Community calls on ICANN to cut staff spending

ICANN should look internally to cut costs before swinging the scythe at the volunteer community.
That’s a key theme to emerge from many comments filed by the community last week on ICANN’s fiscal 2019 budget, which sees spending on staff increase even as revenue stagnates and cuts are made in other key areas.
ICANN said in January that it would have to cut $5 million from its budget for the year beginning July 1, 2018, largely due to a massive downwards revision in how many new gTLD domains it expects the industry to process.
At the same time, the organization said it will increase its payroll by $7.3 million, up to $76.8 million, with headcount swelling to 425 by the end of the fiscal year and staff receiving on average a 2% pay rise.
In comments filed on the budget, many community members questioned whether this growth can be justified.
Among the most diplomatic objections came from the GNSO Council, which said:

In principle, the GNSO Council believes that growth of staff numbers should only occur under explicit justification and replacements due to staff attrition should always occur with tight scrutiny; especially in times of stagnate funding levels.

The Council added that it is not convinced that the proposed budget funds the policy work it needs to do over the coming year.
The Registrars Stakeholder Group noted the increased headcount with concern and said:

Given the overall industry environment where organizations are being asked to do more with less, we are not convinced these additional positions are needed… The RrSG is not yet calling for cuts to ICANN Staff, we believe the organization should strive to maintain headcount at FY17 Actual year-end levels.

The RrSG shared the GNSO Council’s concern that policy work, ICANN’s raison d’etre, may suffer under the proposed budget.
The At-Large Advisory Committee said it “does not support the direction taken in this budget”, adding:

Specifically we see an increase in staff headcount and personnel costs while services to the community have been brutally cut. ICANN’s credibility rests upon the multistakeholder model, and cuts that jeopardize that model should not be made unless there are no alternatives and without due recognition of the impact.
…
Staff increases may well be justified, but we must do so we a real regard to costs and benefits, and these must be effectively communicated to the community

ALAC is concerned that the budget appears to cut funding to many projects that see ICANN reach out to, and fund participation by, non-industry potential community members.
Calling for “fiscal prudence”, the Intellectual Property Constituency said it “encourages ICANN to take a hard look at personnel costs and the use of outside professional services consultants.”
The IPC is also worried that ICANN may have underestimated the costs of its contractual compliance programs.
The Non-Commercial Stakeholders Group had some strong words:

The organisation’s headcount, and personnel costs, cannot continue to grow. We feel strongly that the proposal to grow headcount by 25 [Full-Time Employees] to 425 FTE in a year where revenue has stagnated cannot be justified.
…
With 73% of the overall budget now being spent on staff and professional services, there is an urgent need to see this spend decrease over time… there is a need to stop the growth in the size of the staff, and to review staff salaries, bonuses, and fringe benefits.

NCSG added that ICANN could perhaps reduce costs by relocating some positions from its high-cost Los Angeles headquarters to the “global south”, where the cost of living is more modest.
The ccNSO Strategic and Operational Planning Standing Committee was the only commentator, that I could find, to straight-up call for a freeze in staff pay rises. While also suggesting moving staff to less costly parts of the globe, it said:

The SOPC – as well as many other community stakeholders – seem to agree that ICANN staff are paid well enough, and sometimes even above market average. Considering the current DNS industry trends and forecasts, tougher action to further limit or even abolish the annual rise in compensation would send a strong positive signal to the community.

It’s been suggested that, when asked to find areas to cut, ICANN department heads prioritized retaining their own staff, which is why we’re seeing mainly cuts to community funding.
I’ve only summarized the comments filed by formal ICANN structures here. Other individuals and organizations filing comments in their own capacity expressed similar views.
I was unable to find a comment explicitly supporting increased staffing costs. Some groups, such as the Registries Stakeholder Group, did not address the issue directly.
While each commentator has their own reasons for wanting to protect the corner of the budget they tap into most often, it’s a rare moment when every segment of the community (commercial and non-commercial, domain industry and IP interests) seem to be on pretty much the same page on an issue.

