internet users to access Whois for consumer protection purposes in his speech.

The European Commission appears to be looking at a more restrictive approach, but it did offer some concrete suggestions as to how GDPR compliance might be achieved.

For example, the commissioners’ letter appears to give tacit approval to the idea of “gated” access to Whois, but called for access by law enforcement to be streamlined and centralized.

It also suggests throttling as a mechanism to reduce abuse of Whois data, and makes it clear that registrants should always be clearly informed how their personal data will be used.

The deadline for GDPR compliance is May this year. That’s when the ability of EU countries to start to levy fines against non-compliant companies, which could run into millions of euros, kicks in.

While ICANN has been criticized by registries and registrars for moving too slowly to give them clarity on how to be GDPR-compliant while also sticking to the Whois provisions of their contracts, its pace has been picking up recently.

Two weeks ago it called for comments on three possible Whois models that could be used from May.

That comment period ended on Monday, and ICANN is expected to publish the model upon which further discussions will be based today.

Is the Trump administration really trying to reverse the IANA transition?

Kevin Murphy, January 29, 2018, Domain Policy

Questions have been raised about the US government’s commitment to an independent ICANN, following the release of letters sent by two top Trump appointees.

In the letters, new NTIA head David Redl and Secretary of Commerce Wilbur Ross expressed an interest in looking at ways to “unwind” the IANA transition, which in 2016 severed the formal ties between ICANN and the US in DNS root zone management.

Responding to questions from senators during his lengthy confirmation process, now National Telecommunications and Information Administration assistant secretary Redl wrote:

I am not aware of any specific proposals to reverse the IANA transition, but I am interested in exploring ways to achieve this goal. To that end, if I am confirmed I will recommend to Secretary Ross that we begin the process by convening a panel of experts to investigate options for unwinding the transition.

The letters were first obtained by Politico under the Freedom of Information Act. We’re publishing them here (pdf).

They were sent last August, when Redl’s confirmation to the NTIA role was being held up by Senator Ted Cruz, who vehemently opposed the transition because he said he thought it would give more power over online speech to the likes of Russia and China.

He was confirmed in November.

The question is whether Redl was serious about unwinding the transition, or whether he was just bullshitting Cruz in order to remove a roadblock to his confirmation.

Technically, he only promised to “recommend” convening a panel of experts to his boss, Ross.

NTIA declined to comment last week when DI asked whether the department still supports the IANA transition, whether any efforts are underway to unwind it, and whether the panel of experts has already been convened.

Redl’s statements on ICANN since his confirmation have been more or less consistent with his Obama-era predecessor, Larry Strickling, in terms of expressing support for multi-stakeholder models, but with perhaps some causes for concern.

During his first public speech, delivered at the CES show in Las Vegas earlier this month, Redl expressed support for multi-stakeholder internet governance amid pushes for more multi-lateral control within venues such as the International Telecommunications Union.

However, he added:

I’ll also focus on being a strong advocate for U.S. interests within ICANN. We need to ensure transparency and accountability in ICANN’s work. And in light of the implementation of the European General Data Privacy Regulation, or GDPR, we need to preserve lawful access to WHOIS data, which is a vital tool for the public.

In the coming weeks, I’ll be seeking out the views of stakeholders to understand how else NTIA can best serve American interests in these global Internet fora.

Could this be an allusion to the “panel of experts”? It’s unclear at this stage.

One of Redl’s first moves as NTIA chief was to slam ICANN for its lack of accountability concerning the shutdown of a review working group, but that was hardly a controversial point of view.

And in a letter to Senator Brian Schatz, the Democrat ranking member of the Senate Commerce Subcommittee on Communications, Technology, Innovation, and the Internet, sent earlier this month, Redl expressed support for the multi-stakeholder model and wrote:

NTIA will be a strong advocate for US interests with the Governmental Advisory Committee of the Internet Cooperation [sic] for Assigned Names and Numbers (ICANN) in the existing post-transition IANA phase. NTIA will also monitor the [IANA operator] Public Technical Identifiers (PTI) and take action as necessary to ensure the security and stability of the DNS root.

