ICANN’s new domain Transfer Policy, which comes into effect tomorrow, creates risks for users of privacy/proxy services, registrars and others haved warned.
The policy could lead to private registrants having their contact information published in the public Whois for 60 days, the GNSO Council expects to formally tell ICANN this week.
“This could threaten privacy for at-risk registrants without clear benefit,” the Council says in a draft letter to the ICANN board.
The revised Transfer Policy was designed to help prevent domain hijacking.
The main change is that whenever there’s a “change of registrant”, the gaining and losing registrants both have to respond to confirmation emails before the change is processed.
However, “change of registrant” is defined in such a way that the confirmation emails would be triggered even if the registrant has not changed.
For example, if you change your last name in your Whois records due to marriage or divorce, or if you change email addresses, that counts as a change of registrant.
It now turns out that ICANN considers turning a privacy service on or off as a change of registrant, even though that only affects the public Whois data and not the underlying customer data held by the registrar.
The GNSO Council’s draft letter states:
ICANN has advised that any change to the public whois records is considered a change of registrant that is subject to the process defined through IRTP-C. Thus, turning a P/P service on or off is, from ICANN’s view, a change of registrant. It requires the CoR [change of registrant] process to be followed and more importantly could result in a registrant exposing his/her information in the public whois for 60 days. This could threaten privacy for at-risk registrants without clear benefit.
My understanding is that the exposure risk outlined here would only be to registrants who attempt to turn on privacy at their registrar then for whatever reason ignore, do not see or do not understand the subsequent confirmation emails.
Depending on implementation, it could lead to customers paying for a privacy service and not actually receiving privacy.
On the other side of the coin, it’s possible that an actual change in registrant might not trigger the CoR process if both gaining and losing registrants both use the same privacy service and therefore have identical Whois records.
The Council letter also warns about a possible increase in spam due to the changes:
many P/P services regularly generate new email addresses for domains in an effort to reduce spam. This procedure would no longer be possible, and registrants may be subject to unwanted messaging. Implementing the CoR for email changes that some providers do as often as every 3-5 days is not feasible.
ICANN has been aware of these issues for months. Its suggested solution is for registrars to make themselves the “Designated Agent” — a middleman permitted to authorize transfers — for all of their customers.
As we reported earlier this week, many large registrars are already doing this.
But registrars and the GNSO Council want ICANN to consider reinterpreting the new policy to exclude privacy/proxy services until a more formal GNSO policy can be created.
While the Policy Development Process that created the revised transfer rules wound up earlier this year, a separate PDP devoted to creating rules of privacy/proxy services is still active.
The Council suggests that this working group, known as PPSAI, could assume the responsibility of clearing up the mess.
In the meantime, registrars are rather keen that they will not get hit with breach notices by ICANN Compliance for failing to properly implement to what seems to be a complex policy.
Who needs rounds? The idea of allocating new gTLDs on a first-come, first-served basis is getting some consideration at this week’s ICANN 57 meeting.
Such a move could have profound implications on the industry, creating new business opportunities while scuppering others.
Whether to shift to a FCFS model was one of many issues discussed during a session today of the GNSO’s working group tasked with looking at the next new gTLD round.
Since 2000, new gTLDs have been allocated in strict rounds, with limited application windows and often misleading guidance about when the next window would open, but it’s not written in stone that that is the way it has to be.
The idea of switching to FCFS — where any company could apply for any gTLD at any time — is not off the table.
FCSC would not mean applicants would merely have to ask for a string and automatically be granted — there’d still be multiple phases of evaluation and opportunities for others to object, so it wouldn’t be just like registering a second-level domain.
Depending on how the new process was designed, doing away with rounds could well do away with the concept of “contention” — multiple applicants simultaneously vying for the same string.
This would basically eliminated the need for auctions entirely.
No longer would an applicant be able to risk a few hundred thousand bucks in application expenses in the hope of a big private auction pay-day. Similarly, ICANN’s quarter-billion-dollar pool of last-resort auction proceeds would grow no more.
That’s potentially an upside, depending on your point of view.
On the downside, and it’s a pretty big downside, a company could work on a solid, innovative gTLD application for months only to find its chances scuppered because a competitor filed an inferior application a day earlier.
