Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
Should YOU have to pay when lawyers access your private Whois info?
The question of who should shoulder the costs of ICANN’s proposed Whois overhaul is being raised, with governments and others suggesting that the burden should fall on registrants themselves.
In separate statements to ICANN recently, the Governmental Advisory Committee and Security and Stability Advisory Committee both put forward the view that registrants, rather than the trademark lawyers behind most requests for private Whois data, should fund the system.
ICANN currently expects the so-called System for Standardized Access/Disclosure (SSAD), proposed after two years of talks in an ICANN community working group, to cost $9 million to build and another $9 million a year to operate.
The working group, known as the EPDP, has recommended in its final report that registrants “MUST NOT bear the costs for having data disclosed to third parties”.
Instead, it recommended that requestors themselves should pay for the system, probably via an annual accreditation fee.
But now the GAC and SSAC have issued minority statements calling that conclusion into question.
The GAC told ICANN (pdf):
While the GAC recognizes the appeal of not charging registrants when others wish to access their data, the GAC also notes that registrants assume the costs of domain registration services as a whole when they register a domain name.
While the SSAC said (pdf):
Data requestors should not primarily bear the costs of maintaining the system. Requestors should certainly pay the cost of getting accredited and maintaining their access to the system. But the current language of [EPDP Recommendation] 14.2 makes victims and defenders cover the costs of the system’s operation, which is unfair and is potentially dangerous for Internet security…
No previous PDP has protected registrants from having the costs associated with “core” registration services or the implementation of consensus policies being passed on to them. No previous PDP has tried to manipulate the functioning of market forces as is proposed in Recommendation 14.
SSAC suggested instead that registrars should be allowed to pass on the costs of SSAD to their customers, and/or that ICANN should subsidize the system.
Over 210 million gTLD domain names, $9 million a year would work out to less than five cents per domain, but one could argue there’s a principle at stake here.
Should registrants have to pay for the likes of Facebook (probably the biggest requestor of private Whois data) to access their private contact information?
The current proposed system would see the estimated $9 million spread out over a far smaller number of requestors, making the fee something like $450 per year.
EPDP member Milton Mueller did the math and concluded that any company willing to pay its lawyers hundreds of thousands of dollars to fight for greater Whois access in ICANN could certainly swallow a measly few hundred bucks a year.
But the minority objections from the GAC, SSAC and Intellectual Property Constituency do not focus wholly on the costs. They’re also bothered that SSAD doesn’t go nearly far enough to actually provide access to Whois data.
Under the current, temporary, post-GDPR system, registries and registrars basically use their own employees’ discretion when deciding whether to approve a Whois data request.
That wouldn’t change significantly under SSAD, but there would be a huge, multi-tiered system of accreditation and request-forwarding that’s been described as “glorified, overly complex and very expensive ticketing system”.
The GAC wants something much more automated, or for the policy to naturally allow increased automation over time. It also wants increased centralization, taking away much of the human decision-making at registrars out of the equation.
The response from the industry has basically been that if GDPR makes them legally liable for their customers’ data, then it’s the registries and registrars that should make the disclosure decisions.
The GAC has a great deal of power over ICANN, so there’s likely to be a bit of a fight about the EPDP’s outcomes and the future of SSAD.
The recommendations are due to be voted on by the GNSO Council at its meeting tomorrow, and as I’ve noted before, it could be tight.
Council chair Keith Drazek seems to be anticipating some lively debate, and he’s already warned fellow members that’s he’s not minded to approve any request for a delay on the vote, noting that the final report has been available for review for several weeks.
By convention, the Council will defer a vote on the request of any of its constituency groups, but this is sometimes exploited.
Should the Council approve the resolution approving the final report — which contains a request for further financial review of SSAD — then it will be forwarded to the ICANN board of directors for final discussion and approval.
But with the GAC on its case, with its special advisory powers, getting SSAD past the board could prove tricky.
The end of the beginning? ICANN releases policies for next round of new gTLDs
Over eight years after ICANN last accepted applications for new gTLDs and more than four years after hundreds of policy wonks first sat around the table to discuss how the program could be improved, the working group has published its draft final, novel-length set of policy recommendations.