That certainly suggests NTIA is happy to work in the new paradigm, while the promise to “take action as necessary” against PTI may raise eyebrows.

While a lot of this may seem ambiguous, my hunch is that there’s not really much appetite to reverse the IANA transition. Apart from appeasing Cruz’s demons, what could possibly be gained?

Ross, quizzed by Cruz at his own confirmation hearing a year ago, seemed reluctant to commit to such a move.

New gTLD revenue cut by HALF in ICANN budget

Kevin Murphy, January 22, 2018, Domain Policy

The new gTLD industry is performing terribly when compared to ICANN’s predictions just six months ago.

ICANN budget documents published over the weekend show that by one measure new gTLDs are doing just 51% of the business ICANN thought they would.

The new budget (pdf) shows that for the fiscal year 2018, which ends June 30, ICANN currently expects to receive $4.6 million in registry transaction fees.

These are the fees registries must pay for each new registration, renewal or transfer, when the TLD has more than 50,000 domains under management.

In a draft budget (pdf) published March 2017, its “best estimate” for these fees in FY18 was $8.9 million, almost double its newest prediction.

That prediction lasted until the approved budget (pdf) published last August.

The budget published at the weekend expects this transaction revenue to increase 31.1% to $6 million by June 30, 2019, still a long way off last year’s estimate.

At the registrar level, where registrars pay a transaction fee regardless of the size of the customer’s chosen gTLD, ICANN expects new gTLD revenue to be $3.9 million in FY18.

That’s just 52% of its March/August 2017 estimate of $7.5 million.

Looking at all reportable transactions — including the non-billable ones — ICANN’s projection for FY18 is now 21.9 million, compared to its earlier estimate of 41.7 million.

ICANN even reckons the number of new, 2012-round gTLDs actually live on the internet is going to shrink.

Its latest budget assumes 1,228 delegated TLDs by the end of June this year, which appears to be a couple light on current levels (at least according to me) and down from the 1,240 it expected a year ago.

It expects there to be 1,231 by the end of June 2019, which is even lower than it expected have in June 2017.

I suspect this is related to dot-brands cancelling their contracts, rather than retail gTLDs going dark.

Revenue from fixed registry fees for FY18 is expected to be $30.6 million, $200,00 less than previous expectations. Those numbers are for all gTLDs, old and new.

Overall, the view of new gTLDs is not pretty, when judged by what ICANN expected.

It shows that ICANN is to an extent captive to the whims of a fickle market that has in recent years been driven by penny deals and Chinese speculation.

By contrast, legacy gTLDs (.com, .info, etc) are running slightly ahead of earlier projections.

ICANN now expects legacy registry transaction fees of $48.6 million for FY18, which is $200,000 more than predicted last year.

It expects registrar transaction fees of $29.5 million, compared to its earlier forecast of $29.4 million.

This is not enough to recoup the missing new gTLD money, of course, which is why ICANN is slashing $5 million from its budget.

ICANN slashes millions from its budget

Kevin Murphy, January 22, 2018, Domain Policy

ICANN has cut $5 million from its annual budget, warning the community that difficult decisions have to be made amid a slowing domain name market.

Staff and community members will all be affected by the cuts, whether in the form of less generous pay raises or fewer travel opportunities.

Cuts have also been proposed to international outreach, tech support, contractual compliance and translation services.

The organization at the weekend published for comment its proposed budget for fiscal 2019. That’s the year that begins July 1, 2018.

It would see ICANN spend $138 million, $5 million less than it expects to spend in fiscal 2018.

Four of the five top-line areas ICANN reports expenses will be cut for a total of $12 million in savings, while one of them — personnel — is going up by $7.3 million.

