Latest news of the domain name industry

Recent Posts

ICANN teases prices for private Whois lookups

Kevin Murphy, November 4, 2021, Domain Policy

ICANN has started to put some flesh on the bones of the forthcoming (?) SSAD system for accessing private Whois records, including teasing some baseline pricing.

During a session at ICANN 72 last week, staffers said responses to recent requests for information put the cost of having an identity verified as an SSAD user at about $10 to $20.

Those are vendor wholesale prices, however, covering the cost of looking at a government-issue ID and making sure it’s legit, and do not include the extra administration and cost-recovery charges that ICANN plans to place on top.

The verification fee would have to be renewed every two years under ICANN’s proposal, though the verification vendors are apparently pushing for annual renewals.

The fee also would not include the likely per-query charge that users will have to pay to request the true personal data behind a redacted Whois record.

It’s not currently anticipated that any money would flow to registrars, CEO Göran Marby said.

SSAD, the Standardized System for Access and Disclosure, is currently undergoing Operational Design Phase work in ICANN, with monthly webinar updates for the community.

ICANN expects to reveal more pricing details on the December webinar, staffers said.

ICANN adds another six months to Whois reform roadmap

Kevin Murphy, November 4, 2021, Domain Policy

ICANN says that its preparatory work for possible Whois reforms will take another six months.

The Operational Design Phase for the System for Standardized Access and Disclosure will now conclude “by the end of February 2022”, ICANN said this week.

That’s after the Org missed its original September deadline after six months of work.

ICANN program manager Diana Middleton said at ICANN 72 last week that ODP had been delayed by various factors including surveys taking longer than expected and throwing up more questions than they answered.

A survey of Governmental Advisory Committee members due September 17 was extended until the end of October.

But she added that ICANN intends to throw its first draft of the output — an Operational Design Assessment — at its technical writers by the end of the month, with a document going before the board of directors in early February.

SSAD is the proposed system that would funnel requests for private Whois data through ICANN, with a new veneer of red tape for those wishing to access such data.

The ODP is ICANN’s brand-new process for deciding how it could be implemented, how much it would cost, and indeed whether it’s worthwhile implementing it at all.

It’s also being used to prepare for the next round of new gTLDs, with a 13-month initial deadline.

The longer the current ODP runs, the greater the cost to the eventual SSAD user.

Whois rule changes that nobody likes get approved anyway

Kevin Murphy, November 3, 2021, Domain Services

ICANN’s Generic Names Supporting Organization Council has approved a handful of changes to Whois policy, despite the fact that pretty much nobody was fully on-board with the proposals and how they were made.

The new recommendations call for a new field in Whois records to flag up whether the registrant is a private individual, whose privacy is protected by law, or a legal entity like a company, which have no privacy rights.

But the field will be optional, with no obligation for registries or registrars to use it in their Whois services, which has angered intellectual property interests, governments and others.

The working group that came up with the recommendations also declined to find that Whois records should come with an anonymized registrant email address as standard. This absence of change was also adopted by the Council, causing more disappointment.

In short, nothing much is happening to Whois records for the foreseeable future as a result of these policy changes.

But the process to arrive at this conclusion has highlighted not just the deep divisions in the ICANN community but also, some argue, deficiencies in the ICANN process itself.

The Expedited Policy Development Process working group that has since 2018 been looking at the interaction between Whois and privacy protection law, primarily the European Union’s General Data Protection Regulation, had been asked two final questions earlier this year, to wrap up its long-running work.

First, should registrars and registries be forced to distinguish between legal and natural persons when deciding what data to publish in Whois?

Second, should there be a registrant-based or registration-based anonymized email published in Whois to help people contact domain owners and/or correlate ownership across records?

The answer on both counts was that it’s up to the registry or registrar to decide.

On legal versus natural, the EPDP decided that ICANN should work with the technical community to create a new field in the Whois standard (RDAP), but that there should be no obligation for the industry to use it.

On anonymized email addresses, the working group recommendations were even hand-wavier — they merely refer the industry to some legal advice on how to implement such a system in a GDPR-compliant way.

While this phase of the EPDP’s work was super-fast by ICANN standards (taking about nine months) and piss-weak with its output, it nevertheless attracted a whole lot of dissent.

