Latest news of the domain name industry

Recent Posts

Grogan hopeful of content policing clarity within “a few weeks”

ICANN may be able to provide registrars, intellectual property interests and others with clarity about when domain names should be suspended as early as next month, according to compliance chief Allen Grogan.

With ICANN 53 kicking off in Buenos Aires this weekend, Grogan said he intends to meet with a diverse set of constituents in order to figure out what the Registrar Accreditation Agreement requires registrars to do when they receive abuse complaints.

“I’m hopeful we can publish something in the next few weeks,” he told DI. “It depends to some extent on what direction the discussions take.”

The discussions center on whether registrars are doing enough to take down domains that are being used, for example, to host pirated content or to sell medicines across borders.

Specifically at issue is section 3.18 of the 2013 RAA.

It requires registrars to take “reasonable and prompt steps to investigate and respond appropriately” when they receive abuse reports.

The people who are noisiest about filing such reports — IP owners and pharmacy watchdogs such as LegitScript — reckon “appropriate action” means the domain in question should be suspended.

The US Congress heard these arguments in hearings last month, but there were no witnesses from the ICANN or registrar side to respond.

Registrars don’t think they should be put in the position of having to turn off what may be a perfectly legitimate web site due to a unilateral complaint that may be flawed or frivolous.

ICANN seems to be erring strongly towards the registrars’ view.

“Whatever the terms of the 2013 RAA mean, it can’t really be interpreted as a broad global commitment for ICANN to enforce all illegal activity or all laws on the internet,” Grogan told DI.

“I don’t think ICANN is capable of that, I don’t think we have the expertise or resources to do that, and I don’t think the ICANN multistakeholder community has ever had that discussion and delegated that authority to ICANN,” he said.

CEO Fadi Chehade recently told the Washington Post that it isn’t ICANN’s job to police web content, and Grogan has expanded on that view in a blog post last week.

Grogan notes that what kind of content violates the law varies wildly from country to country — some states will kill you for blasphemy, in some you can get jail time for denying the Holocaust, in others political dissent is a crime.

“Virtually everybody I’ve spoken with has said that is far outside the scope of ICANN’s remit,” he said.

However, he’s leaving some areas open for discussion,

“There are some constituents, including some participants in the [Congressional] hearing — from the intellectual property community and LegitScript — who think there’s a way to distinguish some kinds of illegal activities from others,” he said. “That’s a discussion I’m willing to have.”

The dividing line could be substantial risk to public health or activities that are broadly, globally deemed to be illegal. Child abuse material is the obvious one, but copyright infringement — where Grogan said treaties show “near unanimity” — could be too.

So is ICANN saying it’s not the content police except when it comes to pharmacies and intellectual property?

“No,” said Grogan. “I’m saying I’m willing to engage in that dialogue and have that conversation with the community to see if there’s consensus that some activities are different to others.”

“In a multistakeholder model I don’t think any one constituency should control,” he said.

In practical terms, this all boils down to 3.18 of the RAA, and what steps registrars must take to comply with it.

It’s a surprisingly tricky one even if, like Grogan, you’re talking about “minimum criteria” for compliance.

Should registrars, for example, be required to always check out the content of domains that are the subject of abuse reports? It seems like a no-brainer.

But Grogan points out that even though there could be broad consensus that child abuse material should be taken down immediately upon discovery, in many places it could be illegal for a registrar employee to even check the reported URL, lest they download unwanted child porn.

Similarly, it might seem obvious that abuse reports should be referred to the domain’s registrant for a response. But what of registrars owned by domain investors, where registrar and registrant are one and the same?

These and other topics will come up for discussion in various sessions next week, and Grogan said he’s hopeful that decisions can be made that do not need to involve formal policy development processes or ICANN board action.

Cops can’t block domain transfers without court order, NAF rules

Kevin Murphy, January 12, 2014, Domain Registrars

Law enforcement and IP owners were dealt a setback last week when the National Arbitration Forum ruled that they cannot block domain transfers unless they have a court order.

The ruling could make it more difficult for registrars to acquiesce to requests from police trying to shut down piracy sites, as they might technically be in breach of their ICANN contracts.

NAF panelist Bruce Meyerson made the call in a Transfer Dispute Resolution Policy ruling after a complaint filed by EasyDNS against Directi (PublicDomainRegistry.com).

You’re probably asking right about now: “The what policy?”

I had to look it up, too.

TDRP, it turns out, has been part of the ICANN rulebook since the Inter-Registrar Transfer Policy was adopted in 2004.

