Honey Salt stops responding to .sucks cybersquatting complaints

.sucks cybersquatter Honey Salt has stopped responding to UDRP and URS complaints related to the affiliated Everything.sucks web site.

Three UDRP decisions and one URS decisions resolved since early April have stated that the shadowy Turks & Caicos company defaulted or did not respond to the complaints.

It lost all four cases, all on pretty much the same grounds, losing its domains or having them suspended as a result.

Panelists concluded that while Everything.sucks presents itself as a grassroots free-speech wiki populated by user-generated content, in reality it’s just stuffed with undated, anonymous, context-free comments scraped from third-party web sites and designed to pressure brand owners into buying their .sucks domains.

Honey Salt has been hit with 19 UDPR and URS complaints covering 27 .sucks domains since last September. It’s lost all bar one of those that have been decided, an early UDRP in which the panelist bought its free-speech defense.

With the precedent that Everything.sucks is a cybersquatting enterprise pretty solidly set, it presumably doesn’t make much sense for Honey Salt to pay expensive lawyers to put up a defense any more.

In earlier cases, when Honey Salt was still responding, the company was represented by Orrick, Herrington & Sutcliffe, the US law firm that has also worked for .sucks registry Vox Populi.

.web ruling hands Afilias a chance, Verisign a problem, and ICANN its own ass on a plate

ICANN has lost yet another Independent Review Process case, and been handed a huge legal bill, after being found to have violated its own rules on transparency and fairness.

The decision in Afilias v ICANN has failed to definitively resolve the issue of whether the auction of the .web gTLD in 2016, won by a shell applicant called Nu Dot Co backed by $135 million of Verisign’s money, was legit.

ICANN’s now urging NDC, Afilias and other members of the .web contention set to resolve their beefs privately, which could lead to big-money pay-days for the losing auction bidders at Verisign’s expense.

For ICANN board and staff, the unanimous, three-person IRP panel decision is pretty damning, with the ruling saying the org “violated its commitment to make decisions by applying documented policies objectively and fairly”.

It finds that ICANN’s board shirked its duty to consider the propriety of the Verisign/NDC bid, allowing ICANN staff to get perilously close to signing a registry contract with an applicant that they knew may well have been in violation of the new gTLD program rules.

Despite being named the prevailing party, it’s not even close to a full win for Afilias.

The company had wanted the IRP panel to void the NDC/Verisign winning bid and award .web to itself, the second-highest bidder. But the panel did not do that, referring the decision instead back to ICANN.

As the loser, ICANN has been hit with a $1,198,493 bill to cover the cost of the case, which includes Afilias’ share of $479,458, along with another $450,000 to cover Afilas’ legal fees connected to an earlier emergency IRP request that ICANN “abusively” forced Afilias into.

The case came about due to a dispute about the .web auction, which was run by ICANN in July 2016.

Six of the seven .web applicants had been keen for the contention set to be settled privately, in an auction that would have seen the winning bid distributed evenly among the losing bidders.

But NDC, an application vehicle not known to be particularly well-funded, held out for a “last resort” auction, in which the winning bid would be deposited directly into ICANN’s coffers.

This raised suspicions that NDC had a secret sugar daddy, likely Verisign, that was covertly bankrolling its bid.

It was not known until after NDC won, with a $135 million bid, that these suspicions were correct. NDC and Verisign had a “Domain Acquisition Agreement” or DAA that would see NDC transfer its .web contract to Verisign in exchange for the money needed to win the auction (and presumably other considerations, though almost all references to the terms of the DAA have been redacted by ICANN throughout the IRP).

Afilias and fellow .web applicant Donuts both approached ICANN before and after the auction, complaining that the NDC/Verisign bid was bogus, in violation of program rules requiring applicants to notify ICANN if there’s any change of control of their applications, including agreements to transfer the gTLD post-contracting.

ICANN has never decided at the board level whether these claims have merit, the IRP panel found.

The board did hold a secret, off-the-books discussion about the complaints at its retreat November 3, 2016, and concluded, without any type of formal vote, that it should just keep its mouth shut, because Afilias and Donuts had already set the ball rolling on the accountability mechanisms that would ultimately lead to the IRP.

