Latest news of the domain name industry

Recent Posts

Registrars and ICANN hit impasse on new RAA

ICANN and its accredited domain name registrars have hit a brick wall in their long-running contract negotiations, after ICANN demanded the right to unilaterally amend the deal in future.

Documents published by ICANN this morning reveal that the two sides have reached agreement on almost all of their previous sticking points — including the extremely thorny issue of Whois verification — but have run into some fundamental, eleventh-hour disagreements.

As we’ve been reporting for the last couple of weeks, the big unresolved issue is ICANN’s unilateral right to amend the Registrar Accreditation Agreement in future, which registrars absolutely hate.

Death of the GNSO? Again?

The text of that proposed change has today been revealed to be identical to the text ICANN wants to insert into the Registry Agreement that all new gTLD registries must sign.

It gives ICANN’s board of directors the right, by two-thirds majority, to make essentially any changes they want to the RA and RAA in future, with minimal justification.

Registrars are just as livid about this as new gTLD applicants are.

The proposed change appears to be one of those introduced last month that ICANN said “[stems] from the call by ICANN’s CEO, Fadi Chehadé, to work to improve the image of the domain industry and to protect registrants”.

Chehadé has been on the road for the last couple of months trying to raise ICANN’s profile in various stakeholder groups in the private and public sectors around the world.

One of the memes he’s impressed upon contracted parties and others is that people don’t trust the domain name industry. Part of ICANN’s solution, it seems, is to grant its board more powers over registries and registrars.

But the Registrars Stakeholder Group reckons unilateral amendments would torpedo the multistakeholder process by emasculating the Generic Names Supporting Organization. It said:

The effect of such a clause in the primary agreements between ICANN and its commercial stakeholders would be devastating to the bottom-up, multi-stakeholder model.

First, it will effectively mean the end of the GNSO’s PDP [Policy Development Process], as the Board will become the central arena for all controversial issues, not the community.

Second, it creates an imbalance of authority in the ICANN model, with no limits on the scope or frequency of unilateral amendments, and no protections for registrars and more important registrants.

That’s the biggest barrier to an agreement right now, and it’s one shared by the entire contracted parties constituency of ICANN. Expect fireworks in Beijing next month.

Friction over new gTLDs

Registrars and registries are also angry about the fact that ICANN wants to force registrars to adopt the 2013 RAA, even if their 2009 or 2001 deals are still active, if they want to sell new gTLDs.

RrSG secretary Michele Neylon of Blacknight told DI today that it looks like ICANN is trying to “drive a wedge” between registrars and registries.

Here’s why:

ICANN is trying desperately to stick to its new gTLD program timetable, which will see it start signing Registry Agreements with new gTLD applicants in late April.

But it wants the base RA to include a clause obliging registries to only sell via registrars on the 2013 RAA.

Because the 2013 RAA is not yet finalized, registrars could potentially hold up the approval and delegation of new gTLDs if they don’t quickly agree to the changes ICANN wants.

According to Neylon, the documents released today have been published prematurely; with a little more time agreement could be reached on some of the remaining differences.

Again: expect fireworks in Beijing.

Whois records will be verified

But the new RAA is not all friction.

ICANN and registrars have finally come to agreement on important topics where there was previously sharp divergence.

Registrars have agreed to a new Whois Accuracy Program Specification that is a lot weaker than ICANN had, working from a blueprint laid out by governments and law enforcement agencies, first asked for.

Under the 2013 RAA signed-up registrars will have to start verifying certain elements of the contact information submitted by their registrants.

Notably, there’ll be a challenge-response mechanism for first-time registrants. Registrars will ask their customers to verify their email address or enter a code that has been sent to them via SMS text message or phone.

Note the “or” in that sentence. ICANN and law enforcement wanted registrars to do email “and” phone verification, but ICANN appears to have relented after months of registrars yapping about costs.

In future practice, because email verification is far easier and cheaper to implement, I’d be surprised if phone verification is used in anything but the rarest of cases.

Other data points will also be verified, but only to see that they conform to the correct formats.

Registrars will have to make sure that mailing addresses meet the Universal Postal Union standards, and that phone numbers conform to International Telecommunications Union formatting, for example.

They’ll also have to verify that the street address exists (if they have access to that data) but there will be no obligation to make sure that address and phone number actually belong to the registrant.

Registrants that provide patently false information that fails registrar verification will get 15 days to correct it or face the suspension of their domains.

ICANN wants registrars to also verify their customer records (which are usually different to the Whois records and, anecdotally, more accurate anyway) too, but registrars have so far not agreed to do so.

Taken as a whole, at first reading it’s difficult to see how the new Whois verification spec will do anything to prevent fast-turnover abuse such as phishing, but it may go a small way to help law enforcement investigate longer-term scams such as counterfeit goods sites.