It’s designed for disputes where one registrar refuses to transfer a domain to another. As part of the IRTP, it’s a binding part of the Registrar Accreditation Agreement.

It seems to have been rarely used in full over the last decade, possibly because the first point of complaint is the registry for the TLD in question, with only appeals going to a professional arbitrator.

Only NAF and the Asian Domain Name Dispute Resolution Centre are approved to handle such cases, and their respective records show that only one TDRP appeal has previously filed, and that was in 2013.

In the latest case, Directi had refused to allow the transfer of three domains to EasyDNS after receiving a suspension request from the Intellectual Property Crime Unit of the City of London Police.

The IPCU had sent suspension requests, targeting music download sites “suspected” of criminal activity, to several registrars.

The three sites — maxalbums.com, emp3world.com, and full-albums.net — are all primarily concerned with hosting links to pirated music while trying to install as much adware as possible on visitors’ PCs.

The registrants of the names had tried to move from India-based Directi to Canada-based EasyDNS, but found the transfers denied by Directi.

EasyDNS, which I think it’s fair to say is becoming something of an activist when it come to this kind of thing, filed the TDRP first with Verisign then appealed its “No Decision” ruling to NAF.

NAF’s Meyerson delivered a blunt, if reluctant-sounding, win to EasyDNS:

Although there are compelling reasons why the request from a recognized law enforcement agency such as the City of London Police should be honored, the Transfer Policy is unambiguous in requiring a court order before a Registrar of Record may deny a request to transfer a domain name… The term “court order” is unambiguous and cannot be interpreted to be the equivalent of suspicion of wrong doing by a policy agency.

To permit a registrar of record to withhold the transfer of a domain based on the suspicion of a law enforcement agency, without the intervention of a judicial body, opens the possibility for abuse by agencies far less reputable than the City of London Police.

That’s a pretty unambiguous statement, as far as ICANN policy is concerned: no court order, no transfer block.

It’s probably not going to stop British cops trying to have domains suspended based on suspicion alone — the Metropolitan Police has a track record of getting Nominet to suspend thousands of .uk domains in this way — but it will give registrars an excuse to decline such requests when they receive them, if they want the hassle.

2013 RAA is illegal, says EU privacy watchdog

European privacy regulators have slammed the new 2013 Registrar Accreditation Agreement, saying it would be illegal for registrars based in the EU to comply with it.

The Article 29 Working Party, which comprises privacy regulators from the 27 European Union nations, had harsh words for the part of the contract that requires registrars to store data about registrants for two years after their domains expire.

In a letter (pdf) to ICANN last month, Article 29 states plainly that such provisions would be illegal in the EU:

The fact that these personal data can be useful for law enforcement does not legitimise the retention of these personal data after termination of the contract. Because there is no legal ground for the data processing, the proposed data retention requirement violates data protection law in Europe.

The 2013 RAA allows any registrar to opt out of the data retention provisions if it can prove that to comply would be illegal its own jurisdiction.

The Article 29 letter has been sent to act as blanket proof of this for all EU-based registrars, but it’s not yet clear if ICANN will treat it as such.

The letter goes on to sharply criticize ICANN for allowing itself to be used by governments (and big copyright interests) to circumvent their own legislative processes. It says:

The fact that these data may be useful for law enforcement (including copyright enforcement by private parties) does not equal a necessity to retain these data after termination of the contract.

the Working Party reiterates its strong objection to the introduction of data retention by means of a contract issued by a private corporation in order to facilitate (public) law enforcement.

If there is a pressing social need for specific collections of personal data to be available for law enforcement, and the proposed data retention is proportionate to the legitimate aim pursued, it is up to national governments to introduce legislation

So why is ICANN trying to get many of its registrars to break the law?

While it’s tempting to follow the Article 29 WP’s reasoning and blame law enforcement agencies and the Governmental Advisory Committee, which pushed for the new RAA to be created in the first place, the illegal data retention provisions appear to be entirely ICANN’s handiwork.

The original law enforcement demands (pdf) say registrars should “securely collect and store” data about registrants, but there’s no mention of the period for which it should be stored.

And while the GAC has expressly supported the LEA recommendations since 2010, it has always said that ICANN should comply with privacy laws in their implementation.

The GAC does not appear to have added any of its own recommendations relating to data retention.

ICANN can’t claim it was unaware that the new RAA might be illegal for some registrars either. The Article 29 WP told it so last September, causing ICANN to introduce the idea of exemptions.

