Latest news of the domain name industry

Recent Posts

Six big reasons we won’t see any new gTLD launches until Q3

Kevin Murphy, April 5, 2013, Domain Policy

ICANN’s announcement of a big media bash in New York on April 23, to announce the launch of new gTLDs, has gotten many people thinking the first launches are imminent.

Wrong.

We’re not going to see any new gTLD domains on sale until the third quarter at the earliest, in my view, and here are a few good reasons why.

April 23 is just a PR thing

ICANN has said that April 23 is primarily about awareness-raising.

Not only does it hope to garner plenty of column inches talking about new gTLDs — helping the marketing efforts of their registries — it also hopes to ceremonially sign the first Registry Agreements.

I think CEO Fadi Chehade’s push to make the industry look more respectable will also play a part, with the promotion of the Registrant Rights and Responsibilities document.

But there’s never been any suggestion that any strings will be delegated at that time, much less go live.

The contracts are still hugely controversial

If ICANN wants to sign a Registry Agreement on April 23, it’s going to need a Registry Agreement to sign.

Right now, applicants are up in arms about ICANN’s demand for greater powers to amend the contract in future.

While ICANN has toned down its proposals, they may still be unacceptable to many registries and gTLD applicants.

Applicants have some impetus to reach agreement quickly — because they want to launch and start making money as soon as possible.

But ICANN wants the same powers added to the 2013 Registrar Accreditation Agreement, and registrars are generally less worried about the speedy approval of new gTLDs.

ICANN has tied the approval of the RA and the RAA together — only registrars on the new RAA will be able to sell domains in new gTLDs.

Chehade has also made it clear that agreement on the new RAA is a gating issue for new gTLD launches.

If registries, registrars and ICANN can’t settle these issues in Beijing, it’s hard to see how any contracts could be signed April 23. The first launch would be delayed accordingly.

GAC Advice might not be what we’re expecting

GAC Advice on New gTLDs is, in my view, the biggest gating issue applicants are facing right now.

GAC Advice is an integral part of the approval process outlined in the Applicant Guidebook and ICANN has said many times that it cannot and will not sign any contracts until the GAC has spoken.

But what does that mean from a process and timing point of view?

According to the Applicant Guidebook, if an application receives GAC Advice, it gets shunted from the main evaluation track to the ICANN board of directors for consideration.

It’s the only time the ICANN board has to get directly involved with the approval process, according to the Guidebook’s rather complex flow-charts.

GAC Advice is not an automatic death sentence, but any application the GAC is unanimously opposed to stands a very slim chance of getting approved by the board.

Given that ICANN is has said it will not sign contracts until it has received GAC Advice, and given that it has said it wants to sign the first contract April 23, it’s clearly expecting to know which applications are problematic and which are not during the next three weeks.

But I don’t think that’s necessarily going to happen. The GAC moves slowly and it has a track record of missing ICANN-imposed deadlines, which it often seems to regard as irksome.

Neither ICANN nor the GAC have ever said GAC Advice on New gTLDs will be issued during next week’s public meeting in Beijing. If a time is given it’s usually “after” or “following” Beijing.

And I don’t think the GAC, which decided against holding an inter-sessional meeting between Toronto and Beijing, is remotely close to providing a full list of specific applications of concern.

I do think a small number of slam-dunk bad applications – such as DotConnectAfrica’s .africa bid – will get Advised against during or after the Beijing meeting.

But I also think the GAC is likely to issue Advice that is much broader, and which may not provide the detail ICANN needs to carry the process forward for many applicants.

The GAC, in its most recent (delayed) update, is still talking about “categories” of concern – such as “consumer protection” and “geographical names” – some of which are very broad indeed.

Given the limited amount of time available to it in Beijing, I think it’s quite likely that the GAC is going to produce advice about categories as well as about individual applications.

And, crucially, I don’t think it’s necessarily going to give ICANN a comprehensive list of which specific applications fall into which categories.

