Recent Posts
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
Australia leads the charge as governments file 242 new gTLD warnings
Governments of the world have filed 242 warnings on new gTLD applications, more than half of which came from Australia.
Warnings were filed against 145 strings in total, and in most cases governments issued the same warnings against all competing applications in a given contention set.
Australia was responsible for 129 warnings, accounting for most of the 49 warnings received by Donuts.
There are some surprises in there.
Notably, there were no warnings on any of the strings related to sex, sexuality or porn.
Given the amount of effort the GAC put into advising against .xxx, this is a big shock. Either governments have relaxed their attitudes, or none were willing to single themselves out as the anti-porn country.
No government warned on .gay.
The largest single recipient of warnings, with 49, was Donuts, the largest portfolio applicant.
The most-warned application, with 17 warnings, was DotConnectAfrica’s .africa. The company is contesting the gTLD without government support, and African nations objected accordingly.
Nigeria also warned Delta Airlines about its proposed .delta dot-brand,
The string “delta” is a protected ISO 3166 sub-national place name, as Delta is likely to discover when the Geographic Names Panel delivers the results of its evaluation.
Australia objected to .capital on the same grounds.
Top Level Domain Holdings was hit with warnings from Italy and South Africa based on a lack of government support for its geographic applications .roma and .zulu.
Remarkably, Samoa warned the three applications for .website on the grounds that they would be “confusingly similar” to its own ccTLD, .ws, which is marketed as an abbreviation for “website”.
The US warned on all 31 of Radix Registry’s applications, saying that the Directi company inappropriately included an email from the FBI in its bids, suggested an endorsement when none exists.
Australia, among its 129 warnings, appears to have won itself a lot of friends in the intellectual property community.
It’s objected to .fail, .sucks, .gripe and .wtf on the grounds that they have “overly negative connotations” and a lack of “sufficient mechanisms to address the potential for a high level of defensive registrations.”
It also issued warnings to applicants planning gTLDs covering “regulated sectors”, including .accountant, .architect and .attorney, without sufficient safeguards to protect consumers.
Generic strings with single-registrant business models — such as Google’s .app and .blog bids — are also targeted by Australia on competition grounds.
Australia more than any other governments appears to be trying to use its warnings as a way to enter into talks with applicants, with a view to remedial action.
Whether this will be permitted — applicants are essentially banned from making big changes to their applications — is another matter entirely.
The full list of warnings can be found here.
GAC Early Warnings confirmed for today. Here’s what I expect to see
ICANN’s Governmental Advisory Committee is ready to send out its Early Warnings on new gTLD applications today as scheduled, ICANN has confirmed.
The Early Warnings, which highlight applications that individual GAC members have problems with, are expected to be sent by the GAC to applicants and published by ICANN later.
Because the warnings are expected to be issued by individual governments, rather than the GAC as a whole, we could wind up seeing hundreds, due to multiple governments objecting to the same applications.
However, some governments may have decided to be conservative for precisely the same reason.
Governments won’t be able to hide behind the cloak of “GAC Advice”, as they did when .xxx was up for approval last year; the names of the governments will be on the warnings.
That’s not to say there won’t necessarily be safety in numbers. It’s possible that some warnings will be explicitly supported by multiple governments, potentially complicating applicant responses.
But which countries will provide warnings?
I’d be surprised if the US, as arguably the most vocal GAC player, does not issue some. Likewise, the regulation-happy European Commission could be a key objector.
It’s also my understanding that Australia has a raft of concerns about various applications, and has been leading much of the back-room discussion among GAC members.
Going out on a limb slightly, I’m expecting to see the warnings from Western nations concentrating largely on regulated industries, IP protection and defensive registrations.
We’re likely to see warnings about .bank and .sucks, for examples, from these governments. To a certain extent, any non-Community applications that could be seen as representing an industry could be at risk.
On the “morality” front, indications from ICANN’s public comment period are that Saudi Arabia has a great many problems with strings that represent religious concepts, and with strings that appear to endorse behavior inconsistent with Islamic law, such as alcohol and gambling.
But last time I checked Saudi Arabia was not a member of the GAC. It remains to be seen whether similar concerns will be raised by other governments that are members.
