Nominet has resurrected Direct.uk, its plan to allow people to register domain names directly under .uk.
But the proposal, which was killed off in February, has been significantly revised in response to complaints from domain investors and others.
The idea is one of a collection being announced by Nominet this afternoon.
It’s also proposing to shake up how it accredits .uk registrars and, borrowing a page from the current ICANN playbook, how .uk registrant Whois information is verified.
Second-level domains make a comeback
If the Direct.uk proposal is approved and you own a .co.uk, .me.uk or .org.uk domain name, you’ll get rights to the matching .uk name, according to Nominet COO Eleanor Bradley.
“The registrant of oldest current domain name at the third level will have first right of refusal to register that name at the second level,” she said.
When a .uk is contested by, for example, the owners of matching .co.uk and .org.uk domains, the older registration would win the name.
The clock on registration period is reset to the date of the current registration if the domain has ever dropped before, but not if it’s been transferred between registrants, she said.
This change may settle some of the concerns emerging from the domain investor community, which was outraged by Nominet’s original plan to give trademark holders first rights to .uk names.
Giving the .uk and .co.uk to different people would stand to confuse internet users, they said, not to mention devaluing their portfolios.
It wasn’t just domainers that stood to lose out under the old plan, however.
British domainer Edwin Hayward compiled a some examples of big brands that have invested in generic .co.uk domains but do not own matching trademarks, meaning they would not necessary get the second-level.
Barclays owns bank.co.uk and Kellogg owns breakfast.co.uk, for examples. Under the new Nominet proposal, it looks like these companies would get first dibs on the matching .uk addresses.
“We feel we’re responding to the feedback we heard, but it’s also our strong view that registrations at the second level are really important for what we do to maintain the relevance of .uk going forward,” Bradley said.
Plans to ramp up Whois verification
The revamped plan will also see Nominet drop its demands for mandatory extra security features under second-level .uk names.
Some critics had said that this would ghettoize .co.uk by suggesting it’s not secure.
Instead, the company is proposing blanket Whois verification for the whole of .uk — second and third-level — and a suite of optional security services to be provided in-house and via partners.
The Whois checks will take the form of email verification, in much the same way as ICANN has proposed for gTLDs in its new Registrar Accreditation agreement.
Nominet also plans to check physical mailing addresses against public databases to make sure they’re genuine. This apparently already happens to an extent.
Three tiers of registrar
The company today also unveiled plans for three types of registrar: Self-Managed, Channel Partner and Accredited Channel Partner.
Self-Managed would be domainers and big corporate users that manage their own portfolios. Channel Partners would be the vanilla registrars we know today, and Accredited would have been certified as having a certain level of security and Whois quality, among other things.
Existing registrars could do nothing and become Channel Partners, or migrate to one of the other two tiers, Bradley said.
Those in the Self-Managed and Accredited tiers would get free inter-registrant transfers, she said. Accredited registrars would also be trusted to handle their own Whois verification.
The proposals are still currently proposals, but it sounds like Nominet is determined to get it right this time.
The Direct.uk consultation is not expected to be over until November, so we’re not likely to see any movement until next year.
Law enforcement agencies are not happy with the proposed 2013 Registrar Accreditation Agreement, saying it doesn’t go far enough to help them catch online bad guys.
Europol and the FBI told ICANN’s Governmental Advisory Committee yesterday that people need to have their full identities verified before they’re allowed to register domain names.
They added that new gTLDs shouldn’t be allowed to launch until a tougher RAA is agreed to and signed by registrars.
The draft 2013 RAA would force registrars to validate their customers’ email addresses or phone numbers after selling them a domain, but law enforcement thinks this is not enough.
“We need a bit more in this area,” Troels Oerting, head of Europol’s European Cybercrime Centre, told the GAC during a Sunday session. “We need a bit more to be verified in addition to the phone or email.”
“It’s very, very important that we are able to identify perpetrators able, to identify the originators, and it’s not enough that you just put in the email or phone,” he said.
He added that there should also be re-verification procedures and ongoing compliance monitoring from ICANN, and said that only registrars signing the 2013 RAA should be allowed to sell new gTLD domains.
