Latest news of the domain name industry

Recent Posts

ICANN could get the ball rolling on next new gTLD round this weekend

Kevin Murphy, September 7, 2021, Domain Policy

ICANN may be about to take the next step towards the next round of new gTLD applications at a meeting this Sunday.

On the agenda for the full board of directors is “New gTLD Subsequent Procedures Operational Design Phase (ODP): Scoping Document, Board Resolution, Funding and Next steps”.

But don’t quite hand over all your money to an application consultant just yet — if ICANN approves anything this weekend, it’s just the “Operational Design Phase”.

The ODP is a new piece of procedural red tape for ICANN, coming between approval of a policy by the GNSO Council and approval by the board.

It is does NOT mean the board will approve a subsequent round. It merely means it will ask staff to consider the feasibility of eventually implementing the policy, considering stuff like cost and legality.

CEO Göran Marby recently said the ODP will take more than six months to complete, so we’re not looking at board approval of the next round until second-quarter 2022 at the earliest.

Will you use SSAD for Whois queries?

Kevin Murphy, July 9, 2021, Domain Policy

ICANN is pinging the community for feedback on proposed Whois reforms that would change how people request access to private registrant data.

The fundamental question is: given everything you know about the proposed System for Standardized Access and Disclosure (SSAD), how likely are you to actually use it?

The SSAD idea was dreamed up by a community working group as the key component of ICANN’s response to privacy laws such as GDPR, and was then approved by the Generic Names Supporting Organization.

But it’s been criticized for not going far enough to grant Whois access to the likes of trademark lawyers, law enforcement and security researchers. Some have called it a glorified ticketing system that will cost far more than the value it provides.

Before the policy is approved by ICANN’s board, it’s going through a new procedure called the ODP, for Operational Design Phase, in which ICANN staff, in coordination with the community, attempt to figure out whether SSAD would be cost-effective, or even implementable.

The questionnaire released today will be an input to the ODP. ICANN says it “will play a critical role in assessing the feasibility and associated risks, costs, and resources required in the potential deployment of SSAD.”

There’s only eight questions, and they mostly relate to the volume of private data requests submitted currently, how often SSAD is expected to be used, and what the barriers to use would be.

ICANN said it’s asking similar questions of registries and registrars directly.

There’s a clear incentive here for the IP and security factions within ICANN to low-ball the amount of usage they reckon SSAD will get, whether that’s their true belief or not, if they want ICANN to strangle the system in its crib.

It’s perhaps noteworthy that the potential user groups the questionnaire identifies do not include domain investors nor the media, both of which have perfectly non-nefarious reasons for wanting greater access to Whois data. This is likely because these communities were not represented on the SSAD working group.

You can find the questionnaire over here. You have until July 22.

ICANN chair reins in new gTLD timeline hopes

Kevin Murphy, May 24, 2021, Domain Policy

Don’t get excited about the next round of new gTLDs launching any time soon.

That’s my takeaway from recent correspondence between ICANN’s chair and brand-owners who are apparently champing at the bit to get their teeth into some serious dot-brand action.

Maarten Botterman warned Brand Registry Group chair Cole Quinn that “significant work lies ahead” before the org can start accepting applications once more.

Quinn had urged ICANN to get a move on last month, saying in a letter that there was “significant demand” from trademark owners.

The last three-month application window ended in March 2012, governed by an Applicant Guidebook that said: “The goal is for the next application round to begin within one year of the close of the application submission period for the initial round.”

That plainly never happened, as ICANN proceeded to tie itself in bureaucratic knots and recursive cycles of review and analysis.

Any company that missed the boat or was founded in the meantime has been unable to to even get a sniff of operating its own dot-brand, or indeed any other type of gTLD.

Spelling out some of the steps that need to be accomplished before the next window opens, Botterman wrote:

the 2012 Applicant Guidebook must be updated with more than 100 outputs from the SubPro PDP WG; we will need to apply lessons learned from the previous round, many of which are documented in the 2016 Program Implementation Review, and appropriate resources for implementing and conducting subsequent rounds must be put in place. At present it appears that WG recommendations will benefit from an Operational Design Phase (ODP) to provide the Board with information on the operational implications of implementing the recommendations. As part of such an ODP, the Board may also task ICANN org to provide an assessment of some of the issues of concern that the Board raised in its comments on the Draft Final Report, as well as those topics that did not reach consensus and were thus not adopted by the GNSO Council. The outcome of such an assessment could also add to the work that would be required before launching subsequent rounds.

The Board notes your views regarding SAC114. We are aware of discussions that took place during ICANN70 and the Board is in communication with the Security and Stability Committee (SSAC) and its leadership, as per the ‘Understand’ phase of the Board Advice Process. As with all advice items received, the Board will treat SAC114 in accordance with that process.

Breaking that down for your convenience…

The reference to “more than 100 outputs from the SubPro PDP WG” refers to the now six-year old Policy Development Process for New gTLD Subsequent Procedures working group of the GNSO.

SubPro delivered its final report in January and it was adopted by the GNSO Council in February.

ICANN asked the Governmental Advisory Committee for its formal input a few weeks ago, has opened the report for a public comment period that ends June 1, and will accept or reject the report at some point in the future.

SubPro’s more significant recommendations include the creation of a new accreditation mechanism for registry back-end service providers and a gaming-preventing overhaul of the contention resolution process.

The “the 2016 Program Implementation Review” is a reference to a self-assessment of the 2012 round that the ICANN staff carried out six years ago, producing a 215-page report (pdf).

That report contains about 50 recommendations covering areas where staff thought the system of actually processing new gTLD applications could possibly be improved or streamlined in subsequent rounds.

