Latest news of the domain name industry

Recent Posts

Whois policy published without life-saving disclosure rule

Kevin Murphy, February 23, 2024, Domain Policy

ICANN has updated its Registration Data Policy, the rules that govern what data registries and registrars need to collect from registrants and when to publish or supply it through Whois lookups or disclosure requests.

When it becomes enforceable in August next year, the new RDP will make full-fat ICANN Whois policy compliant with EU privacy law for the first time since the General Data Protection Regulation came into effect in May 2018.

But the new policy, which replaces a functionally very similar temporary policy, is notable not only for the extraordinary amount of time it took to produce, but also for not containing a disputed requirement for registrars and registries to quickly turn over private Whois data when human life is at risk.

The policy dictates what contact information registrars must collect from their customers, what they must share with their registries, escrow agents and others, and what they must redact in the public Whois (or Registration Data Directory Services, as it will become known when Whois is retired next January).

It also says that registries and registrars must acknowledge private data disclosure requests no more than two business days after receipt and respond to the requests in full less than 30 calendar days after that, barring delays caused by “exceptional circumstances”.

But, due purely to ICANN community politicking, the policy for now omits previously considered language on “urgent” disclosure requests for use in “circumstances that pose an imminent threat to life, of serious bodily injury, to critical infrastructure, or of child exploitation”.

I’d like to think such circumstances are incredibly rare, but if there’s a situation where a Whois disclosure could help prevent a bomb going off at a major internet exchange, a trans rights activist being hounded into suicide, or a little kid getting raped on a livestream, the new ICANN policy does not account for that.

The version of the policy published in July last year (pdf) did include an urgent requests provision, requiring contracted parties to either turn over the data or tell the requester to get lost within 24 hours of receipt.

But it also contained a bunch of exceptions that could allow registrars to extend that deadline by up to three business days. When weekends and public holidays are taken into account, this could mean as much as a full calendar week to process an “urgent”, potentially life-saving request.

For that reason, the Governmental Advisory Committee wrote to ICANN (pdf) last August to ask it to revisit the policy language, chuck out the reference to “business” days, and stick to a 24-hour response window

The original Expedited Policy Development Process Working Group that came up with the policy recommendations had not specified how long registrars and registries should have to respond to urgent disclosure requests, punting that decision to the Implementation Review Team that drafted the final language.

An August 2022 draft (pdf) put out for public comment made the response window two business days, with a possible one-day extension, but this was reduced to 24 hours last year in what registrars describe as a “significant compromise” given the operational reality of responding to disclosure requests.

In August last year, the Registrars Stakeholder Group told ICANN (pdf) that its members “are committed to responding to Urgent requests in the most swift and expeditious manner possible” but said it objected to the GAC’s last-minute demands for the urgent disclosures policy to be rewritten.

From the registrars’ perspective, handling disclosure requests for personal data is not a simple ask. It’s a legal decision, balancing the privacy rights of the registrant with the rights of others to access that information.

Get it wrong, and you’re open to litigation and fines substantial enough to be expressed as a percentage of your revenue. And, money aside, who wants to be the guy who, for example, accidentally helps the Iranian morality police murder a bunch of schoolgirls for wearing the wrong type of hat?

But the argument between the registrars and the governments comes down to issues of ICANN process. Both the GAC and the RrSG claimed the urgent disclosures bunfight highlights deficiencies in ICANN multistakeholderism, but for different reasons.

ICANN’s response to this disagreement was to remove the urgent requests clauses from the policy altogether, in the hope that further talks can find a solution. Chair Tripti Sinha wrote to the RrSG and GAC a couple weeks ago to tell them:

the Board concluded that it is necessary to revisit Policy Recommendation 18 concerning urgent requests in the context of situations that pose an imminent threat to life, serious bodily harm, infrastructure, or child exploitation, and the manner in which such emergencies are currently handled. For this, we believe that consultation with the GNSO Council is required.

ICANN has essentially kicked the can, which was what the GAC had asked for. The RrSG wanted the July 2023 language (one-plus-three days) or August 2022 language (two-plus-one days) published in the final policy.