Assuming the recommendations are approved, in broad terms the next round will be roughly similar to the 2012 round.
But almost every phase of the application process, from the initial communications program to objections and appeals, is going to get tweaked to a greater or lesser extent.
The recommendations came from the GNSO’s New gTLD Subsequent Procedures working group, known as SubPro. It had over 200 volunteer members and observers and worked for thousands of hours since January 2016 to come up with its Final Draft Report.
Some of the proposed changes mean the cost of an application will likely go down, while others will keep the cost artificially high.
Some changes will streamline the application process, others may complicate it.
Many of the “changes” to policy are in fact mere codifications of practices ICANN brought in unilaterally under the controversial banner of “implementation” in the 2012 round.
Essentially, the GNSO will be giving the nod retroactively to things like Public Interest Commitments, lottery-based queuing, and name collisions mitigation, which had no basis in the original new gTLDs policy.
But other contentious aspects of the last round are still up in the air — SubPro failed to find consensus on highly controversial items such as closed generics.
The report will not tell you when the next round will open or how much it will cost applicants, but the scope of the work ahead should make it possible to make some broad assumptions.
What it will tell you is that the application process will be structurally much the same as it was eight years ago, with a short application window, queued processing, objections, and contention resolution.
SubPro thankfully rejected the idea replacing round-based applications with a first-come, first-served model (which I thought would have been a gaming disaster).
The main beneficiaries of the policy changes appear to be registry service providers and dot-brand applicants, both of which are going to get substantially lowered barriers to entry and likely lower costs.
There are far too many recommendations for me to summarize them eloquently in one blog post, so I’m going to break up my analysis over several articles to be published over the next week or so.
In the meantime, ICANN has opened up the final draft report for public comment. You have until September 30.
The report notes that previously rejected comments will not be considered, so if your line is “New gTLDs suck! .com is King!” you’re likely to find your input falling on deaf ears.
After the comment period ends, and SubPro considers the comments, the report will be submitted to the GNSO Council for approval. Subsequently, it will need to be approved by the ICANN board of directors.
It’s not impossible that this could all happen this year, but there’s a hell of a lot of implementation work to be done before ICANN starts accepting applications once more. We could be looking at 2023 before the next window opens and 2024 before the next batch of new gTLDs start to launch.
UPDATE: This post was updated August 27, 2020 to clarify procedural and timing issues.
The pricey, complex, clusterfuck plan to reopen Whois
After a little more than two years, an ICANN working group has finalized the policy that could allow people to start accessing unredacted Whois records again.
Despite the turnaround time being relatively fast by ICANN standards, the Expedited Policy Development Process group has delivered what could be the most lengthy and complex set of policy recommendations I’ve seen since the policy work on new gTLDs over a decade ago.
Don’t get too excited if you’re itching to get your hands on Whois data once more. It’s a 171-page document containing over a hundred recommendations that’s bound to take ages to implement in full, if it even gets approved in the coming weeks.
I’d be surprised if it’s up and running fully before 2022 at the earliest. If and when the system does eventually come online, don’t expect to get it for free.
It’s already being slammed in multiple quarters, with one constituency saying it could result in a “multi-year-implementation resulting in a system which would effectively be a glorified, overly complex and very expensive ticketing system”.
Trademark owners are livid, saying the proposed policy completely fails to address their needs, and merely entrenches the current system of registrar discretion into formal ICANN policy.
The recommendations describe a proposed system called SSAD, for System for Standardized Access/Disclosure, which would be overseen by ICANN and enforced through its contracts with registries and registrars.
It’s a multi-tiered system involving a few primary functions, wrapped in about a thousand miles of red tape.
First and foremost, you’ve got the Central Gateway Manager. This would either be ICANN, or a company to which ICANN outsources. Either way, ICANN would be responsible for overseeing the function.
The gateway manager’s job is to act as a middleman, accepting Whois data requests from accredited users and forwarding them to registries and registrars for processing.
In order to access the gateway, you’d need to be accredited by an Accreditation Authority. Again, this might be ICANN itself or (more likely) a contractor.