The one Early Warning we can guarantee to emerge is against .patagonia, the application from a US clothing retailer that shares its name with a region of South America.
The Argentinian government has explicitly said it will issue a warning against this bid, and I expect it to garner significant support from other GAC members.
The GAC Early Warnings stand to cause significant headaches for applicants, many of which are gearing up for a four-day US Thanksgiving weekend.
After receiving a warning, applicants have just 21 days to decide whether to withdraw their bid — receiving an 80% refund of their $185,000 application fee — or risk a formal GAC Advice objection next year.
But that’s not even half of the problem.
The GAC has indicated that it wants to be able to, effectively, negotiate with new gTLD applicants over the details of their applications after issuing its warnings.
At the Toronto meeting last month, the GAC asked ICANN to explain:
the extent to which applicants will be able to modify their applications as a result of early warnings.
[and]
how ICANN will ensure that any commitments made by applicants, in their applications or as a result of any subsequent changes, will be overseen and enforced by ICANN.
ICANN has not yet responded to these inquiries and it does not expect to do so until Thursday.
The fact is that ICANN has for a long time said that it does not intend to allow any applicant to make any material changes to their applications after submission. This was to avoid gaming.
It has since relaxed that view somewhat, by introducing a change request mechanism that has so far processed about 30 changes, some of which (such as .dotafrica and .banque) were highly material.
Whether ICANN will extend this process to allow applicants to significantly alter their applications in order to calm the fears of governments remains to be seen.
Whatever happens this even, many new gTLD applicants are entering unknown territory.
GNSO gives thumbs down to Olympic trademark protections in shock vote
ICANN’s GNSO Council voted against providing special brand protection to the Olympics and Red Cross today, in a shock vote that swung on a trademark lawyer’s conflict of interest.
A motion before the Council today would have temporarily protected the words “Olympic”, “Red Cross” and “Red Crescent” in various languages in all newly approved gTLDs.
The protections would be at the second level, in addition to the top-level blocks already in place.
The motion merely needed to secure a simple majority in both of the GNSO houses to pass, but it failed to do so despite having the unanimous support of registries and registrars.
Remarkably, the motion secured 100% support in the contracted parties house (registries and registrars) but only managed to scrape 46.2% of the vote in the non-contracted parties house, just one vote shy of a majority.
While the Non-Commercial Users Constituency predictably voted against the extra protections, it was an unnecessary abstention by an Intellectual Property Constituency representative that made the difference.
Trademark lawyer Brian Winterfeldt explained that he was abstaining — which essentially counts as a “no” vote — because the American Red Cross is his client so he had a conflict of interest.
The second IPC representative, newcomer Petter Rindforth, accidentally abstained also, before changing his vote to “yes” after it was explained that abstention was not an official constituency position.
Another member of the non-contracted parties house was absent from the meeting, potentially costing the motion another vote.
Half an hour later, when the Council had switched its attention to other business, Winterfeldt realized that his conflict of interest didn’t actually bar him from voting and asked if he could switch to a “yes”, kicking off a lengthy procedural debate about whether the vote should be re-opened.
In-at-the-deep-end Council chair Jonathan Robinson, in his first full meeting since taking over from Stephane Van Gelder last month, eventually concluded that because some councilors had already left the meeting it would be inappropriate to reopen the vote.
So the decision stands, for now at least: no special protections at the second level for the Olympics or Red Cross.
The Council is due to meet again December 20, when it may choose to revisit the issue. If it does, proponents of the motion had better hope the NCUC doesn’t request a deferral.
If today’s “no” vote is still in effect January 31, the ICANN board of directors may feel obliged to overrule the GNSO in order to approve the second-level reservations.
This wouldn’t look great for the vaunted bottom-up decision-making process, but the board is under a lot of pressure from the Governmental Advisory Committee to protect these two organizations, and it has already said that it favors temporary protections.
I suspect that the damage done today is not to the Olympics or Red Cross, which will probably get what they’ve been lobbying for for the last few years, but to the GNSO Council, which seems to have kicked off its new year on a divisive and embarrassingly bureaucratic note.
ICANN 45: Super-Fadi targets Trademark Clearinghouse and RAA talks
There can be no denying that ICANN’s new CEO was well received at the Toronto meeting last week.
