$10 million of ICANN cash up for grabs

ICANN has officially launched its Grant Program, making $10 million available to not-for-profit projects this year.

The Org expects to start accepting applications for between $50,000 and $500,000 between March 25 and May 24 and start handing out the cash early next year.

It’s the first phase of a program that currently sees ICANN sitting on a distributable cash pile of $217 million that it raised by auctioning off contested new gTLD registry contracts under the 2012 gTLD application round.

The money is only available to registered charities that in some way support ICANN’s mission in terms of developing internet interoperability or capacity building.

Organizations worldwide will be able to apply, but it seems unlikely anyone from a country currently subject to US government sanctions will be successful. Conflicted organizations — such as those led by somebody involved with the program — are also barred.

Applications for grants will be assessed by ICANN staff, a yet-to-be-named Independent Application Assessment Panel comprising “a diverse collective of subject matter experts”, and ultimately the ICANN board of directors.

More information and the application form can be found here.

ICANN threatens to regulate your speech [RANT]

ICANN wants to know if it’s okay if it regulates your speech, even when you’re not doing ICANN stuff.

Acting CEO Sally Costerton has floated the idea of extending ICANN’s Expected Standards of Behavior into things people say in their everyday lives.

The notion came up in ICANN’s response (pdf) to consultant Jeff Neuman, who recently complained to the Org about a TV interview given by Talal Abu-Ghazaleh, a prominent member of the intellectual property community in the Middle-East.

In the interview on Jordanian TV last October, Abu-Ghazaleh made some outrageously anti-Semitic remarks and appeared to suggest the Holocaust was a good thing.

His TAG-Org business has at least three ties to ICANN. It’s an accredited registrar, it’s involved in an approved UDRP provider, and it hosts an instance of ICANN’s L-root DNS root server.

Neuman said that ICANN should not associate with racists and should remove TAG-Org’s L-root instance and relocate it to another organization in Jordan or elsewhere the Middle-East.

It took a few months to get a response, but now Costerton has written back to Neuman “to make it absolutely clear that hate speech has no place in ICANN’s multistakeholder process”:

She said that ICANN has “reached out directly to inform Talal Abu Ghazaleh and TAG-Org that their hate speech violates ICANN’s Expected Standards of Behavior” and “referred this matter to the Office of the Ombuds to investigate and make further recommendations.”

Costerton concludes:

Although your letters are specifically about TAG-Org, they also point to a larger question that has not yet been addressed by the ICANN community. Specifically what role, if any, should ICANN have in addressing egregious conduct that violates the Expected Standards of Behavior to the extent that it could cause significant reputational harm to ICANN and the multistakeholder model if left unaddressed? This is an area for which there is currently no policy or community guidance. In its absence, it is difficult to know how to weigh potentially competing issues. For example, your letters reference free speech questions. This incident has made it clear that as a community we need to discuss this further in the coming weeks and months.

This brief reference to the “free speech” implications of taking action may be a clue that ICANN is actually just trying to preemptively weasel out of actually doing anything about TAG-Org. Neuman seems to think that’s a possibility.

But let’s take Costerton’s letter at face value. ICANN is now talking about extending its Expected Standards of Behavior to things people say when they’re not doing ICANN community stuff.

The ESB is ICANN’s take on codified politeness, banning all the -isms and -phobias from ICANN community conduct. It’s supplemented by the Community Anti-Harassment Policy, which is referenced in Costerton’s letter (pdf) to TAG-Org and which among many other things bans swearing.

Participants are reminded of applicability of these policies whenever they walk into an ICANN conference center or log in to a Zoom call.

That, as far as I’m concerned, is where it should begin and end — when you’re in an ICANN meeting or participating on a mailing list, play nice. ICANN’s house, ICANN’s rules.

Abu-Ghazaleh spouted some pretty incredibly racist stuff, but he did so in a media appearance. He wasn’t on TV to discuss ICANN, or domain names, or intellectual property. He was talking about the attacks in Israel and Gaza.

ICANN’s Expected Standards of Behavior have no jurisdiction over Jordanian TV. Or, indeed, any news media.

ICANN as a private organization would of course be well within its rights to just unilaterally remove the Amman L-root. It refuses to take money from alt-roots. It refuses to work with convicted pirates. Surely refusing to work with a Holocaust supporter isn’t too much of a stretch.

