US government oversight of ICANN and the domain name system will end a year later than originally expected.
The National Telecommunications and Information Administration said last night that it has extended ICANN’s IANA contract until September 30, 2016, giving the community and others more time to complete and review the transition proposals.
NTIA assistant secretary Larry Strickling wrote that “it has become increasingly apparent over the last few months that the community needs time to complete its work, have the plan reviewed by the U.S. Government and then implement it if it is approved.”
Simultaneously, NTIA has finally published a proposal — written by ICANN and Verisign — for how management of the DNS root will move away from hands-on US involvement.
The extension of the IANA contract from its September 30, 2015 end date was not unexpected. The current contract allows for such extensions.
As we recently reported, outgoing ICANN CEO Fadi Chehade had guessed a mid-2016 finalization of the transition.
Regardless, expect op-eds in the coming days to claim this as some kind of political victory against the Obama administration.
Part of the reason for the extension, beyond the fact that the ICANN community hasn’t finished its work yet, is legislation proposed in the US.
The inappropriately named DOTCOM Act, passed by the House but frozen for political reasons in the Senate by Tea Party presidential hopeful Sen Ted Cruz, would give Congress 30 legislative days (which could equal months of real time) to review the IANA transition proposals.
There are basically three prongs to the transition, each with very long names.
The “Proposal to Transition the Stewardship of the Internet Assigned Numbers Authority (IANA) Functions from the U.S. Commerce Department’s National Telecommunications and Information Administration (NTIA) to the Global Multistakeholder Community” is the first.
That was created by the multistakeholder IANA Stewardship Transition Coordination Group (ICG) and deals with how the IANA contract will be managed after the US government goes away.
The second prong comes from the Cross Community Working Group on Enhancing ICANN Accountability, which deals with how ICANN itself can improve its accountability to the internet community without the Damoclean sword of US intervention hanging over it.
The CCWG’s latest draft report would strengthen the ICANN board against capture by, for example, making certain bylaws harder to amend and giving the community the right to fire directors.
Both of these proposals are currently open for public comment here.
The third prong, which only appears to have been published this week, deals with the nuts and bolts of how changes to the DNS root zone are made.
The current system is a tripartite arrangement between IANA, NTIA and Verisign.
When a TLD operator needs a change to the DNS root — for example adding a name server for its TLD — the request is submitted to and processed by IANA, sent to NTIA for authorization, then actually implemented on the primary root server by Verisign.
Under the new proposal (pdf) to phase the NTIA out of this arrangement, the NTIA’s “authorization” role would be temporarily complemented by a parallel “authentication” role.
The proposal is not written in the clearest English, even by ICANN standards, but it seems that the current Root Zone Management System would be duplicated in its entirety and every change request would have to be processed by both systems.
The output of both would be compared for discrepancies before Verisign actually made the changes to the root.
It seems that this model is only being proposed as a temporary measure, almost like a proof of concept to demonstrate that the NTIA’s current authorization role isn’t actually required and won’t be replaced in this brave new world.
ICANN CEO Fadi Chehade will become a senior adviser with a private equity firm after he leaves ICANN next March.
He blogged today that he will take the role with Boston-based ABRY Partners and “provide guidance to ABRY’s partners and their companies’ leaders on digital strategy”.
Chehade, back in June, had described the ICANN CEO role as a “better job that I’ve ever had, or will ever have”.
He had years left on his contract.
My first thought is: really? This is the gig you quit ICANN for?
I’m drawn down the path of thinking that rather than finding the job of his dreams elsewhere, the dude is just suffering from ICANN burnout.
Chehade suggests in his post that ABRY is not a full-time job, writing: “I expect to add other roles to my portfolio and will update you all as appropriate.”
ABRY, at first glance, does not appear to have any significant connection to the domain name industry or to ICANN itself.
OpenTLD has fired off its newest salvo in its ongoing cybersquatting dispute with ICANN, saying the ICANN-imposed suspension would “devastate” its business.
The company has also addressed many of ICANN’s cybersquatting allegations, while failing to deny it squatted on two competitors’ trademarks.
In its latest arbitration filing (pdf), OpenTLD said: “Quite simply, the suspension of OpenTLD’s ability to offer gTLD registrations and inbound transfers would decimate its unique business model.”
ICANN had argued that the suspension of its registrar accreditation was no big deal because its gTLD domain base is measured in the low thousands, whereas the total domains under management of parent Freenom, which offers free domains in .tk and other ccTLDS, is in excess of 25 million.
