European privacy regulators have slammed the new 2013 Registrar Accreditation Agreement, saying it would be illegal for registrars based in the EU to comply with it.
The Article 29 Working Party, which comprises privacy regulators from the 27 European Union nations, had harsh words for the part of the contract that requires registrars to store data about registrants for two years after their domains expire.
In a letter (pdf) to ICANN last month, Article 29 states plainly that such provisions would be illegal in the EU:
The fact that these personal data can be useful for law enforcement does not legitimise the retention of these personal data after termination of the contract. Because there is no legal ground for the data processing, the proposed data retention requirement violates data protection law in Europe.
The 2013 RAA allows any registrar to opt out of the data retention provisions if it can prove that to comply would be illegal its own jurisdiction.
The Article 29 letter has been sent to act as blanket proof of this for all EU-based registrars, but it’s not yet clear if ICANN will treat it as such.
The letter goes on to sharply criticize ICANN for allowing itself to be used by governments (and big copyright interests) to circumvent their own legislative processes. It says:
The fact that these data may be useful for law enforcement (including copyright enforcement by private parties) does not equal a necessity to retain these data after termination of the contract.
the Working Party reiterates its strong objection to the introduction of data retention by means of a contract issued by a private corporation in order to facilitate (public) law enforcement.
If there is a pressing social need for specific collections of personal data to be available for law enforcement, and the proposed data retention is proportionate to the legitimate aim pursued, it is up to national governments to introduce legislation
So why is ICANN trying to get many of its registrars to break the law?
While it’s tempting to follow the Article 29 WP’s reasoning and blame law enforcement agencies and the Governmental Advisory Committee, which pushed for the new RAA to be created in the first place, the illegal data retention provisions appear to be entirely ICANN’s handiwork.
The original law enforcement demands (pdf) say registrars should “securely collect and store” data about registrants, but there’s no mention of the period for which it should be stored.
And while the GAC has expressly supported the LEA recommendations since 2010, it has always said that ICANN should comply with privacy laws in their implementation.
The GAC does not appear to have added any of its own recommendations relating to data retention.
However, the European Commission’s GAC representative then seemed to dismiss the WP’s concerns during ICANN’s public meeting in Toronto last October.
Perhaps ICANN was justifiably confused by these mixed messages.
According to Michele Neylon, chair of the Registrars Stakeholder Group, it has yet to respond to European registrars’ inquiries about the Article 29 letter, which was sent June 6.
“We hope that ICANN staff will take the letter into consideration, as it is clear that the data protection authorities do not want create extra work either for themselves or for registrars,” Neylon said.
“For European registrars, and non-European registrars with a customer base in the EU, we look forward to ICANN staff providing us with clarity on how we can deal with this matter and respect EU and national law,” he said.
The US government is set to allow the Governmental Advisory Committee to kill off Amazon’s application for .amazon, along with eight other new gTLDs with geographic flavors.
In a position paper published last night, the National Telecommunications and Information Administration said:
the United States is willing in Durban to abstain and remain neutral on .shenzen (IDN in Chinese), .persiangulf, .guangzhou (IDN in Chinese), .amazon (and IDNs in Japanese and Chinese), .patagonia, .yun, and .thai, thereby allowing the GAC to present consensus objections on these strings to the Board, if no other government objects.
According to a GAC source, US protests were the “only reason” the GAC was unable to reach a consensus objection to these applications during the Beijing meeting three months ago.
Consensus would strengthen the objection, giving the ICANN board the presumption that the applications, some of which have already passed Initial Evaluation, should not be approved.
None of the nine applications in question met ICANN’s strict definition of a “geographic” string, but they nevertheless look geographic enough to raise concerns with GAC members.
Amazon’s application for .amazon raised the eyebrows of the Latin American countries that share the Amazonia region.
The company has been in talks with these GAC members since Beijing. If it wants to secure .amazon, it has a little over a week to address their concerns, if it wants to avoid an objection.
While the US is now promising to drop its objection to the GAC’s objection, it does not appear to have changed its position, claiming that governments have no rights to geographic strings. NTIA said:
The United States affirms our support for the free flow of information and freedom of expression and does not view sovereignty as a valid basis for objecting to the use of terms, and we have concerns about the effect of such claims on the integrity of the process.
the United States is not aware of an international consensus that recognizes inherent governmental rights in geographic terms.
It’s calling for a rethink of the process, during the mandatory review of the new gTLD program that ICANN must conduct before accepting a second round of applications.
Given that the GAC currently has the ability to object to any string for any reason, it’s difficult to see how a review could achieve the NTIA’s goal without reining in the GAC’s powers.
DotConnectAfrica and GCCIX WLL have become the first new gTLD applicants to have their applications — for .africa and .gcc respectively — officially flagged as “Not Approved” by ICANN.
