GoDaddy’s next .xxx contract may not be a done deal
ICANN has published what could be the next version of GoDaddy’s .xxx registry contract, and is framing it as very much open to challenge.
The proposed Registry Agreement would scrap the “sponsored” designation from .xxx, substantially reduce GoDaddy’s ICANN fees, and implement the strictest child-protection measures of any gTLD, as well as make ICANN Compliance’s job a lot easier by standardizing terms on the new gTLD program’s Base RA.
But, as eager as ICANN usually is to shift legacy, pre-2012 gTLDs to the Base RA, this time it’s published the contract for public comment as if it’s something GoDaddy is unilaterally proposing.
It’s “ICM’s proposal”, according to ICANN’s public comment announcement, referring to GoDaddy subsidiary ICM Registry, and “ICM has requested to use the Base Registry Agreement form, as well as to remove the sponsorship designation of the .XXX TLD”.
This is not the language ICANN usually uses when it publishes RA renewals for public comment. Normally, the proposed contracts are presented as the result of bilateral negotiations. In this case, ICANN and ICM have been in renewal discussions for at least three years, but the contract is being presented as something GoDaddy alone has asked for.
The new RA would remove almost all references to sponsorship and to IFFOR, the pretty much toothless “sponsor” organization ICM created to get its .xxx application over the line under the rules of the Sponsored TLD application round that kicked off back in 2003.
Instead, it loads a bunch of Public Interest Commitments, aimed at replicating some of the safeguards IFFOR oversight was supposed to provide, into the Base RA.
GoDaddy would have to ban and proactively seek out and report child sexual abuse material. It would also prohibit practices that suggest the presence of CSAM, such as the inclusion of certain unspecified keywords in .xxx domains or in the corresponding web site’s content or meta-content.
(ICANN notes that these PICs may become unenforceable, depending on the outcome of current discussions about its ability to enforce content-related terms of its contracts).
GoDaddy and IFFOR have both submitted letters arguing that sponsorship is no longer required. The existence of sister gTLDs .adult, .sex, and .porn as unsponsored gTLDs, also in the GoDaddy Registry stable, proves the extra oversight is not needed, they say. Registrants polled do not object to the changes, they say.
GoDaddy’s cost structure would also change under the new deal. Not only would it save $100,000 a year by cutting off IFFOR, but it would also inherit the Base RA’s 50,000-domain threshold for paying ICANN transaction fees.
This likely means it won’t pay the $0.25 transaction fee for a while — .xxx was at about 47,500 domains under management and shrinking at the last count. It hasn’t reported DUM over 50,000 since January 2023.
While the renewal terms may seem pragmatic and not especially unreasonable, they’ve already received at least one public objection.
Consultant Michael Palage, who was on the ICANN board for the first three years of .xxx’s agonizing eight-year path to approval, took to the mic at the ICANN 79 Public Forum earlier this month to urge the board to reject GoDaddy’s request.
Palage said there have been “material violations of the Registry Agreement” that he planned to inform ICANN Compliance about. He added that approving the new deal would set a bad precedent for all the other “community” registries ICANN has contracts with.
The situation has some things in common with the controversy over the proposed acquisition of Public Internet Registry and .org a few years ago, in that the proposal entails ignoring promises made by a registry two decades ago.
Whether .xxx will attract the same level of outrage is debatable — this deal doesn’t involve nearly as many domains and does not talk to the price registrants pay — but it could attract noise from those who believe ICANN should not throw out its principles for the sake of a quieter life.
One place we might look for comment is the Governmental Advisory Committee, which was the biggest reason .xxx took so long to get approved in the first place.
But the timing of the comment period opening is interesting, coming a week after ICANN 79 closed. It will end April 29, about six weeks before the full GAC next meets en masse, at ICANN 80.
It’s not impossible that the new contract could be approved and signed before the governments get a chance to publicly haul ICANN’s board over the coals.
ICANN scores win in single-letter .com lawsuit
A Los Angeles court has handed ICANN a victory in a lawsuit filed against it by a domainer who thinks he has the rights to register all the remaining single-character .com domains.
Bryan Tallman of VerandaGlobal.com sued ICANN back in August, claiming the Org was breaking the law by refusing to allow him to register domains such as 1.com and A.com.