While its tasks appeared straightforward to outsiders, it nevertheless appears to have inherited the simmering tensions and entrenched positions of earlier phases and turned out to be one of the most divisive and fractious working groups in the modern ICANN period.

Almost every group involved in the work submitted a minority statement expressing either their displeasure with the outcome, or with the process used to arrive at it, or both. Even some of the largely positive statements reek of sarcasm and resentment.

EPDP chair Keith Drazek went to the extent of saying that the minority statements should be read as part and parcel of the group’s Final Report, saying “some groups felt that the work did not go as far as needed, or did not include sufficient detail, while other groups felt that certain recommendations were not appropriate or necessary”.

This Final Report constitutes a compromise that is the maximum that could be achieved by the group at this time under our currently allocated time and scope, and it should not be read as delivering results that were fully satisfactory to everyone.

The appears to be an understatement.

The Intellectual Property Constituency and Business Constituency were both the angriest, as you might expect. They wanted to be able to get more data on legal persons, and to be able to reverse-engineer domain portfolios using anonymous registrant-baed email addresses, and they won’t be able to do either.

The Governmental Advisory Committee and Security and Stability Advisory Committee both expressed positions in line with the IPC/BC, dismayed that no enforceable contract language will emerge from this process.

Councilor Marie Pattullo of the BC said during the GNSO Council vote last Wednesday that the work “exceeds what is necessary to protect registrant data” and that the EPDP failed to “preserve the WHOIS database to the greatest extent possible”.

The “optional differentiation between legal and natural persons is inadequate”, she said, resulting in “a significant number of records being needlessly redacted or otherwise being made unavailable”. The approved policies contain “no real policy and places no enforceable obligations on contracted parties”, she said.

IPC councilor John McElwaine called the EPDP “unfinished work” because the working group failed to reach a consensus on the legal/natural question. The IPC minority statement had said:

Requiring ICANN to coordinate the technical community in the creation of a data element which contracted parties are free to ignore altogether falls far short of “resolving” the legal vs. natural issue. And failing to require differentiation of personal and non-personal data fails to meet the overarching goal of the EPDP to “preserve the WHOIS database to the greatest extent possible” while complying with privacy law.

But McElwaine conceded that “a minority of IPC members did favor these outputs as being minor, incremental changes that are better than nothing”.

The BC and IPC both voted against the proposals, but that was not enough to kill them. They would have needed support from at least one councilor on the the other side of the GNSO’s Non-Contracted Parties House, the Non-Commercial Stakeholders Group, and that hand was not raised.

While the NCSG voted “aye”, and seemed generally fine with the outcome, it wasn’t happy with the process, and had some stern words for its opponents. It said in its minority statement:

The process for this EPDP has been unnecessarily long and painful, however, and does not reflect an appreciation for ICANN’s responsibility to comply with data protection law but rather the difficulty in getting many stakeholders to embrace the concept of respect for registrants’ rights…

With respect to the precise issues addressed in this report, we have stressed throughout this EPDP, and in a previous PDP on privacy proxy services, that the distinction between legal and natural is not a useful distinction to make, when deciding about the need to protect data in the RDS. It was, as we have reiterated many times, the wrong question to ask, because many workers employed by a legal person or company have privacy rights with respect to the disclosure of their personal information and contact data. The legal person does not have privacy rights, but people do.

While welcoming the result, the Registrars Stakeholder Group had similar concerns about the process, accusing its opponents of trying to impose additional legal risks on contracted parties. Its minority statement says:

it is disappointing that achieving this result was the product of significant struggle. Throughout the work on this Phase, the WG revisited issues repeatedly without adding anything substantially new to the discussion, and discussed topics which were out of scope. Perhaps most importantly, the WG was on many occasions uninterested in or unconcerned with the legal and financial risks that some proposed obligations would create for contracted parties in varying jurisdictions or of differing business models, or the risks to registrants themselves.

The Registries Stakeholder Group drilled down even more on the “out of scope” issue, saying the recommendation to create a new legal vs natural field in Whois went beyond what the working group had been tasked with.

They disagreed with, and indeed challenged, Drazek’s decision that the discussion was in-scope, but reluctantly went ahead and voted on the proposals in Council in order to finally draw a line under the whole issue.