But OpenTLD said the two businesses as “deeply intertwined” and separating the two would impair its ability to do business.
ICANN is pushing for the suspension because OpenTLD lost two UDRP cases earlier this year. Both were filed by competitors — Key-Systems and NetEarth — who accused the registrar of attempting to lure resellers to its platform by infringing rivals’ trademarks.
ICANN has since followed up by accusing OpenTLD of continuing to cybersquat famous brands, including Google and Facebook, even after the suspension notice was issued. These claims, as I noted last week, are very dubious, however.
In its latest filing, OpenTLD denies that any of those domains — all of which use its privacy service — were registered by itself. It goes so far as to name the actual registrants.
But it fails to deny that it was the true registrant of the Key-Systems and NetEarth domains lost in the UDRP cases.
Rather, it focuses on ICANN’s claims that it committed “cyberflight” by deleting the UDRP’d domains rather than allowing them to be transferred to the trademark owners.
It admits that the domains were deleted but said this was “inadvertent” and that it attempted to transfer them to its competitors later.
OpenTLD wants the threatened suspension stayed.
The case continues. A decision by the arbitration panel is expected August 24.
ICANN has accused OpenTLD, the registrar arm of Freenom, of cybersquatting famous brands even after it was threatened with suspension.
The claims may be worrying for some registrars as ICANN may in fact be holding the registrar responsible for the actions of its proxy service customers.
OpenTLD was suspended by ICANN in early July, after two UDRP rulings found the company had cybersquatted rival registrars’ brands in order to poach customers.
The suspension was lifted after just a few hours when OpenTLD took ICANN to arbitration under the terms of its Registrar Accreditation Agreement.
In ICANN’s latest arbitration filing, the organization’s lawyers argue that the suspension should not be stayed, because OpenTLD has been shown to engage in a pattern of cybersquatting.
Like the original suspension notice, the filing cites the two UDRP losses, along with footnotes indicating that as many as seven competing brands had been cybersquatted.
But ICANN has now also escalated its allegations to bring in non-registrar brands where it’s far from clear that OpenTLD is the actual registrant.
ICANN’s filing states:
even a brief review of the domain names in OpenTLD’s portfolio demonstrates that OpenTLD appears to be continuing to engage in bad faith and abusive registration practices. As of 3 August 2015, there were at least 73 gTLD domains registered to Stichting OpenTLD WHOIS Proxy (which is OpenTLD’s proxy service) that are identical to or contain the registered trademarks or trade names of third parties, including, by way of small example, the domain names barnesandnoble.link, sephora.bargains, at-facebook.com, ebaybh.com, googlefreeporn.com, global-paypal.com, hotmailtechnicalsupport.com, and secure-apple.com. ICANN is not aware of any legitimate interest or right that OpenTLD has to use these third-party trademarks and trade names.
Even more concerning is the fact that at least 14 gTLD domain names that contain the registered trademarks or trade names of third parties were registered by OpenTLD’s proxy service after the 23 June 2015 Suspension Notice was issued to OpenTLD, further demonstrating that OpenTLD’s overtures of “cooperation” ring hollow.
To be clear, that’s ICANN accusing OpenTLD of cybersquatting because some of the domains registered via its privacy service appear to be trademark infringements.
It’s basically equating infringing use of OpenTLD’s proxy service (such the registration of barnesandnoble.link) with the infringing behavior of OpenTLD itself (such as the registration of godaddy.cf, a February 2015 screenshot of which can be seen below.)
This may just be legal posturing, but I imagine many other registrars would be worried to know that they could have their accreditation suspended for cybersquatting simply because some of their privacy customers are cybersquatters.
I’d wager that every proxy/privacy service available has been used by blatant cybersquatters at one time or another.
Filings in the arbitration case can be found here.
ICANN has been hacked again and your user names and passwords may have been compromised.
The organization said tonight that it thinks “usernames/email addresses and encrypted passwords for profile accounts created on the ICANN.org public website were obtained by an unauthorized person.”
The stolen information includes “user preferences for the website, public bios, interests, newsletter subscriptions, etc”, ICANN said.
No critical systems seem to have been affected, ICANN said.
ICANN said that an “external service provider” was responsible for the hashed passwords that were nabbed.
It recommends an abundance of caution: changing passwords, or simply (and unrealistically) not using the same password across multiple sites.
ICANN gets hacked constantly. It’s barely even news any more. Many of the stories can be found with this search.