However, the European Commission’s GAC representative then seemed to dismiss the WP’s concerns during ICANN’s public meeting in Toronto last October.

Perhaps ICANN was justifiably confused by these mixed messages.

According to Michele Neylon, chair of the Registrars Stakeholder Group, it has yet to respond to European registrars’ inquiries about the Article 29 letter, which was sent June 6.

“We hope that ICANN staff will take the letter into consideration, as it is clear that the data protection authorities do not want create extra work either for themselves or for registrars,” Neylon said.

“For European registrars, and non-European registrars with a customer base in the EU, we look forward to ICANN staff providing us with clarity on how we can deal with this matter and respect EU and national law,” he said.

New registrar contract could be approved next week

ICANN’s board of directors is set to vote next week on the 2013 Registrar Accreditation agreement, but we hear some last-minute objections have emerged from registrars.

The new RAA has been about two years in the making. It will make registrars verify email addresses and do some rudimentary mailing address validation when new domains are registered.

It will also set in motion a process for ICANN oversight of proxy/privacy services and some aspects of the reseller business. In order to sell domain names in new gTLDs, registrars will have to sign up to the 2013 RAA.

ICANN has put approval of the contract on its board’s June 27 agenda.

But I gather that some registrars are unhappy about some last-minute changes ICANN has made to the draft deal.

For one, some linguistic tweaks to the text have given registrars an “advisory” role in seeking out technical ways to do the aforementioned address validation, which has caused some concern that ICANN may try to mandate expensive commercial solutions without their approval.

There also appears to be some concern that the new contract now requires registrars to make sure their resellers follow the same rules on proxy/privacy services, which wasn’t in previous drafts.

Huge registrar shake-up coming to .biz and .info

Afilias and Neustar will be soon able to sell .biz and .info domains direct, and may have to shut down registrars that refuse to sign up to the new 2013 Registrar Accreditation Agreement.

Those are two of the biggest changes proposed to the companies’ ICANN contracts, drafts of which were published this morning six months after their last registry agreements expired.

The new .biz and .info deals would allow both companies to vertically integrate — that is, own a controlling position in a registrar that sells domains in their respective gTLDs.

This would remove unwanted friction from their sales and marketing efforts, but would mean both registries would start competing with their own registrar channel in the retail market.

That’s currently not allowed in almost all gTLD contracts, but is expected to become commonplace in the era of new gTLDs, which have no such ownership restrictions.

These new vertical integration clauses were not unexpected; it’s been envisaged for a couple of years that the restrictions would be dropped in legacy gTLDs.

What is surprising are newly proposed clauses that would oblige Neustar and Afilias to terminate accredited registrars’ access to their TLDs if they don’t sign up to the 2013 RAA.

Under the process set out in the contracts, when registrars representing 67% of the domains in each given TLD have signed up to the 2013 RAA, all the other registrars would have between 270 and 330 days to also sign up to it or lose their ability to access the .biz/.info registries.

That would mean no selling new names and no accepting inbound transfers — a growth death sentence in the affected TLDs.

In the case of .info, in which Go Daddy has a 45% market share, it would only take the top four registrars to sign up to the 2013 RAA before the clock started ticking for the others.

However, this 67% rule would only kick in for Afilias and Neustar if Public Interest Registry and Verisign also voluntarily agree to the same rules for their .org, .com and .net gTLDs.

It’s a pretty aggressive move by ICANN to push the 2013 RAA onto registrars via its contracts with registries, but not the first.

In the separately proposed base New gTLD Registry Agreement, expected to be finalized in the next few weeks, registrars can only sell new gTLD domains if they’re on the 2013 RAA.

Other changes to the .biz and .info contracts include giving the registries the ability to block certain domains from registration to deal with security threats. Registries have been doing this since Conficker, but now they’ll be explicitly allowed to under their contracts.

They’ll also now be subject to the same emergency back-end transition provisions as new gTLDs, in the event of a catastrophic failure.

Both companies will also get to keep their ability to raise registry fees by 10% a year.

Presumably, given that the US Department of Commerce is not party to the .biz and .info deals, neither registry will get the same nasty surprise that Verisign got last year when Commerce froze its prices.

Both proposed contracts are now open for public comment at ICANN, here and here.

The previous contracts actually expired last December but were extended for six months due to ICANN’s focus on new gTLDs and the fact that it wanted to bring both agreements closer to the new gTLD contract.

New registrar deal to bring big changes to the domain name industry

Kevin Murphy, April 23, 2013, Domain Registrars

Big changes are coming to Whois, privacy services and resellers, among other things, under the terms of a newly agreed contract between domain name registrars and ICANN.