The question of whether the legal vs natural question has been in fact been resolved seems to be an ongoing point of conflict, with the RySG, RrSG and NCSG saying it’s finally time to put the matter to bed and the IPC and BC insisting that consensus has not yet been reached.

The RySG wrote that it is “well past time to consider the issue closed” and that the EPDP had produced a “valuable and acceptable outcome”, adding:

The RySG is concerned that some have suggested this issue is not resolved. This question has been discussed in three separate phases of the EPDP and the result each time has been that Contracted Parties may differentiate but are not required to do so. This clearly demonstrates that this matter has been addressed appropriately and consistently. A perception that this work is somehow unresolved could be detrimental to the ICANN community and seen as undermining the effectiveness of the multistakeholder model.

Conversely, the BC said the report “represents an unfortunate failure of the multistakeholder process” adding that “we believe the record should state that consensus opinion did not and still does not exist”.

The IPC noted “a troubling trend in multistakeholder policy development”, saying in a clear swipe at the contracted parties that “little success is possible when some stakeholders are only willing to act exclusively in their own interests with little regard for compromise in the interest of the greater good.”

So, depending on who you believe, either the multistakeholder process is captured and controlled by intransigent contracted parties, or it’s unduly influenced by those who want to go ultra vires to interfere with the business of selling domains in order to violate registrant privacy.

And in either case the multistakeholder model is at risk — either “agree to disagree” counts as a consensus position, or it’s an invitation for an infinite series of future policy debates.

Business as usual at the GNSO, in other words.

ICANN 72 has lowest turnout since records began

Kevin Murphy, November 1, 2021, Domain Policy

Last week’s public ICANN meeting saw the fewest attendees since the Org started compiling and publishing statistics over five years ago.

According to a new blog post from meetings veep Nick Tomasso, there were 1,305 attendees at ICANN 72, which was the sixth consecutive public meeting to take place on Zoom due to the pandemic.

That’s smaller than the 1,330 who showed up virtually for the mid-year meeting, which typically have fewer attendees than the end-of-year AGM.

In fact, it’s the lowest number of documented attendees since ICANN first started regularly publishing the stats, with ICANN 55 in March 2016. That meeting was in Morocco, was hit by fears of terrorism, and still managed 2,273 attendees.

Even the 2017 meeting in Johannesburg, a long-haul flight for most ICANNers, attracted more people.

Last week’s meeting took place on Seattle time. This was fine for ICANN’s west coast staff, but meant sessions kicked off towards the end of business hours in Europe and in the middle of the night in east Asia.

But Tomasso reports that 22.1% of “real time” attendees were from Asia-Pac, with 20.8% coming from Europe. North Americans accounted for 35% of participants.

Participating in ICANN 72 was free, only requiring an account on ICANN’s web site. But there were no free flights or hotels, and the only thing in the virtual schwag bag was an origami fish or something.

ICANN boss warns over existential “threat” from Russia

Kevin Murphy, October 27, 2021, Domain Policy

The Cthulian threat of an intergovernmental takeover of ICANN has reared its head again, but this time a resurgent, interventionist Russia is behind it and ICANN’s CEO is worried.

Speaking at ICANN 72, the Org’s virtual annual general meeting this week, Göran Marby highlighted recent moves by Russia in the UN-backed International Telecommunications Union as a “threat” to ICANN’s existence and the current internet governance status quo in general.

Speaking at a constituency meeting on Monday, Marby said:

We see a threat to the multistakeholder model and ICANN’s role in the Internet ecosystem. And anyone in this call are well aware about this threat: Russia in their attempt to be the next secretary-general of the ITU. Their platform is about having a government running not only ICANN but also the RIRs, the IETF and the root server system.

Marby is referring to two things here: Russia’s month-old policy document calling for the exploration of ways to centralize control over many of the internet’s functions under governments, and its attempt to have one of its former ministers installed as the next head of the ITU at next year’s election.

Secretary-general Houlin Zhao’s second and last four-year term is up next year, and Russia is aggressively promoting its own Rashid Ismailov as his successor. American ITU lifer Doreen Bogdan-Martin is considered the main competition and equally aggressively promoted by the US government.

Marby’s clearly concerned that a Russian secretary-general would give more weight to Russia’s current position on internet governance, which is very much about reducing US influence, doing away with ICANN, and bringing internet infrastructure under intergovernmental control.

