Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
New gTLD registries get $6 million refund
ICANN has offered new gTLD registries refunds totaling over $6 million after allegedly double-charging them for access to the Trademark Clearinghouse.
At the weekend, its board of directors resolved:
to provide a refund of $5,000, as soon as practicable, to the contracted registries or registry operators (including those that have terminated their contracts or whose TLD delegation has been revoked) that have paid to ICANN the one-time RPM access fee
The five grand fee was levied on each new gTLD as a way of funding the TMCH, which handles trademark validation for sunrise periods and other rights protection mechanisms.
But registries pointed out last October that this kind of thing was precisely what their original $185,000 applications fees were meant to cover.
The Registries Stakeholder Group said back then:
All other systems and programs related to the New gTLD Program were funded from application fees. The TMCH should have been no different and there was no reason to “double-charge” registries for this one piece of the program.
Eight months later, ICANN seems to have reluctantly agreed.
It appears that the refunds — which given over 1,200 TLDs would come to over $6 million in total — will be paid from the roughly $80 million in leftover application fees, rather than ICANN’s tightening operational budget.
While $5,000 isn’t life-changing money, it adds up to a substantial chunk of change for large portfolio registries such as Donuts, which stands to receive roughly $1.5 million.
Cute abruptly quits PIR
Brian Cute unexpectedly resigned as CEO of Public Interest Registry late last week. No reason was given for his departure.
In a May 10 press release, the .org registry said that he’d left May 7.
He’s been replaced temporarily by board member Jay Daley until a permanent replacement can be found.
I asked a PIR spokesperson the reasons for the resignation and was told yesterday: “Brian has chosen to move on to pursue new challenges.”
Hmm.
Cute, a Verisign and Afilias alum, had been with PIR for seven years.
No, I don’t get what’s going on with GDPR either
GDPR comes into effect next week, changing the Whois privacy landscape forever, and like many others I still haven’t got a clue what’s going on.
ICANN’s still muddling through a temporary Whois spec that it hopes will shield itself and the industry from fines, special interests are still lobbying for special privileges after May 25, EU privacy regulators are still resisting ICANN’s begging expeditions, and registries and registrars are implementing their own independent solutions.
So what will Whois look like from next Friday? It’s all very confusing.
But here’s what my rotting, misfiring, middle-aged brain has managed to process over the last several days.
1. Not even the ICANN board agrees on the best way forward
For the best part of 2018, ICANN has been working on a temporary replacement Whois specification that it could crowbar into its contracts in order to enforce uniformity across the gTLD space and avoid “fragmentation”, which is seen as a horrific prospect for reasons I’ve never fully understood (Whois has always been fragmented).
The spec has been based on legal advice, community and industry input, and slim guidance from the Article 29 Working Party (the group comprising all EU data protection authorities or DPAs).
ICANN finally published a draft (pdf) of the spec late last Friday, May 11.
That document states… actually, forget it. By the time the weekend was over it and I had gotten my head around it, it had already been replaced by another one.
Suffice it to say that it was fairly vague on certain counts — crucially, what “legitimate purposes” for accessing Whois records might be.
The May 14 version came after the ICANN board of directors spent 16 hours or so during its Vancouver retreat apparently arguing quite vigorously about what the spec should contain.
The result is a document that provides a bit more clarity about that it hopes to achieve, and gets a bit more granular on who should be allowed access to private data.
Importantly, between May 11 and May 14, the document started to tile the scales a little away from the privacy rights of registrants and towards towards the data access rights of those with the aforementioned legitimate purposes for accessing it.
One thing the board could agree on was that even after working all weekend on the spec, it was still not ready to vote to formally adopt it as a Temporary Policy, which would become binding on all registries and registrars.
It now plans to vote on the Temporary Policy tomorrow, May 17, after basically sleeping on it and considering the last-minute yowls and cries for help from the variously impacted parts of the community.