From his opening speech, a sleeves-rolled-up address that laid out his management goals, and throughout the week, Fadi Chehadé managed to impress pretty much everybody I spoke to.
Now Chehadé has turned his attention to the formative Trademark Clearinghouse and the Registrar Accreditation Agreement talks, promising to bring the force of his personality to bear in both projects.
“I’m coming out of Toronto with two priorities for this year,” he said during an interview with ICANN’s media relations chief, Brad White, last Friday.
“The first one is obviously to get the Trademark Clearinghouse to work as best as possible, for all parties to agree we have a mechanism that can satisfy the interests of the parties.”
“The second one is the RAA,” he said. “Without question I’m going to be inserting myself personally into both these, including the RAA.”
These are both difficult problems.
Work on the TMCH hit a snag early last week when ICANN chief strategy officer Kurt Pritz told the GNSO Council that the “community consensus” implementation model proposed by registries presented a big problem.
The “live query model” proposed for the Trademark Claims service, which would require the TMCH to sit in the live domain registration path, should be taken “off the table”, he said.
ICANN is/was worried that putting a live database of trademark checks into the registration model that has functioned fairly well for the last decade is a big risk.
The TMCH would become a single point of failure for the whole new gTLD program and any unanticipated downtime, ICANN has indicated, would be hugely embarrassing for ICANN.
“I’m personally concerned that once you put the Clearinghouse in the path for that it’s very difficult to unring the bell, so I’d rather proceed in a way that doesn’t change that,” Pritz said.
His remarks, October 14, angered backers of the community model, who estimated that the live query model would only affect about 10% to 15% of attempted domain registrations.
“Taking it off the table is a complete mistake,” said Jeff Neuman of Neustar, one of the authors of the alternative “community” TMCH model.
“It is a proven fact that the model we have proposed is more secure and, we believe, actually looks out much more in favor of protecting trademark holders,” he said.
He noted that the community model was created in a “truly bottom-up” way — the way ICANN is supposed to function.
NetChoice’s Steve DelBianco, in a rare show of solidarity between the Business Constituency and the registries, spoke to support Neuman and the centralized community model.
“The BC really supports a centralized Trademark Clearinghouse model, and that could include live query,” DelBianco said. “I’m disturbed by the notion that an executive decision took it off the table.”
“My question is, was that the same executive decision that brought us the TAS and its glitches?” he added. “Was it the same executive decision process that gave us Digital Archery that couldn’t shoot straight?”
Pritz pointed out the logical flaw in DelBianco’s argument.
“The group that brought you TAS and Digital Archery… you want to put that in the critical path for domain names?” he said. “Our job here is to protect trademark rights, not change the way we register domain names.”
But Neuman and DelBianco’s dismay was short-lived. Within a couple of hours, in the same room, Chehadé had told the GNSO Council, in a roundabout sort of way, that the live query model was not dead.
Chehadé’s full remarks are missing from the official transcript (pdf), and what remains is attributed to GNSO Council chair Stephane Van Gelder, but I’ve taken a transcript from my own recording:
The very first week I was on the job, I was presented with a folder — a very nice little folder — and little yellow thing that said “Sign Here”.
So I looked at what I’m signing, as I normally do, and I saw that moving forward with a lot of activities related to the Trademark Clearinghouse as really what I’m being asked to move forward with.
And I’ll be frank with you, my first reaction was: do all the people who will be affected by this agreement… did we hear them all about this before we sign this? Are they all part of the decision-making that led us here?
And the answer was muddled, it was “Yes… and…”. I said: No, I want to make sure that we use the time we have in Toronto make sure we listen to everybody to make sure before I commit any party — any party — to anything, that this party is very much part of the process and part of the solution.
I know I wasn’t the only person in the room to wonder if the anecdote described an incident in which an ICANN executive attempted to pull a fast one on his new, green boss.
A day later, after private discussion with ICANN board and staff, supporters of the community TMCH model told me they were very encouraged that the live query model was still in play.
The problem they still face, however, is that the Intellectual Property Constituency — ostensibly representing the key customers of the TMCH — is publicly still on the fence about which model it prefers.