But the idea that ICANN’s rules on personal conduct should extend outside the grey, windowless walls of an ICANN convention center, or that ICANN employees should be the judges of whether something is or isn’t offensive… nah.

Remember, a lot of these people are Californians.

ICANN predicts flattish 2025 for domain industry

The gTLD domain industry will be pretty much flat in terms of sales next year, according to the predictions in ICANN’s latest budget.

The bean counters reckon the Org will make $89 million from transactions in legacy gTLDs (mainly .com) in its fiscal 2025, up from the $88.9 million it expects to make in fiscal 2024, which ends next June 30.

Meanwhile, it expects transactions in new gTLDs to bring in $10.1 million, up from the $9.9 million it expects in FY24.

Both of the updated FY24 estimates are actually a bit ahead of ICANN’s current budget, written in April and approved in May, which predicted $87.1 million from legacy and $9.2 million from new.

ICANN expects to lose 22 registries (presumably unused dot-brands, of which there are still plenty, with a couple hundred contracts up for renewal in 2025) and gain 40 new registrars.

This will lead to revenue from registry fixed fees to dip to $27.6 million from a predicted $28.1 million, and registrar fixed fees going up from $10.4 million from a predicted $10.1 million.

The FY24 registrar numbers are a little healthier than ICANN predicted back in April, when it expected 2,447 accredited registrars at the end of the financial year versus the 2,575 it’s expecting now. Gname’s decision to buy 150 new accreditations will have played a big role in moving this number up. ICANN expects 2,615 registrars at the end of FY25.

But ICANN is losing registries faster than it predicted back in April. Then, it had expected to end FY24 with 1,127 registries; now it thinks it will have 1,118. It expects that to drop to 1,089 by the end of June 2025.

Overall, ICANN is budgeting for funding of $148 million and the same level of expenses in FY25, the same as FY24.

Did I find a murder weapon in a zone file?

Registrars are usually very reluctant to police the content of web sites by taking down domains they manage, but they quite often make an exception when the web site in question calls for violence. But what if the site itself attempts to physically harm visitors through their screens?

It sounds a bit mad, but I think I’ve found such a site.

I recently randomly came across a domain name that caught my eye while scrolling through a zone file. I’m not going to reveal the domain here, but it consisted of three words across the dot and could be taken as an instruction to “murder” a specific, but unnamed, individual.

Expecting humor, I visited the domain out of curiosity and was confronted by a blank page that rapidly flashed between two background colors, creating a strobe effect. There was no other content.

My first impression was that the site had been created in order to trigger seizures in photosensitive epileptics. The CSS seemed to confirm that the strobe effect fell within the frequency range that the charity Epilepsy Action says can cause such seizures.

This raised an interesting question: could this be considered “DNS abuse”?

The DNS Abuse Institute’s definition (pdf) says DNS Abuse consists of “malware, botnets, phishing, pharming, and spam (when it serves as a delivery mechanism for the other forms of DNS Abuse)”.

DNSAI says registries and registrars “must” act on these five categories of abuse, but it adds that there are some categories of web content where registrars “should” take action. Its Framework to Address Abuse, which has been endorsed by dozens of registries and registrars, states:

Specifically, even without a court order, we believe a registry or registrar should act to disrupt the following forms of Website Content Abuse: (1) child sexual abuse materials (“CSAM”); (2) illegal distribution of opioids online; (3) human trafficking; and (4) specific and credible incitements to violence. Underlying these Website Content Abuses is the physical and often irreversible threat to human life.

Epileptic seizures can be fatal. A school friend of mine did not make it out of his teens due to one. Even when non-fatal, they are dangerous and clearly unpleasant.

So if a site encouraging physical violence “should” be taken down, what about a site that seems designed to actively physically attack individuals, no incitement required? That’s a reasonable question, right?

I filed an abuse report with the registrar managing the domain and was told it did not violate its acceptable use policies.

Attacking epileptics with flashing images sent online has been a criminal offence in the UK since October 26, when the controversial Online Safety Act 2023 was enacted.

A component of the Act is named Zach’s Law, after an eight-year-old boy who in 2020 was attacked with flashing images by internet wankers after he carried out a sponsored walk for the Epilepsy Society.

The Act makes it illegal to send a flashing image to somebody you know is epileptic with the intent to harm them. You can get up to five years imprisonment and a fine.

