Could ICANN approve an R-word gTLD?

ICANN could be faced with the headache of approving or rejecting a new gTLD containing a term broadly considered a slur for the first time.

Unstoppable Domains has revealed that it is working with a client on an application for .retardio, which is linked to a memecoin cryptocurrency of the same name.

Unstoppable says the domain “symbolizes pride and a blend of brilliance with eccentricity”.

But the application could come up against significant challenges if it goes ahead, due to the various reviews and objection procedures all applications face.

The word “retard”, originally a medical term for people with mental disabilities, over the years morphed into a fun playground insult but is now considered offensive enough that, unless you’re Elon Musk, it’s often referred to as the “R-word”.

(I’m only typing it out in full here for the benefit of people who are reading this in their second language, who otherwise might not know what I’m talking about.)

Since 2009, the Special Olympics has held an annual Spread the Word to End the Word awareness day, which seeks to reduce usage of the word, which it describes as a form of “bullying”.

The British comedian Rosie Jones, who has cerebral palsy, faced a barrage of criticism from her own community when she provacatively titled her 2023 documentary about online ableist bullying “Am I a R*tard?” (asterisk in original).

There can be little doubt that it’s an offensive term in most of the Anglophone world, but does that mean it cannot be included in a gTLD string?

The current draft of ICANN’s Applicant Guidebook says that applicants “should be mindful of limitations to free expression” and there are multiple avenues through which a .retardio application could be killed off.

The most obvious way would be via the Governmental Advisory Committee, which has broad powers to instruct ICANN to reject applications on public policy grounds.

The AGB says the GAC Advice objection is for applications that are “problematic” or “potentially violate national law or raise sensitivities”, but that’s a pretty wide net.

If a couple of governments decided to champion an objection to .retardio, it’s easy to imagine they’d be able to rustle up enough support to meet the “consensus” threshold for formal GAC Advice.

ICANN’s board of directors is able to reject such advice, but in the 2012 application round it pretty much did what it was told.

Another way .retardio could fail is through the Limited Public Interest Objection, which can be filed against strings that are “contrary to generally accepted legal norms of morality and public order that are recognized under principles of international law”, such as:

Incitement to or promotion of discrimination based upon race, color, gender, ethnicity, religion or national origin, or other similar types of discrimination that violate generally accepted legal norms recognized under principles of international law

Literally anybody can file a LPI Objection, and they presumably could use the UN Convention on the Rights of Persons with Disabilities to tick the “principles of international law” box.

If successful, such objections force the applicant to withdraw.

The International Olympic Committee has never been shy about participating in ICANN, so if the affiliated Special Olympics, or the IOC, or indeed any disability rights advocacy groups, wanted to make a point by objecting to .retardio, the LPI Objection would be the way to do it.

ICANN lawyers want to keep their clients secret

IP lawyers in the ICANN community have come out swinging against proposed rules that would require them to come clean about who they work for, rules that are supported by registrars and governments.

A proposed policy that would force lawyers to disclose the identities of their clients when they participate in policy-making would violate their clients’ human rights, according to the Intellectual Property Constituency.

The criticisms came in response to an ICANN public comment period on a draft Community Participant Code of Conduct Concerning Statements of Interest, which opened in October and closed this week.

The draft would close a loophole that allows ICANN policy makers to keep their potential conflicts of interest secret when “professional ethical obligations” prevent them from disclosing this information.

“When disclosure cannot be made, the participant must not participate in ICANN processes on that issue,” the draft states.

The changes are keenly supported by the Registrar Stakeholder Group as a whole and by GoDaddy and Tucows in particular. As far as the registrars are concerned, the main problem with the draft is the somewhat vague enforcement mechanisms.

GoDaddy, for example, said in its comments:

We recognize that there may be situations in which a party is unable to disclose their client(s), and in those rare cases, GoDaddy agrees with ICANN’s conclusion that the participant forfeits the ability to participate in associated processes.

It added, echoing the RrSG as a whole, that more clarity is needed on enforcement, where the buck seems to stop with the chair of the working group where the disclosure infraction is alleged to have taken place, with no escalation.