The policy recommendations only envisage one such authority, but it could rely on a multitude of Identity Providers, entities that would be responsible for storing the credentials of users.
It’s possible all of these roles and functions could be bundled up in-house at ICANN, but it appears the far more likely scenario is that there will be a bunch of RFPs coming down the pike for hungry contractors later this year.
But who gets to get accredited?
Anyone with a “legitimate interest or other lawful basis”, it seems. The document is far from prescriptive or proscriptive when it comes to describing possible users.
But the recommendations do give special privileges to governments and government-affiliated entities such as law enforcement, consumer protection bodies and data privacy watchdogs.
For law enforcement agencies, the proposed policy would mandate fully automated processing at the gateway and at the registry/registrar. It sounds like cops would get pretty much instant access to all the Whois data they need.
Requests just the for city field of the record would also be fully automated, for any accredited requestor.
There would be at least three priorities of Whois request under the proposed system.
The first, “Urgent”, would be limited to situations that “pose an imminent threat to life, serious bodily injury, critical infrastructure (online and offline) or child exploitation”. Non-cops could use this method too. Contracted parties would have one business day or three calendar days to respond.
The second would be limited to ICANN-related procedures like UDRP and URS, and registrars would have a maximum of two business days to respond.
The third would encapsulate all other requests, with some priority given to fraud or malware-related requests. Response times here could be a long as 10 days.
I’m trying to keep it simple here, but a lot of the recommendations describe the aforementioned red tape surrounding each stage of the process.
Registrars and registries would be bound to service level agreements, there’d be appeals processes for rejected requests, there’d be logging, audits, reporting, methods to de-accredit users and methods for them to appeal their de-accreditation… basically a shedload of checks and balances.
And who’s going to pay for it all?
ICANN’s latest guesstimate is that SSAD will cost $9 million to build and another $8.9 million annually to operate.
It seems the main burden will be placed on the shoulders of the end-user requestors, which will certainly have to pay for accreditation (which would have to be renewed periodically) and may have to pay per-query too.
Trademark lawyers within the ICANN community are furious about this — not because they have to pay, but because SSAD functionality does “not come close to justifying the costs”.
They’d envisaged a system that would be increasingly automated as time went by, eventually enabling something pretty much like the old way of doing Whois lookups, but say the current proposals preclude that.
It’s also not impossible that the system could lead to higher fees for registrants.
The EPDP group is adamant that domain registrants should not have to pay directly when somebody queries their Whois data, and says the SSAD should be cheaper to run for registrars than the current largely manual system, but acknowledges there’s nothing ICANN can do to stop registrars raising their prices as a result of the proposed policy.
The recommendations say that ICANN should not take a profit from SSAD, but do not discount its contractors from making a fair return from their work.
Prices are, like much else described in this Final Report, still very much TBD. The EPDP working group was given a lot to accomplish in very little time, and there’s a lot of buck-passing going on.
And there’s no guarantee that the policy will even be approved in the short term, given the level of dissent from working group participants.
Before the recommendations become formal Consensus Policy — and therefore binding on all registries and registrars — they first have to be approved by the GNSO Council and then the ICANN board of directors.
The first opportunity for the GNSO Council to vote is at its meeting September 24, but it could be a very tight vote.
For an EPDP to pass, it needs a supermajority vote of the Council, which means a two-thirds majority of both “houses” — the Contracted Parties House (ie, registries and registrars) and the Non-Contracted Parties house — or a 75% approval in one house and a simple majority in the other.
The way things stand, it looks to me like the CPH will very likely vote 100% in favor of the proposal, which means that only seven out of the 13 NCPH members will have to vote in favor of the report in order for it to pass.
The NCPH is made up of six people from the Non-Commercial Stakeholders Group, which generally hold pro-privacy views and have already criticized the report as not going far enough to protect registrants’ data.
Six more NCPH members comprise two members each from the Intellectual Property Constituency, Business Constituency and Internet Service Providers Constituency.