ICANN drops the “man” from Ombudsman

ICANN is looking for a new “Ombuds”, having quietly dropped the “man” from Ombudsman following the resignation of Herb Waye.

The Org said it has hired a recruitment consultant and put out a call for expressions of interest in the role last night.

The Ombuds’ job is to handle complaints independently of ICANN Org and board and be an “objective advocate for fairness”. It’s one of ICANN’s bylaws-mandated accountability mechanisms.

The Org seems to have officially made the switch from “Ombudsman” to “Ombuds” at the start of October when Krista Papac took on the job on an interim basis. The old URL icann.org/ombudsman now forwards to icann.org/ombuds.

Like many middle-aged men, I often roll my eyes at this kind of terminology change, despite my impeccable woke credentials.

I have always assumed that “Ombudsman” was etymologically a gender-neutral term, given its Scandinavian roots, but I’ve read around the topic today and it seems that that assumption is open to debate.

I’ve concluded that it doesn’t matter either way — nobody’s getting hurt by the change, so fuck it, “Ombuds” it is.

Have your say on police domain takedown powers

The UK Parliament wants your input on a new proposed law that would give the police powers to take down domain names and IP addresses.

The broad-ranging Criminal Justice Bill 2023 (pdf) would give police the ability to obtain court orders requiring registries and registrars to suspend domains believed to be used in criminal activity.

Accompanying explanatory notes say that these court orders could be applied internationally against domain companies in other countries via various means.

The clock is ticking for submissions — the Public Bill Committee of Parliament is due to sit to consider evidence from December 12 and issue its report with suggested amendments by January 30.

The committee advises submitting evidence as soon as possible to maximize the time spent considering it.

Most registrars are shunning ICANN’s new Whois system

Most of the largest domain registrars are not currently participating in ICANN’s new Registration Data Request Service, according to my research.

I used the RDRS tool to check domains managed by every accredited registrar that has over a million domains under management and discovered that at least 25 out of these 40 registrars do not currently support the service.

The number may be 26, but RDRS did not recognize any domains managed by Chinese registrar Ali Baba as valid, giving instead a “domain does not exist” error message, even for alibaba.com itself.

In total, the 25 registrars coming up blank look after over 63 million gTLD domains, about 28% of the total.

Some very recognizable brands are not in the system.

Squarespace Domains II, the new name for the old Google Domains, the fourth-largest registrar, is the largest company not participating. Together with its original accreditation, Squarespace Domains, they have over 10 million domains under management.

TurnCommerce, GMO, IONOS, NameSilo, PDR, Gname, Dynadot, Wix, OVH, Register.com, FastDomain, Name.com, Domain.com, Hostinger, Sav.com, Xin Net, West.cn, Cronon, Domain Robot, Automattic, DNSPod, and Cloudflare are also not in the system.

Oh, and neither is Markmonitor.

While I only checked 40 registrars, not the full 2,702 that were active in the July registry transaction reports, I would expect the level of support to decline the lower down the list you get, particularly as hundreds of accreditations have a trivial number of domains or are merely aliases for companies already known to not support RDRS.

It’s quite possible some of the registrars I’ve named here are planning to sign up and have just been slow to do so, but they’ve had plenty of time — ICANN has been onboarding registrars since September 20.

The level of support from the registrar industry will be critical to judging whether the RDRS project is deemed a success.

In a recent letter to the GNSO Council discussing “success criteria” for the program, ICANN chair Tripti Sinha wrote (pdf):

The Board agrees that the participation of a sufficient number of registrars with a sufficient number of domain name registrations under management will be important with respect to gathering data.

On the bright side, GoDaddy, Tucows and Namecheap are on board, and that represents about 90 million domains. GoDaddy alone accounts for 65 million, slightly more than the combined total of the 25 large registrars that are not participating.

RDRS is a system designed to simplify the process of requesting non-public Whois data by passing all such requests to the relevant registrars through a central hub.

Of course, it’s only useful if the registrars are actually in the system.

ICANN picks Istanbul for 2024 meeting

The ICANN community will head to Türkiye for the Org’s 2024 Annual General Meeting, it has been confirmed.

The board of directors picked Istanbul for ICANN 81, which will kick off November 9 next year, according to a just-published resolution.

While the precise venue has not been revealed, you’d have to assume the Istanbul Congress Center is a prime candidate.