Without backing from the IPC, any TMCH implementation model would run the risk of appearing to serve contracted parties’ cost and risk requirements at the expense of brand owners.
Getting the IPC to at least take a view will likely be Chehadé’s first priority when it comes to the TMCH.
Finding common ground on the Registrar Accreditation Agreement could be an even more complex task.
While the bulk of the work — integrating requests from certain law enforcement agencies and the Governmental Advisory Committee into the contract — has been completed, Whois remains a challenge.
European registrars claim, in the light of correspondence from a EU privacy watchdogs, that implementing ICANN’s demanded Whois data re-verification and retention rules would make them break the law.
Registrars elsewhere in the world are less than impressed with ICANN’s proposed ‘opt-out’ solution, which would essentially create a two-tier RAA and may, they say, have some impact on competition.
Privacy advocates in Toronto told ICANN that if certain governments (largely, I suspect, the US) want their own local registrars to retain and re-verify Whois data, they should pass laws to that effect, rather than asking ICANN to enforce the rule globally.
The GAC told ICANN’s board of directors last Tuesday that the privacy letters emerging from the EU did not represent the views of the European Commission or the GAC, and nothing more was said on the matter.
How ICANN reacts to the European letters now seems to be rest with ICANN’s executive negotiating team.
While everyone at ICANN 45 seemed to be super-impressed by Chehadé’s competence and vision for sorting out ICANN, the other recurring meme is that actions speak louder than words.
During his first 40 days in the job he managed to persuade India into an about-face on its support for an intergovernmental replacement for ICANN, an impressive feat.
Can he chalk up more early wins by helping resolve the TMCH and RAA deadlocks?
“There’s frankly universal agreement that if I participate personally in these activities I would help these activities come to hopefully a reasonably conclusion that we can bank on,” he said in the White interview.
GAC gives reprieve to four at-risk new gTLD bids
ICANN’s Governmental Advisory Committee has given four new gTLD applicants cause to breath a sigh of relief with its official advice following last week’s meeting in Toronto.
The last-minute reprieve comes in the form of a list of specially protected strings matching the names of intergovernmental organizations that is much shorter than previously demanded.
Led by a US proposal, the GAC has told ICANN to protect the name of any IGO that qualifies for a .int domain name.
As .int is the smallest, most restricted gTLD out there, it only has about 166 registrations currently. More IGOs are believed to qualify for the names but have not claimed them.
If ICANN eventually implements the GAC advice — which seems likely — these 166-plus strings could be placed on a second-level reserved list that all new gTLD registries would have to honor.
While some may object to such a move, it’s a much shorter list than requested by the United Nations and other agencies earlier this year.
In July, the UN and 38 other IGOs said that any name found on the so-called “6ter” list of Paris Convention organizations maintained by WIPO should be protected — over 1,100 strings in total.
The UN had also asked for protection at both top and second levels immediately, which would have killed off four paid-up applications.
Corporate Executive Board Company (.ceb), Platinum Registry Limited (.fit) Top Level Domain Holdings (.fit) and Dot Latin (.uno), all have applications for strings on the 6ter list.
Crucially, the Toronto GAC advice only asks for the names to be protected at the top level from the second round of new gTLD applications.
The Toronto communique states:
in the public interest, implementation of such protection at the second level must be accomplished prior to the delegation of any new gTLDs, and in future rounds of gTLDs, at the second and top level.
This means that applications for strings on the .int list are probably safe.
We ran a recent .int zone file against the DI PRO database of new gTLD applications and found three applications that would have been affected by a first-round prohibition on .int strings.
The two applications for .gdn (Guardian Media and Navigation Information Systems) and the one for .iwc (Richemont DNS) appear to be safe under the rules proposed by the GAC.
EU plays down “unlawful” Whois data worries
The European Commission yesterday gave short shrift to recent claims that ICANN’s proposed Whois data retention requirements would be “unlawful” in the EU.
A recent letter from the Article 29 Working Party — an EU data protection watchdog — had said that the next version of the Registrar Accreditation Agreement may force EU registrars to break the law.
The concerns were later echoed by the Council of Europe.
But the EC stressed at a session between the ICANN board of directors and Governmental Advisory Committee yesterday that Article 29 does not represent the official EU position.