If the GAC decides to issue Advice under the banner of “consumer protection”, for example, somebody is going to have to decide which applications are captured by that advice.

Is that just strings that relate to regulated industries such as pharmaceuticals or banking? Or is it any string that relates to selling stuff? What about .shop and .car? Shops and cars are “regulated” by consumer protection and safety laws in most countries.

Deciding which Advice covered which applications would not be an easy task, nor would it be a quick one. I don’t think the GAC has done this work yet, nor do I think it will in Beijing.

For the GAC to reach consensus advice against specific applications will in some cases require GAC representatives to return to their capitals for guidance, which would add delay.

There is, in my view, a very real possibility of more discussions being needed following Beijing, just in order to make sense of what the GAC comes up with.

The new gTLD approval process needs the GAC to provide a list of specific applications or strings with which it has concerns, and we may not see that before April 23.

ICANN may get a short list of applications that definitely do have Advice by then, but it won’t necessarily know which applications do not, which may complicate the contract-signing process.

The Trademark Clearinghouse still needs testing

The Trademark Clearinghouse is already, in one sense, open for business. Trademark owners have been able to submit their marks for validation for a couple of weeks now.

But the hard integration work has not been done yet, because the technical specifications the registries and registrars need to interface with IBM’s TMCH database have not all been finalized.

When the specs are done (it seems likely this will happen in the next few weeks), registries and registrars will need to finish writing their software and start production testing.

ICANN’s working timetable has the TMCH going live July 1, but companies that know much more than me about the technical issues at play here say it’s unlikely that they’ll be ready to go live with Sunrise and Trademark Claims services before August.

It’s in everyone’s interests to get all the bugs ironed out before launch.

For new gTLD registries, a failure of the centralized TMCH database could mean embarrassing bugs and downtime during their critical launch periods.

Trademark owners and domain registrants may also be concerned about the potential for loopholes.

For example, it’s still not clear to some how Trademark Claims – which notifies registrants when there’s a clash between a trademark and a domain they want – will interact with landrush periods.

Does the registrant only get a warning when they apply for the domain, which could be some weeks before a landrush auction? If so, what happens if a mark is submitted to the TMCH between the application and the auction and ultimate registration?

Is that a loophole to bypass Trademark Claims? Could a registrant get hit by a Claim after they’ve just spent thousands to register a domain?

These are the kinds of things that will need to be ironed out before the TMCH goes fully live.

There’s a sunrise notice period

The sunrise period is the first stage of launch in which customers get to register domain names.

Lest we forget, ICANN recently decided to implement a mandatory 30-day notice period for every new gTLD sunrise period. This adds a month to every registry’s go-live runway.

Because gTLD sunrise periods from now on all have to use the TMCH, registries may have to wait until the Clearinghouse is operational before announcing their sunrise dates.

If the TMCH goes live in July, this would push the first launch dates out until August.

Super-eager registries may of course announce their sunrise period as soon as they are able, and then delay it as necessary to accommodate the TMCH, but this might carry public relations risks.

Verisign’s security scare

It’s still not clear how Verisign’s warning about the security risks of launching new gTLDs on the current timetable will be received in Beijing.

If the GAC reckons Verisign’s “concerns” are valid, particularly on the issue of root zone stability, ICANN will have to do a lot of reassuring to avoid being advised to delay its schedule.

Could ICANN offer to finish off its work of root zone automation, for example, before delegating new gTLDs? To do so would add months to the roll-out timetable.

Chehade to play hard-ball over unilateral right to amend?

Kevin Murphy, March 25, 2013, Domain Policy

ICANN CEO Fadi Chehade has reportedly indicated that the unilateral right to amend powers ICANN wants to put in its registry and registrar contracts are non-negotiable.

Speaking at a meeting of the Association of National Advertisers last week, Chehade is reported to have said: “I’m not going to back off this one.”

He is understood to have been referring to the changes ICANN wants to impose on the base new gTLD Registry Agreement and the Registrar Accreditation Agreement.

