Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
ICANN asks: just what the hell is Whois for anyway?
It’s back to basics time at ICANN, with the launch today of a massive effort to take a fresh look at Whois.
This could be a biggie.
“We’re going to go back to the fundamentals and ask: what problems are being addressed by Whois, who’s using it and what are they using it for?” ICANN chair Steve Crocker told DI.
The ICANN board of directors earlier this month passed a resolution, published today, that calls for:
a new effort to redefine the purpose of collecting, maintaining and providing access to gTLD registration data, and consider safeguards for protecting data, as a foundation for new gTLD policy and contractual negotiations
This is bare-bones, fundamental stuff, likely to encompass pretty much every controversial issue to hit Whois over the years.
Crocker noted that the use of Whois, originally designed to help people locate the operators of large multi-user computing services, has changed over the years.
Is Whois now there to help law enforcement track down crooks? Is it there to help intellectual property owners enforce their rights? Should it help domainers verify who they’re transacting with?
Should published Whois records always be complete and accurate? Is there a right to privacy in Whois?
These are the some of the big questions that ICANN has tried and failed to grapple with over the last decade, and Crocker said that now is the time to answer them.
“My own feeling is that this must not suffer from the endless delays it has in the past, but at the same time it’s essential that we get it right rather than get it done quickly,” he said.
The new board resolution didn’t appear of thin air, however.
It’s a response to the recommendations of the Whois Policy Review Team, which earlier this year called for ICANN to make a Whois a strategic priority.
The review team itself was set up to comply with ICANN’s Affirmation of Commitments with the US Department of Commerce, one of ICANN’s core documents and part of the basis of its legitimacy.
But the AoC may presuppose certain outcomes of any root-and-branch Whois reform, calling as it does for a Whois policy that “meets the legitimate needs of law enforcement and promotes consumer trust”.
Crocker said that doesn’t necessarily rule out a big rethink about the way Whois data is accessed.
“Today, all of the information in Whois is published for the public,” he said. “Anyone can get at it, it doesn’t matter if you’re competitor or friend or law enforcement, you can get access.”
“A point of discussion could be: would it make sense to make different levels of access to information available to different people?” he added.
As an analogy, he pointed to car license plates. If you’re a cop and you see a suspicious vehicle you can trace the owner, but if you’ve just taken a fancy to the driver it’s harder to get their number.
Crocker noted that he’s not presupposing any outcomes of the review.
As well as calling for the review, the board’s latest resolution also calls for existing Whois rules, such as they are, to continue to be strictly adhered to. The resolution:
directs the CEO to continue to fully enforce existing consensus policy and contractual conditions relating to the collection, access and accuracy of gTLD registration data
This second prong of the approach is no doubt designed in part to remind contracted parties that just because Whois is open for review it doesn’t mean they can start ignoring compliance notices.
However, it’s going to be interesting to see how Whois reform plays into open discussions such as the renegotiation of the Registrar Accreditation Agreement.
The big stumbling blocks in the RAA talks right now relate directly to Whois verification, so registrars might be able to start arguing that agreeing to ICANN’s demands might preempt the review.
But Crocker doesn’t think that should happen.
“An examination of the fundamentals of Whois should not serve as as way of stalling or pulling back on the current system,” he said.
It’s not entirely clear what the next steps are for the Whois review.
There will be a board-mandated GNSO Policy Development Process somewhere down the line, but not until CEO Fadi Chehade has conducted some kind of outreach and information-gathering, it seems.
How long this will take is not known, but I get the impression the board wants to move relatively quickly. The PDP, I would guess, will take a couple of years at least.
Chehade said in his opening address during the Toronto meeting last month that long-standing disagreements over the purpose of Whois should be relatively “easy” to resolve.
Let’s see if he’s correct. I wouldn’t put money on it.
Chehade sets out 12-point plan for next six months
ICANN CEO Fadi Chehade has set out his goals for ICANN over the next six months in an open letter to the community.
The ambitious 12-point to-do list includes finishing off the next Registrar Accreditation Agreement, finalizing the Trademark Clearinghouse, and launching “a community effort” to address the Whois debate.
The document was described by Chehade at the close of the Toronto meeting last month as his “scorecard” for “what I plan to prioritize and do between now and Beijing”.
The next big ICANN meeting is in Beijing next April.
The letter states that “operational excellence”, something the organization was frequently criticized for its lack of under its previous leadership, is ICANN’s “highest priority”.