On the opposing side are the IPC, the Business Constituency, and the International Trademark Association, which all filed comments criticizing the proposed changes. The IPC said:

The often-argued response of having attorneys not participate if they fail to uphold their ethical duty to their clients effectively vitiates the human right of representation by counsel and is not for the public benefit. ICANN has agreed to uphold human rights and therefore counsel cannot be compelled to disclose client identity.

Two of the concerns from lawyers is that the policy could require their clients to divulge trade secrets, such as whether they intend to apply for a new gTLD in the forthcoming application round.

Perhaps anticipating the Governmental Advisory Committee’s expected support for the policy changes, which was no secret, the IPC also raises the specter of the policy being broad enough to apply to the governments themselves: should they all be compelled to reveal the names of all the lobbyists who knock on their doors?

This forcing of transparency of national interest would significantly inhibit GAC members from fulfilling their role. Imagine a GAC member from one country filing an SOI saying that their government was being lobbied by numerous parties to gain favor in the New gTLD Rounds?

The GAC’s response to the public comment period was in fact cautiously supportive of the rule changes, saying:

Prima facie, the proposal referring to Statements of Interests seems to be in the right direction, and to fulfil the expectations expressed by the GAC. At the same time, the GAC looks forward to the reactions from ICANN org to the views expressed during the public comment period

Like the registrars, the GAC is looking for more clarity on enforcement mechanisms.

The public comments will by summarized for publication mid-December and the ICANN board could take action on the proposals next year.

Unloved INTA slams ICANN over new gTLDs

The new gTLD program is an existential threat to ICANN if it continues to ignore the concerns of IP interests, according to the International Trademark Association.

Trademark owners are becoming disillusioned with the ICANN process and “instead have opted to pursue more balanced outcomes through regulators, legislatures, and courts”, INTA said in comments on draft new gTLD program rules yesterday.

INTA warned that there has been “a decline in interest in the work of ICANN as otherwise engaged members have determined that there is very little return on the thousands of hours of time that they have devoted to ICANN’s continuous improvement”. It said:

The ICANN Board, Org and review team members would do well to consider the consequences of continuing to ignore the input of non-contracted parties especially when it comes to addressing ongoing harms within the domain name system. At a time when governments are vying to assume more policy oversight over the DNS, ICANN is well positioned to double down on the multistakeholder model by giving serious consideration and adjusting proposed policies in a balanced manner.

ICANN’s refusal to take on board the IP lobby’s suggestions when it added new DNS abuse requirements to its registry and registrar contracts earlier this year seems to be at the root of the outburst.

INTA said that it is “opposed to new [gTLD application] rounds” until “substantial reforms are made to ICANN’s approach to domain abuse and contract compliance”.

The comments were by far the angriest filed in response to the ICANN public comment period, just closed, that sought input on several draft sections of the new gTLD program’s Applicant Guidebook.

Pre-rant, INTA substantively said that the AGB needs to give brand owners and potential dot-brand applicants more clarity on when subsequent application rounds will launch.

Currently, ICANN expects the Next Round’s first wave to kick off in the second quarter of 2026, but subsequent application windows are subject to a checklist of triggering events that on the face of it is a little confusing.

Threats of government intervention undermining the legitimacy of the ICANN multistakeholder model are of course far from new. I’ve been writing about them for 20 years or more.

But the latest INTA threat may ring a little hollow given that ICANN’s Governmental Advisory Committee also filed comments on exactly the same issues, so we know exactly what governments think: they’re totally cool with how the AGB is being drafted, and just seem happy to be involved.

Private auctions to be banned in next new gTLD round

ICANN plans to ban private auctions in the next new gTLD application round, chair Tripti Sinha has told governments.

The board of directors plans to accept the Governmental Advisory Committee’s recent advice to “prohibit the use of private auctions in resolving contention sets in the next round of New gTLDs”, Sinha told her GAC counterpart in a letter published this week.

This is a significant departure from the 2012 round, where many contention sets were resolved privately, with tens of millions of dollars changing hands. Simply applying for a gTLD, in order to lose an auction rather than actually running a registry, will quite possibly no longer be a business model.

