How much power should governments have over the domain name industry? Should the industry be held responsible for the actions of its customers? Are domain names the way to stop crime?
These are some of the questions likely to be addressed during ICANN’s latest public comment period, which could prove to be one of the most important consultations it’s ever launched.
ICANN wants comments on governmental advice issued during the Beijing meeting two weeks ago, which sought to impose a broad regulatory environment on new gTLD registries.
According to this morning’s announcement:
[ICANN’s Board New gTLD Committee] has directed staff to solicit comment on how it should address one element of the advice: safeguards applicable to broad categories of New gTLD strings. Accordingly, ICANN seeks public input on how the Board New gTLD Committee should address section IV.1.b and Annex I of the GAC Beijing Communiqué.
Annex 1 of the Beijing communique is the bit in which the GAC told ICANN to impose sweeping new rules on new gTLD registries. It’s only a few pages long, but that’s because it contains a shocking lack of detail.
For all new gTLDs, the GAC wants ICANN to:
- Apply a set of abuse “safeguards” to all new gTLDs, including mandatory annual Whois accuracy audits. Domain names found to use false Whois would be suspended by the registry.
- Force all registrants in new gTLDs to provide an abuse point of contact to the registry.
- Make registries responsible for adjudicating complaints about copyright infringement and counterfeiting, suspending domains if they decide (how, it’s not clear) that laws are being broken.
For the 385 gTLD applications deemed to represent “regulated or professional sectors”, the GAC wants ICANN to:
- Reject the application unless the applicant partners with an appropriate industry trade association. New gTLDs such as .game, .broadway and .town could only be approved if they had backing from “relevant regulatory, or industry self-regulatory, bodies” for gaming, theater and towns, for example.
- Make the registries responsible for policing registrants’ compliance with financial and healthcare data security laws.
- Force registries to include references to organic farming legislation in their terms of service.
For gTLD strings related to “financial, gambling, professional services, environmental, health and fitness, corporate identifiers, and charity” the GAC wants even more restrictions.
Essentially, it’s told ICANN that a subset of the strings in those categories (it didn’t say which ones) should only be operated as restricted gTLDs, a little like .museum or .post are today.
It probably wouldn’t be possible for a poker hobbyist to register a .poker domain in order to blog about his victories and defeats, for example, unless they had a license from an appropriate gambling regulator.
Attempting to impose last-minute rules on applicants appears to reverse one of the GAC’s longstanding GAC Principles Regarding New gTLDs, dating back to 2007, which states:
All applicants for a new gTLD registry should therefore be evaluated against transparent and predictable criteria, fully available to the applicants prior to the initiation of the process. Normally, therefore, no subsequent addition selection criteria should be used in the selection process.
The Beijing communique also asks ICANN to reconsider allowing singular and plural versions of the same string to coexist, and says “closed generic” or “exclusive access” single-registrant gTLDs must serve a public interest purpose or be rejected.
There’s a lot of stuff to think about in the communique.
But ICANN’s post-Beijing problem isn’t whether it should accept the GAC’s advice, it’s to first figure out what the hell the GAC is actually asking for.
Take this bit, for example:
Registry operators will require that registrants who collect and maintain sensitive health and financial data implement reasonable and appropriate security measures commensurate with the offering of those services, as defined by applicable law and recognized industry standards.
This one paragraph alone raises a whole bunch of extremely difficult questions.
How would registry operators identify which registrants are handling sensitive data? If .book has a million domains, how would the registry know which are used to sell books and which are just reviewing them?
How would the registries “require” adherence to data security laws? Is it just a case of paying lip service in the terms of service, or do they have to be more proactive?
What’s a “reasonable and appropriate security measure”? Should a .doctor site that provides access to healthcare information have the same security as one that merely allows appointments to be booked? What about a .diet site that knows how fat all of its users are? How would a registry differentiate between these use cases?
Which industry standards are applicable here? Which data security laws? From which country? What happens if the laws of different nations conflict with each other?
If a registry receives a complaint about non-compliance, how on earth does the registry figure out if the complaint is valid? Do they have to audit the registrant’s security practices?
What should happen if a registrant does not comply with these laws or industry standards? Does its domain get taken away? One would assume so, but the GAC, for some reason, doesn’t say.
The ICANN community could spend five years discussing these questions, trying to build a framework for registries to police security compliance, and not come to any consensus.
The easier answer is of course: it’s none of ICANN’s business.
Is it ICANN’s job to govern how web sites securely store and transmit healthcare data? I sure hope not.
And those are just the questions raised by one paragraph.
The Beijing communique as a whole is a perplexing, frustrating mess of ideas that seems to have been hastily cobbled together from a governmental wish-list of fixes for perceived problems with the internet.
It lacks detail, which suggests it lacks thought, and it’s going to take a long time for the community to discuss, even as many affected new gTLD applicants thought they were entering the home stretch.
Underlying everything, however, is the question of how much weight the GAC’s advice — which is almost always less informed than advice from any other stakeholder group — should carry.
ICANN CEO Fadi Chehade and chair Steve Crocker have made many references recently to the “multi-stakeholder model” actually being the “multi-equal-stakeholder model”.
This new comment period is the first opportunity the other stakeholders get to put this to the test.
The National Arbitration Forum has released its price list for Uniform Rapid Suspension complaints, saying that the cheapest case will cost $375.
That’s for cases involving one to 15 domains. Prices increase based on the number of domains in the filing, capped at $500 for cases involving over 100 names.
The prices are within the range that ICANN had asked of its URS providers.
