Latest news of the domain name industry

Recent Posts

Domain registrars pressured into huge shakeup

Kevin Murphy, October 26, 2011, Domain Registrars

Domain name registrars have agreed to negotiate big changes to their standard contract with ICANN, after getting a verbal kicking from the US and other governments.

While the decision to revamp the Registrar Accreditation Agreement was welcomed by intellectual property interests, it was criticized by non-commercial users worried about diluting privacy rights.

The ICANN registrar constituency said in a statement today that it will enter into talks with ICANN staff in an effort to get a new RAA agreed by March next year.

It’s an ambitious deadline, but registrars have come under fire this week over the perception that they have been using ICANN’s arcane processes to stonewall progress.

So, what’s going to change?

The registrars said that the negotiations will focus on 12 areas, originally put forward by international law enforcement agencies, that have been identified as “high priority”.

They cover items such as an obligation to disclose the names of registrants using privacy services, to work with law enforcement, and to tighten up relationships with resellers.

Here’s a list of all 12, taken from a recent ICANN summary report (pdf).

Prohibition on registrar cybersquatting
Malicious conduct – registrar duty to investigate
Designation and publication of technically competent point of contact on malicious conduct issues, available on 24/7 basis
Registrar disclosure of privacy/proxy services made available in connection with registration; and responsibility of registrar for compliance by such services
Obligations of privacy/proxy services made available in connection with registration re data escrow; Relay function; Reveal function
Registrar responsibility for cancellation under appropriate circumstances of registrations made by other privacy/proxy services for noncompliance with Relay and Reveal
Define circumstances under which registrar is required to cancel registration for false Whois data and set reasonable time limits for registrar action
Require PCI compliance in registration process
Define “reseller” and clarify registrar responsibility for reseller compliance
Require greater disclosure of registrar affiliates/multiple accreditations
Require greater disclosure of registrar contact information, information on form of business organization, officers, etc.
Clarification of registrar responsibilities in connection with UDRP proceedings

The changes were first suggested two years ago, and ICANN’s increasingly powerful Governmental Advisory Committee this week expressed impatience with the lack of progress.

There’s a US-EU cybercrime summit coming up next month, and GAC members wanted to be able to report back to their superiors that they’ve got something done.

As I reported earlier in the week, the GAC gave the registrars a hard time at the ICANN meeting in Dakar on Sunday, and it took its concerns to the ICANN board yesterday.

“We are looking for immediate visible and credible action to mitigate criminal activity using the domain name system,” US GAC representative Suzanne Radell told the board.

She won support from Steve Crocker who, in his first meeting as ICANN’s chairman, has shown a less combative style than his predecessor when talking with governments.

He seemed to agree that progress on RAA amendments through the usual channels – namely the Generic Names Supporting Organization – had not met expectations.

“One of the things that is our responsibility at the board level is not only to oversee the process, not only to make sure rules are followed and that everything is fair, but at the end of the day, that it’s effective,” he said.

“If all we have is process, process, process, and it gets gamed or it’s ineffective just because it’s not structured right, then we have failed totally in our duty and our mission,” he said.

An immediate result of the registrars’ decision to get straight into talks was the removal of an Intellectual Property Constituency motion from today’s GNSO Council meeting.

The IPC had proposed that the RAA should be revised in a trilateral way, between the registrars, ICANN, and everyone else via the GNSO.

Yanking the motion, IPC representative Kristina Rosette warned that the IPC would bring it back to the table if the RAA talks do not address the 12 high-priority items.

It would be unlikely to pass – registrars and registries vote against anything that would allow outside interests to meddle in their contracts, and they have the voting power to block such motions.

The ideas in the motion nevertheless stirred some passionate debate.

Tucows CEO Elliot Noss described the GAC’s heavy-handed criticisms as “kabuki theater” and “an attempt to bring politics as usual into the multi-stakeholder process” and said the RAA is not the best way to add protections to the DNS.

“Getting enforcement-type provisions, be they law enforcement or IP protections, into the RAA accomplishes only one thing. It turns the ICANN compliance department into a police department,” he said.

Wendy Seltzer, representing the Non-Commercial Users Constituency, said the changes proposed to the RAA “would reduce the privacy of registrants” and put them at increased risk of domain take-downs.

A broader issue is that even after a new RAA is negotiated registrars will be under no obligation to sign up to it until their current contracts expire.

Because many leading registrars signed their last contract after it was revised in 2009, it could be three or four years before the new RAA has any impact.