What replaces private auctions is yet to be determined. ICANN plans to publish a paper and hold two community webinars in August to discuss alternatives, and reach a decision at its meeting in early September.

Sinha warned that if it cannot reach a conclusion by the September meeting, it might delay the publication of the Applicant Guidebook and thus the opening of the next application window.

It’s quite an aggressive deadline, given the complexity of the problem. ICANN is essentially trying to figure out a way to prevent unscrupulous actors from attempting to game the system for financial gain.

Ideas such as allowing good-faith joint ventures to be formed between competing applicants have been floated in recent months, but have faced scrutiny as they might permit side-deals to be inked that have the same effect as private auctions.

What seems certain is that “last resort” auctions — where ICANN gets all the money for its already $200 million war chest — will still be an option in the next round, which is current penciled in for the first half of 2026.

ICANN’s board plans to pass resolutions on the matter next Monday, so we should have a little more clarity by the start of August at the latest.

ICANN content policing power grab may be dead

A move by ICANN to grant itself more formal “content policing” powers may be dead, after the community was split on the issue and governments failed to back the move.

The Governmental Advisory Committee yesterday sent comments essentially opposing, for now at least, the idea of ICANN reforming its bylaws to give it more powers over internet content, making it very unlikely that ICANN would be able to get such amendments approved by its community overseers.

The comments came a few days after ICANN extended the deadline for responses to a December 2023 consultation on whether applicants in the next new gTLD round should be able to sign up to so-called Registry Voluntary Commitments that regulate content in their zones.

RVCs would be an appendix to ICANN Registry Agreements which would commit a registry to, for example, ban certain types of registrant or certain types of content from domains in their gTLDs.

They’re basically a rebadged version of the Public Interest Commitments found in RAs from the 2012 round, in which the likes of .sucks agreed to ban cyberbullying and .music agreed to ban piracy.

But they’ve got ICANN’s board and lawyers worried, because the Org’s bylaws specifically ban it from restricting or regulating internet content. They’re worried that the RVCs might not be enforceable and that ICANN may wind up in litigation as a result.

ICANN has therefore proposed a framework (pdf) in which RVCs would be enforced by ICANN only after an agreed-upon third-party auditor or monitor found that a registry was out of compliance.

The board sent out several pages of questions to all of its Supporting Organizations and Advisory Committees in December, asking among other things whether the bylaws needed to be amended to clarify ICANN’s role, but the responses were split along traditional lines.

Registries and registrars were aligned: there’s no need for a bylaws change, because ICANN should not allow RVCs that regulate content into its contracts at all.

“ICANN should maintain its existing bylaws which exclude content from its mission, and allowing any changes to this could be a slippery slope opening ICANN to becoming a broader ‘content police’,” the Registrars Stakeholder Group said in its response, giving this amusing example:

An example of a content restriction is provided in the proposed implementation framework for .backyardchickens (e.g. no rooster-related content). Restricting rooster-related content would require a significant amount of policing, and could even prohibit valuable content that would benefit such a TLD. For example, a backyard hen farmer might want to promote the pedigree lineage of the roosters that helped sire the hens, show pictures of the roosters that were the fathers, etc. All of this could in theory be prohibited,but would also require review and subjective analysis. This would be a very slippery slope for ICANN, and a substantial departure from its mission. Restricting rooster content would then put ICANN in the place of enforcing laws that prohibit backyard roosters, rather than relying upon the competent government authorities charged with overseeing residential animal husbandry.

The Non-Commercial Stakeholders Group was more strident in its tone, even raising the possibility of legal action if ICANN went down the content policing route, saying “the best way for the Board to address content-related PICs and RVCs is to make it clear that it will reject them categorically.” It added:

The prohibition on content regulation in ICANN’s mission is extremely important and very clear. Mission limitations were a critical part of the accountability reforms that were required before ICANN would be released from US government control in 2016… NCSG will mount a legal challenge to any attempt to dilute this part of the mission.

The opposing view was held by the Business Constituency, the Intellectual Property Constituency, and the At-Large Advisory Committee, which is tasked with representing the interests of ordinary internet users.