Some potential URS vendors had argued that $500 was too low to administer the cases and pay lawyers to act as panelists, but changed their tune after ICANN opened up an RFP process.
NAF’s price list also includes response fees of $400 to $500, which are refundable to the prevailing party. There are also extra fees for cases involving more than one panelist.
The prices are found in the NAF’s Supplemental Rules for URS, which have not yet been given the okay by ICANN. NAF expects that to come by July 1.
The Asian Domain Name Dispute Resolution Centre has been approved by ICANN as a provider of Uniform Rapid Suspension services.
The two organizations signed a memorandum of understanding last week, ICANN said.
ADNDRC is the second URS resolution provider to be named, after the US-based National Arbitration Forum. It’s got offices in Beijing, HongKong, Seoul and Kuala Lumpur and tends to hand local cases.
While it’s been a UDRP provider since 2001, it’s only handled about 1,000 cases in that time, according to DI’s records. That’s about 16 times fewer than NAF and 17 times fewer than WIPO.
ICANN said that more providers will be appointed in future.
URS is a faster, cheaper version of UDRP that allows obviously trademark-infringing domains to be suspended — not transferred — for about $500 a pop. It will only apply to new gTLDs at first.
The over 500 new gTLD applicants affected by Governmental Advisory Committee advice on their bids have 21 days from today to file their responses officially with ICANN.
But there’s still some confusion about who exactly is expected to file responses, given the extraordinary breadth of the advice contained within the GAC’s Beijing communique.
ICANN today put applicants on formal notice of the publication of the Beijing communique, which actually came out a week ago, and said applicants have until May 10 to respond to the ICANN board.
What it didn’t do is say which applicants are affected. Technically, it could be all of them.
The Beijing communique contains six “safeguards” related to things such as abuse and security, which it said “should apply to all new gTLDs”.
On a more granular level, the GAC has called out, we believe, 517 individual applications that should not be approved or that should not be approved unless they do what the GAC says.
The Beijing communique, it could be argued, throws the whole new gTLD program into disarray, and this is the first chance applicants will get to put their views directly in writing to the ICANN board.
Rules proposed for the new Trademark Clearinghouse threaten to cut off some of new gTLD registries major sources of early revenue, according to registry providers.
Premium domain sales and founders programs are among the now industry-standard practices that would be essentially banned under the current draft of the TMCH rules, they say.
The potential problems emerged in a draft TMCH Requirements document circulated to registries 10 days ago and vigorously discussed during a session at the ICANN meeting in Beijing last week.
The document lists all of the things that new gTLD registries must and must not, and may and may not, do during the mandatory Sunrise and Trademark Claims rights protection launch periods.
One of the bits that has left registries confused is this:
2.2.4 Registry Operator MUST NOT allow a domain name to be reserved or registered to a registrant who is not a Sunrise-Eligible Rights Holder prior to the conclusion of the Sunrise Period.
What this means is that trademark owners get first dibs on pretty much every possible string in every gTLD.
“Trademark owners trump everything,” Neustar business affairs veep Jeff Neuman said during the Beijing meeting. “Trademark owners trump every possible use of every possible name.”
It would mean, for example, that if a new gTLD wanted to allocate some names to high-profile anchor tenants during a “founders program”, it would not be able to do so until after the Sunrise was over.
Let’s say the successful applicant for .shop wants to reserve the names of hundreds of shop types (book.shop, food.shop, etc) as premium names, to allocate during its founders program or auction later.
Because the .shop Sunrise would have to happen first, the companies that the own rights to, for example, “wallpaper” or “butcher” (both real US trademarks) would have first rights to wallpaper.shop and butcher.shop, even if they only planned to defensively park the domains.
Because there’s likely to be some degree of gaming (there’s a proof-of-use requirement, but the passing threshold is pretty low), registries’ premium lists could be decimated during Sunrise periods.
If ICANN keeps its TMCH Requirements as they are currently written, new gTLD registries stand to lose a lot of early revenue, not to mention control over launch marketing initiatives.
However, if ICANN were to remove this rule, it might give unscrupulous registries the ability to circumvent the mandatory Sunrise period entirely by placing millions of strings on their premium lists.
“Registries should have discretion to schedule their start-up phases according to their business plans so long as rights protection processes are honored, so that’s the balancing we’ve tried to do,” ICANN operations & policy research director Karen Lenz said during Beijing.
“It’s trying to allow registries to create requirements that suit their purposes, without being able to hollow out the rights protection intention,” she said.
The requirements document is still just a draft, and discussions are ongoing, she added.
“It’s certainly not our intention to restrict business models,” Lenz said.
Registries will get some flexibility to restrict Sunrise to certain registrants. For example, they’ll be able to disqualify those without an affiliation to the industry to which the gTLD is targeted.
What they won’t be able to do is create arbitrary rules unrelated to the purpose of the TLD, or apply one set of rules during Sunrise and another during the first 90 days of general availability.
The standard Registry Agreement that ICANN expects all new gTLDs to sign up to does enable registries to reserve or block as many names as they want, but only if those names are not registered or used.
It seemed to be designed to do things like blocing ‘sensitive’ strings, rather like when ICM Registry reserved thousands of names of celebrities and cultural terms in .xxx.
The Requirements document, on the other hand, seems to allow these names being released at a later date. If they were released, the document states, they’d have to be subject to Trademark Claims notices, but not Sunrise rules.
While that may be a workaround to the premium domains problem, it doesn’t appear to help registries that want to get founders programs done before general availability.
It seems that there are still many outstanding issues surrounding the Trademark Clearinghouse — many more than discussed in this post — that will need to be settled before new gTLDs are going to feel comfortable launching.