Recent Posts
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
Whois “killer” is a recipe for a clusterfuck
An ICANN working group has come up with a proposal to completely replace the current Whois system for all gTLDs.
Outlined in 180 recommendations spread over 166 pages (pdf), it’s designed to settle controversies over Whois that have raged for 15 years or more, in one fell swoop.
But it’s a sprawling, I’d say confusing, mess that could turn domain name registration and the process of figuring out who owns a domain name into an unnecessarily bureaucratic pain in the rear.
That’s if the proposal is ever accepted by the ICANN community, which, while it’s early days, seems like a challenge.
The Expert Working Group, which was controversially convened by ICANN president Fadi Chehade in December 2012, proposes a Registration Data Service that would ultimately replace Whois.
It’s a complex document, which basically proposes rebuilding Whois from the ground up based on ideas first explored by George Orwell, Franz Kafka and Douglas Adams.
Having read it, I’ll do my best in this post to explain what the proposed Registration Data Service seems to entail and why I think it seems like a lot of hard work for very little benefit.
I note in advance as a matter of disclosure that the RDS as proposed would very possibly disenfranchise me professionally, making it harder for me to do my job. I explain why later in this post.
I also apologize in advance for, and will correct if notified of, any errors. It’s taken me a week from its publication to read and digest the proposal and I’m still not sure it’s all sunk in.
Anyway, first:
What’s RDS?
RDS would be a centralized Whois database covering all domains in all gTLDs, new and old, operated by a single entity.
What’s in an RDS record?
Under the hood, RDS records wouldn’t look a heck of a lot different than Whois records look today, in terms of what data they store.
There would be some new optional elements, such as social media user names, but otherwise it’s pretty much the same data as we’re used to seeing in Whois records today.
The big difference is which of these elements would be visible by default to an anonymous internet user doing a regular Whois look-up somewhere.
Some fields would be “public” and some would be “gated” or hidden. Some fields would always be public and some could be toggled between public and gated by the registrant.
Gated fields would not be visible to people doing normal Whois look-ups. To see gated data, you’d need to be accredited to a certain role (cop, trademark owner, etc) and have an RDS account.
By default, much of the data about the “registrant” — including their name, physical address, country, and phone number — would be gated.
No, you’re not reading that wrong — the name of the registrant would be hidden from regular Whois users by default. Their email address, however, would be always be public.
There would also be up to six “Purpose Based Contacts” — an Admin Contact, a Legal Contact, a Technical Contact, an Abuse Contact, a Privacy/Proxy Contact and a Business Contact.
So, for example, a registrant could specify his registrar as his technical PBC and his lawyer as his legal PBC.
The admin, legal, technical and abuse contacts would be mandatory, and would default to the registrant’s own personal contact info.
A newly registered domain would not be activated in the DNS until the mandatory PBCs had been provided.
Each of these four mandatory PBCs would have different levels of disclosure for each data element.
For example, the Admin PBC would be able to hide their mailing address and phone number (both public by default) but not their name, email address or country.
The Legal PBC would not be able to opt out of having their mailing address disclosed, but the Technical and Abuse PBCs would be able to opt out of disclosing pretty much everything including their own name.
Those are just examples. Several tables starting on page 49 of the report (pdf) give all the details about which data fields would be disclosed and which could be hidden.
I think it’s expected by the EWG that most registrants would just accept the defaults and publish the same data in each PBC, in much the same way as they do today.
“This PBC approach preserves simplicity for Registrants with basic contact needs and offers additional granularity for Registrants with more extensive contact needs,” the EWG says.
Who gets the see the hidden stuff?
In order to see the hidden or “gated” elements, you’d have to be an accredited user of the centralized RDS system.
The level of access you got to the hidden data would depend on the role assigned to your RDS account.
The name of the registrant, for example, would be available to anyone with an RDS account.
If you wanted access to the registrant’s mailing address or phone number, you’d need an RDS account that accredited you for one or more of seven defined purposes:
- Domain Name Control (ie, the registrant herself)
- Domain Name Certification (ie SSL Certificate Authorities)
- Business Domain Name Purchase/Sale (anyone who says they might be interested in buying the domain in question)
- Academic/Public Interest DNS Research
- Legal Actions (eg lawyers investigating fraud or trademark infringement)
- Regulatory/Contractual Enforcement (could be ICANN-related, such as UDRP, or unrelated stuff like tax investigations)
- Criminal Investigation/DNS Abuse Mitigation
Hopefully this all makes sense so far, but it gets more complicated.
Beware of the leopard!
In today’s gTLD environment, Whois records are either stored with the registry or the registrar. You can do Whois lookups on the registrar/y’s site, or via a third-party commercial service.
As a registrant, you need only interact with your registrar. As a Whois user, you don’t need to sign up for an account anywhere, unless you want value-added services from a company such as DomainTools.
Under RDS, a whole lot of other entities start to come into play.
First, there’s RDS itself — a centralized Whois replacement.
It’s basically two databases. One contains contact details, each record containing a unique Contact ID identifier. The other database maps Contact IDs to the PBCs for each gTLD domain name.