More than half the board was in attendance at this meeting, and discussions were led by ICANN’s top two lawyers, but the fact that it had even taken place was not disclosed until June last year, well over three and a half years after the fact.

Despite the fact that the board had made a conscious, if informal, choice not to decide whether the NDC/Verisign bid was legit, ICANN staff nevertheless went ahead and started contracting with NDC in June 2018, taking the .web contention set off its “on-hold” status.

Talks progressed to the point where, on June 14, ICANN had sent the .web contract to NDC, which immediately returned a signed copy, and all that remained was for ICANN to counter-sign the document for it to become binding.

ICANN VP Christine Willett approved the countersigning, but four days later Afilias initiated the Cooperative Engagement Process accountability mechanism, the contract was ripped up, and the contention set was placed back on hold.

“Thus, clearly, a registry agreement with NDC for .WEB could have been executed by ICANN’s Staff and come into force without the Board having pronounced on the propriety of the DAA under the Guidebook and Auction Rules,” the IRP panel wrote.

This disconnect between the board and the legal staff is at the core of the panel’s criticism of ICANN.

The board had decided that Afilias’ claim that NDC had violated new gTLD program rules was worthy of consideration and had informally agreed to defer making a decision, but the staff had nevertheless gone ahead with contracting with a potentially bogus applicant, the panel found.

In the opinion of the Panel, there is an inherent contradiction between proceeding with the delegation of .WEB to NDC, as the Respondent [ICANN] was prepared to do in June 2018, and recognizing that issues raised in connection with NDC’s arrangements with Verisign are serious, deserving of the Respondent’s consideration, and remain to be addressed by the Respondent and its Board, as was determined by the Board in November 2016. A necessary implication of the Respondent’s decision to proceed with the delegation of .WEB to NDC in June 2018 was some implicit finding that NDC was not in breach of the New gTLD Program Rules and, by way of consequence, the implicit rejection of the Claimant’s [Afilias’] allegations of non-compliance with the Guidebook and Auction Rules. This is difficult to reconcile with the submission that “ICANN has taken no position onw hether NDC violated the Guidebook”.

The upshot of the panel’s ruling is to throw the issue back to ICANN, requiring the board to decide once and for all whether Verisign’s auction gambit was kosher.

If you’ll excuse the crude metaphor, ICANN’s board has been told to shit or get off the pot:

The evidence in the present case shows that the Respondent, to this day, while acknowledging that the questions raised as to the propriety of NDC’s and Verisign’s conduct are legitimate, serious, and deserving of its careful attention, has nevertheless failed to address them. Moreover, the Respondent has adopted contradictory positions, including in these proceedings, that at least in appearance undermine the impartiality of its processes.

…

[The panel r]ecommends that the Respondent stay any and all action or decision that would further the delegation of the .WEB gTLD until such time as the Respondent’s Board has considered the opinion of the Panel in this Final Decision, and, in particular (a) considered and pronounced upon the question of whether the DAA complied with the New gTLD Program Rules following the Claimant’s complaints that it violated the Guidebook and Auction Rules and, as the case may be, (b) determined whether by reason of any violation of the Guidebook and Auction Rules, NDC’s application for .WEB should be rejected and its bids at the auction disqualified;

At the same time as the decision was published last night — shortly after midnight UTC and therefore helpfully too late to make it into today’s edition of ICANN’s godawful new email subscriptions feature — ICANN issued a statement on the outcome.

“In its Final Declaration, the IRP panel ruled that the ICANN Board, and not an IRP panel, should decide which applicant should become the registry operator for .WEB,” CEO Göran Marby said.

“The ICANN Board will consider the Final Declaration as soon as feasible, within the timeframe prescribed in the Bylaws, and remains hopeful that the relevant .WEB applicants will continue to seek alternatives to resolve the dispute between them raised during the IRP,” the statement concludes.

That should be of concern to Verisign, as any non-ICANN resolution of the .web battle is inevitably going to involve Verisign money flowing to its competitors.

But my first instinct strikes me that this a is a low-probability outcome.

It seems to me much more likely at first glance that ICANN will rule the NDC/Verisign ploy legitimate and proceed to contracting again.