They all said that ICANN should be able to allow content-related RVCs in registry contracts, but the IPC and BC said that no bylaws amendment is needed because the bylaws already have a carve-out that enables the Org to enforce PICs in its agreements. The ALAC said a bylaws amendment is needed.

“There is a distinction between ICANN regulating, i.e imposing ‘rules and restrictions on’ services and content, versus the registry operator voluntarily proposing and submitting to such rules and restrictions,” the IPC wrote.

“There is also a distinction between ICANN directly enforcing such rules and restrictions on third parties, i.e. registrants, versus ICANN holding a registry operator to compliance with the specifics of a contractual commitment,” it added.

The last community group to submit a response, fashionably late, was the GAC, which filed its response yesterday having reviewed all the other responses submitted so far. The GAC arguably has the loudest voice at ICANN, but its comments were probably the least committed.

The GAC said that ICANN should only go ahead with a bylaws amendment if it has community backing, but that the community currently lacks consensus. It said, “at this stage there are not sufficient elements to justify commencing a fundamental bylaws amendment to explicitly enable the enforcement of content-related restrictions”.

However, the GAC still thinks that RVCs “will continue to serve as tools for addressing GAC concerns pertaining to new gTLD applications during the next round” and that it wants them to be enforceable by ICANN, with consequences for registries found in breach.

The GAC said that it “will continue to explore options to address this important question”.

This all means that ICANN is a long way from getting the community support it would need to push through a bylaws amendment related to content policing. That’s considered one of the “Fundamental Bylaws” and can only be changed with substantial community support.

Such amendments require the backing of the Empowered Community. That’s the entity created in 2016 to oversee ICANN after it severed ties with the US government. It comprises individuals from five groups — the GAC, the GNSO, the ccNSO, the ALAC and the Address Supporting Organization.

For a fundamental bylaws amendment to get over the line, at least three of these groups must approve it and no more than one must object.

With the GNSO, given its divisions, almost certainly unable to gather enough affirmative votes, the GAC seemingly on the fence, and the ASO and ccNSO recusing themselves so far, only the ALAC looks like a clear-cut yes vote on a possible future bylaws amendment.

Perhaps that’s why ICANN chair Tripti Sinha has written to the ASO and ccNSO in the last few days to ask them whether they’d like to think again about ducking out of the consultation, giving them an extra two weeks to submit comments after the original March 31 deadline.

The ccNSO handles policy for country-code domains and the ASO for IP addresses. Both have previously told ICANN that gTLD policy is none of their business, but Sinha has urged them both to chip in anyway, because “the ICANN Bylaws govern us all”.

GoDaddy’s next .xxx contract may not be a done deal

ICANN has published what could be the next version of GoDaddy’s .xxx registry contract, and is framing it as very much open to challenge.

The proposed Registry Agreement would scrap the “sponsored” designation from .xxx, substantially reduce GoDaddy’s ICANN fees, and implement the strictest child-protection measures of any gTLD, as well as make ICANN Compliance’s job a lot easier by standardizing terms on the new gTLD program’s Base RA.

But, as eager as ICANN usually is to shift legacy, pre-2012 gTLDs to the Base RA, this time it’s published the contract for public comment as if it’s something GoDaddy is unilaterally proposing.

It’s “ICM’s proposal”, according to ICANN’s public comment announcement, referring to GoDaddy subsidiary ICM Registry, and “ICM has requested to use the Base Registry Agreement form, as well as to remove the sponsorship designation of the .XXX TLD”.

This is not the language ICANN usually uses when it publishes RA renewals for public comment. Normally, the proposed contracts are presented as the result of bilateral negotiations. In this case, ICANN and ICM have been in renewal discussions for at least three years, but the contract is being presented as something GoDaddy alone has asked for.

The new RA would remove almost all references to sponsorship and to IFFOR, the pretty much toothless “sponsor” organization ICM created to get its .xxx application over the line under the rules of the Sponsored TLD application round that kicked off back in 2003.

Instead, it loads a bunch of Public Interest Commitments, aimed at replicating some of the safeguards IFFOR oversight was supposed to provide, into the Base RA.

GoDaddy would have to ban and proactively seek out and report child sexual abuse material. It would also prohibit practices that suggest the presence of CSAM, such as the inclusion of certain unspecified keywords in .xxx domains or in the corresponding web site’s content or meta-content.