A middle way, suggested during today’s ICANN 57 session, would be a situation in which the filing of an application starts a clock of maybe a few months during which other interested parties would be able to file their own applications.
That would keep the concept of contention whilst doing away with the restrictive round-based structure, but would present plenty of new opportunities for exploitation and skulduggery.
Another consequence of the shift to FCSC could be to eliminate the concept of Community gTLDs altogether, it was suggested during today’s session.
In 2012, applicants were given the opportunity to avoid auction if they could meeting exacting “Community” standards. The trade-off is that Community gTLDs are obliged to be restricted to their designated community.
If FCSC led to contention going away, there’d be no reason for any applicant to apply for a Community gTLD that could unnecessarily burden their business model in future.
For those strongly in favor of community gTLDs, such as governments, this could be an unwelcome outcome.
Instinctively, I think FCSC would be a bad idea, but I think I’d be open to persuasion.
I think the main problem with the round-based structure today is that it’s unpredictable — nobody knows when the next round is likely to be so it’s hard to plan their new gTLD business ideas.
Sure, FCSC would bring flexibility, allowing companies to apply at times that are in tune with their business objectives, but the downsides could outweigh that benefit.
Perhaps the way to reduce unpredictability would be to put application windows on a predictable, reliable schedule — once a year for example — as was suggested by a participant or two during today’s ICANN 57 session.
The discussions in the GNSO are at a fairly early stage right now, but a switch to FCSC would be so fundamental that I think it needs to be adopted or discarded fairly quickly, if there’s ever going to be another application round.
ICANN’s transition away from US government oversight is not even a month old and the same old bullshit power struggles and existential threats appear to be in play as strongly as ever.
Governments, via the chair of the Governmental Advisory Committee, last week yet again threatened that they could withdraw from ICANN and seek refuge within the UN’s International Telecommunications Union if they don’t get what they want from the rest of the community.
It’s the kind of thing the IANA transition was supposed to minimize, but just weeks later it appears that little has really changed in the rarefied world of ICANN politicking.
Thomas Schneider, GAC chair, said this on a conference call between the ICANN board and the Generic Names Supporting Organization on Thursday:
I’m just urging you about considering what happens if many governments consider that this system does not work. They go to other institutions. If we are not able to defend public interest in this institution we need to go elsewhere, and this is exactly what is happening currently at the ITU Standardization Assembly.
This is a quite explicit threat — if governments don’t like the decisions ICANN makes, they go to the ITU instead.
It’s the same threat that has been made every year or two for pretty much ICANN’s entire history, but it’s also something that the US government removing its formal oversight of ICANN was supposed to help prevent.
So what’s this “public interest” the GAC wants to defend this time around?
It’s protections for the acronyms of intergovernmental organizations (IGOs) in gTLDs, which we blogged about a few weeks ago.
IGOs are bodies ranging from the relatively well-known, such as the World Health Organization or World Intellectual Property Organization, to the obscure, such as the European Conference of Ministers of Transport or the International Tropical Timber Organization.
According to governments, the public interest would be served if the string “itto”, for example, is reserved in every new gTLD, in other words. It’s not known if any government has passed laws protecting this and other IGO strings in their own ccTLDs, but I suspect it’s very unlikely any have.
There are about 230 such IGOs, all of which have acronyms new gTLD registries are currently temporarily banned from selling as domains.
The multi-stakeholder GNSO community is on the verge of coming up with some policy recommendations that would unblock these acronyms from sale and grant the IGOs access to the UDRP and URS mechanisms, allowing them to reclaim or suspend domains maliciously exploiting their “brands”.
The responsible GNSO working group has been coming up with these recommendations for over two years.
While the GAC and IGOs were invited to participate in the WG, and may have even attended a couple of meetings, they decided they’d have a better shot at getting what they wanted by talking directly to the ICANN board outside of the usual workflow.
The WG chair, Phil Corwin of the Internet Commerce Association, recently described IGO/GAC participation as a “near boycott”.
This reluctance to participate in formal ICANN policy-making led to the creation of the so-called “small group”, a secretive ad hoc committee that has come up with an opposing set of recommendations to tackle the same IGO acronym “problem”.
I don’t think it’s too much of a stretch to call the the small group “secretive”. While the GNSO WG’s every member is publicly identified, their every email publicly archived, their every word transcribed and published, ICANN won’t even say who is in the small group.