Europol has sent a letter to ICANN (not yet published, it seems) outlining four areas it wants to see the RAA “improved”, Oerting said.
Given that many GAC members, including the US, seem to support this position, it’s yet another threat to ICANN’s new gTLD launch timetable, not to mention privacy and anonymous speech in general.
The law enforcement recommendations are not new, of course. They’ve been in play and GAC-endorsed for many years, but were watered down during ICANN’s RAA talks with registrars.
ICANN and domain name registrars will fail to agree on a new Registrar Accreditation Agreement by the end of the year, ICANN has admitted.
In a statement Friday, ICANN said that it will likely miss its end-of-year target for completing the RAA talks:
While the registrars and ICANN explored potential dates for negotiation in December 2012, both sides have agreed that between holidays, difficult travel schedules and the ICANN Prioritization Draw for New gTLDs, a December meeting is not feasible. Therefore, negotiations will resume in January 2013, and the anticipated date for publication of a draft RAA for community comment will be announced in January as well.
The sticking point appears to still be the recommendations for strengthening registrars’ Whois accuracy commitments, as requested by law enforcement agencies and governments.
At the Toronto meeting in October, progress appeared to have been made on all 12 of the LEA recommendations, but the nitty-gritty of the Whois verification asks had yet to be ironed out.
Potentially confusing matters, ICANN has launched a parallel root-and-branch Whois policy reform initiative, a community process which may come to starkly different conclusions to the RAA talks.
Before the LEA issues are settled, ICANN doesn’t want to start dealing with requests for RAA changes from the registrars themselves, which include items such as dumping their “burdensome” port 43 Whois obligations for gTLD registries that have thick Whois databases.
ICANN said Friday:
Both ICANN and the registrars have additional proposed changes which have not yet been negotiated. As previously discussed, it has been ICANN’s position that the negotiations on key topics within the law enforcement recommendations need to come to resolution prior to concluding negotiations on these additional areas.
Registrars agreed under duress to start renegotiating the RAA following a public berating from the Governmental Advisory Committee at the ICANN Dakar meeting October 2011.
At the time, the law enforcement demands had already been in play for two years with no substantial progress. Following Dakar, ICANN and the registrars said they planned to have a new RAA ready by March 2012.
Judging by the latest update, it seems quite likely that the new RAA will be a full year late.
ICANN has targeted the Beijing meeting in April next year for approval of the RAA. It’s one of the 12 targets Chehade set himself following Toronto.
Given that the draft agreement will need a 42-day public comment period first, talks are going to have to conclude before the end of February if there’s any hope of hitting that deadline.
ICANN has started the ball rolling on its potentially radical rethink of how Whois works with formation of a new “Expert Working Group” tasked with examining the issue.
As ICANN chair Steve Crocker told DI last month, this is the first stage of a root-and-branch reexamination of Whois databases, what they’re for, and how they’re accessed.
According to ICANN, which is referring to Whois as “gTLD registration data” presumably to avoid confusion with the Whois technical standard, the group will:
1) define the purpose of collecting and maintaining gTLD registration data, and consider how to safeguard the data, and
2) provide a proposed model for managing gTLD directory services that addresses related data accuracy and access issues, while taking into account safeguards for protecting data.
Whatever the new Expert Working Group on gTLD Directory Services comes up with between January and April next year will be punted to the Generic Names Supporting Organization for an ICANN board-mandated Policy Development Process.
The PDP could create policies binding on gTLD registries and registrars.
Jean-Francois Baril has been hand-picked to chair the group. He has no connection to the domain name industry but appears to have worked with ICANN CEO Fadi Chehade on the RosettaNet standards-setting project.
Crocker and fellow ICANN director Chris Disspain will also join the group.
ICANN wants volunteers to fill the other positions and it seems to be eager to find outsiders who do not already represent entrenched ICANN constituency positions, saying:
Volunteer working group members should: have significant operational knowledge and experience with WHOIS, registrant data, or directory services; be open to new ideas and willing to forge consensus; be able to think strategically and navigate conflicting views; have a record of fostering improvements and delivering results; have a desire to create a new model for gTLD directory services; and be able to volunteer approximately 12-20 hours a month during January – April 2013 to the working group.
