Latest news of the domain name industry

Recent Posts

Whois privacy will soon be free for most domains

Kevin Murphy, March 5, 2018, Domain Policy

Enormous changes are coming to Whois that could mark the end of Whois privacy services this year.

ICANN has proposed a new Whois model that would anonymize the majority of domain name registrants’ personal data by default, only giving access to the data to certain certified entities such as the police.

The model, published on Friday and now open for comment, could change in some of the finer details but is likely being implemented already at many registries and registrars.

Gone will be the days when a Whois lookup reveals the name, email address, physical address and phone number of the domain’s owner.

After the model is implemented, Whois users will instead merely see the registrant’s state/province and country, organization (if they have one) and an anonymized, forwarding email address or web form for contact purposes.

Essentially, most Whois records will look very much like those currently hiding behind paid-for proxy/privacy services.

Technical data such as the registrar (and their abuse contact), registration and expiry dates, status code, name servers and DNSSEC information would still be displayed.

Registrants would have the right to opt in to having their full record displayed in the public Whois.

Anyone wanting to view the full record would have to be certified in advance and have their credentials stored in a centralized clearinghouse operated by or for ICANN.

The Governmental Advisory Committee would have a big hand in deciding who gets to be certified, but it would at first include law enforcement and other governmental agencies.

This would likely be expanded in future to include the likes of security professionals and intellectual property lawyers (still no word from ICANN how the legitimate interests of the media or domain investors will be addressed) but there could be a window in which these groups are hamstrung by a lack of access to thick records.

The proposed model is ICANN’s attempt to bring Whois policy, which is enforced in its contracts with registries and registrars, into line with GDPR, the European Union’s General Data Protection Regulation, which kicks in fully in May.

The model would apply to all gTLD domains where there is some connection to the European Economic Area.

If the registrar, registry, registrant or a third party processor such as an escrow agent is based in the EEA, they will have to comply with the new Whois model.

Depending on how registrars implement the model in practice (they have the option to apply it to all domains everywhere) this means that the majority of the world’s 188 million gTLD domains will probably be affected.

While GDPR applies to only personal data about actual people (as opposed to legal persons such as companies), the ICANN model makes no such distinction. Even domains owned by legal entities would have their records anonymized.

The rationale for this lack of nuance is that even domains owned by companies may contain personal information — about employees, presumably — in their Whois records.

Domains in ccTLDs with EEA connections will not be bound to the ICANN model, but will rather have to adopt it voluntarily or come up with their own ways to become GDPR compliant.

The two largest European ccTLDs — .uk and Germany’s .de, which between them account for something like 28 million domains — last week separately outlined their plans.

Nominet said that from May 25 it will no longer publish the name or contact information of .uk registrants in public Whois without their explicit consent. DENIC said something similar too.

Here’s a table of what would be shown in public Whois, should the proposed ICANN model be implemented.

Domain NameDisplay
Registry Domain IDDisplay
Registrar WHOIS ServerDisplay
Registrar URLDisplay
Updated DateDisplay
Creation DateDisplay
Registry Expiry DataDisplay
Registrar Registration Expiration DateDisplay
Registrar IANA IDDisplay
Registrar Abuse Contact EmailDisplay
Registrar Abuse Contact PhoneDisplay
Domain StatusDisplay
Domain StatusDisplay
Domain StatusDisplay
Registry Registrant IDDo not display
Registrant NameDo not display
Registrant OrganizationDisplay
Registrant StreetDo not display
Registrant CityDo not display
Registrant State/ProvinceDisplay
Registrant Postal CodeDo not display
Registrant CountryDisplay
Registrant PhoneDo not display
Registrant Phone ExtDo not display
Registrant FaxDo not display
Registrant Fax ExtDo not display
Registrant EmailAnonymized email or web form
Registry Admin IDDo not display
Admin NameDo not display
Admin OrganizationDo not display
Admin StreetDo not display
Admin CityDo not display
Admin State/ProvinceDo not display
Admin Postal CodeDo not display
Admin CountryDo not display
Admin PhoneDo not display
Admin Phone ExtDo not display
Admin FaxDo not display
Admin Fax ExtDo not display
Admin EmailAnonymized email or web form
Registry Tech IDDo not display
Tech NameDo not display
Tech OrganizationDo not display
Tech StreetDo not display
Tech CityDo not display
Tech State/ProvinceDo not display
Tech Postal CodeDo not display
Tech CountryDo not display
Tech PhoneDo not display
Tech Phone ExtDo not display
Tech FaxDo not display
Tech Fax ExtDo not display
Tech EmailAnonymized email or web form
Name ServerDisplay
Name ServerDisplay
URL of ICANN Whois Inaccuracy Complaint FormDisplay
>>> Last update of WHOIS databaseDisplay