I’ll report on the details of the policy after it gets the nod.
2. ICANN seems to have grown a pair
Tonally, ICANN’s position seems to have shifted over the weekend, perhaps reflecting an increasingly defiant, confident ICANN.
Its weekend resolution asserts:
the global public interest is served by the implementation of a unified policy governing aspects of the gTLD Registration Data when the GDPR goes into full effect.
For ICANN to state baldly, in a Resolved clause, that something is in the “global public interest” is notable, given what a slippery topic that has been in the past.
New language in the May 14 spec (pdf) also states, as part of its justification for continuing to mandate Whois as a tool for non-technical purposes: “While ICANN’s role is narrow, it is not limited to technical stability.”
The board also reaffirmed that it’s going to reject Governmental Advisory Committee advice, which pressured ICANN to keep Whois as close to its current state as possible, and kick off a so-called “Bylaws consultation” to see if there’s any way to compromise.
I may be reading too much into all this, but it seems to me that having spent the last year coming across as a borderline incompetent johnny-come-lately to the GDPR conversation, ICANN’s becoming more confident about its role.
3. But it’s still asking DPAs for a moratorium, kinda
When ICANN asked the Article 29 Working Party for a “moratorium” on GDPR enforcement, to give itself and the industry some breathing space to catch up on its compliance initiatives, it was told no such thing was legally possible.
Not to be deterred, ICANN has fired back with a long list of questions (pdf) asking for assurances that DPAs will not start fining registrars willy-nilly after the May 25 deadline.
Sure, there may be no such thing as a moratorium, ICANN acknowledges, but can the DPAs at least say that they will take into account the progress ICANN and the industry is making towards compliance when they consider their responses to any regulatory complaints they might receive?
The French DPA, the Commission Nationale de L’informatique & Libertés, has already said it does not plan to fine companies immediately after May 25, so does that go for the other DPAs too? ICANN wants to know!
It’s basically another way of asking for a moratorium, but one based on aw-shucks reasonableness and an acknowledgement that Whois is a tricky edge case that probably wasn’t even considered when GDPR was being developed.
4. No accreditation model, yet
There’s no reference in the new spec to an accreditation model that would give restricted, tiered access to private Whois data to the likes of security researchers and IP lawyers.
The board’s weekend resolution gives a nod to ongoing discussions, led by the Intellectual Property Constituency and Business Constituency (and reluctantly lurked on by other community members), about creating such a model:
The Board is aware that some parts of the ICANN community has begun work to define an Accreditation Model for access to personal data in Registration Data. The Board encourages the community to continue this work, taking into account any advice and guidance that Article 29 Working Party or European Data Protection Board might provide on the topic.
But there doesn’t appear to be any danger of this model making it into the Temporary Policy tomorrow, something that would have been roundly rejected by contracted parties.
While these talks are being given resource support by ICANN (in terms of mailing lists and teleconferencing), they’re not part of any formal policy development process and nobody’s under any obligation to stick to whatever model gets produced.
The latest update to the accreditation model spec, version 1.5, was released last Thursday.
It’s becoming a bit of a monster of a document — at 46 pages it’s 10 pages longer than the ICANN temporary spec — and would create a hugely convoluted system in which people wanting Whois access would have to provide photo ID and other credentials then pay an annual fee to a new agency set up to police access rights.
More on that in a later piece.
5. Whois is literally dead
The key technical change in the temporary Whois spec is that it’s not actually Whois at all.
Whois is not just the name given to the databases, remember, it’s also an aging technical standard for how queries and responses are passed over the internet.
Instead, ICANN is going to mandate a switch to RDAP, the much newer Registration Data Access Protocol.
RDAP makes Whois output more machine-readable and, crucially, it has access control baked in, enabling the kind of tiered access system that now seems inevitable.
ICANN’s new temporary spec would see an RDAP profile created by ICANN and the community by the end of July. The industry would then have 135 days — likely a late December deadline — to implement it.