Amy Bivins of Bloomberg BNA’s Electronic Commerce & Law Report caught the speech live and tweeted the following:

Bivins’ full report is available behind BNA’s paywall.

The unilateral right to amend is just about the most controversial thing ICANN has proposed in a while.

It would give ICANN’s board of directors the power to make changes to both agreements in situations where registrars or registries cannot agree among themselves to a “special amendment” but there’s agreement by other community members that the change is required.

Registries and registrars argue that a contract in which one party has the power to change the agreement without the consent of the other is not really a contract at all.

But ICANN says the powers are needed, partly to redress existing imbalances: the fact that the RAA and RA both last for 10 years and that the RA has a presumptive right of renewal.

Without the right to change the RA over the protests of the registries, it’s possible that in future proposed changes could be vetoed by registries whose interests are not aligned with the “public interest”, ICANN argues.

ICANN says that it’s impossible to know how consolidation, future new gTLD rounds and power shifts in the ICANN community will affect the balance of power, meaning it needs a way to resist a registry choke-hold should the situation arise.

I suspect the fact that it’s taken about three years to get close to adding the recommendations of law enforcement relating to registrar conduct to the RAA may also have something to do with it.

Tempted by the Caesar solution [Guest Post]

The ICANN leadership is in a hurry, so to get things done, it is cutting corners.

One such attempt at going straight around a bend, the proposed changes to the new gTLD registry contract giving the ICANN Board unilateral right of amendment, has raised the registries’ ire.

ICANN’s other group of contracted parties (i.e. entities that must contract directly with ICANN to operate), the registrars, are also up in arms following ICANN’s inclusion of the same proposal at the eleventh hour of ongoing negotiations on their contract.

ICANN’s new leadership team, headed by newly appointed CEO Fadi Chehadé, has been rightly praised since he took office in the second half of 2012. This team has a business background, and it is attempting to apply business logic and business solutions to a number of obvious problems with ICANN.

The main one is predictability. ICANN is just not good at setting timelines, or keeping to those timelines it does manage to set.

In the past, that used to be annoying to stakeholders. But since the Board approved the new gTLD program in 2008, this trait has become excruciating.

This program has spawned a new industry, bought new interests into the ICANN environment, generated large-scale investments on the premise of future TLDs, and shone the spotlight on ICANN’s weaknesses to such business ventures.

Having a constantly slipping timeline as the new gTLD program did through much of its implementation phase, from that 2008 Board green light to the June 2011 Board resolution finally turning it into an operational reality, is a nightmare for any business.

So trying to fix this is a worthy goal. But the ICANN model is not only about business. It is first and foremost about community-driven policy-development and oversight. The new gTLD program is the result of such a process. One that the new ICANN leadership is finding cumbersome enough to want to cut through.

There have been a few mistakes made in this area in the last few months, but they seemed like honest missteps from a motivated team of result-getters. A team that apologized for those mistakes when they became apparent. A welcome change at ICANN.

But now, almost six months into the new leadership’s reign the veil is starting to lift and the leadership’s real visage to appear.

Last week, ICANN’s policymaking body for gTLDs, the GNSO, was unanimous in its denunciation of the leadership’s attempts at making the ICANN train go faster than it was engineered to.

During the GNSO Council’s monthly teleconference, the various groups that make up the GNSO’s diverse community all seemed to speak with one voice.

In a blog post written after the call and entitled “Clearing Up the Logjam: Time for ICANN to Drop Request for a Unilateral Right to Amend the Agreements”, GNSO Councillor Jeff Neuman, a representative of the Registry Stakeholder Group and a past Vice Chair of the Council, said the following:

A very rare thing happened in the GNSO Council meeting this week—the ICANN community spoke with one voice. Registries, registrars, non-commercial interests, new TLD applicants, IP owners and businesses unanimously and unambiguously agreed that giving ICANN a “unilateral right to amend” the registry and registrar agreements is not compatible with ICANN’s bottom-up processes and poses a fundamental threat to the multi-stakeholder model. There is true consensus that this change should be rejected.

