Latest news of the domain name industry

Recent Posts

How Whois could survive new EU privacy law

Kevin Murphy, December 29, 2017, Domain Policy

Reports of the death of Whois may have been greatly exaggerated.

Lawyers for ICANN reckon the current public system “could continue to exist in some form” after new European Union privacy laws kick in next May, according to advice published (hurriedly, judging by the typos towards the end) shortly before Christmas.

Hamilton, the Swedish law firm hired by ICANN to probe the impact of the General Data Protection Regulation, seems to be mellowing on its recommendation that Whois access be permanently “layered” according to who wants to access registration records.

Now, it’s saying that layered Whois access could merely be a “temporary solution” to protect the industry from fines and litigation until ICANN negotiates a permanent peace treaty with EU privacy regulators that would have less impact on current Whois users.

This opinion came in the third of three memorandums from Hamilton, published by ICANN last week. You can read it here (pdf).

With the first two memos strongly hinting that layered access would be the most appropriate way forward, the third points out the huge, possibly insurmountable burden this would place on registrars, registries, law enforcement agencies, the courts, IP lawyers, and others.

It instead suggests that layered access be temporary, with ICANN taking the lead in arranging a longer-term understanding with the EU.

The latest Hamilton memo seems to have taken on board comments from registries and registrars, intellectual property lawyers and domain investors, none of which are particularly enthusiastic about GDPR and the lack of clarity surrounding its impacts.

GDPR is an EU-wide law that gives much stronger protection to the personal data of private citizens.

Companies that process such data are kept on a much tighter leash and could face millions of euros of fines if they use the data for purposes their customers have not consented to or without a good enough reason.

It’s not a specifically intended to regulate Whois — indeed, its conflict with longstanding practice and ICANN rules seems to have been an afterthought — but Whois is the place the domain industry is most likely to find itself breaking the law.

It seems to be generally agreed that the current system of open, public access to all fields in all Whois records in all gTLDs would not be compliant with GDPR without some significant changes.

It also seems to be generally agreed that the data can be hugely useful for purposes such as police investigations, trademark enforcement and the domain secondary market.

The idea that layered access — where different sets of folks get access to different sets of data based on their legitimate needs — might be a solution has therefore gained some support.

Hamilton notes:

Given the limited time remaining until the GDPR enters into effect, we believe that the best chance of continuing to provide the Whois services and still be compliant with the GDPR will be to implement an interim solution based on an layered access model that would ensure continued processing of Whois data for some limited purposes.

The problem with this solution, as Hamilton now notes, is that it could be hugely impractical.

such a model would require the registrars to perform an assessment of interests in accordance with Article 6.1(f) GDPR on an individual case-by-case basis each time a request for access is made. This would put a significant organizational and administrative pressure on the registrars and also require them to obtain and maintain the competence required to make such assessments in order to deliver the requested data in a reasonably timely manner. In our opinion, public access to (limited) Whois data would therefore be of preference and necessary to fulfill the above purposes in a practical and efficient way.

And, Hamilton says, a scenario in which all cops had access to all Whois data would not necessarily be GDPR-compliant. Police may have to right to access the data, but they’d have to request it on a case-by-case basis.

Registrars — or even the courts — would have to make the decision as to whether each request was legit.

It would get even more complex for registrars when the Whois requester was an IP lawyer, as they’d have to check whether it was appropriate to disclose the personal data to both the lawyer and her client, the memo says.

For registrars, the largely nominal cost of providing a Whois service today would suddenly rocket as each Whois lookup would require human intervention.

Having introduced the concept of layered access and then shot it to pieces, Hamilton finally recommends that ICANN start talks with data protection authorities in the EU in order to find a solution where Whois services can continue to be provided in a form available to the general public in the future”.

ICANN should start an “informal dialogue” with the Article 29 Working Party, the EU privacy watchdog made up of data protection authorities from each member state, and initiate formal consultations with one or more of these DPAs individually, the memo recommends.

The WP29 could prove a tough chat, given that the group has a long history of calling for layered access, and its views, even if changed, would not be binding anyway.

So Hamilton says ICANN, in conjunction with its registries and registrars, should carry out a formal data protection impact assessment (DPIA) and submit it to a relevant DPA in a EU country where it has a corporate presence, such as Belgium.

That way, at least ICANN has a chance of retaining Whois in a vaguely recognizable form while protecting the industry from crippling extra costs.

In short, the industry is still going to have to make some changes to Whois in the first half of 2018, some of which may make Whois access troublesome for many current users, but those changes may not last forever.

ICANN CEO Goran Marby said in a blog post:

We’ve made it a high priority to find a path forward to ensure compliance with the GDPR while maintaining WHOIS to the greatest extent possible. Now, it is time to identify potential models that address both GDPR and ICANN compliance obligations.

We’ll need to move quickly, while taking measured steps to develop proposed compliance models. Based on the analysis from Hamilton, it appears likely that we will need to incorporate the advice about using a layered access model as a way forward.

He wants the industry to submit compliance models by January 10 for publication January 15, with ICANN hoping to “settle on a compliance model by the end of January”.

.mail, .home, .corp hopefuls could get exit plan in January

Kevin Murphy, December 27, 2017, Domain Registries

The twenty remaining applicants for the gTLDs .corp, .home and .mail could get the option to bow out with a full refund as early as January.

The ICANN board of directors earlier this month discussed several options for how to treat the in-limbo applications, one of which was a refund.

