Republicans advance “embarrassing” DOTCOM Act

Republican US Congressmen today voted to advance the DOTCOM Act, which would add a delay of up to a year to the IANA transition.
The Communications and Technology Subcommittee voted 16 to 10, split directly along party lines, to advance the bill to the next stage of the US legislative process.
The bill (pdf) has been changed since last time I reported on it. For ICANN, the change is for the worse.
It would now block the National Telecommunications and Information Administration from approving ICANN’s proposal for an NTIA-free future for up to one year while the Government Accountability Office prepares an analysis.
In the first draft, that delay would begin at the moment the bill hit the statute books. Now, the clock starts when the proposal is made.
Democrats on the subcommittee, who had four amendments shot down by the Republican majority during a markup session today, said the bill makes a mockery of the multistakeholder process they all profess to endorse.
Ranking member Anna Eshoo noted that Democrats supported a GAO report, but did not want the NTIA’s hands tied.
She reminded her opponents that they had all voted for a bill in 2012 — shortly before the International Telecommunications Union met for its WCIT conference — affirming the United States government’s commitment to multistakeholder management of the internet.
“Today you are unraveling exactly what you voted for,” she said, accusing Republicans of seeing “black helicopters” and a “conspiracy” by President Obama to give the internet to authoritarian regimes.
“It’s a source of embarrassment for a committee that has for the most part operated in a very respectful bipartisan way,” he said.
Republicans in response said that it is not unreasonable to request a GAO report, to help them understand the possible consequences of the IANA transition.
Rep John Shimkus, the primary sponsor of the DOTCOM Act, said that the forced delay was needed to give the bill “teeth”. Without it, he said, the GAO report could come after the IANA transition has already taken place.
In a concurrent hearing elsewhere on Capitol Hill, ICANN CEO Fadi Chehade was busy explaining to a different committee why he could not support the bill.
The DOTCOM Act would give the impression that the US government does not take the multistakeholder model seriously and does not trust ICANN, he said.
While Republicans may feel like the bill will keep the DNS root out of the hands of Russia and China, what they’re actually doing is giving those nations fuel for their power grabs in government-led international fora such as the ITU, in other words.
The DOTCOM Act is not yet law. It still has to go through the full House (Republican-controlled) and Senate (Democrat-controlled) and be signed by President Obama (China-controlled) before it hits the statute books.

How Russia and China could take over the internet!

Do governments have too much potential power over ICANN, and do they need reining in before the US cuts itself loose?
It’s a question that’s emerging given the recent decision of the United States government to remove itself from stewardship of the domain name system root zone.
The US National Telecommunications and Information Administration may have no intention of allowing other governments to replace it as overseer of the IANA functions, but that doesn’t mean that governments won’t be able to abuse their powers in future under ICANN’s existing structures.
Before getting into the arguments, I should first apologize for the misleading, clickbaiting headline on this post. It’s a sarcastic response to the misleading narrative that has been set by much of the mainstream media in the US.
For the record, I don’t think Russia and China are going to take over the internet, ICANN or the DNS.
What I’d like to look at here are ways in which the Governmental Advisory Committee might need to be reformed in order to maintain balance and prevent capture by any bad government in future.
And by “bad government”, I’m not just talking about Russia, China, Iran and any other boogeyman that may pop up in future; I could just as easily mean the United States and European Union member states.
I’m basing quite a lot of this on concerns raised by NetChoice Coalition’s Steve DelBianco in a Congressional hearing last week.
While DelBianco seems to be generally pro-transition, he outlined several “stress test” scenarios that he believes need to be addressed during the stewardship transition process.
Among other things, DelBianco said: “It will be important for the transition plan to prevent any government-led organization from replacing the former U.S. role after the transition is complete.”
Everyone, from the lunatic fringe of the US media that bases its reporting on GOP talking points to the senior management of ICANN and the NTIA itself, is on the same page here.
Nobody wants the US to be replaced by an intergovernmental alternative.
Indeed, baked into the NTIA’s proposal to relinquish its stewardship powers is an explicit promise that a government-led replacement will not be approved. It ain’t going to happen.
But governments already have a powerful voice within ICANN, in the form of the Governmental Advisory Committee.
The GAC
While all national governments are welcome at the GAC, it currently has around 130-odd listed members.
Typically, fewer than half actually show up to in-person ICANN meetings. DelBianco reports that there were 61 in attendance at the ICANN 49 meeting in Singapore two weeks ago.
The GAC has the ability to issue “advice” to the ICANN board of directors.
The board is free to accept or reject this advice. Rejection, which can and does happen, triggers a lengthy consultation process in which both parties attempt to reconcile their differences.
In practice, ICANN tends to bend over backwards to accommodate GAC advice, even to the point of occasionally willfully misinterpreting it in order to make it appear that it has been accepted.
Under Principle 47 of the current GAC Operating Principles it would be virtually impossible for a government or group of governments to capture the GAC. The GAC only issues advice by consensus:

The GAC works on the basis of seeking consensus among its membership. Consistent with United Nations practice, consensus is understood to mean the practice of adopting decisions by general agreement in the absence of any formal objection. Where consensus is not possible, the Chair shall convey the full range of views expressed by members to the ICANN Board.

