Latest news of the domain name industry

Recent Posts

ICANN beefs up background checks on directors amid concerns about vice-chair

Kevin Murphy, November 6, 2017, Domain Policy

ICANN is to beef up background screening procedures for its own board of directors after concerns were raised about financial integrity.

Directors in four seats that were not previously subject to screening have voluntarily agreed to checks “immediately” and ICANN has urged two of its supporting organizations to bring in such checks as standard.

Chris Disspain and Mike Silber, selected by the Country Code Names Supporting Organization, and Generic Names Supporting Organization selectees Becky Burr and Matthew Shears are these volunteers.

Neither the GNSO nor ccNSO currently screen their director picks to the same standard as other supporting organizations and the Nominating Committee.

ICANN said that they will be checked for “negative indicators such as discrepancies on a resume (including licenses, educational history and employment history), or publicly reported issues of financial mismanagement, fraud, harassment and mishandling of confidential information”.

The board passed a resolution last Thursday calling for the two SOs to bring in “the same or similar” screening procedures for future directors.

The resolution was passed minutes before the formal handover of power from outgoing chair Steve Crocker to new chair Cherine Chalaby. Disspain is the new vice-chair, replacing Chalaby.

ICANN had been put under pressure to widen its director due diligence earlier in the week by consultant and long-time ICANN community member Ron Andruff, who is known to have concerns about Disspain’s financial integrity.

Andruff spoke at an open-mic session with the board last Monday to recommend that the four anomalous directors face screening before the board was re-seated just a few days later.

“We’re talking about risk,” he said. “We’re talking about making sure that we do not put our institution that we’ve worked so hard to put into ICANN 2.0 in a place where we have four people that might have something, or not. And quite frankly, I don’t expect we’re going to find anything. I just want to make sure that we’ve checked that box,” Andruff said.

“We have the resources to do four background screenings between now and Thursday. No one expects any issues to surface. But this simple act will ensure that the institution is properly protected,” Andruff said.

Then-chair Crocker responded that it would not be possible to do the checks so quickly, but agreed in principle with the need for screening and said the board had had “substantial discussions” on the matter.

Andruff is former chair-elect of the Nominating Committee, which chooses eight directors and subjects all of its appointees to background screening.

He recently made a Freedom of Information Act request in Australia related to the circumstances leading to Disspain getting fired as CEO of local ccTLD administrator auDA in March 2016.

Disspain was let go after his relationship with the auDA board became “increasingly strained over issues of process, transparency and accountability”, according to an external review published by auDA in October last year.

auDA’s practices had “not kept pace with auDA’s growth in scale and importance to the Australian community, nor with evolving good practice in governance and accountability”, this review found.

The review did not directly allege any wrongdoing by Disspain.

A separate and currently unpublished review around the same time by PPB Advisory found that auDA had been “under-reporting” so-called “fringe benefit tax” to the Aussie tax authorities, according to auDA board meeting minutes.

FBT is tax companies must pay on employee benefits such as a company car or payment of private expenses.

There’s no clear indication in the public record that this under-reporting was directly related to benefits Disspain received, though the under-reporting very likely happened at least partially during his 15 years as CEO.

A slide deck discussing the PPB review published by auDA identified “a lack of formal policies and procedures governing how travel and expenses were managed”.

It added: “There were high levels of expenditure on international travel and reimbursement arrangements with international bodies that lacked transparency, which should have warranted a more robust process”.

All expenses incurred by ICANN’s directors and reimbursed in relation to their duties are a matter of public record.

Disspain receives not only a $45,000 annual salary but also tens of thousands of dollars in reimbursements each year, much of which is related to directors’ extensive travel obligations, these records show.

In its last reported tax year, to June 30, 2016, he received $68,437 in reimbursements, according to a published document (pdf). ICANN directly paid another $32,951 on his behalf.

A number of allegations have been made to DI (and, I believe, to other bloggers) over the last few months about alleged wrongdoing by Disspain in connection to these nuggets of information, but they’ve come from sources who refuse to identify themselves or provide corroborating evidence.

Despite efforts, I’ve been unable to independently verify these anonymous claims, which come amid turbulent times for auDA and its members, so I’ve chosen not to repeat them.

Andruff, meanwhile, has used FOI law to ask the Australian government, which has oversight of auDA, for the full PPB report, as well as documents related to the FBT issue, Disspain’s termination and his travel expenses.