It’s stuff like this that makes one scratch one’s head, stroke one’s chin, and wonder whether ICANN really is fit for purpose.

There were 2,312 days between the day the European Commission first proposed the GDPR to the day it became effective in all EU member states.

But 2,590 days will have passed between the day the GNSO Council initiated the EPDP and the day the new Registration Data Policy will become effective on all contracted parties, next August.

The lumbering, then-28-state European Union was faster at passing policy than ICANN, even when ICANN was using an “expedited” process.

And what ICANN eventually came up with couldn’t even agree on ways to help tackle murder, economic catastrophes, and the rape of kids.

ICANN bans closed generics for the foreseeable

Kevin Murphy, January 23, 2024, Domain Policy

There will be no applications for closed generic gTLDs in the 2026 application round, ICANN has confirmed.

While the Org has yet to publish the results of last weekend’s board meeting, chair Tripti Sinha has written to community leaders to let them know that companies won’t be able to apply for exclusive-use, non-trademark strings for the foreseeable future.

The ban follows years of talks that failed to find a consensus on whether closed generics should be permitted, and subsequent advice from the Governmental Advisory Committee, backed up by the At-Large Advisory Committee, that they should not.

Apparently quoting board output from its January 21 meeting, Sinha wrote (pdf):

the Board has considered the GAC Advice and has determined that closed generic gTLD applications will not be permitted until such time as there is an approved methodology and criteria to evaluate whether or not a proposed closed domain is in the public interest.

Closed generics were permitted — or at least not explicitly outlawed — in the 2012 application round, but were retroactively banned by ICANN following GAC advice in 2013, stymying the plans of dozens of applicants.

Ironically, it was the clumsy wording of the 2013 advice that saw the debate re-open a few years ago, with the initiation of a closed-doors, Chatham House Rules “facilitated dialogue” between the pro- and anti- camps, which also failed to reach a consensus.

By drawing a line under the issue now, ICANN has finally officially removed closed generics as a potential delaying factor on the next gTLD application round, which is already 13 years late.

Closed generics ban likely to remain after another policy group failure

Kevin Murphy, August 15, 2023, Domain Policy

Closed generic gTLDs are likely off the table for ICANN’s next application round, after a secretive policy development working group failed to reach a consensus on how they could be permitted.

The chairs of the ALAC-GAC-GNSO Facilitated Dialogue on Closed Generic gTLDs have put their names to a draft letter that essentially throws in the towel and recommends ICANN sticks to the status quo in which closed generics are not permitted.

The chairs of the three committees write that they “believe that it is not necessary to resolve the question of closed generic gTLDs as a dependency for the next round of new gTLDs, and we plan to inform the ICANN Board accordingly.”

In other words, whatever latency related to needing a closed generics policy that was built in to ICANN’s recent April 2026 target for opening the next application round could be eliminated from the timeline.

The three chairs added (emphasis in original PDF):

We agree with the ICANN Board (in its original invitation to the GAC and the GNSO to engage in a facilitated dialogue) that this topic is one for community policy work, rather than a decision for the Board. As such and based on our collective belief that there is neither the need nor the community bandwidth to conduct additional work at this stage, we also plan to ask that, for the next round, the Board maintain the position that, unless and until there is a community-developed consensus policy in place, any applications seeking to impose exclusive registry access for “generic strings” to a single person or entity and/or that person’s or entity’s Affiliates (as defined in Section 2.9(c) of the Registry Agreement) should not proceed. Finally, we also plan to inform the Board that any future community policy work on this topic should be based on the good work that has been done to date in this facilitated dialogue.

But that position — still a draft — is already facing some push-back from community members who disagree about what the current status quo actually is.

The 2012 application round opened up with the assumption that closed generics were A-okay, and it received hundreds of such applications.

But the governments of the GAC, no doubt stirred by competition concerns, balked when they saw big companies had applied for gTLD strings that could enable them to dominate their markets.