Amazon’s .amazon gTLD may not be dead just yet

South American governments are discussing whether to reverse their collective objection to Amazon’s .amazon gTLD bid.
A meeting of the Governmental Advisory Committee at ICANN 61 in Puerto Rico yesterday heard that an analysis of Amazon’s proposal to protect sensitive names if it gets .amazon will be passed to governments for approval no later than mid-April.
Brazil’s GAC rep said that a working group of the Amazon Cooperation Treaty Organization is currently carrying out this analysis.
Amazon has offered the eight ACTO countries commitments including the protection of such as “rainforest.amazon” and actively supporting any future government-endorsed bids for .amazonas.
Its offer was apparently sweetened in some unspecified way recently, judging by Brazil’s comments.
ACTO countries, largely Brazil and Peru, currently object to .amazon on the grounds that it’s a clash with the English version of the name for the massive South American rain forest, river and basin region, known locally as Amazonas.
There’s no way to read the tea leaves on which way the governments will lean on Amazon’s latest proposal, and Peru’s GAC rep warned against reading too much into the fact that it’s being considered by the ACTO countries.
“I would like to stress the fact that we are not negotiating right now,” she told the GAC meeting. “We are simply analyzing a proposal… The word ‘progress’ by no means should be interpreted as favorable opinion towards the proposal, or a negative opinion. We are simply analyzing the proposal.”
ICANN’s board of directors has formally asked the GAC to give it more information about its original objection to .amazon, which basically killed off the application a few years ago, by the end of ICANN 61.
Currently, the GAC seems to be planning to say it has nothing to offer, though it may possibly highlight the existence of the ACTO talks, in its formal advice later this week.

ICANN mulls $68 million raid on auction war chest

ICANN wants to put away another $68 million for a rainy day and it’s considering raiding its new gTLD auction war chest in order to do so.
It’s also thinking about dipping into the pool of cash still left over from new gTLD application fees in order to bolster is “reserve fund” from its current level of $70 million to its target of $138 million.
But, as a relief to registrants, it appears to have ruled out steep fee increases, which had been floated as an option.
The reserve fund is basically a safety net that ICANN could use to keep the lights on in the event that revenue should suddenly plummet dramatically and unexpectedly.
If, for example, Verisign returned to its old antagonistic ways and refused to pay its .com fees for some reason, ICANN would lose about a third of its annual revenue but would be able to tap its reserve until the legal fisticuffs were resolved.
ICANN said in a discussion document (pdf) this week that it took $36 million from the reserve since 2014 in order to complete the IANA transition. Over the same period, its annual budget has swelled from about $85 million to $138 million and contributions back into the reserve have been minimal.
That’s left it with a meager $70 million squirreled away, $68 million shy of its longstanding target level of one year’s budget.
ICANN is now saying that it wants to replenish the fund in less than five years.
About $15 million of its target would come from cost-cutting its operations budget over the period.
It also wants to take at least $36 million from the new gTLD auction proceeds fund, which currently stands at $104 million (with another $132 million incoming should Verisign successfully obtain .web over the objections of rival bidders).
The remaining $17 million could come from “leftover” new gTLD application fees — that fund is currently about $80 million — or from more cost-cutting or more auction proceeds, or from a combination of the three.
A fourth option — increasing the per-transaction fees registrants are charged via their registries and registrars — appears to have been ruled out.
My back-of-the-envelope maths suggests that an annual per-transaction increase of about $0.07 would have been needed to raise $68 million over five years.
The proposal is open for public comment until April 25.

ICANN strikes back at “offensive” .gay bidder

ICANN has responded harshly to claims that a probe of its handling of applications for the .gay gTLD was fixed from the outset.
Writing to dotgay LLC lawyer Arif Ali this week, ICANN lawyer Kate Wallace said claims that the investigation “had a pre-determined outcome in mind” were “as offensive as they are baseless”.
FTI Consulting gave ICANN the all-clear in January, dismissing allegations that ICANN staff had interfered with Community Priority Evaluations of .gay and other gTLDs conducted by the Economist Intelligence Unit.
But dotgay quickly responded by calling the FTI report a “whitewash”, saying “a strong case could be made that the purported investigation was undertaken with a pre-determined outcome in mind.”
Now, in an unusually pointed letter (pdf) Wallace calls dotgay out for its “insulting” implications.