Andruff and Disspain are known to have a history of friction.

Two years ago, Andruff expressed his anger after having been passed over for the job of chair of the NomCom, a role that be believes should have gone to him as chair-elect.

He lost the opportunity after the ICANN board, exercising its bylaws-permitted discretion, accepted the recommendation of its Board Governance Committee — at the time chaired by Disspain — that it be given to Stephane Van Gelder instead.

The original deadline for the Australian government response to Andruff’s FOI request was October 16, but this has been extended twice, now to November 19, due to the complexity of the request.

The eventual response will no doubt be read with interest.

Concern as ICANN shuts down “independent” security review

Kevin Murphy, October 31, 2017, Domain Policy

Just a year after gaining its independence from the US government, ICANN has come under scrutiny over concerns that its board of directors may have overstepped its powers.

The board has come in for criticism from almost everyone expressing an opinion at the ICANN 60 meeting in Abu Dhabi this week, after it temporarily suspended a supposedly independent security review.

The Security, Stability and Resiliency of the DNS Review, known as SSR-2, is one of the mandatory reviews that got transferred into ICANN’s bylaws after the Affirmation of Commitments with the US wound up last year.

The review is supposed to look at ICANN’s “execution of its commitment to enhance the operational stability, reliability, resiliency, security, and global interoperability of the systems and processes, both internal and external, that directly affect and/or are affected by the Internet’s system of unique identifiers that ICANN coordinates”.

The 14 to 16 volunteer members have been working for about eight months, but at the weekend the ICANN board pulled the plug, saying in a letter to the review team that it had decided “to suspend the review team’s work” and said its work “should be paused”.

Chair Steve Crocker clarified in sessions over the weekend and yesterday that it was a direction, not a request, but that the pause was merely “a moment to take stock and then get started again”.

Incoming chair Cherine Chalaby said in various sessions today and yesterday that the community — which I take to mean the leaders of the various interest groups — is now tasked with un-pausing the work.

Incoming vice-chair Chris Disspain told community leaders in an email (pdf) yesterday:

The Board has not usurped the community’s authority with respect to this review. Rather, we are asking the SOs and ACs to consider the concerns we have heard and determine whether or not adjustments are needed. We believe that a temporary pause in the SSR2 work while this consideration is under way is a sensible approach designed to ensure stakeholders can reach a common understanding on the appropriate scope and work plan

Confusion has nevertheless arise among community members, and some serious concerns and criticisms have been raised by commercial and non-commercial interests — including governments — over the last few days in Abu Dhabi.

But the board’s concerns with the work of SSR-2 seem to date back a few months, to the Johannesburg meeting in June, at which Crocker said “dangerous signals” were observed.

It’s not clear what he was referring to there, but the first serious push-back by ICANN came earlier this month, when board liaison Kaveh Ranjbar, apparently only appointed to that role in June, emailed the group to say it was over-stepping its mandate.

Basically, the SSR-2 group’s plan to carry out a detailed audit of ICANN’s internal security profile seems to have put the willies up the ICANN organization and board.

Ranjbar wrote:

The areas the Board is concerned with are areas that indeed raise important organizational information security and organizational oversight questions. However, these are also areas that are not segregated for community review, and are the responsibility of the ICANN Organization (through the CEO) to perform under the oversight of the ICANN Board.

While we support the community in receiving information necessary to perform a full and meaningful review over ICANN’s SSR commitments, there are portions of the more detailed “audit” plan that do not seem appropriate for in-depth investigation by the subgroup. Maintaining a plan to proceed with detailed assessments of these areas is likely to result in recommendations that are not tethered to the scope of the SSR review, and as such, may not be appropriate for Board acceptance when recommendations are issued. This also can expand the time and resources needed to perform this part of the review.

This does not seem hugely unreasonable to me. This kind of audit could be expensive, time-consuming and — knowing ICANN’s history of “glitches” — could have easily exposed all kinds of embarrassing vulnerabilities to the public domain.

Ranjbar’s letter was followed up a day later with a missive (pdf) from the chair of ICANN’s Security and Stability Advisory Committee, which said the SSR-2’s work was doomed to fail.

