Latest news of the domain name industry

Recent Posts

ICANN puts .islam and other gTLD bids in limbo

Kevin Murphy, February 8, 2014, Domain Policy

Or should that be Barzakh?

Rather than making the tricky decision on whether to approve .islam and .halal new gTLD applications, ICANN seems to have place both bids into permanent limbo.

It’s also put off calls on applications for .spa, .amazon, .wine and .vin, due to objections from the Governmental Advisory Committee.

On .islam and .halal, ICANN chair Steve Crocker wrote to Turkish applicant Asia Green IT System to say that the New gTLD Program Committee will not address the bids until AGIT has worked out its differences with the Organization for Islamic Cooperation.

He noted that AGIT has expressed a willingness in the past to work with the OIC, but that the OIC has formally decided to object to the two applications. Crocker wrote:

There seems to be a conflict between the commitments made in your letters and the concerns raised in letters to ICANN urging ICANN not to delegate the strings. Given these circumstances, the NGPC will not address the applications further until such time as the noted conflicts have been resolved.

This is not a formal rejection of the applications, but ICANN seems to have placed them in a limbo that will only be resolved when AGIT withdraws from the program or secures OIC support.

There’s also delaying treatment for .wine and .vin, which have become the subject of a raging row between Europe on the one hand and the US, Canada and Australia on the other.

Europe wants these two wine-related gTLDs to be subject to strict rules on who can register domains containing geographic indicators, such as “Champagne”. The others don’t.

ICANN in response has commissioned a third-party study on GIs, which it expects to be able to consider at its Singapore public meeting next month. Again, a decision has been avoided.

The two applicants for .spa don’t have any closure either.

Spa is the name of a town in Belgium, whereas the two applicants — Donuts and Asia Spa and Wellness Promotion Council — intend to use the string in its English dictionary sense.

There was a bit of a scandal during the Buenos Aires meeting last November when it was suggested that Belgium was using its position on the GAC to shake down the applicants for money.

Belgium denied this, saying the city of Spa didn’t stand to gain financially from the deals that it was trying to make with applicants. Some money would go to “the community served by .spa”, Belgium said, without elaboration.

ICANN has now decided to put .spa on hold, but wants to know more about these talks:

ICANN will not enter into registry agreements with applicants for the identified string at this time. The NGPC notes concern about concluding the discussions with the applicants and will request the GAC to (1) provide a timeline for final consideration of the string, and (2) identify the “interested parties” noted in the GAC advice.

Finally, ICANN has yet again delayed making a call on Amazon’s application for .amazon — until at least Singapore — out of an abundance of legal caution.

The GAC recommended that ICANN should reject .amazon because a few Latin American states claim ownership of the string due to it being the same as the Amazon region they share.

Amazon and others claim that it would be in violation of international law that prevents governments interfering with the use of trademarks for the GAC to block .amazon.

ICANN’s NGPC said:

ICANN has commissioned an independent, third-party expert to provide additional analysis on the specific issues of application of law at issue, which may focus on legal norms or treaty conventions relied on by Amazon or governments. The analysis is expected to be completed in time for the ICANN Singapore meeting so that the NGPC can consider it in Singapore.

In my view, the .amazon issue is the one most likely to bring a lawsuit to ICANN’s doorstep, so the organization clearly wants to get its legal position straight before making a call one way or the other.

All these decisions were made on Wednesday. You can read the NGPC’s resolution here and the important details here.

ICANN approves reworked GAC advice over US concerns

Kevin Murphy, February 8, 2014, Domain Policy

No sooner had we reported on the US government’s complaint about ICANN’s reinterpretation of GAC advice on new gTLDs than it emerged that ICANN has already approved the plan.

The ICANN board’s New gTLD Program Committee on Wednesday approved a resolution on how to implement the so-called Category 1 advice the Governmental Advisory Committee came up with in Beijing last April. The resolution was published today.