For it to declare that using a front organization to bid for a gTLD is against the rules would raise questions about other applications that employed more or less the same tactic, such as Automattic’s successful bid, via an intermediary, for .blog, and possibly the 100-ish applications Donuts and Rightside cooperated on.

The ICANN bylaws say the board has to consider the IRP’s findings at its next meeting, for which there’s currently no published date, where feasible.

I should note that, while Donuts acquired Afilias last December, the deal did not include its .web application, which is why both the panel’s decision and this article refer to “Afilias” throughout.

Verisign hopeful after decision reached in .web gTLD case

The fate of .web has been decided, over 20 years after it was first applied for, and Verisign thinks it might emerge triumphant.

The company said last night that the ICANN Independent Review Panel handling the case of Afilias v ICANN reached a decision May 20 and delivered it to Verisign the following day.

Verisign says the panel “dismissed Afilias’ claims for relief seeking to invalidate the .web auction and to award the .web TLD to Afilias, concluding that such issues were beyond its jurisdiction.”

Sounds good for Verisign so far. Afilias wanted its $135 million bid for .web, submitted via an intermediary called Nu Dot Co, thrown out due to claims that ICANN violated its own bylaws by not sufficiently vetting the bidder.

But Verisign goes on to say “the panel’s ruling recommends that ICANN’s Board of Directors consider the objections made about the .web auction and then make a decision on the delegation of .web”.

It adds that the panel found that ICANN violated its fairness and transparency commitments:

With respect to ICANN, the ruling finds that certain actions and/or inaction by ICANN in response to Afilias’ objections violated aspects of ICANN’s bylaws related to transparency and fairness. These findings are particular to ICANN’s actions and not conduct by Verisign. Verisign anticipates that ICANN’s Board will review the panel’s ruling and proceed consistent with the panel’s recommendation to consider the objections and make a decision on the delegation of .web.

Based on Verisign’s statements, it seems that ICANN lost, but Afilias didn’t win.

The revelation was buried in a Securities and Exchange Commission filing on an unrelated financial matter last night. Hat tip to @jintlaw for spotting and tweeting about it.

It’s the most eagerly anticipated IRP ruling since 2011’s .xxx case, but in stark contrast to Rod “let’s draft this tweet” Beckstrom-era ICANN, where the decision was posted in a matter of hours, the 2021 org has not yet posted the panel’s findings or made a public statement acknowledging the ruling.

Verisign says it intends to “vigorously pursue” .web, but “can provide no assurance” as to which way the ICANN board of directors will swing.

ICANN chair reins in new gTLD timeline hopes

Don’t get excited about the next round of new gTLDs launching any time soon.

That’s my takeaway from recent correspondence between ICANN’s chair and brand-owners who are apparently champing at the bit to get their teeth into some serious dot-brand action.

Maarten Botterman warned Brand Registry Group chair Cole Quinn that “significant work lies ahead” before the org can start accepting applications once more.

Quinn had urged ICANN to get a move on last month, saying in a letter that there was “significant demand” from trademark owners.

The last three-month application window ended in March 2012, governed by an Applicant Guidebook that said: “The goal is for the next application round to begin within one year of the close of the application submission period for the initial round.”

That plainly never happened, as ICANN proceeded to tie itself in bureaucratic knots and recursive cycles of review and analysis.

Any company that missed the boat or was founded in the meantime has been unable to to even get a sniff of operating its own dot-brand, or indeed any other type of gTLD.

Spelling out some of the steps that need to be accomplished before the next window opens, Botterman wrote:

the 2012 Applicant Guidebook must be updated with more than 100 outputs from the SubPro PDP WG; we will need to apply lessons learned from the previous round, many of which are documented in the 2016 Program Implementation Review, and appropriate resources for implementing and conducting subsequent rounds must be put in place. At present it appears that WG recommendations will benefit from an Operational Design Phase (ODP) to provide the Board with information on the operational implications of implementing the recommendations. As part of such an ODP, the Board may also task ICANN org to provide an assessment of some of the issues of concern that the Board raised in its comments on the Draft Final Report, as well as those topics that did not reach consensus and were thus not adopted by the GNSO Council. The outcome of such an assessment could also add to the work that would be required before launching subsequent rounds.