It’s unclear who’d manage this service, but it looks like IBM is probably gunning for the contract.
Second, there would be Validators.
A Validator’s job would be to collect and validate contact information from registrants and PBCs.
While registrars and registries could also act as Validators — and the EWG envisages most registrars becoming Validators — this is essentially a new entity/role in the domain name ecosystem.
Third and Fourth, we’ve got newly created Accrediting Bodies and Accreditation Operators.
These entities would be responsible for accrediting users of the RDS system (that is, people who want to do a simple goddamn Whois lookup).
The EWG explains that an Accrediting Body “establishes membership rules, terms of service, and application and enforcement processes, etc., for a given RDS User community.”
An Accreditation Operator would “create and manage RDS User accounts, issue RDS access credentials, authenticate RDS access requests, and provide first-level abuse handling”.
Because it’s not complicated enough already, each industry (lawyers, academics, police, etc) would have their own different combination of Accrediting Bodies and Accreditation Operators.
Who benefits from all this?
The reason the EWG was set up in the first place was to try to resolve the conflict between those who think Whois accuracy should be more strictly enforced (generally law enforcement and IP owners) and those who think there should be greater registrant privacy (generally civil society types).
In the middle you’ve got the registries and registrars, who are generally resistant to anything that adds friction to their shopping carts or causes even moderate implementation costs.
The debate has been raging for years, and the EWG was told to:
1) define the purpose of collecting and maintaining gTLD registration data, and consider how to safeguard the data, and 2) provide a proposed model for managing gTLD directory services that addresses related data accuracy and access issues, while taking into account safeguards for protecting data.
So the EWG proposal could be seen as successful if a) privacy advocates are happy and b) trademark lawyers and the FBI are happy, c) registrars/ries are happy and d) Whois users are happy.
Are the privacy dudes happy?
No, they’re not.
The EWG only had one full-on privacy advocate: Stephanie Perrin, who’s a bit of a big deal when it comes to data privacy in Canada, having held senior privacy roles in public and private sectors there.
Perrin isn’t happy. Perrin thinks the RDS proposal as it stands won’t protect regular registrants’ privacy.
She wrote a Dissenting Report that seems to have been intended as an addendum to the EWG’s official report, but it was not published by the EWG or ICANN. The EWG report makes only a vague, fleeting reference, in a footnote, to the fact that the was any dissent at all.
Milton Mueller at the Internet Governance Project got his hands on it regardless and put it out there earlier this week.
Perrin disagrees with the recommendation (outlined above) that each domain name must have a Legal Contact (or Legal PBC) who is not permitted to hide their name and mailing address from public view.
She argues, quite reasonably I think, that regular registrants don’t have lawyers they can outsource this function to, which means their own name and mailing address will comprise their publicly visible Legal PBC.
This basically voids any privacy protection they’d get from having these details “gated” in the “registrant” record of the RDS. Perrin wrote:
the purpose of the gate is to screen out bad actors from harassing innocent registrants, deter identity theft, and ensure that only legitimate complaints arrive directly at the door of the registrants. It is also to protect the ability of registrants to express themselves anonymously. Placing all contact data outside the gate defeats certain aspects of having a gate in the first place.
The EWG report envisages the use of privacy/proxy services for people who don’t want their sensitive data published publicly.
But we already have privacy/proxy services today, so I’m unclear what benefit RDS brings to the table in terms of privacy protection.
It’s also worth noting that there are no circumstances under which a registrant’s email address is protected, not even from anonymous RDS queries. So there’s no question of RDS stopping Whois-based spam.
Are the trademark dudes going to be happy?
I don’t know. They do seem to be getting a better deal out of the recommendations than the other side (there were at least three intellectual property advocates on the EWG) but if you’re in the IP community the report still leaves much to be desired.
The RDS proposal would create a great big centralized repository of domain registrant information, which would probably be located in a friendly jurisdiction such as the US.
That would make tracking down miscreants a bit easier than in today’s distributed Whois environment.
RDS would also include a WhoWas service, so users can see who has historically owned domain names, and a Reverse Query service, so that users can pull up a list of all the other domains that share the same contact field(s).
Both services (commercially available via the likes of DomainTools already) would prove valuable when collating data for a UDRP complaint or cybersquatting lawsuit.
But it’s important to note that while the EWG report says all contact information should be validated, it stops short of saying that it should be authenticated.
That’s a big difference. Validation would reveal whether a mailing address actually exists, but not whether the registrant actually lives there.
You’d need authentication — something law enforcement and IP interests have been pushing for but do not seem to have received with the EWG proposal — for that.
The EWG suggests that giving registrants more control over which bits of their data are public will discourage them from providing phony contact information for Whois/RDS.
The RDS proposes a lot more carrot than stick on this count.
But if Perrin is correct that it’s a false comfort (given that your name and address will be published as Legal PBC anyway) then wouldn’t a registrant be just as motivated to call themselves Daffy Duck, or use a proxy/privacy service, as they are today?
Are the registrar dudes going to be happy?
If the EWG’s recommendations become a reality registrars could get increased friction in their sales path, depending on how disruptive it is to create a “Contact ID” and populate all the different PBCs.