The proposal is open for comment, with ICANN CEO Goran Marby requesting emailed input before the ICANN 61 public meeting kicks off in Puerto Rico this weekend.

With just a couple of months left before the law, with its huge fines, kicks in, expect GDPR to be THE hot topic at this meeting.

ICANN loses comms chief to Fannie Mae

Kevin Murphy, February 22, 2018, Domain Policy

ICANN’s top PR guy has quit for a job at Fannie Mae.

Duncan Burns, senior vice president of global communications and managing director of the Washington DC office, will leave the organization next month after the ICANN 61 meeting in Puerto Rico.

Burns has been leading comms at ICANN for five years. Last year, he also took over as ICANN’s lead DC lobbyist, a reduced role in the post-IANA-transition world.

He told DI that he’s going to be VP of external communications at Fannie Mae, the mortgage finance company.

ICANN said that while a permanent replacement is found his deputy Gwen Carlson will take over the comms role while Chris Mondini, VP of stakeholder engagement, will cover US government relations.

If anyone’s wondering how this affects ICANN’s current budget discussions, Burns received total compensation in excess of $415,000 in 2016, ICANN’s last-reported tax year.

Should ICANN cut free travel, or its own staff?

Kevin Murphy, February 20, 2018, Domain Policy

Is ICANN’s suddenly limited budget best spent on its staff wages or on flights and hotels for certain volunteers?

That’s the debate that’s been emerging in the ICANN community in the last few weeks since ICANN revealed it would have to make some “tough choices” in the face of lower than expected revenue from a stagnant domain industry.

Members of the ICANN Fellowship program have started a petition calling for the organization to look at its own staffing needs before cutting the number of Fellows it supports in half.

The petition is not signed (though I have a pretty good idea who started it) and at time of publication, it has 194 signatures.

The Fellowship program sees ICANN pay for the travel and lodging, along with a per diem allowance, of up to 60 community members at each of its three annual major meetings.

They’re usually ICANN newbies and generally from less-developed regions of the world.

But because ICANN is trying to cut $5 million from its fiscal 2019 budget it wants to reduce the number of supported Fellows down to 30 per meeting.

ICANN says (pdf) that the average cost to send a Fellow to a meeting is $3,348, which would work out at or $200,880 per meeting or $602,640 per year.

Cutting the program in half would presumably therefore save a tad over $300,000 a year.

It’s not nothing, but it’s chickenfeed in a budget penciled in at $138 million for FY19.

While Fellows are not the only people seeing budget cutbacks, the only one of five broad areas that will actually see growth in ICANN’s FY19 budget is staffing costs.

The organization said personnel spend will go up from $69.5 million to $76.8 million in its next fiscal year.

That’s based on the staff growing by 34 people in the fiscal year to June 30. Those people will then earn a full year’s wages in FY19, rather than the partial year they earned in FY18.

It also plans to increase headcount by four people in FY19, and to give employees an average of 2% pay rises (cut from 4%).

The end-of-year headcount would be 425. That means headcount will have doubled since about September 2013. It was at under 150 when the new gTLD program kicked off in 2012.

Does ICANN really need so many staff? It’s a question people have been asking since before headcount even broke into three digits (over 10 years ago).

The petition organizers wrote that ICANN could not only maintain but increase funding for Fellows by just lowering staffing levels by one or two people, adding:

Given that most of the fellows are from developing countries, the Fellowship Program is not only a learning platform for capacity building to empower volunteers with the skills needed to create a positive impact both within ICANN and in their home countries, but also it is practically the only way to overcome the insurmountable financial burden faced by individuals coming from world regions where even access to drinking water is problematic, not to mention access to computers and quality IT infrastructure that is taken for granted in developed countries.