The IPC and BC put their names to a joint minority statement in the Final Report saying that its recommendations:
amount to little more than affirmation of the [pre-EPDP] status quo: the elements of WHOIS data necessary to identify the owners and users of domain names are largely inaccessible to individuals and entities that serve legitimate public and private interests.
I’m chalking those four Council members down as reliable “no” votes, but they’ll need the support of the two ISP guys and the wildcard Nominating Committee appointee in order to bury this policy proposal.
If it does pass the Council, the next and final stage of approval for SSAD would be the ICANN board, probably at ICANN 69 in October.
But then ICANN would actually have to build the damn thing.
This would take many months of implementation and review, then there’d have to be multiple RFP processes to select the companies to write the software and build the infrastructure to run it, who’d then actually have to build and test it.
In the same guesstimate that put a $9 million price tag on the system, ICANN reckoned that it would take a full year for a third party to build and test SSAD. That’s not even taking registrar integration into account.
So, if you’re looking for streamlined Whois access again, you’d best think 2022 at the very earliest, if ever.
If you wish to read the EPDP working group’s Final Report, you can do so here (pdf).
UPDATE: This article originally misstated the date of the next GNSO Council meeting at which this proposal could be considered. It’s not August 20. It’s September 24, which means initial ICANN board consideration is out in October. Add another month to whatever timeline you were hoping for.
ICANN close to becoming $200 million gift-giver
Remember how ICANN raised hundreds of millions of dollars auctioning off new gTLD contracts, with only the vaguest of ideas how to spend the cash? Well, it’s coming pretty close to figuring out where the money goes.
The GNSO Council approved a plan last Thursday that will turn ICANN into a giver of grants, with some $211 million at its initial disposal.
And the plan so far does not exclude ICANN itself for applying to use the funds.
The plan calls for the creation of a new Independent Project Applications Evaluation Panel, which would be charged with deciding whether to approve applications for this auction cash.
Each project would have to fit these criteria:
- Benefit the development, distribution, evolution and structures/projects that support the Internet’s unique identifier systems;
- Benefit capacity building and underserved populations, or;
- Benefit the open and interoperable Internet
Examples given include improving language services, providing PhD scholarships, and supporting TLD registries and registrars in the developing world.
The evaluation panel would be selected “based on their grant-making expertise, ability to demonstrate independence over time, and relevant knowledge.” Diversity would also be considered.
While existing ICANN community members would not be banned from being on the panel, it’s being strongly discouraged. The plan over and over again stresses how there must be rigorous conflict-of-interest rules in place.
What’s less clear right now is what role ICANN will play in the distribution of funds.
The Cross-Community Working Group that came up with the proposal offers three possible mechanisms, but there was no strong consensus on any of them.
The one being pushed, “Mechanism A”, would see ICANN org create a new department — potentially employing as many as 20 new staff — to oversee applications and the evaluation panel.
Mechanism B would see the same department created, but it would work with an existing independent non-profit third party.
Mechanism C would see the function offloaded to a newly created “ICANN Foundation”, but ICANN’s lawyers are not keen on this idea.
The Intellectual Property Constituency was the lone dissenting voice at Thursday’s GNSO Council vote. The IPC says that support for Mechanism A actually came from a minority of CCWG participants, depending on how you count the votes.
It thinks that ICANN should divorce itself as far as possible from the administration of funds, and that not to do so creates the “unreasonable risk” of ICANN being perceived as “self-dealing”.
But as the plan stands, ICANN is free too plunder the auction funds at will anyway. ICANN’s board of directors said as long ago as 2018:
ICANN maintains legal and fiduciary responsibility over the funds, and the directors and officers have an obligation to protect the organization through the use of available resources. In such a case, while ICANN would not be required to apply for the proceeds, the directors and officers would have a fiduciary obligation to use the funds to meet the organization’s obligations.
It already took $36 million from the auction proceeds to rebuild its reserve fund, which had been diminished by ICANN swelling its ranks and failing to predict the success of the new gTLD market.
The CCWG also failed to come to a consensus on whether ICANN or its constituent parts should be banned from formally applying for funds through the program.