While dotgay LLC may have preferred a different evaluation process and may have desired a different outcome, that is not evidence that FTI undertook its investigation “with a pre-determined outcome in mind.”
Your accusations in this regard are as offensive as they are baseless. The Board initiated the CPE Process Review in its oversight role of the New gTLD Program to provide greater transparency into the CPE process. There was no pre-determined outcome in mind and FTI was never given any instruction that it was expected to come to one conclusion over another.
…
Your assertions that FTI would blatantly violate best investigative practices and compromise its integrity is insulting and without any support, and ICANN rejects them unequivocally.

Wallace works for ICANN outside counsel Jones Day — which contracted with FTI for the investigation — but states that she is writing at the behest of the ICANN board of directors.
The board “is in the process of considering the issues” raised by Ali and gay rights expert lawyer William Eskridge, she wrote.
The board’s agendas for next week’s ICANN 61 public meeting in Puerto Rico have not yet been published.
dotgay wants to avoid a costly (or lucrative) auction against other .gay applicants by gaining “community” status, but it failed its CPE in 2014, largely because its definition of “gay” over-stretches, and has been appealing the decision ever since.

Namecheap accuses GoDaddy of delaying transfers

GoDaddy broke ICANN rules and US competition law by delaying outbound domain transfers yesterday, and not for the first time, according to angry rival Namecheap.
March 6 was Namecheap’s annual Move Your Domain Day, a promotion under which it donates $1.50 to the Electronic Frontier Foundation for every inbound transfer from another registrar.
It’s a tradition the company opportunistically started back in 2011 specifically targeting GoDaddy’s support, later retracted, for the controversial Stop Online Piracy Act, SOPA.
But yesterday GoDaddy was delivering “incomplete Whois information”, which interrupted the automated transfer process and forced Namecheap to resort to manual verification, delaying transfers, Namecheap claims.
“First and foremost this practice is against ICANN rules and regulations. Secondly, we believe it violates ‘unfair competition’ laws,” the company said in a blog post.
Whois verification is a vital part of the transfer process, which is governed by ICANN’s binding Inter-Registrar Transfer Policy.
GoDaddy changed its Whois practices in January. As an anti-spam measure, it no longer publishes contact information, including email addresses vital to the transfer process, when records are accessed automatically over port 43.
However, GoDaddy VP James Bladel told us in January that this was not supposed to affect competing registrars, which have their IP addresses white-listed for port 43 access via a system coordinated by ICANN.
Did GoDaddy balls up its new restrictive Whois practices? Or can the blame be shared?
Namecheap also ran into problems with GoDaddy throttling port 43 on its first Move Your Domain Day in 2011, but DI published screenshots back then suggesting that the company had failed to white-list its IP addresses with ICANN.
This time, the company insists the white-list was not an issue, writing:

As many customers have recently complained of transfer issues, we suspect that GoDaddy is thwarting/throttling efforts to transfer domains away from them. Whether automated or not, this is unacceptable. In preparation for today, we had previously whitelisted IPs with GoDaddy so there would be no excuse for this poor business practice.

Namecheap concluded by saying that all transfers that have been initiated will eventually go through. It also asked affected would-be customers to complain to GoDaddy.
The number of transfers executed on Move Your Domain Day over the last several years appears to be well into six figures, probably amounting to seven figures of annual revenue.

Tech giants gunning for AlpNames over new gTLD “abuse”

A small group of large technology companies including Microsoft and Facebook have demanded that ICANN Compliance take a closer look at AlpNames, the budget registrar regularly singled out as a spammers’ favorite.
The ad hoc coalition, calling itself the Independent Compliance Working Party, wrote to ICANN last week to ask why the organization is not making better use of statistical data to bring compliance actions against the small number of companies that see the most abuse.
AlpNames, the Gibraltar-based registrar under common ownership with new gTLD portfolio registry Famous Four Media, is specifically singled out in the group’s letter.
The letter, sourcing the August 2017 Statistical Analysis of DNS Abuse in gTLDs (pdf), says there “is a clear problem with one particular contracted party”.
AlpNames was the registrar behind over half of the new gTLD domains blacklisted by SpamHaus over the study period, for example, the letter states.
The tiny territory of Gibraltar also frequently ranks unusually highly on abuse lists due to AlpNames presence there, the letter and report say.
The ICWP letter also says that the four gTLDs .win, .loan, .top, and .link were used by over three quarters of abusive domains over the SADAG study period.
The letter calls the abuse rates “troublesome” and says:

We are alarmed at the levels of DNS abuse among a few contracted parties, and would appreciate further information about how ICANN Compliance is using available data to proactively address the abusive activity amongst this subset of contracted parties in order to improve the situation before it further deteriorates.

It goes on to wonder whether high levels of unaddressed abuse could amount to violations of new gTLD Registry Agreements and Registrar Accreditation Agreements, and to ask whether there any barriers to ICANN Compliance pursuing breach claims against such potential violations.
The ICWP comprises Adobe, DomainTools, eBay, Facebook, Microsoft and Time Warner. It’s represented by Fabricio Vayra of Perkins Coie.
Other than the letter (pdf), the Independent Compliance Working Party does not appear to have any web presence, and a spokesperson has not yet responded to DI’s request for more information.
The SADAG report also singled out Chinese registrar Nanjing Imperiosus Technology Co, aka DomainersChoice.com, as having particularly egregious levels of abuse, but noted that this abuse disappeared after ICANN terminated its RAA last year.
AlpNames has not to date had any public breach notices issued against it, but this is certainly not the first time it’s been singled out for public censure.
In November last year, ICANN’s Competition, Consumer Trust, and Consumer Choice Review Team (CCT) named it in a report that claimed: “Certain registries and registrars appear to either positively encourage or at the very least willfully ignore DNS abuse.”
AlpNames seems to have been used often by abusers due to its bargain-basement, often sub-$1 prices — making disposable domains more cost effective — and its tool that allowed up to 2,000 domains to be registered simultaneously.
If not actively soliciting abusive behavior, these factors certainly don’t make abuse any more difficult.
But will ICANN Compliance take action in response to the criticism leveled by CCT and now ICWP?
The main problem with the ICWP letter, and the SADAG report it is based upon, is that the data it uses is now rather old.
The SADAG report sourced abuse databases only up to January 2017, a time when AlpNames’ total gTLD domains under management was at its peak of around three million names.
Since then, the company has been hemorrhaging DUM, losing hundreds of thousands of domains every month. At the end of November 2017, the most recent data compiled by DI shows that it was down to around 838,000 domains.
It’s quite possible that AlpNames’ customer base is no longer the den of abuse it once was, whether due to natural attrition or a proactive purge of bad actors.
A month ago, in a press release connected with a $5.4 million buy-out of an co-founder, AlpNames chairman Iain Roache said he has a “10-year strategic plan” to turn AlpNames into a “Tier-1” registrar and “bring the competition to the incumbents”.

Get drunk on Neustar’s tab and it will donate money to hurricane relief

Neustar has promised to donate thousands of dollars to a Puerto Rican hurricane relief charity, providng enough people show up to its open bar event in San Juan next week.
It’s fairly standard for domain companies of Neustar’s size to host free after-hours social events during ICANN meetings, but this time the company said it will donate $25 for each attendee to charity.
The beneficiary is the Puerto Rico Resistance Fund, operated by Americas for Conservation and the Arts, which is helping rebuild the island after Hurricane Maria hit it for six last September.
“We want to bring together the community, help spread awareness of the hardship and devastation in Puerto Rico, and make our community proud they are contributing in a small way financially,” Neustar VP Lori Anne Wardi told DI.
With the company telling me it expects 500 guests or more to the invitation-only event, expect a total donation topping $12,500.
The venue is the Antiguo Casino, which appears to be about a 10-minute taxi ride from the Puerto Rico Convention Center, at which the ICANN 61 public meeting is being held.
The event runs from 1900 to 2330 local time.
The official death toll in Puerto Rico from Maria was 64, but a New York Times analysis puts the number at closer to 1,000. Parts of the island, a US territory, are still suffering from infrastructure problems such as power outages.