While it’s conveniently on the doorstep of Europe, Türkiye counts as Asia-Pacific under ICANN’s rules mandating meetings rotate through the world’s five geographic regions.

ICANN maintains an office in Istanbul, so it can presumably save a bit of money not having to pay for travel and lodgings for local staff who would usually travel.

Next year’s meetings also see the community travel to San Juan, Puerto Rico in March and Kigali, Rwanda in June. The first meeting of 2025 will be held in Seattle, Washington.

ICANN accused of power grab over $271 million auction fund

ICANN has acted outside of its powers by ignoring community policy recommendations and leaving its $271 million gTLD auction windfall open to being frittered away on lawyers, according to community members.

The Intellectual Property Constituency of the GNSO has filed a formal Request for Reconsideration over a board resolution passed at ICANN 78 last month in Hamburg, and other constituencies may add their names to it shortly.

The row concerns the huge cash pile ICANN was left sitting on following the auction of 17 new gTLD contracts between 2014 and 2016, which raised $240 million (as of July, around $271 million after investment returns and ICANN helping itself to a portion to fund its operations reserve).

It was decided that the money should be used to fund a grant program for worthy causes, with organizations able to apply for up to $500,000 during discrete rounds, the first of which is due to open next year with a $10 million pot. Around $220 million is believed to be earmarked for the grant program over its lifetime.

But the Cross Community Working Group for Auction Proceeds (CCWG-AP) that came up with the rules of the program was concerned that unsuccessful applicants, or others chagrined by ICANN’s grant allocations, might challenge decisions using ICANN’s accountability mechanisms.

This would cause money earmarked for worthy causes to be spaffed away on lawyers, which the CCWG-AP wanted to avoid, so it recommended that ICANN modify its fundamental bylaws to exclude the grant program from mechanisms such as the Independent Review Process, which usually incurs high six-figure or seven-figure legal fees.

ICANN seemed to accept this recommendation — formally approving it in June last year — until ICANN 78, when the board approved a surprise U-turn on this so-called Recommendation 7.

The board said it was changing its mind because it had found “alternative ways” to achieve the same objective, “including ways that do not require modification to ICANN’s core Bylaws on accountability”. The resolution stated:

As a result, the Board is updating its action on Recommendation 7 to reflect that ICANN org should implement this Recommendation 7 directly through the use of applicant terms and conditions rather than through a change to ICANN’s Fundamental Bylaws.

This left some community members — and at least one ICANN director — scratching their heads. Sure, you might be able to ban grant applicants from using the IRP in the program’s terms and conditions, but that wouldn’t stop third parties such as an applicant’s competitors from filing an IRP and causing legal spaffery.

The board was well aware of these concerns when it passed the resolution last month. Directors pointed out in Hamburg that ICANN is still pursuing the bylaws amendment route, but has removed it as a dependency for the first grant round going ahead.

This left some community members nonplussed — it wasn’t clear whether ICANN planned to go ahead with the program ignoring community recommendations, or not. The reassuring words of directors didn’t seem to tally with the language of the resolution.

So the IPC took the initiative and unironically invoked an accountability mechanism — the RfR — to get ICANN to change its mind again. I gather the request was filed as a precaution within the 30-day filing window due to the lack of clarity on ICANN’s direction.

The RfR states:

the impetus behind the Bylaws change was to prevent anyone from challenging grant decisions, including challenges from parties not in contractual privity with ICANN. The Board’s hasty solution would only prevent contracting grant applicants from challenging decisions; it would not in any way affect challenges by anyone else – including anyone who wished to challenge the award of a grant. The grant program could be tied in knots by disgruntled parties, competitive organizations or anyone else who wished to delay or prevent ICANN from carrying out any decision to grant funds. This is exactly what the CCWG-AP sought to prevent

The IPC says that by bypassing the bylaws amendment process, which involves community consent, the ICANN board is basically giving itself the unilateral right to turn off its bylaws-mandated accountability mechanisms when it sees fit. A power grab.

It wants the Hamburg resolution reversed.

Discussing the RfR a few days before it was filed, other members of the GNSO Council suggested that their constituencies might sign on as fellow complainants if and when it is amended.

RfRs are handled by ICANN’s Board Accountability Mechanisms Committee, which does not currently have a publicly scheduled upcoming meeting.