He already owns the matching domains in Verisign’s Chinese, Japanese and Hebrew .com IDNs, such as A.קום (A.xn--9dbq2a) and 1.コム (1.xn--tckwe), and says previous Verisign statements mean this gives him the right to the equivalents in vanilla .com.
These domains would very likely be worth tens of millions of dollars apiece. Verisign has held almost all single-character domain names in registry-reserved status since the 1990s. A few, notably Elon Musk’s x.com, pre-date the reservation.
Tallman claimed unfair competition, breach of contract, negligence and fraud and sought a declaratory judgement stating that ICANN be forced to transfer to him all of the 10 digits and all 23 of the remaining unregistered letters in .com, along with some matching .net names.
Pretty outlandish stuff, based on some pretty flimsy arguments.
ICANN filed a demurrer last year, objecting to the suit and asking the Superior Court of California in LA to throw it out, and the judge mostly agreed. In a February ruling (pdf), published recently by ICANN, he threw out all seven of Tallman’s claims.
Tallman was given permission to re-state and re-file five of the claims within 30 days, but his demand for a declaratory judgement was ruled out completely as being irreparably broken.
Governments back down on new gTLD next round delay
ICANN’s Governmental Advisory Committee has decided not to force the Org to pay for a independent cost/benefit analysis of the new gTLD program, removing the potential for timeline friction ahead of the planned 2026 next-round launch.
In its latest communique, published following the ICANN 79 meeting in Puerto Rico last week, the GAC has essentially told ICANN that it broke its bylaws by not following eight-year-old GAC advice, but meh, whatever, just don’t do it again.
As I reported last week, governments had grown concerned that ICANN had not delivered the “objective and independent analysis of costs and benefits” of the new gTLD program that the GAC had asked for in 2016. Such an analysis was supposed to be a prerequisite for the next round going ahead.
What ICANN had delivered instead was a relatively hastily prepared summary of the next round’s policy recommendations, Org’s analysis of these recommendations, and the community-led review of competition, consumer protection and trust issues, the CCT review.
The Puerto Rico communique says that this response “cannot be considered to constitute a cost-benefit analysis, nor to be objective and independent” but that the GAC does not wish to throw up a road-block to the next round going ahead on schedule. It reads:
The GAC recognizes that the Community (with involvement of the GAC) is taking forward the next round of new gTLDs and has set a corresponding timeline. The GAC, therefore, believes that conducting further analysis at this stage would not serve the intended purpose.
The GAC encourages the Board to ensure that GAC advice, which the Board has accepted, is effectively implemented and its implementation is communicated to the GAC.
GAC chair Nicolas Caballero of Paraguay summarized it as the committee telling the ICANN board “we’re not aiming by no means at stopping the next round or anything like that, but that we want to be taken seriously”.
The original draft of the communique, drafted by Denmark, the US, the UK and Switzerland delegations, also contained text noting that the analysis ICANN provided was written by staff or community stakeholders, who were neither independent nor objective, but this was removed during a drafting session last week after objections from Iran, whose rep said it sounded too critical of the multistakeholder process.
It seems ICANN, and others who stand to make a lot of money from the new gTLD program, have dodged a bullet here, with the GAC essentially backing away and backing down from its potentially delay-causing previous demands.
Private auctions could be banned in new gTLD next round
ICANN is “sympathetic” to the view that private auctions between competing new gTLD applicants are a Bad Thing that should be discouraged in the next application round.
Director Alan Barrett told the GNSO Council at ICANN 79 today that the board of directors, following Governmental Advisory Committee advice, has hired a consultant and is looking at ways to design an ICANN-run “last resort” auction in a way that “disincentivizes” the use of private auctions.
In the 2012 round, many contention sets were settled with private auctions, with tens of millions of dollars changing hands. Losing auctions was a real money-spinner for several portfolio applicants. When ICANN conducted the auctions, ICANN got the money.
Last June, the GAC advised ICANN to “ban or strongly disincentivize private monetary means of resolution of contention sets, including private auctions”, and Barrett said ICANN is considering how to fulfill that advice.
“We don’t know the answers yet, but what I can say is that we are looking at it and we are sympathetic to the idea of disincentivizing private auctions,” Barrett said.
