Big changes are coming to Whois, privacy services and resellers, among other things, under the terms of a newly agreed contract between domain name registrars and ICANN.
A proposed 2013 Registrar Accreditation Agreement that is acceptable to the majority of registrars, along with a plethora of supporting documentation, has been posted by ICANN this morning.
This “final” version, which is expected to be approved by ICANN in June, follows 18 months of often strained talks between ICANN and a negotiating team acting for all registrars.
It’s expected that only 2013 RAA signatories will be able to sell domain names in new gTLDs.
Overall, the compromise reflects ICANN’s desire to ensure that all registrars adhere to the same high standards of conduct, bringing contractual oversight to some currently gray, unregulated areas.
It also provides registrars with greater visibility into their future businesses while giving ICANN ways to update the contract in future according to the changing industry landscape.
For registrants, the biggest changes are those that came about due to a set of 12 recommendations made a few years ago by law enforcement agencies including the FBI and Interpol.
Notably, registrars under the 2013 RAA will be obliged to verify the phone number or email address of each registrant and suspend the domains of those it cannot verify.
That rule will apply to both new registrations, inter-registrar transfers and domains that have changes made to their Whois records. It will also apply to existing registrations when registrars have been alerted to the existence of possibly phony Whois information.
It’s pretty basic stuff. Along with provisions requiring registrars to disclose their business identities and provide abuse points of contact, it’s the kind of thing that all responsible online businesses should do anyway (and indeed all the big registrars already do).
Registrars have also agreed to help ICANN create an accreditation program for proxy and privacy services. Before that program is created, they’ve agreed to some temporary measures to regulate such services.
This temporary spec requires proxy services to investigate claims of abuse, and to properly inform registrants about the circumstances under which it will reveal their private data.
It also requires the proxy service to hold the registrant’s real contact data in escrow, to be accessed by ICANN if the registrar goes out of business or has its contract terminated.
This should help registrants keep hold of their names if their registrar goes belly-up, but of course it does mean that their private contact information will be also stored by the escrow provider.
But the biggest changes in this final RAA, compared to the previously posted draft versions, relate to methods of changing the contract in future.
Notably, registrars have won the right to perpetual renewal of their contracts, giving them a bit more long-term visibility into their businesses.
Under the current arrangement, registrars had to sign a new RAA every five years but ICANN was under no obligation to grant a renewal.
The 2013 contract, on the other hand, gives registrars automatic renewal in five-year increments after the initial term expires, as long as the registrar remains compliant.
The trade-off for this is that ICANN has codified the various ways in which the agreement can be modified in future.
The so-called “unilateral right to amend” clauses introduced a few months ago — designed to enable “Special Amendments” — have been watered down now to the extent that “unilateral” is no longer an accurate way to describe them.
If the ICANN board wants to introduce new terms to the RAA there’s a series of complex hoops to jump through and more than enough opportunities for registrars to kill off the proposals.
Indeed, there are so many caveats and a so many procedural kinks that would enable registrars to prevent ICANN taking action without their consent I’m struggling to imagine any scenario in which the Special Amendment process is successfully used by the board.
But the final 2013 RAA contains something entirely new, too: a way for ICANN’s CEO to force registrars back to the negotiating table in future.
This seems to have made an appearance at this late stage of negotiations precisely because the Special Amendment process has been castrated.
It would enable ICANN’s CEO or the chair of the Registrars Stakeholder Group to force the other party to start talking about RAA amendments with a “Negotiation Notice”. If the talks failed, all concerned would head to mediation, and then arbitration, to sort out their differences.
My guess is that this Negotiation Notice process is much more likely to be used than the Special Amendment process.
It seems likely that these terms will provide the template for similar provisions in the new gTLD Registry Agreement, which is currently under negotiation.
The 2013 RAA public comment period is open until June 4, but I don’t expect to see any major changes after that date. The documents can be downloaded, and comments filed, here.
ICANN has decided to call off its big New York City new gTLD launch “party”, DI has learned.
The high-profile media event, scheduled for April 23, was set to feature an appearance from mayor Michael Bloomberg and was expected to be a coming-out party for new gTLDs.
The original plan was for ICANN to sign the first registry agreements with new gTLD applicants during the event, but that notion was later scrapped due to ongoing contract talks.
However, during the public forum at the ICANN Beijing meeting last week, CEO Fadi Chehade said that the event was still going ahead.