(ICANN notes that these PICs may become unenforceable, depending on the outcome of current discussions about its ability to enforce content-related terms of its contracts).

GoDaddy and IFFOR have both submitted letters arguing that sponsorship is no longer required. The existence of sister gTLDs .adult, .sex, and .porn as unsponsored gTLDs, also in the GoDaddy Registry stable, proves the extra oversight is not needed, they say. Registrants polled do not object to the changes, they say.

GoDaddy’s cost structure would also change under the new deal. Not only would it save $100,000 a year by cutting off IFFOR, but it would also inherit the Base RA’s 50,000-domain threshold for paying ICANN transaction fees.

This likely means it won’t pay the $0.25 transaction fee for a while — .xxx was at about 47,500 domains under management and shrinking at the last count. It hasn’t reported DUM over 50,000 since January 2023.

While the renewal terms may seem pragmatic and not especially unreasonable, they’ve already received at least one public objection.

Consultant Michael Palage, who was on the ICANN board for the first three years of .xxx’s agonizing eight-year path to approval, took to the mic at the ICANN 79 Public Forum earlier this month to urge the board to reject GoDaddy’s request.

Palage said there have been “material violations of the Registry Agreement” that he planned to inform ICANN Compliance about. He added that approving the new deal would set a bad precedent for all the other “community” registries ICANN has contracts with.

The situation has some things in common with the controversy over the proposed acquisition of Public Internet Registry and .org a few years ago, in that the proposal entails ignoring promises made by a registry two decades ago.

Whether .xxx will attract the same level of outrage is debatable — this deal doesn’t involve nearly as many domains and does not talk to the price registrants pay — but it could attract noise from those who believe ICANN should not throw out its principles for the sake of a quieter life.

One place we might look for comment is the Governmental Advisory Committee, which was the biggest reason .xxx took so long to get approved in the first place.

But the timing of the comment period opening is interesting, coming a week after ICANN 79 closed. It will end April 29, about six weeks before the full GAC next meets en masse, at ICANN 80.

It’s not impossible that the new contract could be approved and signed before the governments get a chance to publicly haul ICANN’s board over the coals.

ICANN 79: anonymous trolls and undercover lawyers

Transparency, an ICANN watchword since day one, was a noticeable thematic undercurrent at the community’s 79th public meeting in Puerto Rico last week.

The problem of lawyers representing unnamed clients in policy-making groups was raised in several fora, while another section of the community seems to have separately been infiltrated by the same kind of anonymous trolls that plagued ICANN during its infancy.

Governments were especially keen that the GNSO clean house by tightening up its disclosure rules, following an abortive attempt at reform at the Hamburg meeting last October, and they found allies in the Contracted Parties House, which had killed off the reform after deciding it did not go far enough.

Under the current GNSO rules of engagement, everyone who volunteers to participate in policy-making has to file a Statement of Interest, disclosing information such as their employer, community group affiliations, and so on. Among other things, volunteers are asked:

Do you believe you are participating in the GNSO policy process as a representative of any individual or entity, whether paid or unpaid? Please answer “yes” or “no.” If the answer is “yes,” please provide the name of the represented individual or entity. If professional ethical obligations prevent you from disclosing this information, please so state.

The exemption is believed to be designed primarily for American lawyers in private practice, some of whom say they may sometimes be ethically prevented from disclosing the identity of their clients.

But this creates problems for community volunteers, and for the rest of us.

For policy-makers: sometimes, in a working group, you won’t know who you’re really arguing with. The guy opposite, in the expensive suit who keeps inexplicably rubbing her nostrils, could be a mouthpiece for almost any corporation, industry association, or government.

For the rest of us: we don’t know who is really making the policies that impact how domain names are sold, managed, and regulated. Those may seem trivial issues in the grand scheme of things, but they touch on issues such as free speech, data privacy, and how much money comes out of your pocket when you buy a domain.

An attempt last year by the GNSO to update its SOI rules was shot down by the Contracted Parties House because the proposed changes kept the lawyer disclosure exemption.