He added that ICANN is looking at how it might discourage competing applicants from settling their contention sets using joint ventures “in a bad faith kind of way”.
“There’s the risk that applicants might use a joint venture in a bad faith kind of way, as a way of transferring money from one applicant to another, in much the same way as private actions could have done,” he said. “We want to figure out a way of allowing good-faith joint ventures.”
My sense is that whatever ICANN comes up with will have to have a substantial carrot component, or an equally big stick. The domain industry can be incredibly devious at times, and if there’s a way to make a big chunk of change filing unsuccessful new gTLD applications, somebody will figure it out.
ICANN meeting venue “insensitive and hurtful”
ICANN has taken some criticism over the decision to host its flagship Universal Acceptance 2024 meeting in Serbia.
An individual named Dmitry Noskov has written to ICANN to complain that the Universal Acceptance Steering Group will hold its “Keystone” meeting — the main event of the UA Day series of meetings around the world — later this month in Belgrade. He wrote (pdf):
Given the current global tension in the region due to ongoing conflict and the close cultural and historical ties between Serbia and Russia, which have led to diplomatic and trade actions by several countries against Russia, I am concerned about the implications of holding the event in Belgrade. It is crucial to consider the potential perception of insensitivity or hurtfulness to global sentiments, especially to those affected by the conflict.
Unlike most of Europe, Serbia has maintained a somewhat neutral stance on Russia’s invasion of Ukraine and there is reportedly large popular support for Russia, and a large Russian population, in the country. Russia and Serbia are old allies.
ICANN has taken a generally pro-Ukraine stance. It donated $1 million to relief efforts in 2022 after the war started. It also lobbied against the Russian nomination for ITU secretary-general. Russia’s ccTLD registry cut off its ICANN funding last year.
CEO Sally Costerton replied (pdf) to Noskov to say that the choice of Belgrade as the keystone UA Day event for 2024 was made by the UASG.
The UA Day event in Belgrade is being hosted by local ccTLD registry RNIDS, which runs .rs and the Cyrillic equivalent .срб.
GAC spinning up new gTLD curveball at ICANN 79?
ICANN’s Governmental Advisory Committee had a habit of throwing delaying curveballs before and during the 2012 new gTLD application round, and it might be planning a repeat performance before the upcoming 2026 round.
The GAC today assembled at ICANN 79 in Puerto Rico to discuss the latest developments in planning for the next round, and a major concern emerged around ICANN’s response to its request for a cost/benefit analysis.
The GAC had first asked for such an analysis at the Helsinki meeting in 2016, but after the ICANN 78 Hamburg meeting last October noted that it had still not received one.
At ICANN 56, the GAC had asked that an “objective and independent analysis of costs and benefits… drawing on experience with and outcomes from the recent round” should be a prerequisite for a next round going ahead.
After its Hamburg reminder, ICANN threw together a summary (pdf) of three existing documents that it presumably hoped would check that box and shush the GAC or give the GAC an excuse to shush itself.
The documents were the report of the Competition and Consumer Trust Review Team, the Subsequent Procedures PDP Working Group Final Report (which created the policy recommendations for the next round) and ICANN’s Operational Design Assessment of SubPro (which talked about how ICANN would implement those recommendations).
It was a pretty flimsy response, and GACers weren’t buying it, pointing out today that the three documents in question were all produced by the ICANN community or ICANN staff and couldn’t really be said to be “objective and independent”. Nor could they be said to amount to an “analysis of costs and benefits”.
“I had the pleasure to read through the report, and see whether it’s a cost/benefit analysis, and whether it’s an objective and independent analysis,” the GAC rep from Denmark said. “And I must say that my answer or reply to those questions would be no, and a big no.”
Other GAC members in Europe and North America seemed to agree that either the cost/benefit analysis they had asked for still hadn’t been delivered and that perhaps it wouldn’t be great for the GAC’s credibility if it didn’t press the issue.
The UK rep, who was chairing the session, observed that GAC members’ higher-uppers in government, such as ministers, sometimes ask what economic impact gTLD expansion might have and that an answer might be useful.
The contrarian opinion came, as it so often does, from Iran, whose rep suggested that a cost/benefit analysis might be pointless and maybe the GAC should just put the issue to bed.