…

The Board notes your views regarding SAC114. We are aware of discussions that took place during ICANN70 and the Board is in communication with the Security and Stability Committee (SSAC) and its leadership, as per the ‘Understand’ phase of the Board Advice Process. As with all advice items received, the Board will treat SAC114 in accordance with that process.

Breaking that down for your convenience…

The reference to “more than 100 outputs from the SubPro PDP WG” refers to the now six-year old Policy Development Process for New gTLD Subsequent Procedures working group of the GNSO.

SubPro delivered its final report in January and it was adopted by the GNSO Council in February.

ICANN asked the Governmental Advisory Committee for its formal input a few weeks ago, has opened the report for a public comment period that ends June 1, and will accept or reject the report at some point in the future.

SubPro’s more significant recommendations include the creation of a new accreditation mechanism for registry back-end service providers and a gaming-preventing overhaul of the contention resolution process.

The “the 2016 Program Implementation Review” is a reference to a self-assessment of the 2012 round that the ICANN staff carried out six years ago, producing a 215-page report (pdf).

That report contains about 50 recommendations covering areas where staff thought the system of actually processing new gTLD applications could possibly be improved or streamlined in subsequent rounds.

The Operational Design Phase (ODP) Botterman refers to is a brand-new phase of ICANN bureaucracy that is currently untested. It fits between GNSO Council approval of recommendations and ICANN board consideration.

The ODP is basically a way for ICANN staff to insert itself into the process, between community policy-making and community policy-approval, to make sure the GNSO’s tenuous consensus-building exercise has not produced something too crazily complicated, ineffective or expensive to implement.

Staff denies this is a power-grab.

The ODP is currently being deployed to assess proposed changes to Whois privacy policy, and ICANN has already stated multiple times that it will also be used to vet SubPro’s work.

Botterman’s reference to “issues of concern that the Board raised in its comments on the Draft Final Report” seems to mean this September 2020 letter (pdf) to SubPro’s chairs, in which the ICANN board outlined some of its initial concerns with SubPro’s proposed policies.

One fairly important concern was whether ICANN has the power under its bylaws (which have changed since 2012) to enforce Public Interest Commitments (now called Registry Voluntary Commitments) that SubPro thinks could be used to make some sensitive gTLDs more trustworthy.

The reference to SAC144 may turn out to be a big stumbling block too.

SAC114 is the bombshell document (pdf) submitted by the Security and Stability Advisory Committee in February, in which ICANN’s top security community members openly questioned whether allowing more new gTLDs is consistent with ICANN’s commitment to keep the internet secure.

While SAC114 seems to reluctantly acknowledge that the program will likely go ahead regardless, it asks that ICANN do more to address so-called “DNS abuse” before proceeding.

Given that the various factions within the ICANN community can’t even agree on what “DNS abuse” is, how ICANN chooses to “understand” SAC114 will have a serious impact on how much further the runway to the next round gets extended.

In short, Botterman is warning brand owners not to hold their breath anticipating the next application window. I think I even detect some serious skepticism as to whether demand is really as high as Quinn claims.

And quite beyond the stuff Botterman outlines in his letter, there’s presumably going to be at least one round of review and revision on the next Applicant Guidebook, as well as the time needed for ICANN to build or upgrade the systems it needs to process the applications, to hire evaluators and resolution providers, and to make sure it conducts a sufficiently long and broad global marketing program so that potential applicants in the developing world don’t feel left out. And that’s a non-exhaustive list.

Introducing competition into the registry space is of course one of ICANN’s foundational raisons d’être.

After the org was founded in September 1998, it took less than two years before it opened up the first new gTLD application round.

It was another three years before the second round launched.

It then took eight and a half years for the 2012 window to open.

It will be well over a decade from then before anyone next gets the opportunity to apply for a new gTLD. It’s entirely feasible that we’ll see an applicant in the next round headed by somebody who wasn’t even born when the first window opened.

ICANN CEO is first to get paid over $1,000,000 a year

ICANN CEO Göran Marby was paid over a million bucks out of the domain-buying public’s pocket in the org’s fiscal 2020, newly released tax documents show.