Problem is, with a few exceptions, RDAP is brand-new tech to most registries and registrars.
We’re looking at a steep learning curve for many, no doubt.
6. It’s all a bit of a clusterfuck
The situation as it stands appears to be this:
ICANN is going to approve a new Whois policy tomorrow that will become binding upon a few thousand contracted parties just one week later.
While registries and registrars have of course had a year or so’s notice that GDPR is coming and will affect them, and I doubt ICANN Compliance will be complete assholes about enforcement in the near term, a week’s implementation time on a new policy is laughably, impossibly short.
For non-contracted parties, a fragmented Whois seems almost inevitable in the short term after May 25. Those of us who use Whois records will have to wait quite a bit longer before anything close to the current system becomes available.
Whois working group imploding in GDPR’s wake
An ICANN working group devoted to Whois policy is looking increasingly dead after being trumped by incoming European Union privacy law.
Registration Data Services PDP working group chair Chuck Gomes threw in the towel late last week, resigning from the group shortly after cancelling proposed face-to-face meetings scheduled for the Panama ICANN meeting in June.
That followed his announcement last month that the WG’s teleconferences were to be put on hold while ICANN works out how to respond to the General Data Protection Regulation, which comes into effect May 25, 11 days from now.
The WG had been working on ICANN’s future Whois policy since November 2015 but faced the usual impasses that occur whenever the various sides of the ICANN community face off over privacy.
Gomes, a former Versign executive who retired almost a year ago but stuck around to chair the RDS group, said he’d originally expected its work to wrap up in 2017.
Now, with GDPR rendering much of the discussions moot, there’s a feeling among some WG volunteers that they’ve been wasting their time.
ICANN’s response to GDPR is expected to be an emergency, top-down policy, written by staff and approved by the board, that would stay in place for a year.
The GNSO would then have a year to rally the community, under its own emergency procedures, to make formal policy to replace it for the long term.
There’s an open question about whether the RDS WG could be re-purposed to take on this task, but it’s my sense it’s more likely that a new group would be formed.
It may prove more challenging to recruit volunteers to such a group given the experiences of the RDS crowd.
Gomes, a long-time ICANN veteran and former GNSO Council chair, plans to spend more time travelling around in his RV with his wife. We wish them well.
Have your say on single-character .com domains
ICANN wants your opinion on its plan to allow Verisign to auction off o.com, with a potential impact on the future release of other single-character .com domain names.
The organization has published a proposed amendment to the .com registry contract and opened it for public comment.
The changes would enable Verisign to sell o.com, while keeping all other currently unallocated single-character names on its reserved list.
The company would not be able to benefit financially from the auction beyond its standard $7.85 reg fee — all funds would be held by an independent third-party entity and distributed to undisclosed non-profit causes.
The arrangement would also see the buyer pay a premium renewal fee of 5% of the initial outlay, doubling the purchase price over the course of 25 years.
They would not be able to resell the domain without selling the registrant company itself.
It’s a pretty convoluted system being proposed, given that there may well end up only being one bidder.
Overstock.com, the online retailer, has been pressuring ICANN and Verisign to release o.com for well over a decade, and the proposed auction seems to be a way to finally shut it up.
The company has a US trademark on O.com, so any other bidder for the name would probably be buying themselves a lawsuit.
The proposed auction system does not address trademark issues — there’s no sunrise period of trademark claims period.
One party already known to be upset about lack of rights protection is First Place Internet, a search engine company that has a US trademark on the number 1.
It told ICANN (pdf) back in January that the o.com deal would “set a dangerous precedent” for future single-character name releases.
The ICANN public comment period, which comes after ICANN received the all-clear from US competition regulators, closes June 20.
As a matter of disclosure, several years ago I briefly acted as a consultant to a third party in support of the Verisign and Overstock positions, but I have no current interest in the situation one way or the other.