If China and Russia managed to persuade every other GAC member to agree with a repressive policy they wanted to introduce, the United States could hold out and destroy consensus.
And, it should be said, vice versa.
How the GAC has used its power
The GAC has a track record of issuing advice, by consensus, that trickles down, via ICANN’s contracts with registrars and registries, to affect domain registrants and regular internet users.
Sometimes, the impact could be said to impact human rights issues such as free expression and privacy.
For example, when law enforcement agencies (LEA) such as the FBI and Interpol recommended that registrars should start logging their customers’ IP addresses and should suspend the domains of registrants whose contact information could not be verified, the GAC reissued those recommendations as “GAC/LEA” advice that ICANN eventually accepted.
One could argue that this has free speech and privacy implications, but it came via the consensus of a GAC that included nations with privacy rights enshrined in their constitutions and statute books.
In fact, the United States was one of the strongest advocates for the LEA recommendations becoming part of the registrar contract, as this report from the October 2011 ICANN meeting Dakar will illustrate.
Let’s be clear here: legitimate bloggers are having their web sites suspended today, right now, because of what the US did in the GAC.
I’m singling out the US unfairly here just as a counterpoint to the arguments, emerging in DI comments and elsewhere, to the effect that the US is some kind of unshakeable guardian of internet freedom. It ain’t.
In truth, the GAC’s pro-LEA position at first had majority support (pdf) then, after its Operating Principles were amended in 2011 to clarify what “consensus” means, consensus support (pdf).
All governments can be credited/blamed for this situation.
Blocking TLDs
The GAC also has a track record of compelling ICANN, via its advice, to prevent certain top-level domains from entering the DNS root zone.
In the current round of new gTLD applications, two strings have so far been killed off as a direct result of GAC advice and many more at at risk.
Applications for .thai and .gcc were both thrown out by ICANN because the GAC, by consensus, did not disagree with the objections of the Thai government and the Gulf Cooperation Council.
Amazon.com’s application for .amazon is currently on hold because the GAC, again by consensus, thinks that nations such as Brazil and Peru have better rights to the term.
ICANN has still to make a formal decision on applications for .spa, which the GAC has advised (by consensus) be placed “on hold” until Belgium (unilaterally) decides whether to endorse them or not.
Several other applicants have voluntarily withdrawn their applications after receiving GAC consensus objections.
Many more face losing their deposits unless they comply with GAC advice on matters such as registrant credentialing.
If having a TLD delegated to the root zone is a free speech issue, the GAC already has the power to affect it.
What if Russia tries to ban gay?
Let’s take a hypothetical scenario: Russia wants ICANN to force registrars to suspend the domain names of web sites containing content it considers pro-homosexuality.
Today, Russia would have to get a consensus of the GAC to agree with it — that is, no government objections to its proposal — in order for full-fat GAC advice to make its way to the board.
That, clearly, would not happen. Non-homophobic nations in North America, Europe, Latin America, Asia and no doubt parts of Africa would not stand for such a thing.
There would be no shortage of governments eager to block consensus on such an appalling proposal.
Even if the GAC came to a consensus to ban the gays, ICANN’s board of directors would be able to reject the advice by going through the necessary motions.
If by some crazy turn of events the ICANN board accepted the advice, ICANN would still have to get the contractual changes past the registrars themselves, which would prove challenging.
But what if the GAC operated not by consensus but by majority rule?
What if Russia persuaded enough of its allies and client states to show up to an ICANN meeting to raise their hands at the appropriate moment? It could, conceivably swing a vote.
While the GAC does not issue advice by majority today, it would be a relatively simple matter for it to change its Operating Principles so that voting, not consensus, ruled.
In fact, the Operating Principles state that they can be amended by a simple majority. Principle 53 states:

A Member or Members may move, at a meeting, for these Operating Principles to be open to revision. If so moved, the Chair shall call for the movement to be seconded. If so seconded, then the Chair shall call for a vote to support the resolution. The deciding vote may be by ballot, by the raising or cards, or by roll call, and shall constitute a simple majority of the Members who are present at the meeting at which it was moved for these Operating Principles to be revised. If so resolved in favour of a revision of these Operating Principles, then the proposal shall sit for consultation for a period of sixty (60) days. At the next meeting following the sixty days, the Chair shall call for a vote for or against the proposal. The deciding vote may be taken by ballot, by the raising or cards, or by roll call, and shall be a simple majority of the Members who are present at the meeting at which the vote takes place.