Because the plan is a cross-community effort, it needs to be approved by all of ICANN’s supporting organizations and advisory committees before heading to the ICANN board for final approval.
There also looks to be huge amount of decision-making and implementation work to be done before ICANN puts its hand in its pocket for anyone.
Trademark posse fails to block Whois privacy policy
The ICANN community’s move to enshrine Whois privacy into formal consensus policy is moving forward, despite votes to block it by intellectual property interests.
During a special meeting yesterday, the GNSO Council voted to approve a set of recommendations that would (probably) bring ICANN’s Whois policy into compliance with the General Data Protection Regulation.
But four councilors — Paul McGrady and Flip Petillion of the Intellectual Property Constituency and Marie Pattullo and Scott McCormick of the Business Constituency — voted against the compromise deal.
Their downvotes were not enough to block it from passing, however. It has now been opened for a month of public comments before being handed to the ICANN board of directors for final approval, whereupon it will become ICANN’s newest consensus policy and binding on all contracted parties.
McGrady, an lawyer with Winston Strawn, claimed that the Expedited Policy Development Process working group that came up with the recommendations failed to reach the level of consensus that it had claimed.
“The consensus call was broken,” he said, adding that the EPDP’s final report “reflects consensus where there really wasn’t any.”
The GNSO was due to vote 10 days ago, but deferred the vote at the request of the IPC and BC. McGrady said that both groups had tried to muster up support in their communities for a “yes” vote in the meantime, but “just couldn’t get there”.
Speaking for the BC from a prepared statement, Pattullo (who works for European brand protection group AIM) told the Council:
The report is a step backwards for BC members’ interests compared to the Temp Spec, especially as the legitimate purposes for collecting and processing data are insufficiently precise, and do not include consumer protection, cybercrime, DNS abuse and IP protection.
The Temp Spec is the Temporary Specification currently governing how registries and registrars collect and publish Whois data. It was created as an emergency measure by the ICANN board and is due to expire in May, where it will very probably be replaced by something based on the EPDP recommendations.
In response to the IPC/BC votes, Michele Neylon of the Registrars Constituency and Ayden Férdeline of the Non-Commercial Stakeholders Group read statements claiming that trademark interests had been given substantial concessions during the EPDP talks.
Neylon in particular had some harsh words for the holdout constituencies, accusing them of “bad faith” and pointing out that the EPDP spent thousands of hours discussing its recommendations.
“Our members would want any number of obligations this report contains to be removed, but despite the objections we voiced our support for the final product as a sign of compromise and support for the entire multistakeholder model,” he said.
“Given the objections of certain parts of the community it’s unclear how we can ask this group to carry on with the next phase of its work at the same pace,” he said. “Given the unwillingness of others to participate and negotiate in good faith, how can we ask our reps to spend hours compromising on this work when it’s clear others will simply wait until the last minute and withdraw their consent for hard-fought compromise.”
The EPDP had a hard deadline due to the imminent expiration of the Temp Spec, but that’s not true of its “phase two” work, which will explore possible ways trademark enforcers could get access to redacted private Whois data.
Unfortunately for the IP lobby, there’s a very good chance that this work is going to proceed at a much slower pace than phase one, which wrapped up in basically six months.
During yesterday’s Council call, both Neylon and NCSG rep Tatiana Tropina said that the dedication required of volunteers in phase one — four to five hours of teleconferences a week and intensive mailing list discussions — will not be sustainable over phase two.
They simply won’t be able to round up enough people with enough time to spare, they said.
Coincidentally, neither the registrars nor the non-coms have any strong desire to see a unified access solution developed any time soon, so a more leisurely pace suits them politically too.
It will be up to the EPDP working group, and whoever turns out to be its new chair, to figure out the timetable for the phase two work.
Kirikos lawyers up after ICANN etiquette fight
Domain investor George Kirikos has hired lawyers to send nastygrams to ICANN after a fight over the rules of etiquette on a working group mailing list.
Kirikos claims there’s a “campaign of intimidation” against him by fellow volunteers who do not agree with his opinions and forthright tone, but that he “has not done anything wrong”.