The Category 1 advice calls for stronger regulation — stuff like forcing registrants to provide industry credentials at point of sale — in scores of new gTLDs the GAC considers particularly sensitive.

Despite US Department of Commerce assistant secretary Larry Strickling calling for more talks after ICANN substantially diluted some of the GAC’s Beijing communique, the NGPC has now formally approved its watered-down action plan.

Under the plan, registrants in gTLDs such as .lawyer and .doctor will have to “represent” that they are credentialed professionals in those verticals when they register a domain.

That’s as opposed to actually providing those credentials at point of registration, which, as Strickling reiterated in his letter, is what the GAC asked for in its Beijing communique.

The full list of eight approved “safeguards” (as interpreted from GAC advice by ICANN) along with the list of the gTLDs that they will apply to, can be found in this PDF.

US unhappy with ICANN, urges more delay to many new gTLDs

Kevin Murphy, February 8, 2014, Domain Policy

The US government is not pleased with ICANN’s rather liberal interpretation of Governmental Advisory Committee advice on new gTLDs and wants more talks about “safeguards”.

Not only that, but it wants to start talking to ICANN about extending safeguards applicable to new gTLDs to old gTLDs, presumably including the likes of .com, too.

A letter to ICANN from Department of Commerce assistant secretary Larry Strickling, obtained by DI today, calls for more talks before ICANN finalizes its handling of the GAC’s Beijing communique.

Strickling notes, as DI has previously, that ICANN softened the meaning of the advice in order to smooth its implementation.

as can be the case when translating GAC Advice to contractual provisions, the NGPC [the ICANN board’s New gTLD Program Committee] made adjustments to the GAC Advice that the United States believes could cause enforcement problems and as such merits further discussion. The National Telecommunications and Information Administration (NTIA), on behalf of the United States, is planning to raise these concerns for discussion at the March GAC meeting in Singapore and requests that ICANN take this fact into account before moving forward with applications for strings impacted by the relevant portions of GAC advice

The letter (pdf) was sent February 4, just a day before the NGPC held a meeting — the results of which we do not yet know — that had the GAC Advice on its agenda.

The New gTLD Applicants Group had urged the NGPC to finally put the GAC Advice to rest, highlighting the “heavy burden that the delay in the implementation of GAC Category 1 Advice has imposed upon affected applicants” in a letter last week.

The Category 1 advice, you may recall, comprised eight “safeguards” mandating policies such as industry engagement and registrant authentication, applicable to at least 386 gTLD applications.

Back in November, ICANN announced how it planned to handle this advice, but changed its meaning to make it more palatable to ICANN and applicants.

Those changes are what Strickling is not happy with.

He’s particularly unhappy with changes made to the GAC’s demand for many gTLDs to be restricted to only card-carrying members of the industries the strings seem to represent.

The GAC said in Beijing:

At the time of registration, the registry operator must verify and validate the registrants’ authorisations, charters, licenses and/or other related credentials for participation in that sector.

In other words, you’d have to provide your doctor license before you could register a .doctor domain.

But ICANN proposed to implement it like this:

Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring a representation that the Registrant possesses any necessary authorisations, charters, licenses and/or other related credentials for participation in the sector associated with the Registry TLD string.

The doctor under this policy would only require the doctor to check a box confirming she’s a doctor. As Strickling said:

The NGPC has changed the GAC-coveyed concept of “verification and validation” to “representation”

Requirements for registries to mandate adherence to government regulations on the protection of financial and healthcare data are also his targets for further discussion.

What all this boils down to is that, assuming ICANN paid heed to Strickling’s letter, it seems unlikely that NTAG will get closure it so desperately wants until the Singapore meeting in late March — a year after the original Beijing communique — at the earliest.

In other words, lots of new gTLD applicants are probably going to be in limbo for a bit longer yet.

But Strickling also has another bombshell to drop in the final sentence of the letter, writing:

In addition, we will recommend that cross community discussion begin in earnest on how the safeguards that are being applied to new gTLDs can be applied to existing gTLDs.