Both were killed by Governmental Advisory Committee advice.
While GCC had passed its Initial Evaluation already, DCA’s IE results report (pdf), which were published last night, simply states: “Overall Initial Evaluation Summary: Incomplete”.
In both cases the decision to flunk the applications was taken a month ago by ICANN’s New gTLD Program Committee.
DCA filed a formal Reconsideration Request (pdf), challenging the decision in typically incomprehensible style, on June 19, threatening to take ICANN to an Independent Review Panel (ICANN’s very expensive court of appeals) if it does not overturn its decision.
Here’s a sample:
We have no intention of withdrawing our application against the backdrop that we rightly believe that the Board decision is injudicious, very wrong and injurious to our application and to our organizational aspirations. We are placing faith in the possibility that this particular communication will serve the purpose of causing the ICANN Board to have a rethink, and see the wisdom in allowing DCA Trust to continue to participate in the new gTLD Program without the necessity of going to an Independent Review Process (IRP) Panel to challenge the ICANN Board Decision which we presently disagree with in the most absolute terms.
The Board Governance Committee, which handles Reconsideration Requests, has a sturdy track record of denying them, so I think the chances of DCA’s being approved are roughly zero.
But if the company is nutty enough to try its hand at an IRP, which could quite easily set it back a few million dollars in legal fees, the story might not be over yet.
The GAC didn’t like DCA’s .africa bid because African governments back UniForum, DCA’s South Africa-based competitor for the string.
Had the application made it to Initial Evaluation — its processing number wasn’t up for a few weeks — it would have been flunked by the Geographic Names Panel due to its lack of support anyway.
GCC’s application for .gcc was also rejected by the GAC on geographic grounds. It stands for Gulf Cooperation Council, and the Persian/Arabian Gulf nations in question didn’t support the bid.
Also today, the American insurance company Allstate withdrew its applications for .carinsurance and .autoinsurance. Both were single-registrant “closed generics”, which ICANN has indicated might not be approved, also due to GAC advice.
ICANN has approved the standard registry contract for new gTLD registries after many months of controversy.
But its New gTLD Program Committee has also decided to put hundreds more applications on hold, pending talks with the Governmental Advisory Committee about its recent objections.
The new Registry Agreement is the baseline contract for all new gTLD applicants. While some negotiation on detail is possible, ICANN expects most applicants to sign it as is.
Its approval by the NGPC yesterday — just a couple of days later than recently predicted by ICANN officials — means the first contracts with applicants could very well be signed this month.
But a preliminary reading of today’s document suggests that the other changes made since the previous version, published for comment by ICANN in April, are relatively minor.
There have been no big concessions to single-registrant gTLD applicants, such as dot-brands, and ICANN admitted that it may have to revise the RA in future depending on how those discussions pan out.
In its resolution, the NGPC said:
ICANN is currently considering alternative provisions for inclusion in the Registry Agreement for .brand and closed registries, and is working with members of the community to identify appropriate alternative provisions. Following this effort, alternative provisions may be included in the Registry Agreement.
But many companies that have already passed through Initial Evaluation now have little to worry about in their path to signing a contract with ICANN and proceeding to delegation.
“New gTLDs are now on the home stretch,” NGPC member Chris Disspain said in a press release “This new Registry Agreement means we’ve cleared one of the last hurdles for those gTLD applicants who are approved and eagerly nearing that point where their names will go online.”
Hundreds more, however, are still in limbo.
The NGPC also decided yesterday to put a hold on all “Category 1″ applications singled out for advice in the Governmental Advisory Committee’s Beijing communique.
That’s a big list, comprising hundreds of applications that GAC members had concerns about.
The NGPC resolved: “the NGPC directs staff to defer moving forward with the contracting process for applicants who have applied for TLD strings listed in the GAC’s Category 1 Safeguard Advice, pending a dialogue with the GAC.”
That dialogue is expected to kick off in Durban a little over a week from now, so the affected applicants may not find themselves on hold for too long.
Negotiations, however, are likely to be tricky. As the NGPC’s resolution notes, most people believe the Beijing communique was “untimely, ill-conceived, overbroad, and too vague to implement”.
Or, as I put it, stupid.
By the GAC’s own admission, its list of strings is “non-exhaustive”, so if the delay turns out to have a meaningful impact on affected applicants, expect all hell to break loose.
Dozens of new gTLD applicants will be breathing a sigh of relief this morning as ICANN said it will allow single and plural versions of the same gTLD to co-exist after all.
The decision, made Tuesday by ICANN’s New gTLD Program Committee, affects at least 98 applications. It said:
NGPC has determined that no changes are needed to the existing mechanisms in the Applicant Guidebook to address potential consumer confusion resulting from allowing singular and plural versions of the same string.