NamesCon dumps the Trop, eyeing beaches for 2020
GoDaddy-owned annual domain industry conference NamesCon has decided to ditch Las Vegas after its 2019 event.
The show is now looking for ideas for a new location close to a beach, according to a post on its web site.
The January event next year will be held at the Tropicana hotel on the Vegas strip, for the sixth year running, but NamesCon said:
if you have any city/venue suggestions you’d like to throw in the hat for NamesCon Global 2020, send them our way! Here’s a hint to steer you in the right direction: we’re looking to be leaving Las Vegas, and we’d love to sink our feet into a sandy beach somewhere…
The current industry thinking is either Florida or California.
The change comes following feedback from attendees at this year’s show, who seem to think the Trop is a little pokey (it is) with crappy food options (also true, particularly if you’re a picky eater like me).
On the other hand, the hotel is also cheap as chips, so NamesCon is looking for somewhere new that is just as affordable for 2020 and beyond.
NamesCon is promising to “send ourselves off in style” at the 2019 show, which runs January 27 to 30.
As a matter of disclosure, I’ve agreed to moderate a panel at sister event NamesCon Europe in Spain next month. I’m not being compensated beyond a complementary media pass.
CentralNic now managing failing .fan and .fans
CentralNic appears to be acting as a caretaker for the failing new gTLDs .fan and .fans.
IANA records show that a company lawyer took over as administrative contact for the pair late last week.
Asiamix Digital, the original registry, is still listed as the sponsor for both, and its ICANN registry agreement does not appear to have been reassigned.
It does not appear to be an acquisition. I hear Asiamix is basically using CentralNic’s TLD management service, as it struggles to remain alive.
CentralNic already acts as the back-end registry for both TLDs.
ICANN hit Asiamix with a breach notice for tens of thousands of dollars of unpaid fees a month ago, terminating its affiliated registrar for the same reasons around the same time.
The registry had attempted to auction off the strings a couple of years ago, unsuccessfully.
While technically based in Hong Kong, ICANN has been sending Asiamix’s compliance notices to an address in Milan, Italy.
All of Asiamix’s official web sites still appear to be non-functional. I bought the .net address listed in its IANA records to make a silly point a month ago and the equivalent .com has since expired too.
.fans has about 1,400 names in its zone file right now, while .fan never actually launched.
CIRA has a record year for regs
Canadian ccTLD registry CIRA says its fiscal 2018 was its best year yet for new .ca registrations.
The company today said it registered 537,941 names in the year to the end of March.
Its previous record, from its FY12, was 511,900.
Its current total domains under management was 2,736,980, an all-time high, the company said in a press release.
CIRA has a Canadians-only reg policy, which reduces the impact of foreign speculation.
MMX rejected three takeover bids before buying .xxx
MMX talked to three other domain name companies about potentially selling itself before deciding instead to go on the offensive, picking up ICM Registry for about $41 million.
The company came out of a year-long strategic review on Friday with the shock news that it had agreed to buy the .xxx, .adult, .porn and .sex registry, for $10 million cash and about $31 million in stock.
CEO Toby Hall told DI today that informal talks about MMX being sold or merged via reverse takeover had gone on with numerous companies over the last 11 months, but that they only proceeded to formal negotiations in three cases.
Hall said he’d been chatting to ICM president and majority owner Stuart Lawley about a possible combination for over two years.
ICM itself talked to four potential buyers before going with MMX’s offer, according to ICM.
Lawley, who’s quitting the company, will become MMX’s largest shareholder following the deal, with about 15% of the company’s shares. Five other senior managers, as well as ICM investor and back-end provider Afilias, will also get stock.
Combined, ICM-related entities will own roughly a quarter of MMX after the deal closes, Hall said.
ICM, with its high-price domains and pre-2012 early-mover advantage, is the much more profitable company.
It had sales of $7.3 million and net income of $3.5 million in 2017, on approximately 100,000 registrations.