That, according to an ICANN email sent to registries and registrars today, appears to be no longer the case. The email cited “current timelines” as the reason for delaying the event.
The Registry Agreement and Registrar Accreditation Agreement still under discussion between ICANN and contracted parties, and there are other factors in play such as the Governmental Advisory Committee’s wide-ranging advice from Beijing and continued uncertainties about the Trademark Clearinghouse.
With so much up in the air, a public awareness-raising event for the program may have been seen as premature.
A second, private set of meetings between ICANN and domain name companies, also scheduled for April 23 in New York, is still going ahead, according to the ICANN email.
Following on from discussions held over the last few months, the New York talks will focus on improving the image and professionalism of the domain name industry, one of Chehade’s pet projects.
Talks will cover items such as: forming a DNS industry trade association, a possible trust-mark scheme, conferences and media/analyst outreach.
The launch window for new gTLDs may have just got pushed back another month or two, following the announcement of a new 42-day comment period on registry and registrar contracts.
But ICANN CEO Fadi Chehade said he’s looking at ways to streamline the process to offset the delays.
During the public forum in Beijing yesterday, ICANN CEO Fadi Chehade said that he’d cancelled a scheduled April 20 meeting of its board of directors, during which the new agreements were targeted for approval.
Instead, new versions of the 2013 Registrar Accreditation Agreement and new gTLDs base Registry Agreement will be posted for public comment next week.
As these are expected to be the final versions of both documents, they’re also expected to have full comment periods of 42 days — 21 for comments and 21 for replies.
“I believe that putting the last version of RAA for 2013 out for full public comment process is actually strengthening that agreement,” Chedhade said today. “It makes it an agreement of the community.”
For the Registry Agreement, Chehade said talks with registries are going well and that he hopes to have a version ready for public comment agreed with negotiators in less than a week.
Assuming an April 19 start, that puts the earliest possible date for ICANN board approval at May 31, assuming the board waits for the comment period to end before giving it the rubber stamp.
Before the contracts are approved, they can’t be signed by registries and registrars, and before they are signed new gTLD applicants cannot progress to the final pre-launch stages of the delegation process.
But Chehade is weighing an idea put forward during the public forum by Donuts’ Jon Nevett: why not allow applicants to complete pre-delegation technical testing before contract signing?
“We could potentially do something about advancing this step ahead of contracting, finding a way to start pre-delegation testing before contracting is done,” Chehade said.
Domain name companies are coming close to agreement with ICANN on two critical new contracts, but there was still substantial skepticism and anger on display in Beijing yesterday.
It was revealed during a session at ICANN 46 that the long-running negotiations on the 2013 Registrar Accreditation Agreement are now pretty much done, with apparent compromise from both sides.
In addition, the proposed Registry Agreement for new gTLDs has been toned down to make it more acceptable to applicants, with ICANN apparently confident that agreement can be reached soon.
But while registrars seemed relatively content with their outcome, registries appear to still be very upset indeed, largely due to the new “special amendments” process that continues to be on the table.
The scope of the amendment process has been narrowed to items outside the “picket fence” that surrounds ICANN’s regulatory jurisdiction, and there are a few more ways companies can head off ICANN intervention.
“It’s not quite a unilateral amendment process any more, we’ve built in a lot of safeguards,” ICANN senior counsel Samantha Eisner told the meeting.
What’s new in the RAA?
These are some of the other things that have been agreed since the last draft of the RAA was posted a month ago.
- Privacy opt-out on Whois. Registrars based in places such as Europe, which has stronger data protection laws than the US, will be able to opt out of the Whois data retention and verification rules if they can show that they’d be breaking the law otherwise. They won’t have to wait to to get sued first, either.
- Account holder verification. As well as validating the email address or phone number used in the public Whois, registrars will do the same checks on their private account-holder records.
- Proxy and privacy services. If ICANN doesn’t come up with an accreditation program for proxy/privacy services by a certain deadline, the temporary specs in the 2013 RAA will expire.
- Port 43 obligations scrapped. Registrars will no longer have to provide Whois service over port 43 for gTLDs with “thick” registries. They’ll still have to provide it on their web sites though.
The registrars have also agreed to measures that address all 12 of the recommendations proposed by law enforcement agencies a few years ago, which is what kicked off the RAA renegotiation in the first place.