I think it’s certainly going to increase demand on support channels, as customers try to figure out the new regime.
Remember, the simple requirement to click on a link in an email is causing registrants and registrars all kinds of bother, including suspended domains, under recently introduced rules.
And there’s obviously going to be a bunch of (potentially costly) up-front implementation work registrars will need to do to hook themselves into RDS and the other new entities the system relies on.
I doubt the registrars are going to wholeheartedly embrace the proposal en masse, in other words.
Is Kevin Murphy happy?
No, I’m not happy.
It bugs me, personally, that the EWG completely ignored the needs of the media in its report. It strikes me as a bit of a slap in the face.
The “media” and “bloggers” (I’m definitely in one of those categories) would be given the same rights to gated RDS data as the “general public”, under the EWG proposal.
In other words, no special privileges and no ability to access the registrant name and address fields of an RDS record.
RDS may well give somebody who owns a trademark (such as a reverse domain name hijacker or a sunrise gamer) more rights to Whois records than the New York Times or The Guardian.
That can’t be cool, can it?
Murphy, brah, why you gotta cuss in your headline?
Good question. I do use swearwords on DI occasionally, but only to annoy people who don’t like them, and usually only in posts dated April 1 or in stories that seem to deserve it.
This post is dated June 13.
I think I’ve established that the EWG’s proposal as it stands today is a pretty big overhaul of the current system and that it’s not immediately obvious how the benefits to all sides warrant the massive effort that will have to be undertaken to get RDS to replace Whois.
But the clusterfuckery is going to begin not with the implementation of the proposal, but with the attempt to pass it through the ICANN process.
The proposal has to pass through the ICANN community before becoming a reality.
The Expert Working Group has no power under the ICANN bylaws.
It was created by Chehade while he was still relatively new to the CEO’s job and did not yet appreciate how seriously community members take their established procedures for creating policy.
I think it was a pretty decent idea — getting a bunch of people in a room and persuading them to think outside the box, in an effort to find radical solutions to a a long-stagnant debate.
But that doesn’t change the fact that the EWG’s proposals don’t become law until they’ve been subject to the Generic Names Supporting Organization’s lengthy Policy Development Process.
Some GNSO members were not happy when the EWG was first announced — they thought their sovereignty was being usurped by the uppity new CEO — and they’re probably not going to be happy about some of the language the EWG has chosen to use in its final report.
The EWG said:
The proposed RDS, while not perfect, reflects carefully crafted and balanced compromises with interdependent elements that should not be separated.
…
The RDS should be adopted as a whole. Adopting some but not all of the design principles recommended herein undermines benefits for the entire ecosystem.
It’s actually quite an audacious turn of phrase for a working group with no actual authority under ICANN bylaws.
It sounds a bit like “take it or leave it”.
But there’s no chance whatsoever of the report being adopted wholesale.
It’s going into the GNSO process, where the same vested interests (IP, LEA, registry, registrar, civil society) that have kept the debate stagnant for the duration of ICANN’s existence will continue to try (and probably fail) to come to an agreement about how Whois should evolve.
US House passes anti-ICANN bill
The US House of Representatives has passed the DOTCOM Act, which would prevent the Department of Commerce from walking away from its oversight of the DNS root zone.
The bill was approved as an amendment to a defense authorization act, with a 245-177 vote that reportedly saw 17 Democrats vote in line with their Republican opponents.
The DOTCOM Act has nothing whatsoever to do with .com. Rather, it’s a response to the National Telecommunications and Information Administration’s plan to relinquish its role in root zone management.
The bill as passed (pdf) would prevent NTIA from agreeing to any multistakeholder community-created IANA transition proposal until the Government Accountability Office had issued a study on the proposal.
The GAO would have one year from the point ICANN submits the proposal to come up with this report.
That means that if ICANN and NTIA want to stick to their September 2015 target date for the transition, either the ICANN community would need to produce a proposal at unprecedented and unlikely speed or the GAO would need to take substantially less than a year to write its report.
I don’t think it’s an impossible target, but it’s certainly looking more likely that NTIA will have to exercise one of the two-year automatic renewal options in the current IANA contract.
That’s all assuming that a matching bill passes through the Democrat-controlled Senate and then receives a presidential signature, of course, which is not a certainty.
Assuming a bloc vote by the 47 Republican Senators, only four Democrats (or independents) would need to switch sides in order for the DOTCOM Act to become, barring an unlikely presidential veto, law.
To the best of my knowledge there is not currently a matching bill in the Senate.
ICANN says Verisign should stay in charge of root zone
Verisign should stay in its key role in root zone management after the IANA transition process is complete, according to ICANN CEO Fadi Chehade.
The company currently acts as “maintainer”, alongside the US government as “administrator” and ICANN/IANA as “operator”.
This means Verisign is responsible for actually making changes — adding, deleting or amending the records for TLDs — in the root zone file.
In a blog post yesterday, Chehade said that ICANN will “establish a relationship directly with the third-party Maintainer”, adding:
As a means to help ensure stability, ICANN’s recommended implementation option is to have Verisign continue its role as the Maintainer. However, we will be working closely with all relevant parties including the Root Zone Operators to ensure there are contingency options in place to meet our absolute commitment to the stability, security and resiliency of the Domain Name System.