ICANN COO Akram Attalah participated in the GNSO Council meeting and explained that this was not a done deal and that the leadership was in listening mode.

Except it all seems to be going in one ear and out the other.

A couple of days later, on March 15, ICANN Staff gave the Council an unofficial response by publishing a paper in which it explains its rationale for the unilateral change suggestion. It says:

The Board-approved amendment process is drafted to address a key concern of ICANN in this changing marketplace. What if the gTLD registration market develops in a way that is anticonsumer, yet very favorable to the existing registries or registrars. In this situation, it would be against the business interests of the incumbent registries or registrars to adopt a change – even when the broader community supports the change. Particularly in light of the “perpetual” renewal terms that are already in place within the proposed agreements, this limited power of the Board is the only way to introduce this type of change over the life of the agreements.

The real message is clear. The current leadership does not trust the ICANN multi-stakeholder bottom-up policy development process. Period.

So in cases of extreme necessity, the Board must have absolute power to enact the changes it sees fit. Experienced ICANN community member and former GNSO Council Chair Avri Doria calls this leadership’s tenure ICANN 3.0, and charts ICANN’s progress thus: “ICANN 1.0 – Democracy, ICANN 2.0 – Oligarchy, ICANN 3.0 – Imperium.”

Is a term which describes the absolute power given to the rulers of ancient Rome suited to ICANN? Of course not. But if a little caricature can help turn the ICANN leadership away from this temptation to get things done at all costs, then maybe it is needed.

This is a guest post by domain name industry consultant Stephane Van Gelder of Stephane Van Gelder Consulting. He has served as chair of the GNSO Council and is currently a member of ICANN’s Nominating Committee.

Registrars and ICANN hit impasse on new RAA

ICANN and its accredited domain name registrars have hit a brick wall in their long-running contract negotiations, after ICANN demanded the right to unilaterally amend the deal in future.

Documents published by ICANN this morning reveal that the two sides have reached agreement on almost all of their previous sticking points — including the extremely thorny issue of Whois verification — but have run into some fundamental, eleventh-hour disagreements.

As we’ve been reporting for the last couple of weeks, the big unresolved issue is ICANN’s unilateral right to amend the Registrar Accreditation Agreement in future, which registrars absolutely hate.

Death of the GNSO? Again?

The text of that proposed change has today been revealed to be identical to the text ICANN wants to insert into the Registry Agreement that all new gTLD registries must sign.

It gives ICANN’s board of directors the right, by two-thirds majority, to make essentially any changes they want to the RA and RAA in future, with minimal justification.

Registrars are just as livid about this as new gTLD applicants are.

The proposed change appears to be one of those introduced last month that ICANN said “[stems] from the call by ICANN’s CEO, Fadi Chehadé, to work to improve the image of the domain industry and to protect registrants”.

Chehadé has been on the road for the last couple of months trying to raise ICANN’s profile in various stakeholder groups in the private and public sectors around the world.

One of the memes he’s impressed upon contracted parties and others is that people don’t trust the domain name industry. Part of ICANN’s solution, it seems, is to grant its board more powers over registries and registrars.

But the Registrars Stakeholder Group reckons unilateral amendments would torpedo the multistakeholder process by emasculating the Generic Names Supporting Organization. It said:

The effect of such a clause in the primary agreements between ICANN and its commercial stakeholders would be devastating to the bottom-up, multi-stakeholder model.

First, it will effectively mean the end of the GNSO’s PDP [Policy Development Process], as the Board will become the central arena for all controversial issues, not the community.

Second, it creates an imbalance of authority in the ICANN model, with no limits on the scope or frequency of unilateral amendments, and no protections for registrars and more important registrants.

That’s the biggest barrier to an agreement right now, and it’s one shared by the entire contracted parties constituency of ICANN. Expect fireworks in Beijing next month.

Friction over new gTLDs

Registrars and registries are also angry about the fact that ICANN wants to force registrars to adopt the 2013 RAA, even if their 2009 or 2001 deals are still active, if they want to sell new gTLDs.