Whois privacy will soon be free for most domains

Enormous changes are coming to Whois that could mark the end of Whois privacy services this year.
ICANN has proposed a new Whois model that would anonymize the majority of domain name registrants’ personal data by default, only giving access to the data to certain certified entities such as the police.
The model, published on Friday and now open for comment, could change in some of the finer details but is likely being implemented already at many registries and registrars.
Gone will be the days when a Whois lookup reveals the name, email address, physical address and phone number of the domain’s owner.
After the model is implemented, Whois users will instead merely see the registrant’s state/province and country, organization (if they have one) and an anonymized, forwarding email address or web form for contact purposes.
Essentially, most Whois records will look very much like those currently hiding behind paid-for proxy/privacy services.
Technical data such as the registrar (and their abuse contact), registration and expiry dates, status code, name servers and DNSSEC information would still be displayed.
Registrants would have the right to opt in to having their full record displayed in the public Whois.
Anyone wanting to view the full record would have to be certified in advance and have their credentials stored in a centralized clearinghouse operated by or for ICANN.
The Governmental Advisory Committee would have a big hand in deciding who gets to be certified, but it would at first include law enforcement and other governmental agencies.
This would likely be expanded in future to include the likes of security professionals and intellectual property lawyers (still no word from ICANN how the legitimate interests of the media or domain investors will be addressed) but there could be a window in which these groups are hamstrung by a lack of access to thick records.
The proposed model is ICANN’s attempt to bring Whois policy, which is enforced in its contracts with registries and registrars, into line with GDPR, the European Union’s General Data Protection Regulation, which kicks in fully in May.
The model would apply to all gTLD domains where there is some connection to the European Economic Area.
If the registrar, registry, registrant or a third party processor such as an escrow agent is based in the EEA, they will have to comply with the new Whois model.
Depending on how registrars implement the model in practice (they have the option to apply it to all domains everywhere) this means that the majority of the world’s 188 million gTLD domains will probably be affected.
While GDPR applies to only personal data about actual people (as opposed to legal persons such as companies), the ICANN model makes no such distinction. Even domains owned by legal entities would have their records anonymized.
The rationale for this lack of nuance is that even domains owned by companies may contain personal information — about employees, presumably — in their Whois records.
Domains in ccTLDs with EEA connections will not be bound to the ICANN model, but will rather have to adopt it voluntarily or come up with their own ways to become GDPR compliant.
The two largest European ccTLDs — .uk and Germany’s .de, which between them account for something like 28 million domains — last week separately outlined their plans.
Nominet said that from May 25 it will no longer publish the name or contact information of .uk registrants in public Whois without their explicit consent. DENIC said something similar too.
Here’s a table of what would be shown in public Whois, should the proposed ICANN model be implemented.
[table id=50 /]
The proposal is open for comment, with ICANN CEO Goran Marby requesting emailed input before the ICANN 61 public meeting kicks off in Puerto Rico this weekend.
With just a couple of months left before the law, with its huge fines, kicks in, expect GDPR to be THE hot topic at this meeting.

ICANN loses comms chief to Fannie Mae

ICANN’s top PR guy has quit for a job at Fannie Mae.
Duncan Burns, senior vice president of global communications and managing director of the Washington DC office, will leave the organization next month after the ICANN 61 meeting in Puerto Rico.
Burns has been leading comms at ICANN for five years. Last year, he also took over as ICANN’s lead DC lobbyist, a reduced role in the post-IANA-transition world.
He told DI that he’s going to be VP of external communications at Fannie Mae, the mortgage finance company.
ICANN said that while a permanent replacement is found his deputy Gwen Carlson will take over the comms role while Chris Mondini, VP of stakeholder engagement, will cover US government relations.
If anyone’s wondering how this affects ICANN’s current budget discussions, Burns received total compensation in excess of $415,000 in 2016, ICANN’s last-reported tax year.

Should ICANN cut free travel, or its own staff?