The new gTLD program is naturally a big part of that. Chehade said that ICANN plans to:
Deliver on every aspect of the new gTLD program launch next year, meeting obligations and securing the necessary resources and personnel to lead the transition from what has been a policy-driven effort to implementation of a responsive and reliable operation. As a first step, we are working to advance the dialogue on implementation of the Trademark Clearing House. We must also execute the prioritization draw, evaluations, and pre-delegation tests flawlessly.
As part of that effort, a new gTLD services department will be created. Part of its task will be to monitor policy work to make sure the policies being created are “implementable”.
Chehade said that the divisive Whois issue, which he controversially referred to as an “easy” problem to solve during remarks in Toronto, will be subject to a new review:
To strengthen our commitment to the public interest, we will launch a community effort addressing the WHOIS debate in a strategic way, to resolve the longstanding open items in this area.
On the RAA, Chehade said that ICANN “will plan to reach consensus on a solid and enforceable Registrar Accreditation Agreement that is fair and balanced.”
The full letter, which also sets out goals for internationalization and the evolution of the multi-stakeholder model, can be downloaded here.
EU plays down “unlawful” Whois data worries
The European Commission yesterday gave short shrift to recent claims that ICANN’s proposed Whois data retention requirements would be “unlawful” in the EU.
A recent letter from the Article 29 Working Party — an EU data protection watchdog — had said that the next version of the Registrar Accreditation Agreement may force EU registrars to break the law.
The concerns were later echoed by the Council of Europe.
But the EC stressed at a session between the ICANN board of directors and Governmental Advisory Committee yesterday that Article 29 does not represent the official EU position.
That’s despite the fact that the Article 29 group is made up of privacy commissioners from each EU state.
Asked about the letter, the EC’s GAC representative said:
Just to put everyone at ease, this is a formal advisory group concerning EU data privacy protection.
…
They’re there to give advice and they themselves, and we as well, are very clear that they are independent of the European Union. That gives you an idea that this is not an EU position as such but the position of the advisory committee.
The session then quickly moved on to other matters, dismaying privacy advocates in the room.
Milton Mueller of the Internet Governance Project tweeted:
By telling ICANN that it can ignore Art 29 WG opinion on privacy, European commission is telling ICANN it can ignore their national DP [data privacy] laws
Registrars hopeful that the Article 29 letter would put another nail into the coffin of some of ICANN’s more unpalatable and costly RAA demands also expressed dismay.
ICANN’s current position, based on input from law enforcement and the GAC, is that the RAA should contain new more stringent requirements on Whois data retention and verification.
It proposes an opt-out process for registrars that believe these requirements would put them in violation of local law.
But registrars from outside the EU say this would create a two-tier RAA, which they find unacceptable.
With apparently no easy compromise in sight the RAA negotiations, originally slated to be wrapped up in the first half of this year, look set to continue for many weeks or months to come.
Council of Europe has Whois privacy concerns too
The Council of Europe has expressed concern about the privacy ramifications of ICANN’s proposed changes to Whois requirements in the Registrar Accreditation Agreement.
In a letter this week (pdf), the Bureau of the Consultative Committee of the Convention for the Protection of Individuals with regard to Personal Data (T-PD) said:
The Bureau of the T-PD took note of the position of the Article 29 Data Protection Working Parking in its comments of 26 September 2012 on the data protection impact of the revision of these arrangements concerning accuracy and data retention of the WHOIS data and fully shares the concern raised.
The Bureau of the T-PD is convinced of the importance of ensuring that appropriate consideration be given in the ICANN context to the relevant European and international privacy standards
The letter was sent in response to outreach from ICANN’s Non-Commercial Users Constituency.
The Article 29 letter referenced said that EU registrars risked breaking the law if they implemented ICANN’s proposed data retention requirements.
Earlier today, we reported on ICANN’s response, which proposes an opt-out for registrars based in the EU, but we noted that registrars elsewhere are unlikely to dig a two-tier RAA.
ICANN says EU registrars could be exempt from stringent new Whois rules
Registrars based in the European Union could be let off the hook when it comes to the Whois verification requirements currently under discussion at ICANN.
That’s according to ICANN CEO Fadi Chehade, who this week responded to privacy concerns expressed by the Article 29 Working Party, a EU-based quasi-governmental privacy watchdog.
The Working Party said last month that if ICANN forced EU registrars to re-verify customer data and store it for longer than necessary, they would risk breaking EU privacy law.
Those are two of the many amendments to the standard Registrar Accreditation Agreement that ICANN — at the request of governments and law enforcement — is currently pushing for.