So it seems the GAC is likely to start pressing to retroactively apply its new gTLDs advice to legacy gTLDs too.

Registrant verification in .com? Stricter Whois checks and enforcement? That conversation has now started, it seems.

EU body tells ICANN that 2013 RAA really is illegal

Kevin Murphy, January 29, 2014, Domain Registrars

A European Union data protection body has told ICANN for a second time — after being snubbed the first — that parts of the 2013 Registrar Accreditation Agreement are in conflict with EU law.

The Article 29 Data Protection Working Party, which is made up of the data protection commissioners in all 28 EU member states, reiterated its claim in a letter (pdf) sent earlier this month.

In the letter, the Working Party takes issue with the part of the RAA that requires registrars to keep hold of customers’ Whois data for two years after their registrations expire. It says:

The Working Party’s objection to the Data Retention Requirement in the 2013 RAA arises because the requirement is not compatible with Article 6(e) of the European Data Protection Directive 95/46/EC which states that personal data must be:

“kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected”

The 2013 RAA fails to specify a legitimate purpose which is compatible with the purpose for which the data was collected, for the retention of personal data of a period of two years after the life of a domain registration or six months from the relevant transaction respectively.

Under ICANN practice, any registrar may request an opt out of the RAA data retention clauses if they can present a legal opinion to the effect that to comply would be in violation of local laws.

The Working Party told ICANN the same thing in July last year, clearly under the impression that its statement would create a blanket opinion covering all EU-based registrars.

But a week later ICANN VP Cyrus Namazi told ICANN’s Governmental Advisory Committee that the Working Party was “not a legal authority” as far as ICANN is concerned.

The Working Party is clearly a bit miffed at the snub, telling ICANN this month:

The Working Party regrets that ICANN does not acknowledge our correspondence as written guidance to support the Waiver application of a Registrar operating in Europe.

the Working Party would request that ICANN accepts the Working Party’s position as appropriate written guidance which can accompany a Registrar’s Data Retention Waiver Request.

It points out that the data protection commissioners of all 28 member states have confirmed that the letter “reflects the legal position in their member state”.

ICANN has so far processed one waiver request, made by the French registrar OVH, as we reported earlier this week.

Weirdly, the written legal opinion used to support the OVH request is a three-page missive by Blandine Poidevin of the French law firm Jurisexpert, which cites the original Working Party letter heavily.

It also cites letters from CNIL, the French data protection authority, which seem to merely confirm the opinion of the Working Party (of which it is of course a member).

EU registrars seem to be in a position here where in order to have the Working Party’s letter taken seriously by ICANN, they have to pay a high street lawyer to endorse it.

First European registrar to get Whois data opt-out

Kevin Murphy, January 28, 2014, Domain Registrars

ICANN plans to give a French registrar the ability to opt out of parts of the 2013 Registrar Accreditation Agreement due to data privacy concerns.

OVH, the 14th-largest registrar of gTLD domains, asked ICANN to waive parts of the RAA that would require it to keep hold of registrant Whois data for two years after it stops having a relationship with the customer.

The company asked for the requirement to be reduced to one year, based on a French law and a European Union Directive.

ICANN told registrars last April that they would be able to opt-out of these rules if they provided a written opinion from a local jurist opining that to comply would be illegal.

OVH has provided such an opinion and now ICANN, having decided on a preliminary basis to grant the request, is asking for comments before making a final decision.

If granted, it would apply to “would apply to similar waivers requested by other registrars located in the same jurisdiction”, ICANN said.

It’s not clear if that means France or the whole EU — my guess is France, given that EU Directives can be implemented in different ways in different member states.

Throughout the 2013 RAA negotiation process, data privacy was a recurring concern for EU registrars. It’s not just a French issue.

ICANN has more details, including OVH’s request and links for commenting, here.