In response, ICANN CEO Goran Marby this evening revealed that he has assigned his general counsel and new deputy, John Jeffrey, to the case.
Even by ICANN standards, it’s a textbook case of a) manufacturing mountains out of molehills, and b) how it can become almost impossible to communicate like sensible human beings when everyone’s tangled in red tape.
The dispute started back in May, when Kirikos got into a fight with IP lawyer Greg Shatan on the mailing list of the Rights Protection Mechanisms working group.
Both men are volunteers on the group, which seeks to refine ICANN policy protecting trademark owners in gTLDs.
The argument was about the content of a World Intellectual Property Organization web page listing instances of UDRP cases being challenged in court.
Kirikos took a strident tone, to which Shatan took exception.
Shatan then reported Kirikos to the working group’s co-chairs, claiming a breach of the Expected Standards of Behavior — the informal code of conduct designed to prevent every ICANN discussion turning into a flame war and/or bare-knuckle alley fight.
Under GNSO PDP rules, working group volunteers have to agree to abide by the ESB. Group chairs have the ability to kick participants who repeatedly offend.
At this point, the sensible thing to do would have been for Shatan and Kirikos to hug it out and move on.
But this is ICANN.
What actually happened was a pointless procedural back-and-forth between Kirikos, Shatan, and working group chairs Phil Corwin of Verisign and Brian Beckham of WIPO, which resulted in Kirikos hiring two lawyers — Andrew Bernstein of Torys and regular ICANN participant Robin Gross of IP Justice.
It’s believed to be the first time a WG participant has hired counsel over a mailing list argument.
Far too boring to recount here, Corwin’s timeline of events can be found from page 24 of this transcript (pdf) of remarks delivered here in Barcelona during ICANN 63, while the Bernstein/Kirikos timeline can be found here (pdf).
The rub of it is that Kirikos reckons both Corwin and Beckham are biased against him — Beckham because Kirikos voted against his chairship, Corwin because of a similar dispute in a related working group earlier this year — and that the ESB is unenforceable anyway.
According to Bernstein: “Mr. Kirikos has strong concerns that whatever process ICANN purports to operate with respect to Mr. Shatan’s complaint, it will not be fairly or neutrally adjudicated.”
He added that Kirikos had said that “due to the precise language of Section 3.4 of the Working Group Guidelines, Mr. Shatan lacked a basis to initiate any complaint”.
That language allows complaints to be filed if the ESB is “abused”. According to Corwin’s account, Kirikos — well-known as a detail-oriented ICANN critic — reckons the correct term should be “violated”, which rendered the ESB “null and void and unenforceable” in this instance.
Bernstein has since added that the ICANN board of directors never intended the ESB to be anything but voluntary.
The sum of this appears to be that the dispute has had a chilling effect on the RPM working group’s ability to get anything done, consuming much of its co-chairs’ time.
Kirikos lawyering up seems to have compounded this effect.
Now, as ICANN 63 drew to a close this evening, CEO Marby said in a brief prepared statement that the WG’s work has “more or less stalled for the last several months” and that he’s assigned general counsel John Jeffrey to “look into the issues surrounding this matter”.
ICANN “takes the issue very seriously”, he said.
As well it might. The Kirikos/Shatan incident may have been blown waaaaay out of proportion, but at its core is a serious question about civil discourse in ICANN policy-making.
Personally, I hold out hope it’s not too late for everyone to hug it out and move on.
But this is ICANN.
It’s Drazek vs Dammak for GNSO Council chair
The chair of ICANN’s Generic Names Supporting Organization Council is contested this year, with a registry veep facing off against a software engineer.
The nomination from the contracted parties house is US-based Keith Drazek, Verisign’s VP of policy and government relations.
He’ll be opposed by non-contracted parties nominee and current vice-chair Rafik Dammak, a Tunisian working as a software engineer for NTT Communications (which is technically a contracted party due its dot-brand gTLD) in Japan.
Both men are long-time, active members of the ICANN community and GNSO.
The Council will pick its new chair about a month from now at the ICANN 63 meeting in Barcelona.
The winner will replace lawyer Heather Forrest, the non-contracted party who took the seat after an unopposed vote a year ago.