This rounds out to a $5 million cut to the total FY19 ICANN budget. Here’s the breakdown:

  • Personnel costs going up from $69.5 million to $76.8 million, up $7.3 million.
  • Travel and meetings costs are to go down from $17.8 million to $15.6 million, a $2.2 million saving.
  • Professional services costs will go down from $27.7 million to $23.4 million, a $4.3 million saving.
  • Administration and capital costs will go down from $22.5 million to $17.8 million, a $4.7 million saving.
  • The contingency budget is going down from $5.3 million to $4.5 million, a $800,000 saving.

Personnel costs are going up due to a combination of new hires and pay rises, but the average annual pay rise will be halved from 4% to 2%, saving $1.3 million, ICANN documentation states.

Headcount is expected to level out at about 425, up from the current 400, by the end of FY19.

The travel budget is going down due to a combination of cuts to services provided at the three annual meetings and the number of people ICANN reimburses for going to them.

The Fellows program — sometimes criticized for giving people what look like free vacations for little measurable return — is seeing the biggest headcount cut here. ICANN will only pay for 30 Fellows to go its meetings in FY19, half the level of FY18. The Next Gen program, a similar outreach program for yoof participants, goes down to 15 people from 20.

The Governmental Advisory Committee will get its number of funded seats reduced by 10 to 40. The ALAC and the ccNSO also each lose a few seats. Other constituencies are unaffected.

At the meetings themselves, translation is to be scaled back to be provided on an as-requested basis, rather than automatically translating everything into all six UN languages. Key sessions will continue to have live interpretation.

Outside of the three main meetings, ICANN is pulling back on plans to expand its irregular “capacity building” workshops in “under-served” areas of the world.

It’s also slashing the “additional budget request” budget by 50%.

In terms of compliance, a proposed Technical Compliance Monitoring system that was going to be built this year — a way to make sure gTLD registries and registrars are stable and secure — appears to be at risk of being deprioritized.

ICANN said it “will develop an implementation plan in due time, depending on the RFP results and, if needed, work with the Board to identify necessary resources and funds to support implementation of the project.”

The documents published today are now open for public comment until March 8.

The cuts I’ve reported here can be found from page 19 of this document (pdf).

The reason for the cutbacks is that ICANN’s revenue isn’t growing as fast as it once did, due to the slower than expected growth of the domain name industry in general. I’ll get to that a later article.

ICANN blocks 1.5 million domains, including some three-letter names

Kevin Murphy, January 17, 2018, Domain Policy

A million and a half domain names, including many potential valuable three and four-letter strings, have been been given special protection across all gTLDs under a new ICANN policy.

The long-discussed, highly controversial reservation of the names and acronyms of various intergovernmental and non-governmental organizations has become official ICANN Consensus Policy and will be binding on all gTLD registries and registrars from August this year.

The policy gives special protection to (by my count) 1,282 strings in each of the (again, by my count) 1,243 existing gTLDs, as well as future gTLDs. That comes to over 1.5 million domains.

The strings match the names, and sometimes the acronyms and abbreviations, of recognized Intergovernmental Organizations (IGOs) and International Non-Governmental Organizations (INGOs) as well as the International Olympic Committee, Red Cross, Red Crescent and related movements.

These are all organizations whose names are protected by international law but not necessarily by trademarks.

Protected strings run from obscurities such as “europeanbankforreconstructionanddevelopment” and “internationalunionfortheprotectionofnewvarietiesofplants” to “can”, “eco” and “fao”.

All gTLDs, including legacy TLDs such as .com, are affected by the policy.

The full list of protected strings can be found here.

Any of the Red Cross, IOC and IGO strings already registered will remain registered, and registries are obliged to honor renewal and transfer requests. Nobody’s losing their domains, in other words. But if any are deleted, they must be clawed back and reserved by the registry.

The protected organizations must be given the ability to register their reserved matching names should they wish to, the policy states.