I wholeheartedly agree that Verisign should stay in its role, or at the very least that ICANN should not take over.
As we’ve learned over the last couple of years of software glitches in the new gTLD program, some of them security-related, ICANN would be a poor choice today to maintain this critical resource.
Chehade noted that the US National Telecommunications and Information Administration would be replaced in its “administrator” role by whatever mechanism the ICANN community comes up with during the transition process.
Was panel wrong to put .africa on ice or does ICANN have an accountability problem?
Did an Independent Review Process panel get it wrong when it accused ICANN of failing to implement proper accountability mechanisms, or did it actually highlight a more serious problem?
As we reported yesterday, an IRP panel has ordered ICANN to not delegate ZA Central Registry’s .africa gTLD until it’s heard an appeal by failed rival bidder DotConnectAfrica.
IRP is ICANN’s last avenue of appeal for organizations that believe they’ve been wronged by ICANN decisions. Due to the duration of the process and the need for legal representation, it’s extremely expensive.
The IRP panel in the .africa case based its decision largely on the fact that ICANN has failed to create a “standing panel” of would-be IRP panelists, something the panel said would have sped up the process.
A “standing panel” is supposed to be six to nine panelists-in-waiting — all respected jurists — from which three-person IRP panels could be selected when needed in future.
DCA would not have needed to file for an emergency injunction against .africa’s delegation had this standing panel been created, the panel said.
According to the IRP panel, the creation of a standing panel has been “required” by the ICANN bylaws since April 2013, and ICANN has “failed” to follow its own rules by not creating one. It wrote:
the Panel is of the view that this Independent Review Process could have been heard and finally decided without the need for interim relief, but for ICANN’s failure to follow its own Bylaws… which require the creation of a standing panel
But ICANN disagrees, getting in touch with us today to point out that the panel only partially quoted the ICANN bylaws.
This is the bit of the bylaws the panel quoted:
There shall be an omnibus standing panel of between six and nine members with a variety of expertise, including jurisprudence, judicial experience, alternative dispute resolution and knowledge of ICANN’s mission and work from which each specific IRP Panel shall be selected.
There seems to me to be little ambiguity in that paragraph; ICANN “shall” create a standing panel.
But ICANN reminds us that the IRP panel ignored a second bit of this paragraph, which states:
In the event that an omnibus standing panel: (i) is not in place when an IRP Panel must be convened for a given proceeding, the IRP proceeding will be considered by a one- or three-member panel comprised in accordance with the rules of the IRP Provider; or (ii) is in place but does not have the requisite diversity of skill and experience needed for a particular proceeding, the IRP Provider shall identify one or more panelists, as required, from outside the omnibus standing panel to augment the panel members for that proceeding.
Basically, the bit of the bylaws stating that ICANN “shall” create a standing panel is almost immediately negated by a bit that explains what is supposed to happen if ICANN does not create a standing panel.
It’s confusing.
Is ICANN “required” (the panel’s word) to create this standing panel or not? ICANN seems to think not, but the panel thinks otherwise.
I have no opinion because, luckily, I’m not a lawyer.
But I did a bit of digging into the public record to figure out why the bylaws are so confusing on this issue and what I found is slightly worrying if you’re concerned about ICANN accountability.
The bylaws paragraph in question was added in April 2013, but it has its roots in the findings of the first Accountability and Transparency Review Team, which is the key way ICANN’s accountability is reviewed under the 2009 Affirmation of Commitments with the US government.
The ATRT said in 2010 (pdf) that ICANN should “seek input from a committee of independent experts on the restructuring of the three review mechanisms” including the IRP.
ICANN did this, convening a three-person Accountability Structures Expert Panel, made up of widely respected corporate/legal brains Mervyn King, Graham McDonald and Richard Moran
It was this ASEP that came up with the idea for a standing panel, which it said would speed up IRP decisions and reduce costs.
Members of the standing panel would be paid an annual retainer even when not working on an IRP, but it would be cheaper because IRP complainants and ICANN wouldn’t have to repeatedly explain to a new panel of doddery old ex-judges what ICANN is and does.
The ASEP, in its report (pdf) did not specify what should happen if ICANN decided not to implement its recommendation on the standing panel.
I can’t know for sure, but from the public record it seems that the confusing second part of the bylaws amendment was the creation of the ICANN board, possibly based on a single comment from gTLD registries.
The provision about a standing panel was formally added to the bylaws with an April 2013 resolution of ICANN’s board of directors, which followed a December 2012 resolution that approved the change in principle.
The second part of the amendment, the bit about what happens if ICANN does not institute a standing panel, was added at some point between those two resolutions.
The April resolution sheds a little light on the reason for the addition, saying (with my added emphasis):
Whereas, as contemplated within the [December 2012] Board resolution, and as reflected in public comment, further minor revisions are needed to the Bylaws to provide flexibility in the composition of a standing panel for the Independent Review process (IRP).