RrSG secretary Michele Neylon of Blacknight told DI today that it looks like ICANN is trying to “drive a wedge” between registrars and registries.

Here’s why:

ICANN is trying desperately to stick to its new gTLD program timetable, which will see it start signing Registry Agreements with new gTLD applicants in late April.

But it wants the base RA to include a clause obliging registries to only sell via registrars on the 2013 RAA.

Because the 2013 RAA is not yet finalized, registrars could potentially hold up the approval and delegation of new gTLDs if they don’t quickly agree to the changes ICANN wants.

According to Neylon, the documents released today have been published prematurely; with a little more time agreement could be reached on some of the remaining differences.

Again: expect fireworks in Beijing.

Whois records will be verified

But the new RAA is not all friction.

ICANN and registrars have finally come to agreement on important topics where there was previously sharp divergence.

Registrars have agreed to a new Whois Accuracy Program Specification that is a lot weaker than ICANN had, working from a blueprint laid out by governments and law enforcement agencies, first asked for.

Under the 2013 RAA signed-up registrars will have to start verifying certain elements of the contact information submitted by their registrants.

Notably, there’ll be a challenge-response mechanism for first-time registrants. Registrars will ask their customers to verify their email address or enter a code that has been sent to them via SMS text message or phone.

Note the “or” in that sentence. ICANN and law enforcement wanted registrars to do email “and” phone verification, but ICANN appears to have relented after months of registrars yapping about costs.

In future practice, because email verification is far easier and cheaper to implement, I’d be surprised if phone verification is used in anything but the rarest of cases.

Other data points will also be verified, but only to see that they conform to the correct formats.

Registrars will have to make sure that mailing addresses meet the Universal Postal Union standards, and that phone numbers conform to International Telecommunications Union formatting, for example.

They’ll also have to verify that the street address exists (if they have access to that data) but there will be no obligation to make sure that address and phone number actually belong to the registrant.

Registrants that provide patently false information that fails registrar verification will get 15 days to correct it or face the suspension of their domains.

ICANN wants registrars to also verify their customer records (which are usually different to the Whois records and, anecdotally, more accurate anyway) too, but registrars have so far not agreed to do so.

Taken as a whole, at first reading it’s difficult to see how the new Whois verification spec will do anything to prevent fast-turnover abuse such as phishing, but it may go a small way to help law enforcement investigate longer-term scams such as counterfeit goods sites.

The proposed 2013 RAA, along with more explanatory documents than you could possibly read in a coffee break is now open for public comment, with the reply period closing shortly after the Beijing meeting.

ICANN to publish unfinished RAA tomorrow

ICANN will tomorrow publish for public comment a version of the 2013 Registrar Accreditation Agreement that accredited registrars have not yet agreed to.

CEO Fadi Chehade told a conference call of registries and new gTLD applicants as much this afternoon, causing the Registrars Stakeholder Group to immediately state that talks have not finished yet.

However, ICANN subsequently confirmed the plan to DI, clarifying that the documents it will publish tomorrow will highlight ongoing points of divergence between ICANN and the RrSG.

The posting will comprise documents with “competing text identified that shows the similarities and differences in position between ICANN and the Registrar [Negotiating Team”, ICANN said.

I believe that the publication has been set for tomorrow to allow ICANN to hit its public comment deadlines for the big Beijing public meeting next month.

The posting was apparently agreed to at a meeting between the registrars and ICANN on Friday.

While the two sides have come to agreement on most of the changes to the RAA, sticking points remain despite now-daily talks.

I understand that a proposed unilateral right of amendment in ICANN’s favor is currently a big barrier to final agreement.

ICANN to reveal Registrant Rights & Responsibilities (and here’s a draft copy)

Kevin Murphy, February 28, 2013, Domain Registrars

ICANN is set to publish and start promoting a new Registrant Rights & Responsibilities charter at some point over the next couple of days, we hear.