Registries will be able to sell the acronyms of protected INGOs, but will have to offer an “INGO Claims Service”, which mirrors the existing Trademark Claims service, in gTLDs that go live in future.

The policy was developed by ICANN’s Generic Names Supporting Organization and approved by the ICANN board of directors all the way back in April 2014 and has been in implementation talks ever since.

It’s the 14th Consensus Policy to be added to ICANN’s statute book since the organization was formed 20 year ago.

Registries and registrars have until August 1 to make sure they’re compliant. Consensus Policies are basically incorporated into their contracts by reference.

Work on IGO/INGO protections is actually still ongoing. There’s a GNSO Policy Development Process on “curative” rights for IGOs and INGOs (think: UDRP) that is fairly close to finishing its work but is currently mired in a mind-numbing process debate.

UPDATE: This post was updated January 17, 2018 to correct the number of reserved strings and to clarify how INGO names are treated by the policy.

Three ways ICANN could gut Whois

Kevin Murphy, January 15, 2018, Domain Policy

ICANN has published three possible models of how Whois could be altered beyond recognition after European privacy law kicks in this May.

Under each model, casual Whois users would no longer have access to the wealth of contact information they do under the current system.

There may also be a new certification program that would grant access to full Whois records to law enforcement, consumer protection agencies and intellectual property interests.

The three models are each intended to address the General Data Protection Regulation, EU law that could see companies fined millions if they fail to protect the personal data of European citizens.

While GDPR affects all data collection on private citizens, for the domain name industry it’s particularly relevant to Whois, where privacy has always been an afterthought.

The three ICANN models, which are now subject to a short public comment period, differ from each other in three key areas: who has their privacy protected, which fields appear in public Whois by default, and how third parties such as law enforcement access the full records.

Model 1 is the most similar to the current system, allowing for the publication of the most data.

Under this model the name and postal address of the registrant would continue to be displayed in the public Whois databases.

Their email address and phone number would be protected, but the email and phone of the administrative and technical contacts — often the same person as the registrant — would be published.

If the registrant were a legal entity, rather than a person, all data fields would continue to be displayed as normal.

The other two models call for more restricted, or at least different, public output.

Under Model 2, the email addresses of the administrative and technical contacts would be published, but all other contact information, including the name of the registrant, would be redacted.

Model 3 proposes a crazy-sounding system whereby everything would be published unless the registrar/registry decided, on a domain-by-domain basis, that the field contained personal information.

This would require manual vetting of each Whois record and is likely to gather no support from the industry.

The three models also differ in how third parties with legitimate interests would access full Whois records.

Model 1 proposes a system similar to how zone files are published via ICANN’s Centralized Zone Data Service.

Under this model, users would self-certify that they have a legit right to the data (if they’re a cop or an IP lawyer, for example) and it would be up to the registry or registrar to approve or decline their request.

Model 2 envisages a more structured, formal, centralized system of certification for Whois users, developed with the Governmental Advisory Committee and presumably administered by ICANN.

Model 3 would require Whois users to supply a subpoena or court order in order to access records, which is sure to make it unpopular among the IP lobby and governments.

Each of the three models also differs in terms of the circumstances under which privacy is provided.

The models range from protecting records only when the registrant, registry, registrar or any other entity involved in the data processing has a presence in the European Economic Area to protecting records of all registrants everywhere regardless of whether they’re a person or a company.

Each model has different data retention policies, ranging from six month to two years after a registration expires.

None of the three models screw with registrars’ ability to pass data to thick-Whois registries, nor to their data escrow providers.

ICANN said it’s created these models based on the legal analyses it commissioned from the Hamilton law firm, as well as submissions from community members.

One such submission, penned by the German trade associated Eco, has received broad industry support.

It would provide blanket protection to all registrants regardless of legal status or location, and would see all personally identifiable information stripped from public Whois output.

Upon carrying out a Whois query, users would see only information about the domain, not the registrant.