He’s now, I believe, the best-paid CEO ICANN’s ever had and the first to make more than $1 million per year in the role.

ICANN’s FY20 tax return, which covers the year to June 30, 2020, discloses Marby’s total reportable compensation as $991,557, with another $67,665 in estimated additional compensation, making a total of $1,059,222.

That’s an increase of $193,652 over the $865,570 he received in FY19.

Marby’s been making more than immediate predecessor Fadi Chehadé for a few years, but now he’s also overtaken Rod Beckstrom, who made $961,672 in 2012, his last full year on the job.

Neither Beckstrom nor his predecessor Paul Twomey ever quite made it into seven figures.

This February, ICANN’s board of directors voted to give Marby another 5% pay raise, though a few directors voted against the package.

ICANN’s form 990 tax releases also disclose salaries for another 36 senior staff and board members, showing 19 of them get paid more than $300,000 a year.

Five, including Marby, made over half a million, though a few of those are no longer with the organization.

General counsel John Jeffrey, the second-biggest earner, now has total compensation of $709,784, compared to the $314,628 he was getting 10 years ago when he was in exactly the same job.

ICANN throws out another challenge to the Donuts-Afilias deal

ICANN is set to reject a plea for it to reconsider its decision to allow Donuts to buy Afilias last December.

Its Board Accountability Mechanisms Committee recently threw out a Request for Reconsideration filed by Dot Hotel and Domain Venture Partners, part of a multi-pronged assault on the outcome of the .hotel gTLD contention set.

The RfR was “summarily dismissed”, an infrequently used way of disposing of such requests without considering their merits. BAMC concluded that the requestors had failed to sufficiently state how they’d been harmed by ICANN’s decision, and therefore lacked standing.

The requestors, both applicants for .hotel, had said that they were harmed by the fact that Donuts now owns two applications for .hotel — its own open, commercial one and Afilias’ successful community-based one.

It also said that ICANN’s seemingly deliberate opacity when it came to approving the deal broke its bylaws and sowed confusion and risk in the registry industry.

At some point before the December 17 board meeting that approved the acquisition, ICANN staff briefed the board on its decision to approve the deal, but no formal resolution was passed.

By exploiting this loophole, it’s not clear whether the board actually voted on the deal, and ICANN was not obliged by its bylaws to publish a rationale for the decision.

But BAMC, acting on the advice of ICANN’s lawyers, decided (pdf) that the statements of alleged harm were too vague or seemed to rely on potential future harms.

DVP and Dot Hotel are also party to a lawsuit and an Independent Review Process case against ICANN related to .hotel.

A Documentary Information Disclosure Request related to the Afilias acquisition was also thrown out in March.

BAMC’s dismissal will be rubber-stamped by ICANN’s full board at a later date.

Price caps on .org could return, panel rules

ICANN could be forced to reimpose price caps on .org, .biz and .info domains, an Independent Review Process panel has ruled.

The panel handling the IRP case filed by Namecheap against ICANN in February 2020 has decided to allow the registrar to continue to pursue its claims that ICANN broke its own bylaws by removing price controls from the three gTLD contracts.

Conversely, in a win for ICANN, the panel also threw out Namecheap’s demand that the IRP scrutinize ICANN’s conduct during the attempted takeover of .org’s Public Interest Registry by Ethos Capital in 2019.

The split ruling (pdf) on ICANN’s motion to dismiss Namecheap’s case came March 10 and was revealed in documents recently published by ICANN. The case will now proceed on the pricing issue alone.

The three-person panel decided that the fact that ICANN ultimately decided to block Ethos’ acquisition of PIR meant that Namecheap lacked sufficient standing to pursue that element of its case.

Namecheap had argued that ICANN’s opaque processing of PIR’s change of control request created uncertainty that harmed its business, because ICANN may approve such a request in future.

But the panel said it would not prejudge such an eventuality, saying that if another change of control is approved by ICANN in future, Namecheap is welcome to file another IRP complaint at that time.

“Harm or injury flowing from possible future violations by the ICANN Board regarding change of control requests that are not presently pending and that may never occur does not confer standing,” the panel wrote.