In reply, Chehade noted that ICANN currently plans to give registrars an opt-out:
ICANN proposes to adapt the current ICANN Procedures for Handling Whois Conflicts with Privacy Law, to enable registrars to seek an exempton from these new RAA WHOIS and data protection obligations in the even that the obligations would cause registrars to violate their local laws and regulations.
He also said that the Governmental Advisory Committee has “endorsed” the provisions at question, and encouraged the Working Party to work via the GAC to have its views heard.
I understand that registrars based in the US and elsewhere would not respond favorably to what would essentially amount to a two-tier RAA.
Some of the RAA changes would have cost implications, so there’s an argument that to exempt some registrars and not others would create an un-level competitive playing field.
The Article 29 Working Party is an advisory body, independent of the European Union, comprising one representative from the data privacy watchdogs in each EU state.
Some GAC representatives said during the ICANN meeting in Prague this June that they had already factored privacy concerns into their support for the RAA talks.
It’s going to interesting to see how both registrars and the GAC react to the Article 29 developments at the Toronto meeting, which begins this weekend.
European privacy watchdog says ICANN’s Whois demands are “unlawful”
European Union privacy officials have told ICANN that it risks forcing registrars to break the law by placing “excessive” demands on Whois accuracy.
In a letter to ICANN yesterday, the Article 29 Working Party said that two key areas in the proposed next version of the Registrar Accreditation Agreement are problematic.
It’s bothered by ICANN’s attempt to make registrars retain data about their customers for up to two years after registration, and by the idea that registrars should re-verify contact data every year.
These were among the requests made by law enforcement, backed up by the Governmental Advisory Committee, that ICANN has been trying to negotiate into the RAA for almost a year.
The letter (pdf) reads:
The Working Party finds the proposed new requirement to re-verify both the telephone number and the e-mail address and publish these contact details in the publicly accessible WHOIS database excessive and therefore unlawful. Because ICANN is not addressing the root of the problem, the proposed solution is a disproportionate infringement of the right to protection of personal data.
The “root cause” points to a much deeper concern the Working Party has.
Whois was designed to help people find technical and operational contacts for domain names, it argues. Just because it has other uses — such as tracking down bad guys — that doesn’t excuse infringing on privacy.
The problem of inaccurate contact details in the WHOIS database cannot be solved without addressing the root of the problem: the unlimited public accessibility of private contact details in the WHOIS database.
It’s good news for registrars that were worried about the cost implications of implementing a new, more stringent RAA.
But it’s possible that ICANN will impose the new requirements anyway, giving European registrars an opt-out in order to comply with local laws.
The letter is potentially embarrassing for the GAC, which seemed to take offense at the Prague meeting this June when it was suggested that law enforcement’s recommendations were not being balanced with the views of privacy watchdogs.
During a June 26 session between the GAC and the ICANN board, Australia’s GAC rep said:
I don’t come here as an advocate for law enforcement only. I come here with an Australian government position, and the Australian government has privacy laws. So you can be sure that from a GAC point of view or certainly from my point of view that in my positions, those two issues have been balanced.
That view was echoed during the same session by the European Commission and the US and came across generally like a common GAC position.
The Article 29 Working Party is an advisory body set up by the EU in 1995. It’s independent of the Commission, but it comprises one representative from the data privacy watchdogs in each EU state.
Identity checks coming to Whois
Pretty soon, if you want to register a domain name in a gTLD you’ll have to verify your email address and/or phone number or risk having your domain turned off.
That’s the latest to come out of talks between registrars, ICANN, governments and law enforcement agencies, which met last week in Washington DC to thrash out a new Registrar Accreditation Agreement.
While a new draft RAA has not yet been published, ICANN has reported some significant breakthroughs since the Prague meeting in June.
Notably, the registrars have agreed for the first time to do some minimal registrant identity checks — phone number and/or email address — at the point of registration.
Verification of mailing addresses and other data points — feared by registrars for massively adding to the cost of registrations — appears to be no longer under discussion.
The registrars have also managed to win another concession: newly registered domain names will be able to go live before identities have been verified, rather than only after.
The sticking point is in the “and/or”. Registrars think they should be able to choose which check to carry out, while ICANN and law enforcement negotiators think they should do both.
According to a memo released for discussion by ICANN last night:
It is our current understanding that law enforcement representatives are willing to accept post-‐resolution verification of registrant Whois data, with a requirement to suspend the registration if verification is not successful within a specified time period. However, law enforcement recommends that if registrant Whois data is verified after the domain name resolves (as opposed to before), two points of data (a phone number and an email address) should be verified.