The proposed 2013 RAA, along with more explanatory documents than you could possibly read in a coffee break is now open for public comment, with the reply period closing shortly after the Beijing meeting.

ICANN to reveal Registrant Rights & Responsibilities (and here’s a draft copy)

Kevin Murphy, February 28, 2013, Domain Registrars

ICANN is set to publish and start promoting a new Registrant Rights & Responsibilities charter at some point over the next couple of days, we hear.

The one-page document is set to become an important part of CEO Fadi Chehade’s plan to make the domain name industry appear more trustworthy and likable in the eyes of the internet-using public.

He first revealed the idea during a meeting with registries and registrars in Amsterdam last month.

An ICANN-commissioned study showed that people have a very low opinion of the industry, he told them.

The new document is designed to address some of those concerns.

While the charter may be presented as originating in the industry, it was first drafted by ICANN and we hear that some registrars have been somewhat reluctant to agree to it.

“It’s like when you’re a kid and your dad gives you a birthday card to sign for your mom,” one registrar told us.

The legalese-stricken document that ICANN originally presented to them over-stretched and could have carried legal exposure, they added.

DI has been sent of copy of what we’re told is a close-to-final draft of the document, which we understand is more agreeable to most registrars. We’ve pasted it below in full.

Registrants’ Rights and Responsibilities

Domain Name Registrants’ Rights:

  1. Your domain name registration and any privacy services you may use in conjunction with it must be subject to a Registration Agreement with an ICANN Accredited Registrar.
    • You are entitled to review this Registration Agreement at any time, and download a copy for your records.
  2. You are entitled to accurate and accessible information about:
    • The identity of your ICANN Accredited Registrar;
    • The identity of any privacy service provider affiliated with your Registrar;
    • Your Registrar’s terms and conditions, including pricing information, applicable to domain name registrations;
    • The terms and conditions, including pricing information, applicable to any privacy services offered by your Registrar;
    • The customer support services offered by your Registrar and the privacy services provider, and how to access them;
    • How to raise concerns and resolve disputes with your Registrar and any privacy services offered by them; and
    • Instructions that explain your Registrar’s processes for registering, managing, transferring, renewing, and restoring your domain name registrations, including through any privacy services made available by your Registrar.
  3. You shall not be subject to false advertising or deceptive practices by your Registrar or though any privacy services made available by your Registrar. This includes deceptive notices, hidden fees, and any practices that are illegal under the consumer protection law of your residence.

Domain Name Registrants’ Responsibilities:

  1. You must comply with the terms and conditions posted by your Registrar, including applicable policies from your Registrar, the Registry and ICANN.
  2. You must review your Registrar’s current Registration Agreement, along with any updates.
  3. You will assume sole responsibility for the registration and use of your domain name.
  4. You must provide accurate information for publication in directories such as WHOIS, and promptly update this to reflect any changes.
  5. You must respond to inquiries from your Registrar within fifteen (15) days, and keep your Registrar account data current. If you choose to have your domain name registration renew automatically, you must also keep your payment information current.

It draws on changes ICANN and registrars have agreed to in the 2013 (hopefully) Registrar Accreditation Agreement, such as registrar commitments to provide basic information about themselves.

As for the 2013 RAA itself, we hear that ICANN wants to present a final version to its board of directors for approval during its public meeting in Beijing in early April.

That would mean opening it up for public comment next week, but registrars and ICANN have not yet agreed to a final draft for publication, despite now-daily negotiation meetings.

The major sticking point, we gather, is an amendment that would give ICANN a unilateral right to change the contract in future — similar to the proposed gTLD Registry Agreement provision currently causing a shitstorm in the new gTLD applicant community.

There’s also controversy about the fact that ICANN wants to restrict new gTLDs to only registrars that sign the new RAA, which is designed to be a carrot to get them to sign up even if their 2009/2001 RAAs are still active.

Another deadline missed in registrar contract talks

Kevin Murphy, December 16, 2012, Domain Registrars

ICANN and domain name registrars will fail to agree on a new Registrar Accreditation Agreement by the end of the year, ICANN has admitted.

In a statement Friday, ICANN said that it will likely miss its end-of-year target for completing the RAA talks:

While the registrars and ICANN explored potential dates for negotiation in December 2012, both sides have agreed that between holidays, difficult travel schedules and the ICANN Prioritization Draw for New gTLDs, a December meeting is not feasible. Therefore, negotiations will resume in January 2013, and the anticipated date for publication of a draft RAA for community comment will be announced in January as well.

The sticking point appears to still be the recommendations for strengthening registrars’ Whois accuracy commitments, as requested by law enforcement agencies and governments.