The GAC demanded that closed generics must service the public interest if they were to be permitted, so ICANN Org — in what would turn out to be an Original Sin injected into the destiny of future rounds — retroactively changed the rules, essentially banning closed generics but allowing applicants to withdraw for a refund or open up their proposed registration policies.

The third option was to defer their applications to a future application round, by which point it was assumed the community would have established a closed generics policy. No applicant took that option.

But making that policy was the job of a committee called SubPro, but when turned its attention to the issue, entrenched positions among volunteers took hold and no consensus could be found. It couldn’t even agree what the status quo was. The group wound up punting the issue to the ICANN board.

The discussion moved on last year when ICANN decided to launch the “Facilitated Dialogue”, forcing the GAC and the GNSO to the negotiating table in last-ditch attempt to put the issue to bed for good.

Ironically, it was the 2013 GAC advice — made at time when the governments drafted their advice in secret and were deliberately ambiguous in their output — that killed off closed generics for a decade that ICANN used to reopen the issue. The GAC hadn’t wanted a blanket ban, after all, it just wanted to mandate a “public interest” benefit.

The assumption was that the Facilitated Dialogue would come up with something in-between a ban and a free-for-all, but what it actually seems to have come up with is a return to the status quo and disagreement about what the status quo even is.

It really is one of those situations where ICANN, in its broadest definition, can’t see to find its ass with two hands and a flashlight (and — if you’ll indulge me — a map, GPS coordinates, and a Sherpa).

Governments call for ban on gTLD auctions

Kevin Murphy, June 21, 2023, Domain Policy

Governments are calling for a ban on new gTLD contention sets being settled via private auctions, a practice that allowed many tens of millions of dollars to change hands in the last application round.

ICANN’s Governmental Advisory Committee said in its ICANN 77 communique that it formally advises ICANN: “To ban or strongly disincentivize private monetary means of resolution of contention sets, including private auctions.”

Private auctions typically see the losers split the winner’s winning bid among themselves. The GAC endorsed the At-Large Advisory Committee’s recommendation that applicants should be forced to ICANN-run “last resort” auctions, where ICANN gets all the money, instead.

The concern is that companies with no intention of actually operating a gTLD will file applications purely in order to have a tradeable asset that can be sold to competing applicants for a huge profit.

In the 2012 round, 224 contention sets were settled in private, often via auctions. ICANN not only allowed but encouraged the practice.

For example, publicly listed portfolio registry Minds + Machines disclosed tens of millions of income from losing private auctions, some of which was reinvested into winning auctions for gTLDs that it did intend to run.

Another applicant, Nu Do Co, did not win a single auction it was involved in, with the exception of the ICANN-run “last resort” auction for .web, where its winning $135 million bid was secretly funded by Verisign.

In the case of .web, rival bidders urged NDC to go to private auction until almost the last moment, eager to get a piece of the winning bid. It remains the subject of legal disputes to this day.

The current GNSO “SubPro” policy recommendations do not include a ban on private settlements, instead saying that applicants should affirm that they have a “bona fide” intent to operate the TLD, under penalty of unspecified sanctions if they lie.

The recommendations include a set of suggested red flags that ICANN should look out for when trying to determine whether an applicant is game the system, such as the number of applications filed versus contention sets won.

It’s pretty vague — the kind of thing that would have to be ironed out during implementation — and the ICANN board of directors has yet to formally approve these specific recommendations.

The GAC’s latest advice also has concerns about the “last resort” auctions that ICANN conducts, which see ICANN place the winning bid in a special fund, particular with regards non-commercial applicants.

The GAC advised ICANN: “To take steps to avoid the use of auctions of last resort in contentions between commercial and non-commercial applications; alternative means for the resolution of such contention sets, such as drawing lots, may be explored.”

Some previous ways to mitigate contention gaming include Vickrey auctions, where every applicant submits a high bid at the time of application and the applicant with the highest bid pays ICANN the amount of the second-highest bid.

Bidding before one even knows whether the gTLD string will be subject to contention is seen as a way to dissuade applicants from applying for strings they don’t really want.

ICANN directors said repeatedly at ICANN 77 last week that the Org will be hiring an auctions expert to investigate the best way to handle auctions and reduce gaming.