Among the other big changes is an agreement by registrars to an ICANN-run Whois privacy service accreditation system. Work is already underway on an accreditation framework.
After it launches, registrars will only be able to accept private registrations made via accredited privacy and proxy services.
Registrars have also agreed to some of law enforcement’s data retention demands, which has been a bone of contention due to worries about varying national privacy laws.
Under the new RAA, they would keep some registrant transaction data for six months after a domain is registered and other data for two years. It’s not yet clear which data falls into which category.
These and other issues outlined in ICANN’s latest update are expected to be talking points in Toronto next month.
It looks like a lot of progress has been made since Prague — no doubt helped by the fact that law enforcement has actually been at the table — and I’d be surprised if we don’t see a draft RAA by Beijing next April.
How long it takes to be adopted ICANN’s hundreds of accredited registrars is another matter.
How Uniregistry wants to make Whois “two-way”
If someone uses a Whois database to look up personal information such as your home address and phone number, wouldn’t it be nice to know a little something about them, too?
That’s the philosophy behind one of Uniregistry’s more interesting new gTLD policies, according to Frank Schilling, founder of the new new gTLD portfolio applicant.
Uniregistry has applied for dozens of gTLDs and says it has a “registrant-centered” outlook that extends to the mandatory thick Whois databases.
If its gTLDs are approved, the company will record the IP addresses of people doing Whois queries and make the records available to its registrants, Schilling said.
He suggested that Whois users may have to give up more info about themselves, in certain cases, too.
“To get certain pieces of information, you’ll have to agree to share some information about yourself,” Schilling said in an interview with DI yesterday.
Registrants would be able to view archived data about who’s been looking them up, which could help them during subsequent legal disputes about names, or during sales negotiations.
For domainers, this could be handy. Imagine you own the domain soft.drink and you receive a low-ball offer from a random stranger you suspect might be a proxy for a large corporation. Wouldn’t it be nice to know Coca-Cola has recently been checking out your Whois?
It’s going to be interesting to see how IP interests and law enforcement agencies – the two ICANN lobbies most deeply invested in Whois accuracy – react to Uniregistry turning the tables.
Newbie domain registrant discovers Whois, has Twitter meltdown
The need for the domain name industry to enforce accurate Whois is often cited by law enforcement and intellectual property interests as a consumer protection measure.
But most regular internet users haven’t got a clue that Whois even exists, let alone what data it contains or how to use it.
A study (pdf) carried out for ICANN’s Whois Review Team last year found that only 24% of consumers know what Whois is.
This stream of tweets I chanced across this afternoon, from what appears to be a first-time domain registrant, is probably more representative of consumer attitudes to Whois.
UPDATE (April 27): I’ve removed the tweets per the request of the Twitter user in question.
Big Content issues gTLD lock-down demands
Twenty members of the movie, music and games businesses have asked ICANN to impose strict anti-piracy rules on new top-level domains related to their industries.
In a position statement, “New gTLDs Targeting Creative Sectors: Enhanced Safeguards”, the groups say that such gTLDs are “fraught with serious risks” and should be controlled more rigorously than other gTLDs.
“If new gTLDs targeted to these sectors – e.g., .music, .movies, .games – are launched without adequate safeguards, they could become havens for continued and increased criminal and illegal activity,” the statement says.
It goes on to make seven demands for regulations covering Whois accuracy, enforced anti-piracy policies, and private requests for domain name take-downs.
The group also says that the content industries should be guaranteed “a seat at the table” when these new gTLD registries make their policies.
The statement is directed to ICANN, but it also appears to address the Governmental Advisory Committee, which has powers to object to new gTLD applications:
In evaluating applications for such content-focused gTLDs, ICANN must require registry operators (and the registrars with whom they contract) to implement enhanced safeguards to reduce these serious risks, while maximizing the potential benefits of such new domains.
Governments should use similar criteria in the exercise of their capability to issue Early Warnings, under the ICANN-approved process, with regard to new gTLD applications that are problematic from a public policy or security perspective.
The statement was sent to ICANN by the Coalition for Online Accountability, which counts the American Society of Composers, Authors and Publishers, the Motion Picture Association of America, the Recording Industry Association of America and Disney among its members.
It was separately signed by the many of the same groups that are supporting Far Further’s .music application, including the American Association for Independent Music and the International Federation of the Phonographic Industry.
Recent Comments