What happens if the analysis shows the costs outweigh the benefits, he asked, should ICANN just scrap the next application round and 13 years of policy work?
It seems a request for ICANN to pay for an independent cost/benefit analysis of the new gTLD program could make its way into the GAC’s formal advice-delivering communique later in the week, potentially throwing friction into the roll-out of the next round.
In my opinion, there is no real answer to the question of whether the new gTLD program is a net benefit.
Beyond the billions of dollars of economic activity that will be created, whether it’s beneficial is purely a subjective opinion, and paying a bunch of overpriced consultants to wave their hands in the air for a year before spitting out the 300-page PDF equivalent of a Gallic Shrug probably won’t provide any meaningful clarity.
Olive retires from ICANN
David Olive, senior VP of policy development and support, will retire from ICANN at the end of May, the Org announced today.
Olive joined ICANN in February 2010 after 20 years with Fujitsu and has led his department ever since.
He also was the first managing director of ICANN’s office in Istanbul, though he’s been running the Washington DC office since 2021, ICANN said.
No immediate replacement was announced, but there’s a few months to go before he actually leaves the job.
Whois policy published without life-saving disclosure rule
ICANN has updated its Registration Data Policy, the rules that govern what data registries and registrars need to collect from registrants and when to publish or supply it through Whois lookups or disclosure requests.
When it becomes enforceable in August next year, the new RDP will make full-fat ICANN Whois policy compliant with EU privacy law for the first time since the General Data Protection Regulation came into effect in May 2018.
But the new policy, which replaces a functionally very similar temporary policy, is notable not only for the extraordinary amount of time it took to produce, but also for not containing a disputed requirement for registrars and registries to quickly turn over private Whois data when human life is at risk.
The policy dictates what contact information registrars must collect from their customers, what they must share with their registries, escrow agents and others, and what they must redact in the public Whois (or Registration Data Directory Services, as it will become known when Whois is retired next January).
It also says that registries and registrars must acknowledge private data disclosure requests no more than two business days after receipt and respond to the requests in full less than 30 calendar days after that, barring delays caused by “exceptional circumstances”.
But, due purely to ICANN community politicking, the policy for now omits previously considered language on “urgent” disclosure requests for use in “circumstances that pose an imminent threat to life, of serious bodily injury, to critical infrastructure, or of child exploitation”.
I’d like to think such circumstances are incredibly rare, but if there’s a situation where a Whois disclosure could help prevent a bomb going off at a major internet exchange, a trans rights activist being hounded into suicide, or a little kid getting raped on a livestream, the new ICANN policy does not account for that.
The version of the policy published in July last year (pdf) did include an urgent requests provision, requiring contracted parties to either turn over the data or tell the requester to get lost within 24 hours of receipt.
But it also contained a bunch of exceptions that could allow registrars to extend that deadline by up to three business days. When weekends and public holidays are taken into account, this could mean as much as a full calendar week to process an “urgent”, potentially life-saving request.
For that reason, the Governmental Advisory Committee wrote to ICANN (pdf) last August to ask it to revisit the policy language, chuck out the reference to “business” days, and stick to a 24-hour response window
The original Expedited Policy Development Process Working Group that came up with the policy recommendations had not specified how long registrars and registries should have to respond to urgent disclosure requests, punting that decision to the Implementation Review Team that drafted the final language.
An August 2022 draft (pdf) put out for public comment made the response window two business days, with a possible one-day extension, but this was reduced to 24 hours last year in what registrars describe as a “significant compromise” given the operational reality of responding to disclosure requests.
In August last year, the Registrars Stakeholder Group told ICANN (pdf) that its members “are committed to responding to Urgent requests in the most swift and expeditious manner possible” but said it objected to the GAC’s last-minute demands for the urgent disclosures policy to be rewritten.
From the registrars’ perspective, handling disclosure requests for personal data is not a simple ask. It’s a legal decision, balancing the privacy rights of the registrant with the rights of others to access that information.
Get it wrong, and you’re open to litigation and fines substantial enough to be expressed as a percentage of your revenue. And, money aside, who wants to be the guy who, for example, accidentally helps the Iranian morality police murder a bunch of schoolgirls for wearing the wrong type of hat?