Resolved (2013.04.11.06), the Bylaws revisions to Article IV, Section 2 (Reconsideration) and Article IV, Section 3 (Independent Review) as approved by the Board and subject to a minor amendment to address public comments regarding the composition of a standing panel for the IRP, shall be effective on 11 April 2013.
The notes to the resolution further explain (again with my emphasis):
The Bylaws as further revised also address a potential area of concern raised by the community during the public comments on this issue, regarding the ability for ICANN to maintain a standing panel for the Independent Review proceedings. If a standing panel cannot be comprised, or cannot remain comprised, the Bylaws now allow for Independent Review proceedings to go forward with individually selected panelists.
The “minor amendment” referred to in the resolution seems to have enabled ICANN to basically ignore the ASEP recommendations, which (remember) stem from the ATRT review, for the last 12 months.
The April 2013 resolution was on the consent agenda for the meeting, so there was no minuted discussion by the board, but it seems pretty clear that “public comments” are responsible for the second part of the bylaws amendment.
But whose public comments?
When the ASEP report was open for comment, only two people responded — the Registries Stakeholder Group and former ICANN director Alejandro Pisanty, apparently commenting in a personal capacity.
On the subject of the proposed standing panel, the RySG said it wasn’t happy:
We also are concerned with the concept of standing panels for the IRP. A key component of the IRP is that the review is “independent.” To keep this independence, we believe that service on an IRP tribunal should be open to all eligible panelists, not just those with previous experience with or knowledge of ICANN. Determining whether an organization has complied with its bylaws or articles of incorporation should not require historic knowledge of the organization itself, and we believe that any jurist generally qualified by the IRP provider should be more than capable of acting as a panelist for an IRP.
It wasn’t the RySG’s main concern, and it wasn’t given much space in its comment.
Pisanty, commenting during the comment-reply period, seemed to disagree with the RySG, saying that the ongoing institutional knowledge of a standing panel could be a boon to the IRP.
When the ASEP report was discussed at a lightly attended early-morning session of the ICANN Toronto meeting in October 2012, the only person to comment on the standing panel was Neustar lawyer Becky Burr, and she liked the idea (transcript).
It’s not what you’d call a groundswell of opposition to the standing panel idea. There were few opinions, those opinions were split, and if anything the balance of commentary favors the notion.
In any event, when ICANN compiled its usual compilation report on the public comments (pdf) its legal staffer said:
After review of the comments, no changes to the ASEP recommendations are recommended, and the report will be forwarded to the Board for consideration and action, along with the proposed Bylaws amendments.
ICANN staff, it seems, didn’t think the RySG’s (lone?) opposition to the standing panel concept was worth messing with the ASEP’s recommendations.
And yet the ICANN board added the text about what happens in the event of a standing panel not existing anyway.
I could be wrong, but it does look a little bit like the ICANN board giving itself a carte blanch to ignore the recommendations of the ASEP, and therefore, indirectly, the ATRT.
ICANN may well have a point about the .africa IRP panel inappropriately ignoring some key sentences in the ICANN bylaws, but I can’t help but wonder how those sentences got there in the first place.
GNSO says dot-brand rules “inconsistent” with policy
The ability of dot-brand gTLDs to limit how many registrars they work with is “inconsistent” with the GNSO’s longstanding policy on new gTLDs, ICANN’s GNSO Council has found.
At the end of March, ICANN approved a set of Registry Agreement opt-outs, such as the ability to avoid sunrise periods and approve just three hand-picked registrars, for dot-brands.
They’re designed to make life easy for single-registrant zones where the gTLD is also a famous, trademarked brand and it would be silly to enforce open access to all accredited registrars.
But the GNSO Council resolved last week that the registrar exception is inconsistent with the GNSO policy that first kicked off the new gTLD program in 2007, which called for non-discriminatory access.
It had been asked specifically by the ICANN board’s New gTLD Program Committee to comment on whether there was a conflict. The Council said:
the language of this recommendation of the final report of the GNSO does not stipulate any exceptions from the requirements to treat registrars in a non-discriminatory fashion and (ii) the GNSO new gTLDs Committee discussed potential exceptions at the time, but did not include them in its recommendations, which is why the lack of an exception cannot be seen as an unintended omission, but a deliberate policy statement
However, the Council also decided that it has no objection to ICANN going ahead with the so-called Specification 13 exceptions, saying it “does not object to the implementation of Specification 13 as a whole”.
No GNSO members bothered to object when Spec 13 was open to public comment.
While it’s certainly a pragmatic, reasonable decision by the GNSO, it does highlight a situation where ICANN seems to have overridden a hard-fought community consensus policy.
That’s likely why its resolution also warns the ICANN board that its decision “may not be taken as a precedent”. Which of course it now is, regardless.
.africa frozen by panel after ICANN screwup
ZA Central Registry’s bid for the .africa new gTLD has been put on ice by an arbitration panel which admonished ICANN for failing to follow its own bylaws.
An Independent Review Panel ruled yesterday that ICANN should not carry on processing .africa until it has ruled on a complaint filed by failed .africa applicant DotConnectAfrica.