A proposed 2013 Registrar Accreditation Agreement that is acceptable to the majority of registrars, along with a plethora of supporting documentation, has been posted by ICANN this morning.

This “final” version, which is expected to be approved by ICANN in June, follows 18 months of often strained talks between ICANN and a negotiating team acting for all registrars.

It’s expected that only 2013 RAA signatories will be able to sell domain names in new gTLDs.

Overall, the compromise reflects ICANN’s desire to ensure that all registrars adhere to the same high standards of conduct, bringing contractual oversight to some currently gray, unregulated areas.

It also provides registrars with greater visibility into their future businesses while giving ICANN ways to update the contract in future according to the changing industry landscape.

For registrants, the biggest changes are those that came about due to a set of 12 recommendations made a few years ago by law enforcement agencies including the FBI and Interpol.

Notably, registrars under the 2013 RAA will be obliged to verify the phone number or email address of each registrant and suspend the domains of those it cannot verify.

That rule will apply to both new registrations, inter-registrar transfers and domains that have changes made to their Whois records. It will also apply to existing registrations when registrars have been alerted to the existence of possibly phony Whois information.

It’s pretty basic stuff. Along with provisions requiring registrars to disclose their business identities and provide abuse points of contact, it’s the kind of thing that all responsible online businesses should do anyway (and indeed all the big registrars already do).

Registrars have also agreed to help ICANN create an accreditation program for proxy and privacy services. Before that program is created, they’ve agreed to some temporary measures to regulate such services.

This temporary spec requires proxy services to investigate claims of abuse, and to properly inform registrants about the circumstances under which it will reveal their private data.

It also requires the proxy service to hold the registrant’s real contact data in escrow, to be accessed by ICANN if the registrar goes out of business or has its contract terminated.

This should help registrants keep hold of their names if their registrar goes belly-up, but of course it does mean that their private contact information will be also stored by the escrow provider.

But the biggest changes in this final RAA, compared to the previously posted draft versions, relate to methods of changing the contract in future.

Notably, registrars have won the right to perpetual renewal of their contracts, giving them a bit more long-term visibility into their businesses.

Under the current arrangement, registrars had to sign a new RAA every five years but ICANN was under no obligation to grant a renewal.

The 2013 contract, on the other hand, gives registrars automatic renewal in five-year increments after the initial term expires, as long as the registrar remains compliant.

The trade-off for this is that ICANN has codified the various ways in which the agreement can be modified in future.

The so-called “unilateral right to amend” clauses introduced a few months ago — designed to enable “Special Amendments” — have been watered down now to the extent that “unilateral” is no longer an accurate way to describe them.

If the ICANN board wants to introduce new terms to the RAA there’s a series of complex hoops to jump through and more than enough opportunities for registrars to kill off the proposals.

Indeed, there are so many caveats and a so many procedural kinks that would enable registrars to prevent ICANN taking action without their consent I’m struggling to imagine any scenario in which the Special Amendment process is successfully used by the board.

But the final 2013 RAA contains something entirely new, too: a way for ICANN’s CEO to force registrars back to the negotiating table in future.

This seems to have made an appearance at this late stage of negotiations precisely because the Special Amendment process has been castrated.

It would enable ICANN’s CEO or the chair of the Registrars Stakeholder Group to force the other party to start talking about RAA amendments with a “Negotiation Notice”. If the talks failed, all concerned would head to mediation, and then arbitration, to sort out their differences.

My guess is that this Negotiation Notice process is much more likely to be used than the Special Amendment process.

It seems likely that these terms will provide the template for similar provisions in the new gTLD Registry Agreement, which is currently under negotiation.

The 2013 RAA public comment period is open until June 4, but I don’t expect to see any major changes after that date. The documents can be downloaded, and comments filed, here.

ICANN cancels New York new gTLD party

Kevin Murphy, April 17, 2013, Domain Policy

ICANN has decided to call off its big New York City new gTLD launch “party”, DI has learned.

The high-profile media event, scheduled for April 23, was set to feature an appearance from mayor Michael Bloomberg and was expected to be a coming-out party for new gTLDs.

The original plan was for ICANN to sign the first registry agreements with new gTLD applicants during the event, but that notion was later scrapped due to ongoing contract talks.

However, during the public forum at the ICANN Beijing meeting last week, CEO Fadi Chehade said that the event was still going ahead.