This, the GAC’s current ability to radically change its voting procedures, is at the heart of some of DelBianco’s “stress tests”.
His example below concerns post-delegation censorship of the root itself, rather than individual web sites, but the same rules outlined above apply.
In his testimony (pdf) to Congress, DelBianco said:

a majority of governments in the GAC might advise ICANN to suspend a TLD that refuses to remove domains with content critical of governments (e.g., .corrupt ). Today, this kind of censorship routinely occurs at the edge of the Internet when governments block domestic access to websites, such as Turkey now blocking Twitter. But this scenario envisions censorship moving from the edge to the core of the internet – the root table of TLDs used by the entire world. It’s a critical stress test to examine how the new IANA mechanism could respond if a future ICANN board bowed to GAC advice for censorship at the root of the Internet.

DelBianco is not suggesting that the current ICANN board would cower over a matter of GAC censorship, but we’ve got no idea what the board is going to look like five, 10 or 20 years from now.
If the safeguard of US stewardship is going away, ICANN’s internal processes need to be tough enough to withstand a GAC that goes rogue and starts demanding things that further infringe liberties.
Does ICANN see a problem?
At a press conference during the Singapore meeting two weeks ago, I asked ICANN chair Steve Crocker and CEO Fadi Chehade if the GAC needed to be be reined in to prevent future abuse.
Crocker responded. I’m quoting my question (which wasn’t as detailed as to include references to GAC Operating Principles) so you know exactly what he’s replying to:

DI: This is about the IANA transition process. I was just wondering: the NTIA says they will not accept a multilateral or intergovernmental solution to this transition process, so does it not follow that there should be some safeguards to prevent the GAC becoming too powerful and stopping it becoming a mini-ITU within ICANN? Is that envisaged as part of this process, to put some kind of restraint on the GAC’s power?
CROCKER: As I said in my remarks this morning, the fact that the end result should not be multilateral or intergovernmental certainly did not mean that governments should not be involved. Governments have to be involved. You’ve asked about what happens if the GAC becomes too powerful.
A big problem is getting more involvement of the GAC. We’re still in the process where the GAC is a maturing organization that’s come a long way and is making ever more contributions and we’re some distance away from being worried about whether the GAC is going to take over or become all too powerful.
The way ICANN is structured is very thoroughly multistakeholder and there are a lot of checks of balances built in so that no single constituency has the ability to become dominant or to take over. I think there would be very strong reactions if that ever started to come into play. So I don’t view it as a imminent concern.
We value and encourage the involvement of governments and we understand that for many many governments it’s a novel experience to participate in an environment in which they’re not the only ones speaking.

In short, he’s saying ICANN needs more government participation via the GAC, albeit carefully counterbalanced within the multi-stakeholder environment.
With that in mind, isn’t it fair to ask whether reforms to the GAC’s Operating Principles are a necessary component of the IANA stewardship transition process?
If ICANN is going independent, its structures need to be robust enough for the long term. Maybe that needs to mean a GAC permanently handcuffed to principles of consensus, to prevent capture.

ICANN fights the fear in Congressional hearing

A Congressional hearing yesterday addressed fears that the decision to cut ICANN loose from US governmental oversight would lead to the internet being seized by backwards regimes.
Long-term DI readers may recall that I’m usually quite snarky whenever a Congressional subcommittee convenes to pretend to be interested in ICANN — with the reason that they usually talk a lot of nonsense.
But this time the majority of the House Subcommittee on Communications and Technology seemed genuinely interested, surprisingly clueful, and relatively low on hyperbolic fearmongering.
The hearing was arranged due to the National Telecommunications and Information Administration’s March 14 decision to remove itself from the DNS root zone management triumvirate.
Whole cartloads of horse pucky have been wheeled out in response, exemplified by breathless editorials about how the world’s most repressive governments will immediately step in to fill the NTIA-shaped void.
It’s Obama’s policy of “appeasement”, designed to allow a shirtless Vladimir Putin to drive a tank directly into the root zone file, if you believe right-leaning American commentators.
There was some of that in yesterday’s hearing, but it was overshadowed by a discussion that seemed to be more interested in addressing genuine concerns and clearing up misconceptions.
Basically, Congressmen are afraid that if the NTIA leaves its role as steward of the DNS root zone, that will somehow lead to other governments taking over and internet freedoms being diminished.
How that fear manifested itself on the committee ranged from thoughtful and understandable expressions of concern and caution to wild-eyed, nonsensical, Putin-obsessed ranting.
It was the job of witnesses Larry Stricking of the NTIA, Fadi Chehade of ICANN and Ambassador David Gross, formerly of the Department of State, to reassure Congress that everything is going to be okay.
Rep. Scalise thinks Putin is magic
At the risk of being accused of sensationalism, I’m starting with the nut-job, but only to illustrate the misinformation ICANN and the NTIA have been dealing with for the last few weeks.
In a way, Rep. Steve Scalise’s portion of the hearing’s Q&A section is a microcosm of the dialogue that has been playing out in the media since the NTIA announcement.
Scalise was the guy on the committee who seems to believe that Russia and China possess the supernatural powers necessary to “take over the internet”. Red Magic, perhaps.
Here’s an exchange with Strickling and Chehade, which began when Scalise asked the panel to address concerns about authoritarian regimes taking over the internet:

STRICKLING: We won’t let that happen, number one.
SCALISE: What’s an assurance of that? It’s good to say we won’t let that happen, it’s nice to hear it, but nobody knows what’s gong to happen. You can’t tell me what’s going to happen. How do you know you won’t let it happen?
STRICKLING: I’m saying that we will not accept a proposal that has that as its outcome. Period. End of story. So it won’t happen. Second, nobody has yet explained to me the mechanism by which any of these individual governments could somehow seize control over the internet as a whole—
SCALISE: You really don’t think that Russia… Look, Russia and China have made it very clear what they want to do to suppress internet freedom. They’ve made it very clear—
STRICKLING: And they do it within their own countries—
SCALISE: At the end of the day y’all are going to come up with some sort of process if you’re going to transfer away, and I say IF — capital I, capital F — if you transfer it away you will come up with some sort of process. Do you really not thnk that Vladimir Putin, with all the other things he’s busy with right now, ain’t going to try to figure out some way to get control? It won’t be through the Russian government directly necessarily, but China and Russia have proven very resourceful at trying to figure out what that process so that they can manipulate it. You can do all the things you want to stop that from happening but at end of the day it comes out to where those countries have figured out a way, like they’ve figured out a lot of other ways too, to do something subversive that goes against all the intentions that we have. You can’t stop that.
STRICKLING: Well, Congressman, what do you think they could do that they can’t do today?
SCALISE: What do you really think…? Look at what Putin’s doing right now! The President just doesn’t seem to take this seriously what he’s doing through Eastern Europe. He’s trying to rebuild, get the old band back together, get the Soviet Union back together, right now before our very eyes. Secretary of State Kerry says the international community won’t accept this. They’re doing it! They don’t care what the international community thinks. They’re invading a country. So what would they do to get control of the internet if you threw something out there? These are real concerns that are being expressed. The other two panelists can touch on this as well.
CHEHADE: Thank you, Congressman. Let me be clear that at ICANN it is impossible for them today to do so. They’ve been trying for 15 years—
SCALISE: Exactly! Which is why it’s working.
CHEHADE: But it’s not because the US actually has the current stewardship role, it’s because of the multistakeholder model. It stops them. Where they will try to do what you’re suggesting is in the international intergovernmental organizations. They’ve been trying to do that there. We want to take away from them any argument that they still go to the UN and try to take over what ICANN does, by making sure that ICANN is free of one government control. To show them that ICANN believes in the multistakeholder model and this great country that created that model trusts it.

Chehade 1 – Scalise 0.
But did Scalise have a point, even accidentally? I’m going to cover that question in a separate post.
Rep Shimkus really wants you to support his bill
A recurring theme of the hearing was the Domain Openness Through Continued Oversight Matters (DOTCOM) Act, introduced by Rep. John Shimkus and others last week.
I called the bill “pointless” when it emerged, as all it does is delay any transition for a year until the US Government Accountability Office has conducted a study of the ramifications.
But there’s also a feeling that the Act would be a distraction at best and may cast more uncertainty than is necessary over the transition process at a critical time for internet governance.
Both Strickling and Chehade prevaricated when Shimkus asked them outright, repeatedly, if they were opposed to the GAO review.
Strickling said he “neither or supports or opposes” such a review but said he was “in favor of full discussion of these issues”.
Chehade, seemingly reluctant to tie himself to a one-government review said he did not have a view, but that he committed to full transparency in the issue.
The fact that Chehade had said that there was “no rush” to conclude the transition process was later used by Shimkus as a gotcha, when he pointed out that the Act’s one-year delay would not have an impact.
On a second panel, Carolina Rossini of the Internet Governance and Human Rights Program of the New American Foundation, gave perhaps a fuller explanation of why there’s caution about the bill.