I’m not sure it’s going to be enough to fully satisfy the GAC.

Radell, for example, said yesterday that some items – such as the registrar obligation to publish an abuse contact – should be brought in through a voluntary code of conduct in the short term.

She also called for the 20% of registrars deemed to be bad actors (not a scientifically arrived-at number) should be de-accredited by ICANN.

UPDATE (October 27): Mason Cole of the registrars constituency has been in touch to say that the RAA talks will not only look at the 12 “high priority” or law enforcement recommendations.

Rather, he said, “there will be consideration of a broader range of issues.”

This appears to be consistent with the registrars’ original statement, which was linked to in the above post:

The negotiations are in response to the development of a list of recommendations made by law enforcement agencies and the broader Internet community to provide increased protections for registrants and greater security overall.

GAC slams registrars over “silly” crime domain moves

Kevin Murphy, October 24, 2011, Domain Registrars

ICANN’s Governmental Advisory Committee is seriously annoyed with domain name registrars over what it sees as a failure to take the demands of law enforcement seriously.

The first official day of ICANN’s 42nd public meeting in Dakar, Senegal, was highlighted by a fractious discussion between the GAC and the Generic Names Supporting Organization.

Governments are evidently losing patience with the industry over what they see as incessant foot-dragging and, now, halfhearted bone-throwing.

The US, which is easily the most influential GAC member, was harshly critical of recent efforts by registrars to self-regulate themselves some law enforcement cooperation policies.

US GAC representative Suzanne Radell, saying she was speaking on behalf of the GAC, described a registrar move to start publishing legal service addresses on their web sites at some point in the future as as “paltry”, “mind-boggling” and “silly”.

She heavily implied that if the industry can’t self-regulate, the alternative is governments doing it for them. She was backed up by her counterparts from the UK, Australia and the European Commission.

Registrars have been talking to law enforcement for a few years about how to more effectively work together to prevent crime online.

In October 2009, agencies including the FBI and the UK Serious Organised Crime Agency publish a set of 12 recommendations about how to clean up the industry.

A lot of it was pretty basic stuff like a prohibition on registrar cybersquatting and an obligation to publish an abuse point of contact.

Despite a lot of talking at ICANN meetings, up until a couple of weeks ago there had not been a great deal of tangible progress.

The GNSO passed a resolution, proposed by registrars, to ask for an Issue Report to discuss whether registrars should be forced to post on their sites: a physical address for legal service, the names of key executives, and an abuse contact.

In ICANN’s world, an Issue Report usually precedes a Policy Development Process, which can take a year or more to produce results.

While the GNSO motion passed, it was opposed as inadequate by factions such as the Intellectual Property Constituency, which has close ties to the US government.

As the IPC seemed to correctly predict, the GAC was not amused.

“It is simply impossible for us to write a briefing memo for our political managers to explain why you need a policy to simply put your name on your web site,” Radell told the GNSO Council yesterday. “It is simply mind-boggling that you would require that.”

She pointed out that at a session during the Singapore meeting, registrars had indicated a willingness to address more of the law enforcement demands.

“That’s the context in which we are now coming to you saying this looks pretty paltry and actually it looks a little silly,” she said.

Mason Cole from the registrar constituency denied that they were “roadblocking” law enforcement’s demands, saying that a PDP is the fastest way to create a policy binding on all registrars.

“I think law enforcement was very clear when they made their proposals to us that what they were looking for was binding, enforceable provisions of policy that could be imposed on the registrars,” he said. “A code of conduct or a voluntary method would not arrive at binding, enforceable policy and therefore probably wouldn’t achieve the outcomes that law enforcement representatives were seeking.”

The debate didn’t end yesterday. Radell said she intends to take it up with the ICANN board of directors, presumably at their joint meeting tomorrow.

The implicit threat underlying the GAC’s protest is a legislative one, and Radell and other GAC members made it pretty clear that their governments back home regard domain names as a crucial tool in fighting online crime.

Hot topics for ICANN Singapore

Kevin Murphy, June 17, 2011, Domain Policy

ICANN’s 41st public meeting kicks off in Singapore on Monday, and as usual there are a whole array of controversial topics set to be debated.

As is becoming customary, the US government has filed its eleventh-hour saber-rattling surprises, undermining ICANN’s authority before its delegates’ feet have even touched the tarmac.

Here’s a high-level overview of what’s going down.