The Operational Design Phase (ODP) Botterman refers to is a brand-new phase of ICANN bureaucracy that is currently untested. It fits between GNSO Council approval of recommendations and ICANN board consideration.

The ODP is basically a way for ICANN staff to insert itself into the process, between community policy-making and community policy-approval, to make sure the GNSO’s tenuous consensus-building exercise has not produced something too crazily complicated, ineffective or expensive to implement.

Staff denies this is a power-grab.

The ODP is currently being deployed to assess proposed changes to Whois privacy policy, and ICANN has already stated multiple times that it will also be used to vet SubPro’s work.

Botterman’s reference to “issues of concern that the Board raised in its comments on the Draft Final Report” seems to mean this September 2020 letter (pdf) to SubPro’s chairs, in which the ICANN board outlined some of its initial concerns with SubPro’s proposed policies.

One fairly important concern was whether ICANN has the power under its bylaws (which have changed since 2012) to enforce Public Interest Commitments (now called Registry Voluntary Commitments) that SubPro thinks could be used to make some sensitive gTLDs more trustworthy.

The reference to SAC144 may turn out to be a big stumbling block too.

SAC114 is the bombshell document (pdf) submitted by the Security and Stability Advisory Committee in February, in which ICANN’s top security community members openly questioned whether allowing more new gTLDs is consistent with ICANN’s commitment to keep the internet secure.

While SAC114 seems to reluctantly acknowledge that the program will likely go ahead regardless, it asks that ICANN do more to address so-called “DNS abuse” before proceeding.

Given that the various factions within the ICANN community can’t even agree on what “DNS abuse” is, how ICANN chooses to “understand” SAC114 will have a serious impact on how much further the runway to the next round gets extended.

In short, Botterman is warning brand owners not to hold their breath anticipating the next application window. I think I even detect some serious skepticism as to whether demand is really as high as Quinn claims.

And quite beyond the stuff Botterman outlines in his letter, there’s presumably going to be at least one round of review and revision on the next Applicant Guidebook, as well as the time needed for ICANN to build or upgrade the systems it needs to process the applications, to hire evaluators and resolution providers, and to make sure it conducts a sufficiently long and broad global marketing program so that potential applicants in the developing world don’t feel left out. And that’s a non-exhaustive list.

Introducing competition into the registry space is of course one of ICANN’s foundational raisons d’être.

After the org was founded in September 1998, it took less than two years before it opened up the first new gTLD application round.

It was another three years before the second round launched.

It then took eight and a half years for the 2012 window to open.

It will be well over a decade from then before anyone next gets the opportunity to apply for a new gTLD. It’s entirely feasible that we’ll see an applicant in the next round headed by somebody who wasn’t even born when the first window opened.

IP lobby demands halt to Whois reform

Kevin Murphy, March 17, 2021, Domain Policy

Trademark interests in the ICANN community have called on the Org to freeze implementation of the latest Whois access policy proposals, saying it’s “not yet fit for purpose”.

The Intellectual Property Constituency’s president, Heather Forrest, has written (pdf) to ICANN chair Maarten Botterman to ask that the so-called SSAD system (for Standardized System for Access and Disclosure) be put on hold.

SSAD gives interested parties such as brands a standardized pathway to get access to private Whois data, which has been redacted by registries and registrars since the EU’s Generic Data Protection Regulation came into force in 2018.

But the proposed policy, approved by the GNSO Council last September, still leaves a great deal of discretion to contracted parties when it comes to disclosure requests, falling short of the IPC’s demands for a Whois that looks a lot more like the automated pre-GDPR system.

Registries and registrars argue that they have to manually verify disclosure requests, or risk liability — and huge fines — under GDPR.

The IPC has a few reasons why it reckons ICANN should slam the brakes on SSAD before implementation begins.

First, it says the recommendations sent to the GNSO Council lacked the consensus of the working group that created them.

Intellectual property, law enforcement and security interests — the likely end users of SSAD — did not agree with big, important chucks of the working group’s report. The IPC reckons eight of the 18 recommendations lacked a sufficient degree of consensus.

Second, the IPC claims that SSAD is not in the public interest. If the entities responsible for “policing the DNS” don’t think they will use SSAD due to its limitations, then why spend millions of ICANN’s money to implement it?

Third, Forrest writes that emerging legislation out of the EU — the so-called NIS2, a draft of a revised information security directive —- puts a greater emphasis on Whois accuracy

Forrest concludes:

We respectfully request and advise that the Board and ICANN Org pause any further work relating to the SSAD recommendations in light of NIS2 and given their lack of community consensus and furtherance of the global public interest. In light of these issues, the Board should remand the SSAD recommendations to the GNSO Council for the development of modified SSAD recommendations that meet the needs of users, with the aim of integrating further EU guidance.

It seems the SSAD proposals will be getting more formal scrutiny than previous GNSO outputs.

When the GNSO Council approved the recommendations in September, it did so with a footnote asking ICANN to figure out whether it would be cost-effective to implement an expensive — $9 million to build, $9 million a year to run — system that may wind up being lightly used.

ICANN has now confirmed that SSAD and the other Whois policy recommendations will be one of the first recipients of the Operational Design Phase (pdf) treatment.

The ODP is a new, additional layer of red tape in the ICANN policy-making sausage machine that slots in between GNSO Council approval and ICANN board consideration, in which the Org, in collaboration with the community, tries to figure out how complex GNSO recommendations could be implemented and what it would cost.

ICANN said this week that the SSAD/Whois recommendations will be subject to a formal ODP in “the coming months”.

Any question about the feasibility of SSAD would be referred back to the GNSO, because ICANN Org is technically not supposed to make policy.