According to minutes of its December 13 meeting:

Staff outlined some potential options for the Board to consider, which ranged from providing a full refund of the New gTLD Program application fee to the remaining .CORP, .HOME, and .MAIL applicants, to providing priority in subsequent rounds of the New gTLD Program if the applicants were to reapply for the same strings.

Applicants for these strings that already withdrew their applications for a partial refund were also discussed.

The three would-be gTLDs have been frozen for years, after a study showed that they receive vast amounts of error traffic already on a daily basis.

This means there would be likely a large number of name collisions with zones on private networks, should these strings be delegated to the authoritative root.

The ICANN board instructed the staff to draft some resolutions to be voted on at “a subsequent meeting”, suggesting directors are close to reaching a decision.

It seems possible a vote could even happen at a January meeting, given that the board typically meets up almost every month.

ICANN attendance shrinks again

Kevin Murphy, December 21, 2017, Domain Policy

The number of people showing up an ICANN public meeting was down again for ICANN 60.

The organization today reported that 1,929 people showed up in Abu Dhabi, the first time Annual General Meeting attendance has dropped below 2,000 for some time.

At the comparable 2016 AGM, held in Hyderabad, ICANN saw a record 3,182 people check in, a number swollen by many hundreds of Indian delegates.

In 2015, the AGM in Dublin reportedly had 2,395 participants.

The 1,929 going to Abu Dhabi compares to the 2,089 going to the Copenhagen meeting in March and the 1,353 who went to the much shorter, more focused Johannesburg meeting in June.

All three 2017 meetings had lower attendance than their 2016 counterparts.

While there had been some talk of some foreigners, particularly women, avoiding ICANN 60 due to its location, it appears that the gender mix was pretty much the same as usual, with 31% of people saying they were female.

The number of sessions continued to spiral out of control, although they were on average shorter.

There were 407 meetings over the course of the week, up from 381 at the Hyderabad AGM, but the total number of session-hours was down from 814 to 696.

The amount of equipment lugged to the venue weighed in at 9.6 metric tonnes. That’s the same, ICANN said, as 6,517 adult female falcons.

That’s enough birds to fill sixty London buses to the moon and back in a hundred football stadiums THE SIZE OF WALES.

Probably.

Donuts loses Cole to law firm

Kevin Murphy, December 20, 2017, Domain Registries

Donuts vice president Mason Cole has quit to join a law firm.

Cole said on social media yesterday that he has joined Seattle-based Perkins Coie as an “Internet Governance Advisor”.

He said he will continue to participate in ICANN in his new capacity, where Perkins Coie is involved in intellectual property matters.

Cole has been in the industry for over 15 years, first at SnapNames and Oversee.net before becoming a founding employee of new gTLD registry player Donuts.

He was most recently VP communications and industry relations there.

He’s not a lawyer, but he does have extensive experience on the Generic Names Supporting Organization, including being its first liaison to the Governmental Advisory Committee.

ICANNWiki could be first victim of budget cutbacks

Kevin Murphy, December 20, 2017, Domain Policy

ICANN is mulling whether to cut funding to ICANNWiki, the independent community encyclopedia, as part of its efforts to rein in spending.

There’s $100,000 at stake, more than half of the Oregon-based non-profit’s annual budget.

Ray King, the gTLD registry CEO who founded ICANNWiki in 2005, told DI today that ICANN has been providing funding for the last three years.

“While no decision has been made yet, there is a possibility that ICANN will not continue it,” he said in an email.

“We’ve poured our hearts and minds into this project for many years so this would be disappointing to say the least,” he said. “We believe in our mission and that it is in the community’s interest for this support to continue”.

An ICANN spokesperson said: “At this time, while it is highly unlikely that ICANN will be renewing its contract with ICANNWiki, we have not come to a final determination.”

ICANNWiki currently carries about 6,000 volunteer-edited articles covering many aspects of the ICANN community and the domain name industry in general.

George Clooney circa 1997It’s perhaps most recognizable for the frequently shared caricatures of community members it produces, such as this handsome devil, and the playing card decks handed out as freebies at ICANN meetings.

According to a letter (pdf) sent to ICANN earlier this month, ICANNWiki receives cash contributions of $161,000 a year, $61,000 of which comes from 10 corporate sponsors.

ICANNWiki estimates the 2,200 hours per year of volunteer work it benefits from is worth about $66,500. It says it has in-kind contributions worth about $40,000 from other companies.

It puts the value of its “reference services” at $339,959 a year.

That’s based on estimated visits to its site of 182,774 in 2017 (not including visits from its editors and staff) and a value per visit of $1.86 (based on an unrelated ROI calculation Texas Public Libraries used to justify its own existence earlier this year).

The ICANN $100,000 contribution is at risk now due to the organization’s plan to cut back on spending in the face of revenues that are coming in lower than expected due to a weak domain name market.

CEO Goran Marby said yesterday that its fiscal 2018 is currently running a million dollars short. Coupled with a perceived need to add an extra $80 million to its reserve budget, ICANN is looking for areas to cut costs.

ICANNWiki funding may be the low-hanging fruit in this endeavor; while it’s no doubt valuable (I probably use it two or three times per week on average), it’s perhaps not straightforward to quantify that value.

Even if the funding is cut, I would not expect ICANNWiki the web site to disappear, given the level of corporate sponsorship and in-kind services it receives and the low overheads suggested by its modest traffic numbers, but perhaps its growth and outreach ambitions would be curtailed.

UPDATE: This post was updated at 2307 UTC with a quote from ICANN.