On the pricing issue, the panel disagreed with ICANN’s argument that Namecheap has not yet been harmed by a lack of .org price caps because PIR has not yet raised its .org prices.

It said that increased prices in future are a “natural and expected consequence” of the lack of price controls, and that to force Namecheap to wait for such increases to occur before filing an IRP would leave it open to falling foul of the 12-month statute of limitations following ICANN decision-making baked into the IRP rules.

As such, it’s letting those claims go ahead. The panel wrote:

This matter will proceed to consideration of Namecheap’s request for a declaration that ICANN must annul the decision that removed price caps in the .org, .info and .biz registry agreements. The Panel will also consider Namecheap’s request for a declaration that ICANN must ensure that price caps from legacy gTLDs can only be removed following policy development process that takes due account of the interests of the Internet user and with the involvement of different stakeholders. The Panel will consider Namecheap’s request for a declaration that “registry fees… remain as low as feasible consistet with the maintenance of good quality service” within the context of removal of price caps (not in the context of regulating changes of control).

In other words, if Namecheap prevails, future price caps for pre-2012 gTLDs could be decided by the ICANN community, with an assumption that they should remain as low as possible.

That would be bad news for PIR, as well as .info registry Donuts and .biz registry GoDaddy.

But it’s important to note that the IRP panel has not ruled that ICANN has done anything wrong, nor that Namecheap is likely to win its case — the March 10 ruling purely assesses Namecheap’s standing to pursue the IRP.

The panel has also significantly extended the proposed timeline for the case being resolved. There now won’t be a final decision until 2022 at the earliest.

The panel last week delayed its final hearing in the case from August this year to January next year, according to a document published this week.

Other deadlines in the case have also been pushed backed weeks or months.

ICANN refuses to say why it allowed Donuts to buy Afilias

ICANN appears determined to make its decision-making process when it comes to industry consolidation as opaque as possible.

The Org has denied a request from two rival registries for information about how it approved the acquisition of Afilias by Donuts last December, apparently exploiting a loophole in its bylaws.

The transaction got the nod from ICANN after its December 17 board of directors meeting, at which the board discussed the deal and gave CEO Göran Marby the nod to go ahead and process the request.

What it didn’t do was pass a formal resolution approving the deal, which seems to have given it the room to wriggle out of its transparency requirements, such as publishing its rationale and briefing materials.

It’s a trick it also used last year when it decided to bar Ethos Capital from acquiring Public Interest Registry.

In response to a Documentary Information Disclosure Process request (pdf) last month, filed by Dot Hotel and Domain Venture Partners, ICANN said:

ICANN org makes available, as a matter of due course, on the ICANN website the resolutions taken, preliminary report, minutes, and the Board briefing materials for each Board meeting… ICANN org has already published all materials for the 17 December 2020 Board meeting.

No new information was published.

The DIDP was filed by two applicants for the new gTLD .hotel, which are competing with applications originally filed by both Donuts and Afilias.

They’d also asked for ICANN’s rationale for allowing Donuts to own two .hotel applications post-acquisition, but ICANN said it had no documents reflecting that rationale.

The .hotel contest is also the subject of an Independent Review Process case and a lawsuit, in which DVP is a plaintiff.

ICANN rules out vaccine passports, kinda, but warns in-person meetings may be a long way off

The odds of a return to in-person ICANN meetings this year is “fifty-fifty”, but the Org has no plans to introduce so-called “vaccine passports” to hasten the process.

That’s what emerged during a session at ICANN 70, the fourth consecutive remote public meeting since the coronavirus pandemic began, yesterday.

ICANN’s mid-year meeting, originally slated for The Hague, was recently confirmed to be online-only this June, and the final meeting of the year, scheduled for October in-person in Seattle, is still far from certain.

Speaking to the Non-Commercial Stakeholders Group, CEO Göran Marby yesterday gave the odds of a Seattle meeting as 50:50, and said in-person meetings will only go ahead when global pandemic restrictions are at a point where people from all parts of the world are able to attend. He said:

We cannot go to a country or a region that sets up too many obstacles for ICANN people to travel there.

