Latest news of the domain name industry

Recent Posts

Registrars want six-month stay on new Whois policy

Registrars representing the majority of the gTLD industry want ICANN to withhold the ban hammer for six months on its new temporary Whois policy.

As I reported earlier today, ICANN has formally approved an unprecedented Temporary Policy that seeks to bring the Whois provisions of its contracts into compliance with the EU’s General Data Protection Regulation.

It comes into effect next Friday, May 25, but it contains a fair few items that will likely take longer for registrars to implement.

While ICANN’s top lawyer has indicated that ICANN Compliance will act as reasonably as possible about enforcing the new policy, registrars want a moratorium of at least six months.

In a letter (pdf) dated May 16 (before the policy was voted through, but while its contents were broadly known), Registrar Stakeholder Group chair Graeme Bunton wrote:

Any temporary specification adopted now that significantly deviates from previously held expectations and models will be far too late for us to accommodate for a May 25, 2018 implementation date.

For this reason, we ask that any temporary specification include a formal ICANN compliance moratorium, not shorter than six (6) months, providing us an opportunity to conform, to the extent possible, our GDPR implementation with the GDPR-compliant aspects of any ICANN temporary specification

He added that some registrars may need even more time, so they should have the right ask for an extension if necessary.

The letter is signed by Endurance, GoDaddy, Tucows, Blacknight, 1&1, United Domains, NetEarth One and Cloudflare, which together account for most gTLD domains.

Is ICANN still over-estimating revenue from “stagnating” gTLD industry?

Kevin Murphy, March 11, 2018, Domain Policy

ICANN may have slashed millions from its revenue estimate for next year, but it has not slashed deeply enough, according to registrars and others.

Industry growth is flat, and below even ICANN’s “worst case” expectations for the fiscal year starting July 1, registrars told the organization in comments filed on its FY19 budget last week.

The Registrars Stakeholder Group said that “the FY 2019 budget fails to recognize that overall industry growth is flat.”

ICANN’s budget foresees FY19 revenue of $138 million, up $3.5 million on the projected result for FY18.

“These revenue projections presume growth in the domain market that is not aligned with industry expectations,” the RrSG said, pointing to sources such as Verisign’s Domain Name Industry Brief, which calculated 1% industry growth last year.

ICANN’s predictions are based on previous performance and fail to take into account historical “one-time events”, such as the Chinese domain speculation boom of a couple years ago, that probably won’t be repeated, RrSG said.

RrSG also expects the number of accredited registrars to decrease due to industry consolidation and drop-catching registrars reducing their stables of shell accreditations.

(I’ll note here that Web.com has added half a dozen drop-catchers to its portfolio in just the last few weeks, but this goes against the grain of recent trends and may be an aberration.)

RrSG said ICANN’s budget should account for reduced or flat accreditation fee revenue (which as far as I can tell it already does).

The comment, which can be read in full here, concludes:

Taken together, these concerns represent a disconnect between ICANN funding projections, and the revenue expectations of Registrars (and presumably, gTLD Registries) from which these funds are derived. In our view, ICANN’s assessment of budgetary “risks” are too optimistic , and actual performance for FY19 will be significant lower.

For what it’s worth, the Registries Stakeholder Group had this to say about ICANN’s revenue estimates:

Reliable forecasts, characterised by their scrutiny and realism, are fundamental to put together a realistic budget and to avoid unpleasant surprises, such as the shortage ICANN is experiencing in the current fiscal year. The RySG advises ICANN to continue to conduct checks on its forecasts and to re-evaluate the methodology used to predict its income in order to prevent another funding shortfall such as that which the organization experienced in FY18.

Community calls on ICANN to cut staff spending

Kevin Murphy, March 11, 2018, Domain Policy

ICANN should look internally to cut costs before swinging the scythe at the volunteer community.

That’s a key theme to emerge from many comments filed by the community last week on ICANN’s fiscal 2019 budget, which sees spending on staff increase even as revenue stagnates and cuts are made in other key areas.

ICANN said in January that it would have to cut $5 million from its budget for the year beginning July 1, 2018, largely due to a massive downwards revision in how many new gTLD domains it expects the industry to process.

At the same time, the organization said it will increase its payroll by $7.3 million, up to $76.8 million, with headcount swelling to 425 by the end of the fiscal year and staff receiving on average a 2% pay rise.

In comments filed on the budget, many community members questioned whether this growth can be justified.

Among the most diplomatic objections came from the GNSO Council, which said:

In principle, the GNSO Council believes that growth of staff numbers should only occur under explicit justification and replacements due to staff attrition should always occur with tight scrutiny; especially in times of stagnate funding levels.

The Council added that it is not convinced that the proposed budget funds the policy work it needs to do over the coming year.