If .africa were to be delegated, which could have happened as early as Thursday — ZACR and ICANN have already signed a Registry Agreement — it would render the IRP’s decision moot, the panel found.
This ruling doesn’t mean ICANN has lost the case, just that it’s temporarily enjoined from delegating .africa until the final decision has been made by the IRP panel.
However, the panel had some stern words for ICANN, saying that the matter could have been settled months ago had ICANN only followed its own bylaws.
In the Panel’s unanimous view, it would be unfair and unjust to deny DCA Trust’s request for interim relief when the need for such a relief by DCA Trust arises out of ICANN’s failure to follow its own bylaws.
ICANN’s board of directors passed a resolution in April 2013 calling for the creation of a “standing committee” of nine potential IRP panelists, from which each three-person IRP panel could be drawn.
But, over a year later, it has not created this committee, the current IRP panel said. This led to the delay that forced DCA to request the emergency injunction.
ICANN’s basically been told by one of its own accountability mechanisms that that accountability mechanism is inadequate, at a time when its accountability mechanisms are under the world’s spotlight.
Just last week, the organization launched an accountability review that it said it “interdependent and interrelated” to the process of transitioning IANA away from US government stewardship.
Yeah, it’s embarrassing for ICANN. Doubly so because it’s been beaten by a company so incompetent it accidentally applied for the wrong gTLD.
For ZACR, the panel reckons the delay in getting .africa delegated will likely last “a few months”.
Congress may block funding for IANA transition
A US House of Representatives committee has voted to de-fund the IANA transition process.
On Thursday, the House Appropriations Committee approved the fiscal year 2015 Commerce, Justice, Science Appropriations bill, which includes the $36.7 million budget for the NTIA’s running costs.
The National Telecommunications and Information Administration is the part of the Department of Commerce responsible for oversight of the IANA functions, which it plans to relinquish.
The committee noted its “concern” at this prospect, and said that no money would be made available to fund this process. Notes to the appropriations bill (pdf) include the following text:
The Committee is concerned by NTIA’s announcement of its intent to transition certain Internet domain name functions to the global multistakeholder community. Any such transition represents a significant public policy change and should be preceded by an open and transparent process. In order for this issue to be considered more fully by the Congress, the recommendation for NTIA does not include any funds to carry out a transition of these functions. The Committee expects that NTIA will maintain the existing no-cost contract with ICANN throughout fiscal year 2015.
Other bills currently up for discussion in Congress would delay the IANA transition pending further review by the Government Accountability Office.
The appropriations bill has passed a committee vote, but it still has other legislative stages to pass through before it becomes law.
Six ways ICANN is ballsing up the IANA transition
ICANN has been subjected to its first wave of criticism over its handling to date of the IANA transition process, which will see oversight of the DNS root leave US government hands.
Yesterday was the deadline for comments to be submitted on ICANN’s proposal for a way to handle what some are calling the “sunsetting” of the Department of Commerce’s stewardship of the IANA function.
As DI previously reported, it’s “a proposal for a process to develop a process to develop a proposal”.
ICANN basically proposed a 22-member “Steering Group”, comprised of members of the various ICANN constituencies, that would guide the bottom-up, multistakeholder IANA transition discussion.
The group would ultimately steer the community towards creating a proposal for replacing the US government as IANA’s overseer, which would then be checked and rubber-stamped by Commerce.
As part of ICANN’s initial proposal, a “scoping document” was provided, laying out what in ICANN’s view should and should not be open for discussion.
Dozens of comments were received covering a diverse range of issues related to the make-up of the Steering Group and the range of the scoping document.
Here I’m going to attempt to cover half a dozen key themes that seemed to emerge across multiple commenters.
Note: 1) it’s not a comprehensive overview, 2) I don’t necessarily agree with all of the comments cited below, 3) that most of the links throughout this article are to PDFs.
Registries are apparently not “affected parties”
Given that one of IANA’s key roles (for DI’s purposes, it’s its primary role) is assigning TLDs to registries, you might have expected registries to be classed as “affected parties”.
But they’re not. Bafflingly, only the IAB, IETF, ISOC and NRO — none of which primarily concern themselves with domain names — get that definition in ICANN’s proposal.
Naturally enough, the ccTLD and gTLD operators are not happy about this state of affairs.
The ccNSO, proposing that gTLDs and ccTLDs get two seats each on the Steering Group, wrote:
These organizations, which also participate directly in ICANN’s multistakeholder process, are appropriate and important participants in this transition planning process, but they are not adequate substitutes for registry stakeholders with respect to processing root zone change requests and other functions that uniquely affect TLD registry operators… It is imperative that registry operators sit at the table on equal footing with those organizations and without ICANN intermediation.
The Registries Stakeholder Group of the GNSO concurred, stating:
we feel this list is incomplete as it does not include direct customers of the IANA functions, such as gTLD, nTLD and ccTLD registries, which is incomprehensible and appears to be self-serving of the convener
The GNSO is under-represented
If the registries feel badly treated, they’re not alone.
The Generic Names Supporting Organization comprises seven distinct stakeholder groups: registries, registrars, non-commercial users, non-profits, businesses, ISPs and intellectual property owners.