At a separate session on Tuesday, Marby referred to this state of affairs as a “threat against the interoperability of the internet, not only ICANN as an institution”.

Such threats from the ITU are certainly nothing new — I’ve been reporting on them for almost as long as I’ve been covering ICANN — but Marby seems to think it’s different this time. He said during the ICANN 72 session:

Some of you would say: oh, we heard that before. But this time I would say it’s a little bit different because I think that some of the positions we see there are more mainstream than they were only five years ago.

Russian-born cybersecurity policy expert Tatiana Tropina concurred, calling Marby’s concerns “very valid” and telling the same ICANN session:

The points Russia makes at the ITU are scary because they can speak to many governments. They are quite moderate — or, rather, midstream — now, but they do refer to issues of power and control.

Russia’s positions were spelled out in a recent ITU policy document, a “risk analysis of the existing internet governance and operational model”.

According to Russia, ICANN poses a risk because it’s based in the US and therefore subject to the US judicial and legislative systems, as well as the Office of Foreign Assets Control, which restricts American companies’ ability to deal with organizations or states deemed to support “terrorism” and is unpopular in the Middle East:

Critical infrastructure operators/ organizations (ICANN, PTI, RIRs, etc.) may be forced to comply with sanctions of a national administration under which jurisdiction they are located. A number of operational organizations performing supranational functions in the Internet governance are registered in the USA, and they must comply with all laws, rules and regulations of the US judicial authorities as well as of the Office of Foreign Assets Control (OFAC)

It also thinks there’s a risk of the current model favoring big business over the public interest, harming “the preservation of national and cultural heritage, identity of the territory and language”, and it points to ICANN’s decision to award the .amazon gTLD to Amazon over the objections of the eight governments of the Amazonia region.

It’s also worried about the hypothetical ability of ICANN to disconnect ccTLDs from the rest of the world, due to its influence over the DNS root server system, perhaps at the demand or request of the US government.

You can download the Russian document, which covers a broader range of issues, from here as a Word file, but be warned: if you’re not using Microsoft software you may not be able to open it. Because interoperability, yeah?

Big dose of reality for gTLD-hungry dot-brand applicants

Kevin Murphy, October 26, 2021, Domain Policy

Anyone tuning into yesterday’s Brand Registry Group session at ICANN 72 expecting good news about new gTLDs was in for a reality check, with a generally gloomy outlook on display.

BRG members expressed frustration that ICANN continues to drag its feet on the next application round, failing to provide anywhere near the degree of certainty applicants in large organizations need.

Meanwhile, a former ICANN director clashed with GoDaddy’s chief new gTLD evangelist on whether the 2012 round could be considered a success and whether there really is a lot of demand for the next round.

The BRG has arguably been the most vocal group in the community when it comes for calling for ICANN to stop messing around and approve the next round already, so members are naturally not enthused about the recent approval of an Operational Design Phase, a new layer of bureaucracy expected to add at least 13 months to the next-round runway.

Deborah Atta-Fynn, a VP at current and prospective future dot-brand owner JP Morgan Chase, expressed frustration with ICANN’s inability to put a date on the next round, or even confirm it will be approved, saying that it’s tough to get departmental buy-in for a project with undefined timing and which may never even happen.

Would-be dot-brands “need that clarity, and they need that definitive timeline” she said.

“In the same way that ICANN has to ramp up, we need to ramp up,” she said. “We have to get internal stakeholders from legal and marketing and whatever other groups may be involved to buy into it. They need to see the value, they need to see the use cases.”

“That open-endedness of the timeline makes it very difficult for us to get that stakeholder buy-in that we need. It makes it difficult for us to do any definitive planning,” she said.

Nigel Hickson, now the UK’s Governmental Advisory Committee representative and a civil servant but a senior ICANN staffer at the time of the 2012 round, concurred with the need for firmer timeline.

“It’s very difficult to tell ministers that something is going to happen, and then it doesn’t happen for a couple of years, because basically they lose interest,” he said. “Having some predictability in this process is very important.”

But probably the most compelling interventions during yesterday’s session came from former ICANN director Mike Silber, a new gTLD skeptic who abstained from the 2011 vote approving the program, and new gTLD evangelist Tony Kirsch, now with GoDaddy Registry after years with Neustar.