There would be an option to request more information, but this would be limited to an anonymized email address or web form for most users.

Special users, such as validated law enforcement or IP interests, would be able to access the full records via a new, centralized Trusted Data Clearinghouse, which ICANN would presumably be responsible for setting up.

It’s most similar to ICANN’s Model 2.

It has been signed off by registries and registrars together responsible for the majority of the internet’s domain registrations: Afilias, dotBERLIN, CentralNic, Donuts, Neustar, Nominet, Public Interest Registry (PIR), Verisign, 1&1, Arsys, Blacknight, GoDaddy, Strato/Cronon, Tucows and United Domains.

ICANN said in a blog post that its three models are now open for public comment until January 29.

If you have strong opinions on any of the proposals, it might be a good idea to get them in as soon as possible, because ICANN plans to identify one of the models as the basis for the official model within 48 hours of the comment period closing.

How ICANN could spend its $240 million war chest

Kevin Murphy, January 2, 2018, Domain Policy

Schools, pHD students and standards groups could be among the beneficiaries of ICANN’s nearly quarter-billion-dollar new gTLD auction war chest.

But new gTLD registries hoping for to dip into the fund for marketing support are probably shit out of luck.

Those are among the preliminary conclusions of a volunteer working group that has been looking at how ICANN should spend its new gTLD program windfall.

Over 17 new gTLD auctions carried out by ICANN under its “last resort” contention resolution system, the total amount raised to date is $240,590,128.

This number could increase substantially, should still-contested strings such as .music and .gay go to last-resort auction rather than being settled privately.

Prices ranged from $1 for .webs to $135 million for .web.

ICANN has always said that the money would be held separate to its regular funding and eventually given to special projects and worthy causes.

Now, the Cross-Community Working Group on New gTLD Auction Proceeds has published its current, close-to-final preliminary thinking about which such causes should be eligible for the money, and which should not.

In a letter to ICANN (pdf), the CCWG lists 18 (currently hypothetical, yet oddly specific) example proposals for the use of auction funds, 17 of which it considers “consistent” with ICANN’s mission.

A 19th example, which would see money used to promote TLD diversity and “smells too much like marketing” according to some CCWG members, is still open for debate.

While the list of projects that could be approved for funding under the proposed regime is too long to republish here, it would for example include giving scholarships to pHD students researching internet infrastructure, funding internet security education in developing-world primary schools and internet-related disaster-recovery efforts in risk-prone regions.

The only area the CCWG appears to be reluctant to endorse funding is the case of commercial enterprises run by women and under-represented communities.

The full list can be downloaded here (pdf).

The CCWG hopes to publish its initial report for public comment not too long after ICANN 61 in March. Comment would then need to be incorporated into a final report and then ICANN would have to approve its recommendations and implement a process for actually distributing the funds.

Don’t expect any money to change hands in 2018, in other words.

.music and .gay possible in 2018 after probe finds no impropriety

Kevin Murphy, January 2, 2018, Domain Policy

Five more new gTLDs could see the light of day in 2018 after a probe into ICANN’s handling of “community” applications found no wrongdoing.

The long-running investigation, carried out by FTI Consulting on ICANN’s behalf, found no evidence to support suspicions that ICANN staff had been secretly and inappropriately pulling the strings of Community Priority Evaluations.

CPEs, carried out by the Economist Intelligence Unit, were a way for new gTLD applicants purporting to represent genuine communities to avoid expensive auctions with rival applicants.

Some applicants that failed to meet the stringent “community” criteria imposed by the CPE process appealed their adverse decisions and an Independent Review Process complaint filed by Dot Registry led to ICANN getting crucified for a lack of transparency.

While the IRP panel found some hints that ICANN staff had been nudging EIU’s arm when it came to drafting the CPE decisions, the FTI investigation has found:

there is no evidence that ICANN organization had any undue influence on the CPE Provider with respect to the CPE reports issued by the CPE Provider or engaged in any impropriety in the CPE process.