At the Toronto meeting in October, progress appeared to have been made on all 12 of the LEA recommendations, but the nitty-gritty of the Whois verification asks had yet to be ironed out.

Potentially confusing matters, ICANN has launched a parallel root-and-branch Whois policy reform initiative, a community process which may come to starkly different conclusions to the RAA talks.

Before the LEA issues are settled, ICANN doesn’t want to start dealing with requests for RAA changes from the registrars themselves, which include items such as dumping their “burdensome” port 43 Whois obligations for gTLD registries that have thick Whois databases.

ICANN said Friday:

Both ICANN and the registrars have additional proposed changes which have not yet been negotiated. As previously discussed, it has been ICANN’s position that the negotiations on key topics within the law enforcement recommendations need to come to resolution prior to concluding negotiations on these additional areas.

Registrars agreed under duress to start renegotiating the RAA following a public berating from the Governmental Advisory Committee at the ICANN Dakar meeting October 2011.

At the time, the law enforcement demands had already been in play for two years with no substantial progress. Following Dakar, ICANN and the registrars said they planned to have a new RAA ready by March 2012.

Judging by the latest update, it seems quite likely that the new RAA will be a full year late.

ICANN has targeted the Beijing meeting in April next year for approval of the RAA. It’s one of the 12 targets Chehade set himself following Toronto.

Given that the draft agreement will need a 42-day public comment period first, talks are going to have to conclude before the end of February if there’s any hope of hitting that deadline.

ICANN 45: Super-Fadi targets Trademark Clearinghouse and RAA talks

Kevin Murphy, October 22, 2012, Domain Policy

There can be no denying that ICANN’s new CEO was well received at the Toronto meeting last week.

From his opening speech, a sleeves-rolled-up address that laid out his management goals, and throughout the week, Fadi Chehadé managed to impress pretty much everybody I spoke to.

Now Chehadé has turned his attention to the formative Trademark Clearinghouse and the Registrar Accreditation Agreement talks, promising to bring the force of his personality to bear in both projects.

“I’m coming out of Toronto with two priorities for this year,” he said during an interview with ICANN’s media relations chief, Brad White, last Friday.

“The first one is obviously to get the Trademark Clearinghouse to work as best as possible, for all parties to agree we have a mechanism that can satisfy the interests of the parties.”

“The second one is the RAA,” he said. “Without question I’m going to be inserting myself personally into both these, including the RAA.”

These are both difficult problems.

Work on the TMCH hit a snag early last week when ICANN chief strategy officer Kurt Pritz told the GNSO Council that the “community consensus” implementation model proposed by registries presented a big problem.

The “live query model” proposed for the Trademark Claims service, which would require the TMCH to sit in the live domain registration path, should be taken “off the table”, he said.

ICANN is/was worried that putting a live database of trademark checks into the registration model that has functioned fairly well for the last decade is a big risk.

The TMCH would become a single point of failure for the whole new gTLD program and any unanticipated downtime, ICANN has indicated, would be hugely embarrassing for ICANN.

“I’m personally concerned that once you put the Clearinghouse in the path for that it’s very difficult to unring the bell, so I’d rather proceed in a way that doesn’t change that,” Pritz said.

His remarks, October 14, angered backers of the community model, who estimated that the live query model would only affect about 10% to 15% of attempted domain registrations.

“Taking it off the table is a complete mistake,” said Jeff Neuman of Neustar, one of the authors of the alternative “community” TMCH model.

“It is a proven fact that the model we have proposed is more secure and, we believe, actually looks out much more in favor of protecting trademark holders,” he said.

He noted that the community model was created in a “truly bottom-up” way — the way ICANN is supposed to function.

NetChoice’s Steve DelBianco, in a rare show of solidarity between the Business Constituency and the registries, spoke to support Neuman and the centralized community model.

“The BC really supports a centralized Trademark Clearinghouse model, and that could include live query,” DelBianco said. “I’m disturbed by the notion that an executive decision took it off the table.”

“My question is, was that the same executive decision that brought us the TAS and its glitches?” he added. “Was it the same executive decision process that gave us Digital Archery that couldn’t shoot straight?”

Pritz pointed out the logical flaw in DelBianco’s argument.

“The group that brought you TAS and Digital Archery… you want to put that in the critical path for domain names?” he said. “Our job here is to protect trademark rights, not change the way we register domain names.”

But Neuman and DelBianco’s dismay was short-lived. Within a couple of hours, in the same room, Chehadé had told the GNSO Council, in a roundabout sort of way, that the live query model was not dead.

Chehadé’s full remarks are missing from the official transcript (pdf), and what remains is attributed to GNSO Council chair Stephane Van Gelder, but I’ve taken a transcript from my own recording:

The very first week I was on the job, I was presented with a folder — a very nice little folder — and little yellow thing that said “Sign Here”.