The Registrars Stakeholder Group noted the increased headcount with concern and said:

Given the overall industry environment where organizations are being asked to do more with less, we are not convinced these additional positions are needed… The RrSG is not yet calling for cuts to ICANN Staff, we believe the organization should strive to maintain headcount at FY17 Actual year-end levels.

The RrSG shared the GNSO Council’s concern that policy work, ICANN’s raison d’etre, may suffer under the proposed budget.

The At-Large Advisory Committee said it “does not support the direction taken in this budget”, adding:

Specifically we see an increase in staff headcount and personnel costs while services to the community have been brutally cut. ICANN’s credibility rests upon the multistakeholder model, and cuts that jeopardize that model should not be made unless there are no alternatives and without due recognition of the impact.

Staff increases may well be justified, but we must do so we a real regard to costs and benefits, and these must be effectively communicated to the community

ALAC is concerned that the budget appears to cut funding to many projects that see ICANN reach out to, and fund participation by, non-industry potential community members.

Calling for “fiscal prudence”, the Intellectual Property Constituency said it “encourages ICANN to take a hard look at personnel costs and the use of outside professional services consultants.”

The IPC is also worried that ICANN may have underestimated the costs of its contractual compliance programs.

The Non-Commercial Stakeholders Group had some strong words:

The organisation’s headcount, and personnel costs, cannot continue to grow. We feel strongly that the proposal to grow headcount by 25 [Full-Time Employees] to 425 FTE in a year where revenue has stagnated cannot be justified.

With 73% of the overall budget now being spent on staff and professional services, there is an urgent need to see this spend decrease over time… there is a need to stop the growth in the size of the staff, and to review staff salaries, bonuses, and fringe benefits.

NCSG added that ICANN could perhaps reduce costs by relocating some positions from its high-cost Los Angeles headquarters to the “global south”, where the cost of living is more modest.

The ccNSO Strategic and Operational Planning Standing Committee was the only commentator, that I could find, to straight-up call for a freeze in staff pay rises. While also suggesting moving staff to less costly parts of the globe, it said:

The SOPC – as well as many other community stakeholders – seem to agree that ICANN staff are paid well enough, and sometimes even above market average. Considering the current DNS industry trends and forecasts, tougher action to further limit or even abolish the annual rise in compensation would send a strong positive signal to the community.

It’s been suggested that, when asked to find areas to cut, ICANN department heads prioritized retaining their own staff, which is why we’re seeing mainly cuts to community funding.

I’ve only summarized the comments filed by formal ICANN structures here. Other individuals and organizations filing comments in their own capacity expressed similar views.

I was unable to find a comment explicitly supporting increased staffing costs. Some groups, such as the Registries Stakeholder Group, did not address the issue directly.

While each commentator has their own reasons for wanting to protect the corner of the budget they tap into most often, it’s a rare moment when every segment of the community (commercial and non-commercial, domain industry and IP interests) seem to be on pretty much the same page on an issue.

Amsterdam refuses to publish Whois records as GDPR row escalates

Kevin Murphy, October 23, 2017, Domain Policy

Two Dutch geo-gTLDs are refusing to provide public access to Whois records in what could be a sign of things to come for the whole industry under new European privacy law.

Both .amsterdam and .frl appear to be automatically applying privacy to registrant data and say they will only provide full Whois access to vetted individuals such as law enforcement officials.

ICANN has evidently slapped a breach notice on both registries, which are now complaining that the Whois provisions in their Registry Agreements are “null and void” under Dutch and European Union law.

FRLregistry and dotAmsterdam, based in the Netherlands, are the registries concerned. They’re basically under the same management and affiliated with the local registrar Mijndomein.

dotAmsterdam operates under the authority of the city government. .frl is an abbreviation of Friesland, a Dutch province.

Both companies’ official registry sites, which are virtually identical, do not offer links to Whois search. Instead, they offer a statement about their Whois privacy policy.

That policy states that Dutch and EU law “forbids that names, addresses, telephone numbers or e-mail addresses of Dutch private persons can be accessed and used freely over the internet by any person or organization”.

It goes on to state that any “private person” that registers a domain will have their private contact information replaced with a “privacy protected” message in Whois.

Legal entities such as companies do not count as “private persons”.

Under the standard ICANN Registry Agreement, all new gTLDs are obliged to provide public Whois access under section 2.5. According to correspondence from the lawyer for both .frl and .amsterdam, published by ICANN, the two registries have been told they are in breach.

It seems the breach notices have not yet escalated to the point at which ICANN publishes them on its web site. At least, they have not been published yet for some reason.

But the registries have lawyered up already, regardless.

A letter from Jetse Sprey of Versteeg Wigman Sprey to ICANN says that the registries are free to ignore section 2.5 of their RAs because it’s not compliant with the Dutch Data Protection Act and, perhaps more significantly, the EU General Data Protection Regulation.

The GDPR is perhaps the most pressing issue for ICANN at the moment.