Compared to MMX, that’s about the same amount of profit on about half the revenue. It just reported 2017 profit of $3.8 million on revenue of $14.3 million.
There’s doesn’t seem to be much need or desire to start swinging the cost-cutting axe at ICM, in other words. Jobs appear safe.
“This isn’t a business in any way that is in need of restructuring,” Hall said.
He added that he has no plans to ditch Afilias as back-end registry provider for the four gTLDs. MMX’s default back-end for the years since it ditched its self-hosted infrastructure has been Nominet.
The deal reduces MMX’s exposure to the volatile Chinese market, where its .vip TLD has proved popular, accounting for over half of the registry’s domains under management.
It also gives MMX ownership of ICM’s potentially lucrative portfolio of reserved premium names.
There are over 9,700 of these, with a combined buy-now price of just shy of $135 million.
I asked Hall whether he had any plans to get these names sold. He laughed, said “the answer is yes”, and declined to elaborate.
ICM currently has a sales staff of three people, he said.
“It’s a small team, but their track record is exceptional,” he said.
The company’s record, I believe, is sex.xxx, which sold for $3 million. It has many six-figure sales on record. Premiums renew at standard reg fee, around $60.
With the ICM deal, MMX has recast itself after a year of uncertainty as an acquirer rather than an acquisition target.
While many observers — including yours truly — had assumed a sale or merger were on the cards, MMX has gone the other route instead.
It’s secured a $3 million line of credit from its current largest shareholder, London and Capital Asset Management Ltd, “to support future innovation and acquisition orientated activity”.
That’s not a hell of a lot of money to run around snapping up rival gTLDs, but Hall said that it showed that investors are supportive of MMX’s new strategy.
So does this mean MMX is going to start devouring failing gTLDs for peanuts? Not necessarily, but Hall wouldn’t rule anything out.
“Our long-term strategy is ultimately based around being an annuity-based business,” he said. He’s looking at companies with a “strong recurring revenue model”.
About 78% of ICM’s revenue last year came from domain renewals. The remainder was premium sales. For MMX, renewal revenue doubled to $4.8 million in 2017, but that’s still only a third of its overall revenue (though MMX is of course a less-mature business).
So while Hall refused to rule out looking at buying up “struggling” gTLDs, I get the impression he’s not particularly interested in taking risks on unproven strings.
“You can never say never to any opportunity,” he said. “If we come across and asset and for whatever reason we believe we can monetize it, it could become an acquisition target.”
The acquisition is dependent on ICANN approving the handover of registry contracts, something that doesn’t usually present a problem in this kind of M&A.
ICANN flips off governments over Whois privacy
ICANN has formally extended its middle finger to its Governmental Advisory Committee for only the third time, telling the GAC that it cannot comply with its advice on Whois privacy.
It’s triggered a clause in its bylaws used to force both parties to the table for urgent talks, first used when ICANN clashed with the GAC on approving .xxx back in 2010.
The ICANN board of directors has decided that it cannot accept nine of the 10 bulleted items of formal advice on compliance with the General Data Protection Regulation that the GAC provided after its meetings in Puerto Rico in March.
Among that advice is a direction that public Whois records should continue to contain the email address of the registrant after GDPR goes into effect May 25, and that parties with a “legitimate purpose” in Whois data should continue to get access.
Of the 10 pieces of advice, ICANN proposes kicking eight of them down the road to be dealt with at a later date.
It’s given the GAC a face-saving way to back away from these items by clarifying that they refer not to the “interim” Whois model likely to come into effect at the GDPR deadline, but to the “ultimate” model that could come into effect a year later after the ICANN community’s got its shit together.
Attempting to retcon GAC advice is not unusual when ICANN disagrees with its governments, but this time at least it’s being up-front about it.