I asked ICANN for list of its members a couple of weeks ago and this is what I got:
The group is made up of Board representatives from the New gTLD Program Committee (NGPC), primarily, Chris Disspain; the GAC Chair; and representatives from the IGO coalition that first raised the issue with ICANN and some of whom participated in the original PDP on IGO-INGO-Red Cross-IOC protections – these would include the OECD, the UN, UPU, and WIPO.
With the publication two weeks ago of the small group’s recommendations (pdf) — which conflict with the expect GNSO recommendations — the battle lines were drawn for a fight at ICANN 57, which kicks off this week in Hyderabad, India.
Last Thursday, members of the GNSO Council, including WG chair Corwin, met telephonically with GAC chair Schneider, ICANN chair Steve Crocker and board small group lead Disspain to discuss possible ways forward.
What emerged is what Crocker would probably describe as a “knotty” situation. I’d describe it as a “process clusterfuck”, in which almost all the relevant parties appear to believe their hands are tied.
The GNSO Council feels its hands are tied for various reasons.
Council chair James Bladel explained that the GNSO Council doesn’t have the power to even enter substantive talks.
“[The GNSO Council is] not in a position to, or even authorized to, negotiate or compromise PDP recommendations that have been presented to use by a PDP working group and adopted by Council,” he said.
He went on to say that while the GNSO does have the ability to revisit PDPs, to do so would take years and undermine earlier hard-fought consensus and dissuade volunteers from participating in policy making. He said on the call:
By going back and revisiting PDPs we both undermine the work of the community and potentially could create an environment where folks are reluctant to participate in PDPs and just wait until a PDP is concluded and then get engaged at a later stage when they feel that the recommendations are more likely adopted either by the board or reconciled with GAC advice.
He added that contracted parties — registries and registrars — are only obliged to follow consensus policies that have gone through the PDP process.
Crocker and Disspain agreed that the the GAC and the GNSO appear to have their hands tied until the ICANN board makes a decision.
But its hands are also currently tied, because it only has the power to accept or reject GNSO recommendations and/or GAC advice, and it currently has neither before it.
Chair Crocker explained that the board is not able to simply impose any policy it likes — such as the small group recommendations, which have no real legitimacy — it’s limited to either rejecting whatever advice the GAC comes up with, rejecting whatever the GNSO Council approves, or rejecting both.
The GNSO WG hasn’t finished its work, though the GNSO Council is likely to approve it, and the GAC hasn’t considered the small group paper yet, though it is likely to endorse it it.
Crocker suggested that rejecting both might be the best way to get everyone around a table to try to reach consensus.
Indeed, it appears that there is no way, under ICANN’s processes, for these conflicting views to be reconciled formally at this late stage.
WG chair Corwin said that any attempt to start negotiating the issue before the WG has even finished its work should be “rejected out of hand”.
With the GNSO appearing to be putting up complex process barriers to an amicable way forward, GAC chair Schneider repeatedly stated that he was attempting to reach a pragmatic solution to the impasse.
He expressed frustration frequently throughout the call that there does not appear to be a way that the GAC’s wishes can be negotiated into a reality. It’s not even clear who the GAC should be talking to about this, he complained.
He sounds like he’s the sensible one, but remember he’s representing people who stubbornly refused to negotiate in the WG over the last two years.
Finally, he raised the specter of governments running off to the UN/ITU, something that historically has been able to put the willies up those who fully support (and in many cases make their careers out of) the ICANN multistakeholder model.
Here’s a lengthier chunk of what he said, taken from the official meeting transcript:
If it turns out that there’s no way to change something that has come out of the Policy Development Process, because formally this is not possible unless the same people would agree to get together and do the same thing over again, so maybe this is what it takes, that we need to get back or that the same thing needs to be redone with the guidance from the board.
But if then nobody takes responsibility to — in case that everybody agrees that there’s a public interest at stake here that has not been fully, adequately considered, what — so what’s the point of this institution asking governments for advice if there’s no way to actually follow up on that advice in the end?