Patrick Falstrom recommended a “temporarily halt” to the group’s work. He wrote:

One basic problem with the SSR2 work is that the review team seems neither to have sufficient external instruction about what to study nor to have been able to formulate a clear direction for itself. Whatever the case, the Review Team has spent hundreds of hours engaged in procedural matters and almost no progress has been made on substantive matters, which in turn has damaged the goodwill and forbearance of its members, some of whom are SSAC members. We are concerned that, left to its own devices, SSR2 is on a path to almost certain failure bringing a consequential loss of credibility in the accountability processes of ICANN and its community.

Now that ICANN has actually acted upon that recommendation, there’s concern that it sets a disturbing precedent for the board taking “unilateral” action to scupper supposedly independent accountability mechanisms.

The US government itself expressed concern, during a session between the board and the Governmental Advisory Committee in Abu Dhabi today.

“This is unprecedented,” US GAC rep Ashley Heineman said. “I just don’t believe it was ever an expectation that the ICANN board would unilaterally make a decision to pause or suspend this action. And that is a matter of concern for us.”

“It would be one thing if it was the community that specifically asked for a pause or if it was a review team that says ‘Hey, we’re having issues, we need a pause.’ What’s of concern here is that ICANN asked for this pause,” she said.

UK GACer Mark Carvell added that governments have been “receiving expressions of grave concern” about the move and urged “maximum transparency” as the SSR-2 gets back on track.

Jonathan Zuck of the Innovators Network Foundation, one of the volunteers who worked on ICANN’s transition from US government oversight, also expressed concern during the public forum session yesterday.

“I think having a fundamental accountability mechanism unilaterally put on hold is something that we should be concerned about in terms of process,” he said. “I’m not convinced that it was the only way to proceed and that from a precedential standpoint it’s not best way to proceed.”

Similar concerns were voiced by many other parts of the community as they met with the ICANN board throughout today and yesterday.

The problem now is that the bylaws do not account for a board-mandated “pause” in a review team’s work, so there’s no process to “unpause” it.

ICANN seems to have got itself tangled up in a procedural quagmire — again — but sessions later in the week have been scheduled in order for the community to begin to untangle the situation.

It doubt we’ll see a resolution this week. This is likely to run for a while.

Egyptian elected new GAC chair

Kevin Murphy, October 31, 2017, Domain Policy

Manal Ismail, Egypt’s representative to ICANN’s Governmental Advisory Committee, has been elected its new chair.

She will replace outgoing chair Thomas Schneider, a Swiss official, after the current ICANN 60 public meeting in Abu Dhabi wraps up later this week.

Ismail is director of international technical coordination at Egypt’s National Telecom Regulatory Authority, NTRA.

Schneider said he was stepping down from the GAC earlier this year, having received a promotion back home that will limit his availability for ICANN work.

The handover means that both the GAC and the ICANN board of directors will, from this Thursday, be chaired by Egyptians.

The ICANN board will on Thursday formally elect current vice chair Cherine Chalaby as Steve Crocker’s replacement.

Chalaby was born in Egypt, also holds British citizenship, and lives in the United States.

I believe it’s the first time both chair roles have been held by people of the same nationality.

“We own your name” government tells Amazon in explosive slapdown

Kevin Murphy, October 29, 2017, Domain Policy

Amazon suffered a blistering attack from South American governments over its controversial .amazon gTLD applications this weekend.

A Peruvian official today excoriated Amazon’s latest peace offering, telling the tech giant in no uncertain terms that the word “Amazon” is not its property and demanding an apology for the company’s alleged behavior during recent legal proceedings.

“We will be giving you permission to use a certain word, not the other way around,” she said. “We are the owners of the Amazonian region.”

Speaking for almost 10 minutes during a session at the ICANN 60 meeting in Abu Dhabi this afternoon, Peru’s representative to the Governmental Advisory Committee pulled rank and scolded Amazon like a naughty schoolchild.

She claimed that Amazon had been bad-mouthing Peru by saying former GAC reps had “lied to and manipulated” the rest of the GAC in order to get support for its objection. She then demanded an apology from the company for this.

She was speaking in support of the idea that the string “Amazon” belongs to the people of the Amazonas region, which covers as many as eight South American countries, rather than the American company, despite the fact that none of those countries use the English word to describe the region.

Her remarks drew applause from parts of the audience.