My concern is that if we wait one year, if we block the transition now and wait one year until we have a report, that is the risk. And that’s the risk that we have non-democratic governments to actually make their voices even louder and manipulate the narrative both in NetMundial and in the [ITU] plenipot in November.

Shimkus said he’d concluded that Chehade and Strickling has “in essence supported the bill”, which I don’t think was necessarily a fair interpretation of what they said.
The two-and-a-half hour hearing had a couple of other diversions — Rep Blackburn going off on a crazy tangent about net neutrality and Rep Latta wasting everyone’s time to score points on behalf of a constituent, a .med gTLD applicant — but otherwise it was generally sane stuff.
The committee seemed to be fairly well-briefed on the subject before them. Most of the Congressmen expressed their concerns about the transition in sensible terms and seemed to take the answers on board.
Special recognition should also be given to Chehade, who won the slightly condescending praise and admiration of some of the committee when he choked up on an abridged version of his immigrant origin story.
He has an uncanny ability to speak to his audience at every occasion and he put it to excellent use yesterday.

Rockefeller slams .sucks as “predatory shakedown”

US Senator Jay Rockefeller today came out swinging against the proposed .sucks new gTLD, saying it looks like little more than a “predatory shakedown” by applicants.
In a letter to ICANN (pdf), Rockefeller has particular concern about Vox Populi, the .sucks applicant owned by Canadian group Momentous.
As we’ve previously reported, Vox Populi plans to charge trademark owners $25,000 a year for defensive registrations and has already started taking pre-registrations even though .sucks is still in contention.
Rockefeller told ICANN:

I view it as little more than a predatory shakedown scheme… A gTLD like “sucks” has little or no socially redeeming value and it reinforces many people’s fears that the purpose of the gTLD expansion is to enrich the domain name industry rather than benefit the broader community of internet users.

Unusually, I find myself in agreement with Rockefeller, who chairs the Senate’s Commerce, Science and Transportation Committee — Vox Populi’s plan does bring the domain industry into disrepute.
But it’s not the only applicant for .sucks. Top Level Spectrum and Donuts have also applied for the string.
While neither has revealed their proposed pricing, in Donuts’ case a blocking registration via its Domain Protected Marks List service will cost substantially less on a per-domain basis.
Rockefeller asks that ICANN keep his thoughts in mind when reviewing the application, and I’m sure ICANN will pay lip service to his concerns in response, but I don’t think the letter will have much impact.
A bigger question might be: does Rockefeller’s letter foreshadow more Congressional hearings into the new gTLD program?
The last one, which Rockefeller chaired (for about five minutes, before he buggered off to do more important stuff) was in December 2011, and they have tended to happen every couple of years.
Such a hearing would come at an inopportune moment for ICANN, which is trying to distance itself from the perception of US oversight in light of the Edward Snowden spying revelations.
It’s been setting up offices all over the world and championing the forthcoming NetMundial internet governance meeting, which is happening in Brazil next month.

Senators slate NTIA, to demand answers on new gTLD security

Did Verisign get to the US Congress? That’s the intriguing question emerging from a new Senate appropriations bill.
In notes attached to the bill, the Senate Appropriations Committee delivers a brief but scathing assessment of the National Telecommunication and Information Administration’s performance on ICANN’s Governmental Advisory Committee.
It says it believes the NTIA has “not been a strong advocate for U.S. companies and consumers”.
The notes would order the agency to appear before the committee within 30 days to defend the “security” aspects of new gTLDs and “urges greater participation and advocacy within the GAC”.
While the NTIA had a low-profile presence at the just-finished Durban meeting, it would be difficult to name many other governments that participate or advocate more on the GAC.
This raises an eyebrow. Which interests, in the eyes of the committee, is the NTIA not sufficiently defending?
Given the references to intellectual property, suspicions immediately fall on usual suspects such as the Association of National Advertisers, which is worried about cybersquatting and associated risks.
The ANA successfully lobbied for an ultimately fruitless Congressional hearing in late 2011, following its campaign of outrage against the new gTLD program.
It’s mellowed somewhat since, but still has fierce concerns. Judging by comments its representatives made in Durban last week, it has shifted its focus to different security issues and is now aligned with Verisign.
Verisign, particularly given the bill’s reference to “security, stability and resiliency” and the company’s campaign to raise questions about the potential security risks of new gTLDs, is also a suspect.
“Security, stability and resiliency” is standard ICANN language, with its own acronym (SSR), rolled out frequently during last week’s debates about Verisign’s security concerns. It’s unlikely to have come from anyone not intimately involved in the ICANN community.
And what of Amazon? The timing might not fit, but there’s been an outcry, shared by almost everyone in the ICANN community, about the GAC’s objection last week to the .amazon gTLD application.
The NTIA mysteriously acquiesced to the .amazon objection — arguably harming the interests of a major US corporation — largely it seems in order to play nice with other GAC members.
Here’s everything the notes to “Departments of Commerce and Justice, and Science, and related agencies appropriations Bill, 2014” (pdf) say about ICANN:

ICANN — NTIA represents the United States on the Internet Corporation for Assigned Names and Numbers [ICANN] Governmental Advisory Committee [GAC], and represents the interests of the Nation in protecting its companies, consumers, and intellectual property as the Internet becomes an increasingly important component of commerce. The GAC is structured to provide advice to the ICANN Board on the public policy aspects of the broad range of issues pending before ICANN, and NTIA must be an active supporter for the interests of the Nation. The Committee is concerned that the Department of Commerce, through NTIA, has not been a strong advocate for U.S. companies and consumers and urges greater participation and advocacy within the GAC and any other mechanisms within ICANN in which NTIA is a participant.
NTIA has a duty to ensure that decisions related to ICANN are made in the Nation’s interest, are accountable and transparent, and preserve the security, stability, and resiliency of the Internet for consumers, business, and the U.S. Government. The Committee instructs the NTIA to assess and report to the Committee within 30 days on the adequacy of NTIA’s and ICANN’s compliance with the Affirmation of Commitments, and whether NTIA’s assessment of ICANN will have in place the necessary security elements to protect stakeholders as ICANN moves forward with expanding the number of top level Internet domain names available.

While the bill is just a bill at this stage, it seems to be a strong indication that anti-gTLD lobbyists are hard at work on Capitol Hill, and working on members of diverse committees.

“Risky” gTLDs could be sacrificed to avoid delay

Google and other members of the New gTLD Applicant Group are happy to let ICANN put their applications on hold in response to security concerns raised by Verisign.
During the ICANN 46 Public Forum in Durban on Thursday, NTAG’s Alex Stamos — CTO of .secure applicant Artemis — said that agreement had been reached that about half a dozen applications could be delayed:

NTAG has consensus that we are willing to allow these small numbers of TLDs that have a significant real risk to be delayed until technical implementations can be put in place. There’s going to be no objection from the NTAG on that.

While he didn’t name the strings, he was referring to gTLDs such as .home and .corp, which were highlighted earlier in the week as having large amounts of error traffic at the DNS root.
There’s a worry, originally expressed by Verisign in April and independent consultant Interisle this week, that collisions between new gTLDs and widely-used internal network names will lead to data leakage and other security problems.
Google’s Jordyn Buchanan also took the mic at the Public Forum to say that Google will gladly put its uncontested application for .ads — which Interisle says gets over 5 million root queries a day — on hold until any security problems are mitigated.
Two members of the board described Stamos’ proposal as “reasonable”.
Both Stamos and ICANN CEO Fadi Chehade indirectly criticised Verisign for the PR campaign it has recently built around its new gTLD security concerns, which has led to somewhat one-sided articles in the tech press and mainstream media such as the Washington Post.
Stamos said:

What we do object to is the use of the risk posed by a small, tiny, tiny fraction — my personal guess would be six, seven, eight possible name spaces that have any real impact — to then tar the entire project with a big brush. For contracted parties to go out to the Washington Post and plant stories about the 911 system not working because new TLDs are turned on is completely irresponsible and is clearly not about fixing the internet but is about undermining the internet and undermining new gTLDs.

Later, in response to comments on the same topic from the Association of National Advertisers, which suggested that emergency services could fail if new gTLDs go live, Chehade said:

Creating an unnecessary alarm is equally irresponsible… as publicly responsible members of one community, let’s measure how much alarm we raise. And in the trademark case, with all due respect it ended up, frankly, not looking good for anyone at the end.

That’s a reference to the ANA’s original campaign against new gTLDs, which wound up producing not much more than a lot of column inches about an utterly pointless Congressional hearing in late 2011.
Chehade and the ANA representative this time agreed publicly to work together on better terms.

ICANN reopens defensive registration debate

ICANN’s board of directors wants more policy work done on the problem of defensive domain name registrations.
In a resolution passed at a meeting on Tuesday, the board’s newly created New gTLD Program Committee, made up exclusively of non-conflicted directors, said it:

directs staff to provide a briefing paper on the topic of defensive registrations at the second level and requests the GNSO to consider whether additional work on defensive registrations at the second level should be undertaken

The decision was made following the debate about “defensive” gTLD applications ICANN opened up in February, prompted by a letter from US Department of Commerce assistant secretary Larry Strickling.
That in turn followed the two Congressional hearings in December, lobbied for and won by the Association of National Advertisers and its Coalition for Responsible Internet Domain Oversight.
So this week’s decision is a pretty big win for the intellectual property lobby. It’s managed to keep the issue of stronger second-level trademark protection in new gTLDs alive despite ICANN essentially putting it to bed when it approved the new gTLD program last June.
The GNSO could of course decide that no further work needs to be done, so the champagne corks should probably stay in place for the time being.
At the same meeting on Tuesday, the ICANN board committee voted to disregard the GNSO Council’s recent decision to grand extra protections to the International Olympic Committee, Red Cross and Red Crescent movements. The rationale for this decision has not yet been published.