That’s despite the fact that the Article 29 group is made up of privacy commissioners from each EU state.
Asked about the letter, the EC’s GAC representative said:
Just to put everyone at ease, this is a formal advisory group concerning EU data privacy protection.
…
They’re there to give advice and they themselves, and we as well, are very clear that they are independent of the European Union. That gives you an idea that this is not an EU position as such but the position of the advisory committee.
The session then quickly moved on to other matters, dismaying privacy advocates in the room.
Milton Mueller of the Internet Governance Project tweeted:
By telling ICANN that it can ignore Art 29 WG opinion on privacy, European commission is telling ICANN it can ignore their national DP [data privacy] laws
Registrars hopeful that the Article 29 letter would put another nail into the coffin of some of ICANN’s more unpalatable and costly RAA demands also expressed dismay.
ICANN’s current position, based on input from law enforcement and the GAC, is that the RAA should contain new more stringent requirements on Whois data retention and verification.
It proposes an opt-out process for registrars that believe these requirements would put them in violation of local law.
But registrars from outside the EU say this would create a two-tier RAA, which they find unacceptable.
With apparently no easy compromise in sight the RAA negotiations, originally slated to be wrapped up in the first half of this year, look set to continue for many weeks or months to come.
Council of Europe has Whois privacy concerns too
The Council of Europe has expressed concern about the privacy ramifications of ICANN’s proposed changes to Whois requirements in the Registrar Accreditation Agreement.
In a letter this week (pdf), the Bureau of the Consultative Committee of the Convention for the Protection of Individuals with regard to Personal Data (T-PD) said:
The Bureau of the T-PD took note of the position of the Article 29 Data Protection Working Parking in its comments of 26 September 2012 on the data protection impact of the revision of these arrangements concerning accuracy and data retention of the WHOIS data and fully shares the concern raised.
The Bureau of the T-PD is convinced of the importance of ensuring that appropriate consideration be given in the ICANN context to the relevant European and international privacy standards
The letter was sent in response to outreach from ICANN’s Non-Commercial Users Constituency.
The Article 29 letter referenced said that EU registrars risked breaking the law if they implemented ICANN’s proposed data retention requirements.
Earlier today, we reported on ICANN’s response, which proposes an opt-out for registrars based in the EU, but we noted that registrars elsewhere are unlikely to dig a two-tier RAA.
ICANN says EU registrars could be exempt from stringent new Whois rules
Registrars based in the European Union could be let off the hook when it comes to the Whois verification requirements currently under discussion at ICANN.
That’s according to ICANN CEO Fadi Chehade, who this week responded to privacy concerns expressed by the Article 29 Working Party, a EU-based quasi-governmental privacy watchdog.
The Working Party said last month that if ICANN forced EU registrars to re-verify customer data and store it for longer than necessary, they would risk breaking EU privacy law.
Those are two of the many amendments to the standard Registrar Accreditation Agreement that ICANN — at the request of governments and law enforcement — is currently pushing for.
In reply, Chehade noted that ICANN currently plans to give registrars an opt-out:
ICANN proposes to adapt the current ICANN Procedures for Handling Whois Conflicts with Privacy Law, to enable registrars to seek an exempton from these new RAA WHOIS and data protection obligations in the even that the obligations would cause registrars to violate their local laws and regulations.
He also said that the Governmental Advisory Committee has “endorsed” the provisions at question, and encouraged the Working Party to work via the GAC to have its views heard.
I understand that registrars based in the US and elsewhere would not respond favorably to what would essentially amount to a two-tier RAA.
Some of the RAA changes would have cost implications, so there’s an argument that to exempt some registrars and not others would create an un-level competitive playing field.
The Article 29 Working Party is an advisory body, independent of the European Union, comprising one representative from the data privacy watchdogs in each EU state.
Some GAC representatives said during the ICANN meeting in Prague this June that they had already factored privacy concerns into their support for the RAA talks.
It’s going to interesting to see how both registrars and the GAC react to the Article 29 developments at the Toronto meeting, which begins this weekend.
European privacy watchdog says ICANN’s Whois demands are “unlawful”
European Union privacy officials have told ICANN that it risks forcing registrars to break the law by placing “excessive” demands on Whois accuracy.