Call for ICANN to dump anti-Semitic partner

A senior Jewish member of the ICANN community is calling on the Org to end its partnership with a company run by a Palestine-born Jordanian businessman who recently broadcast some outrageously anti-Semitic remarks.

Jeff Neuman of JJN Solutions and Dot Hip Hop, who has spent the last quarter-century involved in countless ICANN community roles, made the plea in an open letter he posted on his blog today following remarks by Talal Abu-Ghazaleh on Jordanian TV on October 12.

The letter follows an exchange at the ICANN Annual General Meeting in Hamburg last week in which Neuman raised concerns about some on-site graffiti that he considered anti-Semitic.

Abu-Ghazaleh’s comments, rather than being just some coded anti-Semitic dog-whistles, appear to directly attempt to justify the Holocaust, according to a translation by Middle-East media monitoring organization MEMRI.

Along with some less-extreme anti-Semitic tropes, he said, during an interview discussing the war in Gaza:

The Jews do not have any ideology. All they care about is money and interests. I had a friend who was a German cabinet member. I once asked him: ‘When Hitler, may God forgive him, carried out the Holocaust, why didn’t he finish the job and kill all the Jews?’ He said to me: ‘It’s the other way around, but don’t tell anyone I said this. He left a group of them on purpose, so that people would know why we carried out the Holocaust. When you would be tormented by them, you would know the reason.’

It turns out the Talal Abu-Ghazzaleh Organization (TAG-Org) that he runs hosts an instance of ICANN’s L-root server in Jordan — one of scores of redundant nodes at data centers around the world — and Neuman wants this relationship terminated.

Revealing that family members were killed in the Holocaust, he says in his letter to ICANN leadership:

I believe ICANN must take immediate action to remove this instance from TAG-Org and find a new home for this instance. In addition, ICANN should make an unequivocal statement ASAP that it does not condone such hate speech and that it will not have any partnerships whose founders or leaders espouse such views.

TAG-Org’s relationship with ICANN does not stop at the L-root instance, however. Abu-Ghazaleh is a noted champion of intellectual property rights in the Middle-East region and his companies are naturally involved in the domain industry and ICANN community.

TAG-Domains, part of Abu-Ghazaleh Intellectual Property (AGIP), is an ICANN-accredited registrar specializing in brand protection services. It has only about 1,200 gTLD domains under management.

And the group seems to be intimately involved with the Arab Center for Dispute Resolution, the only ICANN-approved UDRP service provider in the region. It was approved in 2013 with an application managed by Talal Abu-Ghazaleh Legal and there appears to be an ongoing relationship.

Neuman, who makes it clear he is not currently holding ICANN at fault for its partnerships, does not appear to be calling for ICANN to end these other relationships with the Abu-Ghazaleh group and I don’t think the Registrar Accreditation Agreement has a morality clause anyway.

Since Abu-Ghazaleh’s comments have come to light, two IP news publications — Managing IP and IAM — have publicly distanced themselves from him.

Managing IP said it was reviewing all awards it had given to AGIP and removing the company’s profile from its site, while IAM said it was removing Abu-Ghazaleh from its IP Hall of Fame.

While to my knowledge Neuman is the only person to date to ask ICANN for a similar censure, his voice does carry weight. You’d be hard-pressed to find anyone else in the community who’s put in as many hours and knows as much about ICANN policy-making.

I think it’s quite likely ICANN will say something condemning racism in response; I’m less certain that it will pull the plug on the Amman L-root or do anything concrete to distance itself from the Abu-Ghazaleh companies.

ICANN chair Tripti Sinha has already expressed dismay at graffiti that Neuman considered anti-Semitic that appeared for 24 hours on a mural at ICANN 78 in Hamburg last week.

This does NOT belong at an ICANN meeting! It’ is wholly inappropriate at ICANN. #icann78 pic.twitter.com/2KN6Eiel5D

— Jeff Neuman (@jintlaw) October 26, 2023

Saying on Twitter that the graffiti implied endorsement of the murder of Jews and that he felt unsafe at an ICANN meeting for the first time, Neuman used the Public Forum last Thursday to ask ICANN’s board of directors to condemn such behavior.

“This is not the place to make statements like that,” Sinha said, referring to the graffiti. “This is meant to be a safe place for discourse and interchange of ideas. so please do not engage in any kind of political dialogue and hurtful dialogue.”