WIPO releases 2011 cybersquatting stats

WIPO handled more UDRP cases covering more domain names in 2011 than in any other year, but its numbers do not paint a very convincing picture of the cybersquatting landscape.
The organization today announced that it handled 2,764 UDRP cases covering 4,781 domain names last year. The number of cases was up 2.5% over 2010.
The number of domain names covered by these cases was up by 9.4% – an additional 414 domains.
It’s basically meaningless data if you’re looking to make a case that cybersquatting is on the increase.
Obviously, while WIPO is the market-share leader, it is not the only UDRP provider. It sees a representative but non-exhaustive sample of cases.
While UDRP is the standard dispute mechanism for all ICANN-contracted gTLDs, WIPO also has side deals with ccTLD registries to look after cybersquatting cases in their zones.
As WIPO has added more ccTLD deals, it has become harder to make apples-to-apples comparisons year over year.
Based on WIPO’s own records, it received 2,323 UDRP complaints about domains in gTLDs last year, up by 28 cases from 2010, a 1.2% increase.
Given that the number of domains registered in gTLDs increased by at least 8% between January 1 and November 30 2011, cybersquatting seems to be actually on the decrease in relative terms.
And given that the number of UDRP cases filed is so piddlingly small, a single obsessive-compulsive complainant (ie, Lego) can skew the results.
Lego spammed WIPO with more than 160 complaints in 2011. As a result, Denmark is the last year’s fourth-biggest filer after the US, France and UK, according to WIPO, with 202 complaints.
So, if you see any company using these WIPO numbers to rage about cybersquatting in press releases, ICANN comments or Congressional hearings, give them a slap from me. Thanks.
Here’s a table of WIPO’s caseload from 2000 to 2011.
[table id=6 /]
Sadly, the number of UDRP complaints will never reflect the actual amount of cybersquatting going on, particularly when cybersquatters only need to price their domains more cheaply than the cost of a UDRP complaint in order to stay off the radar.
WIPO’s data does raise some interesting questions about the geographic distribution of complainants and respondents, however.
Unsurprisingly, cybersquatting was found to be big business in China, the second most-common home nation, after the US, for respondents. No UDRPs filed with WIPO originated there, however.
Surprisingly, Australia is ranked fourth on the list of countries most likely to harbor alleged squatters, with 171 respondents. But Australia was 13th in terms of complainant location, with just 39 cases.
Read more WIPO data here.

ICANN tells Congressmen to chillax

ICANN senior vice president Kurt Pritz has replied in writing to great big list of questions posed by US Congressmen following the two hearings into new gTLDs last month.
The answers do what the format of the Congressional hearings made impossible – provide a detailed explanation, with links, of why ICANN is doing what it’s doing.
The 27-page letter (pdf), which addresses questions posed by Reps. Waxman, Eshoo and Dingell, goes over some ground you may find very familiar, if you’ve been paying attention.
These are some of the questions and answers I found particularly interesting.
Why are you doing this?
Pritz gives an overview of the convoluted ICANN process responsible for conceiving, creating and honing the new gTLD program over the last few years.
It explains, for example, that the original GNSO Council vote, which set the wheels in motion back in late 2007, was 19-1 in favor of introducing new gTLDs.
The “lone dissenting vote”, Pritz notes, was cast by a Non-Commercial Users Constituency member – it was Robin Gross of IP Justice – who felt the program had too many restrictions.
The letter does not mention that three Council members – one from the Intellectual Property Constituency and two more from the NCUC – abstained from the vote.
Why aren’t the trademark protection mechanisms finished yet?
The main concern here is the Trademark Clearinghouse.
New gTLD applicants will not find out how the Clearinghouse will operate until March at the earliest, which is cutting it fine considering the deadline for registering as an applicant is March 29.
Pritz, however, tells the Congressmen that applicants have known all they need to know about the Clearinghouse since ICANN approved the program’s launch last June.
The Clearinghouse is a detail that ideally should have been sorted out before the program launched, but I don’t believe it’s the foremost concern for most applicants or trademark owners.
The unresolved detail nobody seems to be asking about is the cost of a Uniform Rapid Suspension complaint, the mechanism to quickly take down infringing second-level domain names.
ICANN has said that it expects the price of URS – which involves paying an intellectual property lawyer to preside over the case – to be $300 to $500, but I don’t know anyone who believes that this will be possible.
Indeed, one of the questions asked by Rep. Waxman starts with the premise “Leading providers under Uniform Dispute Resolution Policy (UDRP) have complained that current fees collected are inadequate to cover the costs of retaining qualified trademark attorneys.”
UDRP fees usually start at around $1,000, double what ICANN expects the URS – which I don’t think is going to be a heck of a lot simpler for arbitration panels to process – to cost trademark owners.
Why isn’t the Trademark Claims service permanent?
The Trademark Claims service is a mandatory trademark protection mechanism. One of its functions is to alert trademark holders when somebody tries to register their mark in a new gTLD.
It’s only mandatory for the first 60 days following the launch of a new gTLD, but I’m in agreement with the IP community here – in an ideal world, it would be permanent.
However, commercial services already exist that do pretty much the same thing, and ICANN doesn’t want to anoint a monopoly provider to start competing with its stakeholders. As Pritz put it:

“IP Watch” services are already provided by private firms, and it was not necessary for the rights protection mechanisms specific to the New gTLD Program to compete with those ongoing watch services already available.

In other words, brands are going to have to carry on paying if they want the ongoing benefits of an infringement notification service in new gTLDs.
When’s the second round?
Nothing new here. Pritz explains why the date for the second round has not been named yet.
Essentially, it’s a combination of not knowing how big the first round is going to be and not knowing how long it will take to conduct the two (or three) post-first-round reviews that ICANN has promised to the Governmental Advisory Committee.
I tackle the issue of second-round timing in considerable detail on DomainIncite PRO. My feeling is 2015.
On Whois verification
Pritz reiterates what ICANN CEO Rod Beckstrom told the Department of Commerce last week: ICANN expects that many registrars will start to verify their customers’ Whois data this year.
ICANN is currently talking to registrars about a new Registrar Accreditation Agreement that would mandate some unspecified degree of Whois verification.
This issue is at the top of the law enforcement wish list, and it was taken up with gusto by the Governmental Advisory Committee at the Dakar meeting in October.
Pritz wrote:

ICANN is currently in negotiations with its accredited registrars over amendments to the Registrar Accreditation Agreement. ICANN is negotiating amendments regarding to the verification of Whois data, and expects its accredited registrars to take action to meet the rising call for verification of data. ICANN expects that the RAA will incorporate – for the first time – Registrar commitments to verify Whois data.

He said ICANN expects to post the amendments for comment before the Costa Rica meeting in mid-March, and the measures would be in place before the first new gTLDs launch in 2013.
I’ve heard from a few registrars with knowledge of these talks that Whois verification mandates may be far from a dead-cert in the new RAA.
But by publicly stating to government, twice now, that Whois verification is expected, the registrars are under increased pressure to make it happen.
IF Whois verification is not among the RAA amendments, expect the registrars to get another dressing down from the GAC at the Costa Rica meeting this March.
On the other hand, ICANN has arguably handed them some negotiating leverage when it comes to extracting concessions, such as reduced fees.
The registrars were prodded into these talks with the GAC stick, the big question now is what kind of carrots they will be offered to adopt an RAA that will certainly raise their costs.
ICANN expects to post the proposed RAA changes for public comment by February 20.

Congressmen ask ICANN to delay new gTLDs

Seventeen US Congressmen have put their names to a letter asking ICANN to delay its new generic top-level domains program.
The bipartisan group was led by Rep. Fred Upton, chairman of the House technology subcommittee that held a hearing into new gTLDs last week. They wrote:

Although we believe expanding gTLDs is a worthy goal that may lead to increased competition on the Internet, we are very concerned that there is a significant uncertainty in this process for businesses, non-profit organizations, and consumers. To that end, we urge you to delay the planned January 12, 2012 date for the acceptance of applications for new gTLDs.

The letter (pdf), sent yesterday to ICANN president Rod Beckstrom and chairman Steve Crocker, goes on to note the objections of several groups, including the Coalition for Responsible Internet Domain Oversight, that have opposed the program in recent weeks.

Given these widespread concerns, a short delay will allow interested parties to work with ICANN and offer changes to alleviate many of them, specifically concerns over law enforcement, cost and transparency that were discussed in recent Congressional hearings.

It is notable that the letter was sent directly to ICANN’s top brass.
Previous requests of this kind have been sent to ICANN’s overseers in the US Department of Commerce, which has already indicated that it does not intend to strong-arm ICANN into changing its new gTLD plans.
ICANN’s senior vice president Kurt Pritz said last week that the chance of delay was “above zero”.
Whether this latest letter changes the math remains to be seen.
Opposition to the January 12 launch date in the US currently appears to be reaching a critical mass.