Governments backtracking on closed generics ban

Kevin Murphy, March 21, 2023, Domain Policy

ICANN’s Governmental Advisory Committee appears to be backpedaling on its commitment to permitting so-called “closed generic” gTLDs in the next application round.

The GAC’s output from ICANN 76, which took place in Cancun last week, contains a paragraph that suggests that governments are reverting to their decade-old position that maybe closed generics are not a good idea.

The GAC, GNSO and At-Large have been engaging in a “facilitated dialogue” for the past few months in an attempt to figure out whether closed generics should be allowed and under what terms.

The GAC is now saying “no policy option, including the prohibition of Closed Generics, should be excluded if no satisfactory solution is found”. It had agreed to the dialogue on the condition that prohibition would not be an outcome.

A closed generic is a single-registrant gTLD matching a dictionary word that is not a trademark. Think McDonald’s controlling all the names in .burger or Jack Daniels controlling the whole .whiskey zone.

These types of TLDs had not been banned in the 2012 application round, resulting over 180 gTLD applications, including the likes of L’Oreal applying for .makeup and Symantec’s .antivirus.

But the GAC took a disliking to these applications, issuing advice in 2013 that stated: “For strings representing generic terms, exclusive registry access should serve a public interest goal.”

This caused ICANN to implement what amounted to a retroactive ban on closed generics. Many applicants withdrew their bids; other tried to fudge their way around the issue or simply sat on their gTLDs defensively.

When the GNSO came around to developing policy in 2020 for the next new gTLD round, it failed to come to a consensus on whether closed generics should be allowed. It couldn’t even agree on what the default, status quo position was — the 2012 round by policy permitted them, but in practice did not. The matter was punted to ICANN.

A year ago, ICANN said the GAC and GNSO should get their heads together in a small group, the “facilitated dialogue”, to resolve the matter, but the framing paper outlining the rules of engagement for the talks explicitly ruled out two “edge outcomes” that, ICANN said, were “unlikely to achieve consensus”.

Those outcomes were:

1. allowing closed generics without restrictions or limitations OR

2. prohibiting closed generics under any circumstance.

The GAC explicitly agreed to these terms, with then-chair Manal Ismail (who vacated the seat last week) writing (pdf):

The GAC generally agrees with the proposed parameters for dialogue, noting that discussion should focus on a compromise to allow closed generics only if they serve a public interest goal and that the two “edge outcomes” (i.e. allowing closed generics without restrictions/limitations, and prohibiting closed generics under any circumstance) are unlikely to achieve consensus, and should therefore be considered out of scope for this dialogue.

Now, after days of closed-door facilitated dialogue have so far failed to reach a consensus on stuff like what the “public interest” is, the GAC has evidently had a change of heart.

Its new Cancun communique states:

In view of the initial outputs from the facilitated dialogue group on closed generics, involving representatives from the GAC, GNSO and At-Large, the GAC acknowledges the importance of this work, which needs to address multiple challenges. While the GAC continues to be committed to the facilitated dialogue, no policy option, including the prohibition of Closed Generics, should be excluded if no satisfactory solution is found. In any event, any potential solution would be subject to the GAC’s consensus agreement.

In other words, the GAC is going back on its word and explicitly ruling-in one of the two edge outcomes it less than a year ago had explicitly ruled out.

It’s noteworthy — and was noted by several governments during the drafting of the communique — that the other edge outcome, allowing closed generics without restriction, is not mentioned.

It’s tempting to read this as a negotiating tactic — the GAC publicly indicating that a failure to reach a deal with the GNSO will mean a closed generics ban by default, but since the facilitated dialogue is being held entirely in secret it’s impossible to know for sure.

ICANN to approve next new gTLD round next month (kinda)

Kevin Murphy, February 14, 2023, Domain Policy

ICANN’s board of directors is sending mixed signals about the new gTLD program, but it seems it is ready to start approving the next round when the community meets for its 76th public meeting in Mexico next month.