That, according to an ICANN email sent to registries and registrars today, appears to be no longer the case. The email cited “current timelines” as the reason for delaying the event.

The Registry Agreement and Registrar Accreditation Agreement still under discussion between ICANN and contracted parties, and there are other factors in play such as the Governmental Advisory Committee’s wide-ranging advice from Beijing and continued uncertainties about the Trademark Clearinghouse.

With so much up in the air, a public awareness-raising event for the program may have been seen as premature.

A second, private set of meetings between ICANN and domain name companies, also scheduled for April 23 in New York, is still going ahead, according to the ICANN email.

Following on from discussions held over the last few months, the New York talks will focus on improving the image and professionalism of the domain name industry, one of Chehade’s pet projects.

Talks will cover items such as: forming a DNS industry trade association, a possible trust-mark scheme, conferences and media/analyst outreach.

Delay not certain as new gTLD contracts reopened

Kevin Murphy, April 12, 2013, Domain Policy

The launch window for new gTLDs may have just got pushed back another month or two, following the announcement of a new 42-day comment period on registry and registrar contracts.

But ICANN CEO Fadi Chehade said he’s looking at ways to streamline the process to offset the delays.

During the public forum in Beijing yesterday, ICANN CEO Fadi Chehade said that he’d cancelled a scheduled April 20 meeting of its board of directors, during which the new agreements were targeted for approval.

Instead, new versions of the 2013 Registrar Accreditation Agreement and new gTLDs base Registry Agreement will be posted for public comment next week.

As these are expected to be the final versions of both documents, they’re also expected to have full comment periods of 42 days — 21 for comments and 21 for replies.

“I believe that putting the last version of RAA for 2013 out for full public comment process is actually strengthening that agreement,” Chedhade said today. “It makes it an agreement of the community.”

For the Registry Agreement, Chehade said talks with registries are going well and that he hopes to have a version ready for public comment agreed with negotiators in less than a week.

Assuming an April 19 start, that puts the earliest possible date for ICANN board approval at May 31, assuming the board waits for the comment period to end before giving it the rubber stamp.

Before the contracts are approved, they can’t be signed by registries and registrars, and before they are signed new gTLD applicants cannot progress to the final pre-launch stages of the delegation process.

But Chehade is weighing an idea put forward during the public forum by Donuts’ Jon Nevett: why not allow applicants to complete pre-delegation technical testing before contract signing?

“We could potentially do something about advancing this step ahead of contracting, finding a way to start pre-delegation testing before contracting is done,” Chehade said.

Registries still angry despite ICANN concessions on new gTLD contract

Kevin Murphy, April 9, 2013, Domain Policy

Domain name companies are coming close to agreement with ICANN on two critical new contracts, but there was still substantial skepticism and anger on display in Beijing yesterday.

It was revealed during a session at ICANN 46 that the long-running negotiations on the 2013 Registrar Accreditation Agreement are now pretty much done, with apparent compromise from both sides.

In addition, the proposed Registry Agreement for new gTLDs has been toned down to make it more acceptable to applicants, with ICANN apparently confident that agreement can be reached soon.

But while registrars seemed relatively content with their outcome, registries appear to still be very upset indeed, largely due to the new “special amendments” process that continues to be on the table.

This unilateral-right-to-amend proposal, which ICANN sprung on the industry in February, has been watered down along the lines that we reported last week.

The scope of the amendment process has been narrowed to items outside the “picket fence” that surrounds ICANN’s regulatory jurisdiction, and there are a few more ways companies can head off ICANN intervention.

“It’s not quite a unilateral amendment process any more, we’ve built in a lot of safeguards,” ICANN senior counsel Samantha Eisner told the meeting.

What’s new in the RAA?

These are some of the other things that have been agreed since the last draft of the RAA was posted a month ago.

  • Privacy opt-out on Whois. Registrars based in places such as Europe, which has stronger data protection laws than the US, will be able to opt out of the Whois data retention and verification rules if they can show that they’d be breaking the law otherwise. They won’t have to wait to to get sued first, either.
  • Account holder verification. As well as validating the email address or phone number used in the public Whois, registrars will do the same checks on their private account-holder records.
  • Proxy and privacy services. If ICANN doesn’t come up with an accreditation program for proxy/privacy services by a certain deadline, the temporary specs in the 2013 RAA will expire.
  • Port 43 obligations scrapped. Registrars will no longer have to provide Whois service over port 43 for gTLDs with “thick” registries. They’ll still have to provide it on their web sites though.