While there is overlap (registries and registrars often vote en bloc, as do businesses and IP owners), there are at least three camps that rarely fully agree with each other.
The ICANN proposal would provide two seats on the Steering Group between them.
The Intellectual Property Constituency, in its comments, said that each GNSO constituency should get one seat each.
The US Chamber of Commerce asked for at least one seat to be set aside for business interests.
A group of registrars, including most of the big ones, agreed, and put forward a rather more expansive proposal:
Several members of the Registrar Stakeholder Group believe that having two Steering Group representatives for the GNSO will not be sufficient in ensuring that the interests of all GNSO stakeholders are properly reflected. As the GNSO is the largest and most diverse structure within ICANN, we find that a “one size fits all” approach to delegation is not appropriate. Instead, we propose that each SO/AC submit a number of representatives that it believes to be sufficiently representative, but be encouraged to keep the number as small as possible.
The selection process is top-down
Given that this is supposed to be a community-driven process, you’d expect the community to be tasked with picking their representatives on the Steering Group. But that’s not what ICANN proposes.
ICANN instead reckons that membership should be selected by ICANN chair Steve Crocker and GAC chair Heather Dryden from the pool of people who volunteer themselves.
Unsurprisingly, there’s lots of opposition to this. Most groups commenting on this aspect of the proposal said that committee members should be selected by the groups they represent.
The Business Constituency stated:
Appointments to the Steering/Convening Committee should come from constituency groups — not as appointments made by ICANN chair and GAC chair. Nor should any stakeholder group be excluded as a result of consolidating within stakeholder organizations such as the GNSO.
The Center for Democracy and Technology agreed, saying:
The Chairs of ICANN and the GAC should not be the ones to select the Supporting Organization and Advisory Committee representatives; the SO/AC representatives should be selected within their own communities.
Inappropriate framing of the discussion
Many commenters took issue with the way ICANN has configured the discussion, accusing it of acting in the interests of its own self-preservation rather than the stability of the IANA function.
Chiefly, there’s concern that the discussion has been framed in such a way that it assumes ICANN will continue in its role as performer of the IANA functions in more or less the same way as today.
This concern appears to be extremely broad.
The RySG said it was “suspicious” of what appeared to be a “self-interested” framing of the debate:
we feel that it is premature for ICANN staff to assert that ICANN’s role is out of scope. This sentiment is not included in the NTIA announcement and we believe ICANN’s role is an issue that should be left to the bottom-up, multistakeholder process to decide. In particular, we believe whether “structural review of ICANN or its functions” should be included in the scope should be a matter for the community.
The Non-Commercial Stakeholders Group agreed that this should be open for discussion:
ICANN-controlled entities both develop and approve DNS policies and also implements the IANA functions. Only a requirement of the NTIA contract guarantees separation of policy and DNS root zone implementation activities. Because of this, we cannot currently support language in ICANN’s proposed Scoping Document which explicitly rules out any discussion of separating the IANA functions from ICANN. How or whether to separate those activities in lieu of the NTIA contract should be openly discussed.
Google said in its comments:
The role of ICANN’s Board is to oversee all of ICANN’s business and operational actions and to ensure its continued solvency as an organization. As such, the Board has a vested interest in ensuring ICANN’s continued relevancy within the Internet governance ecosystem and arguably has an interest in scoping the process to preserve ICANN’s existing role. While we are confident that ICANN’s Board would not act in a way that would harm the Internet or the IANA functions transition, the presence of a conflict of interest — even if perceived — could impact the overall integrity of the process
The Business Constituency said:
this transition should not presume that the only possible outcome is to award IANA functions to ICANN. It is possible that some other third party could replace the US government role as counterparty.
Accountability is being handled in a separate track
ICANN was initially of the view that its own accountability mechanisms — things designed to prevent capture, allow appeals of decisions etc — were out of scope for the IANA transition discussion.
It’s since backtracked, this week launching a new “Enhancing ICANN Accountability” process that will run in parallel — and be “interdependent and interrelated” — to the IANA transition debate.
If these two discussions are so interdependent, why not just lump them together in the same policy track? It’s surely a recipe for mass confusion to keep them separate.
The NCSG stated in its comments:
We do not support ICANN’s efforts to discuss the IANA transition and accountability mechanisms on separate tracks. Specifically, ICANN’s draft proposal and scoping document might prevent any discussion of options for structurally separating IANA function operations from DNS policy making activities.
The ccNSO seemed resigned to the separation, but noted:
To the extent that ICANN continues to insist on maintaining separate tracks to address each of these issues, it must ensure that the two tracks come together in advance of the transition itself.
The IPC said that the discussions need to be more closely synchronized:
The resolution of these two issues is inextricably intertwined and the processes and mechanism for doing so need to be tightly coordinated; this is impossible if the processes and mechanisms are not being developed at the same time.
There’s far from consensus on this issue, however.
The BC and Google both explicitly support the continued separation of the two tracks, while the International Trademark Association implicitly supported the parallel moves, noting:
We generally would be opposed to any approval of an IANA functions transition plan unless it is accompanied by an acceptable globalization and accountability plan that assures continued ICANN accountability at optimal levels.