Is the new Whois policy group already doomed to fail?
ICANN’s Generic Names Supporting Organization has set itself extremely aggressive, some might say impossible, targets for its emergency Whois policy work.
The GNSO Council on Thursday approved the charter for a new working group that will attempt to come up with a consensus policy for how to amend the Whois system in light of the EU’s General Data Protection Regulation.
But the vote was not unanimous — three of the six Non-Commercial Stakeholder Group councilors abstained largely because they think intellectual property interests have managed to capture the discussion before it has begun.
The three abstentions were independent consultant Ayden Ferdeline, cybersecurity policy researcher Tatiana Tropina, and privacy consultant Stephanie Perrin.
Tropina said during the Thursday meeting: “I cannot vote ‘yes’ for a document that in my opinion has parts that are not properly worded and, instead of setting the scope of the EPDP [Expedited Policy Development Process] work, set up multiple possibilities to get the work sidetracked.”
She and Ferdeline pointed specifically to section J of the approved charter (pdf), which addresses “reasonable access” to non-public Whois data.
This is the part of the policy work that will decide whether, and to what extent, entities such as trademark owners and cybersecurity researchers will be able to peek behind the curtain of post-GDPR personal data redactions and see who actually owns domain names.
There are several “gating” questions that the working group must answer before it gets to J, however, such as: what data should be collected by registrars, how data transfer to registries should be handled, and are the reasons for this data to be collected all valid?
But when it comes to section J, the abstaining NCSG councilors reckon that the Intellectual Property Community has managed to sneak in the notion that its members should get access to private data as a fait accompli. Section J reads in part:
What framework(s) for disclosure could be used to address (i) issues involving abuse of domain name registrations, including but not limited to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection, (ii) addressing appropriate law enforcement needs, and (iii) provide access to registration data based on legitimate interests not outweighed by the fundamental rights of relevant data subjects?
Ferdeline said in his abstention:
I believe that Section J includes, first and foremost, questions that unnecessarily expand the scope of this EPDP and put perceived answers — rather than genuine, open ended questions — into this important document. Overall I think this section of the charter’s scope is unnecessary and will not allow the EPDP team to complete their work in a timely manner.
Tropina said J “poses the questions that, first of all, imply by default that issues related to intellectual property protection and consumer protection require the disclosure of personal data”, adding that she was bewildered that IP interests had been lumped in with security concerns:
This wording fails me: as I am criminal lawyer working in the field of frameworks for cybercrime investigation, I do not see why cybercrime investigations are separated from law enforcement needs and go to the same basket with intellectual property protection as they are on a completely different level of legitimate demands
In short, the newly approved EPDP charter has been framed in such a way as to make discussions extremely fractious from the outset, pitting privacy interests against those of the trademark lobby on some of the most divisive wedge issues.
This is problematic given that the working group has an extremely aggressive schedule — its members have not yet even been named and yet it expects to produce its Initial Report shortly after ICANN 63, which ends October 25 this year.
It’s an absurdly short space of time to resolve questions that have dogged ICANN for almost two decades.
Will this pressure to come to agreement against the clock work in favor of the trademark community, or will it doom the policy-making process to deadlock?
Attempting to steer the WG through this minefield will be Kurt Pritz, who was confirmed by the Council as its neutral chair on Thursday, as DI first reported a week ago.
The make-up of the group has also proved contentious.
While it is a GNSO process that would lead to a Consensus Policy binding on all gTLD registries and registrars, the decision has been made to bring in voices from other areas of the community, such as the Country Code Names Supporting Organization, which will not be directly affected by the resulting policy.
There will be 29 members in total, not counting the non-voting chair.
The GNSO gets 18 of these seats at the table, comprising: three registries, three registrars, two IPC members, two ISPs, two Business Constituency members, six NCSG members (which, I imagine would be split between the privacy-focused NCUC and more IP-friendly NPOC).
But also joining the group on an equal footing will be two members of the Root Server System Advisory Committee (I’ve no idea why), two from the Security and Stability Advisory Committee, two from the ccNSO, two from the At-Large Advisory Committee and three from the Governmental Advisory Committee.