Is ICANN’s suddenly limited budget best spent on its staff wages or on flights and hotels for certain volunteers?
That’s the debate that’s been emerging in the ICANN community in the last few weeks since ICANN revealed it would have to make some “tough choices” in the face of lower than expected revenue from a stagnant domain industry.
Members of the ICANN Fellowship program have started a petition calling for the organization to look at its own staffing needs before cutting the number of Fellows it supports in half.
The petition is not signed (though I have a pretty good idea who started it) and at time of publication, it has 194 signatures.
The Fellowship program sees ICANN pay for the travel and lodging, along with a per diem allowance, of up to 60 community members at each of its three annual major meetings.
They’re usually ICANN newbies and generally from less-developed regions of the world.
But because ICANN is trying to cut $5 million from its fiscal 2019 budget it wants to reduce the number of supported Fellows down to 30 per meeting.
ICANN says (pdf) that the average cost to send a Fellow to a meeting is $3,348, which would work out at or $200,880 per meeting or $602,640 per year.
Cutting the program in half would presumably therefore save a tad over $300,000 a year.
It’s not nothing, but it’s chickenfeed in a budget penciled in at $138 million for FY19.
While Fellows are not the only people seeing budget cutbacks, the only one of five broad areas that will actually see growth in ICANN’s FY19 budget is staffing costs.
The organization said personnel spend will go up from $69.5 million to $76.8 million in its next fiscal year.
That’s based on the staff growing by 34 people in the fiscal year to June 30. Those people will then earn a full year’s wages in FY19, rather than the partial year they earned in FY18.
It also plans to increase headcount by four people in FY19, and to give employees an average of 2% pay rises (cut from 4%).
The end-of-year headcount would be 425. That means headcount will have doubled since about September 2013. It was at under 150 when the new gTLD program kicked off in 2012.
Does ICANN really need so many staff? It’s a question people have been asking since before headcount even broke into three digits (over 10 years ago).
The petition organizers wrote that ICANN could not only maintain but increase funding for Fellows by just lowering staffing levels by one or two people, adding:

Given that most of the fellows are from developing countries, the Fellowship Program is not only a learning platform for capacity building to empower volunteers with the skills needed to create a positive impact both within ICANN and in their home countries, but also it is practically the only way to overcome the insurmountable financial burden faced by individuals coming from world regions where even access to drinking water is problematic, not to mention access to computers and quality IT infrastructure that is taken for granted in developed countries.

There’s no denying that attending ICANN meetings can be a pricey undertaking. I come from the developed world and I’ve skipped a few for cost reasons.
But there’s no point ICANN splashing out its cash (which is after all a quasi-tax gathered ultimately from domain registrants) on a Fellowship program unless it knows what the ROI is.
Are the Fellows worth the money?
There’s a kind of running joke — that, disclosure alert, I participate in regularly — that Fellows are mainly good for being strong-armed into singing ICANN’s praises at the open-mic Public Forum sessions held at two of the three meetings each year.
But that’s probably not entirely fair. The program has supported some committed community members who are certainly not slackers.
There are two former Fellows — Léon Felipe Sanchez Ambia and Rafael Lito Ibarra — currently sitting on the ICANN board of directors, and at least one I know of on the GNSO Council.
There are also about 10 members of ICANN staff who were former fellows and ICANN has documented several more participants who are still active in formal roles in ICANN.
Would these people have gotten so involved with ICANN if that financial support had not been there for them originally? I don’t know.
ICANN has attempted in the past to put some hard numbers on the value of the program, and the results are perhaps not as encouraging as when one cherry-picks the success stories.
It conducted a survey last year (pdf) of all 602 former Fellows and managed to get a hold of 597 of them. It wanted to know whether they were still engaged in the ICANN community.
But only 53%, 317 people, even bothered to respond to the survey. Of those who did respond, 198 said they were still involved in the ICANN community.
Basically, of the 600 Fellows ICANN has subsidized to attend ICANN meetings over the last 10 years, just one third say they are still participating.
Is that a good hit rate?
Would it be worth firing a couple of ICANN staffers — or at least allowing a position or two to fall to attrition — in order to keep the Fellowship program funded at current levels?
I honestly have no strong opinion either way on this one, but I’d be interested to hear what you have to say.
No doubt ICANN is too. Its public comment period on the FY19 budget is still open.