The Non-Contracted Parties House gave the changes their unanimous approval.

The GNSO Council Committee for Overseeing and Implementing Continuous Improvement, which came up with the changes, looked at 351 SOIs from two recent large policy working groups and found that “a maximum of 0.03% members were making use of the exemption.”

I think that means just one person.

But the scale of the issue is irrelevant compared to the principle, according to some.

Swiss GAC rep Jorge Cancio noted during a session with the CPH last week, “even if there’s a very small number of cases where people use some exceptions for not explaining whom they are working for, even if it’s just 10 people out of 1,000 participants, this already tarnishes the whole of the system”.

Registries Stakeholder Group chair Sam Demetriou concurred: “We believe in and we are strong supporters of the multistakeholder model, but in order for a model to be multistakeholder, you need to know who those stakeholders are. It is inherent in the entire system and the definition.”

The GAC’s position is that everyone participating in policy-making needs to be up-front about their interests, in accordance with global norms. In a session with the GNSO Council, UK rep and vice-chair Nigel Hickson urged the GNSO to sort out the SOI issue before ICANN meets again, set for Kigali this June, because ministers will be present, wanting answers.

Separately at ICANN 79 last week, there was a parallel debate going on about whether a group affiliated with ICANN should force its members to even file SOIs at all.

The Universal Acceptance Steering Group isn’t technically an ICANN body — a Supporting Organization or Advisory Committee — but it is funded and supported by ICANN and carries out ICANN work. It’s been around since 2015 but so far hasn’t required members to submit SOIs.

As anyone who attended or remotely lurked on the ICANN 79 Public Forum last week will know, the UASG came in for a lot of criticism, mostly from remote participants, some of whom have managed to pull off the near-miraculously impressive achievement of having a non-existent Google footprint.

I’m not of course suggesting that some of the people in the Public Forum chat room were trolls using pseudonyms, but… actually, yes, that is what I am suggesting.

These participants had beef with the UASG for imposing a new strict SOI requirement — rules coming into force right now give participants a few months to file their SOIs or get kicked off the UASG mailing list — and suggested UASG leadership had broken with ICANN rules by unilaterally imposing the requirement.

Said mailing list is notable for being lightly used, but with occasional traffic spikes, usually during discussions of anything related to elections or UASG leadership, from participants using free webmail addresses and often what appear to be joke names (Yisrael Memshelet, really?).

Sometimes, these participants have helped steer the mailing list discussion, and at least one question from an aforementioned Google-resistant remote participant was read out at last week’s Public Forum and responded to (kinda) by a board member. ICANN received so many remote UASG questions during the Public Forum that it said it would provide a consolidated written response after the meeting.

It seems ICANN is suffering from twin related transparency problems right now — lawyers who don’t want to reveal their clients, and trolls who don’t want to reveal their identities — neither of which is ideal for its legitimacy.

Governments back down on new gTLD next round delay

ICANN’s Governmental Advisory Committee has decided not to force the Org to pay for a independent cost/benefit analysis of the new gTLD program, removing the potential for timeline friction ahead of the planned 2026 next-round launch.

In its latest communique, published following the ICANN 79 meeting in Puerto Rico last week, the GAC has essentially told ICANN that it broke its bylaws by not following eight-year-old GAC advice, but meh, whatever, just don’t do it again.

As I reported last week, governments had grown concerned that ICANN had not delivered the “objective and independent analysis of costs and benefits” of the new gTLD program that the GAC had asked for in 2016. Such an analysis was supposed to be a prerequisite for the next round going ahead.

What ICANN had delivered instead was a relatively hastily prepared summary of the next round’s policy recommendations, Org’s analysis of these recommendations, and the community-led review of competition, consumer protection and trust issues, the CCT review.

The Puerto Rico communique says that this response “cannot be considered to constitute a cost-benefit analysis, nor to be objective and independent” but that the GAC does not wish to throw up a road-block to the next round going ahead on schedule. It reads:

The GAC recognizes that the Community (with involvement of the GAC) is taking forward the next round of new gTLDs and has set a corresponding timeline. The GAC, therefore, believes that conducting further analysis at this stage would not serve the intended purpose.