The one-page document is set to become an important part of CEO Fadi Chehade’s plan to make the domain name industry appear more trustworthy and likable in the eyes of the internet-using public.

He first revealed the idea during a meeting with registries and registrars in Amsterdam last month.

An ICANN-commissioned study showed that people have a very low opinion of the industry, he told them.

The new document is designed to address some of those concerns.

While the charter may be presented as originating in the industry, it was first drafted by ICANN and we hear that some registrars have been somewhat reluctant to agree to it.

“It’s like when you’re a kid and your dad gives you a birthday card to sign for your mom,” one registrar told us.

The legalese-stricken document that ICANN originally presented to them over-stretched and could have carried legal exposure, they added.

DI has been sent of copy of what we’re told is a close-to-final draft of the document, which we understand is more agreeable to most registrars. We’ve pasted it below in full.

Registrants’ Rights and Responsibilities

Domain Name Registrants’ Rights:

  1. Your domain name registration and any privacy services you may use in conjunction with it must be subject to a Registration Agreement with an ICANN Accredited Registrar.
    • You are entitled to review this Registration Agreement at any time, and download a copy for your records.
  2. You are entitled to accurate and accessible information about:
    • The identity of your ICANN Accredited Registrar;
    • The identity of any privacy service provider affiliated with your Registrar;
    • Your Registrar’s terms and conditions, including pricing information, applicable to domain name registrations;
    • The terms and conditions, including pricing information, applicable to any privacy services offered by your Registrar;
    • The customer support services offered by your Registrar and the privacy services provider, and how to access them;
    • How to raise concerns and resolve disputes with your Registrar and any privacy services offered by them; and
    • Instructions that explain your Registrar’s processes for registering, managing, transferring, renewing, and restoring your domain name registrations, including through any privacy services made available by your Registrar.
  3. You shall not be subject to false advertising or deceptive practices by your Registrar or though any privacy services made available by your Registrar. This includes deceptive notices, hidden fees, and any practices that are illegal under the consumer protection law of your residence.

Domain Name Registrants’ Responsibilities:

  1. You must comply with the terms and conditions posted by your Registrar, including applicable policies from your Registrar, the Registry and ICANN.
  2. You must review your Registrar’s current Registration Agreement, along with any updates.
  3. You will assume sole responsibility for the registration and use of your domain name.
  4. You must provide accurate information for publication in directories such as WHOIS, and promptly update this to reflect any changes.
  5. You must respond to inquiries from your Registrar within fifteen (15) days, and keep your Registrar account data current. If you choose to have your domain name registration renew automatically, you must also keep your payment information current.

It draws on changes ICANN and registrars have agreed to in the 2013 (hopefully) Registrar Accreditation Agreement, such as registrar commitments to provide basic information about themselves.

As for the 2013 RAA itself, we hear that ICANN wants to present a final version to its board of directors for approval during its public meeting in Beijing in early April.

That would mean opening it up for public comment next week, but registrars and ICANN have not yet agreed to a final draft for publication, despite now-daily negotiation meetings.

The major sticking point, we gather, is an amendment that would give ICANN a unilateral right to change the contract in future — similar to the proposed gTLD Registry Agreement provision currently causing a shitstorm in the new gTLD applicant community.

There’s also controversy about the fact that ICANN wants to restrict new gTLDs to only registrars that sign the new RAA, which is designed to be a carrot to get them to sign up even if their 2009/2001 RAAs are still active.

Ten registrars spanked for ignoring ICANN audit

Kevin Murphy, January 14, 2013, Domain Registrars

ICANN has sent breach notices to 10 domain name registrars for failing to respond to its ongoing contract compliance audit.

The 10 registrars with breach notices are: Crosscert, Mat Bao, DomainsToBeSeen.com, USA Webhost, Internet NAYANA Inc, Cheapies.com, Domainmonger.com, Lime Labs, Namevault.com, and Power Brand Center.

According to ICANN, these registrars failed to provide the requested documentation as required by their Registrar Accreditation Agreement.