ICANN chair Cherine Chalaby told GAC chair Manal Ismail:
Reaching a common understanding of the GAC’s advice in relation to the Interim Model (May 25) versus the Ultimate Model would greatly assist the Board’s deliberations on the GAC’s advice.
Of the remaining two items of advice, ICANN agrees with one and proposes immediate talks on the other.
One item, concerning the deployment of a Temporary Policy to enforce a uniform Whois on an emergency basis, ICANN says it can accept immediately. Indeed, the Temporary Policy route we first reported on a month ago now appears to be a done deal.
ICANN has asked the GAC for a teleconference this week to discuss the remaining item, which is:
Ensure continued access to the WHOIS, including non-public data, for users with a legitimate purpose, until the time when the interim WHOIS model is fully operational, on a mandatory basis for all contracted parties;
Basically, the GAC is trying to prevent the juicier bits of Whois from going dark for everyone, including the likes of law enforcement and trademark lawyers, two weeks from now.
The problem here is that while ICANN has tacit agreement from European data protection authorities that a tiered-access, accreditation-based model is probably a good idea, no such system currently exists and until very recently it’s not been something in which ICANN has invested a lot of focus.
A hundred or so members of the ICANN community, led by IP lawyers who won’t take no for an answer, are currently working off-the-books on an interim accreditation model that could feasibly be used, but it is still subject to substantial debate.
In any event, it would be basically impossible for any agreed-upon accreditation solution to be implemented across the industry before May 25.
So ICANN has invoked its bylaws fuck-you powers for only the third time in its history.
The first time was when the GAC opposed .xxx for reasons lost in the mists of time back in 2010. The second was in 2014 when the GAC overstepped its powers and told ICANN to ignore the rest of the community on the issue of Red Cross related domains.
The board resolved at a meeting last Thursday:
the Board has determined that it may take an action that is not consistent or may not be consistent with the GAC’s advice in the San Juan Communiqué concerning the GDPR and ICANN’s proposed Interim GDPR Compliance Model, and hereby initiates the required Board-GAC Bylaws Consultation Process required in such an event. The Board will provide written notice to the GAC to initiate the process as required by the Bylaws Consultation Process.
Chalaby asked Ismail (pdf) for a call this week. I don’t know if that call has yet taken place, but given the short notice I expect it has not.
For the record, here’s the GAC’s GDPR advice from its Puerto Rico communique (pdf).
the GAC advises the ICANN Board to instruct the ICANN Organization to:
i. Ensure that the proposed interim model maintains current WHOIS requirements to the fullest extent possible;
ii. Provide a detailed rationale for the choices made in the interim model, explaining their necessity and proportionality in relation to the legitimate purposes identified;
iii. In particular, reconsider the proposal to hide the registrant email address as this may not be proportionate in view of the significant negative impact on law enforcement, cybersecurity and rights protection;
iv. Distinguish between legal and natural persons, allowing for public access to WHOIS data of legal entities, which are not in the remit of the GDPR;
v. Ensure continued access to the WHOIS, including non-public data, for users with a legitimate purpose, until the time when the interim WHOIS model is fully operational, on a mandatory basis for all contracted parties;
vi. Ensure that limitations in terms of query volume envisaged under an accreditation program balance realistic investigatory crossreferencing needs; and
vii. Ensure confidentiality of WHOIS queries by law enforcement agencies.
b. the GAC advises the ICANN Board to instruct the ICANN Organization to:
i. Complete the interim model as swiftly as possible, taking into account the advice above. Once the model is finalized, the GAC will complement ICANN’s outreach to the Article 29 Working Party, inviting them to provide their views;
ii. Consider the use of Temporary Policies and/or Special Amendments to ICANN’s standard Registry and Registrar contracts to mandate implementation of an interim model and a temporary access mechanism; and
iii. Assist in informing other national governments not represented in the GAC of the opportunity for individual governments, if they wish to do so, to provide information to ICANN on governmental users to ensure continued access to WHOIS.
Recent Comments