It seems the board will approve the GNSO’s policy recommendations in a piecemeal fashion. There are some undisclosed sticking points that will have to be approved at a later date.

Chair Tripti Sinha wrote this week that the board “anticipates making incremental decisions leading up to the final decision on opening a new application window for new gTLDs”.

While “many” recommendations will be approved at ICANN 76, the board “will defer a small, but important, subset of the recommendations for future consideration”.

The good news is that the board is erring towards the so-called “Option 2” sketched out in Org’s Operational Design Assessment, which would be much quicker and cheaper than the five-year slog the ODA primarily envisaged.

Sinha wrote:

the Board has asked ICANN Org to provide more detail on the financing of the steps envisioned in the ODA, and to develop a variation of the proposed Option 2 that ensures adequate time and resources to reduce the need for manual processing and takes into account the need to resolve critical policy issues, such as closed generics.

The closed generics issue — where companies can keep all the domains in a generic-term gTLD all to themselves — did not have a community consensus recommendation, and the GNSO Council and Governmental Advisory Committee have been holding bilateral talks to resolve the impasse.

There’s been an informal agreement that some closed generics should be allowed, but only if they serve the global public interest.

A recent two-day GAC-GNSO discussion failed to find agreement on what “generic” and “global public interest” actually mean, so the talks could be slow going. The group intends to file an update before ICANN 76.

Paraguay to chair the GAC

Kevin Murphy, October 3, 2022, Domain Policy

Paraguayan government official Nicolas Caballero has been elected as the next chair of ICANN’s Governmental Advisory Committee.

He ran unopposed, in an election that had to extend its nomination period because nobody put themselves forward in time for the original August deadline.

He will replace Egypt’s Manal Ismail, who will leave the chair following ICANN’s meeting in Cancun next March.

The role comes with a non-voting liaison position on ICANN’s board of directors.

Caballero, a technical advisor in Paraguay’s Office of the President, has been on the GAC for about 10 years.

He’s the first GAC chair from South America.

ICANN staffer to referee closed generics fight

Kevin Murphy, July 28, 2022, Domain Policy

An ICANN policy staffer seems set to chair discussions between governments and the gTLD community over how to regulate “closed generic” domains in the next round of new gTLD applications.

ICANN has put forward its own conflict resolution specialist Melissa Peters Allgood to facilitate the talks, and the Governmental Advisory Committee and GNSO Council have apparently concurred, according to recent correspondence.

“We are of the view that Ms. Allgood’s experience, qualifications, and neutrality in the matter meets the suggested criteria from the GAC and the GNSO Council,” ICANN chair Maarten Botterman told his GAC and GNSO counterparts.

The talks will attempt to reach a consensus on how closed generics can be permitted, but limited to applications that “serve a public interest goal”.

A closed generic is a dictionary-word gTLD that the applicant hopes to operate as a dot-brand even though it does not own a matching trademark. Think Nike operating .sneakers and excluding Adidas and Reebok from registering names there.

While the GNSO community was unable to come to consensus on whether they should be permitted in subsequent rounds, the nine-year-old “public interest goal” GAC advice is still applicable.

The GAC and GNSO have agreed that the talks will exclude the propositions that closed generics should be unrestricted or banned outright.

Once both parties have formally agreed to Allgood’s appointment, and to the size and makeup of the discussion group, Allgood will prepare more paperwork outlining the problem at hand before talks start to happen, according to Botterman.

The slow crawl to closed generics at ICANN 74

Kevin Murphy, June 20, 2022, Domain Policy

Last Monday saw the 10th anniversary of Reveal Day, the event in London where ICANN officially revealed the 1,930 new gTLD applications submitted earlier in 2012 to a crowd of excited applicants and media.

Dozens of those applications were for closed generics — where the registry operator is the sole registrant, but the string isn’t a trademark — but now, a decade later, the ICANN community still hasn’t decided what to do about that type of gTLD.

At ICANN 74 last week, the Generic Names Supporting Organization and Governmental Advisory Committee inched closer to agreeing the rules of engagement for forthcoming talks on how closed generics should be regulated.