The Contractual Compliance Audit Program is a proactive three-year effort to check that all registries and registrars are abiding by the terms of their agreements.

ICANN selected 317 registrars at random for the first year of the program. As of January 4, 22 had not responded to these notices.

Only registrars signed up to the 2009 version of the RAA are contractually obliged to respond.

Verisign, which was one of six gTLD registries selected to participate this year, has controversially refused to let ICANN audit .net, saying it is not obliged to do so.

While the .net contract does have some audit requirements, we understand they’re not as wide-ranging as ICANN’s audit envisages.

The 10 registrars have been given until February 1 to provide ICANN with the necessary information or risk losing their accreditations.

Crocker sees new gTLDs going live “towards the end of the year”

Kevin Murphy, January 10, 2013, Domain Policy

Not exactly the news that new gTLD applicants wanted to hear.

ICANN chairman Steve Crocker has put a tentative date of “towards the end of the year” for the first approval and delegation of new gTLDs, months later than some applicants were expecting.

In a video interview with ICANN media affairs chief Brad White, reviewing the organization’s goals for the year, Crocker said:

We will see some strings towards the end of the year I think actually approved and perhaps delegated into the root and so it will be interesting to see the how all that comes out what kinds of moves are made.

That time-frame is later than most industry experts speaking to Bloomberg BNA for a recent briefing paper had predicted. Some expected new gTLDs to start hitting the root as early as April.

Better news for applicants came in Crocker’s response to a question about whether ICANN was wedded to its 1,000 delegations-per-year limit, which could artificially throttle some applicants’ plans. He said:

I do not want to suggest that there will be a change, but I suspect there is plenty of capacity to increase that somewhat if it were necessary to do so.

The interview also discusses ICANN’s investment strategy for its new gTLD funds, its meetings strategy for the next few years, and the Registrar Accreditation Agreement (which Crocker said is “nearing completion”).

Watch the whole thing here:

Another deadline missed in registrar contract talks

Kevin Murphy, December 16, 2012, Domain Registrars

ICANN and domain name registrars will fail to agree on a new Registrar Accreditation Agreement by the end of the year, ICANN has admitted.

In a statement Friday, ICANN said that it will likely miss its end-of-year target for completing the RAA talks:

While the registrars and ICANN explored potential dates for negotiation in December 2012, both sides have agreed that between holidays, difficult travel schedules and the ICANN Prioritization Draw for New gTLDs, a December meeting is not feasible. Therefore, negotiations will resume in January 2013, and the anticipated date for publication of a draft RAA for community comment will be announced in January as well.

The sticking point appears to still be the recommendations for strengthening registrars’ Whois accuracy commitments, as requested by law enforcement agencies and governments.

At the Toronto meeting in October, progress appeared to have been made on all 12 of the LEA recommendations, but the nitty-gritty of the Whois verification asks had yet to be ironed out.

Potentially confusing matters, ICANN has launched a parallel root-and-branch Whois policy reform initiative, a community process which may come to starkly different conclusions to the RAA talks.

Before the LEA issues are settled, ICANN doesn’t want to start dealing with requests for RAA changes from the registrars themselves, which include items such as dumping their “burdensome” port 43 Whois obligations for gTLD registries that have thick Whois databases.

ICANN said Friday:

Both ICANN and the registrars have additional proposed changes which have not yet been negotiated. As previously discussed, it has been ICANN’s position that the negotiations on key topics within the law enforcement recommendations need to come to resolution prior to concluding negotiations on these additional areas.

Registrars agreed under duress to start renegotiating the RAA following a public berating from the Governmental Advisory Committee at the ICANN Dakar meeting October 2011.

At the time, the law enforcement demands had already been in play for two years with no substantial progress. Following Dakar, ICANN and the registrars said they planned to have a new RAA ready by March 2012.

Judging by the latest update, it seems quite likely that the new RAA will be a full year late.

ICANN has targeted the Beijing meeting in April next year for approval of the RAA. It’s one of the 12 targets Chehade set himself following Toronto.