The registrars have also agreed to measures that address all 12 of the recommendations proposed by law enforcement agencies a few years ago, which is what kicked off the RAA renegotiation in the first place.

However, as we reported yesterday, law enforcement in the US and Europe are not impressed with the RAA, saying it doesn’t go far enough to verify domain registrants’ identities.

The Governmental Advisory Committee is due to speak to the ICANN board later today, and this is a topic it is likely to bring up. The RAA story may not be over yet.

Generally, the mood from registrars seemed to be mixed but relatively upbeat.

Rob Hall of Pool.com said he’s going to sign the new RAA as soon as possible. He said that the fact that the 2013 RAA is needed in order to sell new gTLD domains is an impetus to sign it.

Elliot Noss of Tucows said he was less eager to sign. He said that the new gTLDs likely to launch in the short term (uncontested ones, in other words) are unlikely to be the most lucrative ones.

Registries and new gTLD applicants, on the other hand, were not so happy with their lot.

Anger over the Registry Agreement

Yesterday’s session in Beijing was notable for a jarring moment in which normally mild-mannered Verisign policy veep Chuck Gomes threw an uncharacteristic wobbler, politely but brutally attacking ICANN for acting in bad faith and treating registries like “second-class citizens”.

He took issue with the fact that the special amendments process in the Registry Agreement was first introduced by ICANN, and then rejected by the community, a few years back.

ICANN can’t describe its eleventh-hour return as an act of “good faith”, he said.

“You’re dealing with organizations on the registry and registrar side that fund 95%, through our registrants, of your budget, and yet we’re treated like second class citizens by throwing something at us that totally reverses a community, multi-stakeholder, bottom-up decision that was made three years ago,” he said.

“Convince me that that was in good faith. I don’t think you can,” he said, receiving a round of applause.

New gTLD applicants such as Verisign have had less time to assemble their collective thoughts and come to a unified negotiating position on the RA, which was thought to be settled until recently.

The amendment provisions were introduced by ICANN in February, and applicants don’t yet have a the same kind of negotiating team the registrars have had for the past 18 months.

What’s more, they’re worried that ICANN is trying to push the changes through without giving them enough time for talks.

Rumors have been circulating in Beijing that the ICANN board is preparing to approve the RAA and RA at a meeting April 20, in time for the first registries to sign up at its April 23 new gTLDs media event.

Under persistent questioning, ICANN vice president of industry engagement Cyrus Namazi said in various different ways that ICANN has no intention to rush-approve an RA to an arbitrarily chosen date.

ICANN says it needs its special amendment rights in order to address unknown future situations in which the voting dynamics of the ICANN policy-making bodies are dominated by special interests that want to block contract changes that would be in the public interest.

Noss from Tucows, an applicant as well as a registrar, said he’s been asking for specific examples of possible reasons the special amendment process would be invoked, but has had no response from ICANN.

He further suggested that if ICANN is so worried about future uncertainties that it feels it needs these rights, then registries and registrars should get the same rights to force amendments.

Cops say new gTLDs shouldn’t launch without a Big Brother RAA

Law enforcement agencies are not happy with the proposed 2013 Registrar Accreditation Agreement, saying it doesn’t go far enough to help them catch online bad guys.

Europol and the FBI told ICANN’s Governmental Advisory Committee yesterday that people need to have their full identities verified before they’re allowed to register domain names.

They added that new gTLDs shouldn’t be allowed to launch until a tougher RAA is agreed to and signed by registrars.

The draft 2013 RAA would force registrars to validate their customers’ email addresses or phone numbers after selling them a domain, but law enforcement thinks this is not enough.

“We need a bit more in this area,” Troels Oerting, head of Europol’s European Cybercrime Centre, told the GAC during a Sunday session. “We need a bit more to be verified in addition to the phone or email.”

“It’s very, very important that we are able to identify perpetrators able, to identify the originators, and it’s not enough that you just put in the email or phone,” he said.

He added that there should also be re-verification procedures and ongoing compliance monitoring from ICANN, and said that only registrars signing the 2013 RAA should be allowed to sell new gTLD domains.

Europol has sent a letter to ICANN (not yet published, it seems) outlining four areas it wants to see the RAA “improved”, Oerting said.

Given that many GAC members, including the US, seem to support this position, it’s yet another threat to ICANN’s new gTLD launch timetable, not to mention privacy and anonymous speech in general.

The law enforcement recommendations are not new, of course. They’ve been in play and GAC-endorsed for many years, but were watered down during ICANN’s RAA talks with registrars.