So I’m asking quite a fundamental question, and I’m just urging you about considering what happens if many governments consider that the system does not work. They go to other institutions. They think we are not able to defend public interest in this institution. We need to go elsewhere. And this is exactly what is happening currently at the ITU Standardization Assembly, where we have discussions about protection of geographic names because — and I’m not saying this is legitimate or not — but because some governments have the feeling that this hasn’t been adequately addressed in the ICANN structure.
I’m really serious about this urge that we all work together to find solutions within ICANN, because the alternative is not necessarily better. And the world is watching what signals we give, and please be aware of that.
The proposal calls for governments to get more rights to oppose geographic new gTLD applications more or less arbitrarily.
It emerged not from any failure of ICANN policy — geographic names are already protected at the request of the GAC — but from Africa governments being pissed off that .africa is still on hold because DotConnectAfrica is suing ICANN in a California court and some batty judge granted DCA a restraining order.
It’s not really relevant to the IGO issue, nor especially relevant to the issue of governments failing to influence ICANN policy.
The key takeaway from Schneider’s remarks for me is that, despite assurances that the IANA transition was a way to bring more governments into the ICANN fold rather than seeking solace at the UN, that change of heart is yet to manifest itself.
The “I’m taking my ball and going home” threat seems to be alive and well for now.
Verisign could be running a “thick” Whois database for .com, .net and .jobs by mid-2017, under a new ICANN proposal.
A timetable published this week would see the final three hold-out gTLDs fully move over to the standard thick Whois model by February 2019, with the system live by next August.
Some people believe that Verisign might use the move as an excuse to increase .com prices.
Thick Whois is where the registry stores the full Whois record, containing all registrant contact data, for every domain in their TLD.
The three Verisign TLDs currently have “thin” Whois databases, which only store information about domain creation dates, the sponsoring registrar and name servers.
The model dates back to when the registry and registrar businesses of Verisign’s predecessor, Network Solutions, were broken up at the end of the last century.
But it’s been ICANN consensus policy for about three years for Verisign to eventually switch to a thick model.
Finally, ICANN has published for public comment its anticipated schedule (pdf) for this to happen.
Under the proposal, Verisign would have to start offering registrars the ability to put domains in its thick Whois by August 1 2017, both live via EPP and in bulk.
It would not become obligatory for registrars to submit thick Whois for all newly registered domains until May 1, 2018.
They’d have until February 1, 2019 to bulk-migrate all existing Whois records over to the new system.
Thick Whois in .com has been controversial for a number of reasons.
Some registrars have expressed dissatisfaction with the idea of migrating part of their customer relationship to Verisign. Others have had concerns that local data protection laws may prevent them moving data in bulk overseas.
The new proposal includes a carve-out that would let registrars request an exemption from the requirements if they can show it would conflict with local laws, which holds the potential to make a mockery out of the entire endeavor.
Some observers also believe that Verisign may use the expense of building and operating the new Whois system as an excuse to trigger talks with ICANN about increasing the price of .com from its current, frozen level.
Under its .com contract, Verisign can ICANN ask for a fee increase “due to the imposition of any new Consensus Policy”, which is exactly what the move to thick Whois is.
Whether it would choose to exercise this right is another question — .com is a staggeringly profitable cash-printing machine and this Whois is not likely to be that expensive, relatively speaking.
The proposed implementation timetable is open for public comment until December 15.
The ICANN community and United Nations agencies are heading for a clash, with governments accused this morning of trying to bypass the ICANN policy-making process.
According to the leader of an ICANN volunteer working group, governments and UN-affilated intergovernmental organizations (IGOs) have circumvented the usual ICANN consensus-building process in order to extract the policies they want directly from the ICANN board of directors and staff.
It’s the first time since the IANA transition, which happened less than a week ago, that governments have been accused of exploiting their special access to the board, and it may become a hot topic at next month’s ICANN 57 meeting in India.
Governments and UN agencies now stand accused of “bypassing the ICANN community” in order to achieve their policy goals.
But the policy being debated is not directly linked to the IANA transition, nor to the thoroughly debunked notion that the UN has taken over ICANN.
Indeed, the issue in question — the permanent protection of IGO acronyms in gTLDs — is almost embarrassingly narrow and predates the announcement of the IANA transition by at least three years, going back to at least 2011.
Basically, the policy questions that look set to cause even more conflict between governments and others are: should IGO acronyms be protected, and if so, how?
IGO acronyms are strings such as WIPO, UNESCO and OECD.