In a letter to ICANN yesterday, the Article 29 Working Party said that two key areas in the proposed next version of the Registrar Accreditation Agreement are problematic.
It’s bothered by ICANN’s attempt to make registrars retain data about their customers for up to two years after registration, and by the idea that registrars should re-verify contact data every year.
These were among the requests made by law enforcement, backed up by the Governmental Advisory Committee, that ICANN has been trying to negotiate into the RAA for almost a year.
The letter (pdf) reads:
The Working Party finds the proposed new requirement to re-verify both the telephone number and the e-mail address and publish these contact details in the publicly accessible WHOIS database excessive and therefore unlawful. Because ICANN is not addressing the root of the problem, the proposed solution is a disproportionate infringement of the right to protection of personal data.
The “root cause” points to a much deeper concern the Working Party has.
Whois was designed to help people find technical and operational contacts for domain names, it argues. Just because it has other uses — such as tracking down bad guys — that doesn’t excuse infringing on privacy.
The problem of inaccurate contact details in the WHOIS database cannot be solved without addressing the root of the problem: the unlimited public accessibility of private contact details in the WHOIS database.
It’s good news for registrars that were worried about the cost implications of implementing a new, more stringent RAA.
But it’s possible that ICANN will impose the new requirements anyway, giving European registrars an opt-out in order to comply with local laws.
The letter is potentially embarrassing for the GAC, which seemed to take offense at the Prague meeting this June when it was suggested that law enforcement’s recommendations were not being balanced with the views of privacy watchdogs.
During a June 26 session between the GAC and the ICANN board, Australia’s GAC rep said:
I don’t come here as an advocate for law enforcement only. I come here with an Australian government position, and the Australian government has privacy laws. So you can be sure that from a GAC point of view or certainly from my point of view that in my positions, those two issues have been balanced.
That view was echoed during the same session by the European Commission and the US and came across generally like a common GAC position.
The Article 29 Working Party is an advisory body set up by the EU in 1995. It’s independent of the Commission, but it comprises one representative from the data privacy watchdogs in each EU state.
Identity checks coming to Whois
Pretty soon, if you want to register a domain name in a gTLD you’ll have to verify your email address and/or phone number or risk having your domain turned off.
That’s the latest to come out of talks between registrars, ICANN, governments and law enforcement agencies, which met last week in Washington DC to thrash out a new Registrar Accreditation Agreement.
While a new draft RAA has not yet been published, ICANN has reported some significant breakthroughs since the Prague meeting in June.
Notably, the registrars have agreed for the first time to do some minimal registrant identity checks — phone number and/or email address — at the point of registration.
Verification of mailing addresses and other data points — feared by registrars for massively adding to the cost of registrations — appears to be no longer under discussion.
The registrars have also managed to win another concession: newly registered domain names will be able to go live before identities have been verified, rather than only after.
The sticking point is in the “and/or”. Registrars think they should be able to choose which check to carry out, while ICANN and law enforcement negotiators think they should do both.
According to a memo released for discussion by ICANN last night:
It is our current understanding that law enforcement representatives are willing to accept post-‐resolution verification of registrant Whois data, with a requirement to suspend the registration if verification is not successful within a specified time period. However, law enforcement recommends that if registrant Whois data is verified after the domain name resolves (as opposed to before), two points of data (a phone number and an email address) should be verified.
Among the other big changes is an agreement by registrars to an ICANN-run Whois privacy service accreditation system. Work is already underway on an accreditation framework.
After it launches, registrars will only be able to accept private registrations made via accredited privacy and proxy services.
Registrars have also agreed to some of law enforcement’s data retention demands, which has been a bone of contention due to worries about varying national privacy laws.
Under the new RAA, they would keep some registrant transaction data for six months after a domain is registered and other data for two years. It’s not yet clear which data falls into which category.
These and other issues outlined in ICANN’s latest update are expected to be talking points in Toronto next month.
It looks like a lot of progress has been made since Prague — no doubt helped by the fact that law enforcement has actually been at the table — and I’d be surprised if we don’t see a draft RAA by Beijing next April.
How long it takes to be adopted ICANN’s hundreds of accredited registrars is another matter.
Recent Comments