Silber had some stern words for ICANN of 2011, and for the two CEOs preceding Goran Marby, and indicated that he was an admirer of the policy work done by the New gTLD Subsequent Procedures working group (SubPro) and a supporter of a thorough ODP.

Silber started by taking a pop at former ICANN directors and staffers who he said pushed the program through “for their own personal benefit or ego boost or whatever”, then left the Org to let others “clean up the mess they created by rushing”. He didn’t name them, but I can think of at least three people he might have been talking about, including ICANN’s then-chair and then-CEO.

“This time it doesn’t look like a rush,” he said.

He went on to say that he expects the next application round to be a different animal to 2012, with less speculation and a more realistic approach to what new gTLDs can achieve.

“If you look at the number of applications and look at the number of TLDs actually launched and the number of TLDs that have actually been successful, I think that he hype that existed in 2012 is not there any longer,” he said.

“I think people are going to look long and hard before submitting an application,” Silber said. “These weird and wonderful applications for these weird and wonderful TLDs, by people who thought they would make a fortune, are vaporware.”

“I think applicants now are more serious, and I think there’s going to be a lot less speculation,” he said.

This hype-reduction takes the pressure of ICANN to quickly approve the next round, he said.

Counterpoint was provided by GoDaddy’s Kirsch, a long-time cheerleader for new gTLDs and in particular dot-brands. He’s not a fan of the ODP and the delay it represents.

Kirsch said that new gTLD advocates are reflecting the fact that there’s demand for both top-level and second-level domains out there.

“If there is no customer base, if there is no demand, then there is no revenue base,” he said.

He pointed to data showing that, while there are only 26 million new gTLD domains registered today, there have been 136 million registered over the lifetime of the 2012 round to date (about seven years).

While agreeing that the next round might see less wild top-level speculation, and that the industry has “matured”, Kirsch suggested there might actually be more applications for generic dictionary TLDs next time, but with a better understanding of the marketing commitment needed to make them succeed.

“I’m working with people right now who are doing that with a far greater business plan underneath it, and an understanding that if they don’t have that they won’t succeed with a generic term in the new world,” he said.

Silber dismissed the 136 million number as “indicative of speculation”, which Kirsch did not try very hard to dispute, and expressed skepticism about the level of demand at the top level.

“I find it quite amusing that people say there’s real demand, but then they need a target date to actually drive demand and it makes me worry that maybe the demand’s not quite as real as they think it is,” he said.

Atta-Fynn, Kirsch and session chair Martin Sutton challenged this.

“I think that the the idea that we need to target date to drive demand is incorrect,” Kirsch said. “I think we need a target date to convert interest into demand.”

“It is incumbent on ICANN to make sure that it provides a robust and visible plan for applicants to buy into this, because I think everyone’s watching and we’ve had enough time. It’s time to turn this into a into a real program that that benefits all internet users around the world,” he said.

Most registrars did NOT “fail” abuse audit, ICANN says

Kevin Murphy, October 15, 2021, Domain Registrars

Most registrars did not “fail” a recent abuse audit, despite what I wrote in my original coverage, according to ICANN.

“Referring to a certain blog, none of the registrars failed the audit,” ICANN senior audit manager Yan Agranonik said during a session of ICANN 72’s Prep Week last night.

He’s talking about ME! He’s talking about ME!

“Failure would mean that there’s an irreparable finding of deficiency that can not be corrected timely or it just goes against the registrar’s business model,” Agranonik said.

An accompanying presentation reads:

None of the registrars “failed” the audit. “Failure” means that the auditee did not acknowledge/remediate identified violations of the RAA or their business practices are not compatible with RAA.

At the risk of prolonging a tedious semantic debate, what I reported in August, when the results of the audit were announced, was: “The large majority of accredited registrars failed an abuse-related audit at the first pass, according to ICANN.”

A bunch of registrar employees, and now apparently ICANN’s own head auditor, disagreed with my characterization.

ICANN had issued a press release stating that of 126 audited registrars, it had identified 111 “that were not fully compliant with the RAA’s requirements related to the receiving and handling of DNS abuse reports.”

To me, if ICANN checks whether you’re doing a thing you should be doing and you’re not doing the thing, that’s a fail.