It’s an EU law due to come into effect in May next year. It has the potential to completely rewrite the rules of Whois access for the entire industry, sidestepping the almost two decades of largely fruitless ICANN community discussions on the topic.

It covers any company that processes private data on EU citizens; breaching it can incur fines of up to €20 million or 4% of revenue, whichever is higher.

One of its key controversies is the idea that citizens should have the right to “consent” to their personal data being processed and that this consent cannot be “bundled” with access to the product or service on offer.

According to Sprey, because the Registry Agreement does not give registrants a way to register a domain without giving their consent to their Whois details being published, it violates the GDPR. Therefore, his clients are allowed to ignore that part of the RA.

These two gTLDs are the first I’m aware of to openly challenge ICANN so directly, but GDPR is a fiercely hot topic in the industry right now.

During a recent webinar, ICANN CEO Goran Marby expressed frustration that GDPR seems to have come about — under the watch of previous CEOs — without any input from the ICANN community, consideration in the EU legislative process of how it would affect Whois, or even any discussion within ICANN’s own Governmental Advisory Committee.

“We are seeing an increasing potential risk that the incoming GDPR regulation will mean a limited WHOIS system,” he said October 4. “We appreciate that for registers and registers, this regulation would impact how you will do your business going forward.”

ICANN has engaged EU legal experts and has reached out to data commissioners in the 28 EU member states for guidance, but Marby pointed out that full clarity on how GDPR affects the domain industry could be years away.

It seems possible there would have to be test cases, which could take five years or more, in affected EU states, he suggested.

ICANN is also engaging with the community in its attempt to figure out what to do about GDPR. One project has seen it attempt to gather Whois use cases from interested parties. Long-running community working groups are also looking at the issue.

But the domain industry has accused ICANN the organization of not doing enough fast enough.

Paul Diaz and Graeme Bunton, chairs of the Registries Stakeholder Group and Registrars Stakeholder Group respectively, have recently escalated the complaints over ICANN’s perceived inaction.

They told Marby in a letter that they need to have a solution in place in the next 60 days in order to give them time to implement it before the May 2018 GDPR deadline.

Complaining that ICANN is moving too slowly, the October 13 letter states:

The simple fact is that the requirements under GDPR and the requirements in our contracts with ICANN to collect, retain, display, and transfer personal data stand in conflict with each other.

GDPR presents a clear and present contractual compliance problem that must be resolved, regardless of whether new policy should be developed or existing policy adjusted. We simply cannot afford to wait any longer to start tackling this problem head-on.

For registries and registrars, the lack of clarity and the risk of breach notices are not the only problem. Many registrars make a bunch of cash out of privacy services; that may no longer be as viable a business if privacy for individuals is baked into the rules.

Other interests, such as the Intellectual Property Constituency (in favor of its own members’ continued access to Whois) and non-commercial users (in favor of a fundamental right to privacy) are also complaining that their voices are not being heard clearly enough.

The GDPR issue is likely to be one of the liveliest sources of discussion at ICANN 60, the public meeting that kicks off in Abu Dhabi this weekend.

UPDATE: This post was updated October 25 to add a sentence clarifying that companies are not “private persons”.

Pilot program for Whois killer launches

Kevin Murphy, September 7, 2017, Domain Tech

ICANN is to oversee a set of pilot programs for RDAP, the protocol expected to eventually replace Whois.

Registration Data Access Protocol, an IETF standard since 2015, fills the same function as Whois, but it is more structured and enables access control rules.

ICANN said this week that it has launched the pilot in response to a request last month from the Registries Stakeholder Group and Registrars Stakeholder Group. It said on its web site:

The goal of this pilot program is to develop a baseline profile (or profiles) to guide implementation, establish an implementation target date, and develop a plan for the implementation of a production RDAP service.

Participation will be voluntary by registries and registrars. It appears that ICANN is merely coordinating the program, which will see registrars and registrars offer their own individual pilots.

So far, no registries or registrars have notified ICANN of their own pilots, but the program is just a few days old.

It is expected that the pilots will allow registrars and registries to experiment with different types of profiles (how the data is presented) and extensions before ICANN settles on a standard, contractually enforced format.

Under RDAP, ICANN/IANA acts as a “bootstrapping” service, maintaining a list of RDAP servers and making it easier to discover which entity is authoritative for which domain name.

RDAP is basically Whois, but it’s based on HTTP/S and JSON, making it easier to for software to parse and easier to compare records between TLDs and registrars.

It also allows non-Latin scripts to be more easily used, allowing internationalized registration data.

Perhaps most controversially, it is also expected to allow differentiated access control.

This means in future, depending on what policies the ICANN community puts in place, millions of current Whois users could find themselves with access to fewer data elements than they do today.

The ICANN pilot will run until July 31, 2018.

  • Page 1 of 2
  • 1
  • 2
  • >