However, as we reported yesterday, law enforcement in the US and Europe are not impressed with the RAA, saying it doesn’t go far enough to verify domain registrants’ identities.
The Governmental Advisory Committee is due to speak to the ICANN board later today, and this is a topic it is likely to bring up. The RAA story may not be over yet.
Generally, the mood from registrars seemed to be mixed but relatively upbeat.
Rob Hall of Pool.com said he’s going to sign the new RAA as soon as possible. He said that the fact that the 2013 RAA is needed in order to sell new gTLD domains is an impetus to sign it.
Elliot Noss of Tucows said he was less eager to sign. He said that the new gTLDs likely to launch in the short term (uncontested ones, in other words) are unlikely to be the most lucrative ones.
Registries and new gTLD applicants, on the other hand, were not so happy with their lot.
Anger over the Registry Agreement
Yesterday’s session in Beijing was notable for a jarring moment in which normally mild-mannered Verisign policy veep Chuck Gomes threw an uncharacteristic wobbler, politely but brutally attacking ICANN for acting in bad faith and treating registries like “second-class citizens”.
He took issue with the fact that the special amendments process in the Registry Agreement was first introduced by ICANN, and then rejected by the community, a few years back.
ICANN can’t describe its eleventh-hour return as an act of “good faith”, he said.
“You’re dealing with organizations on the registry and registrar side that fund 95%, through our registrants, of your budget, and yet we’re treated like second class citizens by throwing something at us that totally reverses a community, multi-stakeholder, bottom-up decision that was made three years ago,” he said.
“Convince me that that was in good faith. I don’t think you can,” he said, receiving a round of applause.
New gTLD applicants such as Verisign have had less time to assemble their collective thoughts and come to a unified negotiating position on the RA, which was thought to be settled until recently.
The amendment provisions were introduced by ICANN in February, and applicants don’t yet have a the same kind of negotiating team the registrars have had for the past 18 months.
What’s more, they’re worried that ICANN is trying to push the changes through without giving them enough time for talks.
Rumors have been circulating in Beijing that the ICANN board is preparing to approve the RAA and RA at a meeting April 20, in time for the first registries to sign up at its April 23 new gTLDs media event.
Under persistent questioning, ICANN vice president of industry engagement Cyrus Namazi said in various different ways that ICANN has no intention to rush-approve an RA to an arbitrarily chosen date.
ICANN says it needs its special amendment rights in order to address unknown future situations in which the voting dynamics of the ICANN policy-making bodies are dominated by special interests that want to block contract changes that would be in the public interest.
Noss from Tucows, an applicant as well as a registrar, said he’s been asking for specific examples of possible reasons the special amendment process would be invoked, but has had no response from ICANN.
He further suggested that if ICANN is so worried about future uncertainties that it feels it needs these rights, then registries and registrars should get the same rights to force amendments.
Law enforcement agencies are not happy with the proposed 2013 Registrar Accreditation Agreement, saying it doesn’t go far enough to help them catch online bad guys.
Europol and the FBI told ICANN’s Governmental Advisory Committee yesterday that people need to have their full identities verified before they’re allowed to register domain names.
They added that new gTLDs shouldn’t be allowed to launch until a tougher RAA is agreed to and signed by registrars.
The draft 2013 RAA would force registrars to validate their customers’ email addresses or phone numbers after selling them a domain, but law enforcement thinks this is not enough.
“We need a bit more in this area,” Troels Oerting, head of Europol’s European Cybercrime Centre, told the GAC during a Sunday session. “We need a bit more to be verified in addition to the phone or email.”
“It’s very, very important that we are able to identify perpetrators able, to identify the originators, and it’s not enough that you just put in the email or phone,” he said.
He added that there should also be re-verification procedures and ongoing compliance monitoring from ICANN, and said that only registrars signing the 2013 RAA should be allowed to sell new gTLD domains.
Europol has sent a letter to ICANN (not yet published, it seems) outlining four areas it wants to see the RAA “improved”, Oerting said.
Given that many GAC members, including the US, seem to support this position, it’s yet another threat to ICANN’s new gTLD launch timetable, not to mention privacy and anonymous speech in general.
The law enforcement recommendations are not new, of course. They’ve been in play and GAC-endorsed for many years, but were watered down during ICANN’s RAA talks with registrars.