But the argument between the registrars and the governments comes down to issues of ICANN process. Both the GAC and the RrSG claimed the urgent disclosures bunfight highlights deficiencies in ICANN multistakeholderism, but for different reasons.
ICANN’s response to this disagreement was to remove the urgent requests clauses from the policy altogether, in the hope that further talks can find a solution. Chair Tripti Sinha wrote to the RrSG and GAC a couple weeks ago to tell them:
the Board concluded that it is necessary to revisit Policy Recommendation 18 concerning urgent requests in the context of situations that pose an imminent threat to life, serious bodily harm, infrastructure, or child exploitation, and the manner in which such emergencies are currently handled. For this, we believe that consultation with the GNSO Council is required.
ICANN has essentially kicked the can, which was what the GAC had asked for. The RrSG wanted the July 2023 language (one-plus-three days) or August 2022 language (two-plus-one days) published in the final policy.
It’s stuff like this that makes one scratch one’s head, stroke one’s chin, and wonder whether ICANN really is fit for purpose.
There were 2,312 days between the day the European Commission first proposed the GDPR to the day it became effective in all EU member states.
But 2,590 days will have passed between the day the GNSO Council initiated the EPDP and the day the new Registration Data Policy will become effective on all contracted parties, next August.
The lumbering, then-28-state European Union was faster at passing policy than ICANN, even when ICANN was using an “expedited” process.
And what ICANN eventually came up with couldn’t even agree on ways to help tackle murder, economic catastrophes, and the rape of kids.
ICANN spends $5 million more than planned in first fiscal half
ICANN published its second fiscal quarter financials yesterday, revealing a roughly $5 million overspend in the second half of 2023.
The Org spent $72 million of its $74 million revenue in the six months to December 31, more than the $67 million spend it had budgeted for.
ICANN said the overspend came mainly in its Community and Engagement reporting segment, with the $4 million excess “driven by higher than planned costs for ICANN78, community programs, and meetings support”.
The same report shows that ICANN 78, which took place in Hamburg last October, cost about $900,000 more than expected largely because it spent more on air fares and had to put on more sessions than it originally expected.
It also spent about $100,000 on its 25th anniversary celebration, a line item that had not appeared in its budget. Because who can predict an anniversary, right?
Hamburg was the most-expensive meeting since the pandemic ended, costing about $5.4 million and attracting over 2,500 attendees. The Kuala Lumpur meeting a year earlier had cost $4.7 million.
ICANN’s revenue was described as “flat”, but a breakdown shows a roughly $1 million (rounded) shortfall in both registry and registrar transaction fees compared to the budget. This is likely linked to shrinkages in Verisign’s .com sales over the period.
New gTLD lottery to return in 2026
Remember The Draw? It was the mechanism ICANN used to figure out which new gTLDs from the 2012 application round would get a first-mover advantage, and it’s coming back in 2026.
The Org is currently considering draft Applicant Guidebook language setting out the rules for how to pick which order to process applications in the next round.
There’s no mention of Digital Archery this time. ICANN is sticking to the tried-and-tested Prioritization Draw, a lottery method in which applicants buy a paper ticket for a nominal sum ($100 last time) and ICANN pulls them out of a big bucket to see who goes first.
Applicants for internationalized domain names will have an advantage again, but it’s arguably not as strong as in the 2012 round, when all the IDN applicants that had bought tickets were processed first.
This time, the draw will take place in batches of 500 applications, according to the latest version of the draft AGB language.
The first batch will contain at least 125 IDN applications — assuming there are 125 — and they will be drawn first, before any Latin-script strings get a look. In subsequent batches, the first 10% of tickets drawn will belong exclusively to IDN applicants.
In the 2012 round, the first 108 applications selected were IDNs. The Vatican won the lucky #1 spot with .天主教, the Chinese term for the Catholic Church, while Amazon was the first Latin-script application with .play (which Google eventually won but still hasn’t launched, over 11 years later).
Due to California’s gambling laws, applicants will have to show up to buy a ticket in person. If they can’t make it, they can select an Angeleno proxy from a list provided by ICANN to pick it up on their behalf.
Last time around, The Draw took over nine hours to sort all 1,930 applications and was the social highlight of the community’s calendar. Santa Claus even showed up.
Recent Comments