Everyone only had 30 days to comment
Given that we’re talking about management of the DNS root here, you’d imagine that ICANN would take it just as if not more seriously than, I dunno, its “Future Meetings Strategy” or how much its directors are paid.
But while these and most other comment periods get 45 too 60 days of public comment, the IANA transition proposal only got 30.
ICANN is evidently in a rush to get things finalized before its next public meeting, scheduled for next month in London, rather than wait until the Los Angeles meeting in October.
Some groups, such as the Governmental Advisory Committee, couldn’t get their act together in time to provide a meaningful response given the tight deadline.
Many others, such as the Registries Stakeholder Group, complained:
it is unacceptable that an issue as critical as the transition of the IANA functions would be allowed only a short public comment period
The IPC stated that the whole timetable is out of whack:
The group is supposed to convene for the first time in London in approximately 6 weeks, yet the concept of a Steering Group is not finalized, much less its composition or how it would be chosen… The Steering Group is also supposed to “finalize the group’s charter” “in the London 50 timeframe.” Charters are critical documents, and they take a number of hours over a number of weeks to be created, much less finalized. How would the group have a draft charter before London that could be finalized in London?
Herding cats
In my opinion, this may be “a proposal for a process to develop a process to develop a proposal”, but it’s also a process to demonstrate the effectiveness and inclusiveness of the process.
Given the parallel focus on internet governance in the non-ICANN world (eg NetMundial), the multistakeholder model itself is under intense scrutiny.
How ICANN responds to this first wave of comments will be crucial.
While there are certainly divergent views (not half of which I’ve covered here) among the various parties, it seems to me that some clear areas of agreement have emerged, even among groups that don’t often see eye to eye.
Will ICANN bow to a clear call for its scoping document to be relaxed — putting its own neck on the chopping block in the process — because the multistakeholder community seems to be asking for it?
ICANN split between GNSO and GAC on IGO names
ICANN’s board of directors has refused to choose between the Generic Names Supporting Organization and the Governmental Advisory Committee on the issue of intergovernmental organization protections.
In a resolution last week, the board decided to approve only the parts of the GNSO’s unanimous consensus recommendations that the GAC does not disagree with.
The GNSO said last November that IGOs should not have their acronyms blocked forever at the second level in new gTLDs, going against the GAC consensus view that the acronyms should be “permanently protected”.
The GAC wants IGOs to enjoy a permanent version of the Trademark Claims notifications mechanism, whereas the GNSO thinks they should only get the 90 days enjoyed by trademark owners.
Instead of choosing a side, ICANN passed a resolution last Wednesday requesting “additional time” to reach a decision on these points of difference and said it wants to:
facilitate discussions among the relevant parties to reconcile any remaining differences between the policy recommendations and the GAC advice
The decision is not unexpected. Board member Bruce Tonkin basically revealed the board’s intention to go this way during the Singapore meeting a couple of months ago.
The differences between the GAC and the GNSO are relatively minor now, and the board did approve a large part of the GNSO’s recommendations in its resolution.
IGOs, the Olympics, Red Cross and Red Crescent will all get permanent blocks for their full names (but not acronyms) at the top level and second level in the new gTLD program.
International nongovernmental organizations (INGOs) will also get top-level blocks for their full names and protection in the style of the Trademark Claims service at the second level.
The dispute over acronyms was important because many obscure IGOs, which arguably don’t need protection from cybersquatters, have useful or potentially valuable acronyms that new gTLD registries want to keep.
Belgium comes out against Donuts’ .spa bid
Belgium wants Donuts’ application for .spa rejected after the new gTLD applicant declined to sign a deal with the city of Spa.
In a March 20 letter to ICANN, published today, the Belgian deputy prime minister Johan Vande Lanotte said “negotiations between the stakeholders are closed”, adding that Belgium:
requests the Board of Directors of the ICANN to delegate the new “.spa” gTLD to the candidate who has a formal agreement with the local authorities of Spa and in respect of the public interest.
That’s the other applicant in the two-horse .spa race, Asia Spa and Wellness Promotion Council, which has promised to earmark up to 25% of its European profits to spa-related uses in the environs of Spa.
The letter was sent a week before the Governmental Advisory Committee issued its Singapore communique, which noncommittally noted that it “welcomes” the agreement between Spa and ASWPC.
ICANN may or may not be currently in receipt of firm, consensus GAC advice to accept or reject either of the remaining .spa applications.
In Beijing a year ago, the GAC put .spa on a list of gTLD strings where “further GAC consideration may be warranted” and asked ICANN to “not proceed beyond Initial Evaluation”.
At the Durban and Buenos Aires meetings last year the GAC said ICANN should not “proceed beyond initial evaluation until the agreements between the relevant parties are reached.”
Given that Donuts and Spa evidently cannot come to an agreement, ICANN presumably remains advised to keep one or both .spa applications on hold. The advice is pretty vague.
The string “spa” is not a geographic name within the rules of the new gTLD program. Donuts argues that it’s too generic nowadays to belong just to Spa.
Recent Comments