Amazon had showed up at the session — described by two GAC reps later as a “lion’s den” — to offer a “strong, agreed-upon compromise that addresses the needs of the governments”.

The proposed deal would see the GAC drop its objections to .amazon in exchange for certain safeguards.

Amazon is promising to reserve geographically and culturally sensitive words at the second level in .amazon.

The domain rainforest.amazon, its associate general counsel Dana Northcott said by way of example, would be never be used by anyone.

Affected governments would get to negotiate a list of such terms before .amazon went live and there’d be an ongoing consultation process for more such terms to be protected in future.

The company has also promised not to object to — and in fact to actively support with hard resources — any future applications for .amazonas or other local-language variants by the people of the region.

But Peru was not impressed, telling the company that not only is the English version of the name of the region not its property but also that it must show more respect to governments.

“No government is going to accept any impositions from you,” she said, before appealing to fellow GAC members that the issue represents a kind of existential threat.

“The core issue here… is our survival as governments in this pseudo-multi-stakeholder space that has been invented,” she said.

“They want us to believe this is a place where we have dignity but that is increasingly obvious that this is not the case,” she said. “We don’t have it. And that is because of companies like yours… Companies that persist in not respecting the governments and the people they represent.”

The Peruvian GAC rep, listed on the GAC web site as María Milagros Castañon Seoane but addressed only as “Peru” during the session, spoke in Spanish; I’ve been quoting the live interpretation provided by ICANN.

Her remarks, in my opinion, were at least partially an attempt to strengthen her side’s negotiating hand after an Independent Review Process panel this July spanked ICANN for giving too much deference to GAC advice.

The IRP panel decided that ICANN had killed the .amazon applications — in breach of its bylaws — due to a GAC objection that appeared on the face of the public record to be based on little more than governmental whim.

The panel essentially highlighted a clash between ICANN’s bylaws commitments to fairness and transparency and the fact that its New gTLD Applicant Guidebook rules gave the GAC a veto over any application for any reason with no obligation to explain itself.

It told ICANN to reopen the applications for consideration and “make an objective and independent judgment regarding whether there are, in fact, well-founded, merits-based public policy reasons for denying Amazon’s applications”.

That was back in July. Earlier today, the ICANN board of directors in response to the IRP passed a resolution calling for the GAC to explain itself before ICANN 61 in March next year, resolving in part:

Resolved (2017.10.29.02), the Board asks the GAC if it has: (i) any information to provide to the Board as it relates to the “merits-based public policy reasons,” regarding the GAC’s advice that the Amazon applications should not proceed; or (ii) any other new or additional information to provide to the Board regarding the GAC’s advice that the Amazon applications should not proceed.

Other governments speaking today expressed doubt about whether the IRP ruling should have any jurisdiction over such GAC advice.

“It is not for any panelist to decided what is public policy, it is for the governments to decide,” Iran’s Kavouss Arasteh said.

During a later session today the GAC, talking among itself, made little progress in deciding how to formally respond to the ICANN board’s resolution.

A session between the GAC and the ICANN board on Tuesday is expected to be the next time the issue raises its increasingly ugly head.

ICANN shifts dates on five public meetings to avoid holidays

Kevin Murphy, October 25, 2017, Domain Policy

ICANN has changed the proposed dates of five out of nine forthcoming public meetings in order to avoid clashes with religious festivals and national holidays.

The meetings affected — ICANNs 70 through 78 — are all scheduled for 2021, 2022 and 2023 and naturally don’t have any venue selected yet, so nobody is going to have to change any travel plans.

The biggest shift will see the usual October meeting in 2022 moved a full month earlier to September due to a clash with the Jewish holiday Sukkot and its subsequent holy days.

Ramadan in 2023 will see the March meeting moved a week earlier.

Midsummer, something celebrated mainly in Sweden and neighboring countries, will see the June meetings in all three years moved back a week.

Interestingly, a clash with Midsummer was highlighted as a selling point of the Helsinki meeting a couple of years ago. ICANN’s latest CEO, a Swede, is no doubt more sensitive to the cultural significance of the holiday.

The changes were all made in response to comments from the At-Large Advisory Committee and the Non-Commercial Stakeholders Group.

The list of changes and rationale can be found here (pdf).

ICANN’s latest meeting, ICANN 60, kicks off in Abu Dhabi this weekend.