But to ICANN, if ICANN checks whether you’re doing a thing you should be doing and you’re not doing the thing, and it tells you you’re not doing the thing you should be doing, so you start doing the thing, that’s not a fail.

I think reasonable people could disagree on the definitions here.

But I did write that the registrars “failed… according to ICANN”, and that appears to be inaccurate, so I’m happy to correct the record today.

I’m not kidding, ICANN is flirting with banning jokes

Kevin Murphy, October 6, 2021, Domain Policy

ICANN has come a long way since 2005 or thereabouts, when, at a public meeting, I made deputy general counsel Dan Halloran laugh so hard he vomited out of his nose.

Now, the increasingly po-faced Org has crawled so far up its own arse that it’s openly talking about banning — or at the very least discouraging — humor and lightheartedness during its thrice-annual get-togethers.

Ombudsman Herb Waye today blogged up his traditional pre-meeting reminder about the Expected Standards of Behavior, ahead of this month’s ICANN 72 AGM, which is taking place virtually.

There’s nothing wrong with this — the ESOB is merely a form of institutionalized politeness — but it’s being embellished this time around with a warning not to joke around in the Zoom chat rooms.

Waye wrote:

the intention of a comment can be difficult to ascertain without the benefit of vocal tone and body language. What was intended as a joke or light-hearted observation online to a group can unintentionally make the subject of the comment feel unfairly targeted.

I consulted with the ICANN community and organization (org) leadership for thoughts on how to promote a respectful virtual environment while also supporting the spirit of open dialogue that drives ICANN. I am grateful for their input. To ensure our Zoom sessions are engaging, inclusive, and productive, please remember these tips:

  • To avoid confusion and to respect the session’s planned agenda, please keep your interventions in the public chat on the topic that is being discussed.
  • Use private messages for off-topic comments.
  • Before commenting or adding a joke, please remember the cultural diversity of the ICANN community and consider how your comment could be perceived.

Remember, ICANN meetings are designed to be soul-crushingly dull, and attended only by sensitive North American children, so let’s keep them that way.

ICANN cuts the weekend from next public meeting

Kevin Murphy, August 24, 2021, Domain Policy

ICANN has changed the dates for ICANN 72, its 2021 annual general meeting, making it two days shorter.

The old plan was for the meeting to run October 23-28. Now it will be October 25-28.

Basically, this means nobody will have to work at the weekend. October 23 is a Saturday.

The presumably truncated schedule will be published October 4.

ICANN said it made the decision “to support better working hours for attendees and encourage greater participation”.

ICANN 72 came close to having an in-person component in Seattle, but the board of directors decided last month to stick to Zoom due to ongoing pandemic uncertainties.

ICANN 73 will be “virtual first”

Kevin Murphy, August 6, 2021, Domain Policy

ICANN’s public meeting next March will prioritize online participation, according to chair Maarten Botterman.

Botterman told members of the APAC Space community group this week that ICANN 73 will have “a meaningful ‘virtual first’ hybrid format to support the community’s ongoing priorities, policy advice, and development work”.

APAC Space, you will recall, had written to ICANN to protest the possibility of this October’s ICANN 72 meeting moving to a hybrid model with an in-person component that most Asia-Pacific community members would not be able to take advantage of due to ongoing pandemic-related travel restrictions.

But the ICANN board, in part due to these concerns, decided to keep 72 online-only rather than showing up in Seattle in person, while stating an intention to go hybrid for 73 if “feasible”.

ICANN 73 is due to take place in Puerto Rico, part of the North America region, next March. As a US territory, the venue will be easier to attend for Americans.

Indeed, APAC Space is skeptical about its members ability to attend 73 in person also.

Botterman addressed this, saying:

We appreciate you have similar concerns about holding a hybrid meeting for ICANN73. At this time, relevant experts have a higher level of confidence that the global pandemic situation, in particular vaccination and infection rates, will be much improved by early 2022. While we will continue to closely monitor the situation, our intentions are to hold ICANN73 as a hybrid meeting with an in-person component if it is feasible to do so.

The five online-only meetings ICANN has held since the pandemic hit are generally regarded as being pretty good as far as Zoom meetings go, but there can be no replacement for the corridor conversations, cocktail events and private dinners that face-to-face meetings permit.

Even the ICANN board of directors is affected — due to the annual turnover, some members haven’t even met each other face-to-face in a board context.