Individuals who have worked extensively in the areas of registration data collection, access, accuracy, use, privacy, security, law enforcement, and standards and protocols are also encouraged to consider working group membership. As the working group will be a collection of experts, it is not expected to be comprised solely of representatives of current ICANN community interests. Although members may not come directly from ICANN structures, the working group will have a deep understanding of, and concern for, the ICANN communities’ interests.
Obviously law enforcement and intellectual property interests will be keen to make sure they’re amply represented in the group, as will registries/registrars and privacy advocates.
It’s back to basics time at ICANN, with the launch today of a massive effort to take a fresh look at Whois.
This could be a biggie.
“We’re going to go back to the fundamentals and ask: what problems are being addressed by Whois, who’s using it and what are they using it for?” ICANN chair Steve Crocker told DI.
The ICANN board of directors earlier this month passed a resolution, published today, that calls for:
a new effort to redefine the purpose of collecting, maintaining and providing access to gTLD registration data, and consider safeguards for protecting data, as a foundation for new gTLD policy and contractual negotiations
This is bare-bones, fundamental stuff, likely to encompass pretty much every controversial issue to hit Whois over the years.
Crocker noted that the use of Whois, originally designed to help people locate the operators of large multi-user computing services, has changed over the years.
Is Whois now there to help law enforcement track down crooks? Is it there to help intellectual property owners enforce their rights? Should it help domainers verify who they’re transacting with?
Should published Whois records always be complete and accurate? Is there a right to privacy in Whois?
These are the some of the big questions that ICANN has tried and failed to grapple with over the last decade, and Crocker said that now is the time to answer them.
“My own feeling is that this must not suffer from the endless delays it has in the past, but at the same time it’s essential that we get it right rather than get it done quickly,” he said.
The new board resolution didn’t appear of thin air, however.
It’s a response to the recommendations of the Whois Policy Review Team, which earlier this year called for ICANN to make a Whois a strategic priority.
The review team itself was set up to comply with ICANN’s Affirmation of Commitments with the US Department of Commerce, one of ICANN’s core documents and part of the basis of its legitimacy.
But the AoC may presuppose certain outcomes of any root-and-branch Whois reform, calling as it does for a Whois policy that “meets the legitimate needs of law enforcement and promotes consumer trust”.
Crocker said that doesn’t necessarily rule out a big rethink about the way Whois data is accessed.
“Today, all of the information in Whois is published for the public,” he said. “Anyone can get at it, it doesn’t matter if you’re competitor or friend or law enforcement, you can get access.”
“A point of discussion could be: would it make sense to make different levels of access to information available to different people?” he added.
As an analogy, he pointed to car license plates. If you’re a cop and you see a suspicious vehicle you can trace the owner, but if you’ve just taken a fancy to the driver it’s harder to get their number.
Crocker noted that he’s not presupposing any outcomes of the review.
As well as calling for the review, the board’s latest resolution also calls for existing Whois rules, such as they are, to continue to be strictly adhered to. The resolution:
directs the CEO to continue to fully enforce existing consensus policy and contractual conditions relating to the collection, access and accuracy of gTLD registration data
This second prong of the approach is no doubt designed in part to remind contracted parties that just because Whois is open for review it doesn’t mean they can start ignoring compliance notices.
However, it’s going to be interesting to see how Whois reform plays into open discussions such as the renegotiation of the Registrar Accreditation Agreement.
The big stumbling blocks in the RAA talks right now relate directly to Whois verification, so registrars might be able to start arguing that agreeing to ICANN’s demands might preempt the review.
But Crocker doesn’t think that should happen.
“An examination of the fundamentals of Whois should not serve as as way of stalling or pulling back on the current system,” he said.
It’s not entirely clear what the next steps are for the Whois review.
There will be a board-mandated GNSO Policy Development Process somewhere down the line, but not until CEO Fadi Chehade has conducted some kind of outreach and information-gathering, it seems.
How long this will take is not known, but I get the impression the board wants to move relatively quickly. The PDP, I would guess, will take a couple of years at least.
Chehade said in his opening address during the Toronto meeting last month that long-standing disagreements over the purpose of Whois should be relatively “easy” to resolve.
Let’s see if he’s correct. I wouldn’t put money on it.