The GAC encourages the Board to ensure that GAC advice, which the Board has accepted, is effectively implemented and its implementation is communicated to the GAC.

GAC chair Nicolas Caballero of Paraguay summarized it as the committee telling the ICANN board “we’re not aiming by no means at stopping the next round or anything like that, but that we want to be taken seriously”.

The original draft of the communique, drafted by Denmark, the US, the UK and Switzerland delegations, also contained text noting that the analysis ICANN provided was written by staff or community stakeholders, who were neither independent nor objective, but this was removed during a drafting session last week after objections from Iran, whose rep said it sounded too critical of the multistakeholder process.

It seems ICANN, and others who stand to make a lot of money from the new gTLD program, have dodged a bullet here, with the GAC essentially backing away and backing down from its potentially delay-causing previous demands.

GAC spinning up new gTLD curveball at ICANN 79?

ICANN’s Governmental Advisory Committee had a habit of throwing delaying curveballs before and during the 2012 new gTLD application round, and it might be planning a repeat performance before the upcoming 2026 round.

The GAC today assembled at ICANN 79 in Puerto Rico to discuss the latest developments in planning for the next round, and a major concern emerged around ICANN’s response to its request for a cost/benefit analysis.

The GAC had first asked for such an analysis at the Helsinki meeting in 2016, but after the ICANN 78 Hamburg meeting last October noted that it had still not received one.

At ICANN 56, the GAC had asked that an “objective and independent analysis of costs and benefits… drawing on experience with and outcomes from the recent round” should be a prerequisite for a next round going ahead.

After its Hamburg reminder, ICANN threw together a summary (pdf) of three existing documents that it presumably hoped would check that box and shush the GAC or give the GAC an excuse to shush itself.

The documents were the report of the Competition and Consumer Trust Review Team, the Subsequent Procedures PDP Working Group Final Report (which created the policy recommendations for the next round) and ICANN’s Operational Design Assessment of SubPro (which talked about how ICANN would implement those recommendations).

It was a pretty flimsy response, and GACers weren’t buying it, pointing out today that the three documents in question were all produced by the ICANN community or ICANN staff and couldn’t really be said to be “objective and independent”. Nor could they be said to amount to an “analysis of costs and benefits”.

“I had the pleasure to read through the report, and see whether it’s a cost/benefit analysis, and whether it’s an objective and independent analysis,” the GAC rep from Denmark said. “And I must say that my answer or reply to those questions would be no, and a big no.”

Other GAC members in Europe and North America seemed to agree that either the cost/benefit analysis they had asked for still hadn’t been delivered and that perhaps it wouldn’t be great for the GAC’s credibility if it didn’t press the issue.

The UK rep, who was chairing the session, observed that GAC members’ higher-uppers in government, such as ministers, sometimes ask what economic impact gTLD expansion might have and that an answer might be useful.

The contrarian opinion came, as it so often does, from Iran, whose rep suggested that a cost/benefit analysis might be pointless and maybe the GAC should just put the issue to bed.

What happens if the analysis shows the costs outweigh the benefits, he asked, should ICANN just scrap the next application round and 13 years of policy work?

It seems a request for ICANN to pay for an independent cost/benefit analysis of the new gTLD program could make its way into the GAC’s formal advice-delivering communique later in the week, potentially throwing friction into the roll-out of the next round.

In my opinion, there is no real answer to the question of whether the new gTLD program is a net benefit.

Beyond the billions of dollars of economic activity that will be created, whether it’s beneficial is purely a subjective opinion, and paying a bunch of overpriced consultants to wave their hands in the air for a year before spitting out the 300-page PDF equivalent of a Gallic Shrug probably won’t provide any meaningful clarity.

Whois policy published without life-saving disclosure rule

ICANN has updated its Registration Data Policy, the rules that govern what data registries and registrars need to collect from registrants and when to publish or supply it through Whois lookups or disclosure requests.

When it becomes enforceable in August next year, the new RDP will make full-fat ICANN Whois policy compliant with EU privacy law for the first time since the General Data Protection Regulation came into effect in May 2018.