It was in response to the Governmental Advisory Committee, which had advised ICANN to “reconsider its decision to allow singular and plural versions of the same strings.”
Because of the wording of the advice, ICANN is able to disagree with the the GAC’s opinion that “singular and plural versions of the string as a TLD could lead to potential consumer confusion” without triggering its bylaws provision that forces it into time-consuming GAC negotiations.
By “reconsidering” plural/singular coexistence and not doing anything, it has stuck to the letter of the advice.
In its reconsideration it reconsiderated whether it should overturn the findings of its independent String Similarity Panel, which did not believe any plural/singular pairs were confusingly visually similar.
It also used the coexistence of second-level plural and singular domains, registered to different people, as evidence that users would not find similar coexistence at the top level confusing.
The decision has potentially far-reaching consequences on the new gTLD program.
First, it could mean that some plural/singular pairs will be allowed to exist while others will not.
There are a handful of formal String Confusion Objections filed by applicants for gTLDs that have singular or plural competitors in the current round.
These string pairs are not currently in contention sets, but if the objectors prevail only one of the strings will survive to delegation.
Other string pairs have no objections and will be allowed to coexist. This may be fair in a sense, but it’s not uniform nor predictable.
(One wonders if the String Confusion Objection arbitration panels will use ICANN’s ruling this week in their own decision-making process, which could open a can of worms.)
Second, I think the decision might encourage bad business practices by registries.
My beef with coexistence
I don’t think coexistence is a wholly terrible idea, but I do think it will have some negative effects, as I’ve expressed in the past.
First, I think it’s going to lead to millions of unnecessary defensive registrations.
And by “defensive” I’m not talking about companies protecting their trademarks. Whether you think they’re adequate or not, trademark owners already have protections in new gTLDs.
I’m talking about regular domain registrants, small businesses, entrepreneurs and so on. These people are going to find themselves buying two domains when they only need one.
Let’s say you’re Mad John’s Autos, and you’re registering madjohn.auto. You get to the checkout and Go Daddy offers you the matching .autos domain. Assuming similar pricing, you’d definitely register it, right?
You’ve always got to assume a certain subset of users will get confused and either wind up at a dead URL or a competitor’s site. It’s simpler just to defensively register both.
What if one was priced a little higher than the other? Maybe you’d still register it. How big would the price differential have to be before you decided not to buy the plural duplicate?
Buying two domains instead of one may not be a huge financial burden to individual registrants, but it’s going to lead to situations where gTLDs exist in symbiotic — or parasitic — pairs.
If you run the .auto registry, you may find that your plural competitor is spending so much on marketing .autos that you don’t need to lift a finger in order to sell millions of domain names.
Just make sure you’re partnered with the same registrars and bingo: you’re up-sell.
Attractive business plan, right? You may disagree, but when ICANN opens the floodgates for the second round of new gTLD applications in a couple years, we’ll find out for sure.
Defenses of plural/singular gTLD coexistence often come from, unsurprisingly, the portfolio applicants that have applied for them and, presumably, may apply for them in future rounds.
“Singulars and plurals live together now on the [second-level domain] side,” Uniregistry said. “They create healthy competition and do not unduly confuse consumers to the point of annoyance.”
I wouldn’t disagree with that statement. Plural/singular coexistence may not confuse internet users to the point of danger or annoyance. But, I would argue, they do make people buy more domain names than they need to.
If you were buying autos.com today you’d definitely definitely buy auto.com as well and redirect it to autos.com. You’d be an idiot not too.
When I put this to Uniregistry execs privately several weeks ago, they disagreed with me. Nobody would bother with such duplicative/defensive domains, they said.
In response, I asked, cheekily: so why do you own uniregistries.com, redirecting it to uniregistry.com?
Another portfolio applicant, Donuts, also didn’t like the idea of plurals and singulars being mutually exclusive, according to this CircleID article. It doesn’t think they’re confusingly similar.
Yet a press release put out by the company last month accidentally said it planned to put its application for .apartment to auction.
The problem is that Donuts hasn’t applied for .apartment, it has applied for .apartments.
I feel rotten for highlighting a simple typo by a fellow media professional (I make enough of those) but isn’t that what we’re often talking about when discussing confusing similarity? Typos?
If the registry can get confused by its own applied-for strings, doesn’t that mean internet users will as well?
Oh, I’m a cybersquatter
Interestingly, ICANN’s belief that plurals are not confusing appears to be institutional.
At least, I discovered this morning that icanns.org, the plural of its primary domain, was available for registration.
So I bought it.
Let’s see how much traffic it gets.
If I get hit by a UDRP, that could be interesting too.