The ICANN board punted this question in May 2014, when it received conflicting advice from the Governmental Advisory Committee and Generic Names Supporting Organization.
Since then, a GNSO Policy Development Process working group has been working on recommendations. It has not yet issued its initial findings, but is close.
Simultaneously and separately, members of ICANN’s board and staff have been quietly talking to a handful of GAC members and IGOs about the same issue in what has become known as the “small group”.
Because it’s small. And a group.
Yesterday, ICANN divulged the consensus of the small group in a letter (pdf) to the leaders of the GNSO Council.
Its recommendations conflict in almost every respect with what the GNSO working group intends to recommend.
The small group wants ICANN to create IGOs-acronyms-only versions of the Trademark Clearinghouse database, Trademark Claims service and UDRP and URS dispute resolution mechanisms — basically “functionally equivalent” mirrors of almost all of the rights protection mechanisms currently only available to trademark owners.
They would be administered at least partially by the GAC and at no cost to the IGOs themselves (presumably meaning ICANN would pick up the tab).
It seems like a disproportionate amount of faff considering the problem ICANN is trying to solve is the vanishingly small possibility that somebody attempts to cybersquat the United Nations Entity For Gender Equality And The Empowerment Of Women (UNWOMEN) or the Postal Union Of The Americas Spain And Portugal (PUASP).
A lot of it is also in direct opposition to what the GNSO WG plans to recommend, according to chair Phil Corwin and the current draft of the WG’s recommendations.
The WG currently plans to recommend that IGOs should be allowed to use the existing URS and UDRP mechanisms to take down or take over domains that use their acronyms in bad faith. It does not currently seem to recommend anything related to Trademark Claims.
A foundational disagreement relates to the status of IGOs under the law. While IGOs in the small group seem to think they are in a special category of entity that is not subject to regular trademark law, the WG hired expert legal counsel that determined the contrary.
Corwin, in his initial response to the small group letter, said that the implications of the debate go beyond how IGO acronyms should be protected.
IGOs carried out a “near boycott” of the GNSO PDP discussions, he wrote, preferring instead to talk to the small group “behind closed doors”. He wrote:
we continually urged members of the GAC, and IGOs, to participate in our WG. That participation was so sporadic that it amounted to a near-boycott, and when IGO representatives did provide any input they stressed that they were speaking solely as individuals and were not providing the official views of the organizations that employed them.
Of course, why should they participate in the GNSO policy processes when they are permitted to pursue their goals in extended closed door discussions with the Board, and when the Board seeks no input from the GNSO in the course of those talks?
He directly linked the timing of the small group report to the expiration last Friday of ICANN’s IANA functions contract with the US Department of Commerce, and suggested that the IGO acronym issue could be a litmus test for how ICANN and governments function together under the new oversight regime.
I note that transmission of the letter has been delayed until after the completion of the IANA transition, and that the post-transition role of governments within ICANN was a central controversy surrounding the transition.
What is at stake in this matter goes far beyond the relatively rare instance in which a domain registrant infringes upon the name or acronym of an IGO and the IGO seeks relief through a CRP [Curative Rights Protection mechanism]. The larger issue is whether, in a post-transition ICANN, the GAC and the UN agencies that comprise a large portion of IGOs, will participate meaningfully in GNSO policy activities, or will seek their policy aims by bypassing the ICANN community and engaging in direct, closed door discussions with the Board.
The financial effects of this seemingly interminable debate on the gTLD industry are probably pretty minor.
Currently, all new gTLDs have temporarily blocked, from launch, all of the IGO acronyms in question. That’s roughly 200 domains per gTLD that could otherwise be sold.
Many of the strings are three, four and five-letter acronyms that could fetch “premium” prices in the open market (though, in my judgement, not much more than a couple hundreds bucks in most cases).
A small number of the acronyms, such as WHO and IDEA, are potentially more valuable.
Off the top of my head and the back of an envelope, I’d put the cost to the industry as a whole of the IGO acronym blocks probably somewhere in the very low millions.
The harms being prevented are also very minor, in my view. With a small handful of exceptions, the IGOs in question are not attractive cybersquatting targets.
But, as is so often the case in ICANN matters, the arguments in this case boil down to matters of law, principle and process much more than practical impact.