The GNSO’s working group on new gTLDs — known as SubPro — had failed to come to a consensus on whether closed generics should even be allowed, failing even to agree on whether the status quo was the thousand-year-old earlier GNSO policy recommendations that permitted them or the later GAC-influenced ICANN retconning that banned them.

But ever since SubPro delivered its final report, the GAC has been reminding ICANN of its 2013 Beijing communique advice, which stated: “For strings representing generic terms, exclusive registry access should serve a public interest goal.”

At the time, this amounted to an effective ban, but today it’s become an enabler.

ICANN has for the last several months been coaxing the GNSO and the GAC to the negotiating table to help bring the SubPro stalemate into line with the Beijing communique, and the rules of engagement pretty much guarantee that closed generics will be permitted, as least in principle, in the next application round.

GAC chair Manal Ismail told ICANN (pdf) back in April:

discussion should focus on a compromise to allow closed generics only if they serve a public interest goal and that the two “edge outcomes” (i.e. allowing closed generics without restrictions/limitations, and prohibiting closed generics under any circumstance) are unlikely to achieve consensus, and should therefore be considered out of scope for this dialogue.

Remarkably, the GNSO agreed to these terms with little complaint, essentially allowing the GAC to set at least the fundamentals of the policy.

Last week, talks centered on how these bilateral negotiations — or trilateral, as the At-Large Advisory Committee is now also getting a seat at the table — will be proceed.

The rules of engagement were framed by ICANN (pdf) back in March, with the idea that talks would begin before ICANN 74, a deadline that has clearly been missed.

The GNSO convened a small team of members to consider ICANN’s proposals and issued its report (pdf) last week, which now seems to have been agreed upon by the Council.

Both GNSO and GAC are keen that the talks will be facilitated by an independent, non-conflicted, knowledgeable expert, and have conceded that they may have to hire a professional facilitator from outside the community.

That person hasn’t been picked yet, and until he/she has taken their seat no talks are going to happen.

ICANN said a few months ago that it did not expect the closed generics issue to delay the SubPro Operational Design Phase, which is scheduled to wind up in October, but the longer the GAC, GNSO and ICANN dawdle, the more likely that becomes.

All that has to happen is for a group of 14-16 community members to agree on what “public interest” means, and that should be easy, right? Right?

ICANN highlights “not getting things done” risk

Kevin Murphy, May 16, 2022, Domain Policy

ICANN’s board of directors addressed a number of existential threats at its latest workshop, including the perception that it’s simply “not getting things done.”

Chair Maarten Botterman disclosed the discussions, which took place at the end of April, in a blog post Friday.

He described how the board broke up into four “brainstorming” groups, which returned with strikingly similar views on the risks ICANN faces.

There’s a worry that the lack of in-person meetings due to the pandemic is harming ICANN’s ability to work and that various unspecified “geopolitical initiatives” may get in the way of the mission. He added:

Moreover, we recognized the risk of ICANN being seen as “not getting things done.” On the opportunity side is the broad awareness within ICANN that we need to continue to deliver on our mission in the face of new challenges, as demonstrated by the prioritization efforts of the Board, Org, and Community, and our ability to adapt to changing circumstances.

The Org and the community have been faced with what I would call organizational inertia in recent months and years.

I wrote a few months ago about how ICANN hadn’t implemented a policy since December 2016 — more than five years previously.

Major issues facing the industry seem to be either stuck in endless feedback loops of community arguments or interminable Org preparatory work.

The SSAD, pitched as a solution to the problem of Whois access, appears doomed to be scrapped entirely or approved in a much-reduced form that many believe will not address the problem of identifying registrants in a post-GDPR world.

And even if the stripped-back SSAD Light gets approved, there’s a good chance this will add many months to the runway of the next round of new gTLDs, which itself is at an impasse because the Governmental Advisory Committee and the the GNSO cannot agree on whether to allow closed generics.

As it stands, 10 years after the last application round new gTLD policy is in the Operational Design Phase within Org, and not expected to come before the board until late this year. Much of what has been disclosed about the ODP to date looks a lot like wheel-spinning.