The new gTLD program

ICANN and the Governmental Advisory Committee are meeting on Sunday to see if they can reach some kind of agreement on the stickiest parts of the Applicant Guidebook.

They will fail to do so, and ICANN’s board will be forced into discussing an unfinished Guidebook, which does not have full GAC backing, during its Monday-morning special meeting.

It’s Peter Dengate Thrush’s final meeting as chairman, and many observers believe he will push through some kind of new gTLDs resolution to act as his “legacy”, as well as to fulfill the promise he made in San Francisco of a big party in Singapore.

My guess is that the resolution will approve the program in general, lay down some kind of timetable for its launch, and acknowledge that the Guidebook needs more work before it is rubber-stamped.

I think it’s likely that the days of seemingly endless cycles of redrafting and comment are over for good, however, which will come as a relief to many.

Developing nations

A big sticking point for the GAC is the price that new gTLD applicants from developing nations will have to pay – it wants eligible, needy applicants to get a 76% discount, from $185,000 to $44,000.

The GAC has called this issue something that needs sorting out “as a matter of urgency”, but ICANN’s policy is currently a flimsy draft in desperate need of work.

The so-called JAS working group, tasked with creating the policy, currently wants governmental entities excluded from the support program, which has made the GAC, predictably, unhappy.

The JAS has proven controversial in other quarters too, particularly the GNSO Council.

Most recently, ICANN director Katim Touray, who’s from Gambia, said the Council had been “rather slow” to approve the JAS’s latest milestone report, which, he said:

might well be construed by many as an effort by the GNSO to scuttle the entire process of seeking ways and means to provide support to needy new gTLD applicants

This irked Council chair Stephane Van Gelder, who rattled off a response pointing out that the GNSO had painstakingly followed its procedures as required under the ICANN bylaws.

Watch out for friction there.

Simply, there’s no way this matter can be put to bed in Singapore, but it will be the topic of intense discussions because the new gTLD program cannot sensibly launch without it.

The IANA contract

The US National Telecommunications and Information Administration wants to beef up the IANA contract to make ICANN more accountable to the NTIA and, implicitly, the GAC.

Basically, IANA is being leveraged as a way to make sure that .porn and .gay (and any other TLD not acceptable to the world’s most miserable regimes) never make it onto the internet.

If at least one person does not stand up during the public forum on Thursday to complain that ICANN is nothing more than a lackey of the United States, I’d be surprised. My money’s on Khaled Fattal.

Vertical integration

The eleventh hour surprise I referred to earlier.

The US Department of Justice, Antitrust Division, informed ICANN this week that its plan to allow gTLD registries such as VeriSign, Neustar and Afilias to own affiliated registrars was “misguided”.

I found the letter (pdf) utterly baffling. It seems to say that the DoJ would not be able to advise ICANN on competition matters, despite the fact that the letter itself contains a whole bunch of such advice.

The letter has basically scuppered VeriSign’s chances of ever buying a registrar, but I don’t think anybody thought that would happen anyway.

Neustar is likely to be the most publicly annoyed by this, given how vocally it has pursued its vertical integration plans, but I expect Afilias and others will be bugged by this development too.

The DoJ’s position is likely to be backed up by Europe, now that the NTIA’s Larry Strickling and European Commissioner Neelie Kroes are BFFs.

Cybercrime

Cybercrime is huge at the moment, what with governments arming themselves with legions of hackers and groups such as LulzSec and Anonymous knocking down sites like dominoes.

The DNS abuse forum during ICANN meetings, slated for Monday, is usually populated by pissed-off cops demanding stricter enforcement of Whois accuracy.

They’ve been getting louder during recent meetings, a trend I expect to continue until somebody listens.

This is known as “engaging”.

Geek stuff

IPv6, DNSSEC and Internationalized Domain Names, in other words. There are sessions on all three of these important topics, but they rarely gather much attention from the policy wonks.

With IPv6 and DNSSEC, we’re basically looking at problems of adoption. With IDNs, there’s impenetrably technical stuff to discuss relating to code tables and variant strings.

The DNSSEC session is usually worth a listen if you’re into that kind of thing.

The board meeting

Unusually, the board’s discussion of the Guidebook has been bounced to Monday, leading to a Friday board meeting with not very much to excite.

VeriSign will get its .net contract renewed, no doubt.

The report from the GAC-board joint working group, which may reveal how the two can work together less painfully in future, also could be interesting.

Anyway…

Enough of this blather, I’ve got a plane to catch.