Given that the draft agreement will need a 42-day public comment period first, talks are going to have to conclude before the end of February if there’s any hope of hitting that deadline.

ICANN asks: just what the hell is Whois for anyway?

Kevin Murphy, November 19, 2012, Domain Policy

It’s back to basics time at ICANN, with the launch today of a massive effort to take a fresh look at Whois.

This could be a biggie.

“We’re going to go back to the fundamentals and ask: what problems are being addressed by Whois, who’s using it and what are they using it for?” ICANN chair Steve Crocker told DI.

The ICANN board of directors earlier this month passed a resolution, published today, that calls for:

a new effort to redefine the purpose of collecting, maintaining and providing access to gTLD registration data, and consider safeguards for protecting data, as a foundation for new gTLD policy and contractual negotiations

This is bare-bones, fundamental stuff, likely to encompass pretty much every controversial issue to hit Whois over the years.

Crocker noted that the use of Whois, originally designed to help people locate the operators of large multi-user computing services, has changed over the years.

Is Whois now there to help law enforcement track down crooks? Is it there to help intellectual property owners enforce their rights? Should it help domainers verify who they’re transacting with?

Should published Whois records always be complete and accurate? Is there a right to privacy in Whois?

These are the some of the big questions that ICANN has tried and failed to grapple with over the last decade, and Crocker said that now is the time to answer them.

“My own feeling is that this must not suffer from the endless delays it has in the past, but at the same time it’s essential that we get it right rather than get it done quickly,” he said.

The new board resolution didn’t appear of thin air, however.

It’s a response to the recommendations of the Whois Policy Review Team, which earlier this year called for ICANN to make a Whois a strategic priority.

The review team itself was set up to comply with ICANN’s Affirmation of Commitments with the US Department of Commerce, one of ICANN’s core documents and part of the basis of its legitimacy.

But the AoC may presuppose certain outcomes of any root-and-branch Whois reform, calling as it does for a Whois policy that “meets the legitimate needs of law enforcement and promotes consumer trust”.

Crocker said that doesn’t necessarily rule out a big rethink about the way Whois data is accessed.

“Today, all of the information in Whois is published for the public,” he said. “Anyone can get at it, it doesn’t matter if you’re competitor or friend or law enforcement, you can get access.”

“A point of discussion could be: would it make sense to make different levels of access to information available to different people?” he added.

As an analogy, he pointed to car license plates. If you’re a cop and you see a suspicious vehicle you can trace the owner, but if you’ve just taken a fancy to the driver it’s harder to get their number.

Crocker noted that he’s not presupposing any outcomes of the review.

As well as calling for the review, the board’s latest resolution also calls for existing Whois rules, such as they are, to continue to be strictly adhered to. The resolution:

directs the CEO to continue to fully enforce existing consensus policy and contractual conditions relating to the collection, access and accuracy of gTLD registration data

This second prong of the approach is no doubt designed in part to remind contracted parties that just because Whois is open for review it doesn’t mean they can start ignoring compliance notices.

However, it’s going to be interesting to see how Whois reform plays into open discussions such as the renegotiation of the Registrar Accreditation Agreement.

The big stumbling blocks in the RAA talks right now relate directly to Whois verification, so registrars might be able to start arguing that agreeing to ICANN’s demands might preempt the review.

But Crocker doesn’t think that should happen.

“An examination of the fundamentals of Whois should not serve as as way of stalling or pulling back on the current system,” he said.

It’s not entirely clear what the next steps are for the Whois review.

There will be a board-mandated GNSO Policy Development Process somewhere down the line, but not until CEO Fadi Chehade has conducted some kind of outreach and information-gathering, it seems.

How long this will take is not known, but I get the impression the board wants to move relatively quickly. The PDP, I would guess, will take a couple of years at least.

Chehade said in his opening address during the Toronto meeting last month that long-standing disagreements over the purpose of Whois should be relatively “easy” to resolve.

Let’s see if he’s correct. I wouldn’t put money on it.