But the new policy, which replaces a functionally very similar temporary policy, is notable not only for the extraordinary amount of time it took to produce, but also for not containing a disputed requirement for registrars and registries to quickly turn over private Whois data when human life is at risk.

The policy dictates what contact information registrars must collect from their customers, what they must share with their registries, escrow agents and others, and what they must redact in the public Whois (or Registration Data Directory Services, as it will become known when Whois is retired next January).

It also says that registries and registrars must acknowledge private data disclosure requests no more than two business days after receipt and respond to the requests in full less than 30 calendar days after that, barring delays caused by “exceptional circumstances”.

But, due purely to ICANN community politicking, the policy for now omits previously considered language on “urgent” disclosure requests for use in “circumstances that pose an imminent threat to life, of serious bodily injury, to critical infrastructure, or of child exploitation”.

I’d like to think such circumstances are incredibly rare, but if there’s a situation where a Whois disclosure could help prevent a bomb going off at a major internet exchange, a trans rights activist being hounded into suicide, or a little kid getting raped on a livestream, the new ICANN policy does not account for that.

The version of the policy published in July last year (pdf) did include an urgent requests provision, requiring contracted parties to either turn over the data or tell the requester to get lost within 24 hours of receipt.

But it also contained a bunch of exceptions that could allow registrars to extend that deadline by up to three business days. When weekends and public holidays are taken into account, this could mean as much as a full calendar week to process an “urgent”, potentially life-saving request.

For that reason, the Governmental Advisory Committee wrote to ICANN (pdf) last August to ask it to revisit the policy language, chuck out the reference to “business” days, and stick to a 24-hour response window

The original Expedited Policy Development Process Working Group that came up with the policy recommendations had not specified how long registrars and registries should have to respond to urgent disclosure requests, punting that decision to the Implementation Review Team that drafted the final language.

An August 2022 draft (pdf) put out for public comment made the response window two business days, with a possible one-day extension, but this was reduced to 24 hours last year in what registrars describe as a “significant compromise” given the operational reality of responding to disclosure requests.

In August last year, the Registrars Stakeholder Group told ICANN (pdf) that its members “are committed to responding to Urgent requests in the most swift and expeditious manner possible” but said it objected to the GAC’s last-minute demands for the urgent disclosures policy to be rewritten.

From the registrars’ perspective, handling disclosure requests for personal data is not a simple ask. It’s a legal decision, balancing the privacy rights of the registrant with the rights of others to access that information.

Get it wrong, and you’re open to litigation and fines substantial enough to be expressed as a percentage of your revenue. And, money aside, who wants to be the guy who, for example, accidentally helps the Iranian morality police murder a bunch of schoolgirls for wearing the wrong type of hat?

But the argument between the registrars and the governments comes down to issues of ICANN process. Both the GAC and the RrSG claimed the urgent disclosures bunfight highlights deficiencies in ICANN multistakeholderism, but for different reasons.

ICANN’s response to this disagreement was to remove the urgent requests clauses from the policy altogether, in the hope that further talks can find a solution. Chair Tripti Sinha wrote to the RrSG and GAC a couple weeks ago to tell them:

the Board concluded that it is necessary to revisit Policy Recommendation 18 concerning urgent requests in the context of situations that pose an imminent threat to life, serious bodily harm, infrastructure, or child exploitation, and the manner in which such emergencies are currently handled. For this, we believe that consultation with the GNSO Council is required.

ICANN has essentially kicked the can, which was what the GAC had asked for. The RrSG wanted the July 2023 language (one-plus-three days) or August 2022 language (two-plus-one days) published in the final policy.

It’s stuff like this that makes one scratch one’s head, stroke one’s chin, and wonder whether ICANN really is fit for purpose.

There were 2,312 days between the day the European Commission first proposed the GDPR to the day it became effective in all EU member states.

But 2,590 days will have passed between the day the GNSO Council initiated the EPDP and the day the new Registration Data Policy will become effective on all contracted parties, next August.

The lumbering, then-28-state European Union was faster at passing policy than ICANN, even when ICANN was using an “expedited” process.

And what ICANN eventually came up with couldn’t even agree on ways to help tackle murder, economic catastrophes, and the rape of kids.