FTI had access to emails between EIU and ICANN, as well as ICANN internal emails, but it did not have access to EIU internal emails, which EIU declined to provide. It did have access to EIU’s internal documents used to draft the reports, however.

Its report states:

Based on FTI’s review of email communications provided by ICANN organization, FTI found no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process. FTI found that the vast majority of the emails were administrative in nature and did not concern the substance or the content of the CPE results. Of the small number of emails that did discuss substance, none suggested that ICANN acted improperly in the process.

FTI also looked at whether EIU had applied the CPE rules consistently between applications, and found that it did.

It also dug up all the sources of information EIU used (largely Google searches, Wikipedia, and the web pages of relevant community groups) but did not directly cite in its reports.

In short, the FTI reports very probably give ICANN’s board of directors cover to reopen the remaining affected contention sets — .music, .gay, .hotel, .cpa, and .merck — thereby removing a significant barrier to the gTLDs getting auctioned.

If there were to be no further challenges (which, admittedly, seems unlikely), we could see some or all of these strings being sold off and delegated this year.

The probe also covered the CPEs for .llc, .inc and .llp, but these contention sets were resolved with private auctions last September after applicant Dot Registry apparently decided it couldn’t be bothered pursuing the ICANN process any more.

The FTI’s reports can be downloaded from ICANN.

How Whois could survive new EU privacy law

Kevin Murphy, December 29, 2017, Domain Policy

Reports of the death of Whois may have been greatly exaggerated.

Lawyers for ICANN reckon the current public system “could continue to exist in some form” after new European Union privacy laws kick in next May, according to advice published (hurriedly, judging by the typos towards the end) shortly before Christmas.

Hamilton, the Swedish law firm hired by ICANN to probe the impact of the General Data Protection Regulation, seems to be mellowing on its recommendation that Whois access be permanently “layered” according to who wants to access registration records.

Now, it’s saying that layered Whois access could merely be a “temporary solution” to protect the industry from fines and litigation until ICANN negotiates a permanent peace treaty with EU privacy regulators that would have less impact on current Whois users.

This opinion came in the third of three memorandums from Hamilton, published by ICANN last week. You can read it here (pdf).

With the first two memos strongly hinting that layered access would be the most appropriate way forward, the third points out the huge, possibly insurmountable burden this would place on registrars, registries, law enforcement agencies, the courts, IP lawyers, and others.

It instead suggests that layered access be temporary, with ICANN taking the lead in arranging a longer-term understanding with the EU.

The latest Hamilton memo seems to have taken on board comments from registries and registrars, intellectual property lawyers and domain investors, none of which are particularly enthusiastic about GDPR and the lack of clarity surrounding its impacts.

GDPR is an EU-wide law that gives much stronger protection to the personal data of private citizens.

Companies that process such data are kept on a much tighter leash and could face millions of euros of fines if they use the data for purposes their customers have not consented to or without a good enough reason.

It’s not a specifically intended to regulate Whois — indeed, its conflict with longstanding practice and ICANN rules seems to have been an afterthought — but Whois is the place the domain industry is most likely to find itself breaking the law.

It seems to be generally agreed that the current system of open, public access to all fields in all Whois records in all gTLDs would not be compliant with GDPR without some significant changes.

It also seems to be generally agreed that the data can be hugely useful for purposes such as police investigations, trademark enforcement and the domain secondary market.

The idea that layered access — where different sets of folks get access to different sets of data based on their legitimate needs — might be a solution has therefore gained some support.

Hamilton notes:

Given the limited time remaining until the GDPR enters into effect, we believe that the best chance of continuing to provide the Whois services and still be compliant with the GDPR will be to implement an interim solution based on an layered access model that would ensure continued processing of Whois data for some limited purposes.