So I looked at what I’m signing, as I normally do, and I saw that moving forward with a lot of activities related to the Trademark Clearinghouse as really what I’m being asked to move forward with.

And I’ll be frank with you, my first reaction was: do all the people who will be affected by this agreement… did we hear them all about this before we sign this? Are they all part of the decision-making that led us here?

And the answer was muddled, it was “Yes… and…”. I said: No, I want to make sure that we use the time we have in Toronto make sure we listen to everybody to make sure before I commit any party — any party — to anything, that this party is very much part of the process and part of the solution.

I know I wasn’t the only person in the room to wonder if the anecdote described an incident in which an ICANN executive attempted to pull a fast one on his new, green boss.

A day later, after private discussion with ICANN board and staff, supporters of the community TMCH model told me they were very encouraged that the live query model was still in play.

The problem they still face, however, is that the Intellectual Property Constituency — ostensibly representing the key customers of the TMCH — is publicly still on the fence about which model it prefers.

Without backing from the IPC, any TMCH implementation model would run the risk of appearing to serve contracted parties’ cost and risk requirements at the expense of brand owners.

Getting the IPC to at least take a view will likely be Chehadé’s first priority when it comes to the TMCH.

Finding common ground on the Registrar Accreditation Agreement could be an even more complex task.

While the bulk of the work — integrating requests from certain law enforcement agencies and the Governmental Advisory Committee into the contract — has been completed, Whois remains a challenge.

European registrars claim, in the light of correspondence from a EU privacy watchdogs, that implementing ICANN’s demanded Whois data re-verification and retention rules would make them break the law.

Registrars elsewhere in the world are less than impressed with ICANN’s proposed ‘opt-out’ solution, which would essentially create a two-tier RAA and may, they say, have some impact on competition.

Privacy advocates in Toronto told ICANN that if certain governments (largely, I suspect, the US) want their own local registrars to retain and re-verify Whois data, they should pass laws to that effect, rather than asking ICANN to enforce the rule globally.

The GAC told ICANN’s board of directors last Tuesday that the privacy letters emerging from the EU did not represent the views of the European Commission or the GAC, and nothing more was said on the matter.

How ICANN reacts to the European letters now seems to be rest with ICANN’s executive negotiating team.

While everyone at ICANN 45 seemed to be super-impressed by Chehadé’s competence and vision for sorting out ICANN, the other recurring meme is that actions speak louder than words.

During his first 40 days in the job he managed to persuade India into an about-face on its support for an intergovernmental replacement for ICANN, an impressive feat.

Can he chalk up more early wins by helping resolve the TMCH and RAA deadlocks?

“There’s frankly universal agreement that if I participate personally in these activities I would help these activities come to hopefully a reasonably conclusion that we can bank on,” he said in the White interview.

EU plays down “unlawful” Whois data worries

Kevin Murphy, October 17, 2012, Domain Policy

The European Commission yesterday gave short shrift to recent claims that ICANN’s proposed Whois data retention requirements would be “unlawful” in the EU.

A recent letter from the Article 29 Working Party — an EU data protection watchdog — had said that the next version of the Registrar Accreditation Agreement may force EU registrars to break the law.

The concerns were later echoed by the Council of Europe.

But the EC stressed at a session between the ICANN board of directors and Governmental Advisory Committee yesterday that Article 29 does not represent the official EU position.

That’s despite the fact that the Article 29 group is made up of privacy commissioners from each EU state.

Asked about the letter, the EC’s GAC representative said:

Just to put everyone at ease, this is a formal advisory group concerning EU data privacy protection.

They’re there to give advice and they themselves, and we as well, are very clear that they are independent of the European Union. That gives you an idea that this is not an EU position as such but the position of the advisory committee.

The session then quickly moved on to other matters, dismaying privacy advocates in the room.

Milton Mueller of the Internet Governance Project tweeted:

By telling ICANN that it can ignore Art 29 WG opinion on privacy, European commission is telling ICANN it can ignore their national DP [data privacy] laws

Registrars hopeful that the Article 29 letter would put another nail into the coffin of some of ICANN’s more unpalatable and costly RAA demands also expressed dismay.

ICANN’s current position, based on input from law enforcement and the GAC, is that the RAA should contain new more stringent requirements on Whois data retention and verification.

It proposes an opt-out process for registrars that believe these requirements would put them in violation of local law.

But registrars from outside the EU say this would create a two-tier RAA, which they find unacceptable.

With apparently no easy compromise in sight the RAA negotiations, originally slated to be wrapped up in the first half of this year, look set to continue for many weeks or months to come.