There’s no denying that attending ICANN meetings can be a pricey undertaking. I come from the developed world and I’ve skipped a few for cost reasons.

But there’s no point ICANN splashing out its cash (which is after all a quasi-tax gathered ultimately from domain registrants) on a Fellowship program unless it knows what the ROI is.

Are the Fellows worth the money?

There’s a kind of running joke — that, disclosure alert, I participate in regularly — that Fellows are mainly good for being strong-armed into singing ICANN’s praises at the open-mic Public Forum sessions held at two of the three meetings each year.

But that’s probably not entirely fair. The program has supported some committed community members who are certainly not slackers.

There are two former Fellows — Léon Felipe Sanchez Ambia and Rafael Lito Ibarra — currently sitting on the ICANN board of directors, and at least one I know of on the GNSO Council.

There are also about 10 members of ICANN staff who were former fellows and ICANN has documented several more participants who are still active in formal roles in ICANN.

Would these people have gotten so involved with ICANN if that financial support had not been there for them originally? I don’t know.

ICANN has attempted in the past to put some hard numbers on the value of the program, and the results are perhaps not as encouraging as when one cherry-picks the success stories.

It conducted a survey last year (pdf) of all 602 former Fellows and managed to get a hold of 597 of them. It wanted to know whether they were still engaged in the ICANN community.

But only 53%, 317 people, even bothered to respond to the survey. Of those who did respond, 198 said they were still involved in the ICANN community.

Basically, of the 600 Fellows ICANN has subsidized to attend ICANN meetings over the last 10 years, just one third say they are still participating.

Is that a good hit rate?

Would it be worth firing a couple of ICANN staffers — or at least allowing a position or two to fall to attrition — in order to keep the Fellowship program funded at current levels?

I honestly have no strong opinion either way on this one, but I’d be interested to hear what you have to say.

No doubt ICANN is too. Its public comment period on the FY19 budget is still open.

ICANN would reject call for “diversity” office

Kevin Murphy, February 16, 2018, Domain Policy

ICANN’s board of directors would reject a call for an “Office of Diversity”, due to its current budget crunch.

The board said as much in remarks filed to a public comment period that got its final report this week.

The report of the CCWG-Accountability Work Stream 2 working group had recommended several potential things ICANN could do to improve diversity in the community, largely focused on collecting and publishing data on diversity.

“Diversity” for the purposes of the recommendations does not have the usual racial connotations of the word. Instead it means: geography, language, gender, age, physical disability, skills and stakeholder group.

Some members of the working group had proposed an independent diversity office, to ensure ICANN sticks to diversity commitments, but this did not gain consensus support and was not a formal recommendation.

Some commenters, including (in a personal capacity) a current vice chair of the Governmental Advisory Committee and a former ICANN director, had echoed the call for an office of diversity.

But ICANN’s board said it would not be able to support such a recommendation:

Given the lack of clarity around this office, lack of consensus support within the subgroup (and presumably within the CCWG-Accountability and the broader community), and noting the previously-mentioned budget and funding constraints and considerations, the Board is not in a position to accept this item if it were to be presented as a formal consensus-based recommendation

In general terms, it encouraged the working group to consider ICANN’s “limited funding” when it makes its final recommendations.

It added that it may be difficult for ICANN to collect personal data on community members, in light of the General Data Protection Regulation, the EU privacy law that kicks in this May.

All the comments on the report can be found here.

Registries reject lower fees for anti-abuse prowess

Kevin Murphy, February 16, 2018, Domain Policy

Registries have largely rejected a proposal for them to be offered financial incentives to lower the amount of abuse in their gTLDs.

That’s despite the idea gaining broad support from governments, intellectual property interests and restricted-registration registries.

The concept of ICANN offering discounted fees to registries that proactively fight abuse was floated by the Competition, Consumer Trust, and Consumer Choice Review Team (CCT) back in November.

It recommended in its draft report, among other things:

Consider directing ICANN org, in its discussions with registries, to negotiate amendments to existing Registry Agreements, or in negotiations of new Registry Agreements associated with subsequent rounds of new gTLDs to include provisions in the agreements providing incentives, including financial incentives for registries, especially open registries, to adopt proactive anti-abuse measures.