…

It could be technically possible for us to have a meeting somewhere with a very limited participation, but then we really have to ask “Should we have that?”, because if we can’t people into the meeting from different parts of the world, we probably shouldn’t do the meeting.

…

Since the beginning of this, we always said that the decisions are made by the people who come to the meetings, and if we can’t have enough participation from different stakeholder groups in different parts of the world, then there’s not going to be an ICANN meeting.

The return to normality will be dictated largely by vaccine roll-out worldwide, he indicated, but benchmarked against the slowest-to-jab nations.

While the US and UK are making rapid progress getting shots in arms, other nations are barely getting started with their programs.

But Marby ruled out the idea of ICANN-specific “vaccine passports”, saying: “It’s not for ICANN to set them up, it’s going to be the governments and the hotels and the airlines to set them up.”

The ICANN board and NCSG also acknowledged a certain degree of volunteer burnout and reduced participation over the last 12 months, which was broadly chalked down to the crippling time-zone problems online meetings entail.

Because ICANN rotates its meetings through broadly speaking three time zones (Americas, Europe, East Asia) with about eight hours between them, at any given meeting roughly two thirds of the community is going to be working well outside of their usual business hours for a week or more, which takes its toll.

IP lobby demands halt to Whois reform

Trademark interests in the ICANN community have called on the Org to freeze implementation of the latest Whois access policy proposals, saying it’s “not yet fit for purpose”.

The Intellectual Property Constituency’s president, Heather Forrest, has written (pdf) to ICANN chair Maarten Botterman to ask that the so-called SSAD system (for Standardized System for Access and Disclosure) be put on hold.

SSAD gives interested parties such as brands a standardized pathway to get access to private Whois data, which has been redacted by registries and registrars since the EU’s Generic Data Protection Regulation came into force in 2018.

But the proposed policy, approved by the GNSO Council last September, still leaves a great deal of discretion to contracted parties when it comes to disclosure requests, falling short of the IPC’s demands for a Whois that looks a lot more like the automated pre-GDPR system.

Registries and registrars argue that they have to manually verify disclosure requests, or risk liability — and huge fines — under GDPR.

The IPC has a few reasons why it reckons ICANN should slam the brakes on SSAD before implementation begins.

First, it says the recommendations sent to the GNSO Council lacked the consensus of the working group that created them.

Intellectual property, law enforcement and security interests — the likely end users of SSAD — did not agree with big, important chucks of the working group’s report. The IPC reckons eight of the 18 recommendations lacked a sufficient degree of consensus.

Second, the IPC claims that SSAD is not in the public interest. If the entities responsible for “policing the DNS” don’t think they will use SSAD due to its limitations, then why spend millions of ICANN’s money to implement it?

Third, Forrest writes that emerging legislation out of the EU — the so-called NIS2, a draft of a revised information security directive —- puts a greater emphasis on Whois accuracy

Forrest concludes:

We respectfully request and advise that the Board and ICANN Org pause any further work relating to the SSAD recommendations in light of NIS2 and given their lack of community consensus and furtherance of the global public interest. In light of these issues, the Board should remand the SSAD recommendations to the GNSO Council for the development of modified SSAD recommendations that meet the needs of users, with the aim of integrating further EU guidance.

It seems the SSAD proposals will be getting more formal scrutiny than previous GNSO outputs.

When the GNSO Council approved the recommendations in September, it did so with a footnote asking ICANN to figure out whether it would be cost-effective to implement an expensive — $9 million to build, $9 million a year to run — system that may wind up being lightly used.

ICANN has now confirmed that SSAD and the other Whois policy recommendations will be one of the first recipients of the Operational Design Phase (pdf) treatment.

The ODP is a new, additional layer of red tape in the ICANN policy-making sausage machine that slots in between GNSO Council approval and ICANN board consideration, in which the Org, in collaboration with the community, tries to figure out how complex GNSO recommendations could be implemented and what it would cost.

ICANN said this week that the SSAD/Whois recommendations will be subject to a formal ODP in “the coming months”.

Any question about the feasibility of SSAD would be referred back to the GNSO, because ICANN Org is technically not supposed to make policy.