The actual individuals filling these seats will be named by their respective constituencies in the next few days, ahead of the first WG meeting July 30.
It has been said that these people could expect to devote north of 30 hours a week (unpaid of course, though any necessary travel will be comp’d) to the discussions.
Pritz to be named chair of Whois group
Former ICANN senior vice president Kurt Pritz is expected to be named chair of the group tasked with reforming Whois in the post-GDPR world.
Sources familiar with the situation tell DI that Pritz was selected from three candidates who put themselves forward for the grueling policy-making task.
I’m told that choice was made by GNSO Council’s leadership and selection committee (minus Pritz’s wife, Donna Austin, who recused herself) and will have to be confirmed by the full Council when it meets this Thursday.
Pritz would chair the GNSO’s first-ever Expedited Policy Development Process working group, which is expected to provide an ICANN community response to ICANN org’s recent, top-down Temporary Specification for Whois.
The Temp Spec, written by ICANN in response to the GDPR privacy law, is the thing that is contractually forcing all gTLD registries and registrars to redact personal information from their public Whois records.
Because it’s temporary, it will expire May 24 next year, one year after it came into effect.
The EPDP will put the force of community consensus behind the policy that replaces it, but it’s unlikely to differ a great deal from the Temp Spec, so it would be unwise to get your hopes up that Whois will return to pre-GDPR levels of accessibility — ICANN policy cannot overrule the law.
The EPDP chair’s job is expected to be extremely taxing. During the recent ICANN meeting in Panama, it was said that regular, non-chair working group members could be expected to commit as much as 30 hours a week to the project.
ICANN expects that the EPDP’s core work should be complete before ICANN 63, which begins October 20, with its final report due next February.
Given that the ICANN community has failed to come to much consensus on anything Whois related for two decades, these are extremely aggressive targets.
To maintain focus, the EPDP group is going to be kept relatively small, but there’s still bickering about the make-up of the group, with non-commercial interests upset the commercial side of house is getting more representation.
The chair’s role was therefore potentially controversial — neutrality was seen as a key quality when ICANN advertised the gig a couple of weeks ago.
Pritz currently works for the .art new gTLD registry operator UK Creative Ideas, so technically he would be in the Registries Stakeholder Group.
But he’s also one of the key architects of the new gTLD program, ICANN’s point man on the application process before his resignation in late 2012, so he has extensive experience herding cats in a relatively neutral way.
Since then, he’s had stints as a consultant and as executive director of the Domain Name Association.
Whois working group imploding in GDPR’s wake
An ICANN working group devoted to Whois policy is looking increasingly dead after being trumped by incoming European Union privacy law.
Registration Data Services PDP working group chair Chuck Gomes threw in the towel late last week, resigning from the group shortly after cancelling proposed face-to-face meetings scheduled for the Panama ICANN meeting in June.
That followed his announcement last month that the WG’s teleconferences were to be put on hold while ICANN works out how to respond to the General Data Protection Regulation, which comes into effect May 25, 11 days from now.
The WG had been working on ICANN’s future Whois policy since November 2015 but faced the usual impasses that occur whenever the various sides of the ICANN community face off over privacy.
Gomes, a former Versign executive who retired almost a year ago but stuck around to chair the RDS group, said he’d originally expected its work to wrap up in 2017.
Now, with GDPR rendering much of the discussions moot, there’s a feeling among some WG volunteers that they’ve been wasting their time.
ICANN’s response to GDPR is expected to be an emergency, top-down policy, written by staff and approved by the board, that would stay in place for a year.
The GNSO would then have a year to rally the community, under its own emergency procedures, to make formal policy to replace it for the long term.
There’s an open question about whether the RDS WG could be re-purposed to take on this task, but it’s my sense it’s more likely that a new group would be formed.
It may prove more challenging to recruit volunteers to such a group given the experiences of the RDS crowd.
Gomes, a long-time ICANN veteran and former GNSO Council chair, plans to spend more time travelling around in his RV with his wife. We wish them well.
Recent Comments