“Proactive” in this case would mean measures such as preventing known bad actors from registering domains, rather than just waiting for complaints to be filed.

Given that registries have been calling for lower ICANN fees in other instances, one might expect to see support from that constituency.

However, the Registries Stakeholder Group said in a document filed to ICANN’s public comment period on the CCT’s latest recommendations that, it “opposes” the idea of such financial incentives. It said:

The RySG supports recognizing and supporting the many [registry operators] that take steps to discourage abuse, but opposes amending the RA as recommended, to mandate or incentivize ‘proactive’ anti-abuse measures.

The RySG complained that such a system would require lots of complex work to arrive at a definition of abuse and what kinds of measures would qualify as “proactive”.

Even if such definitions could be found, and amendments to the standard RA successfully negotiated, there’s still no guarantee that bad registries would sign up for the incentives or stick to their promises, “resulting in no net improvement to the current situation”, the RySG said.

The group is also concerned that adding more anti-abuse clauses to the RA could increase registries’ risk of liability should they be sued over abuse carried out by their customers.

Not all registries agreed with the RySG position, however.

The informal Verified Top-Level Domains Consortium, which comprises the two registries behind .bank, .insurance and .pharmacy, filed comments supporting the proposal.

It said that gTLDs with vetted eligibility requirements see no abuse but have lower registration volumes and therefore pay higher ICANN fees on a per-domain basis. It said:

ICANN should help to offset these costs to create a more level playing field with high-volume unrestricted registries, i.e., to enhance competition as well as consumer trust. If ICANN made it more financially advantageous to verify eligibility, other registries may be encouraged to adopt this model. The outcome would be the elimination of abuse in these verified TLDs.

Outside of the industry itself, the Governmental Advisory Committee and IP interests such as the Intellectual Property Constituency and INTA, filed comments supporting anti-abuse incentives.

The IPC “strongly” supported the recommendation, but added that the finer details would need to be worked out to ensure that lower ICANN fees did not translate automatically to lower registration fees and therefore more abuse.

Shocking nobody, it added that “abuse” should include intellectual property infringements.

Conversely, the Non-Commercial Stakeholders Group said it “strongly” opposes the recommendation, on the basis that it would push ICANN into a “content policeman” role in violation of its technical mandate:

ICANN is not a US Federal Trade Commission or an anti-fraud unit or regulatory unit of any government. Providing guidance, negotiation and worse yet, financial incentives to ICANN-contracted registries for anti-abuse measures is completely outside of our competence, goals and mandates. Such acts would bring ICANN straight into the very content issues that passionately divide countries — including speech laws, competition laws, content laws of all types. It would invalidate ICANN commitments to ourselves and the global community. It would make ICANN the policemen of the Internet, not the guardians of the infrastructure. It is a role we have sworn not to undertake; a role beyond our technical expertise; and a recommendation we must not accept.

Also opposed to incentivizing anti-abuse measures was the Messaging, Malware and Mobile Anti-Abuse Working Group (an independent entity, not an ICANN working group), which said there’s no data to support such a recommendation.

The reports provide no data that showcase what the implications of altering the economic underpinnings of a highly competitive market may entail, including inadvertent side effects such as registries that already sell low price domains being rewarded with lower ICANN fees. In fact, it may ultimately result in a race to the bottom and higher rates of domain abuse.

Instead, M3AAWG said that ICANN should concentrate is contractual compliance efforts on those registries that the data shows already have large amounts of abuse — presumably meaning the likes of .top, .gdn and the Famous Four Media stable.

ICANN itself filed a comment on the proposal, pointing out that it is not able to unilaterally impose anti-abuse measures into registry agreements.

One imagines that lowering fees at a time when its own budget is under a lot of pressure would probably not be something ICANN would be eager to implement.

These comments and more were summarized in ICANN’s report on the CCT public comment period, published yesterday. The comments themselves can be found here.

The comments feed back into the CCT review team’s work ahead of its final report, which is due to be published some time during Q1.

Under its bylaws, the CCT review is one of the things that ICANN has to complete before it opens the next round of new gTLD applications.