The problem with this solution, as Hamilton now notes, is that it could be hugely impractical.

such a model would require the registrars to perform an assessment of interests in accordance with Article 6.1(f) GDPR on an individual case-by-case basis each time a request for access is made. This would put a significant organizational and administrative pressure on the registrars and also require them to obtain and maintain the competence required to make such assessments in order to deliver the requested data in a reasonably timely manner. In our opinion, public access to (limited) Whois data would therefore be of preference and necessary to fulfill the above purposes in a practical and efficient way.

And, Hamilton says, a scenario in which all cops had access to all Whois data would not necessarily be GDPR-compliant. Police may have to right to access the data, but they’d have to request it on a case-by-case basis.

Registrars — or even the courts — would have to make the decision as to whether each request was legit.

It would get even more complex for registrars when the Whois requester was an IP lawyer, as they’d have to check whether it was appropriate to disclose the personal data to both the lawyer and her client, the memo says.

For registrars, the largely nominal cost of providing a Whois service today would suddenly rocket as each Whois lookup would require human intervention.

Having introduced the concept of layered access and then shot it to pieces, Hamilton finally recommends that ICANN start talks with data protection authorities in the EU in order to find a solution where Whois services can continue to be provided in a form available to the general public in the future”.

ICANN should start an “informal dialogue” with the Article 29 Working Party, the EU privacy watchdog made up of data protection authorities from each member state, and initiate formal consultations with one or more of these DPAs individually, the memo recommends.

The WP29 could prove a tough chat, given that the group has a long history of calling for layered access, and its views, even if changed, would not be binding anyway.

So Hamilton says ICANN, in conjunction with its registries and registrars, should carry out a formal data protection impact assessment (DPIA) and submit it to a relevant DPA in a EU country where it has a corporate presence, such as Belgium.

That way, at least ICANN has a chance of retaining Whois in a vaguely recognizable form while protecting the industry from crippling extra costs.

In short, the industry is still going to have to make some changes to Whois in the first half of 2018, some of which may make Whois access troublesome for many current users, but those changes may not last forever.

ICANN CEO Goran Marby said in a blog post:

We’ve made it a high priority to find a path forward to ensure compliance with the GDPR while maintaining WHOIS to the greatest extent possible. Now, it is time to identify potential models that address both GDPR and ICANN compliance obligations.

We’ll need to move quickly, while taking measured steps to develop proposed compliance models. Based on the analysis from Hamilton, it appears likely that we will need to incorporate the advice about using a layered access model as a way forward.

He wants the industry to submit compliance models by January 10 for publication January 15, with ICANN hoping to “settle on a compliance model by the end of January”.

ICANN attendance shrinks again

Kevin Murphy, December 21, 2017, Domain Policy

The number of people showing up an ICANN public meeting was down again for ICANN 60.

The organization today reported that 1,929 people showed up in Abu Dhabi, the first time Annual General Meeting attendance has dropped below 2,000 for some time.

At the comparable 2016 AGM, held in Hyderabad, ICANN saw a record 3,182 people check in, a number swollen by many hundreds of Indian delegates.

In 2015, the AGM in Dublin reportedly had 2,395 participants.

The 1,929 going to Abu Dhabi compares to the 2,089 going to the Copenhagen meeting in March and the 1,353 who went to the much shorter, more focused Johannesburg meeting in June.

All three 2017 meetings had lower attendance than their 2016 counterparts.

While there had been some talk of some foreigners, particularly women, avoiding ICANN 60 due to its location, it appears that the gender mix was pretty much the same as usual, with 31% of people saying they were female.

The number of sessions continued to spiral out of control, although they were on average shorter.

There were 407 meetings over the course of the week, up from 381 at the Hyderabad AGM, but the total number of session-hours was down from 814 to 696.

The amount of equipment lugged to the venue weighed in at 9.6 metric tonnes. That’s the same, ICANN said, as 6,517 adult female falcons.

That’s enough birds to fill sixty London buses to the moon and back in a hundred football stadiums THE SIZE OF WALES.

Probably.